Patents by Inventor Eric Le Saint
Eric Le Saint has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8306228Abstract: An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.Type: GrantFiled: September 7, 2007Date of Patent: November 6, 2012Assignee: Activcard Ireland, LimitedInventors: Eric Le Saint, Wu Wen
-
Publication number: 20120036551Abstract: A security framework for a host computer system which allows a host to control access to a compliant security token by ensuring enforcement of established security policies administered by a middleware application. Processing between the host computer system and the security token is performed using one or more modular security application agents. The modular security application agents are counterpart applications to security applications installed in the security token and may be retrieved and installed upon to ensure compatibility between counterpart token and host security applications. The security policies are a composite of host security policies and token security policies which are logically combined by the middleware application at the beginning of a session.Type: ApplicationFiled: February 25, 2011Publication date: February 9, 2012Inventors: Eric Le Saint, John Boyer
-
Patent number: 7921298Abstract: A security framework for a host computer system which allows a host to control access to a compliant security token by ensuring enforcement of established security policies administered by a middleware application. Processing between the host computer system and the security token is performed using one or more modular security application agents. The modular security application agents are counterpart applications to security applications installed in the security token and may be retrieved and installed upon to ensure compatibility between counterpart token and host security applications. The security policies are a composite of host security policies and token security policies which are logically combined by the middleware application at the beginning of a session.Type: GrantFiled: November 13, 2007Date of Patent: April 5, 2011Assignee: Activcard Ireland, LimitedInventors: Eric Le Saint, John Boyer
-
Publication number: 20100023776Abstract: The invention concerns a method for obtaining assurance that a content control key is securely stored in a remote security module for further secure communications between a content provider and said security. A security module manufacturer, which has a pre-established trustful relation with the security module, imports a symmetric transport key into the security module, wherein the symmetric transport key is unique to the security module. The content provider shares the symmetric transport key with the security module manufacturer and exchanges messages with the security module through a security module communication manager in order to get the proof that the security module stores the content control key. At least a portion of the messages exchanged between the content provider and the security module are protected using the symmetric transport key.Type: ApplicationFiled: March 15, 2007Publication date: January 28, 2010Applicant: ACTIVIDENTITY INC.Inventors: Dominique Fedronic, Eric Le Saint, John Babbidge, Hong Liu
-
Publication number: 20090193264Abstract: A strong authentication method and system using a Secure ICC component coupled with a Personal device, and relying on the existing cryptographic protocols and keys for managing the secure ICC to generate One-Time-Passwords when the necessary authentication keys or cryptographic protocols are not already present in the Secure ICC configuration for that purpose.Type: ApplicationFiled: September 22, 2008Publication date: July 30, 2009Applicant: ActivIdentity, Inc.Inventors: Dominique FEDRONIC, Eric LE SAINT, John BOYER, William BOGGESS
-
Publication number: 20090025074Abstract: A security framework for a host computer system which allows a host to control access to a compliant security token by ensuring enforcement of established security policies administered by a middleware application. Processing between the host computer system and the security token is performed using one or more modular security application agents. The modular security application agents are counterpart applications to security applications installed in the security token and may be retrieved and installed upon to ensure compatibility between counterpart token and host security applications. The security policies are a composite of host security policies and token security policies which are logically combined by the middleware application at the beginning of a session.Type: ApplicationFiled: November 13, 2007Publication date: January 22, 2009Applicant: ACTIVCARD IRELAND, LIMITEDInventors: Eric Le Saint, John Boyer
-
Publication number: 20080089521Abstract: An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.Type: ApplicationFiled: September 7, 2007Publication date: April 17, 2008Inventors: Eric Le Saint, Wu Wen
-
Publication number: 20080040493Abstract: This invention provides a mechanism for performing secure configuration and data changes between a PSD and a hardware security module (HSM) using a communications pipe established between said PSD and said HSM. The data changes and configuration changes include but are not limited to installing, updating, replacing, deleting digital certificates cryptographic keys, applets, other digital credentials, attributes of installed objects, or other stored proprietary information.Type: ApplicationFiled: October 16, 2007Publication date: February 14, 2008Applicant: ACTIVCARDInventors: Yves AUDEBERT, Eric Le Saint
-
Publication number: 20080022381Abstract: This invention provides a security token architecture which supports modular security application installations without loss of existing data or requiring the reinstallation of existing applications served by the security application modules. The architecture is compliant with the international standard ISO/IEC 7816-4, “Information technology—Identification tokens—Integrated circuit(s) tokens with contacts—Part 4: Interindustry commands for interchange.” An application is integrated into a security domain which serves as a centralized security applications programming interface between one or more token service applications and a series of security application modules. The API provides a more uniform security application interface which improves overall interoperability of the modular security applications and simplifies security application development.Type: ApplicationFiled: August 6, 2007Publication date: January 24, 2008Inventor: Eric Le Saint
-
Publication number: 20070195998Abstract: A system is used for authorizing access to a Personal Security Device. This system comprises a Personal Security Device 75 and another device 105 which is in functional communication with said Personal Security Device. Said Personal Security Device comprises identification information retrieval data and a biometric authentication application 200 which transfers said identification information retrieval data to said other device 105 in response to an identified match between biometric data sent by said other device and a predetermined biometric reference. Said other device 105 comprises a security executive application 230 for retrieving an Identification Information with at least said identification information retrieval data, thus generating a retrieved Identification Information, and transferring said retrieved Identification Information to said Personal Security Device 75.Type: ApplicationFiled: March 29, 2006Publication date: August 23, 2007Applicant: ACTIVIDENTITY, INC.Inventors: Eric Le Saint, Dominique Fedronic, John Boyer, Hong Liu
-
Publication number: 20060230437Abstract: A secure and transparent digital credential sharing arrangement which utilizes one or more cryptographic levels of indirection to obfuscate a sharing entity's credentials from those entities authorized to share the credentials. A security policy table is provided which allows the sharing entity to selectively authorize or revoke digital credential sharing among a plurality of entities. Various embodiments of the invention provide for secure storage and retrieval of digital credentials from security tokens such as smart cards. The secure sharing arrangement may be implemented in hierarchical or non-hierarchical embodiments as desired.Type: ApplicationFiled: April 5, 2006Publication date: October 12, 2006Applicant: ACTIVIDENTITY, INC.Inventors: John Alexander Boyer, Eric Le Saint
-
Publication number: 20060104486Abstract: A method, system and computer program product for improving error discrimination in biometric authentication systems. The error discrimination is set to a predetermined security policy. A plurality of biometric samples are provided and authenticated by a computer system in conjunction with a security token. An alternate embodiment allows inputting of the plurality of biometric samples in a predetermined sequence. The predetermined input sequence is maintained as an authentication secret which may be used to further reduce the authentication transaction error rate.Type: ApplicationFiled: November 10, 2005Publication date: May 18, 2006Applicant: ACTIVCARD INC.Inventors: Eric Le Saint, Wu Wen, Laurence Hamid
-
Publication number: 20050229005Abstract: A method and computer program product which comprises storing at least one data file inside a portable device such as security token or flash memory drive associated with a security badge. The data file includes sufficient information to allow a third party to verify the identity of an assignee of the security badge. The identity of the assignee is based at least in part on the information included in the data file by the third party without having to rely on a presentation affixed to one or more exterior surfaces of the security badge. Other embodiments of the invention comprises operatively coupling the security token to a security system, authenticating the assignee to the security token, generating a digital signature of the data file using a private key, and sending the digital signature, the data file and a digital certificate associated with the private key to said security system.Type: ApplicationFiled: April 7, 2004Publication date: October 13, 2005Applicant: ACTIVCARD Inc.Inventors: Eric Le Saint, Dominique Fedronic
-
Publication number: 20050138386Abstract: A method, system and computer program product for ensuring PKI key pairs are operatively installed within a secure domain of a security token prior to generating a digital certificate. The public key component of the PKI key pair is incorporated into a digital certificate which is returned to the security token for storage. The arrangement included herein incorporates the use of a critical security parameter to ensure a chain of trust with an issuing entity such as a registration authority. Furthermore, the arrangement does not require security officer or system administrator oversight during digital certificate generation as the critical security parameter provides a sufficient level of trust to ensure that digital certificate generation is being performed in conjunction with a designated security token rather than a rogue application. Lastly, separate inventive embodiments allow alternate communications and verification arrangements to be implemented.Type: ApplicationFiled: December 22, 2003Publication date: June 23, 2005Inventor: Eric Le Saint
-
Publication number: 20050138421Abstract: A method, system and computer program product for accessing one or more security token resources using an authentication server as an intermediary before access is permitted to the security token resources. The server intermediary performs an initial authentication based on a user supplied critical security parameter. To ensure confidentiality of transported critical security parameters, a secure messaging session is established which provides end-to-end security between the authentication server and the security token. A second critical security parameter is then sent to the security token. The security token authenticates the second critical security parameter and allows access token resources. Alternate secure communications mechanisms and an invalid entry counter reset capability are also described.Type: ApplicationFiled: December 23, 2003Publication date: June 23, 2005Inventors: Dominique Fedronic, Eric Le Saint
-
Publication number: 20050136964Abstract: An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction.Type: ApplicationFiled: December 22, 2003Publication date: June 23, 2005Inventors: Eric Le Saint, Dominique Fedronic
-
Publication number: 20040221174Abstract: A security framework for a host computer system which allows a host to control access to a compliant security token by ensuring enforcement of established security policies administered by a middleware application. Processing between the host computer system and the security token is performed using one or more modular security application agents. The modular security application agents are counterpart applications to security applications installed in the security token and may be retrieved and installed upon to ensure compatibility between counterpart token and host security applications. The security policies are a composite of host security policies and token security policies which are logically combined by the middleware application at the beginning of a session.Type: ApplicationFiled: April 29, 2003Publication date: November 4, 2004Inventors: Eric Le Saint, John Boyer
-
Publication number: 20040218762Abstract: An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.Type: ApplicationFiled: April 29, 2003Publication date: November 4, 2004Inventors: Eric Le Saint, Wu Wen
-
Publication number: 20040123152Abstract: This invention provides a security token architecture which supports modular security application installations without loss of existing data or requiring the reinstallation of existing applications served by the security application modules. The architecture is compliant with the international standard ISO/IEC 7816-4, “Information technology—Identification tokens—Integrated circuit(s) tokens with contacts—Part 4: Interindustry commands for interchange.” An application is integrated into a security domain which serves as a centralized security applications programming interface between one or more token service applications and a series of security application modules. The API provides a more uniform security application interface which improves overall interoperability of the modular security applications and simplifies security application development.Type: ApplicationFiled: April 1, 2003Publication date: June 24, 2004Inventor: Eric Le Saint
-
Publication number: 20040123138Abstract: This invention provides a security token architecture which supports modular security application installations without loss of existing data or requiring the reinstallation of existing applications served by the security application modules. The architecture is compliant with the international standard ISO/IEC 7816-4, “Information technology—Identification tokens—Integrated circuit(s) tokens with contacts—Part 4: Interindustry commands for interchange.” An application is integrated into a security domain which serves as a centralized security applications programming interface between one or more token service applications and a series of security application modules. The API provides a more uniform security application interface which improves overall interoperability of the modular security applications and simplifies security application development.Type: ApplicationFiled: December 18, 2002Publication date: June 24, 2004Inventor: Eric Le Saint