Glenn S Benson

US Patent:

7082538, Jul 25, 2006

Filed:

Oct 3, 2001

Appl. No.:

09/970147

Inventors:

Thaddeus Bouchard - Andover MA, US
Glenn Benson - Newton MA, US

Assignee:

Omtool, Ltd. - Andover MA

International Classification:

H04L 9/00
H04L 9/30

US Classification:

713181, 380277, 380293

Abstract:

The secure messaging system of the invention encrypts an electronic document using a symmetric key and transmits the encrypted document and related message parameters to a recipient whose identity is then authenticated by a web server. The web server dynamically regenerates the symmetric key from a hidden key and from the message parameters accompanying the encrypted document, and thus avoids having to maintain a central repository of encrypted documents as required by typical “post and pick-up” encrypted messaging systems. Further, an audit trail produced while practicing the invention provides timestamped message digest data for a plurality of time intervals, where the message digests for adjacent time intervals are computationally linked together. The audit trail effectively enables timestamped message digest data to verify not only the existence of a document during a first time interval, but also to verify the existence of documents encountered in a prior time interval.

US Patent:

8190893, May 29, 2012

Filed:

Jul 1, 2004

Appl. No.:

10/882527

Inventors:

Glenn Stuart Benson - Newton MA, US
Joseph R. Calaceto - Ridgewood NJ, US
Russell M. Logar - Breezy Point NY, US

Assignee:

JP Morgan Chase Bank - New York NY

International Classification:

H04L 9/32
H04L 29/06
G06F 21/00
G06F 7/04
G06F 15/16
G06F 17/30

US Classification:

713170, 713168, 713172, 713181, 726 2, 726 9, 726 20, 726 21, 726 27, 726 28, 726 29, 726 30

Abstract:

A technique for providing message authenticity includes accepting transaction information, accepting a first data item used for authenticating an originating user, cryptographically processing the transaction information using only a second data item, wherein the entropy of the first data item is less than the entropy of the second data item, and authenticating the originating user using the first data item. The first data item can be a sequence of digits corresponding to those displayed on an external device, such as, for example, an RSA authorization token, credit card, etc. In general, the first data item will be a short alphanumeric string and the second data item will generally be much larger, e. g. , a 128 bit sequence to be used principally for data authentication. According to another aspect of the present invention, consequential evidence of the transaction may be secured to provide after-the-fact evidence of the transaction.

US Patent:

8583926, Nov 12, 2013

Filed:

Apr 26, 2006

Appl. No.:

11/411576

Inventors:

Glenn S. Benson - Newton MA, US

Assignee:

JPMorgan Chase Bank, N.A. - New York NY

International Classification:

H04L 9/32

US Classification:

713169, 726 5, 726 19

Abstract:

Embodiments of the invention are directed to a method for providing security against phishing attacks. The method can include receiving a login ID from a client, and providing an encrypted commitment to the client. The method can also include receiving a one-time password (OTP) from the client, and validating the OTP. The method can also include sending a commitment key, to be authenticated by the client, receiving a static password from the client and authenticating the client. Embodiments of the invention are directed to a system for providing security against phishing attacks. The system can include one or more servers configured to receive a login ID from a client, and provide an encrypted commitment to the client. The processors can be configured to receive a one-time password (OTP) from the client, validate the OTP, send a commitment key, to be authenticated by the client, receive a static password from the client and authenticate the client.

US Patent:

20060190723, Aug 24, 2006

Filed:

Aug 18, 2005

Appl. No.:

11/206352

Inventors:

Glenn Benson - Newton MA, US

Assignee:

JP Morgan Chase Bank - New York NY

International Classification:

H04L 9/00

US Classification:

713165000

Abstract:

A method for providing file transfer security includes receiving an authentication file including a first key and authentication information, extracting the first key from the authentication file, decrypting the authentication information with the first key, and validating the authentication information. The authentication information is encrypted, and may include a nonce, a timestamp, and/or a second key. A system for providing file transfer security includes a DMZ proxy programmed and configured to receive an authentication file from a client including authentication information. The DMZ proxy extracts a first key from the authentication file, decrypts the authentication information with the first key, and validates the authentication information.

US Patent:

20100332399, Dec 30, 2010

Filed:

Jun 29, 2010

Appl. No.:

12/826311

Inventors:

Glenn Benson - Newton MA, US
Sean Croston - Andover MA, US

International Classification:

G06Q 40/00
H04L 9/28
H04L 9/32

US Classification:

705 71, 705 44

Abstract:

A system and method for implementing an interoperable credential management protocol for processing online transactions. The protocol, referred to as the Partner Key Management (PKM) protocol provides an improved alternative to traditional public key, infrastructure (PKI), particularly for use in high-value commercial transactions which require additional controls on the use of credentials for authentication and authorization. According to the PKM protocol, a user may take advantage of credential interoperability by using the same credential at a plurality of different financial institutions for authentication or digital signatures. Additionally, the credential interoperability achieved according to the PKM protocol allows the user to employ the same credential at a plurality of financial institutions for the purpose of digital or electronic signatures.

US Patent:

20120131331, May 24, 2012

Filed:

Jun 24, 2011

Appl. No.:

13/168148

Inventors:

Glenn BENSON - Newton MA, US

Assignee:

JPMorgan Chase Bank - New York NY

International Classification:

H04L 9/32
H04L 29/06

US Classification:

713155

Abstract:

Systems and methods for end-to-end encryption are disclosed. According to one embodiment, a method for device registration includes (1) an application executed by a computer processor receiving a user password from a user; (2) using the computer processor, the application combining the user password and a password extension; (3) using the computer processor, the application cryptographically processing the combined user password and password extension, resulting cryptographic public information; and (4) providing the cryptographic public information to a server. The user password is not provided to the server. In another embodiment, a method for user authentication includes (1) using a computer processor, receiving a login page from a server; (2) sending a Hash-based Message Authentication Code to the server; and (3) receiving an authentication from the server. In one embodiment, the login page may include a transkey and a value B.

US Patent:

20130179681, Jul 11, 2013

Filed:

Jun 8, 2012

Appl. No.:

13/492126

Inventors:

Glenn Benson - Newton MA, US
Salvatore Richard Re - Westfield NJ, US

Assignee:

JPMORGAN CHASE BANK, N.A. - New York NY

International Classification:

H04L 9/32

US Classification:

713155

Abstract:

Systems and methods for device registration and authentication are disclosed. In one embodiment, a method for authentication of a device may include (1) receiving, at a mobile device, a first credential; (2) transmitting, over a network, the first credential to a server; (3) receiving, from the server, a first key and a first value, the first value comprising a receipt for the first credential; (4) receiving, at the mobile device, a data entry for a second credential; (5) generating, by a processor, a second key from the data entry; (6) retrieving, by the mobile device, a third credential using the first key and the second key; (7) signing, by the mobile device, the first value with the third credential; and (8) transmitting, over the network, the signed third value to the server.

US Patent:

20200177395, Jun 4, 2020

Filed:

Feb 7, 2020

Appl. No.:

16/784863

Inventors:

- Arlington VA, US
Glenn S. Benson - Newton MA, US

International Classification:

H04L 9/32
G06Q 20/38
G06F 21/57
G06F 21/60
G06F 21/64
H04L 29/06
H04W 12/10
H04W 12/12
H04W 12/00
G06F 21/53
G06F 21/56

Abstract:

A system for establishing a trusted path for secure communication between client devices and server devices, such as between an account holder and a financial institution, can provide the core security attributes of confidentiality (of the parties), integrity (of the information), anti-replay (protection against replay fraud) and/or anti-tampering (protection against unauthorized changes to information being exchanged and/or modules that generate and communicate such information). A messaging layer implementation in favor of a transport layer implementation can provide a trusted path. This infrastructure features secure cryptographic key storage, and implementation of a trusted path built using the cryptographic infrastructure. The trusted path protects against unauthorized information disclosure, modification, or replays. These services can effectively protect against Man-in-the-Middle, Man-in-the-Application, and other attacks.