Patents Assigned to Entrust Technologies Limited
  • Patent number: 7426635
    Abstract: A method and system for managing public key certificates is provided. A user purchases a block of unallocated time. When the user requests a certificate, the user specifies a life span for the certificate. A certificate is generated, and the life span of the certificate is deducted from the block of unallocated time. If the user revokes a certificate, the remaining lifetime of the revoked certificate is added back to the block of unallocated time. This allows certificates to be revoked without loss of purchased time, and gives the user more flexibility at requesting and revoking certificates.
    Type: Grant
    Filed: June 28, 2001
    Date of Patent: September 16, 2008
    Assignee: Entrust Technologies Limited
    Inventors: Robert Everett Parkhill, Blake Stanton Sutherland
  • Patent number: 7412599
    Abstract: Apparatus and method are provided for performing remote notification of records, each having a respective record identifier. A record-user mapping associates with each record identifier a respective one or more user names. For each record upon which remote notification is to be performed the respective one or more user names is obtained from the record-user mapping, and for each obtained user name a respective addressable entity is obtained from a user name-addressable entity mapping. A notification of the record is sent to the addressable entity. Target record processing may also be provided. For each record identifier for which target record processing is to be performed, a target user name is read from the associated record, a respective addressable entity is obtained from the user name-addressable entity mapping, and a notification of the record is sent to the addressable entity.
    Type: Grant
    Filed: December 7, 2000
    Date of Patent: August 12, 2008
    Assignee: Entrust Technologies Limited
    Inventors: Karim Nathoo, Tim Bramble, Shan Syed
  • Patent number: 6865674
    Abstract: An information security network provides a plurality of trusted authorities configurable in a rooted hierarchical structure. At least one of the trusted authorities is a superior authority and at least one of the trusted authorities are subordinate authorities. The trust authorities are capable of issuing digitally signed data structures, referred to as certificates. The superior authority is operative to generate policy control message data, such as separate message data or a certificate containing policy information, to dynamically vary policy control data to facilitate trust authority policy delegation among subordinate authorities. The policy control data includes, among other things, inter-trusted authority trust modification data to dynamically vary validation starting authorities among subordinate authorities.
    Type: Grant
    Filed: June 2, 1999
    Date of Patent: March 8, 2005
    Assignee: Entrust Technologies Limited
    Inventors: Adrian O. Mancini, Kevin T. Simzer, James Turnbull
  • Patent number: 6718470
    Abstract: A system and method grants security privilege in a communication system by providing privilege test criteria data for a subscriber unit so that the subscriber unit or some other entity can select among subscriber privilege data based on the privilege test criteria data, so that only the necessary privilege information is communicated between the relying party and the subscriber unit of interest. A privilege data selector selects, for example, among a plurality of attribute certificates associated with a selected subscriber unit or among sets of privilege data within an attribute certificate, the certificate (or certificates) that matches the privileged test criteria data. This pre-selected certificate is then communicated for use by the relying unit and verified that it meets the test selected by the relying party unit.
    Type: Grant
    Filed: June 5, 1998
    Date of Patent: April 6, 2004
    Assignee: Entrust Technologies Limited
    Inventor: Carlisle Adams
  • Patent number: 6694434
    Abstract: A system and method for controlling program execution for a first-party includes providing application registration data, by a second-party (trusted party), wherein the application registration data contains a plurality of first unique application verification data (i.e., data elements), such as a list of hash values. Each unique application verification data element corresponds to at least one of the plurality of approved executable programs. The unique application verification data element is determined as a uniquely associatable data corresponding to each of corresponding executable programs from the plurality of executable programs. Prior to allowing individual program execution by the first-party, the first-party generates a second unique application verification data element, such as a hash value, of an executable file designated for execution on a processing device and compares the generated hash value to the list of hash values. If a match is found, the program is allowed to execute.
    Type: Grant
    Filed: December 23, 1998
    Date of Patent: February 17, 2004
    Assignee: Entrust Technologies Limited
    Inventors: William G. McGee, Glenn C. Langford, Paul C. Van Oorschot
  • Patent number: 6691231
    Abstract: An apparatus and method provides arbitration among a plurality of subscribers and also provides access isolation between a requester, such as a subscriber or other entity, and a security-related information source, such as a repository containing certificates and certificate revocation lists (CRLs) or other security-related information. The system and method isolates the requester from the source by generating separate security information release-data to obtain the security-related information from the source based on analyzed request criteria-data. The arbitration module generates a separate security-information release request to the repository to retrieve appropriate data from the internal repository in response to the externally generated request without allowing the request to filter directly through to the security-related information source.
    Type: Grant
    Filed: June 7, 1999
    Date of Patent: February 10, 2004
    Assignee: Entrust Technologies Limited
    Inventors: James Steven Lloyd, Sharon M. Boeyen, Ronald J. Vandergeest
  • Patent number: 6675296
    Abstract: A certificate issuing apparatus and method creates a new certificate of a differing format from an existing certificate format to facilitate certificate conversion. A certificate converting unit receives first certificate data in a first format and desired certificate format criteria data, such as data representing the format of a certificate to which the first certificate is to be converted. The apparatus and method then generates second certificate data in a second format in response to the desired certificate format criteria data. In one embodiment, this is done using certificate format template data, such as templates representing the format and/or syntax of a plurality of differing certificate formats. The format template data is then mapped so that information from one certificate can be suitably mapped and then placed in a proper format and syntax for a different certificate format.
    Type: Grant
    Filed: June 28, 1999
    Date of Patent: January 6, 2004
    Assignee: Entrust Technologies Limited
    Inventors: Sharon M. Boeyen, James Steven Lloyd, Ronald J. Vandergeest
  • Patent number: 6643784
    Abstract: A system and method employs a password rule data provider that provides password generation rule data to a notification device, such as visual display device or audible output device. A password data evaluator, such as a per character password data evaluator, continuously evaluates password character data as its being entered and compares each character to the password generation rule data. A dynamic status data generator dynamically generates password rule status data, such as visual indication of which rule has been met or which rule has not been met as password data is being entered.
    Type: Grant
    Filed: December 14, 1998
    Date of Patent: November 4, 2003
    Assignee: Entrust Technologies Limited
    Inventor: Murray R. McCulligh
  • Patent number: 6603857
    Abstract: A method and apparatus for controlling release of time-sensitive information is accomplished by a server that establishes access information for a specific future time which only becomes active once the specific future time has passed. When the specific future time has passed, the server releases the access information such that an end-user or end-users may utilize the access information to obtain time-sensitive information. The access information may be a random number which can be used to calculate a decryption key and an encryption key. The encryption key can be released by the server at any time such that an end-user may encrypt time sensitive information for release at the specific future time, but the random number is not released until the specific future time has passed. When the random number is released, end-users may generate the decryption key and subsequently decrypt the time-sensitive information.
    Type: Grant
    Filed: July 14, 1997
    Date of Patent: August 5, 2003
    Assignee: Entrust Technologies Limited
    Inventors: Mark Christopher Batten-Carew, Michael James Wiener
  • Patent number: 6574733
    Abstract: Briefly, a centralized secure data backup system pulls information to be securely backed-up from one or more data sources such as computer nodes or other communication units. A processor or other suitable processor centrally initiates extraction of data to be backed-up from a plurality of processing nodes. The processor employs a backup data encryptor that encrypts the centrally extracted data using a public key based cryptographic system. Data is encrypted using a suitable symmetric key and symmetric cryptosystem. Then the symmetric key is wrapped using the public encryption key of the data source, such as a user, organization administrator, software application or other entity.
    Type: Grant
    Filed: January 25, 1999
    Date of Patent: June 3, 2003
    Assignee: Entrust Technologies Limited
    Inventor: Glenn C. Langford
  • Patent number: 6567914
    Abstract: An apparatus and methods for facilitating a reduction in data transmission bandwidth removes unnecessary data relating to encryption keys prior to sending a message or storing the encrypted information for a recipient. Encrypted data, such as message data for multiple recipients, is analyzed to determine whether encryption related data for other recipients may be removed.
    Type: Grant
    Filed: April 27, 2000
    Date of Patent: May 20, 2003
    Assignee: Entrust Technologies Limited
    Inventors: Michael K. Just, Paul Van Oorschot
  • Patent number: 6507911
    Abstract: A data deletion system and method detects data deletion notification data representing a desire to delete data, such as a data delete command from a storage management system such as an operating system or other software application. The system and method provides a system invoked deletion process that modifies the desired data to be deleted in response to the detected data deletion notification data. The system does not require continued user invocation to select data to be deleted. Modification of the desired data to be deleted includes actual deletion of the information by overwriting the desired data to be deleted with random data or other process such as overwriting original data multiple times, to ensure that there is no detectable electronic signature of the original data.
    Type: Grant
    Filed: July 22, 1998
    Date of Patent: January 14, 2003
    Assignee: Entrust Technologies Limited
    Inventor: Glenn C. Langford
  • Patent number: 6499110
    Abstract: An apparatus and method facilitates information security policy control for an information security engine by utilizing security policy association data on a per security engine user basis. Security policy association data may include, for example, data representing identification information of the user of the security engine along with corresponding policy identification data. Policy user identification data may be a hash value of the disk image of an executable software application which uses the security engine, along with policy object identification data which indicates which policy (or policies) that particular application is required to use. A security engine obtains access to this information and also obtains comparison information such as generating a realtime hash value of a calling application that is requesting use of the security engine and compares the newly generated hash value to a stored hash value included as the policy association data.
    Type: Grant
    Filed: June 30, 1999
    Date of Patent: December 24, 2002
    Assignee: Entrust Technologies Limited
    Inventors: Timothy E. Moses, Glenn C. Langford
  • Patent number: 6470450
    Abstract: An application registration data generator, on a per application basis, generates application registration data that contains at least application identification data, such as, the name of a software application or a pathname to a software application, and stored unique application verification data that is based on executable file data. A data access determinator determines whether a calling application should be allowed access to the limited access based data by, for example, computing a hash value of the executable file and checking whether this hash value matches the corresponding stored unique application verification data. If there is a match, the application is granted access to the user's cryptographic parameters, privilege data, or other limited access based data on a per application basis.
    Type: Grant
    Filed: December 23, 1998
    Date of Patent: October 22, 2002
    Assignee: Entrust Technologies Limited
    Inventors: Glenn C. Langford, Ronald J. Vandergeest
  • Patent number: 6442688
    Abstract: A method and apparatus for public key certificate updates is accomplished when a user of a secured communications system provides, from time to time, a public key certificate update subscription update to a server. The public key certificate update subscription information identifies at least one subscriber subject (i.e., another end-user) that the user desires to obtain real time public key updates when they occur. In response to the subscription information, the server monitors public key certificates of the at least one subscriber subject. When a change occurs to the public key certificate of the at least one subscriber, the server provides an indication of the change to the requesting user. As such, while the user is on-line with the secured communications system, the server can provide the user with real-time updates of subscriber subjects' encryption public key certificates and/or signature public key certificates.
    Type: Grant
    Filed: August 29, 1997
    Date of Patent: August 27, 2002
    Assignee: Entrust Technologies Limited
    Inventors: Timothy E. Moses, Sharon M. Boeyen
  • Patent number: 6393568
    Abstract: A computer based encryption and decryption system and method provides content analysis through a content inspection mechanism, such as detection of a computer virus using a virus detection algorithm based on determining whether digital input information is encrypted. The content inspection mechanism analyzes decrypted content for such things as virus patterns, keywords, unknown program format, or any other content based criteria. The system generates a decryption request to decrypt encrypted digital input information prior to applying content analysis, such as virus detection.
    Type: Grant
    Filed: October 23, 1997
    Date of Patent: May 21, 2002
    Assignee: Entrust Technologies Limited
    Inventors: Michel M. Ranger, Paul C. Van Oorschot
  • Patent number: 6393565
    Abstract: A data management system and method for a limited cryptographic storage unit, such as a smartcard or other hardware token, includes a cryptographic data manager that interfaces with the limited capacity cryptographic storage unit and a data overflow memory coupled to the cryptographic data manager. The cryptographic data manager stores cryptographic data, such as decryption private keys or other secret cryptographic data, in the overflow memory from the limited capacity cryptographic storage unit based on a limited capacity storage unit data update condition. The cryptographic data manager may serve as a secondary cryptographic data manager that receives the cryptographic data from an original cryptographic data storage device, or primary storage device such as a server that generates the cryptographic data, that stores a history of the cryptographic data.
    Type: Grant
    Filed: August 3, 1998
    Date of Patent: May 21, 2002
    Assignee: Entrust Technologies Limited
    Inventors: Roland T. Lockhart, Michael J. Wiener
  • Patent number: 6385725
    Abstract: A system and method for use in a networked communication system provides a type of liability or commitment security mechanism which enables, for example, a merchant to rely on digitally signed statements, and at the same time enables a buyer to selectively enter a commitment limit before a digital signature is made by his or her private signing key. A trusted certificate authority enforces that the chosen limit cannot be exceeded prior to the transaction being fulfilled by issuing a commitment certificate on a per transaction basis which gives the other party a guarantee, even in case the key was compromised. The disclosed system and method allows a user to limit total liability when using a digital signing key even if used to sign any number of commitments or statements with other parties. It allows the beneficiary to trust in the received commitment confirmed by the commitment certificate.
    Type: Grant
    Filed: June 26, 2001
    Date of Patent: May 7, 2002
    Assignee: Entrust Technologies Limited
    Inventor: Birgit Baum-Waidner
  • Patent number: 6363479
    Abstract: A system and apparatus facilitates digital signing of data communicated between a first unit and a second unit through an interface independent proxy, or multiple independent proxies, interposed between the first and second units. The independent proxy has a digital signature initiation data detector to detect embedded signature initiation data in data to be signed. The independent proxy contains a signature generator through which the form based communication data flows. Initiation data is used in the communication data to automatically trigger the intermediary or independent proxy to sign the communication data. The signature generated by the intermediary is a persistent signature which is preserved in memory so that later verification can be performed once a transaction has been completed.
    Type: Grant
    Filed: July 22, 1998
    Date of Patent: March 26, 2002
    Assignee: Entrust Technologies Limited
    Inventors: James A. Godfrey, Kevin T. Simzer, Gordon W. Coulson
  • Patent number: 6363485
    Abstract: A multi-factor biometric authenticating device and method generates error correction based partial encryption key seed data based on a plurality of sample biometric inputs, such as raw biometric data The error correction based partial encryption key seed data serves as a partial seed for generating a secret encryption key for encrypting user data. The first partial seed is combined with a second partial encryption seed to generate the secret encryption key. The device stores the error correction based partial encryption key seed data and does not store the secret encryption key.
    Type: Grant
    Filed: September 9, 1998
    Date of Patent: March 26, 2002
    Assignee: Entrust Technologies Limited
    Inventors: Carlisle Adams, Michael J. Wiener