Patents Examined by Anthony DiLorenzo
-
Patent number: 6564319Abstract: A technique for compressing certificate information for use in portable credit instruments having limited storage capacity. An end user certificate typically actually comprises a chain of certificates, as SET transactions require not only the end user certificate and its parent certificates. Each certificate in the certificate chain is compared to a template for that certificate, and the differences are stored. Redundant differences within each certificate are deleted, as are differences which may be derived from differences stored for other certificates in the certificate chain. The remaining stored differences are then recorded on an end user credit instrument, such as a smart card. Preferably, the certificate chain is then recreated for verification purposes before the card is issued. PER encoding may also be employed to further compress the certificate information to be recorded on the credit instrument.Type: GrantFiled: December 29, 1997Date of Patent: May 13, 2003Assignee: International Business Machines CorporationInventors: Mark E. Peters, Parley Avery Salmon
-
Patent number: 6550010Abstract: Methods and apparatus to provide for a unit that is locked against use for communications until the unit is unlocked and that may be activated on a selected network in conjunction with the unit being unlocked. A unit includes a memory for storing an unlock code specific to the unit. The unlock code is used to unlock the unit and is unbreakable without knowledge of a secret code and an algorithm. The unlock code is generated by using the algorithm with the secret code and an identifier unique to the unit. The unit also includes a control for receipt of an input code and a system identification number with the input code and the system identification number having originated from the selected network.Type: GrantFiled: February 3, 2000Date of Patent: April 15, 2003Assignee: BellSouth Intellectual Property Corp.Inventors: Charles M. Link, II, Donald Lee Batson, Jr.
-
Patent number: 6532540Abstract: Methods and apparatuses for providing cryptographic assurance based on ranges as to whether a particular data item is on a list. According to one computer-implemented method, the items on the list are sorted and ranges are derived from adjacent pairs of data items on the list. Next, cryptographically manipulated data is generated from the plurality of ranges. At least parts of the cryptographically manipulated data is transmitted onto a network for use in cryptographically demonstrating whether any given data item is on the list. According to another computer-implemented method, a request message is received requesting whether a given data item is on a list of data items. In response, a range is selected that is derived from the pair of data items on the list that define the smallest range that includes the given data item. A response message is transmitted that cryptographically demonstrates whether the first data item is on the list using cryptographically manipulated data derived from the range.Type: GrantFiled: June 23, 1998Date of Patent: March 11, 2003Assignee: ValiCert, Inc.Inventor: Paul Carl Kocher
-
Patent number: 6480608Abstract: In an Asynchronous Transfer Mode telecommunications network having a plurality of virtual paths or circuits, an encryption key used for data transmitted between a source and a receiver may be updated, the data being transmitted initially using a first encryption key by a first of the plurality of virtual paths or circuits, by a connection being estabished by a second of the plurality of virtual paths or circuits and sending a second encryption key by that connection from the source to the receiver and subsequently transmitting the data using the second encryption key by the second of the plurality of virtual paths or circuits.Type: GrantFiled: April 23, 1998Date of Patent: November 12, 2002Assignee: Marconi Communications LimitedInventor: Richard J Proctor
-
Patent number: 6466671Abstract: A smartcard for use with a receiver of encrypted broadcast signals comprises a microprocessor for enabling or controlling decryption of said signals. A memory is coupled to the microprocessor. The microprocessor is adapted to enable or control the individual decryption of a plurality of such signals from respective broadcast suppliers of such signals by means of respective dynamically created zones in the memory, the dynamically created zones each being arranged to store decryption data associated with a respective one of said broadcast suppliers.Type: GrantFiled: September 21, 1999Date of Patent: October 15, 2002Inventors: Michel Maillard, Christian Benardeau
-
Patent number: 6445794Abstract: A method for generating an identical electronic one-time pad at a first location and a second location, the method comprising the steps of: (a) providing a first electronic device at the first location and a second electronic device at the second location, each of the first and the second electronic devices having: (i) a non-volatile memory; (ii) a processor; (iii) at least one table of true random numbers being stored on the non-volatile memory, the table being identical for the first and the second electronic devices; and (iv) at least one software program for obtaining a true random number from the table, the software program being stored on the non-volatile memory and the at least one software program being operated by the processor; (b) providing a communication channel for communication between the first electronic device and the second electronic device; (c) selecting a selected true random number from the table at the first and the second electronic devices according to a selection procedure, the seleType: GrantFiled: June 24, 1998Date of Patent: September 3, 2002Assignees: Worcop Investment Ltd.Inventor: Adam Shefi
-
Patent number: 6442692Abstract: A device for verifying the identity of an individual based on a typing characteristic token. The device having said device embedded in a keyboard, said keyboard in communication with an a processing system to be secured, said device comprising: an input means for monitoring the time interval in which keys on the keyboard are depressed; a processing means in electrical communication with the input means for generating a first typing characteristic token based on the monitored time intervals; a memory means in data communication with the processing means for storing the first typing characteristic token, and wherein the processing system is adapted to compare the first typing characteristic token with a second typing characteristics token generated for a current user; and wherein the processing system denies access to the current user if the second typing characteristic does not match the stored first typing characteristic token.Type: GrantFiled: July 21, 1998Date of Patent: August 27, 2002Inventor: Arkady G. Zilberman
-
Patent number: 6442688Abstract: A method and apparatus for public key certificate updates is accomplished when a user of a secured communications system provides, from time to time, a public key certificate update subscription update to a server. The public key certificate update subscription information identifies at least one subscriber subject (i.e., another end-user) that the user desires to obtain real time public key updates when they occur. In response to the subscription information, the server monitors public key certificates of the at least one subscriber subject. When a change occurs to the public key certificate of the at least one subscriber, the server provides an indication of the change to the requesting user. As such, while the user is on-line with the secured communications system, the server can provide the user with real-time updates of subscriber subjects' encryption public key certificates and/or signature public key certificates.Type: GrantFiled: August 29, 1997Date of Patent: August 27, 2002Assignee: Entrust Technologies LimitedInventors: Timothy E. Moses, Sharon M. Boeyen
-
Patent number: 6442690Abstract: Apparatus and methods for remotely rekeying a cryptographic device are disclosed. A method according to the invention includes associating a preliminary certificate with the device, generating a device certificate associated with the device, determining whether a certificate stored in the device is the preliminary certificate associated with the device, and if the certificate stored in the device is the preliminary certificate associated with the device, then securely loading the device certificate into the device. Apparatus for remotely rekeying a cryptographic device includes a computer readable medium having stored thereon computer executable instructions for performing a method according to the invention.Type: GrantFiled: October 21, 1999Date of Patent: August 27, 2002Assignee: L3-Communications CorporationInventors: James L. Howard, Jr., Pennington J. Hess, James A. MacStravic
-
Patent number: 6434701Abstract: A system enables encoding of a removable mark into digital data, and decoding of the mark from the digital data. The system comprises an encoder and a decoder. The encoder includes a target area locator for locating in the digital data a flat area having a flatness value n, and includes a marker for using the flatness value n to encode a mark into the flat area. The decoder attempts to extract a mark that includes a plateau and a core from digital data. The decoder includes a mark area locator for using a flatness value n to search digital data for a possible plateau, an unmarker coupled to the flat area locator for decoding a possible core upon locating a possible plateau and for using the flatness value n to replace the possible core with possible original data, and an authenticator coupled to the unmarker for examining the possible core for accuracy.Type: GrantFiled: April 6, 1999Date of Patent: August 13, 2002Assignee: Kwan Software Engineering, Inc.Inventor: John Man Kwong Kwan
-
Patent number: 6405315Abstract: A decentralized file system based on a network of remotely encrypted storage devices is disclosed. The file system includes a network to which a network client, a secure remotely encrypted storage device, a key manager, and a lock manager are attached. The system organizes data as files and directories. Files or directories are composed of one or more streams, which logically partition the data associated with the files or directories. The device serves as a repository of the system's data. The key manager controls data access keys while the lock manager handles consistency of the files. A network user may have read or write access to a file. Access is controlled using keys and access lists maintained by the key manager.Type: GrantFiled: September 11, 1997Date of Patent: June 11, 2002Assignee: International Business Machines CorporationInventors: Randal Chilton Burns, Edward Gustav Chron, Darrell Long, Benjamin Clay Reed
-
Patent number: 6381695Abstract: An object of the invention is to provide an encryption system and method for inhibiting the decryption of encrypted data unless a decryption condition is satisfied. Thus, according to the present invention, in order to provide the encryption system for inhibiting the decryption of encrypted data unless a decryption condition is satisfied, decryption enabled time is designated as a decryption condition, and an encryption system incorporating time-dependent decryption is constituted by a time-key certificate and a time-key certificate manager. A time-key certificate is employed when a third party proves that a public encryption key added to the certificate satisfies the decryption condition. The time-key certificate manager issues a time-key certificate and then manages a decryption key.Type: GrantFiled: July 14, 1998Date of Patent: April 30, 2002Assignee: International Business Machines CorporationInventors: Michiharu Kudo, Masayuki Numao, Hiroshi Kawazoe
-
Patent number: 6363151Abstract: Security parameters (SPAR) are provided by the mobile radiotelephone network (PLMN) for subscribers of another network (CN) via an interface (DSS1+) connecting the two networks, without carrying out subscriber entries in at least one subscriber database of the mobile radiotelephone network for these subscribers in the mobile radiotelephone network. The subscribers of the other network thereby identify themselves with a subscriber identity module (SIM) of their subscriber station (UPTS, DM), and are installed in a subscriber database (DB) of the other network. The security parameters for the subscribers installed in the private network are requested via the interface, are provided by an authentification center (AC) of the mobile radiotelephone network and are transmitted to the private network via the interface.Type: GrantFiled: July 31, 1997Date of Patent: March 26, 2002Assignee: Siemens AktiengesellschaftInventor: Hermann Linder
-
Patent number: 6351811Abstract: Systems and methods for controlling the transmission of data in a computer network; specifically, systems and methods related to preventing the transmission of compromised data. In one embodiment, a web server is configured to transmit requested data to a remote client through a computer network, such as the Internet. The web server includes a conventional computing system, including a processor and random access memory, and a non-volatile storage medium for storing the requested data. A software-defined process is executed by the computing system, whereby the software-defined process and the computing system cooperate to receive a request from a remote client for the requested data; determine whether the requested data has been compromised; and prevent the transmission of the requested data to the remote client if the data is compromised.Type: GrantFiled: April 22, 1999Date of Patent: February 26, 2002Assignee: Adapt Network Security, L.L.C.Inventors: Robert F. Groshon, L. Aaron Philipp, Jason C. Stone
-
Patent number: 6339827Abstract: The lightweight directory access protocol (LDAP) is extended to include client- and server-based controls for securing sensitive data in the directory service. The set of controls include a client control implemented on a client machine, and/or a server control implemented on a server machine. It is not required that both controls be implemented together, and a client machine may implement the client control irrespective of whether a server involved in the directory operation is running the server control.Type: GrantFiled: November 12, 1997Date of Patent: January 15, 2002Assignee: International Business Machines CorporationInventors: Ellen Jean Stokes, Ivan Matthew Milman
-
Patent number: 6337912Abstract: In order to unambiguously allocate a data carrier to an object, key information is written into the data carrier. Before writing-in the key information, secret identification information and open identification information is written into the data carrier. Copies of the secret and open information are stored in a central station. In the central station, for a particular data carrier, the open and secret information is associated with each other. In addition thereto, in the central station, object information for the particular object, and key information for the object are associated with each other. From the data carrier, the open identification information is sent to the central station to access the associated stored open and secret identification information so as to retrieve the stored secret identification information. In addition thereto, object information is sent to the central station to access the associated stored object and key information so as to retrieve the stored key information.Type: GrantFiled: August 19, 1997Date of Patent: January 8, 2002Assignee: U.S. Philips CorporationInventors: Wolfgang Buhr, Helmut Hörner
-
Patent number: 6327655Abstract: Methods and apparatus to provide for a unit that is locked against use for communications until the unit is unlocked and that may be activated on a selected network in conjunction with the unit being unlocked. A unit includes a memory for storing an unlock code specific to the unit. The unlock code is used to unlock the unit and is unbreakable without knowledge of a secret code and an algorithm. The unlock code is generated by using the algorithm with the secret code and an identifier unique to the unit. The unit also includes a control for receipt of an input code and a system identification number with the input code and the system identification number having originated from the selected network.Type: GrantFiled: February 3, 2000Date of Patent: December 4, 2001Assignee: BellSouth Intellectual Property CorporationInventors: Charles M. Link, II, Donald Lee Batson, Jr.
-
Patent number: 6324286Abstract: A full duplex DES cipher processor (DCP) supports to execute sixteen rounds of data encryption standard (DES) operation in four encryption modes and four decryption modes, namely: Electronic Code Book (ECB) mode, Cipher Block Chaining (CBC) mode, Cipher Feedback (CFB) mode, and Output Feedback (OFB) mode for both encryption and decryption. A DCP is composed of an I/O unit, an IV/key storage unit, a control unit, and an algorithm unit. The algorithm unit is used to encrypt/decrypt the incoming text message. The algorithm unit having a crypto engine allows encryption and decryption performed alternately, by sharing the same crypto engine. Since for crypto applications in communication services like T1, E1, V.35, the algorithm unit operation time is much shorter than the data I/O time; in other word, the algorithm unit is in the idle state mostly.Type: GrantFiled: October 5, 1998Date of Patent: November 27, 2001Assignee: Industrial Technology Research InstituteInventors: Yi-Sern Lai, I-Yao Chuang, Bor-Wen Chiou, Chin-Ning Yang
-
Patent number: 6317830Abstract: A device for authenticating subscribers to one or more exchanges of a digital communication network having at least one subscriber-side network terminator, to which at least one data terminal may be connected. It is a distinction of the invention that provision is made at every subscriber for at least one first authentication module capable of receiving a first identification carrier, and provision is made in the exchange for at least one second authentication module capable of receiving a second identification carrier, or that, alternatively, connected between the network terminators assigned to the exchange and the exchange is an additional device, in which is arranged a second authentication module capable of receiving a second identification carrier, the authentication modules being capable of encoding and/or decoding a piece of information with an individual, subscriber-specific key and of exchanging information with each other for unilateral and/or bilateral authentication.Type: GrantFiled: December 8, 1997Date of Patent: November 13, 2001Assignee: Deutsche Telekom AGInventor: Helmut Stolz
-
Patent number: 6311271Abstract: A method of signing digital streams so that a receiver of the stream can authenticate and consume the stream at the same rate which the stream is being sent to the receiver. More specifically, this invention involves computing and verifying a single digital signature on at least a portion of the stream. The properties of this single signature will propagate to the rest of the stream through ancillary information embedded in the rest of the stream.Type: GrantFiled: October 20, 1999Date of Patent: October 30, 2001Assignee: International Business Machines CorporationInventors: Rosario Gennaro, Pankaj Rohatgi