Anand is a software engineer at eBay identity leading architecture, design and development of applications and frameworks related to authentication, authorization and security.

Abstract:

A system, method, and computer program product are provided for securing authorization tokens using client instance specific secrets. Tokens are valid for service requests only if time constraints and additional security constraints are met by additional information stored in the token in hashed form. A required comparison of a timestamp in a client service request header to the current server time limits the useful token life, e.g., to a few minutes. The service request header also includes data generated based on a secret previously assigned to a specific client instance. The secret may be generated by the server according to a public/private key scheme and sent to a particular client instance only once, e.g., during initial device registration. The secret may be omitted from service requests for public information. Service request headers may include device identifiers, so that service requests from known rogue clients may be ignored.

Country: United States
Grant Date: April 6, 2021

Abstract:

Systems and methods for implementing an identity assertion framework to authenticate a user in a federation of security domains are provided. A first security token service (STS) is configured to receive a request for a first token from a consumer and to issue the first token to the consumer. The first STS is associated with a first security domain, and the first token is issued according to a first issuing policy of the first security domain. A service provider within a second security domain receives the first token and makes a determination whether the first token is invalid in the second security domain. A second STS receives the first token from the service provider, determines that the first token was issued by the first STS, and validates the first token according to a federation policy between the first security domain and the second security domain.

Country: United States
Grant Date: February 14, 2017
INVENTORS: Benoy Antony, Anand Bahety, Neeti Deshmukh, Peter Johnson, Farhang Kassaei, Sachin Khanna, Franco Travostino

Abstract:

Systems and methods for implementing an identity assertion framework to authenticate a user in a federation of security domains are provided. A first security token service (STS) is configured to receive a request for a first token from a consumer and to issue the first token to the consumer. The first STS is associated with a first security domain, and the first token is issued according to a first issuing policy of the first security domain. A service provider within a second security domain receives the first token and makes a determination whether the first token is invalid in the second security domain. A second STS receives the first token from the service provider, determines that the first token was issued by the first sts, and validates the first token according to a federation policy between the first security domain and the second security domain

Country: United States
Grant Date: March 24, 2015
INVENTORS: Benoy Antony, Anand Bahety, Neeti Deshmukh, Peter Johnson, Farhang Kassaei, Sachin Khanna, Franco Travostino
Anand Bahety

Anand Bahety

Join Our Team

At eBay, we seek the very best talent to help us build more economic opportunity for everyone.