Chain Or Hierarchical Certificates Patents (Class 713/157)
  • Patent number: 10341360
    Abstract: A method and apparatus is provided for managing the eligibility of data signing in an online code signing system. The method is used by a plurality of data publishers in an online code signing system. The method includes defining, by an administrator of the system, a hierarchy of a plurality of entities, and managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts and eligibility to designate at least one of a plurality of managers via owner account to manage user access to sign data for at least one model entity.
    Type: Grant
    Filed: March 6, 2017
    Date of Patent: July 2, 2019
    Assignee: ARRIS Enterprises LLC
    Inventors: Ting Yao, Xin Qiu, Jinsong Zheng, Patrick Dizon, Aye Myint, Annie C. Kuramoto, Reshma Shahabuddin, Thomas J. Barbour
  • Patent number: 10327144
    Abstract: A communication apparatus displays connection information for an external device to perform wireless connection with the communication apparatus, determines whether a wireless connection based on the connection information is established, and hides the connection information according to establishment of the wireless connection.
    Type: Grant
    Filed: April 26, 2016
    Date of Patent: June 18, 2019
    Assignee: Canon Kabushiki Kaisha
    Inventor: Naoya Kakutani
  • Patent number: 10277621
    Abstract: The disclosed computer-implemented method for detecting vulnerabilities on servers may include (i) sending requests to servers for information about services potentially executing on the servers, (ii) receiving, in response to requests, messages from the servers that comprise the information about the services, wherein the set of messages use different formats for transmitting the information, (iii) creating, by analyzing the set of the messages, at least one heuristic that is capable of automatically extracting, from a message, an identifier of a service that executes on a server that sent the message, (iv) extracting, from the message, via the heuristic, the identifier of the service executes on the server that sent the message, and (v) determining, based on the identifier of the service, that the service contributes to a vulnerability on the server that sent the message. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: July 12, 2017
    Date of Patent: April 30, 2019
    Assignee: Symantec Corporation
    Inventors: Pierre-Antoine Vervier, Yun Shen
  • Patent number: 10210337
    Abstract: Disclosed herein are a method and a system for discrete data containerization for Information Rights Management. The system identifies based on a user request, data to be containerized. Further, the system receives at least one rule based on the data and attributes, which is to be used for containerizing the data. Further, using the rule, the system containerizes the data, wherein the data is containerized at individual data level.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: February 19, 2019
    Assignee: ANOOSMAR TECHNOLOGIES PRIVATE LIMITED
    Inventors: Ankur Panchbudhe, Praneeth Siva, Amol Vaikar, Yusuf Batterywala
  • Patent number: 10171504
    Abstract: In one embodiment, a method includes receiving at an enforcement node, a request to access a network from an endpoint, transmitting at the enforcement node, the access request to a policy server, receiving at the enforcement node from the policy server, a dynamic authorization comprising a plurality of ranks, each of the ranks comprising a policy for access to the network by the endpoint, assigning the endpoint to one of the ranks and applying the policy associated with the rank to traffic received from the endpoint at the enforcement node during a communication session between the endpoint and the network, assigning the endpoint to a different rank, and applying the policy associated with the rank to traffic received from the endpoint during the communication session. An apparatus and logic are also disclosed herein.
    Type: Grant
    Filed: August 4, 2015
    Date of Patent: January 1, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Pok Sze Wong, Ramesh Nampelly, Aaron Rodriguez
  • Patent number: 10146948
    Abstract: The present invention relates to a system and method for facilitating access to secure network sites, such as sites providing secure financial information. An active software agent is utilized to fetch passwords and user identifiers from a user computing system and to use the passwords and identifiers to extract required information from the secure site. The password sites and identifiers are encrypted and an encryption key is stored at a network mode remote from the user's computer and is fetched in order to enable the passwords and identifiers to be decrypted so that the active agent can use them to obtain the required information.
    Type: Grant
    Filed: May 9, 2016
    Date of Patent: December 4, 2018
    Assignee: EWISE SYSTEMS PTY LTD
    Inventors: Alexander Grinberg, Mike Kontorovich, Mark Chazan, Colin Reyburn
  • Patent number: 10122536
    Abstract: Certificate management method for a plurality of clients, the method including: receiving a first certificate for a subject including a public key, an issuer field with an issuer and a serial number field with a serial number, wherein the first certificate for the subject is signed by a first certificate for the issuer; generating a second certificate for the subject including the public key, an issuer field with the issuer and a serial number field with the serial number, wherein the second certificate for the subject is signed by a second certificate for the issuer being different to the first certificate for the issuer; and transmitting the second certificate for the subject to one of the plurality of clients; and performing an action on the basis of the public key of the second certificate for the subject.
    Type: Grant
    Filed: April 1, 2016
    Date of Patent: November 6, 2018
    Assignee: TOTEMO AG
    Inventor: Marcel Mock
  • Patent number: 10104112
    Abstract: Example embodiments disclosed herein relate to update a rating of threat submitters. Information is received of threat observables from threat submitters. Information about the threat observables is provided to one or more entities. Feedback about a threat observable is received from one of the entities. A rating of the threat submitter associated with the feedback is updated.
    Type: Grant
    Filed: April 18, 2014
    Date of Patent: October 16, 2018
    Assignee: Entit Software, LLC
    Inventors: Anurag Singla, Tomas Sander, Edward Ross
  • Patent number: 10027473
    Abstract: A verifiable, redactable log, which, in some embodiments, may contain multiple hash values per entry in order to sever confidentiality of a log from verifiability. Logs may be verified using recalculation of hashes and verification of trusted digital signatures. In some embodiments, the log may be divided into segments, each signed by a time server or self-signed using a system of ephemeral keys. In some embodiments, log messages regarding specific objects or events may be nested within the log to prevent reporting omission. The logging system may receive events or messages to enter into the log.
    Type: Grant
    Filed: May 9, 2016
    Date of Patent: July 17, 2018
    Assignee: Palantir Technologies Inc.
    Inventors: Ryan Castellucci, Philip Martin
  • Patent number: 10013668
    Abstract: A system performs secure storage of certificate keys. The system receives a user password and a certificate that is locked by the user password. The certificate is configured to be used for signing binaries of an application. The system sends, to a build server, the user password and the certificate that is locked by the user password. The system then receives, from the build server, a first portion of a certificate key and the certificate that is locked by the certificate key, and stores the first portion of the certificate key and the certificate that is locked by the certificate key.
    Type: Grant
    Filed: February 4, 2016
    Date of Patent: July 3, 2018
    Assignee: Oracle International Corporation
    Inventor: Christian David Straub
  • Patent number: 9996684
    Abstract: Systems and methods are provided for authorizing a user to access an access-controlled environment. The system includes a system server platform that communicates with fixed PC's, servers and mobile devices (e.g., smartphones) operated by users. The systems and methods described herein enable a series of operations whereby a user attempting to access an access-controlled environment is prompted to biometrically authenticate using the user's preregistered mobile device. Biometric authentication can include capturing images of the user's biometric features, encoding the features as a biometric identifier, comparing the biometric identifier to a previously generated biometric identifier and determining liveness. In addition, the authentication system can further authorize the user and electronically grant access to the access-controlled environment.
    Type: Grant
    Filed: January 14, 2016
    Date of Patent: June 12, 2018
    Assignee: VERIDIUM IP LIMITED
    Inventors: Hector Hoyos, Jason Braverman, Scott Streit, Geoffrey Xiao, Jonathan Francis Mather
  • Patent number: 9972055
    Abstract: A fact checking system utilizes social networking information and analyzes and determines the factual accuracy of information and/or characterizes the information by comparing the information with source information. The social networking fact checking system automatically monitors information, processes the information, fact checks the information and/or provides a status of the information.
    Type: Grant
    Filed: April 24, 2014
    Date of Patent: May 15, 2018
    Inventor: Lucas J. Myslinski
  • Patent number: 9967333
    Abstract: Aspects of the present invention provide systems and methods that facilitate communicating a message, independent of a centralized resource, to be retrieved at a future time. In embodiments, a computing device receives a configuration-related message via a block chain maintained by a plurality of decentralized nodes. In embodiments, upon verification of the authenticity of the message, the device will execute the deferred instructions indicated in the message. In embodiments, the instructions may be add functionality or not allow functionality in the device. In embodiments, the instructions may indicate that a smart package should allow the end user to access contents of the package or to not allow access to the contents.
    Type: Grant
    Filed: June 5, 2015
    Date of Patent: May 8, 2018
    Assignee: DELL PRODUCTS LP
    Inventors: YuLing Chen, Daniel A. Ford
  • Patent number: 9967334
    Abstract: Aspects of the present invention provide systems and methods that facilitate the communicating of messages to a vastly scalable number of devices, independent of a centralized resource. In embodiments, a computing device, or a number of devices, may receive from a managing entity one or more messages via a block chain that is maintained by a plurality of decentralized nodes in a peer-to-peer network. In embodiments, the device or devices execute the instructions identified in the message, and if appropriate, return results.
    Type: Grant
    Filed: June 25, 2015
    Date of Patent: May 8, 2018
    Assignee: DELL PRODUCTS LP
    Inventor: Daniel A. Ford
  • Patent number: 9906371
    Abstract: One or more computer processors identify a first certificate that is used to establish a secure Internet connection. One or more computer processors identify a stored second certificate that shares at least one attribute with the first certificate. One or more computer processors determine a policy action based, at least in part, on a result of a comparison between an attribute of the first certificate and an attribute of the second certificate.
    Type: Grant
    Filed: February 18, 2016
    Date of Patent: February 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: Paul A. Ashley, Carsten Hagemann
  • Patent number: 9813403
    Abstract: Various methods and systems for securing communications with enhanced media platforms, are provided. In particular, an enhanced media platform is authenticated using a trusted location. The authenticated enhanced media platform establishes a bidirectional trust with an enhanced remote location, the enhanced media platform being stored in the enhanced remote location. Upon authentication and establishing the bidirectional trust, the enhanced media platform may securely communicate media content in a media content distribution service infrastructure while supporting custom functionality. The method for securing communications with enhanced media platforms includes communicating authentication credentials to an internal security component at the trusted location. The method further includes receiving validation credentials from the internal security component. The method also includes authenticating the enhanced remote location based on at least a portion of the validation credentials received.
    Type: Grant
    Filed: July 19, 2016
    Date of Patent: November 7, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jean-Emile Elien, Daniel Collins Balma, Rocco Crea, III, Michael Brendan Frei, Paul Stephen Hellyar, Victor Tan, Kye Hyun Kim, Travis J. Muhlestein, Robert S. Unoki, Kenneth Michael Bayer, Wes Wahlin
  • Patent number: 9787478
    Abstract: A method includes: establishing a telecommunication link between a device and a service provider system via a telecommunication network; receiving a device public key via the telecommunication network from the device at the service provider system, the device public key predating the establishment of the telecommunication link; verifying, at the service provider system, that the device stores a device private key in a secure storage area of the device, the device private key corresponding to the device public key, the device public key and the device private key being a cryptographic key pair; and authorizing, by the service provider system, sign-up of the device for service enrollment in response to verifying that the device stores the device private key in the secure storage area of the device.
    Type: Grant
    Filed: June 10, 2015
    Date of Patent: October 10, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Jangwon Lee, Anand Palanigounder, Soo Bum Lee, Rajat Prakash
  • Patent number: 9767640
    Abstract: A system includes a first server and a second server. The second server receives a value from a first device, possibly via the first server, and stores the value. In response to a request from a second device, the second server then determines the value and sends the value to the second device. In this fashion, verification can be made that the first device is in communications with the first server.
    Type: Grant
    Filed: August 17, 2015
    Date of Patent: September 19, 2017
    Assignee: CFPH, LLC
    Inventor: Dean P. Alderucci
  • Patent number: 9762570
    Abstract: Information processing system includes a first certification device which executes a first temporary certification, creates a first temporary certificate, transmits it to an external device, carries out a first formal certification and creates the first formal certificate, a second certification device which executes a second temporary certification based on the first temporary certification, creates a second temporary certificate, transmits it to the external device, carries out a second formal certification and creates the second formal certificate, and a processing device which verifies a validity of the first formal certificate corresponding to the first temporary certificate and a validity of the second formal certificate corresponding to the second temporary certificate from the user, in response to a information processing request from the user and determines to execute the information processing corresponding to the information processing request based on the verification result.
    Type: Grant
    Filed: March 6, 2015
    Date of Patent: September 12, 2017
    Assignee: FUJITSU LIMITED
    Inventors: Makoto Omori, Shinichiro Nishizawa, Yasushi Toriwaki, Takashi Yoshino, Hisashi Sugawara, Masaki Nagao, Kosuke Tao, Keiko Ishii, Tsuyoshi Taneishi, Kenichi Yamashita, Mitsuhiro Sato, Atsushi Wataki
  • Patent number: 9736146
    Abstract: A computer uses the information included within a digital certificate to obtain a current date and time value from a trusted extrinsic trusted source and the computer compares the obtained current date and time value to a validity period included in the digital certificate to determine if the digital certificate is expired. The information included within the digital certificate specifying an extrinsic source for the current date and time value can be included in an extension of the digital certificate, and the information can specify a plurality of extrinsic sources.
    Type: Grant
    Filed: January 8, 2016
    Date of Patent: August 15, 2017
    Assignee: International Business Machines Corporation
    Inventors: Andrew D. Akehurst-Ryan, David J. McKechan, Stuart J. Reece
  • Patent number: 9704158
    Abstract: Techniques are disclosed for authenticating transactions conducted over computer networks, e.g., online banking transactions or other transactions performed by a financial institution at a customer's request. After receiving a transaction request (and associated transaction details), the transaction signing service signs the transaction data and sends the resulting blob to the user requesting the transaction. After being transmitted to the user, the signed transaction data itself is then signed using PKI credentials of the user, which then returns the twice-signed bundle to the financial institution. Rather than rely on the cryptographic signature of the client, the financial intuition (or other replying party) validates that the transaction data signed using its own highly trusted key has not been altered prior to being signed and returned by the client.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: July 11, 2017
    Assignee: Symantec Corporation
    Inventors: Alan Dundas, Oanh Hoang, Eirik Herskedal
  • Patent number: 9679122
    Abstract: Mechanisms for controlling access to credentials are disclosed. A computing device receives, at a first time, a request associated with a user to initiate a plurality of actions against a computing resource of a plurality of computing resources, the request including a credential identifier that identifies a credential. A memory is accessed, based on the credential identifier, to retrieve the credential identified by the credential identifier that was stored in the memory at a time prior to the first time, the credential comprising authentication information configured to authenticate the plurality of actions to the computing resource. The computing device communicates the request and the authentication information to an orchestration engine for execution of the plurality of actions against the computing resource.
    Type: Grant
    Filed: June 11, 2014
    Date of Patent: June 13, 2017
    Assignee: Red Hat, Inc.
    Inventors: Michael P. DeHaan, Christopher S. Church, Christopher L. Houseknecht, Matthew W. Jones
  • Patent number: 9680809
    Abstract: A method for secure data storage in a cloud storage infrastructure comprises providing a set of first upload files to be stored in the cloud storage infrastructure, providing a set of first random noise files, splitting each file of the two sets into a group of fragments, recombining the fragments by randomly intermixing fragments from different groups thus generating a set of second upload files, encrypting each second upload file with a first encryption key and storing each first encryption key in a secure storage location, storing reconstruction information about the set of first upload files, the splitting, the recombining and the first encryption keys in the secure storage location, uploading each second upload file to a respective temporary cloud storage location, repeatedly moving each uploaded second upload file to a new temporary cloud storage location in predetermined intervals of time.
    Type: Grant
    Filed: October 12, 2015
    Date of Patent: June 13, 2017
    Assignee: International Business Machines Corporation
    Inventors: Matthias Seul, Artemiy A. Solyakov
  • Patent number: 9674194
    Abstract: A resource owner or administrator submits a request to a permissions management service to create a permissions grant which may include a listing of actions a user may perform on a resource. Accordingly, the permissions management service may create the permissions grant and use a private cryptographic key to digitally sign the created permissions grant. The permissions management service may transmit this digitally signed permissions grant, as well as a digital certificate comprising a public cryptographic key for validating the permissions grant, to a target resource. The target resource may use the public cryptographic key to validate the digital signature of the permissions grant and determine whether a user is authorized to perform one or more actions based at least in part on a request from the user to perform these one or more actions on the resource.
    Type: Grant
    Filed: March 12, 2014
    Date of Patent: June 6, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Jon Arron McClintock, Darren Ernest Canavor, Daniel Wade Hitchcock, Jonathan Kozolchyk
  • Patent number: 9648008
    Abstract: A terminal identification method, a machine identification code registration method and related system and apparatus are disclosed. After receiving a first request for which signature or certificate verification is to be performed from a terminal, a service network obtains a signature or certificate of a trusted party for a machine identification code identifier of the terminal from the first request, wherein the machine identification code identifier being an identifier allocated by the trusted party to the machine identification code of the terminal. The service network verifies the obtained signature or certificate, and if a verification result indicates legitimacy, identifies the terminal using the machine identification code identifier obtained from the signature or certificate. The present disclosure further provides a trusted party and a method of registering a machine identification code by the trusted party.
    Type: Grant
    Filed: May 27, 2014
    Date of Patent: May 9, 2017
    Assignee: Alibaba Group Holding Limited
    Inventors: Yingfang Fu, Yudong Zhang, Zhenyuan Zhang, Jian Liu
  • Patent number: 9641614
    Abstract: Embodiments provide a method and system for enabling access to a storage device. Specifically, a node may request admittance to a cluster that has read and write access to a storage device. The node seeking access to the storage device must be first be approved by other nodes in the cluster. As part of the request, the node seeking access to the storage device sends a registration key to a storage device. Upon expiration of a registration timer, the node seeking access to the storage device receives a registration table from the storage device and determines whether its registration key is stored in the registration table. If the registration key is stored in the registration table the node has been accepted in the cluster and as a result, has been granted read and write access to the storage device.
    Type: Grant
    Filed: May 29, 2013
    Date of Patent: May 2, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Vyacheslav Kuznetsov, Vinod R. Shankar, Andrea D'Amato, David Allen Dion
  • Patent number: 9607143
    Abstract: Disclosed are various embodiments for provisioning account credentials via a trusted channel. An identification of an account is received. A security credential reset corresponding to the account is requested. The account is linked to a trusted channel of communication for reset purposes. A security credential communication corresponding to the account is received via the trusted channel of communication. The security credential communication may be parsed to obtain a token.
    Type: Grant
    Filed: May 15, 2015
    Date of Patent: March 28, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: William Alexander Strand, Jesper Mikael Johansson, Luan Khai Nguyen
  • Patent number: 9467442
    Abstract: Techniques are disclosed for rapidly securing a server in response to request for a high-assurance digital certificate. As described, a CA may issue a basic tier certificate after performing a verification process to confirm that a party requesting a certificate for a given network domain, in fact, has control of that domain. Once issued and provisioned on the server, the server can establish secure connections with clients. At the same time, the CA continues to perform progressive identity verification processes for progressively higher tiers of certificates. Once the identity verification process at each tier is complete, the CA issues a new certificate for the corresponding tier, which may then be provisioned on the server. After performing all of the identity verification processes, the server can issue the requested high-assurance certificate.
    Type: Grant
    Filed: May 23, 2014
    Date of Patent: October 11, 2016
    Assignee: Symantec Corporation
    Inventor: Michael Klieman
  • Patent number: 9313033
    Abstract: A first device with a changing identity establishes a secure connection with a second device in a network by acting as its own certificate authority. The first device issues itself a self-signed root certificate that binds an identity of the first device to a long-term public key of the first device. The root certificate is digitally signed using a long-term private key, where the long-term public key and the long-term private key form a public/private key pair. The first device provides its root certificate to the second device in any trusted manner. The first device can then create a certificate for one or more short-term identities acquired by the first device and sign the newly-created certificate using the long-term private key. The first device can authenticate itself to the second device by sending the newly-created certificate to the second device.
    Type: Grant
    Filed: July 24, 2014
    Date of Patent: April 12, 2016
    Assignee: BLACKBERRY LIMITED
    Inventors: Michael Stephen Brown, David Francis Tapuska
  • Patent number: 9282091
    Abstract: An information processing system includes a common service providing unit configured to manage a user with organization identification information, user identification information, and unique identification information, and to provide a common service; and an application service providing unit configured to manage a user with user identification information, and to provide an application service by using the common service.
    Type: Grant
    Filed: January 27, 2014
    Date of Patent: March 8, 2016
    Assignee: RICOH COMPANY, LTD.
    Inventor: Hideharu Ohkuma
  • Patent number: 9191214
    Abstract: Procedure for a multiple digital signature It comprises: i) generating, by a Trusted Third Party (T), a private key for each signer or member (F1, F2, . . . , Ft) of a group of signers (G); ii) generating, each of said signers (F1, F2, . . . , Ft), a partial signature of a document (M) using their private keys; iii) generating a multiple signature from said partial signatures; and iv) verifying said multiple signature. It further comprises generating, by the Trusted Third Party (T), a common public key for all of said signers (F1, F2, . . . , Ft) and using said common public key for performing said multiple signature verification of iv).
    Type: Grant
    Filed: May 9, 2012
    Date of Patent: November 17, 2015
    Assignee: Telefonica, S.A.
    Inventors: Luis Hernández Encinas, Jaime Muñoz Masqué, José Raúl Durán Díaz, Fernando Hernández Álvarez, Victor Gayoso Martínez
  • Patent number: 9154307
    Abstract: An apparatus, system and method is provided for bridging (i) a certificate registration apparatus that communicates with a certificate deployment target based on a specific certificate deployment protocol and (ii) a target deployment device that is not configured to conform to the specific certificate deployment protocol, within a public key infrastructure (PKI).
    Type: Grant
    Filed: September 23, 2013
    Date of Patent: October 6, 2015
    Assignee: RICOH COMPANY, LTD.
    Inventor: Tomoki Hattori
  • Patent number: 9130757
    Abstract: According to one embodiment of the present invention, a method for protecting authenticated communication in dynamic federated environments is provided. The method includes distributing shares of a private signature key to a group of users. When switching from an existing to a new group of users, the method includes producing a plurality of sub-shares from each of the distributed shares of existing users, with each sub-share being accompanied by a corresponding validity proof. The sub-shares from multiple existing users are combined to generate a set of shares for new users, with each new share being derived from sub-shares from multiple existing users.
    Type: Grant
    Filed: August 11, 2008
    Date of Patent: September 8, 2015
    Assignee: International Business Machines Corporation
    Inventors: Nelly Fazio, Richard Andrew Golding, Theodore Ming-Tao Wong
  • Patent number: 9098710
    Abstract: According to one general aspect, a computer-implemented method for implementing default security features for web applications and browser extensions includes receiving a request to include a web application or a web browser extension in a digital marketplace. A determination is made if the web application or the web browser extension conforms to default security features, wherein the default security features include a prohibition against running in-line script on web pages. The web application or the browser extension is included in the digital marketplace if the web application or the browser extension conforms to the default security features.
    Type: Grant
    Filed: September 17, 2013
    Date of Patent: August 4, 2015
    Assignee: GOOGLE INC.
    Inventors: Erik Kay, Adam Barth
  • Patent number: 9071843
    Abstract: Systems, methods and computer readable media are disclosed for a vectorized tile differencing algorithm for a remote desktop protocol (RDP). A server executes a CBC-variant vectorized hash algorithm that is used to produce a big key that identifies the tile, and keeps track of these big keys. Where a serial version of the algorithm operates on a single portion of the image at once—such as 32 bits—the vectorized algorithm operates on a plurality of these portions simultaneously. Where the server identifies that a tile has already been sent to a client via RDP because it has a second big key that matches the big key, it sends the big key to the client—which caches received tiles—and the client uses it to access the proper tile for display. Where the server identifies that a tile has not already been sent to the client, it sends the client the tile.
    Type: Grant
    Filed: February 26, 2009
    Date of Patent: June 30, 2015
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Nadim Y. Abdo, Voicu Anton Albu
  • Patent number: 9064105
    Abstract: There are provided an information processing apparatus which provides a user credential sharing service on a user credential sharing condition intended by a vendor that creates an application, and a control method for the information processing apparatus. To accomplish this, the information processing apparatus generates sharing settings which defines a sharing condition for each item of a user credential among applications according to a manifest file acquired from each application. Upon receiving a request of a user credential from one of the applications, the information processing apparatus provides the user credential to the requesting application according to the generated sharing settings.
    Type: Grant
    Filed: September 21, 2011
    Date of Patent: June 23, 2015
    Assignee: Canon Kabushiki Kaisha
    Inventor: Yasuhiro Hosoda
  • Patent number: 9026794
    Abstract: An information processing system including a medium where a content to be played is stored; and a playing apparatus for playing a content stored in the medium; with the playing apparatus being configured to selectively activate a playing program according to a content type to be played, to obtain a device certificate correlated with the playing program from storage by executing the playing program, and to transmit the obtained device certificate to the medium; with the device certificate being a device certificate for content types in which content type information where the device certificate is available is recorded; and with the medium determining whether or not an encryption key with reading being requested from the playing apparatus is an encryption key for decrypting an encrypted content matching an available content type recorded in the device certificate, and permitting readout of the encryption key only in the case of matching.
    Type: Grant
    Filed: July 11, 2012
    Date of Patent: May 5, 2015
    Assignee: Sony Corporation
    Inventors: Kenjiro Ueda, Hiroshi Kuno, Takamichi Hayashi
  • Patent number: 9021255
    Abstract: A method includes (a) receiving, at a computing device, a first certificate signing request (1CSR) from a certificate authority (CA), the 1CSR including an embedded second certificate signing request (2CSR), the 2CSR having been received by the CA from an entity seeking a signed certificate from the CA that validates an identity claim made by the entity in the 2CSR, the CA having performed a preliminary verification of the 2CSR prior to embedding it in the 1CSR, (b) verifying that the 1CSR came from the CA, (c) performing a verification procedure on the embedded 2CSR independent of the preliminary verification performed by the CA, to validate the identity claim made by the entity in the 2CSR, and (d) upon successfully validating the identity claim made by the entity in the 2CSR, sending a certificate to the CA, the certificate validating the identity claim made by the entity in the 2CSR.
    Type: Grant
    Filed: June 29, 2012
    Date of Patent: April 28, 2015
    Assignee: EMC Corporation
    Inventors: Idan Aharoni, Roy Hodgman, Ingo Schubert
  • Patent number: 9009735
    Abstract: Embodiments of the present invention provide a method for processing data, a computing node, and a system. The method includes: registering, by a BPE, an algorithm with a CEP instance; transferring, by the CEP instance when detecting that an event concerned by the algorithm satisfies a computation-triggering condition, an event required for computation to the BPE; obtaining, by the BPE, a computation result, and if determining that a further computation is required for the computation result, writing the computation result as an intermediate event to the CEP instance; and transferring, by the CEP instance when detecting that an event concerned by another algorithm satisfies a computation-triggering condition thereof and the intermediate event is an event required for computation thereof, the intermediate event to a BPE that registers the another algorithm. The CEP instance performs association of multiple events and multiple algorithms, which simplifies a computation process and improves timeliness.
    Type: Grant
    Filed: November 15, 2013
    Date of Patent: April 14, 2015
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Tianhu Zhang
  • Patent number: 9009808
    Abstract: Systems and methods for authenticating a media device or other information handling system so as to be able to receive content from one or more media content providers. Authenticating the device includes determining what authentication information the media content providers require for access and then to generating and providing to the media device an authentication token that includes the required information. In some embodiments this may be accomplished by a service center, which removes the need for additional authentication steps to be performed by the media device or the media content providers. In addition, the service center may also determine when changes are made to the authentication information and may then ensure that the authentication token is changed or updated to reflect these changes. This ensures that the media device is at least partially immune to changes to authentication.
    Type: Grant
    Filed: January 27, 2014
    Date of Patent: April 14, 2015
    Assignee: Dell Products L.P.
    Inventors: Mark Andrew Ross, Timothy Bucher
  • Publication number: 20150100780
    Abstract: Example methods disclosed herein include intercepting, with a meter executing on a computing device, a request sent by a client application to establish a secure communication session with a network server. Such disclosed example methods also include receiving, at the meter in response to forwarding the request to the network server, a first public key provided by the network server for encrypting a session key, and providing, from the meter to the client application, a second public key associated with the meter instead of the first public key provided by the network server in response to the request being intercepted. Such disclosed example methods further include using the first public key and a private key associated with the second public key to enable the meter to access an unencrypted version of the session key, and monitoring, with the meter, the network traffic using the unencrypted version of the session key.
    Type: Application
    Filed: December 4, 2014
    Publication date: April 9, 2015
    Inventors: Jonathon Brett Rubin, Jan Besehanic, Robert Peter Borland
  • Patent number: 9003182
    Abstract: A wireless communication system includes a pager or similar device that communicates to a home terminal. The home terminal confirms the identity of the pager and attaches a certificate to the message for ongoing transmission. Where the recipient is also a pager, an associated home terminal verifies the transmission and forwards it in a trusted manner without the certificate to the recipient.
    Type: Grant
    Filed: July 13, 2012
    Date of Patent: April 7, 2015
    Assignees: Certicom Corp., Motorola, Inc.
    Inventors: Walter Lee Davis, Douglas I. Ayerst, Scott Alexander Vanstone
  • Patent number: 8990890
    Abstract: In a first embodiment of the present invention, a method for operating a presence server in a home network is provided, the method comprising: receiving a request for presence information; sending an event notification to all subscribed control points informing them of the request for presence information; receiving an action from one of the subscribed control points accepting or rejecting the request for presence information; and if the action received from the one of the subscribed control points accepts the request for presence information, causing presence information regarding the one of the subscribed control points to be sent to the entity that sent the request for presence information.
    Type: Grant
    Filed: April 27, 2011
    Date of Patent: March 24, 2015
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Mahfuzur Rahman, Russell Berkoff
  • Patent number: 8977756
    Abstract: Greater network utilization is implemented through dynamic network reconfiguration and allocation of network services and resources based on the data to be transferred and the consumer transferring it. A hierarchical system is utilized whereby requests from lower layers are aggregated before being provided to upper layers, and allocations received from upper layers are distributed to lower layers. To maximize network utilization, paths through the network are reconfigured by identifying specific types of packets that are to be flagged in a specific manner, and then by further identifying specific routing rules to be applied in the transmission of such packets. Network reconfiguration is performed on an incremental basis to avoid overloading a path, and capacity can be reserved along one or more paths to prevent such overloading. Background data is agnostic as to specific transmission times and is utilized to prevent overloading due to reconfiguration.
    Type: Grant
    Filed: January 10, 2013
    Date of Patent: March 10, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Vijay Gill, Chi-Yao Hong, Srikanth Kandula, Ratul Mahajan, Mohan Nanduri, Roger Peter Wattenhofer, Ming Zhang
  • Patent number: 8972300
    Abstract: A transmission device including: copy unit that extracts part or all of partial contents, as tracking information, from a content, and copies the extracted tracking information, thereby generating pieces of tracking information; candidate information obtaining unit that obtains pieces of candidate information respectively corresponding to the pieces of tracking information; evidence information obtaining unit that obtains evidence information generated dependently on a piece of candidate information selected by the reception device from among the pieces of candidate information; hash generating unit that generates hash values respectively in accordance with the pieces of candidate information; embed unit that embeds the hash values respectively into the pieces of tracking information, and embeds the evidence information into each piece of tracking information; and transmit unit that transmits each piece of tracking information in which a hash value and the evidence information have been embedded.
    Type: Grant
    Filed: April 26, 2007
    Date of Patent: March 3, 2015
    Assignee: Panasonic Corporation
    Inventors: Masao Nonaka, Toshihisa Nakano, Yuichi Futa, Motoji Ohmori, Kazukuni Kobara, Ryo Nojima, Hideki Imai
  • Patent number: 8964974
    Abstract: Techniques for injecting encryption keys into a meter as a part of a manufacturing process are discussed. Since various encryption keys injected into meters may be specific to each individual meter, a utility company customer may require a copy of the injected encryption keys associated with each individual meter. The techniques may include providing a copy of keys injected into each meter to a utility company customer. In some instances, the meter manufacturer may not store or persist various encryption keys that are injected into the meters during the manufacturing process.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: February 24, 2015
    Assignee: Itron, Inc.
    Inventor: Bret Gregory Holmdahl
  • Patent number: 8959598
    Abstract: A method and system for roaming between heterogeneous networks. The method involves authenticating a mobile communication device on a first network, and providing the device with a single-use token that can be used to sign on to a second network without requiring conventional re-authentication over the second network.
    Type: Grant
    Filed: September 28, 2012
    Date of Patent: February 17, 2015
    Assignee: BCE Inc.
    Inventor: Brian Norman Smith
  • Patent number: 8959337
    Abstract: A message including a digital signature is received at a processor. It is determined whether a specific authorized certificate issuer is configured for a message originator within a data protection policy. In response to determining that the specific authorized certificate issuer is configured for the message originator within the data protection policy, it is determined whether a message originator certificate used to generate the digital signature is issued by the configured specific authorized certificate issuer.
    Type: Grant
    Filed: June 25, 2012
    Date of Patent: February 17, 2015
    Assignee: International Business Machines Corporation
    Inventors: Bret W. Dixon, Jonathan L. Rumsey
  • Patent number: 8959645
    Abstract: A distributed operation is performed using at least one first and second computer-based object, wherein control information is used to influence or determine a property, a function of the first and/or second computer-based objects. The control information includes details of a parameter identifier, a value associated with the parameter identifier, a range of validity and a remote access attribute. The control information is provided in a retrievable manner, according to the included range of validity, in a memory organized according to ranges of validity and is associated with the first computer-based object. During a function or service call for performing the distributed operation, which is sent from the first computer-based object to the second, the control information is transmitted to the second computer-based object, provided in a retrievable manner in the memory organized according to the ranges of validity and associated with the second computer-based object.
    Type: Grant
    Filed: September 2, 2009
    Date of Patent: February 17, 2015
    Assignee: Siemens Aktiengesellschaft
    Inventors: Harald Herberth, Ulrich Kröger, Allan Sobihard
  • Patent number: 8954732
    Abstract: In one example, a platform device includes a control unit configured to receive a first software package signed by a first software development entity with a first certificate of a first certificate hierarchy associated with the first software development entity, execute the first software package only after determining that a root of the first certificate hierarchy corresponds to a certificate authority of a developer of the platform device, receive a second software package signed by a second software development entity with a second certificate of a second certificate hierarchy associated with the second software development entity, wherein the second certificate hierarchy is different than the first certificate hierarchy, and execute the second software package only after determining that a root of the second certificate hierarchy corresponds to the certificate authority of the developer of the platform device.
    Type: Grant
    Filed: June 27, 2012
    Date of Patent: February 10, 2015
    Assignee: Juniper Networks, Inc.
    Inventors: Kent A. Watsen, Alex Kolchinsky