Patents Examined by Thomas Szymanski
-
Patent number: 7386130Abstract: The encryption device includes a random number generator for generating a random number; and a first selector for selecting one of q fixed values in response to the random number, a second selector for selecting one set of q sets of fixed S-box tables in response to the random number. An XOR XORs an input with an XOR of a key with the fixed value. A nonlinear transform transforms an input nonlinearly in accordance with the selected set of fixed S-box tables. Another encryption device includes a plurality of encrypting units coupled in parallel, and a selector for selecting one of the plurality of encrypting units in response to the random number. The masking with the fixed values improves the processing speed and reduces the required RAM area.Type: GrantFiled: December 28, 2001Date of Patent: June 10, 2008Assignee: Fujitsu LimitedInventors: Koichi Ito, Masahiko Takenaka, Naoya Torii
-
Patent number: 7340772Abstract: The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a server. An operation may be executed or transacted between the client and the server. When there is a disruption in the network connection between the client and the server that interrupts the operation, the connection is automatically reestablished and the operation is continued.Type: GrantFiled: June 20, 2005Date of Patent: March 4, 2008Assignee: Citrix Systems, Inc.Inventors: Anatoliy Panasyuk, Andre Kramer, Bradley Jay Pedersen, David Sean Stone, Terry Treder
-
Patent number: 7296154Abstract: Methods, systems and architectures for processing renderable digital content are described. The various embodiments can protect against unauthorized access or duplication of unprotected content (i.e. decrypted content) once the content has reached a rendering device such as a user's computer. A flexible framework includes an architecture that allows for general media sources to provide virtually any type of multimedia content to any suitably configured rendering device. Content can be protected and rendered locally and/or across networks such as the Internet. The inventive architecture can allow third parties to write components and for the components to be securely and flexibly incorporated into a processing chain. The components can be verified by one or more authenticators that are created and then used to walk the chain of components to verify that the components are trusted.Type: GrantFiled: June 24, 2002Date of Patent: November 13, 2007Assignee: Microsoft CorporationInventors: Glenn F. Evans, John Bradstreet
-
Patent number: 7290148Abstract: Disclosed herein is an encryption and decryption communication semiconductor device comprising at least, a communication interface for performing a transfer of data according to a predetermined communication system, one or two or more encryption/decryption circuits which encrypt or decrypt input data in accordance with a predetermined algorithm, and a plurality of external interfaces for performing the input/output of data from and to external devices. The communication interface, the encryption/decryption circuits and the plurality of external interfaces are formed on one semiconductor chip. In the cryption and decryption communication semiconductor device, input data sent from any one of the plurality of external interfaces is encrypted or decrypted by at least one of the encryption/decryption circuits and is capable of being outputted to any different one of the plurality of external interfaces.Type: GrantFiled: January 29, 2003Date of Patent: October 30, 2007Assignee: Renesas Technology Corp.Inventors: Jun Tozawa, Hiroshi Nogami, Tetsuya Shibayama, Tomohiro Kataoka, Hiroshi Fujio
-
Patent number: 7290144Abstract: A programmable electronic device (10) stores a number of cipher-text software modules (14) to which access is granted after evaluating a user's token (55, 80, 82), a software-restriction class (58) for a requested software module (14), and/or a currently active access-control model (60). Access-control models (60) span a range from uncontrolled to highly restrictive. Models (60) become automatically activated and deactivated as users are added to and deleted from the device (10). A virtual internal user proxy that does not require users to provide tokens (80, 82) is used to enable access to modules (16) classified in a global software-restriction class (62) or when an uncontrolled-access-control model (68) is active. Both licensed modules (76) and unlicensed modules (18,78) may be loaded in the device (10). However, no keys are provided to enable decryption of unlicensed modules (18,78).Type: GrantFiled: June 21, 2002Date of Patent: October 30, 2007Inventors: Paul Thomas Kitaj, Sherman W. Paskett, Douglas Allan Hardy, Frank Edward Seeker, Steve Robert Tugenberg
-
Patent number: 7284265Abstract: System and method for authorizing access to an entity by a user, by binding an access control list to each entity; specifying for the user a set of user privileges; intersecting the access control list and set of user privileges in a compiled ACL table; incrementally refreshing the compiled ACL table responsive to run time modification of relevant tables containing the access control list and set of user privileges; and referencing the compiled access control list to authorize a user request to access an entity.Type: GrantFiled: April 23, 2002Date of Patent: October 16, 2007Assignee: International Business Machines CorporationInventors: David Mun-Hien Choy, Tawei Hu, Jy-Jine James Lin, Yuping Wang, Alan Tsu-I Yaung
-
Patent number: 7278157Abstract: In a data communications network, a split proxy can include a split proxy server disposed behind a firewall in a private portion of the data communications network; a split proxy client disposed in a client computing device positioned externally to the private portion of the data communications network; a split proxy client interface to at least one client application in the client computing device, and a split proxy server interface to at least one server application corresponding to the at least one client application in the private portion of the data communications network. A tunnel can be established between the split proxy client and split proxy server. The tunnel can host all Internet Protocol (IP) data traffic between the client application and the corresponding server application in the private portion of the data communications network.Type: GrantFiled: March 14, 2002Date of Patent: October 2, 2007Assignee: International Business Machines CorporationInventors: Douglas L. Jones, William C. Wimer, II
-
Patent number: 7263610Abstract: Methods, devices and systems for providing content providers with a secure way to multicast their data flows only to legitimate end users. By making a specific decision for each potentially legitimate end user requesting a specific data flow, differing subscriber profiles may be taken into account. Furthermore, end to end encryption is avoided by having a switch and/or router control the specific data flow to a specific end user. Each end user sends a request DTU to the switch and/or router asking for permission to join a multicast group. The switch and/or router extracts identification data from the request data transmission unit (DTU) and determines whether the requesting end user is cleared for the requested specific data flow. This determination may be made by sending a query DTU containing the identification data to a policy server which checks the identification data against preprogrammed criteria in its databases.Type: GrantFiled: July 30, 2002Date of Patent: August 28, 2007Assignee: ImagicTV, Inc.Inventors: Alistair John Parker, Gino Louis Dion, Sean Gordon Higgins
-
Patent number: 7260720Abstract: Transmitting data sent from A first device includes random information, which is encrypted by using common information, and a checksum, and the transmitting data is sent to a second device. The second device receives the transmitting data, and sends back answering data that includes an answer message, which is encrypted by using the random information, and checksum, to the first device.Type: GrantFiled: October 17, 2002Date of Patent: August 21, 2007Assignee: Matsushita Electric Industrial Co., Ltd.Inventors: Masaya Yamamoto, Kouji Miura, Tohru Nakahara
-
Patent number: 7260722Abstract: A system and method for communicating a device's capabilities uses a digital watermark embedded in content data. The watermark includes parameters concerning a source unit's communications capabilities. The watermark is embedded within content data, such as multimedia data, of a data packet. A destination unit, upon receiving the data packet detects if a watermark is present, and if so extracts the source's capability parameters from the watermark. The destination unit then negotiates with the source unit to use certain capabilities based on the source capability information contained in the watermark.Type: GrantFiled: December 28, 2001Date of Patent: August 21, 2007Assignee: ITT Manufacturing Enterprises, Inc.Inventors: Howard Scott Forstrom, Edward Wojciechowski, Madhav Shridhar Phadke
-
Patent number: 7254696Abstract: A functional-level instruction-set computing (FLIC) architecture executes higher-level functional instructions such as lookups and bit-compares of variable-length operands. Each FLIC processing-engine slice has specialized processing units including a lookup unit that searches for a matching entry in a lookup cache. Variable-length operands are stored in execution buffers. The operand length and location in the execution buffer are stored in fixed-length general-purpose registers (GPRs) that also store fixed-length operands. A copy/move unit moves data between input and output buffers and one or more FLIC processing-engine slices. Multiple contexts can each have a set of GPRs and execution buffers. An expansion buffer in a FLIC slice can be allocated to a context to expand that context's execution buffer for storing longer operands.Type: GrantFiled: December 12, 2002Date of Patent: August 7, 2007Assignee: Alacritech, Inc.Inventors: Millind Mittal, Mehul Kharidia, Tarun Kumar Tripathy, J. Sukarno Mertoguno
-
Patent number: 7251829Abstract: A process that collects and analyzes data from computer mainframe system events and/or messages as they occur, utilizing a System Management Facility (SMF) interface, a SubSystem Interface (SSI), an Event Notification Facility (ENF) interface, and generates alert message(s) when installation-developed rules so indicate, to provide real-time mainframe event and message monitoring, with notification to multiple targets based on either of two factors: a) configuration parameters defined by auditors and security administrators, and b) statistical analysis and correlation of historical event data (profiling).Type: GrantFiled: October 26, 2002Date of Patent: July 31, 2007Assignee: Type80 Security Software, Inc.Inventors: William D. Pagdin, Jerry Harding
-
Patent number: 7240217Abstract: A reprogrammable subscriber terminal of a subscription television service which can have the control program code of its control processor modified by downloading new program code from the headend. The control processor stores a boot program in an internal read only memory. Upon start up and resets, the boot program determines whether the control program should be changed from a command sent from the headend. The command, termed a parameters transactions, includes the number of expected download program code transactions required to complete the control code modification, the memory space areas where the code is to be loaded, and the channel over which the download program code transactions are to be transmitted. The channel is tuned and when the boot program receives all the download program code transactions accurately and stores them, the boot program will cause the control program to be restarted at a selected address of the new or modified control program code which has been downloaded.Type: GrantFiled: July 14, 2004Date of Patent: July 3, 2007Assignee: Scientific-Atlanta, Inc.Inventors: Kinney C. Bacon, R. Thomas Haman, David B. Lett, Robert O. Banker, Michael P. Harney
-
Patent number: 7236593Abstract: An apparatus for encryption and decryption, capable of use in encryption and decryption of advanced encryption standard. Byte substitution operation and inverse byte substitution operation are to be combined. Byte substitution operation can be expressed as y=M*multiplicative_inverse(x)+c while inverse byte substitution operation can be expressed as x=multiplicative_inverse(M?1*(y+c)), wherein M and M?1 are inverse matrix of each other and c is a constant matrix. Since the two equations employ a look-up table, that is, multiplicative_inverse(x), the lookup tables for use in byte substitution and inverse byte substitution operations are to be combined according to the invention so as to lower hardware complexity of the implementation. In addition, main operations of column mixing operation and inverse column mixing operation are to be rearranged to combine the two operations in part, resulting in simplified hardware implementation.Type: GrantFiled: March 29, 2002Date of Patent: June 26, 2007Assignee: Industrial Technology Research InstituteInventors: Chih-Chung Lu, Shau-Yin Tseng
-
Patent number: 7234161Abstract: Method and apparatus for deflecting connection flooding attacks. Specifically, the stateful firewall allows all connection attempts to flow into the destination host, but monitors the connection attempts to ensure that only legitimate connections are allowed. If the firewall detects that a connection is half-open for longer than a certain timer threshold, it will instruct the destination host to tear down the half-open connection, thereby freeing up resources in the destination host for other connection attempts. The timer threshold can be dynamically adjusted if a connection flooding attack is detected.Type: GrantFiled: December 31, 2002Date of Patent: June 19, 2007Assignee: NVIDIA CorporationInventors: Thomas A. Maufer, Sameer Nanda
-
Patent number: 7231525Abstract: A method of authentification of data sent in a digital transmission characterized by the organization and authentification of the data prior to transmission into a hierarchy of at least one root directory unit (75), subdirectory unit (76) and file unit (77), data in a file (77) being acted upon by an authentification algorithm and an associated file authentification value (82) stored in the referring subdirectory unit (77), this file authentification value (82) being in turn acted upon by an authentification algorithm and an associated subdirectory authentification value (79) stored in the referring root directory. Other aspects of the invention relate to the authentification of a second root directory (78) by generation of a second authentification value (83) and the authentification of data before encapsulation in tables or sections of a transport stream.Type: GrantFiled: March 25, 1999Date of Patent: June 12, 2007Assignee: Thomson Licensing S.A.Inventor: Jean-Bernard GĂ©rard Maurice Beuque
-
Patent number: 7206932Abstract: A voice-over-Internet-Protocol (VoIP) client codes audio data as printable ASCII characters, then embeds the ASCII audio data inside a cookie that is sent over the Internet within an HTTP GET message. The GET message is sent to a server acting as a call proxy or external manager that forwards the audio data to a remote client. Return audio data is sent back to the client in the normal data field of an HTTP response message from the server. When the client receives the HTTP response, it sends another GET message without audio data, allowing the server to send another response. This empty GET allows VoIP to pass through strict firewalls that pair each HTTP response with a GET. For secure-sockets layer (SSL), client and server exchange pseudo-keys in hello and finished messages that establish the SSL session. Audio data is streamed in SSL messages instead of encrypted data.Type: GrantFiled: February 14, 2003Date of Patent: April 17, 2007Assignee: CrystalVoice CommunicationsInventor: Debra C. Kirchhoff
-
Patent number: 7200756Abstract: Apparatuses and methods are provided for interface logic that is configurable to operatively couple cryptography support logic and cryptography providing logic. The interface logic provides at least one management function to the cryptography providing logic. The management function includes at least one of the following four management functions: an identity management function, a file management function, a container management function, and a cryptography management function.Type: GrantFiled: June 25, 2002Date of Patent: April 3, 2007Assignee: Microsoft CorporationInventors: Daniel C. Griffin, Eric C. Perlin, Glenn D. Pittaway, Klaus U. Schutz
-
Patent number: 7174567Abstract: Biometric data, such as fingerprint data, of at least one authorized user of a digital multimedia product is embedded into a digital multimedia product, to thereby control use of the digital multimedia product by a prospective user who obtains access to the digital multimedia product. The digital multimedia product, including the biometric data of the at least one authorized user that is embedded therein, is stored in a digital storage medium. At least some use of the digital multimedia product by a prospective user is prevented upon failure to match biometric data of the prospective user to the biometric data that is embedded in the digital multimedia product.Type: GrantFiled: October 9, 2002Date of Patent: February 6, 2007Assignee: Sony Ericsson Mobile Communications ABInventor: Cherif Keramane
-
Patent number: 7162645Abstract: A storage device includes a tamper-resistant module and a flash memory. In correspondence with a command, a CPU inside the tamper-resistant module judges the security of data received from the outside, then recording the data as follows: High-security and small-capacity data is recorded into a memory inside the tamper-resistant module. High-security and large-capacity data is encrypted, then being recorded into the flash memory. Low-security data is recorded as it is into the flash memory. This recording method permits large-capacity data to be stored while ensuring a security (i.e., a security level) corresponding thereto.Type: GrantFiled: February 5, 2002Date of Patent: January 9, 2007Assignee: Renesas Technology Corp.Inventors: Shinya Iguchi, Takashi Tsunehiro, Motoyasu Tsunoda, Haruji Ishihara, Nagamasa Mizushima, Takashi Totsuka