Patents Examined by Matthew B. Smithers
-
Patent number: 7739728Abstract: End-to-end security is established automatically for network communications. In one embodiment a first host is associated with a policy manager that determines, for the first host, whether a secure session is permissible. If the secure session is determined to be permissible then the policy manager signals to intermediate devices in order to prompt establishment of SA/DA pinholes. In an alternative embodiment a neutral policy broker determines, for both first and second hosts, whether the secure session is permissible and signals to the intermediate devices to establish the pinholes if the secure session is permissible. In another embodiment the end-to-end session includes back-to-back tunnel mode sessions linked by at least one intermediate device. The intermediate device is operative to decrypt and re-encrypt traffic in the session, and may be configured by a policy manager or policy broker.Type: GrantFiled: January 11, 2006Date of Patent: June 15, 2010Assignee: Avaya Inc.Inventors: Edwin Koehler, Jr., Sleiman Cherif
-
Patent number: 7734923Abstract: Methods, apparati, and computer-readable media for securely transporting a software application onto a tamper resistant module (TRM) (103) by using an individualized TRM key set. A method embodiment of the present invention comprises: storing a key pair unique to the TRM (103) in a memory located on the TRM (103), where the key pair comprises a TRM public key (150) and a TRM private key (190); retrieving the TRM public key from the TRM; encrypting a portion of the software application using the TRM public key (150); transmitting the encrypted software application to the TRM (103); and recovering and decrypting the encrypted software application using the TRM private key (190).Type: GrantFiled: March 29, 2007Date of Patent: June 8, 2010Assignee: Multos LimitedInventors: David Barrington Everett, Stuart James Miller, Anthony David Peacham, Ian Stephen Simmons, Timothy Philip Richards, John Charles Viner
-
Patent number: 7735125Abstract: The invention includes systems and methods for identifying and verifying the identity of a user of a kiosk using an external verification system. The kiosk receives customer input data that indicates the identity of the user of the kiosk. The kiosk generates an identification query that includes at least some customer input data. The kiosk transmits the identification query to an external verification system. The kiosk receives a verification response from the external verification system. The kiosk then processes the verification response to verify the identity of the user of the kiosk. These systems and methods advantageously provide identification and verification of the identity of a user of a kiosk. With sufficient identification and verification, financial institutions can comply with government regulations designed to reduce the opportunity for money laundering, terrorism, fraud, and identity theft while offering users of kiosks a wider range of financial services.Type: GrantFiled: October 15, 2004Date of Patent: June 8, 2010Assignee: Nexxo Financial, Inc.Inventors: David R. Alvarez, Mitchell A. Shapiro, James V. Elliott
-
Patent number: 7735127Abstract: A method and system for communicating with at least one managed system located behind a firewall are provided. The system includes an agent computer, located behind a firewall, to communicate with the at least one managed system and a management system. The management system communicates with the agent computer to provide computer related services. The management system is located on an opposed side of the firewall and communicates an envelope including at least one executable task to the agent computer for communication to the managed system. The executable task may be included in a script and the agent computer may poll the management system to determine if there is an envelope for it to receive.Type: GrantFiled: November 26, 2002Date of Patent: June 8, 2010Assignee: Dell Marketing USA, L.P.Inventors: Russell S. Rive, Peter Joshua Rive
-
Patent number: 7730322Abstract: The present invention relates generally to computer software, and more specifically, to a system and method of foiling buffer-overflow and alien-code attacks. The invention protects computers from such attacks by encoding data placed in storage, and varying the encodings used in different storage areas. When the data is needed by a software application, the data is simply decoded in a complementary manner. This prevents storage areas written according to one usage from being used effectively for some other purpose. The method of the invention can be done in a number of ways. For example, a “protector” engine can be placed between a software application and memory, or the function calls in the software application itself, could be amended to include encoding and decoding. Other embodiments and alternatives are also described.Type: GrantFiled: February 14, 2003Date of Patent: June 1, 2010Assignee: Cloakware CorporationInventors: Harold J. Johnson, Stanley T. Chow, Alexander Main
-
Patent number: 7730311Abstract: Methods, apparati, and computer-readable media for securely transporting a software application onto a tamper resistant module (TRM) (103) by using an individualized TRM key set. A method embodiment of the present invention comprises: storing a key pair unique to the TRM (103) in a memory located on the TRM (103), where the key pair comprises a TRM public key (150) and a TRM private key (190); retrieving the TRM public key from the TRM; encrypting a portion of the software application using the TRM public key (150); transmitting the encrypted software application to the TRM (103); and recovering and decrypting the encrypted software application using the TRM private key (190).Type: GrantFiled: October 25, 2007Date of Patent: June 1, 2010Assignee: Multos LimitedInventors: David Barrington Everett, Stuart James Miller, Anthony David Peacham, Ian Stephen Simmons, Timothy Philip Richards, John Charles Viner
-
Patent number: 7730310Abstract: Methods, apparati, and computer-readable media for securely transporting a software application onto a tamper resistant module (TRM) (103) by using an individualized TRM key set. A method embodiment of the present invention comprises: storing a key pair unique to the TRM (103) in a memory located on the TRM (103), where the key pair comprises a TRM public key (150) and a TRM private key (190); retrieving the TRM public key from the TRM; encrypting a portion of the software application using the TRM public key (150); transmitting the encrypted software application to the TRM (103); and recovering and decrypting the encrypted software application using the TRM private key (190).Type: GrantFiled: October 25, 2007Date of Patent: June 1, 2010Assignee: Multos LimitedInventors: David Barrington Everett, Stuart James Miller, Anthony David Peacham, Ian Stephen Simmons, Timothy Philip Richards, John Charles Viner
-
Patent number: 7730312Abstract: Methods and apparati for securely loading one or more computer software applications onto a tamper resistant module (TRM) (107) and for securely deleting one or more applications from the TRM. An embodiment of the invention comprises a method for determining, based at least upon an encrypted personalization data block, whether a TRM (107) is part of a qualified set of TRM's to accept loading of an application. Thereafter, the method provides for loading the application onto the TRM (107) only after the first step determines that the TRM (107) is qualified to accept the loading of the application. Another embodiment comprises a method for determining, based at least upon an encrypted personalization data block, whether a TRM (107) is part of a qualified set of TRM's to accept deleting of an application. Thereafter, the method provides for deleting the application from the TRM (107) only when the first step determines that the TRM (107) is qualified to accept the deleting of the application.Type: GrantFiled: October 26, 2007Date of Patent: June 1, 2010Assignee: Multos LimtedInventors: David Barrington Everett, Stuart James Miller, Anthony David Peacham, Ian Stephen Simmons, Timothy Philip Richards, John Charles Viner
-
Patent number: 7730518Abstract: Techniques are disclosed for partitioning of cryptographic functionality, such as authentication code verification or generation ability, so as to permit delegation of at least one of a number of distinct portions of the cryptographic functionality from a delegating device to at least one recipient device. The cryptographic functionality is characterizable as a graph comprising a plurality of nodes, and a given set of the nodes is associated with a corresponding one of the distinct portions of the cryptographic functionality. Information representative of one or more of the nodes is transmitted from the delegating device to the recipient device such that the recipient device is thereby configurable for authorized execution of a corresponding one of the distinct portions of the cryptographic functionality. Advantageously, the invention provides a particularly efficient mechanism for the provision of cryptographic functionality in accordance with a subscription model.Type: GrantFiled: July 31, 2003Date of Patent: June 1, 2010Assignee: EMC CorporationInventors: Bjorn Markus Jakobsson, Burton S. Kaliski, Jr.
-
Patent number: 7730302Abstract: Embodiments herein address some of the problems associated with compromised configuration files used in a remote sessions of a virtual computing environment. Accordingly, a subset of settings in a configuration file are secured from malicious or accidental modification, while other portions of the configuration file are modifiable by a user as desired without invalidating the integrity of the secure subset. This not only allows for the user to be assured of the integrity of the settings, but also allows an administrator of the remote or terminal server with the ability to control how and what access a client has to resources thereon. Such access may be further controlled based on a trust level between the client, server, and/or publisher of the configuration file.Type: GrantFiled: May 5, 2006Date of Patent: June 1, 2010Assignee: Microsoft CorporationInventors: Ashwin Palekar, Elton Saul, Ersev Samim Erdogan, Jeson Patel, Rajneesh Mahajan, Russell S. Morgan, Kevin London
-
Patent number: 7730329Abstract: To render content on a medium, a device obtains a table from the medium, obtains a private key of the device (PR-PD), indexes into an entry of the table based thereon, obtains (PU-PD(RND)) from the indexed-into entry of the table, and applies (PR-PD) to (PU-PD(RND)) to expose a random key (RND). Then, the device obtains (RND(PR-PM)) from the table, applies (RND) to (RND(PR-PM)) to expose a private key of the medium (PR-PM), obtains (PU-PM(KD)) from the license, applies (PR-PM) to (PU-PM(KD)) to expose a content key (KD), obtains (KD(content)) from the storage medium, applies (KD) to (KD(content)) to expose the content.Type: GrantFiled: April 6, 2006Date of Patent: June 1, 2010Assignee: Microsoft CorporationInventors: Clifford P. Strom, Krishnamurthy Ganesan, Jonas Fredrik Helin
-
Patent number: 7724896Abstract: Example embodiments relate to a method and system for transmitting messages between an emitter and at least one receiver.Type: GrantFiled: December 9, 2005Date of Patent: May 25, 2010Assignee: Nagra France SarlInventors: Abdelkrim Nimour, Eve-Marie Barbier, Nicolas Bredy
-
Patent number: 7721114Abstract: A computer readable storage medium encoded with computer instructions for causing a tamper resistant microprocessor which has a function for decrypting and executing encrypted codes and a table formed by a plurality of regions for storing a plurality of encryption keys corresponding to at least one program and at least one shared library to be called up by the at least one program, to use a shared library called up from a calling source program, the instructions including the steps of causing the tamper resistant microprocessor to create a task for the shared library, causing the tamper resistant microprocessor to allocate a task identifier to the task, causing the tamper resistant microprocessor to acquire an instruction key from a header of the shared library, causing the tamper resistant microprocessor to store the instruction key into a region of the table corresponding to the task identifier allocated to the task for the shared library in the microprocessor, causing the tamper resistant microprocessor toType: GrantFiled: June 25, 2007Date of Patent: May 18, 2010Assignee: Kabushiki Kaisha ToshibaInventors: Kensaku Yamaguchi, Mikio Hashimoto
-
Patent number: 7721094Abstract: Access to an authentication image may be protected so that only authenticated processes have access to the image. The image can be displayed to authenticate a User Interface (UI) to a computer user. The image indicates the UI can be trusted. If the image is not displayed, it may be that an application UI is “spoofed” to trick a user into providing sensitive information. Additionally, a large variety of different images can be used as authentication images, so spoofing one image be recognized by most users. A set of original images may be provided, along with image modification processes which can generate a large number of variations. Techniques for authenticating UIs in a virtual machine context are provided. A secure attention sequence is also provided, which allows users to test whether processes running on a computer are authenticated.Type: GrantFiled: May 6, 2005Date of Patent: May 18, 2010Assignee: Microsoft CorporationInventors: Paul Cador Roberts, Laura Posey Benofsky, William Gifford Holt, Leslie Helena Johnson, Bryan Mark Willman, Madeline Jinx Bryant
-
Patent number: 7721106Abstract: A method and a system for allowing a user device that has already been authenticated by a first communications network to gain access to a second communications network without undergoing authentication by the second communications network. The first communications network and the second communications network have a pre-established trust relationship there between. A packet is received from the user device that includes a user device public key, by the second network via the first network. A session key is sent from the second network to the user device, via the first network, when a source Internet Protocol (IP) address associated with the packet falls into a range allocated to the first network. The session key is encrypted with the user device public key. The user device decrypts the session key using a private key and uses the session key thereafter to access the second network.Type: GrantFiled: March 12, 2003Date of Patent: May 18, 2010Assignee: Thomson LicensingInventor: Junbiao Zhang
-
Patent number: 7716472Abstract: A network-communication method includes detecting network activity between a local area network and a wide area network, decoding the network activity, responsive to the decoding step, obtaining at least a source network address, and using the source network address to establish a transparent networking bridge between the local area network and the wide area network.Type: GrantFiled: December 18, 2006Date of Patent: May 11, 2010Assignee: Bsecure Technologies, Inc.Inventors: Darren R. Boisjolie, Stephen P. Ashley, Gandhi Balasubramaniam
-
Patent number: 7716463Abstract: Systems and/or methods that enable secure deployment and/or receipt of an operating system and/or updates for the operating system to a computer across a network susceptible to malicious communication are described. These systems and/or methods can, in one embodiment, enable a bare computer added to a network to have an operating system deployed to it and updated via the network before the bare computer is subjected to malicious code communicated over the network.Type: GrantFiled: October 15, 2004Date of Patent: May 11, 2010Assignee: Microsoft CorporationInventors: Martin L. Holladay, Mukesh Karki, Parthasarathy Narayanan
-
Patent number: 7706532Abstract: An encryption apparatus for encrypting input picture data with high secrecy and restoration against an error of encrypted data. An EXOR circuit calculates input picture data and a pseudo random sequence and obtains encrypted data. The obtained encrypted data are held in a first FF circuit. The first FF circuit is reset for each line. Counters count for each line or each frame and are reset for each frame or at the beginning of a program. An encryption device encrypts outputs of a second FF circuit that holds a fixed value, the counters and the first FF circuit with a key and generates a pseudo random sequence. A shift register divides the bit sequence. The EXOR circuit calculates the output of the shift register and the input picture data and obtains encrypted data. Since the encrypted output is fed back, data cannot be stolen using a successive input of the same data. In addition, since an encrypted output that is fed back is reset for each line, the encrypted output can be recovered from an error.Type: GrantFiled: July 6, 2004Date of Patent: April 27, 2010Assignee: Sony CorporationInventors: Yujiro Ito, Tsutomu Shimosato, Kazunobu Tsujikawa
-
Patent number: 7707409Abstract: The invention relates to a method and system for authenticating software. One embodiment of the invention provides a system for authenticating software in a mobile terminal, wherein the system is configured to: receive an execution instruction for software installed in the mobile terminal through an inputting means, generate a first error code for the software, extract a mobile terminal identifier of the mobile terminal, generate a first authentication key by combining the mobile terminal identifier and the first error code, and execute the software when the first authentication key corresponds to a second authentication key stored in the mobile terminal. By authenticating the software for a wireless mobile terminal, one embodiment of the invention can prevent unauthorized duplication and execution of the software at the mobile terminal.Type: GrantFiled: October 21, 2004Date of Patent: April 27, 2010Assignee: KT CorporationInventors: Ji-Hun Kwon, Seung-Hyouk Yim, Gwang-Ho Nam
-
Patent number: 7707408Abstract: Methods, apparati, and computer-readable media for securely transporting a software application onto a tamper resistant module (TRM) (103) by using an individualized TRM key set. A method embodiment of the present invention comprises: storing a key pair unique to the TRM (103) in a memory located on the TRM (103), where the key pair comprises a TRM public key (150) and a TRM private key (190); retrieving the TRM public key from the TRM; encrypting a portion of the software application using the TRM public key (150); transmitting the encrypted software application to the TRM (103); and recovering and decrypting the encrypted software application using the TRM private key (190).Type: GrantFiled: October 25, 2007Date of Patent: April 27, 2010Assignee: Multos LimitedInventors: David Barrington Everett, Stuart James Miller, Anthony David Peacham, Ian Stephen Simmons, Timothy Philip Richards, John Charles Viner