Patents Assigned to Arcot Systems, Inc.
  • Publication number: 20090034735
    Abstract: In a cryptographic system, the unlocking of secret keys on a user system is audited and correlated with other events that typically occur after the secret key is used to perform a cryptographic operation. Audit evidence of secret key cryptographic operations is recorded for later review and/or analysis, for use as stored evidence of unauthorized activity and/or for use in refuting false claims of repudiation of authorized activity. Some systems might also provide users with user activity reports that can alert a user to suspicious or unauthorized activity using that user's access.
    Type: Application
    Filed: August 25, 2008
    Publication date: February 5, 2009
    Applicant: Arcot Systems, Inc.
    Inventor: Robert Jerdonek
  • Patent number: 7484092
    Abstract: Techniques for efficiently searching encrypted searchable spaces. For example, embodiments of the present invention provide techniques for searching a plurality of files that are stored in encrypted (or ciphertext) form. According to embodiments of the present invention, the search can usually be performed by decrypting only a portion of the encrypted searchable space. According to an embodiment of the present invention, the search techniques determine a set of files comprising one or more files from the plurality of encrypted files that contain a user-specified query element. The set of files is usually determined by decrypting only a subset of the plurality of encrypted files.
    Type: Grant
    Filed: March 11, 2002
    Date of Patent: January 27, 2009
    Assignee: Arcot Systems, Inc.
    Inventors: Sanguthevar Rajasekaran, Rammohan Varadarajan
  • Patent number: 7454782
    Abstract: A computer-representable object (including, without limitation, a cryptographic key, or a graph or a Boolean description of a system) is secured using a generalized camouflaging technique. The secured object need not be stored in the system, not even in encrypted form. Instead, the technique employs a composition function that regenerates the secured object when one inputs a valid password (which may be any computer-representable information held by a user). By regenerating the secured object each time a valid password is entered, there is no need to store the secured object. If one inputs an invalid password, the technique may generate an incorrect object, such that the user is unable to distinguish this incorrect object from the secured object. If the user tries to use the incorrect object, the user can be exposed as unauthorized, without the user's knowledge that he has been exposed.
    Type: Grant
    Filed: October 30, 2001
    Date of Patent: November 18, 2008
    Assignee: Arcot Systems, Inc.
    Inventors: Sanguthevar Rajasekaran, Geoffrey R. Hird, Balas Natarajan Kausik
  • Patent number: 7418728
    Abstract: In a cryptographic system, the unlocking of secret keys on a user system is audited and correlated with other events that typically occur after the secret key is used to perform a cryptographic operation. Audit evidence of secret key cryptographic operations is recorded for later review and/or analysis, for use as stored evidence of unauthorized activity and/or for use in refuting false claims of repudiation of authorized activity. Some systems might also provide users with user activity reports that can alert a user to suspicious or unauthorized activity using that user's access.
    Type: Grant
    Filed: March 17, 2004
    Date of Patent: August 26, 2008
    Assignee: Arcot Systems, Inc.
    Inventor: Robert Jerdonek
  • Publication number: 20080181408
    Abstract: A confidential datum, such as a private key used in public key signature systems, is secured in a digital wallet using a “generation camouflaging” technique. With this technique, the private key is not necessarily stored in the digital wallet, not even in an encrypted form. Instead, the wallet contains a private key generation function that reproduces the correct private key when the user inputs his or her pre-selected PIN. If the user inputs an incorrect PIN, an incorrect private key is outputted. Such private key can be configured so that it cannot be readily distinguished from the correct private key through the use of private key formatting, and/or the use of pseudo-public keys corresponding to the private key. The techniques described herein are also applicable to other forms of regeneratable confidential data besides private keys.
    Type: Application
    Filed: January 22, 2008
    Publication date: July 31, 2008
    Applicant: Arcot Systems, Inc.
    Inventor: Geoffrey R. Hird
  • Publication number: 20080183629
    Abstract: A simple, secure and easy-to-deploy method and system for authenticating credit and debit cardholders at the point-of-sale on a computer network (e.g., the Internet) is disclosed. Cardholders are authenticated using digital signatures on a sales draft, in a manner that does not necessarily require any changes in the transaction flow of the participating financial institutions.
    Type: Application
    Filed: February 1, 2008
    Publication date: July 31, 2008
    Applicant: Arcot Systems, Inc.
    Inventor: Balas N. Kausik
  • Patent number: 7363262
    Abstract: A first account number and a second account number are created for an account. The first and second account numbers are associated with the account and can be used for transactions with the account. A first subset of operations is associated with the first account number and a second subset of operations is associated with the second account number. A subset of operations includes operations that are restricted to a party that has access to the account number. Accordingly, the first party that has access to the first account number is restricted to the operations found in the first subset of operations when transacting with the account. Also, a second party that has access to the second account number is restricted to the second subset of operations when transacting with the account.
    Type: Grant
    Filed: December 13, 2004
    Date of Patent: April 22, 2008
    Assignee: Arcot Systems, Inc.
    Inventor: James D. Reno
  • Patent number: 7330836
    Abstract: A simple, secure and easy-to-deploy method and system for authenticating credit and debit cardholders at the point-of-sale on a computer network (e.g. the Internet) is disclosed. Cardholders are authenticated using digital signatures on a sales draft, in a manner that does not necessarily require any changes in the transaction flow of the participating financial institutions.
    Type: Grant
    Filed: April 12, 2005
    Date of Patent: February 12, 2008
    Assignee: Arcot Systems, Inc.
    Inventor: Balas N. Kausik
  • Patent number: 7328350
    Abstract: A confidential datum, such as a private key used in public key signature systems, is secured in a digital wallet using a “generation camouflaging” technique. With this technique, the private key is not necessarily stored in the digital wallet, not even in an encrypted form. Instead, the wallet contains a private key generation function that reproduces the correct private key when the user inputs his or her pre-selected PIN. If the user inputs an incorrect PIN, an incorrect private key is outputted. Such private key can be configured so that it cannot be readily distinguished from the correct private key through the use of private key formatting, and/or the use of pseudo-public keys corresponding to the private key. The techniques described herein are also applicable to other forms of regeneratable confidential data besides private keys.
    Type: Grant
    Filed: June 5, 2001
    Date of Patent: February 5, 2008
    Assignee: Arcot Systems, Inc.
    Inventor: Geoffrey R. Hird
  • Patent number: 7181762
    Abstract: A computer program product for a client computing system including a processor includes code that directs the processor to request a challenge from a authentication server, code that directs the processor to receive the challenge from the authentication server via a first secure communications channel, the challenge comprising an identity code, code that directs the processor to receive user authentication data from a user, code that directs the processor to determine a private key and a digital certificate in response to the user authentication data, code that directs the processor to form a digital signature in response to the identity code and the private key, code that directs the processor to communicate the digital signature to the authentication server, code that directs the processor to communicate the digital certificate to the authentication server, the digital certificate comprising a public key in an encrypted form, and code that directs the processor to communicate network user authentication dat
    Type: Grant
    Filed: June 28, 2001
    Date of Patent: February 20, 2007
    Assignee: Arcot Systems, Inc.
    Inventor: Robert A. Jerdonek
  • Publication number: 20070022473
    Abstract: A method of authenticating a client to a service via a network includes retrieving a client ID and a lockstep code from a token interfaced with a client device, sending the client ID and the lockstep code to an authentication server as part of a verification request, at the authentication server, comparing the lockstep code to a confirmation lockstep code relating to the client ID, based on the comparison, sending an authentication message from the authentication server, at the authentication server, generating a new confirmation lockstep code, sending the new confirmation lockstep code to the client device, and updating the lockstep code of the token to an updated lockstep code that matches the new confirmation lockstep code.
    Type: Application
    Filed: July 21, 2005
    Publication date: January 25, 2007
    Applicant: Arcot Systems, Inc.
    Inventor: Geoffrey Hird
  • Patent number: 7167565
    Abstract: An n person secret sharing solution computes n unique keys to be distributed to the secret owners along with an exponentiated version of the secret. The custodian performs an exponent/modulo operation each time one of the keys is received from one of the secret owners. Alternatively, n+1 keys are created by the custodian, and the custodian retains one key after distributing the remaining n keys to the secret owners. After the custodian has received and processed the n keys from the secret owners, he performs an exponent/modulo operation using his own retained key. According to another aspect, a k out of n secret sharing solution involves computing and storing a database having an entry for each unique combination of k keys that could be returned from among the n keys. After k keys have been received, the custodian looks up in the database the entry corresponding to the particular unique combination of secret owners who returned keys.
    Type: Grant
    Filed: May 11, 2001
    Date of Patent: January 23, 2007
    Assignee: Arcot Systems, Inc.
    Inventor: Sanguthevar Rajasekaran
  • Patent number: 7111789
    Abstract: Techniques are disclosed to increase the efficiency of multi-party authentication communications protocols. One technique includes a four party authentication method utilizing a general authenticator to store and provide a credit card authentication password and other payment information to an issuing bank and/or other parties involved in the transaction. Other techniques include the use of skeleton messages to minimize the forwarding of information through a forwarding party, the elimination of redundant communications exchanges, the use of a merchant appliance hardware solution to minimize system integration difficulties, and/or the imposition of credit card constraints. The techniques may be used singly or in combination.
    Type: Grant
    Filed: August 22, 2002
    Date of Patent: September 26, 2006
    Assignee: Arcot Systems, Inc.
    Inventors: Sanguthevar Rajasekaran, James Reno, Rammohan Varadarajan, Sanjay Vyas, Do-Pil Park, Robert Jerdonek
  • Patent number: 7020782
    Abstract: Searching is an important problem that arises in a variety of applications, particularly for computerized databases. Further, many such applications involve searching set of (possible very large) integers (e.g., credit card numbers, employee identifiers, customer identifiers, dates, parts numbers, etc.). We present techniques for integer searching in a computer database based on a improved form of hashing which we shall refer to as “size-dependent hashing.” This technique can be used to strike a balance between the available memory in the computer system and the required search time.
    Type: Grant
    Filed: March 8, 2002
    Date of Patent: March 28, 2006
    Assignee: Arcot Systems, Inc.
    Inventors: Sanguthevar Rajasekaran, James Reno
  • Patent number: 6983381
    Abstract: A method for communicating passwords includes receiving at a server a challenge from a authentication server via a first secure communications channel, the challenge comprising a random password that is inactive, communicating the challenge from the server to a client computer via a second secure communications channel, receiving at the server a challenge response from the client computer via the second secure communications channel, the challenge response comprising a digital certificate and a digital signature, the digital certificate including a public key in an encrypted form, the digital signature being determined in response to the random password and the private key, and communicating the challenge response from the server to the authentication server via the first secure communications channel, wherein the random password is activated when the authentication server verifies the challenge response.
    Type: Grant
    Filed: June 28, 2001
    Date of Patent: January 3, 2006
    Assignee: Arcot Systems, Inc.
    Inventor: Robert A. Jerdonek
  • Publication number: 20050256890
    Abstract: The present invention describes techniques for performing searches in an efficient manner while minimizing the memory resources required to perform the searches. According to the techniques of the present invention, the number of comparisons needed to determine if a query element is in included in a set of elements is proportional to the length of the query element and independent of the number of elements in the set of elements.
    Type: Application
    Filed: July 25, 2005
    Publication date: November 17, 2005
    Applicant: Arcot Systems, Inc.
    Inventors: Sanguthevar Rajasekaran, Rajendra Gopalakrishna
  • Publication number: 20050246290
    Abstract: A simple, secure and easy-to-deploy method and system for authenticating credit and debit cardholders at the point-of-sale on a computer network (e.g. the Internet) is disclosed. Cardholders are authenticated using digital signatures on a sales draft, in a manner that does not necessarily require any changes in the transaction flow of the participating financial institutions.
    Type: Application
    Filed: April 12, 2005
    Publication date: November 3, 2005
    Applicant: Arcot Systems, Inc.
    Inventor: Balas Kausik
  • Patent number: 6959303
    Abstract: The present invention describes techniques for performing searches in an efficient manner while minimizing the memory resources required to perform the searches. According to the techniques of the present invention, the number of comparisons needed to determine if a query element is in included in a set of elements is proportional to the length of the query element and independent of the number of elements in the set of elements.
    Type: Grant
    Filed: December 4, 2001
    Date of Patent: October 25, 2005
    Assignee: Arcot Systems, Inc.
    Inventors: Sanguthevar Rajasekaran, Rajendra A. Gopalakrishna
  • Patent number: 6956950
    Abstract: A digital wallet stores an cryptographically camouflaged access-controlled datum, e.g., a private key encrypted under the user's PIN. Entry of the correct PIN will correctly decrypt the stored key. Entry of certain pseudo-valid PINs will also decrypt the stored key, but improperly so, resulting in a candidate key indistinguishable from the correct key. Such pseudo-valid PINs are spread thinly over the space of PINs, so that the user is unlikely to realize a pseudo-valid PIN via a typographical error in entering the correct PIN. In existing wallet technologies, which lack pseudo-valid PINs, only the correct PIN produces a decrypted key; thus, hackers can find the correct PIN by entering all possible PINs until a key is produced. The present invention's plurality of candidate keys prevent a hacker from knowing when he has found the correct key. In addition, hacker detection may be moved off-line into devices accepting messages signed with candidate keys, and/or the lockout threshold may be increased.
    Type: Grant
    Filed: December 27, 2000
    Date of Patent: October 18, 2005
    Assignee: Arcot Systems, Inc.
    Inventor: Balas Natarajan Kausik
  • Publication number: 20050228999
    Abstract: A computer-readable medium having stored thereon computer-executable instructions for implementing a method of verifying a digitally-signed document includes stored instruction for verifying a digital signature related to the document, stored instruction for validating at least one certificate associated with the signature, and stored instruction for storing audit information into a data structure movable as a unit. The audit information relates to verifying the digital signature and validating the at least one certificate, thereby retaining evidence that the document was verified. The instructions further include stored instruction for thereafter displaying the audit information.
    Type: Application
    Filed: March 24, 2005
    Publication date: October 13, 2005
    Applicant: Arcot Systems, Inc.
    Inventors: Robert Jerdonek, Thomas Wu, Do-Pil Park