Patents Examined by Andrew L Nalven
  • Patent number: 7571463
    Abstract: Method and apparatus that enable secure transmission of data in a scalable private network are described. Each station that is to be part of a private network registers with a key table. A group security association associated with the private network is forwarded to each trusted ingress and egress point that communicates with each member of the private network. When a member of the private network seeks to communicate with another member, it simply forwards the communication to the trusted ingress point. The trusted ingress point uses the security association associated with the private network to transform the communication and forwards the transformed communication through other intermediate stations in the network until it reaches a trusted egress point. The trusted egress point uses the stored security association to decode the transformed communication and forwards the communication to the appropriate destination.
    Type: Grant
    Filed: September 12, 2003
    Date of Patent: August 4, 2009
    Assignee: Nortel Networks Limited
    Inventors: Donald Fedyk, Lakshminath Dondeti, Haixiang He
  • Patent number: 7571489
    Abstract: The invention relates to a system for securing access to resources or computer systems by means of a self modifying, single use password that limits access to a system and automatically changes each time it is used. Independent computer systems, or clients, are utilized by users to generate one time passcodes to prove their identity to one or more authentication servers. Servers are used to authenticate user inputted one time passcodes, to maintain and update the status of one time passcode clients, and perform rekeying and reset operations. Middleware, an optional component, allows for the interaction between one time passcode clients and servers. Middleware allows for client rekeying and resets as well as synchronisation between the client and server.
    Type: Grant
    Filed: October 20, 2004
    Date of Patent: August 4, 2009
    Assignee: International Business Machines Corporation
    Inventors: Peng T. Ong, Sriram Ramachandran
  • Patent number: 7567668
    Abstract: A calculating unit for performing an arithmetic operation with at least two operands, the at least two operands being encrypted, includes an arithmetic-logic unit with a first input for the first encrypted operand, a second input for the second encrypted operand, a third input for an encryption parameter and an output for an encrypted result of the operation, the arithmetic-logic unit being formed so as to operate on the first input, the second input and the third input by means of arithmetic sub-operations, while considering the type of encryption of the operands, such that at the output, an encrypted result is obtained which equals a value that would be obtained if the first operand was subjected to the arithmetic operation in a non-encrypted state and if the second operand would be subjected to the arithmetic operation in a non-encrypted state, and a result obtained was subsequently encrypted, no decryption of the operands being performed in the arithmetic-logic unit.
    Type: Grant
    Filed: July 16, 2004
    Date of Patent: July 28, 2009
    Assignee: Infineon Technologies AG
    Inventors: Berndt Gammel, Franz Klug, Oliver Kniffler
  • Patent number: 7568102
    Abstract: A method and apparatus for authorizing a file to use stored information for executing a process in a Linux operating system. The file includes an executable linking format, an application authorization data, and other attributes for the application.
    Type: Grant
    Filed: July 15, 2004
    Date of Patent: July 28, 2009
    Assignees: Sony Corporation, Sony Electroinics, Inc.
    Inventors: Zhengrong Liu, Nicholas Szeto, Shinichi Takemura, Yutaka Miyoshi, Tomoyuki Ono
  • Patent number: 7565539
    Abstract: A method of managing a key for encrypted communication over a communication link between first and second modems, each modem having respective first and second master keys. A first key material for the first modem is transmitted to the second modem in an encrypted message using the first master key, via a time divided frame over the link. Upon receipt, a second key material is generated at the second modem and is sent to the first modem. Then, at each of the first and second modems, session keys are generated based on the key materials, preferably using a hashing algorithm. An encryptor at the first modem and a decryptor at the second modem are programmed with an identified key and a session key. Encryption is enabled at the first modem and information is transmitted in encrypted frames using the identified key. The second modem receives and decrypts the encrypted frames when frames with the identified key are received.
    Type: Grant
    Filed: July 3, 2006
    Date of Patent: July 21, 2009
    Assignee: Viasat Inc.
    Inventor: Anil Agarwal
  • Patent number: 7565554
    Abstract: Method and system for a service server to provide a service to a client. The client (C) sets up a secure session to an authentication server (CAP) and sends its identifier and a service request stating the required service. The authentication server verifies the client identifier and sends the service request to a service authorization server (DAP). The authorization server checks whether the required service may be provided and sends the authorized service request to the authentication server. The authentication server generates a token, associated with the authorized service request. Via the secure session, the authentication server sends the address of the relevant service server and the token. The client sends the token to the service server, which then sends the token to the authentication server. The authentication server fetches the service request associated with the token and forwards it to the service server, after which the service server gives the client the required service.
    Type: Grant
    Filed: June 27, 2002
    Date of Patent: July 21, 2009
    Assignee: Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno
    Inventors: Hendrikus Johannes Joosten, Derk Hiddo Hut, Geert Kleinhuis, René van Buuren
  • Patent number: 7561688
    Abstract: Disclosed is a method of adjusting a supplementary data signal (wm(n)) to be embedded in an information signal (x(n)), for example an audio signal. The method comprises the steps of determining (107) a relative magnitude (g(n)) of a first property function (Mx(n)) of the information signal averaged over a region of a predetermined size and a second property function (Mwm(n)) of the supplementary data signal averaged over said region; and adjusting (407) the supplementary data signal according to the determined relative magnitude.
    Type: Grant
    Filed: October 24, 2002
    Date of Patent: July 14, 2009
    Assignee: Koninklike Philips Electronics N.V.
    Inventors: Minne Van Der Veen, Alphons Antonius Maria Lambertus Bruekers
  • Patent number: 7562383
    Abstract: Techniques are provided for dynamically connecting and transforming user interface events between user and generic devices based on physical keys. A user and a user device are determined. The user device is authenticated based on a login sequence, smartcard or the like. A physical key associated with the user is physically associated with a generic device by insertion, wireless link, proximity, RFID detection and the like. The dynamic association is communicated over a first communications channel. A user device confirms the dynamic association over a second communications channel. The dynamically associated generic device communicates user interface events with the dynamic user interface proxy. The user device also communicates user interface events with the dynamic user interface proxy. The dynamic user interface proxy receives, optionally transforms and routes the user interface events associated with the user device and the generic device.
    Type: Grant
    Filed: April 20, 2005
    Date of Patent: July 14, 2009
    Assignee: Fuji Xerox Co., Ltd.
    Inventors: Giovanni L Thione, Jonathan Trevor
  • Patent number: 7562212
    Abstract: A computer system and process for issuing digital certificates use domain-control vetting to issue certificates. A requestor requests a certificate from a certificate authority, which identifies at least one approver to approve issuance of the digital certificate. If approved, the certificate authority accepts the request, creates and signs the certificate, and the signed certificate is sent to the requester.
    Type: Grant
    Filed: August 29, 2005
    Date of Patent: July 14, 2009
    Assignee: GeoTrust, Inc.
    Inventors: Douglas D. Beattie, Neal Lewis Creighton, Jr., Christopher T. M. Bailey, David L. Remy, Hani Hamandi
  • Patent number: 7562385
    Abstract: A physical key is used to propose an association between a guest device and user information and services. Contact-based or contact-less connectors are used to establish the proposed association between the physical key and the guest device. The proposed association then communicated to the dynamic authentication system over a first communication channel. The dynamic authentication system determines a user confirmation over a second communications channel based on a user device and previously determined associations between users, user devices and the physical key. The guest device is then authenticated for access to information and/or services associated with the user. The information retrieved from and/or transmitted to the user's personal information repository is optionally protected using various transformations.
    Type: Grant
    Filed: April 20, 2005
    Date of Patent: July 14, 2009
    Assignee: Fuji Xerox Co., Ltd.
    Inventors: Giovanni L Thione, Jonathan Trevor, David Hilbert
  • Patent number: 7562387
    Abstract: The invention is a method and apparatus for gathering click stream information from Web surfers while maintaining their privacy. In accordance with the invention, a Web site that collects click stream information provides an opportunity for visitors to choose not to have personal information gathered about them. If a person chooses not to have personal information gathered, the Web site continues to collect click stream information about the visitor's progress through the Web site as before by the use of cookies and/or URL rewriting, for instance, using Single Pixel technology, in which the client machines are made to send requests to a usage analyzer having cookies bearing the relevant click stream data. However, the cookies include an extra field called a privacy flag. If the visitor chooses not to have personal information gathered, the flag is set. Otherwise it is reset.
    Type: Grant
    Filed: September 7, 2001
    Date of Patent: July 14, 2009
    Assignee: International Business Machines Corporation
    Inventors: Bing Quang Nguyen, Mary Catherine Streble
  • Patent number: 7558961
    Abstract: System and methods provide a message, generated based on a message authentication code (MAC), embedded in a look-up table associated with an image. The embedding of the message does not affect the image. The message may be used to authenticate the image.
    Type: Grant
    Filed: April 21, 2005
    Date of Patent: July 7, 2009
    Assignee: Xerox Corporation
    Inventors: Gaurav Sharma, Stuart A. Schweid
  • Patent number: 7558956
    Abstract: A transmitting side communications device transmits a Delete Payload of an IPsec SA using an ISAKMP SA that satisfies a transmission condition, and more preferably using all ISAKMP SAs that exist between communications devices. The receiving side communications device accepts a Delete Payload by an ISAKMP SA that satisfies a reception condition, and preferably any ISAKMP SA that exists between the communications devices. As long as there exists an IPsec SA that was established using the ISAKMP SA, it remains possible to maintain an ISAKMP SA, without completely deleting it, and to transmit and receive a Delete Payload by that ISAKMP SA.
    Type: Grant
    Filed: February 4, 2005
    Date of Patent: July 7, 2009
    Assignee: Panasonic Corporation
    Inventors: Atsuhiro Tsuji, Yukie Gotoh, Keiichi Takagaki, Chuan-Fen Chiu
  • Patent number: 7555772
    Abstract: Methods of screening incoming packets are provided. A first firewall detects a tunnel formation. A second firewall maintains a list of open firewall sessions. Each tunnel has one or more associated firewall sessions. The first firewall detects variable situations, such as when the tunnel is torn down, and notifies the second firewall so that, for example, the second firewall can act to clear an associated firewall session from the firewall session list. Incoming packets that are associated with firewall sessions that have been cleared from the firewall session list may not be passed through the second firewall.
    Type: Grant
    Filed: January 26, 2004
    Date of Patent: June 30, 2009
    Assignee: Juniper Networks, Inc.
    Inventors: Jesse Shu, Yonghui Cheng
  • Patent number: 7552328
    Abstract: A system and method for resolving a rule conflict within a security policy applied to a trusted computing platform, wherein the fileset to which each of the conflicting rules v and s refers (or “scope”) is determined (step 10). It is then determined (at step 12) if the scope of one of the rules s is a complete subset of the scope of rule r. If so, rule s is applied to the accessed file f (at step 14). If not, the conflict is resolved in another way, for example, by determining the most restrictive of rules r and s (at step 16) and applying the result accordingly (step 18).
    Type: Grant
    Filed: March 26, 2004
    Date of Patent: June 23, 2009
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventor: Michael John Wray
  • Patent number: 7549173
    Abstract: To provide improved security in adjunct program modules such as plug-ins and dynamic link libraries, a requesting module provides an authorization interface to the invoked module such that the invoked module can require a certificate of the requesting module and can also challenge the authority of the requesting module. The certificate can include one or more permissions which are prerequisites for processing by the invoked module. The invoked module can challenge the authority of the requesting module by sending random test data to the requesting module and receiving in response a cryptographic signature of the test data. By verifying the signature of the requesting module using the received certificate, the invoked module confirms that the requesting module is, in fact, the owner of the receive certificate.
    Type: Grant
    Filed: February 2, 2007
    Date of Patent: June 16, 2009
    Assignee: Microsoft Corporation
    Inventors: Jason S. Brownell, Steven T. Ansell, Perry T. Devine, Earl Levine
  • Patent number: 7545933
    Abstract: A decryption circuit for generating a decrypted data signal and a complementary decrypted data signal from a key. In addition, a means for performing a linkage specification so as to generate the logic signal and the complementary logic signal from the decrypted data signal and the complementary decrypted data signal in accordance with the linkage specification. In addition, an encryption means for generating an encrypted logic signal from the key and from the logic signal.
    Type: Grant
    Filed: February 25, 2005
    Date of Patent: June 9, 2009
    Assignee: Infineon Technologies AG
    Inventor: Thomas Kunemund
  • Patent number: 7546636
    Abstract: An authorization control circuit (10) comprises a digital signal processor (12) operable to provide digital data output, determine an authorization state, and generate a disable signal. A digital to analog converter (28,60) is coupled to the digital signal processor (12) and is operable to receive the digital data output. The digital to analog converter (28,60) generates analog data in response to the digital data output and is operable to output the analog data and mute the output of analog data. The digital to analog converter (28,60) includes an input (23,25,27,59) operable to receive the disable signal. The digital to analog converter (28,60) mutes the output of analog data in response to the disable signal.
    Type: Grant
    Filed: November 15, 2000
    Date of Patent: June 9, 2009
    Assignee: Texas Instruments Incorporated
    Inventor: Jason D. Kridner
  • Patent number: 7543146
    Abstract: In response to an indication of a desire to initiate a secure communication session (e.g., a session utilizing a the SSL communication protocol) with a computer resource, a digital certificate indicative of whether or not a user consents to monitoring of the secure communication session is requested. The response to this request will permit or deny such monitoring, allowing the session to proceed or be cancelled, accordingly.
    Type: Grant
    Filed: June 18, 2004
    Date of Patent: June 2, 2009
    Assignee: Blue Coat Systems, Inc.
    Inventors: Shrikrishna Karandikar, Thomas J. Kelly
  • Patent number: 7540020
    Abstract: One embodiment of the present invention provides a system that performs single sign-on to web applications using dynamic directives. The system operates by first receiving a request at an application to provide content to a user. In response to the request, the application provides public content to the user. Upon receiving a request from the user to access private content, the application sends a dynamic directive to a web module that can access a single sign-on server on behalf of the application, wherein the dynamic directive specifies that an authentication credential is required from the user. Next, the application allows the web module to request the authentication credential from the single sign-on server on behalf of the application. When the authentication credential is received from the single sign-on server, the application provides the private content to the user.
    Type: Grant
    Filed: February 19, 2003
    Date of Patent: May 26, 2009
    Assignee: Oracle International Corporation
    Inventors: Kamalendu Biswas, Arun Swaminathan, Gaurav Bhatia