Patents Assigned to Activcard
  • Patent number: 9098685
    Abstract: A method of authorizing a user at a location is disclosed. A user data input device is used for receiving of user information. In dependence upon stored policy data, a location of the workstation and other characteristics thereof, an authorization method for the user is determined. In the authorization method, the user is first identified with the security server and then optionally authorized thereby. The stored policy data results in different determined methods for different authorization procedures based upon the user data and the characteristic of the user data input device and the workstation.
    Type: Grant
    Filed: May 19, 2004
    Date of Patent: August 4, 2015
    Assignee: Activcard Ireland Limited
    Inventor: Laurence Hamid
  • Patent number: 8775819
    Abstract: A method of authorising a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorization methods each requiring data only from available user information entry devices. The user then selects one of the determined authorization methods for use in user authorization. Optionally, each authorization method is associated with a security level relating to user access to resources. Once the authorization method is selected, the user provides user authorization information in accordance with a determined user authorization method and registration proceeds.
    Type: Grant
    Filed: August 31, 2012
    Date of Patent: July 8, 2014
    Assignee: Activcard Ireland Limited
    Inventors: Laurence Hamid, Robert D. Hillhouse
  • Patent number: 8495381
    Abstract: This invention provides a simple and secure PIN unblock mechanism for use with a security token. A set of one or more passphrases are stored on a remote server during personalization. Likewise, the answers to the passphrases are hashed and stored inside the security token for future comparison. A local client program provides the user input and display dialogs and ensures a secure communications channel is provided before passphrases are retrieved from the remote server. Retrieval of passphrases and an administrative unblock secret from the remote server are accomplished using a unique identifier associated with the security token, typically the token's serial number. A PIN unblock applet provides the administrative mechanism to unblock the security token upon receipt of an administrative unblock shared secret. The remote server releases the administrative unblock shared secret only after a non-forgeable confirmatory message is received from the security token that the user has been properly authenticated.
    Type: Grant
    Filed: August 6, 2007
    Date of Patent: July 23, 2013
    Assignee: Activcard
    Inventor: Mark Herbert Priebatsch
  • Publication number: 20130145442
    Abstract: This invention provides a privilege delegation mechanism, which allows a privilege and associated control attributes to be delegated from a security token to another security token or an intelligent device such as a computer system. The privilege may be in the form of an attribute certificate, a key component of a cryptographic key, a complete cryptographic key, digital certificate, digital right, license or loyalty credits. The purpose of the delegation is to allow another security token or computer system to act as a surrogate for the security token or to access a resource which requires components from both units before access is permitted. Attributes associated with the delegated privilege control the scope and use of the privilege. The delegation may allow the surrogate to perform authentications, access data or resources included on another security token or computer system. Authentications are performed prior to transferring of the delegable privileges.
    Type: Application
    Filed: September 25, 2012
    Publication date: June 6, 2013
    Applicant: ACTIVCARD
    Inventor: ACTIVCARD
  • Patent number: 8438623
    Abstract: This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.
    Type: Grant
    Filed: October 18, 2011
    Date of Patent: May 7, 2013
    Assignee: ActivCard
    Inventor: Jamie Angus Band
  • Patent number: 8306228
    Abstract: An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.
    Type: Grant
    Filed: September 7, 2007
    Date of Patent: November 6, 2012
    Assignee: Activcard Ireland, Limited
    Inventors: Eric Le Saint, Wu Wen
  • Patent number: 8302171
    Abstract: This invention provides a privilege delegation mechanism, which allows a privilege and associated control attributes to be delegated from a security token to another security token or an intelligent device such as a computer system. The privilege may be in the form of an attribute certificate, a key component of a cryptographic key, a complete cryptographic key, digital certificate, digital right, license or loyalty credits. The purpose of the delegation is to allow another security token or computer system to act as a surrogate for the security token or to access a resource which requires components from both units before access is permitted. Attributes associated with the delegated privilege control the scope and use of the privilege. The delegation may allow the surrogate to perform authentications, access data or resources included on another security token or computer system. Authentications are performed prior to transferring of the delegable privileges.
    Type: Grant
    Filed: July 14, 2010
    Date of Patent: October 30, 2012
    Assignee: Activcard
    Inventor: Eric F. Le Saint
  • Patent number: 8296570
    Abstract: A method of authorizing a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorization methods each requiring data only from available user information entry devices. The user then selects one of the determined authorization methods for use in user authorization. Optionally, each authorization method is associated with a security level relating to user access to resources. Once the authorization method is selected, the user provides user authorization information in accordance with a determined user authorization method and registration proceeds.
    Type: Grant
    Filed: August 23, 2006
    Date of Patent: October 23, 2012
    Assignee: Activcard Ireland Limited
    Inventors: Laurence Hamid, Robert D. Hillhouse
  • Patent number: 8209753
    Abstract: An anonymous secure messaging method, system and computer program product for implementation over a wireless connection. The invention allows the securely exchange of information between a security token enabled computer system and an intelligent remote device having an operatively coupled security token thereto over the wireless connection. The invention establishes an anonymous secure messaging channel between the security token and the security token enabled computer system, which allows the intelligent remote device to emulate a locally connected security token peripheral device without requiring a physical connection. A dedicated wireless communications channel is incorporated to prevent several concurrent wireless connections from being established with the security token and potentially compromising the security of the information being sent on concurrent wireless connections.
    Type: Grant
    Filed: December 22, 2003
    Date of Patent: June 26, 2012
    Assignee: Activcard, Inc.
    Inventors: Wu Wen, Eric F. Le Saint, Jerome Antoine Marie Becquart
  • Patent number: 8200195
    Abstract: An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction.
    Type: Grant
    Filed: January 28, 2011
    Date of Patent: June 12, 2012
    Assignee: Activcard Ireland, Limited
    Inventors: Eric F. Le Saint, Dominique Louis Joseph Fedronic
  • Patent number: 8190899
    Abstract: System and method for establishing a remote connection over a network with a personal security device connected to a local client without using a local APDU interface or local cryptography.
    Type: Grant
    Filed: December 30, 2009
    Date of Patent: May 29, 2012
    Assignee: ActivCard
    Inventors: Yves Louis Gabriel Audebert, Olivier Clemot
  • Patent number: 8171304
    Abstract: A method, system and computer program product which allows identification of an enrollment biometric template having a highest probability of matching a sample biometric template from a plurality of enrolled biometric templates without compromising or significantly compromising system security. In one embodiment of the invention, first feature set information is derived from sample and enrollment biometric templates. The first feature set information generally comprises spatially dependent information associated with a fingerprint. The first feature set information is then used to determine which enrollment biometric template has the highest probability of matching the sample biometric template. Second feature set information is then derived from the biometric sample template and the determined enrollment biometric template and used to perform a one-to-one match. The second feature set information generally comprises pattern dependent information associated with a fingerprint.
    Type: Grant
    Filed: May 15, 2003
    Date of Patent: May 1, 2012
    Assignee: Activcard Ireland Limited
    Inventor: Robert D. Hillhouse
  • Patent number: 8103063
    Abstract: A method for matching biometric data is disclosed. A biometric information source is sensed to provide an image thereof. The image is then analysed to extract features therefrom. A feature is selected as a first feature and a plurality of polygons are generated with a location of the first feature as a vertex of each. The polygons are then used to search a lookup table in order to determine an orientation and translation of the image relative to stored reference data.
    Type: Grant
    Filed: April 30, 2010
    Date of Patent: January 24, 2012
    Assignee: Activcard Ireland Limited
    Inventor: Robert D. Hillhouse
  • Patent number: 8065717
    Abstract: This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.
    Type: Grant
    Filed: November 27, 2002
    Date of Patent: November 22, 2011
    Assignee: Activcard
    Inventor: Jamie Angus Band
  • Patent number: 8028083
    Abstract: The present invention provides a method for activating and/or managing at least one Personal Security Device PSD (2040) with at least a first Remote Computer System (2050) over a first network (2045) using at least one Client (2010) as a host to said at least one PSD (2040), said method comprising the steps of: a) establishing at least one communications pipe (2075) over said first network (2045) between said at least one PSD (2040) and said at least first Remote Computer System (2050), b) retrieving proprietary information (I) by said at least first Remote Computer System (2050) from a remote storage location (2165), c) transmitting said proprietary information (I) from said at least first Remote Computer System (2050) said at least one PSD (2040) through said at least one communications pipe (2075), and d) storing and/or processing said proprietary information (I) in said at least one PSD (2040).
    Type: Grant
    Filed: April 9, 2002
    Date of Patent: September 27, 2011
    Assignee: Activcard Ireland, Limited
    Inventors: Yves Louis Gabriel Audebert, Olivier Clemot
  • Patent number: 8014570
    Abstract: A method, system and computer program product for improving error discrimination in biometric authentication systems. The error discrimination is set to a predetermined security policy. A plurality of biometric samples are provided and authenticated by a computer system in conjunction with a security token. An alternate embodiment allows inputting of the plurality of biometric samples in a predetermined sequence. The predetermined input sequence is maintained as an authentication secret which may be used to further reduce the authentication transaction error rate.
    Type: Grant
    Filed: November 10, 2005
    Date of Patent: September 6, 2011
    Assignee: ActivCard, Inc.
    Inventors: Eric F. Le Saint, Wu Wen, Laurence Hamid
  • Patent number: 7921298
    Abstract: A security framework for a host computer system which allows a host to control access to a compliant security token by ensuring enforcement of established security policies administered by a middleware application. Processing between the host computer system and the security token is performed using one or more modular security application agents. The modular security application agents are counterpart applications to security applications installed in the security token and may be retrieved and installed upon to ensure compatibility between counterpart token and host security applications. The security policies are a composite of host security policies and token security policies which are logically combined by the middleware application at the beginning of a session.
    Type: Grant
    Filed: November 13, 2007
    Date of Patent: April 5, 2011
    Assignee: Activcard Ireland, Limited
    Inventors: Eric Le Saint, John Boyer
  • Patent number: 7916901
    Abstract: A method for matching biometric data is disclosed. A biometric information source is sensed to provide an image thereof. The image is then analysed to extract features thereform. A feature is selected as a first feature and a plurality of polygons are generated with a location of the first feature as a vertex of each. The polygons are then used to search a lookup table in order to determine an orientation and translation of the image relative to stored reference data.
    Type: Grant
    Filed: October 6, 2006
    Date of Patent: March 29, 2011
    Assignee: Activcard Ireland Limited
    Inventor: Robert D. Hillhouse
  • Patent number: 7907935
    Abstract: An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction.
    Type: Grant
    Filed: December 22, 2003
    Date of Patent: March 15, 2011
    Assignee: Activcard Ireland, Limited
    Inventors: Eric F. Le Saint, Dominique Louis Joseph Fedronic
  • Patent number: RE42861
    Abstract: A method and a system for disabling execution of a software application stored within a computer absent data indicative of an authorized use of the software application are disclosed. At start up or during execution of a software application a user is prompted for user authorization information. Using a processor within a smart card the received user authorization information is compared with user authorization information stored in memory of the smart card to produce a comparison result. If the comparison result is indicative of an authorized user of the software application, then data indicative of the authorized use of the software application is provided from the smart card to the computer. Upon receipt of the data indicative of the authorized use of the software application execution of the software application is continued. When the data is not data indicative of the authorized use of the software application further execution of the software application is disabled.
    Type: Grant
    Filed: April 7, 2006
    Date of Patent: October 18, 2011
    Assignee: Activcard Ireland, Ltd.
    Inventor: Stephen J. Borza