Including Intelligent Token Patents (Class 713/159)
  • Patent number: 7805376
    Abstract: A system, method, apparatus, means, and computer program code for conducting a transaction include identifying information defining a transaction including at least a transaction amount, identifying an account identifier to associate with the transaction, and establishing a pre-authorization record associated with the account identifier, the pre-authorization record including an authorization restriction based on the transaction amount.
    Type: Grant
    Filed: March 19, 2003
    Date of Patent: September 28, 2010
    Assignee: American Express Travel Related Services Company, Inc.
    Inventor: Michael S. Smith
  • Patent number: 7805614
    Abstract: A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.
    Type: Grant
    Filed: March 31, 2005
    Date of Patent: September 28, 2010
    Assignee: Northrop Grumman Corporation
    Inventors: Kenneth W. Aull, William Gravell, James B. Rekas
  • Patent number: 7802102
    Abstract: The present invention provides a method for transferring encrypted information from one storage area to other storage area wherein cryptographic data protection scheme having protection attributes are applied on the data. A crypto container having cryptographic properties represents cryptographically protected data. The attributes that have been attached to the container at the time when data is added or removed from the container determine the scheme of data protection being applied. Crypto container can be converted or serialized for storage or transmission, here the conversion spread only to the protected data parts which possibly includes crypto containers in protected form but may not the attached crypto attributes. These attributes must be stored or transmitted in another form.
    Type: Grant
    Filed: October 24, 2006
    Date of Patent: September 21, 2010
    Assignee: International Business Machines Corporation
    Inventors: Roman A. Pletka, Patrick Droz, Christian Cachin
  • Publication number: 20100235629
    Abstract: An authentication data generation method includes receiving an authentication command from an authentication device, determining a communication protocol with the authentication device, changing encryption key reference information contained in the authentication command based upon the determination result of the communication protocol with the authentication device, selecting a target encryption key corresponding to the changed encryption key reference information from a plurality of encryption keys stored in advance, generating authentication data based upon the target encryption key and inclusion data included in the authentication command, and transmitting the authentication data to the authentication device.
    Type: Application
    Filed: March 23, 2009
    Publication date: September 16, 2010
    Applicant: KABUSHIKI KAISHA TOSHIBA
    Inventor: Yusuke Tuda
  • Publication number: 20100235900
    Abstract: Methods, devices, and systems are provided for an efficient two-factor authentication process. In particular, a card challenge is combined with a user-provided password or similar user-based credential before a transformation of the data is performed. Once the combined challenge and user-provided credential have been transformed, the transformed data is used as a basis for authentication verification.
    Type: Application
    Filed: March 3, 2010
    Publication date: September 16, 2010
    Applicant: ASSA ABLOY AB
    Inventors: Mark Robinton, Scott B. Guthery
  • Publication number: 20100223460
    Abstract: A device and method for supporting the issuing of an authorization document (6) to an applicant; the said device comprising: a computer (10(i)) comprising a first processor and a first memory containing stored first data and instructions to allow the first processor to execute a first defined program, a clerk unit (13(i)) comprising a second processor (17) and a second memory containing stored second data and instructions to allow the second processor (17) to execute a second defined program, as well as a secure application module (41), and a client unit (15(i)) comprising at least a biometric characteristic reader unit (27; 31) for reading a biometric characteristic of the applicant, wherein the client unit (15(i)) and the second processor (17) can communicate with each other, and the first processor and the second processor (17) can communicate with each other in the form of a secure session that makes use of a cryptographic key stored in the secure application module (41).
    Type: Application
    Filed: November 29, 2006
    Publication date: September 2, 2010
    Applicant: SDU IDENTIFICATION B.V.
    Inventors: Anko Jan Blokzijl, Gerard Paalman, Gerlof Henno Noordhof
  • Publication number: 20100223461
    Abstract: A handheld communications device comprises a display device, and a data processor that is in communication with the display device. The data processor is configured to generate an encryption key, and vary a visual output of the display device in accordance with a bit sequence of the encryption key. The varying visual output comprises a sequence of colours rendered on the display device and/or brightness levels output by the display device.
    Type: Application
    Filed: February 27, 2009
    Publication date: September 2, 2010
    Inventors: Marc Drader, James Robinson, Michael Purdy
  • Patent number: 7788716
    Abstract: A token handler API which can be instantiated to allow for custom token types. The token handler API can interact with a web service security handler and security service provider interfaces of security framework in order to do a number of security functions such as authentication, digital signatures and encryption for SOAP messages in a Web Service security system.
    Type: Grant
    Filed: May 18, 2005
    Date of Patent: August 31, 2010
    Assignee: Bea Systems, Inc.
    Inventors: Peter Dapkus, Corinna Witt
  • Patent number: 7788185
    Abstract: The computer of a relay agency holds the money which a buyer pays for a commodity in a relay account. Then, the computer of the relay agency makes a payment transfer card and a notification card, and sends the notification card together with the request of purchase of the commodity to a seller. The relay agency sends the payment transfer card to the buyer. The buyer, after receiving the commodity, inserts the payment transfer card and the notification card into an automated teller machine of a bank, and gives instructions on the payment transaction to the computer of the relay agency. The computer of the relay agency transfers the money for the commodity from the relay account to the seller's account.
    Type: Grant
    Filed: August 6, 2004
    Date of Patent: August 31, 2010
    Assignee: Fujitsu Frontech Limited
    Inventor: Takeshi Kashiwada
  • Patent number: 7788703
    Abstract: Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.
    Type: Grant
    Filed: April 18, 2007
    Date of Patent: August 31, 2010
    Assignee: Ruckus Wireless, Inc.
    Inventors: Tyan-Shu Jou, Ming Sheu, Bo-Chieh Yang, Tian-Yuan Lin, Ted Tsei Kuo
  • Patent number: 7779267
    Abstract: There are many times when a secret needs to be used in a distributed computing system—these are often held in security tokens, such as smart cards. It may be desirable for another device, such as a computer platform, to act in place of the security token as the repository of a secret, particularly for operations within a distributed computing system. Within the distributed computing system there is located a trusted entity, physically and logically resistant to unauthorized modification—this may be a trusted device located within a specific computing platform. This contains validation information which can be communicated to the security token. The security token then carries out a validation process on this validation information—if successful, the security token then provides a secret to the trusted device for use within the distributed computing system. The trusted device may be required to use this secret only for a specified period of time, or for a specific purpose or task.
    Type: Grant
    Filed: September 4, 2001
    Date of Patent: August 17, 2010
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Liqun Chen, Graeme John Proudler
  • Publication number: 20100205432
    Abstract: A method for granting trusted applications (SP1_WL) of a Service Provider (SP1, SP2) access to applications (appSP1.1, appSP1.2; appSP2.1) of that Service Provider (SP1, SP2) that have been stored in a secure element (SE) comprises: the Service Provider (SP1, SP2) transmits a request (REQ1) for granting access to its applications to a Trusted Service Manager (TSM); the Trusted Service Manager (TSM) generates an access right code (AC1) and transmits it to both the Service Provider (SP1, SP2) and a service manager (SM) in the secure element (SE); the Service Provider (SP1, SP2) generates the trusted application (SP1_WL), provides it with the access right code (AC1) and sends it to the secure element (SE); the trusted application (SP1_WL) connects to the service manager (SM) with the access right code (AC1) whereupon the service manager (SM) grants the wallet (SP1_WL) access to the applications (appSP1.1, appSP1.2; appSP2.1).
    Type: Application
    Filed: September 20, 2008
    Publication date: August 12, 2010
    Applicant: NXP B.V.
    Inventors: Alexandre Corda, Luis Bobo, Jonathan Azoulai
  • Patent number: 7770204
    Abstract: Methods, systems, and data stores generate and manage temporarily assigned identities. A requestor issues a request for a service. The request includes an identity used for authenticating the requestor. The identity is used for generating an identity configuration and for generating a temporarily assigned identity that is updated to a protected identity directory. The request and the temporarily assigned identity are transmitted to the service. The service uses the temporarily assigned identity to access the protected identity directory for purposes of authenticating the request. The service uses the authenticated request to access attributes associated with the temporarily assigned identity.
    Type: Grant
    Filed: September 30, 2003
    Date of Patent: August 3, 2010
    Assignee: Novell, Inc.
    Inventors: Scott William Pathakis, David Kent Beus, Stephen R Carter, Michael William Cook, Howard Rollin Davis, Dustin Lance Nielson, David Nephi Johnson, Jerry E Griffis
  • Patent number: 7769999
    Abstract: The present invention discloses a method and system for remote password based authentication using smart cards for accessing a communications network. The disclosed method does not require a remote authentication sever to maintain a table of passwords for all users. The disclosed method and system also support mutual authentication. It not only prevents the illegal use of system resources by an impersonator, the user can also authenticate the identity of the remote authentication server.
    Type: Grant
    Filed: January 4, 2007
    Date of Patent: August 3, 2010
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Zhenfu Cao, Xiaolei Dong, Zhenchuan Chai, Zhibin Zheng, Jiwei Wei
  • Patent number: 7770002
    Abstract: Methods and devices are provided for two-way authentication. In one example, a method prompts a user for an account number and a PIN. Upon authentication of the account number and the PIN, an e-mail having a link to a new session is sent to the user. If the account number and the PIN were authenticated, a custom background preselected by the user is presented in the new session and a password is requested. Use of the custom background preselected by the user may help the user authenticate the computer system to which he is attempting to gain entry. Upon authentication of the password, entry to a computer system is permitted. To provide optional, enhanced anti-phishing capability, if the account number and the PIN were not authenticated, the an indication may be made that the e-mail message is being sent.
    Type: Grant
    Filed: August 17, 2006
    Date of Patent: August 3, 2010
    Assignee: Fiserv, Inc.
    Inventor: Frank Weber
  • Patent number: 7769998
    Abstract: A method, apparatus, and system are provided for authenticating and authorizing user access to a system. According to one embodiment, a request for authentication and authorization of a user is received from a secondary site on behalf of the user who is seeking to access a primary site via the secondary site via a computer network. The request includes information relating to the user. The user information is then verified for authenticity, including determining whether the user satisfies the criteria for obtaining authentication and authorization as defined by the primary site. If the criteria are satisfied, a token, associated with the user, is generated at the primary site. A portion of the token is transmitted from the primary site to the secondary site on behalf of the user to permit the user to access the primary site via the secondary site, via the computer network.
    Type: Grant
    Filed: June 25, 2004
    Date of Patent: August 3, 2010
    Assignee: eBay Inc.
    Inventors: Liam S. Lynch, Shashi Seth
  • Patent number: 7765298
    Abstract: The present invention pertains to a system for managing network access to resources that allows a first entity to impersonate a second entity. In one embodiment, the first entity can impersonate the second entity without knowing the second entity's password and/or without altering anything in the entity's set of personal information. This invention provides the first entity with the ability to troubleshoot in a live production system without disrupting the users or the system. In one embodiment, the first entity authenticates as itself. Access to resources is provided in response to an authorization process based on the identity of the entity being impersonated.
    Type: Grant
    Filed: November 16, 2006
    Date of Patent: July 27, 2010
    Assignee: Oracle International Corporation
    Inventor: Francisco J. Villavicencio
  • Patent number: 7765588
    Abstract: A system and method verify a user's identity in an Internet-related transaction. One system and method use a personal computer having identification information, a card reader, and a personal identification card having access information, to verify a user's identity using the access information and the identification information. Another system and method use a personal computer, a card reader, and a personal identification card having access information, wherein the card reader is included as part of a mouse coupled to the personal computer and wherein a user's identity is verified using the access information. Another system and method use a personal computer, a device coupled to the personal computer having identification information, a card reader, and a personal identification card having access information to verify a user's identity using the access information and the identification information.
    Type: Grant
    Filed: November 17, 2008
    Date of Patent: July 27, 2010
    Inventors: Harvinder Sahota, Neil Sahota
  • Publication number: 20100185851
    Abstract: A system and a method for cryptographic coupon reloading are provided for, wherein a coupon comprises, on one hand, a pseudo-random number ri=PRFK(i), where i is an index for labeling the coupon, PRF is a predetermined pseudo-random function and K is a regeneration key, and, on the other hand, a “reduced-coupon” xi such that xi=ƒ(ri), where ƒ is a predetermined one-way function, characterized in that it comprises the following steps: a candidate device (1) and a second device (2) acquire a common value of a token T, said candidate device (1) transmits a verification value vT to the second device (2), the second device (2) verifies whether said verification value vT is given by vT=PRF?Q(T), where PRF? is a predetermined keyed pseudo-random function identical to, or derived from, said pseudo-random function PRF, and where Q is an authentication key owned by the second device (2) and known to the candidate device (1) provided the candidate device (1) is a legitimate reloading device (1), and if the verificati
    Type: Application
    Filed: June 26, 2008
    Publication date: July 22, 2010
    Inventors: Matthew Robshaw, Henri Gilbert, Marc Girault, Loic Juniot
  • Patent number: 7761702
    Abstract: A packet forwarding process, on a data communications device, forwards a packet to a plurality of destinations within a network from that data communications device using an “encrypt then replicate” method. The packet forwarding process receives a packet that is to be transmitted to the plurality of destinations, and applies a security association to the packet using security information shared between the data communications device, and the plurality of destinations, to create a secured packet. The secured packet contains a header that has a source address and a destination address. The source address is inserted into the header, and then the packet forwarding process replicates the secured packet, once for each of the plurality of destinations. After replication, the destination address is inserted into the header, and the packet forwarding process transmits each replicated secured packet to each of the plurality of destinations authorized to maintain the security association.
    Type: Grant
    Filed: April 15, 2005
    Date of Patent: July 20, 2010
    Assignee: Cisco Technology, Inc.
    Inventors: Brian E. Weis, Jan Vilhuber, Michael Lee Sullenberger, Frederic R.P. Detienne
  • Patent number: 7757084
    Abstract: A method of validating a consumable authentication chip is provided having the steps of: numerously calling a trusted chip's test function with an incorrect value to generate an invalid response or not generate the response thereby invalidating the consumable chip; if generated, in the trusted chip, generating a secret random number, calculating its signature and symmetrically encrypting the number/signature using a first secret key; calling the consumable chip's read function with the encrypted number/signature to symmetrically decrypt the encrypted number/signature using the first key, calculate the decrypted number's signature, compare the signatures, and if they match, symmetrically encrypt the decrypted random number and a data message using a second secret key; calling the trusted chip's test function with the message and the encrypted number/message to symmetrically encrypt the number and message using the second key, compare the encrypted numbers/messages, validate the consumable chip if they match, a
    Type: Grant
    Filed: February 15, 2007
    Date of Patent: July 13, 2010
    Assignee: Silverbrook Research Pty Ltd
    Inventors: Simon Robert Walmsley, Kia Silverbrook
  • Patent number: 7752442
    Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.
    Type: Grant
    Filed: October 20, 2005
    Date of Patent: July 6, 2010
    Assignee: Microsoft Corporation
    Inventors: Giovanni M. Della-Libera, Christopher G. Kaler, Scott A. Konersmann, Butler W. Lampson, Paul J. Leach, Bradford H. Lovering, Steven E. Luocco, Stephen J. Millet, Richard F. Rashid, John P. Shewchuk
  • Patent number: 7751567
    Abstract: Methods and apparatus are presented for providing local authentication of subscribers traveling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 220 that is programmed to wrongfully retain keys from a subscriber identification token 230 after a subscriber has removed his or her token is prevented from subsequently accessing the subscriber's account.
    Type: Grant
    Filed: June 1, 2005
    Date of Patent: July 6, 2010
    Assignee: QUALCOMM Incorporated
    Inventors: Roy F. Quick, Jr., Gregory G. Rose
  • Patent number: 7747541
    Abstract: An apparatus is provided for validating a device. The apparatus includes a first integrated circuit which is configured to generate a random number, reference information using the random number and a secret key. A control system is configured to: receive the random number and the reference information from the first integrated circuit, receive validation information from a second integrated circuit positioned on the device whereby the validation information is generated by the second integrated circuit using the random number and the secret key, and compare the reference and validation information received from the integrated circuits to validate the device.
    Type: Grant
    Filed: June 3, 2007
    Date of Patent: June 29, 2010
    Assignee: Silverbrook Research Pty Ltd
    Inventors: Simon Robert Walmsley, Paul Lapstun
  • Publication number: 20100161973
    Abstract: An authentication mechanism for use in network-based services generates an authentication token. The authentication token is provided to a client device as part of the code comprising a content page. The content page code is received and loaded by a browser application at the client device. When the content page code is received and loaded by the browser application, the authentication token is loaded by the browser as well. Upon receiving subsequent input, the browser application may send a content request to the server. The content request includes the authentication token maintained by the browser application in the content page. A server may validate the authentication token provided in the request using version information and one or more master authentication tokens.
    Type: Application
    Filed: March 1, 2010
    Publication date: June 24, 2010
    Applicant: Microsoft Corporation
    Inventors: Andy Chin, Alina Vikutan, Johnny C. Liu
  • Patent number: 7743412
    Abstract: A computer system includes an interface and a processor. The interface is adapted to receive a request from another computer system for identification of the first computer system. The adapter also furnishes a hash value that identifies the first computer system to the other computer system. The processor is coupled to the interface and is adapted to encrypt an identifier that identifies the first computer system with a key associated with the other computer system to provide the hash value.
    Type: Grant
    Filed: February 26, 1999
    Date of Patent: June 22, 2010
    Assignee: Intel Corporation
    Inventors: James Q. Mi, Vishesh Parikh, Albert Y. Teng
  • Patent number: 7739500
    Abstract: Exemplary embodiments disclosed herein may include a method and system for creating an attendance marker and establishing consistent recognition of an ongoing digital relationship, including receiving an identity key about a server, creating an attendance marker, associating the attendance marker with the server. Other embodiments relate to systems and methods for recognizing a server, website, and/or other system for a client, such as a computer system for a user. Such authentication involves receiving an identity key about a web server or other system, creating an attendance marker, associating the attendance marker with the server, requesting an attendance marker associated with a server, and recognizing the server based at least in part on the attendance marker.
    Type: Grant
    Filed: March 7, 2005
    Date of Patent: June 15, 2010
    Assignee: Microsoft Corporation
    Inventors: Kim Cameron, Arun K. Nanda, Andy Harjanto, Stuart L. S. Kwan
  • Patent number: 7735125
    Abstract: The invention includes systems and methods for identifying and verifying the identity of a user of a kiosk using an external verification system. The kiosk receives customer input data that indicates the identity of the user of the kiosk. The kiosk generates an identification query that includes at least some customer input data. The kiosk transmits the identification query to an external verification system. The kiosk receives a verification response from the external verification system. The kiosk then processes the verification response to verify the identity of the user of the kiosk. These systems and methods advantageously provide identification and verification of the identity of a user of a kiosk. With sufficient identification and verification, financial institutions can comply with government regulations designed to reduce the opportunity for money laundering, terrorism, fraud, and identity theft while offering users of kiosks a wider range of financial services.
    Type: Grant
    Filed: October 15, 2004
    Date of Patent: June 8, 2010
    Assignee: Nexxo Financial, Inc.
    Inventors: David R. Alvarez, Mitchell A. Shapiro, James V. Elliott
  • Patent number: 7724927
    Abstract: Methods and systems according to the invention may compare a large-area biometric specimen and a small-area biometric sample. For example, a large-area plain surface fingerprint image may be stored in a fingerprint database as a specimen, and then a small-area plain surface fingerprint image may be acquired as a sample. The small-area image sample may be submitted to a fingerprint matching system for comparison with a large-area image specimen from the database. A determination may be made as to whether the small-area image matches a portion of the large-area image.
    Type: Grant
    Filed: June 14, 2006
    Date of Patent: May 25, 2010
    Assignee: Ultra-Scan Corporation
    Inventors: John K. Schneider, Fred W. Kiefer
  • Patent number: 7725712
    Abstract: A method of authenticating a user for access includes creating an authentication key in the form of a user formula selected from a set of variables and operations provided by the authentication system, storing the user formula in the authentication system, utilizing a display to present the user with an arrangement of variables generated by the authentication system including the variables of the user formula, each assigned a value, applying the assigned values to matching variables in the user formula and calculating a first result, interspersing one or more additional characters among the characters of the first result, and conveying the first result with the additional characters to the authentication system. The authentication system authenticates the user if the number of additional characters conveyed with the first result is below a predetermined threshold and the first result matches a second result of a separate and independent calculation of the user formula by the authentication system.
    Type: Grant
    Filed: October 25, 2006
    Date of Patent: May 25, 2010
    Assignee: SyferLock Technology Corporation
    Inventors: Lev Ginzburg, Paul Sitar, George Kelly Flanagin
  • Publication number: 20100122082
    Abstract: An identity validation system and method for the Internet provides user accountability while supporting user privacy to counter SPAM, Internet vandalizers, and predators, as well as cyber bullies who use the Internet to communicate with actual or potential victims. The system includes network authority software that issues a permanent identity and secret code to a user and disseminates different hashed versions of the permanent identity and secret code to different agents. A user hardware Internet passport generates hashed versions of the permanent identity and secret code as well as a passcode that is generated from the hashed secret code and user software generates a temporary identity from the hashed permanent identity. The user software transmits the temporary identity and passcode to a selected agent that performs the actual identity validation.
    Type: Application
    Filed: September 29, 2009
    Publication date: May 13, 2010
    Inventors: Leiwen Deng, Aleksandar Kuzmanovic
  • Publication number: 20100115270
    Abstract: A method authenticating a consumable is disclosed. The consumable includes a first integrated circuit operative to receive data and return the data encrypted. The method receives a random number from a trusted second integrated circuit. The random number is communicated to the first integrated circuit, and in response a first message containing the random number encrypted by the first integrated circuit is received from the first integrated circuit. Also, a second message containing the random number encrypted by the trusted integrated circuit is received from the trusted second integrated circuit. By comparing the first and second messages it is determined that the consumable is authentic when the first and second messages are the same.
    Type: Application
    Filed: January 14, 2010
    Publication date: May 6, 2010
    Inventors: Kia Silverbrook, Simon Robert Walmsley
  • Patent number: 7707405
    Abstract: A system 100 for providing credentials to a computational component in a distributed processing network is provided. The system 100 includes: (a) a plurality of crypto-tokens 150a-n, each crypto-token 150a-n comprising a unique identifier, optionally a digital certificate comprising a unique public key and the unique identifier, and a private key corresponding to the public key; (b) a provisioning system 100 comprising a certificate authority 104 operable to generate the plurality of crypto-tokens 150a-n; and (c) a computational component 128 comprising a drive operable to receive and communicate with a selected crypto-token 150. The computational component 128 uses the digital certificate and private key in any of the crypto-tokens 150a-n to establish a secured communication session with the provisioning system 100. Before the establishing operation, any of the plurality of crypto-tokens 150a-n can be engaged with the computational component 128 to establish the secure communication session.
    Type: Grant
    Filed: September 21, 2004
    Date of Patent: April 27, 2010
    Assignee: Avaya Inc.
    Inventors: Robert R. Gilman, Richard L. Robinson, Robert J. Serkowski
  • Publication number: 20100088509
    Abstract: This invention provides for progressive processing of biometric samples to facilitate verification of an authorized user. The initial processing is performed by a security token. Due to storage space and processing power limitations, excessive false rejections may occur. To overcome this shortfall, the biometric sample is routed to a stateless server, which has significantly greater processing power and data enhancement capabilities. The stateless server receives, processes and returns the biometric sample to the security token for another attempt at verification using the enhanced biometric sample. In a second embodiment of the invention, a second failure of the security token to verify the enhanced biometric sample sends either the enhanced or raw biometric sample to a stateful server. The stateful server again processes the biometric sample and performs a one to many search of a biometric database.
    Type: Application
    Filed: June 30, 2009
    Publication date: April 8, 2010
    Inventors: Dominique Louis, Joseph Fedronic, Eric F. Le Saint
  • Patent number: 7694131
    Abstract: Providing reference tokens. A method includes receiving a request for a token. In response to the request for a token and in place of a token, one or more rich pointers are sent referencing one or more tokens. The rich pointers point to locations where one or more actual tokens can be retrieved. When only a single pointer is sent, the pointer is a reference other than an HTTP URL.
    Type: Grant
    Filed: September 29, 2006
    Date of Patent: April 6, 2010
    Assignee: Microsoft Corporation
    Inventors: Christopher G. Kaler, Arun K. Nanda
  • Patent number: 7681228
    Abstract: Financial institution back office computerized transaction-processing system with embedded privacy and security layer (EPSL) enables strong transaction authentication prior to a merchant or vendor contact, based on a user account number, transaction conditions like anticipated transaction time and money, user two-factor authentication with a static transaction PIN and a transaction session-specific random partial password or PIN recognition algorithm. User enters the user name and then, challenged by server with a random session-specific subset of a password or PIN character's consecutive position numbers, enters based on cognitive association a one time authentication response. The authentication session is interactive, transaction session-specific, and followed by either a transaction denial or an alphanumeric transaction signature generated by EPSL for this specific transaction. Then, the user submits her request to a transaction counterpart along with the transaction signature.
    Type: Grant
    Filed: February 14, 2006
    Date of Patent: March 16, 2010
    Assignee: Authernative, Inc.
    Inventor: Len L. Mizrah
  • Patent number: 7673135
    Abstract: An authentication mechanism for use in network-based services generates an authentication token. The authentication token is provided to a client device as part of the code comprising a content page. The content page code is received and loaded by a browser application at the client device. When the content page code is received and loaded by the browser application, the authentication token is loaded by the browser as well. Upon receiving subsequent input, the browser application may send a content request to the server. The content request includes the authentication token maintained by the browser application in the content page. A server may validate the authentication token provided in the request using version information and one or more master authentication tokens.
    Type: Grant
    Filed: December 8, 2005
    Date of Patent: March 2, 2010
    Assignee: Microsoft Corporation
    Inventors: Andy Chin, Alina Vikutan, Johnny C. Liu
  • Publication number: 20100049972
    Abstract: An apparatus and method for determining contents information corresponding to a Rights Object (RO) by transmitting information on contents together when the RO is moved from a mobile device to a memory card or a smart card or when the RO is moved from the memory card or the smart card to the mobile device are provided. The apparatus includes a meta information manager for determining information on contents corresponding to the RO when the RO is moved, and for generating meta information containing the determined contents information, and a controller for providing control to transmit the RO and the meta information generated by the meta information manager to a portable storage device. Accordingly, the conventional problem can be solved in which information on contents cannot be determined by using a Contents IDentifier (CID) if the RO does not exist together with the contents.
    Type: Application
    Filed: August 18, 2009
    Publication date: February 25, 2010
    Applicant: Samsung Electronics Co., Ltd.
    Inventors: Seong Choi, Jung-Hun Park, Yun-Sang Oh
  • Patent number: 7668315
    Abstract: Methods and apparatus are presented for providing local authentication of subscribers travelling outside their home systems. A subscriber identification token 230 provides authentication support by generating a signature 370 based upon a key that is held secret from a mobile unit 220. A mobile unit 220 that is programmed to wrongfully retain keys from a subscriber identification token 230 after a subscriber has removed his or her token is prevented from subsequently accessing the subscriber's account.
    Type: Grant
    Filed: May 22, 2001
    Date of Patent: February 23, 2010
    Assignee: QUALCOMM Incorporated
    Inventors: Roy F. Quick, Jr., Gregory G. Rose
  • Patent number: 7669232
    Abstract: Systems and methods for authentication using paired dynamic secrets in secured wireless networks are provided. Each authenticated user is assigned a random secret generated so as to be unique to the user. The secret is associated with a wireless interface belonging to the user, so that no other wireless interface may use the same secret to access the network. The secret may be updated either periodically or at the request of a network administrator, and reauthentication of the wireless network may be required.
    Type: Grant
    Filed: December 19, 2008
    Date of Patent: February 23, 2010
    Assignee: Ruckus Wireless, Inc.
    Inventors: Tyan-Shu Jou, Ming Sheu, Bo-Chieh Yang, Tian-Yuan Lin, Ted Tsei Kuo
  • Publication number: 20100031032
    Abstract: A wall plate assembly has a first port adapted to be coupled to a device and a second port adapted to be coupled to a communications network. The wall plate assembly is operable to obtain authentication information from a user and to determine from the obtained authentication information whether the user should be granted or denied access to the network. The assembly is operable when the determination indicates the user should be granted access to provide endpoint location identification information associated with the wall plate assembly and the authentication information to the second port, and is operable responsive to a acknowledgement signal received via the second port to grant access to the network via the first port. The assembly is operable when either no acknowledgment signal is received or the determination indicates the user should be denied access to isolate the first port from the network.
    Type: Application
    Filed: April 9, 2008
    Publication date: February 4, 2010
    Applicant: Leviton Manufacturing Co., Inc.
    Inventor: Julius Ametsitsi
  • Patent number: 7657740
    Abstract: The present invention provides an apparatus for verifying the authority of an owner, in terms of an identifier of a product, the first verification information for verifying the authority held at a terminal for an owner with the authority involving the product, and the second verification information for verifying the authority concerning the identifier of the product stored in a product database. The apparatus comprises means for receiving the identifier and the first verification information, means for acquiring the second verification information from the product DB, and means for determining whether or not there is the authority from the first verification information and the second verification information. A hash value acquired from a one-way hash function is employed as a verification key of the verification information.
    Type: Grant
    Filed: December 28, 2005
    Date of Patent: February 2, 2010
    Assignee: International Business Machines Corporation
    Inventors: Masayuki Numao, Yoshinobu Ishigaki, Yuji Watanabe
  • Patent number: 7657488
    Abstract: An apparatus is provided for validating a device. The apparatus includes a first integrated circuit which stores a first key, is configured to generate a random number, and is configured to generate encrypted information using the generated random number and the first key. A control system is configured to: receive the encrypted information and random number from the first integrated circuit, send the encrypted information to a second integrated circuit positioned on the device, receive decrypted information from the second integrated circuit whereby the decrypted information is generated using the encrypted information and a second key, and compare the random number and decrypted information received from the respective integrated circuits to validate the device.
    Type: Grant
    Filed: June 5, 2007
    Date of Patent: February 2, 2010
    Assignee: Silverbrook Research Pty Ltd
    Inventors: Kia Silverbrook, Simon Robert Walmsley
  • Patent number: 7644433
    Abstract: An interactive client-server authentication system and method are based on Random Partial Pattern Recognition algorithm (RPPR). In RPPR, an ordered set of data fields is stored for a client to be authenticated in secure memory. An authentication server presents a clue to the client via a communication medium, such positions in the ordered set of a random subset of data fields from the ordered set. The client enters input data in multiple fields according to the clue, and the server accepts the input data from the client via a data communication medium. The input data corresponds to the field contents for the data fields at the identified positions of the random subset of data fields. The server then determines whether the input data matches the field contents of corresponding data fields in a random subset.
    Type: Grant
    Filed: December 23, 2002
    Date of Patent: January 5, 2010
    Assignee: Authernative, Inc.
    Inventor: Len L. Mizrah
  • Patent number: 7634800
    Abstract: Providing a user with assurance that a networked computer is secure, typically before completion of the log-in operation. This can be accomplished by extending the local log-in process to perform a host assessment of the workstation prior to requesting the user's credentials. If the assessment finds a vulnerability, the log-in process can inform the user that the machine is or may be compromised, or repair the vulnerability, prior to completion of the log-in operation. By performing vulnerability assessment at the level of the workstation, a network server is able to determine whether the workstation is a “trusted” platform from which to accept authentication requests. If the vulnerability assessment shows that the workstation is compromised, or if the possibility of remote compromise is high, the network server can elect to fail the authentication on the grounds that the workstation cannot be trusted.
    Type: Grant
    Filed: May 8, 2006
    Date of Patent: December 15, 2009
    Assignee: International Business Machines Corporation
    Inventors: Curtis E. Ide, Philip C. Brass, Theodore R. Doty
  • Publication number: 20090282243
    Abstract: A puzzle-based protocol is provided that allows a token and verifier to agree on a secure symmetric key for authentication between the token and verifier. A token stores a secret key and one or more puzzle-generating algorithms. The verifier independently obtains a plurality of puzzles associated with the token, pseudorandomly selects at least one of the puzzles, and solves it to obtain a puzzle secret and a puzzle identifier. The verifier generates a verifier key based on the puzzle secret. The verifier sends the puzzle identifier and an encoded version of the verifier key to the token. The token regenerates the puzzle secret using its puzzle-generating algorithms and the puzzle identifier. The token sends an encoded response to the verifier indicating that it knows the verifier key. The token and verifier may use the verifier key as a symmetric key for subsequent authentications.
    Type: Application
    Filed: May 9, 2008
    Publication date: November 12, 2009
    Applicant: QUALCOMM Incorporated
    Inventors: Gregory Gordon Rose, Alexander Gantman, Miriam Wiggers De Vries, Michael Paddon, Philip Michael Hawkes
  • Publication number: 20090282240
    Abstract: A secure decentralized storage system provides scalable security by addressing the performance bottleneck of the security manager and the complexity issue of security administration in large-scale storage systems.
    Type: Application
    Filed: April 17, 2009
    Publication date: November 12, 2009
    Applicant: HUAZHONG UNIVERSITY OF SCIENCE & TECHNOLOGY
    Inventors: KE ZHOU, Dan Feng, Zhongying Niu, Tianming Yang, Qinhua Yan, Dongliang Lei, Wei Yan
  • Patent number: 7616762
    Abstract: A method and apparatus for protecting privacy in power line communication (PLC) networks. Data transmitted on a PLC network is encrypted according to a network key and can be properly received only by registered devices that have the proper network ID and network key value so that proper decryption can be performed. According to the invention a streaming media device is provided with a compatible network ID and network key during a registration process facilitated by coupling the device (applicant) to a direct power line connection associated with another device (administrator). The network key, and optionally network ID, are then shared over the direct connection without being distributed over the PLC network at large. By way of example, the data is prevented from being distributed across the PLC network in response to using selectable filtering of PLC data, and preferably a secure data communication mechanism, such as public-private key encoding.
    Type: Grant
    Filed: January 28, 2005
    Date of Patent: November 10, 2009
    Assignees: Sony Corporation, Sony Electronics, Inc.
    Inventors: Tohru Doumuki, Ryuichi Iwamura
  • Patent number: 7614002
    Abstract: A system and method that evaluates privacy policies from web sites to determine whether each site is permitted to perform operations (e.g., store, retrieve or delete) directed to cookies on a user's computer. Various properties of each cookie and the context in which it is being used are evaluated against a user's privacy preference settings to make the determination. An evaluation engine accomplishes the evaluation and determination via a number of criteria and considerations, including the cookie properties, its current context, the site, the zone that contains the site, and any P3P data (compact policy) provided with the site's response. The user privacy preferences are evaluated against these criteria to determine whether a requested cookie operation is allowed, denied or modified. A formalized distinction between first-party cookies versus third-party cookies may be used in the determination, along with whether the cookie is a persistent cookie or a session cookie.
    Type: Grant
    Filed: July 1, 2005
    Date of Patent: November 3, 2009
    Assignee: Microsoft Corporation
    Inventors: Aaron R. Goldfeder, Cem Paya, Frank M. Schwieterman, Darren Mitchell, Rajeev Dujari, Stephen J. Purpura
  • Patent number: 7614078
    Abstract: A method and apparatus for authorizing an access requester to access a data communication network is provided. A determination is made that a threshold access control server cannot process an access request associated with the access requester. Access requester history data, or data that describes the access history for an access requester, is analyzed to obtain a threshold access level. A threshold access level is an expression of how likely that a particular access requester is a legitimate access requester. A session profile is selected for the access requester based on the threshold access level. The session profile indicates one or more actions the access requester is authorized to perform in the network. The session profile may subsequently be transmitted to the access requester to allow the access requester access to the network to the extent appropriate in view of the access requester history data.
    Type: Grant
    Filed: April 2, 2003
    Date of Patent: November 3, 2009
    Assignee: Cisco Technology, Inc.
    Inventor: Jeremy Stieglitz