Patents Examined by Tod Swann
  • Patent number: 6266412
    Abstract: Disclosed is an encrypting speech processor architecture that provides enhanced security without the use of external cryptosync and with minimal speech degradation. This is accomplished by incorporating a block encryptor and a keystream generator (instead of a fixed secret mask encryption scheme, such as those implemented in voice ciphers) for encrypting blocks of encoded speech bits at a transmitter side. The block encryptor employs an invertible cryptographic algorithm and internal cryptosync to convert a first block of encoded speech bits into a first ciphertext block. The first ciphertext block is used to generate a keystream, which is then used to encrypt a second ciphertext block.
    Type: Grant
    Filed: June 15, 1998
    Date of Patent: July 24, 2001
    Assignee: Lucent Technologies Inc.
    Inventors: Adam L. Berenzweig, Steven Anthony Falco, Semyon B. Mizikovsky, Winston Edward Pekrul, Robert John Rance, Donald Joseph Youtkus
  • Patent number: 6266420
    Abstract: A method for securing group communications with reduced message overhead begins by initiating a secure group communication, where a group communication is secured based on security credentials of the group. The secured group communication is then provided to members of the group, where the secured group communication includes a secured message portion and an overhead portion based on the group, not each member. Each member of the group that receives the message determines that the secured message is group communication for its particular group. Each member then obtains at least a portion of the security credentials (e.g., the private decryption key) of the group to decrypt the secured group communication.
    Type: Grant
    Filed: October 8, 1998
    Date of Patent: July 24, 2001
    Assignee: Entrust Technologies Limited
    Inventors: Glenn C. Langford, Ian H. Curry
  • Patent number: 6263435
    Abstract: A logical tree structure and method for managing membership in a multicast group provides scalability and security from internal attacks. The structure defines key groups and subgroups, with each subgroup having a subgroup manager. Dual encryption allows the sender of the multicast data to manage distribution of a first set of encryption keys whereas the individual subgroup managers manage the distribution of a second set of encryption keys. The two key sets allow the sender to delegate much of the group management responsibilities without compromising security because a key from each set is required to access the multicast data. Security is further maintained via a method in which subgroup managers can be either member subgroup managers or participant subgroup managers. Access to both keys is provided to member subgroup managers whereas access to only one key is provided to participant subgroup managers.
    Type: Grant
    Filed: September 22, 1999
    Date of Patent: July 17, 2001
    Assignee: Matsushita Electric Industrial Co., Ltd.
    Inventors: Lakshminath R. Dondeti, Sarit Mukherjee, Ashok Samal
  • Patent number: 6263437
    Abstract: A crypto-ignition process is needed to establish an encrypted communication protocol between two devices connected by an insecure communication link. The present invention introduces a method of creating an identical secret key to two communicating parties is conducted between a thin device and a server computer over an insecure data network. The thin device generally has limited computing power and working memory and the server computer may communicate with a plurality of such thin devices. To ensure the security of the secret key on both sides and reduce traffic in the network, only a pair of public values is exchanged between the thin device and the server computer over the data network. Each side generates its own secret key from a self-generated private value along with the received counterpart's public value according to a commonly used key agreement protocol, such as the Diffie-Hellman key agreement protocol.
    Type: Grant
    Filed: February 19, 1998
    Date of Patent: July 17, 2001
    Assignee: Openware Systems Inc
    Inventors: Hanqing Liao, Peter F. King
  • Patent number: 6263434
    Abstract: A method and apparatus for identifying an applicant as a member of a group without explicitly listing all possible applicants. A test is defined which specifies the criteria for group membership. The test definition and an optional group identifier code are supplied to a criterion generator. The criterion generator generates an authenticated message based, at least in part, upon said test definition. The authenticated message is delivered to one or more criterion evaluators that verify the authenticated message. In one embodiment, once the authenticated message has been verified, the applicant for access to a resource presents a credential to the criterion evaluator. If the credential satisfies the test definition, the applicant is granted access to the specified resource and denied access if the credential does not satisfy the test definition.
    Type: Grant
    Filed: September 21, 1999
    Date of Patent: July 17, 2001
    Assignee: Sun Microsystems, Inc.
    Inventors: Stephen R. Hanna, Anne H. Anderson, Yassir K. Elley, Radia J. Perlman, Sean J. Mullan
  • Patent number: 6263446
    Abstract: A roaming user needing an his authentication credential (e.g., private key) to access a computer server to perform an electronic transaction may obtain the authentication credential in an on-demand fashion from a credential server accessible to the user over a computer network. In this way, the user is free to roam on the network without having to physically carry his authentication credential. Access to the credential may be protected by one or more challenge-response protocols involving simple shared secrets, shared secrets with one-to-one hashing, or biometric methods such as fingerprint recognition. If camouflaging is used to protect the authentication credential, decamouflaging may be performed either at the credential server or at the user's computer.
    Type: Grant
    Filed: November 19, 1998
    Date of Patent: July 17, 2001
    Assignee: Arcot Systems, Inc.
    Inventors: Balas Natarajan Kausik, Rammohan Varadarajan
  • Patent number: 6260145
    Abstract: In an authentication system for companies, a server appends suitable verification data to an electronic document to be circulated through terminal units for persons in charge. Each terminal is allocated a unique function in advance and applies it to the verification data in turn when receiving the document. Upon receipt of the document that has been circulated through the persons in charge, the server examines the function-applied value appended to the document to determine whether the document has been circulated correctly through the persons in charge, or via the correct route.
    Type: Grant
    Filed: July 29, 1997
    Date of Patent: July 10, 2001
    Assignee: Fujitsu Limited
    Inventors: Masahiro Komura, Etsuo Ono, Yasutsugu Kuroda, Satoru Torii
  • Patent number: 6259789
    Abstract: A computer implemented method and device for creating object keys to be used with a 4096-bit secret key block cipher data encryption process and a 2048-bit secret key digital signature process. The object keys are dynamic keys, i.e., changing throughout the encryption process. The dynamic object keys are composed of a static initial state that is created by the user and a method that modifies the keys based on seeding from a random session key object. The object key modification is performed for each plaintext data block so that each data block is encrypted using a different key. The initial state of the object key is also used in a block cipher encryption process to encrypt a 512-bit random session key. Data blocks of 64 bytes each are encrypted utilizing a different key, provided by the object key, for each block. The ciphertext (encrypted file) is transmitted into a keyed hashed function that utilizes a 2048-bit object key to produce a unique 2048-bit digital signature that is appended to the ciphertext.
    Type: Grant
    Filed: December 12, 1997
    Date of Patent: July 10, 2001
    Assignee: Safecourier Software, Inc.
    Inventor: Luciano F. Paone
  • Patent number: 6260142
    Abstract: A method and apparatus for secure group communication detects the deletion of a member of the group and uses the detected deletion to update the security credentials of a group by updating a repository containing credentials of members of a group. Alternatively, updating of the security credentials may be performed by sending a group credential deletion request for a member that has been deleted from the group so that the member deletes a stored copy of the group security credential.
    Type: Grant
    Filed: December 22, 1999
    Date of Patent: July 10, 2001
    Assignee: Entrust Technologies Limited
    Inventors: Dhanya Thakkar, Jacques Montcalm, Glenn C. Langford
  • Patent number: 6256734
    Abstract: A method and apparatus are provided for compliance checking in a trust-management system A request r, a policy assertion (ƒ0, POLICY), and n−1 credential assertions (ƒ1, s1) , . . . , (ƒn−1, sn−1) are received, each credential assertion comprising a credential function ƒi and a credential source si. Each assertion may be monotonic, authentic, and locally bounded. An acceptance record set S is initialized to {(&Lgr;, &Lgr;, R)}, where A represents a distinguished null string, and R represents the request r. Each assertion (ƒi, si), where i represents the integers from n−1 to 0, is run and the result is added to the acceptance record set S. This is repeated mn times, where m represents a number greater than 1, and an acceptance is output if any of the results in the acceptance record set S comprise an acceptance record (0, POLICY, R).
    Type: Grant
    Filed: October 8, 1999
    Date of Patent: July 3, 2001
    Assignee: AT&T
    Inventors: Matthew A. Blaze, Joan Feigenbaum, Martin J Strauss
  • Patent number: 6256393
    Abstract: A method for providing authentication, authorization and access control of software object residing in digital set-top terminals creates a fingerprint (“signature”) for each software object, associates each fingerprint with a service tier, encodes each association and creates an association table containing the information and downloads the association table to the digital set-top terminal. In addition, the method utilizes an entitlement management message, sent to each set-top terminal, indicating what software objects the set-top terminal may utilize, and provides a system routine at the digital set-top terminal that is invoked whenever software object is about to be utilized. The entitlement management message contains the access rights given to a particular set-top terminal, which must match the software object's access requirements for the software object to be utilized.
    Type: Grant
    Filed: February 24, 1999
    Date of Patent: July 3, 2001
    Assignee: General Instrument Corporation
    Inventors: Reem Safadi, Lawrence Vince
  • Patent number: 6256733
    Abstract: A method and apparatus for secure group communication allows on-demand procurement of stored security credentials of a group. In one embodiment, this is done by having a processor store at least a portion of the security credentials of the group in a location accessible from more than one member of the group, such as in an encrypted form in a public directory. Security credentials include at least a cryptographic key use to secure information. Each member may have a dedicated entry containing a group security credential associated with that member. The information may also be stored in a variety of other ways including, for example, storing a composite set of encrypted group security credentials. A member accesses the stored group security credentials on an on-demand basis.
    Type: Grant
    Filed: June 30, 1999
    Date of Patent: July 3, 2001
    Assignee: Entrust Technologies Limited
    Inventors: Dhanya Thakkar, Jacques Montcalm, Glenn C. Langford
  • Patent number: 6256392
    Abstract: A signal reproducing apparatus for prohibiting copying or unauthorized use. The apparatus includes a copying management information decision circuit 19 for discriminating the state of the copying management information read out from each header of a data sector and within the TOC, a protect signal generating circuit 20 for generating a protect signal based on the discrimination signal and a mixing circuit 24 for mixing a protect signal in a vertical blanking period of an analog video signal D/A converted from digital video data reproduced from an optical disc D. The apparatus also includes a descrambling circuit 31 for descrambling the digital data based on the copying management information and a scrambling circuit 32 for descrambling the digital data. The apparatus enables prohibition of unauthorized analog copying and digital copying inhibition of serial generational copying and prohibition of unauthorized analog and digital copying simultaneously.
    Type: Grant
    Filed: January 7, 2000
    Date of Patent: July 3, 2001
    Assignee: Sony Corporation
    Inventors: Yoichiro Sako, Shigeyuki Yoneyama
  • Patent number: 6256491
    Abstract: An apparatus and method for security of individual communications over a composite communications channel such as T1 or E1. The composite channel is digitized. Individual channels are separated, but identifying information of each channel is retained. A level of security can be chosen for each channel by digitally processing the selected call with a selected level of scrambling or encryption prior to passing the call to an end-user.
    Type: Grant
    Filed: December 31, 1997
    Date of Patent: July 3, 2001
    Assignee: Transcript International, Inc.
    Inventors: Douglas E. Ehlers, Christopher Aaron Hall, James R. Holthaus
  • Patent number: 6252959
    Abstract: A point doubling method for elliptic curve cryptosystems is disclosed in which 2kP=(Xk, yk) is directly calculated from P=(x,y) without computing intermediate points such as 2P, 4P, etc. The advantage in this direct calculation technique is that the number of inverses in the underlying field GF(2k) is reduced. Although this does not come without a price. In most implementations, the number of multiplications is increased. The present invention is based upon the recognition that for most practical applications, the inversion is by far the most expensive operation to perform of the inversion, multiplication, addition, and squaring in the point doubling operations. As a result, the net time to perform the additional multiplications is less than the time required to perform the inversion,the multiplications effectively replace, thereby yielding in the efficiency of the present invention.
    Type: Grant
    Filed: May 20, 1998
    Date of Patent: June 26, 2001
    Assignee: Worcester Polytechnic Institute
    Inventors: Christof Paar, Jorge Guajardo
  • Patent number: 6253331
    Abstract: A timer apparatus having a power source, a timer unit for outputting time information to which a time is set via a setting terminal, and a control unit in which a program for permitting set of a time in the timer unit only once is written from the outside via a write terminal and which controls the timer unit. After the program is written to the control unit via the write terminal, the write terminal is disconnected, and the power source, timer unit and control unit are molded integrally. A low-cost timer apparatus in which a time cannot be changed incorrectly can be realized without mounting a processor for performing a complicated process.
    Type: Grant
    Filed: July 30, 1998
    Date of Patent: June 26, 2001
    Assignee: Fujitsu Limited
    Inventor: Seigo Kotani
  • Patent number: 6253189
    Abstract: An apparatus, system and method for completing advertising time slot transactions. A time slot exchange server receives an offer to sell a time slot along with time slot information relevant to making an buying decision with respect to the time slot. The time slot exchange server makes available time slot offer and marketing and valuation data to assist a buyer to identify and properly value a time slot that meets the buyer's requirements. The time slot exchange server receives time slot bids and transfers the ownership of a time slot from a seller to a buyer when a bid meets or exceeds the terms of the time slot's offer to sell. The time slot exchange server also ensures that a broadcaster has a correct copy of an advertisement to be shown in a time slot, and sends verification data to an advertiser indicating whether, when and how an advertisement intended to be shown in a time slot was actually seen.
    Type: Grant
    Filed: September 15, 1997
    Date of Patent: June 26, 2001
    Assignee: AT&T Corp.
    Inventors: James Thomas Feezell, Robert Rudelius
  • Patent number: 6253328
    Abstract: A method for securing passwords and personal identification numbers utilizes a mastercode. At least ten characters are selected for the mastercode. The selected characters are randomly associated to a corresponding digit, wherein the association defines the mastercode. A numeric sequence is translated into a corresponding character sequence using the mastercode. The corresponding character sequence is expanded into an ordinary word. An apparatus for implementing the method is also described. For enhanced security the mastercode can be embedded within a mastergrid camouflaging the mastercode.
    Type: Grant
    Filed: February 12, 1998
    Date of Patent: June 26, 2001
    Inventor: A. James Smith, Jr.
  • Patent number: 6253322
    Abstract: Certification and authentication services (electronic information signing and archiving services) are given when electronic commerce is carried out in an open network such as Internet. A system has a service supplying unit and service receiving units which are connected to one another through a communication network. In the system, the service supplying unit transmits contract information including a content of a contract to the service receiving units of the service receivers. Each of the service receiving units having received the contract information prepares one party-signed contract information in which the contract information is digitally signed by the service receiver and transmits the one party-signed contract information to the service supplying unit.
    Type: Grant
    Filed: May 20, 1998
    Date of Patent: June 26, 2001
    Assignee: Hitachi, Ltd.
    Inventors: Seiichi Susaki, Yasuhiko Mizuno, Miwa Takahashi, Satoshi Mitsunaga, Shoji Moriyama
  • Patent number: 6249869
    Abstract: An integrated circuit card includes a memory storing service data relating to at least one service. At least part of the memory comprises data in file structures within one directory including at least a first file and a second file. The service data is grouped together in at least one service slot. Each service slot is divided into a profile part and a data part. Each profile part has a slot number and is arranged to function as an authorization mechanism. Each profile part is stored in the first file and comprises a unique application identifier. Each data part is at least partly stored in the second file and comprises data related to a given service. And the memory stores at least one key to protect write access to the first and second files. A secure application module and a terminal are also provided for controlling service actions to be carried out by the terminal on the integrated circuit card.
    Type: Grant
    Filed: July 10, 1997
    Date of Patent: June 19, 2001
    Assignee: Koninklijke KTN N.V.
    Inventors: Michel Marco Paul Drupsteen, Albertus Feiken