Patents Examined by Leynna T Truvan
-
Patent number: 7765581Abstract: Methods and systems consistent with the present invention provide dynamic security policies that change the granularity of the security at the node level, process level, or socket level. Specifically, a channel number and virtual address are associated with various processes included in a process table. Since a security policy is required for all processes, secure and insecure processes located on the same channel may communicate with one another. Moreover, processes located on different channels may communicate with one another by a gateway that connects both channels. This scalable blanketing security approach provides an institutionalized method for securing any process, node or socket by providing a unique mechanism for policy enforcement at runtime or by changing the security policies.Type: GrantFiled: December 10, 1999Date of Patent: July 27, 2010Assignee: Oracle America, Inc.Inventors: Germano Caronni, Amit Gupta, Sandeep Kumar, Tom R. Markson, Christoph L. Schuba, Glenn C. Scott
-
Patent number: 7765580Abstract: A method and apparatus provides user authentication by communicating primary authentication information, such as user identification data and/or password data to an authentication unit via a primary channel such as over the Internet. An authentication code is generated by the authentication unit on a per session basis and is sent to a destination unit via a first secondary channel during the session. The destination unit then retransmits the authentication code, on a second secondary channel, to the first unit in a way that is transparent to a user of the first unit. The first device then send the received re-transmitted authentication code back to the authentication unit via the primary channel during the session.Type: GrantFiled: May 14, 2001Date of Patent: July 27, 2010Assignee: Entrust, Inc.Inventors: Ron J. Vandergeest, Kevin T. Simzer, Eric R. Skinner
-
Patent number: 7761700Abstract: Methods and arrangements are provided that can be used to identify users to an operating system during initialization through an advanced graphical user interface (GUI). The resulting GUI can be visually compelling and functional while advantageously remaining easy for the developer to create, maintain and modify. A markup language rendering engine is loaded substantially near the beginning of an operating system initialization procedure, and provided with markup language code that solicits at least one user input associated with a user logon process when rendered by the markup language rendering engine. The markup language code can be written in Hypertext Markup Language (HTML), Dynamic HTML, eXtensible Markup Language (XML), eXtensible Hypertext Markup Language (XHTML), Standard Generalized Markup Language (SGML), etc.Type: GrantFiled: July 20, 2005Date of Patent: July 20, 2010Assignee: Microsoft CorporationInventors: Giampiero M. Sierra, Christopher A. Evans
-
Patent number: 7757272Abstract: A system for mapping and translating address information in a network is provided. The system includes a client-side address translator (120) and a server-side address translator (140). The client-side address translator (120) is configured to receive a data packet from a client (110). The data packet includes a first destination address representing the real destination address. The client-side address translator (120) maps the first destination address to another address using a mapping algorithm and transmits the data packet with the via the network (160). The server-side address translator (140) receives the data packet, translates the mapped address information back to the real destination address and forwards the data packet using the real destination address.Type: GrantFiled: June 14, 2000Date of Patent: July 13, 2010Assignees: Verizon Corporate Services Group, Inc., BBN Technologies Corp., Level 3 Communications, LLCInventor: Michael Anthony Dean
-
Patent number: 7743406Abstract: A system and method for securing data on a wireless device. A secured zone is defined by a boundary sensor. A data processing system is coupled to the boundary sensor and a wireless device. If the data processing system detects that the signal strength of the wireless device has fallen below a first predetermined value for longer than a second predetermined value, the data processing system deletes a digital certificate corresponding to the wireless device from memory. Thus, when the wireless device is reintroduced into the secured zone, in response to determining that a digital certificate corresponding to the wireless device is not stored in memory, the disabling module disables the wireless device from operation within the secured zone.Type: GrantFiled: December 21, 2004Date of Patent: June 22, 2010Assignee: International Business Machines CorporationInventors: Scott Sina Abedi, Roger Kenneth Abrams, Ryan Charles Catherman, James Patrick Hoff, James Stephen Rutledge
-
Patent number: 7735129Abstract: A firewall apparatus including plural virtual firewalls, each virtual firewall including a dependent firewall policy, is disclosed. The firewall apparatus includes: a distribution management table for managing a user name and a virtual firewall ID; a part configured to receive authentication information for network connection from a user terminal, and hold a user name included in the authentication information; a part configured to report the authentication information to the authentication server; and a part configured to receive an authentication response from the authentication server, and hold a user ID, included in the authentication response, to be provided to the user terminal. The firewall apparatus registers the user ID in the distribution management table associating the user ID with the user name.Type: GrantFiled: February 4, 2004Date of Patent: June 8, 2010Assignee: Nippon Telegraph and Telephone CorporationInventors: Kazuhiko Nagata, Taisuke Oka, Ryoichi Suzuki, Takashi Ikegawa, Hiroyuki Ichikawa, Tadashi Ishikawa
-
Patent number: 7681227Abstract: An encrypted stream of video information (20) contains first video frames (22) and second video frames which are accessible and not accessible during trick play respectively. From a source stream encrypted that is for decryption with repeatedly changing control words sections of the stream are identified where respective first ones of the frames occur in the stream. Control words for decryption (24) are included in the stream. At least part of the control words are included in the stream at positions selected synchronized to the identified sections.Type: GrantFiled: January 20, 2004Date of Patent: March 16, 2010Assignee: IPG Electronics 503 LimitedInventors: Sjoerd Zwart, Pieter-Jelle Gerbrandts, Tom Kan
-
Patent number: 7673145Abstract: This invention includes an image quality priority level decision processing unit (40) which evaluates the magnitude of an image quality of each of a plurality of first image data formed from biometric images associated with the same target on the basis of a specific index having the relationship of a monotone function with authentication accuracy of biometric authentication, and outputs each of the first image data upon adding a priority level thereto on the basis of the evaluation result, a first image storage (6, 81) unit which stores each of the first image data having a priority level added thereto from the image quality priority level decision processing unit (40), a second image storage unit (8, 61) which stores second image data used for comparison/collation with the first image data, an image collation unit (7) which compares/collates the second image data stored in the second image storage unit (8, 61) with the first image data stored in the first image storage unit (6, 81) and outputs the comparisonType: GrantFiled: March 5, 2004Date of Patent: March 2, 2010Assignee: Nippon Telephone and Telegraph CorporationInventors: Takahiro Hatano, Satoshi Shigematsu, Hiroki Morimura, Namiko Ikeda, Yukio Okazaki, Katsuyuki Machida, Mamoru Nakanishi
-
Patent number: 7607165Abstract: The subject invention relates to a method and apparatus for multiplication of numbers. In a specific embodiment, the subject invention can be used to perform sequential multiplication. The subject invention also pertains to a method and apparatus for modular reduction processing of a number or product of two numbers. In a specific embodiment, sequential multiplication can be incorporated to perform modular reduction processing. The subject method and apparatus can also be utilized for modular exponentiation of large numbers. In a specific embodiment, numbers larger than or equal to 2128 or even higher can be exponentiated. For example, the subject invention can be used for exponentiation of number as large as 21024, 22048, 24096, or even larger.Type: GrantFiled: March 11, 2002Date of Patent: October 20, 2009Assignee: The Athena Group, Inc.Inventors: Jonathon D. Mellott, Patrick Dennis Rugg
-
Patent number: 7600108Abstract: A gaming machine that authenticates the gaming software at boot-up or after a reset. A processor in conjunction with the boot memory reads the bits of data and files from a non-volatile memory device via a single read of each bit. The files are each validated while the bits of non-volatile memory data are simultaneously validated. After all the files and the data are validated then the gaming software is authenticated.Type: GrantFiled: June 17, 2003Date of Patent: October 6, 2009Assignee: WMS Gaming Inc.Inventor: Thomas A. Gentles
-
Patent number: 7596804Abstract: A system and method for determining in a global network the user network authentication status as the user goes from site to site within the network is provided. Additionally, the system and method provides for transparent or implicit multi-site logon functionality, including automatic introduction from one site to the other using a baseline authentication agency (102). The system and method provides an architecture for a core global network (100) (referred to herein as NET) that incorporates some or all of the following features and components: a set of baseline authentication agencies responsible for the core global network (NET) services, such as login and user-selected service-provider lookup; a shared NET domain and associated DNS records (106) used for cookie (110) sharing, login routing, and the like; and a collection of partner sites (108) accessible via the NET.Type: GrantFiled: July 2, 2003Date of Patent: September 29, 2009Assignee: AOL LLCInventors: Christopher Newell Toomey, Conor Cahill
-
Patent number: 7591015Abstract: Kernel objects for implementing a transaction have a security descriptor applied thereto. The kernel objects include, at least, a transaction object, a resource management object, and an enlistment object. The security descriptor, otherwise known as an access control list, identifies at least one user, an operation to be performed on the kernel object to which the security descriptor is applied, and a right indicating that the identified user is permitted or prohibited to perform the operation.Type: GrantFiled: October 23, 2003Date of Patent: September 15, 2009Assignee: Microsoft CorporationInventors: Jon Cargille, Surendra Verma, Mark J. Zbikowski, William R. Tipton
-
Patent number: 7587759Abstract: Intrusion prevention for a computer is based on intrusion rules corresponding to active networked applications executing on the computer. The intrusion rules are a subset of a full ruleset that may include signatures of known attacks or heuristic rules. The subset changes as network connections for active applications are initiated and terminated, or as the active applications terminate.Type: GrantFiled: February 4, 2002Date of Patent: September 8, 2009Assignee: McAfee, Inc.Inventors: Mark J. McArdle, Brent A. Johnston
-
Patent number: 7571484Abstract: A file system protection mechanism for an operating system image for a portable computing device is provided to assist in ensuring a good user experience. A signed catalog file is embedded in a resource-sparing operating system (OS), such as a Windows CE image, for security enhancement and load verification purposes. The invention performs various checks on the image and the signature of the image to ensure that image has not been maliciously modified and that it complies with a release standard. Such a mechanism is important to protect image loads from external threats made possible by, e.g. recent incorporation of broadband wireless and wireline connectivity for portable computing devices. The signing technique includes creating a signed catalog of the image and embedding that catalog into the image as it is loaded onto the portable computing device.Type: GrantFiled: December 4, 2003Date of Patent: August 4, 2009Assignee: Microsoft CorporationInventors: Mark Kraus, Sudhakar Prabhu
-
Patent number: 7568096Abstract: A request to render encrypted content is received and a chain of licenses corresponding to the content is located. The chain includes a leaf license linked to the content at one end of the chain, a root license at the other end of the chain, and any intermediate licenses therebetween. The leaf license and any intermediate licenses in the chain are each bound to the adjoining license in the chain toward the root license, and the root license is bound to an owner of a private key (PR-U). For each license in the chain, the license is verified and it is confirmed that the license allows the content to be rendered. A decryption key is obtained from the leaf license based on application of (PR-U) to the root license, the obtained key is applied to decrypt the encrypted content, and the decrypted content is rendered.Type: GrantFiled: April 23, 2004Date of Patent: July 28, 2009Assignee: Microsoft CorporationInventors: Brian P. Evans, Clifford P. Strom, Michael Jay Parks
-
Patent number: 7562214Abstract: Detection of an attack on a data processing system. An example method comprising, in the data processing system: providing an initial secret; binding the initial secret to data indicative of an initial state of the system via a cryptographic function; recording state changing administrative actions performed on the system in a log; prior to performing each state changing administrative action, generating a new secret by performing the cryptographic function on a combination of data indicative of the administrative action and the previous secret, and erasing the previous secret; evolving the initial secret based on the log to produce an evolved secret; comparing the evolved secret with the new secret; determining that the system is uncorrupted if the comparison indicates a match between the evolved secret and the new secret; and, determining that the system in corrupted if the comparison indicate a mismatch between the evolved secret and the new secret.Type: GrantFiled: March 26, 2004Date of Patent: July 14, 2009Assignee: International Business Machines CorporationInventor: James F. Riordan
-
Patent number: 7532722Abstract: The present invention provides an apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction and execution logic. The cryptographic instruction is received by a computing device as part of an instruction flow executing on the computing device, wherein the cryptographic instruction prescribes one of the cryptographic operations. The execution logic is operatively coupled to the cryptographic instruction and executes the one of the cryptographic operations. The one of the cryptographic operations includes indicating whether the one of the cryptographic operations has been interrupted by an interrupting event.Type: GrantFiled: December 4, 2003Date of Patent: May 12, 2009Assignee: IP-First, LLCInventors: Thomas A. Crispin, G. Glenn Henry, Arturo Martin-de-Nicolas, Terry Parks
-
Patent number: 7496752Abstract: A client terminal reads a device ID fixedly assigned to itself, and sends the device ID to an authentication server to make a request for authentication. The authentication server authenticates the device ID accepted from the client terminal. When succeeding in the authentication, the authentication server issues and sends a ticket to the client terminal. The client terminal receives the ticket, and then sends the ticket to a locator server to make a request for registration of an IP address. The locator server verifies the correctness of the accepted ticket. When the correctness is confirmed, the locator server registers an ID and the IP address of the client terminal in a manner that they are associated with each other, and replies the completion of the registration.Type: GrantFiled: April 16, 2004Date of Patent: February 24, 2009Assignee: Sony Computer Entertainment Inc.Inventors: Keisuke Yamaguchi, Kenjiro Komaki, Masaru Masuda, Muneki Shimada, Kanee Kazuhiro, Yousuke Kimoto, Shingo Kannari
-
Patent number: 7493486Abstract: In a node (110) communicating with other nodes in a network (150), a system and method for performing cryptographic-related functions is provided. The node (110) receives and transmits inputs and outputs requiring cryptographic-related processing. When cryptographic processing is required, the node (110) transmits a predefined message to a cryptographic processing component in the node (110) that then performs the desired cryptographic-related processing.Type: GrantFiled: June 9, 2000Date of Patent: February 17, 2009Assignee: Verizon Laboratories, Inc.Inventors: Stuart J. Jacobs, Francis Leo Mannix, Jr., Thomas William Christoffel, Scott Andrew Belgard
-
Patent number: 7493483Abstract: A method for processing instructions by a processing unit. An instruction set is dynamically set for the processing unit using a selected instruction map. The selected instruction map is selected as one being different from a normal instruction map for the processing unit. The instructions are processed at the processor using the instruction set. A set of authorized instructions are encoded using the selected instruction map.Type: GrantFiled: February 19, 2004Date of Patent: February 17, 2009Assignee: International Business Machines CorporationInventor: Gordon D. McIntosh