Patents by Inventor Jean-Luc Giraud
Jean-Luc Giraud has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11611541Abstract: Systems and methods for secure sharing of sensitive information in a computing environment. The methods comprise, by a first entity of a first computing environment receiving sensitive information of the first computing environment, receiving a request to share the sensitive information from a second entity of the first computing environment, and determining whether the second entity is a trusted entity included in a list of trusted entities held by a configuration service associated with a second computing environment. If the second entity is not a trusted entity, determining whether the second entity can establish trust by validating a subscription of the second entity with a directory service, and validating a digital certificate corresponding to the second entity with a certificate authority. If the second entity can establish trust or is a trusted entity, sharing the sensitive information with the second entity so as to enable operation of the second entity.Type: GrantFiled: August 7, 2018Date of Patent: March 21, 2023Assignee: Citrix Systems, Inc.Inventors: Feng Huang, Jean-Luc Giraud
-
Patent number: 11544356Abstract: Systems and methods for authenticating a user requesting access to a resource in a cloud-computing system. The methods comprise, by a resource service: receiving an access request for accessing a resource associated with the resource service from a computing device associated with a user, determining context information corresponding to the access request, and using the determined context information for identifying an authentication protocol for authenticating the user. The authentication protocol includes at least one authentication scheme. The methods further comprise generating an authentication challenge and transmitting the authentication challenge to the computing device. The authentication challenge includes an initial token and authentication parameters corresponding to the identified authentication protocol.Type: GrantFiled: June 19, 2017Date of Patent: January 3, 2023Assignee: Citrix Systems, Inc.Inventors: Feng Huang, Jean-Luc Giraud
-
Publication number: 20220393867Abstract: This Application sets forth techniques for establishing a custodial relationship between a user device and a custodian device for recovering access to a user account and/or to encrypted user data with assistance provided by the custodian device to effect access recovery. A server of a cloud network service provides an anonymous identifier to associate with the custodian device and an account recovery key to store at the custodian device. Identity of an account of the cloud network service associated with the custodian device can be hidden from the server. The user device generates a data recovery key and provides a first portion of the data recovery key to the custodian device and a second portion of the data recovery key to the server. Integrity of the stored account recovery key and portions of the data recovery key are checked regularly by the custodian device and the user device.Type: ApplicationFiled: February 3, 2022Publication date: December 8, 2022Inventors: Gokul P. THIRUMALAI, Alexandre A. AYBES, Dmitry V. BELOV, Jean-Luc GIRAUD, Kalyan C. GOPAVARAPU, Sudhakar N. MAMBAKKAM, Rebekah H. MERCER, Keaton F. MOWERY, Steven A. MYERS, Munish K. POONIA, Nihar SHARMA, Assar E. WESTERLUND, Frederic JACOBS
-
Publication number: 20200053059Abstract: Systems and methods for secure sharing of sensitive information in a computing environment. The methods comprise, by a first entity of a first computing environment receiving sensitive information of the first computing environment, receiving a request to share the sensitive information from a second entity of the first computing environment, and determining whether the second entity is a trusted entity included in a list of trusted entities held by a configuration service associated with a second computing environment. If the second entity is not a trusted entity, determining whether the second entity can establish trust by validating a subscription of the second entity with a directory service, and validating a digital certificate corresponding to the second entity with a certificate authority. If the second entity can establish trust or is a trusted entity, sharing the sensitive information with the second entity so as to enable operation of the second entity.Type: ApplicationFiled: August 7, 2018Publication date: February 13, 2020Inventors: Feng Huang, Jean-Luc Giraud
-
Publication number: 20180375648Abstract: Systems and methods for secure storage and transmission of sensitive information in a cloud environment. The methods comprise: receiving sensitive information corresponding to a first resource associated with a first cloud, generating an encryption key for encrypting the sensitive information, encrypting the sensitive information using the encryption key, transmitting the encrypted sensitive information to a cloud connector via a first communication channel, and transmitting the encryption key to a configuration service. The configuration service is associated with a second cloud. The method may further comprise, by a cloud connector: receiving the encryption key from the second resource associated with the second cloud and using the encryption key to decrypt the encrypted sensitive information.Type: ApplicationFiled: June 22, 2017Publication date: December 27, 2018Inventors: Feng Huang, Jean-Luc Giraud
-
Publication number: 20180367526Abstract: Systems and methods for authenticating a user requesting access to a resource in a cloud-computing system. The methods comprise, by a resource service: receiving an access request for accessing a resource associated with the resource service from a computing device associated with a user, determining context information corresponding to the access request, and using the determined context information for identifying an authentication protocol for authenticating the user. The authentication protocol includes at least one authentication scheme. The methods further comprise generating an authentication challenge and transmitting the authentication challenge to the computing device. The authentication challenge includes an initial token and authentication parameters corresponding to the identified authentication protocol.Type: ApplicationFiled: June 19, 2017Publication date: December 20, 2018Inventors: Feng Huang, Jean-Luc Giraud
-
Patent number: 8490805Abstract: This method makes it possible to fabricate a stopper (1) starting from a tubular skirt (12) suitable for surrounding a container neck, and provided both with retainer means for retaining it permanently around the neck, and also with fastener means for fastening it removably to the neck. In this method, the skirt and a blade (110) are moved in rotation relative to each other about the axis (X-X) of the skirt so that the blade cuts a peripheral line of weakness in the skirt, which line of weakness is made up firstly of through notches and secondly, between said notches around the periphery of the skirt, of breakable bridges that interconnect, in the same direction as the axis, a non-removable portion of the skirt, which portion is provided with the retainer means, and a removable portion of the skirt, which portion is provided with the fastener means.Type: GrantFiled: November 5, 2008Date of Patent: July 23, 2013Assignee: Tetra Laval Holdings & Finance S.A.Inventors: Jean-Luc Giraud, Michel Luzzato, Jerome Mezerette, Fabien Flamand
-
Patent number: 8464328Abstract: The invention concerns a method enabling a server manager to prove subsequently that the server was authorized to read a user's personal data in a terminal station (ST), comprising: transmitting server policy data (PS) to the station; comparing the server policy data with private policy data (PP) pre-stored in the station; determining a signature (SGST) of server policy data received in the station; and transmitting the signature with the personal data (DP) read in the station to the server when the compared policy data (PS, PP) are compatible.Type: GrantFiled: July 22, 2002Date of Patent: June 11, 2013Assignee: GEMALTO SAInventors: Jean-Luc Giraud, Pierre Girard
-
Patent number: 8280053Abstract: A method which improves the security of the authentication between two entities in a telecommunication network, and particularly between a mobile terminal and the fixed network, notably visitor location and nominal recorders and an authentication center, in a cellular radiotelephony network. Prior to a first authentication of the terminal, and more precisely of the SIM card therein, by the fixed network, a second authentication is based on an algorithm in which there are entered a random number produced and transmitted by the fixed network and a key different from the key for the first authentication. A transmitted signature and a signature result are produced by the fixed network and the terminal, and compared in the terminal in order to enable the first authentication in the event of equality.Type: GrantFiled: February 22, 2000Date of Patent: October 2, 2012Assignee: Gemalto SAInventors: Jean-Luc Giraud, Nathalie Boulet
-
Publication number: 20100258520Abstract: This method makes it possible to fabricate a stopper (1) starting from a tubular skirt (12) suitable for surrounding a container neck, and provided both with retainer means for retaining it permanently around the neck, and also with fastener means for fastening it removably to the neck. In this method, the skirt and a blade (110) are moved in rotation relative to each other about the axis (X-X) of the skirt so that the blade cuts a peripheral line of weakness in the skirt, which line of weakness is made up firstly of through notches and secondly, between said notches around the periphery of the skirt, of breakable bridges that interconnect, in the same direction as the axis, a non-removable portion of the skirt, which portion is provided with the retainer means, and a removable portion of the skirt, which portion is provided with the fastener means.Type: ApplicationFiled: November 5, 2008Publication date: October 14, 2010Applicant: TETRA LAVAL HOLDINGS & FINANCE S.A.Inventors: Jean-Luc Giraud, Michel Luzzato, Jerome Mezerette, Fabien Flamand
-
Patent number: 7725942Abstract: A method for loading data and programs in the memory of an electronic component includes a first phase in which data is loaded in the memory of the component. A validation phase then verifies the data loaded in the component memory. A second phase of loading data in the memory is carried out only if the data loaded during the first loading phase is valid. The second phase includes at least a step in which data is loaded and then validated.Type: GrantFiled: November 14, 2001Date of Patent: May 25, 2010Assignee: Gemalto SAInventor: Jean-Luc Giraud
-
Patent number: 7681029Abstract: The invention concerns a device and a method for controlling a portable object life cycle, in particular a smart card, the life cycle being determined by successive state transitions, which states determine the services offered by the object. The object includes a processing unit, program storage units and data storage units, each storage unit having a content defining a plurality of configurations. The device controls the transition from a first state to a second state of the object and, preferably triggers actions when the transition crossover from one state to another occurs or when a transition crossover request is denied. The actions are dependent on the type of transitions implied in the requests for state transition crossover applied to the object.Type: GrantFiled: November 3, 1999Date of Patent: March 16, 2010Assignee: Gemalto SAInventors: Marc Birkner, Jean-Luc Giraud, Laurent Talvard
-
Patent number: 7434049Abstract: A method for securing the execution of a session with a data processor, such as a smart card, under the control of at least two entities, such as servers. Session numbers and session keys are transmitted to the entities. The session number and key are applied to an algorithm in the data processor and the respective entity to produce a result and signature. The results and the signatures are transmitted to the data processor. A session corresponding to the results from the data processor is executed when the signatures are identical to the results. In another embodiment, one of the entities receives a delegation of a third entity to authorize execution of the session.Type: GrantFiled: July 26, 2001Date of Patent: October 7, 2008Assignee: GemplusInventors: Pierre Girard, Jean-Luc Giraud
-
Patent number: 7434250Abstract: Access rights lists, such as capacity or access control lists, are dynamically managed in a data processing element such as a smart card from an administrator server. To access an access rights list from the server, the list is signed in the server so that a signature can be transmitted to the card. The card compares the signature received from the server to signatures determined according to the access rights lists contained in the card and keys associated with those lists. Server access to an identified list is only authorized when it corresponds to a signature which is found among the determined signatures in the card and which is identical to the received signature.Type: GrantFiled: February 8, 2002Date of Patent: October 7, 2008Assignee: GemplusInventors: Pierre Girard, Jean-Luc Giraud
-
Patent number: 7360247Abstract: A method for protection against modification of data sent by a user to a secure medium via a reader selects and stores some of the data. Confirmation of the authenticity of the selected data is obtained by verifying whether they are identical to those input on request by the user in a secure communication mode of the reader. The method is applicable to the protection against the modification of a command and/or a document signed with an electronic signature.Type: GrantFiled: May 17, 2001Date of Patent: April 15, 2008Assignee: GemplusInventors: Pierre Girard, Jean-Luc Giraud
-
Publication number: 20060059348Abstract: Access rights lists, such as capacity or access control lists, are dynamically managed in a data processing element such as a smart card from an administrator server. To access an access rights list from the server, the list is signed in the server so that a signature can be transmitted to the card. The card compares the signature received from the server to signatures determined according to the access rights lists contained in the card and keys associated with those lists. Server access to an identified list is only authorized when it corresponds to a signature which is found among the determined signatures in the card and which is identical to the received signature.Type: ApplicationFiled: February 8, 2002Publication date: March 16, 2006Inventors: Pierre Girard, Jean-Luc Giraud
-
Publication number: 20050050437Abstract: The invention concerns a method enabling a server manager to prove subsequently that the server was authorised to read a user's personal data in a terminal station (ST), comprising: transmitting server policy data (PS) to the station; comparing the server policy data with private policy data (PP) pre-stored in the station; determining a signature (SGST) of server policy data received in the station; and transmitting the signature with the personal data (DP) read in the station to the server when the compared policy data (PS, PP) are compatible.Type: ApplicationFiled: July 25, 2001Publication date: March 3, 2005Inventors: Jean-Luc Giraud, Pierre Girard
-
Publication number: 20040088555Abstract: A method for protection against modification of data sent by a user to a secure medium via a reader selects and stores some of the data. Confirmation of the authenticity of the selected data is obtained by verifying whether they are identical to those input on request by the user in a secure communication mode of the reader. The method is applicable to the protection against the modification of a command and/or a document signed with an electronic signature.Type: ApplicationFiled: January 3, 2003Publication date: May 6, 2004Inventors: Pierre Girard, Jean-Luc Giraud
-
Publication number: 20040013266Abstract: A method for loading data and programs in the memory of an electronic component includes a first phase in which data is loaded in the memory of the component. A validation phase then verifies the data loaded in the component memory. A second phase of loading data in the memory is carried out only if the data loaded during the first loading phase is valid. The second phase includes at least a step in which data is loaded and then validated.Type: ApplicationFiled: May 9, 2003Publication date: January 22, 2004Inventor: Jean-Luc Giraud
-
Publication number: 20030169884Abstract: The invention concerns a method for making secure the execution of a session with processing means, such as a smart card (CA), under the control of at least two entities, such as servers (EX, EY), which consists in: transmitting (X2, Y2) session numbers (NSX, NSY) and session keys (KSX, KSY) to the entities; applying (X6, X, Y6, Y8) the session number and key to an algorithm (ASX, ASY) in the processing means and the respective entity to produce a result (REX, REY) and signature (SGY, SGY); transmitting (X7, Y7) the numbers and the signatures to the processing means; and executing (F10) the session corresponding to the numbers from the processing means when the signatures are identical (X9, Y9) to the results. In another embodiment, one of the entities receives a delegation of a third entity to authorise execution of the session.Type: ApplicationFiled: January 28, 2003Publication date: September 11, 2003Inventors: Pierre Girard, Jean-Luc Giraud