Abstract: A system and method for secure communications in a communication system, wherein the system programs a computer to perform the method, which includes: receiving at least one authentication key, without an encryption key, from a key-management server; receiving a packet, which is encrypted, from a source device; authenticating the packet, using the at least one authentication key, without cryptographically altering the packet; and forwarding the authenticated packet to a destination device of the packet.
Abstract: Embodiments of the present invention relate to a service opening method and system, and a service opening server. The method includes: receiving a service request from a third-party application, where the service request carries type and parameter information of the requested service; querying, according to the type information of the service, a service directory to obtain an access address and authentication type information of the requested service; when it is determined that the invoking of the service needs an authorization of an end user, obtaining an authorization notification message of the end user according to the type information of the service and the parameter information of the service; and forwarding, the service request to a capability server, and forwarding, to the third-party application, a service response message returned by the capability server. The control of the end user on the authorized service is ensured to the greatest extent.
Abstract: The invention describes a system, method and computer product to regulate user access to websites. The system receives a URL request by a user corresponding to a website that the user wishes to access. Thereafter, the system determines the associated group of the user and the associated category of the website. Subsequently, a message to be displayed to the user is determined based on the associated group of the user and the associated category of the website. The message is included in a block page and then displayed to the user.
Abstract: A method of managing communications services begins with a communications platform receiving a request for a communications service to be provided to a communications device by a source other than the communications platform. The communications platform determines an authorization of the communications device to receive the communications service. The authorization comprises a permission of the communications device to receive the communications service during a lifetime of a communications session maintained with the communications device. The communications network authorizes delivery of the communications service to the communications device during the lifetime of the communications session, in accordance with the authorization.
Type:
Grant
Filed:
September 15, 2010
Date of Patent:
October 15, 2013
Assignee:
BlackBerry Limited
Inventors:
Christopher Labrador, Brian Alexander Oliver, Douglas Michael Gisby, Susan Elizabeth Simon Daniels, Brian Edward Anthony McColgan, Adrian Michael Logan, Eric Allan Fritzley, Nicholas Patrick Alfano, Richard John George
Abstract: Unit for secure processing access controlled audio/video data capable of receiving control messages (ECM) comprising at least one first control word (CW1) and first right execution parameters (C1), at least one second control word (CW2) and second right execution parameters (C2), said processing unit being connected to a first access control device (CA1), said processing unit is characterized in that it comprises: —means for verifying and applying the first right execution parameters (C1) in relation to the contents of a memory (M1) of said first access control device (CA1) and means for obtaining the first control word CW1, —a second access control device (CA2) integrated into the processing unit UT including means for verifying and applying the second right execution parameters (C2) in relation to the contents of a memory (M2) associated to said second access control device (CA2) and means for obtaining the second control word (CW2), —a deciphering module (MD) capable of deciphering, sequentially with the f
Abstract: Systems and methods are disclosed for enabling access to a protected hardware resource. A hardware component includes at least one protected hardware resource. A unique hardware ID and a unique cryptographically secure or randomly generated enable value (EV) are integrated in the hardware component at the time of manufacturing. At run-time, special software generates or receives from an external source an enable register (ER) value and a comparison is made with the stored enable value. If the ER value and the EV match, access to the protected hardware resource is allowed.
Type:
Grant
Filed:
August 1, 2010
Date of Patent:
September 24, 2013
Assignee:
Cavium, Inc.
Inventors:
Amer Haider, Steven Craig Barner, Richard Eugene Kessler
Abstract: A method to manage access to end user-protected resources hosted in a shared pool of configurable computing resources, such as a cloud computing environment, begins by registering a particular application or service into the environment. The application or service is one that is being permitted to access resources on behalf of end users via a delegated authorization protocol, such as OAuth. For at least one end user associated with the organization, a permission is set, preferably by an organization entity, such as an organization administrator. The permission determines whether the application or service is permitted to access one or more resources associated with the end user. Then, in response to a request by the third party application to access a resource, where the request is received via the delegated authorization protocol, the permission is then used to determine whether the third party application is permitted to access the resource.
Type:
Grant
Filed:
November 10, 2010
Date of Patent:
September 24, 2013
Assignee:
International Business Machines Corporation
Inventors:
Robert Leslie Yates, Prashant S. Kulkarni, Mary Ellen Zurko
Abstract: An Operations, Administration, and Maintenance (OA&M) 16 provides security for managed resources on a wireless client device 10 at many levels of granularity, from the entire device, to subsystems, to software and hardware components, services and applications, down to individual attributes.
Abstract: An internet service provider (ISP) is configured to provide notification messages such as service updates to subscribers via redirected web pages. In order for the web pages to be treated as originating from the ISP, the ISP provides a shared secret in the browser message. The shared secret may be a secret not derivable by viruses or trojans in the subscriber computer, such as a MAC address of the subscriber modem.
Type:
Grant
Filed:
April 12, 2012
Date of Patent:
September 10, 2013
Assignee:
Perftech, Inc.
Inventors:
Henry M. Donzis, Lewis T. Donzis, Rodney D. Frey, John A. Murphy, Jonathan E. Schmidt
Abstract: Method and apparatus for encrypting and storing data to provide data security and memory cell bit wear leveling. In accordance with various embodiments, input data are provided for writing to a target page of memory in a storage array. A seed value is derived from a count value indicative of a number of times a write access has occurred on the target page of memory. A block encryption routine is applied to the input data using the seed value to generate encrypted output data that are thereafter written to the target page.
Abstract: A system and method are provided for pre-processing encrypted and/or signed messages at a host system before the message is transmitted to a wireless mobile communication device. The message is received at the host system from a message sender. There is a determination as to whether any of the message receivers has a corresponding wireless mobile communication device. For each message receiver that has a corresponding wireless mobile communication device, the message is processed so as to modify the message with respect to one or more encryption and/or authentication aspects. The processed message is transmitted to a wireless mobile communication device that corresponds to the first message receiver. The system and method may include post-processing messages sent from a wireless mobile communications device to a host system. Authentication and/or encryption message processing is performed upon the message. The processed message may then be sent through the host system to one or more receivers.
Type:
Grant
Filed:
November 1, 2010
Date of Patent:
September 3, 2013
Assignee:
BlackBerry Limited
Inventors:
Michael Stephen Brown, Neil Patrick Adams, Michael Kenneth Brown, Michael Grant Kirkup, Herbert Anthony Little
Abstract: System(s) and method(s) are provided to configure access rights to wireless resources and telecommunication service(s) supplied through a set of access points (APs). Access to wireless resources is authorized by access attributes in access control list(s) (ACL(s)) while a profile of service attributes linked to the ACL(s) regulate provision of telecommunication service(s). Access and service attributes can be automatically or dynamically configured, at least in part, in response to changes in data that directly or indirectly affects an operation environment in which the set of APs is deployed. Automatic or dynamic configuration of access or service attributes enable control or coordination of wireless service provided through the set of APs; degree of control or coordination is determined at least in part by enablement or disablement of disparate services for disparate devices at disparate access points at disparate times and with disparate service priority.
Abstract: Responsive to receiving an authentication request from a device, an authentication server determines a confidence level for the authentication request, generates a confidence-weighted challenge to the authentication request. The confidence-weighted challenge being weighted based upon a confidence level. The authentication server, responsive to receiving a challenge response to the confidence-weighted challenge from the device, determines whether to authenticate the user based upon the challenge response. If the authentication server determines that the challenge response satisfies an expected response known to the authentication server, the authentication server permits authentication of the user to access the device. If the authentication server determines the challenge response does not satisfy the expected response known to the authentication server, the authentication server denies authentication of the user to access the device.
Type:
Grant
Filed:
December 7, 2010
Date of Patent:
August 6, 2013
Assignee:
AT&T Intellectual Property I, L.P.
Inventors:
James Pratt, Steven Belz, Marc Sullivan
Abstract: Techniques are provided for providing access to a stored secret using a callback function that generates stable system values. The callback function, which is stored in a library file, is verified by securely storing a signature of the library file and later generating another signature of the library file. Access to the stored secret using the callback function is only permitted when the callback function is verified.
Abstract: A method, integrated circuit chip, and computer program product for cryptographically processing an input value with Elliptic Curve Cryptography (ECC) using ECC scalar multiplication are provided. The ECC scalar multiplication is performed with the use of an enhanced acceleration table (EAT). The EAT uses multiple running totals with multiples above 2. The EAT, in some embodiments, uses reference values other than 0 and 2^window size.
Type:
Grant
Filed:
September 29, 2009
Date of Patent:
July 30, 2013
Assignee:
EMC Corporation
Inventors:
Sean Parkinson, Mark Hibberd, Peter Alan Robinson, David Paul Makepeace
Abstract: Described is a method and system for providing a verified delivery of a package. First, registration information is obtained from a recipient; the registration information includes a biometric identification of the recipient. A delivery service obtains the package from a sender which is addressed to the recipient and forwards the package to the recipient. At the point of delivery, the delivery service obtains a further biometric identification from the recipient using a portable device which includes a biometric reader. The delivery service releases the package to the recipient only if the biometric identification is substantially identical to the further biometric identification.
Type:
Grant
Filed:
March 1, 2006
Date of Patent:
July 30, 2013
Assignee:
Symbol Technologies, Inc.
Inventors:
Allan Stuart Algazi, Salvatore Anthony Sparacino
Abstract: Proposed is a Capability Management System (CMS) in a distributed computing environment that controls access to multiple objects by multiple subjects based upon a specified access order. A capability is dynamically constructed when the capability is needed. After the capability is used to access an object, a new capability is generated. In the alternative, multiple capabilities for enforcing an access order are generated independently of each other. The new capability is then employed by the same or another subject to access the object according to a prescribed access sequence. In this manner, at any particular time there is one capability valid to access the object by the appropriate subject. In addition, the capability includes information for verifying the authenticity of the capability and for specifying an expiration time associated with the capability. The technology may also be enhanced by providing a linkage between capabilities intended for use in a sequence.
Type:
Grant
Filed:
October 12, 2009
Date of Patent:
July 23, 2013
Assignee:
International Business Machines Corporation
Abstract: A method for communicating of information in a communication network is disclosed and includes receiving media containing a security code from a first communication device at a third communication device. The security code is acquired by the first communication device from a second communication device. The received media may be routed to the second communication device based on an IP address of the second communication device. The IP address of the second communication device may correspond to the security code. The security code may be translated to the IP address of the second communication device. The security code may be a pin code. A duration for which the security code is valid may be limited to at least one of time and a number of uses.
Abstract: Systems for instant messaging private tags preferably comprise a parser for parsing an instant message for sensitive data and an encryption engine for encrypting the sensitive data. A modified uuencoder is also preferably included for converting the encrypted sensitive data into a data stream that complies with an XML format. Other systems and methods are also provided.
Type:
Grant
Filed:
July 15, 2011
Date of Patent:
July 9, 2013
Assignee:
AT&T Intellectual Property I, L.P.
Inventors:
Larry G. Kent, Jr., W. Todd Daniell, Joel A. Davis, Brian K. Daigle