Patents Assigned to Activcard
-
Patent number: 9098685Abstract: A method of authorizing a user at a location is disclosed. A user data input device is used for receiving of user information. In dependence upon stored policy data, a location of the workstation and other characteristics thereof, an authorization method for the user is determined. In the authorization method, the user is first identified with the security server and then optionally authorized thereby. The stored policy data results in different determined methods for different authorization procedures based upon the user data and the characteristic of the user data input device and the workstation.Type: GrantFiled: May 19, 2004Date of Patent: August 4, 2015Assignee: Activcard Ireland LimitedInventor: Laurence Hamid
-
Patent number: 8775819Abstract: A method of authorising a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorization methods each requiring data only from available user information entry devices. The user then selects one of the determined authorization methods for use in user authorization. Optionally, each authorization method is associated with a security level relating to user access to resources. Once the authorization method is selected, the user provides user authorization information in accordance with a determined user authorization method and registration proceeds.Type: GrantFiled: August 31, 2012Date of Patent: July 8, 2014Assignee: Activcard Ireland LimitedInventors: Laurence Hamid, Robert D. Hillhouse
-
Patent number: 8495381Abstract: This invention provides a simple and secure PIN unblock mechanism for use with a security token. A set of one or more passphrases are stored on a remote server during personalization. Likewise, the answers to the passphrases are hashed and stored inside the security token for future comparison. A local client program provides the user input and display dialogs and ensures a secure communications channel is provided before passphrases are retrieved from the remote server. Retrieval of passphrases and an administrative unblock secret from the remote server are accomplished using a unique identifier associated with the security token, typically the token's serial number. A PIN unblock applet provides the administrative mechanism to unblock the security token upon receipt of an administrative unblock shared secret. The remote server releases the administrative unblock shared secret only after a non-forgeable confirmatory message is received from the security token that the user has been properly authenticated.Type: GrantFiled: August 6, 2007Date of Patent: July 23, 2013Assignee: ActivcardInventor: Mark Herbert Priebatsch
-
Publication number: 20130145442Abstract: This invention provides a privilege delegation mechanism, which allows a privilege and associated control attributes to be delegated from a security token to another security token or an intelligent device such as a computer system. The privilege may be in the form of an attribute certificate, a key component of a cryptographic key, a complete cryptographic key, digital certificate, digital right, license or loyalty credits. The purpose of the delegation is to allow another security token or computer system to act as a surrogate for the security token or to access a resource which requires components from both units before access is permitted. Attributes associated with the delegated privilege control the scope and use of the privilege. The delegation may allow the surrogate to perform authentications, access data or resources included on another security token or computer system. Authentications are performed prior to transferring of the delegable privileges.Type: ApplicationFiled: September 25, 2012Publication date: June 6, 2013Applicant: ACTIVCARDInventor: ACTIVCARD
-
Patent number: 8438623Abstract: This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.Type: GrantFiled: October 18, 2011Date of Patent: May 7, 2013Assignee: ActivCardInventor: Jamie Angus Band
-
Patent number: 8306228Abstract: An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.Type: GrantFiled: September 7, 2007Date of Patent: November 6, 2012Assignee: Activcard Ireland, LimitedInventors: Eric Le Saint, Wu Wen
-
Patent number: 8302171Abstract: This invention provides a privilege delegation mechanism, which allows a privilege and associated control attributes to be delegated from a security token to another security token or an intelligent device such as a computer system. The privilege may be in the form of an attribute certificate, a key component of a cryptographic key, a complete cryptographic key, digital certificate, digital right, license or loyalty credits. The purpose of the delegation is to allow another security token or computer system to act as a surrogate for the security token or to access a resource which requires components from both units before access is permitted. Attributes associated with the delegated privilege control the scope and use of the privilege. The delegation may allow the surrogate to perform authentications, access data or resources included on another security token or computer system. Authentications are performed prior to transferring of the delegable privileges.Type: GrantFiled: July 14, 2010Date of Patent: October 30, 2012Assignee: ActivcardInventor: Eric F. Le Saint
-
Patent number: 8296570Abstract: A method of authorizing a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorization methods each requiring data only from available user information entry devices. The user then selects one of the determined authorization methods for use in user authorization. Optionally, each authorization method is associated with a security level relating to user access to resources. Once the authorization method is selected, the user provides user authorization information in accordance with a determined user authorization method and registration proceeds.Type: GrantFiled: August 23, 2006Date of Patent: October 23, 2012Assignee: Activcard Ireland LimitedInventors: Laurence Hamid, Robert D. Hillhouse
-
Patent number: 8209753Abstract: An anonymous secure messaging method, system and computer program product for implementation over a wireless connection. The invention allows the securely exchange of information between a security token enabled computer system and an intelligent remote device having an operatively coupled security token thereto over the wireless connection. The invention establishes an anonymous secure messaging channel between the security token and the security token enabled computer system, which allows the intelligent remote device to emulate a locally connected security token peripheral device without requiring a physical connection. A dedicated wireless communications channel is incorporated to prevent several concurrent wireless connections from being established with the security token and potentially compromising the security of the information being sent on concurrent wireless connections.Type: GrantFiled: December 22, 2003Date of Patent: June 26, 2012Assignee: Activcard, Inc.Inventors: Wu Wen, Eric F. Le Saint, Jerome Antoine Marie Becquart
-
Patent number: 8200195Abstract: An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction.Type: GrantFiled: January 28, 2011Date of Patent: June 12, 2012Assignee: Activcard Ireland, LimitedInventors: Eric F. Le Saint, Dominique Louis Joseph Fedronic
-
Patent number: 8190899Abstract: System and method for establishing a remote connection over a network with a personal security device connected to a local client without using a local APDU interface or local cryptography.Type: GrantFiled: December 30, 2009Date of Patent: May 29, 2012Assignee: ActivCardInventors: Yves Louis Gabriel Audebert, Olivier Clemot
-
Patent number: 8171304Abstract: A method, system and computer program product which allows identification of an enrollment biometric template having a highest probability of matching a sample biometric template from a plurality of enrolled biometric templates without compromising or significantly compromising system security. In one embodiment of the invention, first feature set information is derived from sample and enrollment biometric templates. The first feature set information generally comprises spatially dependent information associated with a fingerprint. The first feature set information is then used to determine which enrollment biometric template has the highest probability of matching the sample biometric template. Second feature set information is then derived from the biometric sample template and the determined enrollment biometric template and used to perform a one-to-one match. The second feature set information generally comprises pattern dependent information associated with a fingerprint.Type: GrantFiled: May 15, 2003Date of Patent: May 1, 2012Assignee: Activcard Ireland LimitedInventor: Robert D. Hillhouse
-
Patent number: 8103063Abstract: A method for matching biometric data is disclosed. A biometric information source is sensed to provide an image thereof. The image is then analysed to extract features therefrom. A feature is selected as a first feature and a plurality of polygons are generated with a location of the first feature as a vertex of each. The polygons are then used to search a lookup table in order to determine an orientation and translation of the image relative to stored reference data.Type: GrantFiled: April 30, 2010Date of Patent: January 24, 2012Assignee: Activcard Ireland LimitedInventor: Robert D. Hillhouse
-
Patent number: 8065717Abstract: This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.Type: GrantFiled: November 27, 2002Date of Patent: November 22, 2011Assignee: ActivcardInventor: Jamie Angus Band
-
Patent number: 8028083Abstract: The present invention provides a method for activating and/or managing at least one Personal Security Device PSD (2040) with at least a first Remote Computer System (2050) over a first network (2045) using at least one Client (2010) as a host to said at least one PSD (2040), said method comprising the steps of: a) establishing at least one communications pipe (2075) over said first network (2045) between said at least one PSD (2040) and said at least first Remote Computer System (2050), b) retrieving proprietary information (I) by said at least first Remote Computer System (2050) from a remote storage location (2165), c) transmitting said proprietary information (I) from said at least first Remote Computer System (2050) said at least one PSD (2040) through said at least one communications pipe (2075), and d) storing and/or processing said proprietary information (I) in said at least one PSD (2040).Type: GrantFiled: April 9, 2002Date of Patent: September 27, 2011Assignee: Activcard Ireland, LimitedInventors: Yves Louis Gabriel Audebert, Olivier Clemot
-
Patent number: 8014570Abstract: A method, system and computer program product for improving error discrimination in biometric authentication systems. The error discrimination is set to a predetermined security policy. A plurality of biometric samples are provided and authenticated by a computer system in conjunction with a security token. An alternate embodiment allows inputting of the plurality of biometric samples in a predetermined sequence. The predetermined input sequence is maintained as an authentication secret which may be used to further reduce the authentication transaction error rate.Type: GrantFiled: November 10, 2005Date of Patent: September 6, 2011Assignee: ActivCard, Inc.Inventors: Eric F. Le Saint, Wu Wen, Laurence Hamid
-
Patent number: 7921298Abstract: A security framework for a host computer system which allows a host to control access to a compliant security token by ensuring enforcement of established security policies administered by a middleware application. Processing between the host computer system and the security token is performed using one or more modular security application agents. The modular security application agents are counterpart applications to security applications installed in the security token and may be retrieved and installed upon to ensure compatibility between counterpart token and host security applications. The security policies are a composite of host security policies and token security policies which are logically combined by the middleware application at the beginning of a session.Type: GrantFiled: November 13, 2007Date of Patent: April 5, 2011Assignee: Activcard Ireland, LimitedInventors: Eric Le Saint, John Boyer
-
Patent number: 7916901Abstract: A method for matching biometric data is disclosed. A biometric information source is sensed to provide an image thereof. The image is then analysed to extract features thereform. A feature is selected as a first feature and a plurality of polygons are generated with a location of the first feature as a vertex of each. The polygons are then used to search a lookup table in order to determine an orientation and translation of the image relative to stored reference data.Type: GrantFiled: October 6, 2006Date of Patent: March 29, 2011Assignee: Activcard Ireland LimitedInventor: Robert D. Hillhouse
-
Patent number: 7907935Abstract: An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction.Type: GrantFiled: December 22, 2003Date of Patent: March 15, 2011Assignee: Activcard Ireland, LimitedInventors: Eric F. Le Saint, Dominique Louis Joseph Fedronic
-
Patent number: RE42861Abstract: A method and a system for disabling execution of a software application stored within a computer absent data indicative of an authorized use of the software application are disclosed. At start up or during execution of a software application a user is prompted for user authorization information. Using a processor within a smart card the received user authorization information is compared with user authorization information stored in memory of the smart card to produce a comparison result. If the comparison result is indicative of an authorized user of the software application, then data indicative of the authorized use of the software application is provided from the smart card to the computer. Upon receipt of the data indicative of the authorized use of the software application execution of the software application is continued. When the data is not data indicative of the authorized use of the software application further execution of the software application is disabled.Type: GrantFiled: April 7, 2006Date of Patent: October 18, 2011Assignee: Activcard Ireland, Ltd.Inventor: Stephen J. Borza