Mutual Entity Authentication Patents (Class 713/169)
  • Patent number: 8392996
    Abstract: A method, system, computer program product and/or a computer readable medium of instructions for detecting one or more entities which are able to reinfect a processing system with malicious software. The method includes: monitoring, in the processing system, activity indicative of the malicious software reinfecting the processing system; in response to detecting the activity, storing a record of the activity and one or more entities associated with the activity; determining if the malicious software has reinfected the processing system; and in response to determining that the malicious software has reinfected the processing system, analysing the record to detect the one or more entities which were associated with the activity that caused and/or assisted in reinfecting the processing system with the malicious software. There is also disclosed a method, system, computer program product and/or a computer readable medium of instructions for detecting a variant of malicious software in a processing system.
    Type: Grant
    Filed: August 8, 2007
    Date of Patent: March 5, 2013
    Assignee: Symantec Corporation
    Inventors: Ian Oliver, Ryan Pereira
  • Patent number: 8392971
    Abstract: A computer-implemented method technique is presented. The technique can include selectively initiating, at a mobile computing device including one or more processors, communication between the mobile computing device and a public computing device. The technique can include transmitting, from the mobile computing device, authentication information to the public computing device. The authentication information can indicate access privileges to a private account associated with a user of the mobile computing device. The technique can include receiving, at the mobile computing device, an access inquiry from the public computing device. The access inquiry can indicate an inquiry as to whether the user wishes to login to the private account at the public computing device. The technique can also include transmitting, from the mobile computing device, an access response to the public computing device. The access response can cause the public computing device to provide the user with access to the private account.
    Type: Grant
    Filed: June 4, 2012
    Date of Patent: March 5, 2013
    Assignee: Google Inc.
    Inventors: Sheridan Kates, Arnaud Sahuguet, Amir Menachem Mané, Jeremy Brand Sussman, Aaron Baeten Brown, Travis Harrison Kroll Green
  • Publication number: 20130054969
    Abstract: Disclosed is an apparatus and method to access privileges of Virtual Mobile Management (VMM) client in mobile device. A disclosed example method contains an assigning embedded stub to raise the access privilege of the tool on a mobile device, the embedded stub is integrated by an operating system of the mobile device with “root” privilege, determining via a secured key exchange algorithm that the VMM client and tools is authorized to be installed on the mobile device then, the VMM client and tools of a mobile device are authorized to access a network interface of the Communication Endpoint Gateway (CEG) server, configuring the embedded stub to install the key exchange procedure for the shared certification between the embedded stub, VMM client and the session mediation server, enabling the embedded stub to communicate through a secure link via VMM client.
    Type: Application
    Filed: August 30, 2012
    Publication date: February 28, 2013
    Inventors: Calvin Charles, Deepak Gonsalves, Ramesh Parmar, Byung Joon Oh, Subramanyam Ayyalasomayajula
  • Patent number: 8380991
    Abstract: In the field of computer data security, a hash process which is typically keyless and embodied in a computing apparatus is highly secure in terms of being resistant to attack. The hash process uses computer code (software) polymorphism, wherein computation of the hash value for a given message is partly dependent on the content (data) of the message. Hence the computer code changes dynamically while computing each hash value.
    Type: Grant
    Filed: April 30, 2009
    Date of Patent: February 19, 2013
    Assignee: Apple Inc.
    Inventors: Augustin J. Farrugia, Mathieu Ciet, Benoit Chevallier-Mames
  • Patent number: 8379854
    Abstract: In one embodiment, the method performed by mobile equipment to authenticate communication with a network includes generating keys using cellular authentication and voice encryption, and then generating an authentication key based on these keys. The authentication key is used to generate an expected message authentication code used in authenticating the network according to authentication and key agreement security protocol.
    Type: Grant
    Filed: October 2, 2008
    Date of Patent: February 19, 2013
    Assignee: Alcatel Lucent
    Inventor: Sarvar Patel
  • Patent number: 8381267
    Abstract: A method of processing information to be confidentially transmitted from a first module to a second module provides that a first scalar multiplication may be carried out in order to obtain a first result [r]P. This first scalar multiplication comprises a plurality of generation steps of ordered factors from which a plurality of first partial sums are required to be built. The method also comprises the carrying out of a second scalar multiplication in order to obtain a second result. This second multiplication provides that a plurality of second partial sums may be built. A piece of encrypted information is obtained by processing the information based on the results of the scalar multiplications. The second partial sums of the second scalar multiplication use the same ordered factors obtained by the generation step of the first scalar multiplication.
    Type: Grant
    Filed: October 10, 2006
    Date of Patent: February 19, 2013
    Assignee: STMicroelectronics S.r.l.
    Inventors: Guido Marco Bertoni, Pasqualina Fragneto, Gerardo Pelosi, Keith Harrison, Liqun Chen
  • Patent number: 8380992
    Abstract: The present invention relates to a device and method that enable a security key to be shared using security key exchange between two terminals, and a system that supports the same. To achieve the above, an in-house generated public key is divided into two, said two public keys that have been divided are delivered to counterpart devices via different pathways, and the two public keys delivered from counterpart devices are used to predict the public key of the counterpart device. In addition, said predicted public key is verified, and said verified public key is used to form a master key. Subsequently, said generated master key is verified, and said master key that has been verified is used to exchange data with the counterpart device.
    Type: Grant
    Filed: November 6, 2009
    Date of Patent: February 19, 2013
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Jae-Sung Park, Tae-Sung Park, Jae-Hoon Kwon, Sou-Hwan Jung, Jae-Duck Choi
  • Patent number: 8369514
    Abstract: The aim of the embodiments is to provide a method for the secure processing of data, in which security is increased in relation to side channel attacks. To achieve this, operation codes for commanding co-processors are determined, for example for the bit-dependent transposition of register contents. The solution exploits the fact that as a result of the technical configuration for the co-processor, a shift of register contents, for example from register A to register B cannot be differentiated from the exterior from a shift from register A to register C.
    Type: Grant
    Filed: December 19, 2006
    Date of Patent: February 5, 2013
    Assignee: Seimens Aktiengesellschaft
    Inventors: Michael Braun, Anton Kargl, Bernd Meyer, Stefan Pyka
  • Patent number: 8370638
    Abstract: A method of generating authentication seeds for a plurality of users, the method involving: based on a single master seed, generating a plurality of derivative seeds, each one for a corresponding different one of a plurality of users; and distributing the plurality of derivative seeds to a verifier for use in individually authenticating each of the plurality of users to that verifier, wherein generating each one of the plurality of derivative seeds involves mathematically combining the master seed and a unique identifier identifying the corresponding user.
    Type: Grant
    Filed: February 17, 2006
    Date of Patent: February 5, 2013
    Assignee: EMC Corporation
    Inventors: William Duane, Jeffrey Hamel
  • Patent number: 8370503
    Abstract: A network component comprising at least one processor configured to implement a method comprising sending a message comprising an authentication mobility option to a mobile node, wherein the message is configured to revoke a mobility binding for the mobile node is disclosed. Also disclosed is a system comprising a home agent configured to send a binding revocation indication (BRI) to a mobile node and receive a binding revocation acknowledgement (BRA) from the mobile node, wherein the BRI comprises a first authentication mobility option and the BRA comprises a second authentication mobility option. Included is a method comprising receiving a BRI message comprising an authentication mobility option from a home agent, analyzing the authentication mobility option, and sending a BRA message to the home agent.
    Type: Grant
    Filed: March 3, 2009
    Date of Patent: February 5, 2013
    Assignee: Futurewei Technologies, Inc.
    Inventor: Yangsong Xia
  • Patent number: 8370926
    Abstract: A computer-implemented method for authenticating users may include identifying an image associated with a user for mutual assurance during an authentication process. The computer-implemented method may also include modifying the image based on a prompt message to create a modified image that displays the prompt message. The computer-implemented method may further include determining that user input comprises an expected response to the prompt message. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: April 27, 2010
    Date of Patent: February 5, 2013
    Assignee: Symantec Corporation
    Inventor: Sourabh Satish
  • Patent number: 8365284
    Abstract: The invention relates to a security border node (2a) for protecting a packet-based network from attacks, comprising: an anomaly detection unit (10) for performing an anomaly detection, in particular a statistical analysis, on session control messages (11), in particular on SIP messages contained in a packet stream (5) received in the security border node (2a). The security border node further comprises a message context provisioning unit (13) for providing at least one session control message (11) to the anomaly detection unit (10) together with message context information (12, 17, 24) related to a client (22) and/or to a session (23) to which the session control message (11, 11a to 11f) is attributed. The invention also relates to a method for protecting a packet-based network from attacks, to a computer program product, and to a packet-based network.
    Type: Grant
    Filed: June 1, 2009
    Date of Patent: January 29, 2013
    Assignee: Alcatel Lucent
    Inventor: Stefan Wahl
  • Patent number: 8364951
    Abstract: A digital rights management system (DRM) for restricting and permitting content access in a digital content distribution network such as a network used to deliver television programming. The DRM uses distributed authentication and provisioning so that the potentially many different entities involved in the content distribution network can have localized management and control. Distributed authentication can use single or multiple instances of authentication services. A ticket granting service (TGS) is used to allow clients to request services. In one approach, multiple authentication services use a common key that is known to the TGS. In another approach, unique keys are provided to each authentication service and these keys are communicated to the TGS. Distributed provisioning allows different entities to grant access rights or other resources. Provisioning service (PS) processes can execute at multiple different physical locations.
    Type: Grant
    Filed: December 30, 2002
    Date of Patent: January 29, 2013
    Assignee: General Instrument Corporation
    Inventors: Petr Peterka, Alexander Medvinsky
  • Publication number: 20130024692
    Abstract: A mechanism for segregating traffic amongst STAs that are associated with a bridge, referred to herein as the personal virtual bridged local area network (personal VLAN), is based upon the use of a VLAN to segregate traffic. The IEEE 802.1Q-1998 (virtual bridged LANs) protocol provides a mechanism that is extended by the invention to partition a LAN segment logically into multiple VLANs. In the preferred embodiment, a VLAN bridge forwards unicast and group frames only to those ports that serve the VLAN to which the frames belong. One embodiment of the invention extends the standard VLAN bridge model to provide a mechanism that is suitable for use within an AP.
    Type: Application
    Filed: August 20, 2012
    Publication date: January 24, 2013
    Applicant: MICROSOFT CORPORATION
    Inventor: DENNIS MICHAEL VOLPANO
  • Patent number: 8356176
    Abstract: A system and method for authenticating a peer device onto a network using Extensible Authentication Protocol (EAP). The key lifetime associated with the keying material generated in the peer device and the authentication server is communicated from the authenticator to the peer device within the EAP Success message. The peer device, having been provided with the key lifetime, can anticipate the termination of its authenticated session and initiate re-authentication prior to expiry of the key lifetime.
    Type: Grant
    Filed: February 9, 2007
    Date of Patent: January 15, 2013
    Assignee: Research In Motion Limited
    Inventor: Leonardo Jose Silva Salomone
  • Patent number: 8352598
    Abstract: Disclosed is a method of providing a completely automated public turing test to tell a computer and a human apart (CAPTCHA) based on image. The method comprises the steps of: storing a plurality of randomly-selected images by session when a request for a web page is received from a user client; providing the web page and a session ID to the user client; generating a test image by mixing the plurality of images when a request for a test image corresponding to the session ID is received from the user client; transmitting the generated test image to the user client; receiving at least one of first identification information inputted by the user about the test image from the user client; and comparing the first identification information with second identification information included in Meta information of the test image.
    Type: Grant
    Filed: December 23, 2007
    Date of Patent: January 8, 2013
    Assignee: Inha-Industry Partnership Institute
    Inventors: DeaHun Nyang, Jeonil Kang
  • Patent number: 8353024
    Abstract: A method for transmitting information effectively in a server/client network system is provided, the network system including a client placed behind a firewall and a server that provides the client with a predetermined service. The method includes the client generating a hole packet which is for making a hole in the firewall to allow a packet to pass through the firewall from the server, the hole being maintained for a certain period of time, and transmitting the hole packet to the firewall; and transmitting a packet from the server to the client through the hole made by the hole packet.
    Type: Grant
    Filed: October 26, 2007
    Date of Patent: January 8, 2013
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Hyok-sung Choi
  • Patent number: 8352739
    Abstract: A two-factor authenticated key exchange method. A subscriber station transmits a value generated by using an identifier and an authentication server's public key to the authentication server through an access point. The authentication server uses the value to detect the subscriber's password, a key stored in a token, and the authentication server's secret key, generate a random number. The subscriber station uses the random number, password, and the key to transmit an encrypted value and the subscriber's authenticator to the authentication server. The authentication server establishes a second value generated by using the password, key, and random number to be a decrypted key to decrypt the encrypted value, authenticate the subscriber's authenticator, and transmits the authentication server's authenticator to the subscriber station. The subscriber station authenticates the authentication server's authenticator by using the key and password.
    Type: Grant
    Filed: June 28, 2004
    Date of Patent: January 8, 2013
    Assignee: KT Corporation
    Inventors: Young-Man Park, Seong-Choon Lee, Yong-Joo Tcha
  • Publication number: 20130007453
    Abstract: This disclosure describes a secure and computationally-efficient method to establish a single authentication context for multiple identities. The method is implemented in an authentication system using a key exchange protocol, namely, the Diffie-Hellman key exchange. One or more entities that desire to authenticate (either individually or jointly) register with the authentication system and receive private Diffie-Hellman keys (the PINs). Later, during an authentication operation, each entity provides the PIN to the authentication system, preferably over a secure transport. The authentication system, using Diffie-Hellman key exchange artifacts, generates a Diffie-Hellman cryptographic value for each PIN, although the value need not be maintained private. The authentication system orders the Diffie-Hellman values as a “partially ordered set” to form a lattice. An authentication context is derived from the Diffie-Hellman values in the lattice.
    Type: Application
    Filed: June 29, 2011
    Publication date: January 3, 2013
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Messaoud Benantar
  • Publication number: 20130007434
    Abstract: A calling device may obtain a first calling security parameter by registering with a network and obtain a second calling security parameter in response to causing an application authentication architecture of the network to verify that that the calling device is authorized to access a network service corresponding to a communication application stored by the calling device. The calling device may communicate the first and second calling security parameters to a called device and receive first and second called security parameters from the called device in response to communicating the first and second calling security parameters. The calling device may generate a security key based on the first calling security parameter, the second calling security parameter, first called security parameter, and the second called security parameter, and use the security key to encrypt or decrypt communication between the calling device and the called device.
    Type: Application
    Filed: June 30, 2011
    Publication date: January 3, 2013
    Applicant: VERIZON PATENT AND LICENSING INC.
    Inventors: William C. KING, Priscilla Lau, Kwai Yeung Lee
  • Patent number: 8347094
    Abstract: A password protocol for establishing secure communications between sensor nodes in a network using secure environmental values (SEV). A first sensor sends a message to a second sensor comprising the first sensor's location and a key encrypted by a first SEV. The second sensor responds with a message comprising a key encrypted by a second SEV and a first nonce encrypted by a session key. The first sensor sends a third message comprising the first nonce and a second nonce encrypted by the session key. The second sensor verifies the first nonce and sends a fourth message comprising the encrypted second nonce. The first sensor then verifies the second nonce.
    Type: Grant
    Filed: April 25, 2008
    Date of Patent: January 1, 2013
    Assignee: International Business Machines Corporation
    Inventor: Kalvinder Pal Singh
  • Patent number: 8347091
    Abstract: An authenticator apparatus which makes it difficult for an unauthorized user to masquerade and enhances safety includes an authenticating information holding unit (102) previously stores characteristic information indicating an input and output characteristic involving an environment change of an authentic authenticatee apparatus entitled to be authentic, an authenticating information transmitting unit (107) which transmits authenticating information to a portable medium (2), a response information receiving unit (108) which receives response information outputted from the portable medium (2) in response to an input of the authenticating information, an environment selecting unit (105) which identifies an environment of the portable medium (2), and a response information confirming unit (109) which determines whether or not the authenticating information and the response information satisfy the input and output characteristic indicated in the characteristic information stored in the authenticating information
    Type: Grant
    Filed: November 2, 2007
    Date of Patent: January 1, 2013
    Assignee: Panasonic Corporation
    Inventors: Masao Nonaka, Natsume Matsuzaki, Yoshikatsu Ito, Kaoru Yokota, Yuichi Futa, Manabu Maeda
  • Patent number: 8347096
    Abstract: The present invention relates to the field of strong authentication tokens and more specifically to methods and apparatus employing cryptographic key establishment protocols for such strong authentication tokens. An apparatus comprising storage for a secret key, said secret key for use in the generation of cryptographic values, and a cryptographic agent for generating said cryptographic values using said secret key, selects one of a predetermined set of key transformations in an unpredictable way and applies said selected key transformation to said secret key prior to generating one of said cryptographic values.
    Type: Grant
    Filed: July 10, 2009
    Date of Patent: January 1, 2013
    Assignee: Vasco Data Security, Inc.
    Inventors: Frank Hoornaert, Frederik Mennes
  • Publication number: 20120331295
    Abstract: The present invention provides a method for keys generation, member authentication and communication security in a dynamic group, which comprises steps: assigning each member an identification vector containing common group identification vector elements and an individual identification vector element, and generating an authentication vector and an access control vector for each member according to the identification vector; using the identification vector elements to generate public key elements and establish an authentication public key and an access control public key; and using a polynomial and the identification vector to generate a private key. The present invention uses these public keys and private keys, which are generated from the identification vectors, to implement serverless member authentication and data access control, whereby is protected privacy of members and promoted security of communication.
    Type: Application
    Filed: May 15, 2012
    Publication date: December 27, 2012
    Inventors: Chien-Chao TSENG, Tzu-Hsin Ho
  • Patent number: 8341715
    Abstract: Method and system for controlling application access to a shared resource in a runtime environment. The shared resource is owned by a remote resource owner. An access control ticket including a permission for the shared resource, a cryptographically verifiable remote resource owner identifier and a cryptographically verifiable application owner identifier are generated. The access control ticket is approved and signed by the remote resource owner, and transmitted to the runtime environment. The application, when executed in the runtime environment, accesses the resource based on the permission.
    Type: Grant
    Filed: February 29, 2008
    Date of Patent: December 25, 2012
    Assignee: Research In Motion Limited
    Inventors: Alexander Sherkin, Bryan Goring, Laura Doktorova
  • Patent number: 8340298
    Abstract: Key management and user authentication systems and methods for quantum cryptography networks that allow for users securely communicate over a traditional communication link (TC-link). The method includes securely linking a centralized quantum key certificate authority (QKCA) to each network user via respective secure quantum links or “Q-links” that encrypt and decrypt data based on quantum keys (“Q-keys”). When two users (Alice and Bob) wish to communicate, the QKCA sends a set of true random bits (R) to each user over the respective Q-links. They then use R as a key to encode and decode data they send to each other over the TC-link.
    Type: Grant
    Filed: April 16, 2007
    Date of Patent: December 25, 2012
    Assignee: MagiQ Technologies, Inc.
    Inventors: Robert Gelfond, Audrius Berzanskis
  • Patent number: 8341409
    Abstract: A content server apparatus (10) includes: a unique information holding unit (103) which holds unique information of an on-vehicle player apparatus (20), a content obtaining unit (101) which obtains a content from outside, an encrypting unit (104) which encrypts the obtained content, prior to a transmission request from the on-vehicle player apparatus (20), onto an encrypted content using the unique information, a storing unit (105) which stores the encrypted content, and a transmitting unit (107) which transmits the stored encrypted content in response to the transmission request from the on-vehicle player apparatus (20). The on-vehicle player apparatus includes a storage medium (208) which stores the received encrypted content, and a decrypting unit (209) which decrypts the stored encrypted content in response to a reproduction request given from outside.
    Type: Grant
    Filed: June 20, 2006
    Date of Patent: December 25, 2012
    Assignee: Panasonic Corporation
    Inventors: Satoru Itani, Yuji Mizuguchi
  • Publication number: 20120324225
    Abstract: Systems and methods for maintaining data security using client roles, API keys, and certificate-based mutual authentication are presented. A method of protecting sensitive data includes both client authorization techniques and the mutual exchange and verification of certificates between client and server. In one embodiment, access by a client to a server is further limited by temporal constraints, volume constraints, and an end user identity filter.
    Type: Application
    Filed: June 20, 2012
    Publication date: December 20, 2012
    Inventors: Jason Chambers, Theresa Robison, Dameion Dorsner, Sridhar Manickam, Daniel Konisky
  • Patent number: 8336100
    Abstract: A computer-implemented method for using reputation data to detect packed malware may include: 1) identifying a file downloaded from a portal, 2) determining that the file has been packed, 3) obtaining community-based reputation data for the file, 4) determining, by analyzing the reputation data, that instances of the file have been encountered infrequently (or have never been encountered) within the community, and then 5) performing a security operation on the file (by, for example, quarantining or deleting the file).
    Type: Grant
    Filed: August 21, 2009
    Date of Patent: December 18, 2012
    Assignee: Symantec Corporation
    Inventors: Adam Glick, Nicholas Graf, Spencer Smith
  • Patent number: 8333317
    Abstract: Access to secured services may be controlled based on the proximity of a wireless token to a computing device through which access to the secured services is obtained. An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of the computing device. A user's credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device. Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component. Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip.
    Type: Grant
    Filed: September 30, 2004
    Date of Patent: December 18, 2012
    Assignee: Broadcom Corporation
    Inventors: Mark Buer, Ed Frank, Nambi Seshadri
  • Patent number: 8332643
    Abstract: A process for establishing secure mutual trust includes generating a one-time-password. The one-time-password is transferred between the devices in a communication occurring off of the network. Each device generates a set of authenticators by hashing a plurality of sub-strings of the password and the device's authentication certificate with a respective set of nonces. The devices exchange the respective sets of authenticators. Each device then alternates revealing its respective set of nonces and its authentication certificate in a multi-stage process. The devices re-calculate the authenticators based upon the respective set of nonces and authentication certificate revealed by the other device along with the one-time-password sub-strings that it posses. If each device determines that the authenticators re-calculated by the given device matches the authenticators previously received from the other device, secure mutual trust is established.
    Type: Grant
    Filed: October 19, 2010
    Date of Patent: December 11, 2012
    Assignee: Microsoft Corporation
    Inventors: Harry S. Pyle, Bruce Louis Lieberman, Daniel R. Simon, Guillaume Simonnet, William Dollar
  • Publication number: 20120311334
    Abstract: A unifying network model with a structure and architecture configured to address security, interoperability, mobility, and resource management, including priority and quality of services is provided. The network of the network model is structured as a hierarchical mesh network, with dynamically generated routing tables. The configuration of the network model optimizes routing and distributes communication load. Every device on the network is capable of being both an endpoint and a forwarder of communications. The network model may include underlying networks that are represented with one of two models, the link model or the star model. The nodes are organized in a hierarchical relationship structure to optimizes throughput. The model may include a cryptographic method of dynamically assigning local network addresses.
    Type: Application
    Filed: June 8, 2012
    Publication date: December 6, 2012
    Inventors: Jeremy Bruestle, Mark L. Tucker
  • Patent number: 8326910
    Abstract: Programmatically validating service level policies established for business applications of an Information Technology environment. The programmatic validation predicts whether the policies are achievable within the environment. Examples of service level policies include quantitative goals, redundancy levels and resource use.
    Type: Grant
    Filed: December 28, 2007
    Date of Patent: December 4, 2012
    Assignee: International Business Machines Corporation
    Inventors: Mythili K. Bobak, Chun-Shi Chang, Tim A. McConnell, Michael D. Swanson
  • Patent number: 8327145
    Abstract: A method for transmitting a Rights Object (RO) includes generating a password key by encrypting a password, generating the RO using the password key, and transmitting the RO from a first device to a second device. The second device and the first device share the password and the second device generates the password key using the same encryption method as that used by the first device to generate the password key. The second device decrypts a Message Authentication Code (MAC) key and a Rights Object Encryption Key (REK) using the password key, decrypts a Content Encryption Key (CEK) using the decrypted REK, and verifies integrity of the RO using the decrypted MAC key. The second device can use and/or access content associated with the RO using the decrypted CEK. The CEK may be generated by the first device or may be the CEK from a Rights Issuer.
    Type: Grant
    Filed: March 18, 2009
    Date of Patent: December 4, 2012
    Assignee: Pantech Co., Ltd.
    Inventor: Kun-uk Kim
  • Patent number: 8327142
    Abstract: A method and system for mutually authenticating a client and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server to the client. Thereafter, the method continues with establishing a secure data transfer link between the server and the client. A server certificate is transmitted to the client during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes a client authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.
    Type: Grant
    Filed: February 5, 2007
    Date of Patent: December 4, 2012
    Assignee: SecureAuth Corporation
    Inventors: Craig Lund, Garret Grajek, Stephen Moore
  • Patent number: 8327135
    Abstract: A software based wireless infrastructure system is provided. The system has a driver that communicates with the network stack and a network interface card (NIC), a station server in communication with the station driver and an 802.1X supplicant or an 802.1X authenticator. Each NIC provides station and/or access point functionality support. The driver drops packets that have been received if the packet has not been authenticated and associated. Packets that have been fragmented or encrypted are unfragmented and decrypted. An association manager is used in conjunction with a configuration table manager to associate stations and access points via management packets. A manager receives 802.1X data packets from the packet processor and sends them up to a station server that communicates with user mode applications and an 802.1X supplicant or an 802.1X authenticator that are used to authenticate and deauthenticate stations and access points. APIs are provided to enable communication between the components.
    Type: Grant
    Filed: January 23, 2007
    Date of Patent: December 4, 2012
    Assignee: Microsoft Corporation
    Inventors: Abhishek Abhishek, Arun Ayyagari, Hui Shen, Krishna Ganugapati, Jiandong Ruan
  • Patent number: 8325913
    Abstract: Disclosed herein are systems, methods and computer readable media for performing authentication. The proposed scheme utilizes new algorithms that introduce randomness using a physical value for authentication. An exemplary method includes sharing an initial state value S(0) with a sender and a receiver, generating a sender S(t, v) based on a parameter t and an identifier v and based at least in part on the value S(0). The method includes generating a receiver S(t, v) from S(0) based on the parameter t and the identifier v wherein the parameter t is related to a physical value in authenticating the identifier v based on a comparison of the sender S(t, v) and the receiver S(t, v). The process of generating the sender S(t, v) and the receiver S(t, v) includes a random variable generated by a process such as by a random number generator, the Brownian Motion or Wiener Process. Other embodiments do not use the physical value for authentication.
    Type: Grant
    Filed: September 1, 2011
    Date of Patent: December 4, 2012
    Assignee: Apple Inc.
    Inventors: Mathieu Ciet, Augustin Farrugia, Jean-Francois Riendeau, Nicholas T. Sullivan
  • Publication number: 20120303960
    Abstract: Methods and systems for mutual authentication and personalizing a transaction device, such as a payment, transaction, or identity card. Successively generated one time codes are calculated by a first and second entity. One of the codes is transmitted to the second entity, which verifies the code is proper, then encrypts a second one time code using a third one time code and transmits the encrypted data to the first entity. The first entity decrypts the data using the third one time code, verifies the encrypted second one time code is proper, thereby mutually authenticating, and establishing a shared encryption key for subsequent communications, including transmission of personalization data.
    Type: Application
    Filed: July 25, 2012
    Publication date: November 29, 2012
    Inventors: John Wankmueller, Dave Anthony Roberts, Paul Michael Evans
  • Patent number: 8321673
    Abstract: A digital Rights Management (DRM), and particularly an apparatus and method of authentication between DRM agents for moving Rights Object (RO) is provided, whereby RO and contents can be moved between DRM agents after a simple authentication therebetween using specific authentication information received from a Rights Issuer (RI), in case where the RO is moved in a user domain or among a plurality of DRM agents.
    Type: Grant
    Filed: August 7, 2007
    Date of Patent: November 27, 2012
    Assignee: LG Electronics Inc.
    Inventor: Seung-Jae Lee
  • Patent number: 8321672
    Abstract: An authentication system includes a mobile device carried by a user and a sensor sensing the user's biometric information. The mobile device includes a template storage unit storing the user's biometric information as a template, a first mutual authentication unit performing mutual authentication with the sensor via the user's body, and a template transmitter transmitting the stored template to the sensor via the user's body when the sensor is verified as valid. The sensor includes a second mutual authentication unit performing mutual authentication with the mobile device via the user's body, a sensing unit sensing the user's biometric information, a degree-of-match determining unit determining whether the biometric information matches the template, and a control-signal output unit outputting a preset control signal when the mobile device is verified as valid and when the biometric information and the template are determined to match each other.
    Type: Grant
    Filed: January 15, 2008
    Date of Patent: November 27, 2012
    Assignee: Sony Corporation
    Inventor: Tomoyuki Asano
  • Patent number: 8321674
    Abstract: An information processing device includes: a receiving unit that receives a first random number from another information processing device; a generating unit that generates a second random number; a time-variant-key generating unit that generates a time variant key for encryption according to the second random number; an encrypting unit that encrypts the first random number with the time variant key; and a transmitting unit that transmits the first random number encrypted by the time variant key and the second random number to the other information processing device.
    Type: Grant
    Filed: July 14, 2009
    Date of Patent: November 27, 2012
    Assignee: Sony Corporation
    Inventors: Hiroaki Hamada, Toshimitsu Higashikawa, Tadashi Morita
  • Publication number: 20120297193
    Abstract: Embodiments of the present invention provide an MTC device authentication method, an MTC gateway, and a related device, which are used to solve a problem that direct interaction between a large quantity of MTC devices and a network side brings a heavy load to a network when the MTC devices are authenticated in the prior art. The method includes: performing, by an MTC gateway, mutual authentication with a core network node; performing, by the MTC gateway, mutual authentication with an MTC device; reporting, by the MTC gateway, a result of the mutual authentication with the MTC device to the core network node; and providing, by the MTC gateway, a non access stratum link protection key K between the MTC device and the core network node according to a key K1 or a key K2.
    Type: Application
    Filed: July 27, 2012
    Publication date: November 22, 2012
    Inventors: Xiaohan LIU, Yixian Xu, Yingxin Huang, Lijia Zhang
  • Patent number: 8316241
    Abstract: The present invention provides a data transmitting apparatus in which a device information obtaining unit obtains device information of a device connected to the data transmitting apparatus; a verification unit verifies validity of a data receiving apparatus, based on the device information obtained by the device information obtaining unit; and a control unit performs control as to whether to obtain the device information through a wireless communication unit or obtain the device information through a wire communication unit, and as to whether to transmit image information encrypted by a first encryption unit from the wireless communication unit or transmit image information encrypted by a second encryption unit from the wire communication unit when the verification unit verifies that the data receiving apparatus is authorized.
    Type: Grant
    Filed: July 9, 2009
    Date of Patent: November 20, 2012
    Assignee: Sony Corporation
    Inventor: Toru Nagara
  • Patent number: 8315386
    Abstract: A method for performing an encrypted voice call between a first terminal and a second terminal supporting a Voice over Internet Protocol (VoIP)-based voice call. In the method, the first and second terminals generate and store a bio key using biographical (bio) information of a user in advance before performing a voice call, the first terminal sends a request for a voice call to the second terminal and establishing a session, the first and second terminals exchange and store a bio key stored in each terminal, and the first and second terminals generate a session shared key using the exchanged bio key and starting a Secure Real-time Transport Protocol (SRTP) session, and a restored bio key by acquiring bio information from received data. User authentication is then performed by comparing the bio key with the restored bio key.
    Type: Grant
    Filed: July 7, 2009
    Date of Patent: November 20, 2012
    Assignee: Samsung Electronics Co., LTD
    Inventors: Jae-Sung Park, Tae-Sung Park, Jae-Hoon Kwon, Do-Young Joung, Sung-Kee Kim, Yong-Gyoo Kim, Ji-Wan Song
  • Patent number: 8316461
    Abstract: Provided is a method for delivering all or part of a rights object (RO) of a user associated with the content to other users. The method includes creating a rights object to be transmitted to a second user within a limit of the rights object held by the first user, and forwarding the created rights object to the second user. The method allows each user to share its own RO with other users within the limit of the RO without server authentication.
    Type: Grant
    Filed: October 14, 2009
    Date of Patent: November 20, 2012
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kyung-ah Chang, Byung-rae Lee
  • Patent number: 8310694
    Abstract: An information processing apparatus for communicating with an external apparatus via a network is provided that includes a generating unit for generating identification information capable of specifying a service in order to launch the service, a receiving unit for receiving input information input by a user with the external apparatus from the external apparatus via the network, a judging unit for judging whether or not the input information received by the receiving unit corresponds to the identification information generated by the generating unit, and a notifying unit for notifying the external apparatus of address information indicating an address of the information processing apparatus if the judging unit judges that the input information corresponds to the identification information.
    Type: Grant
    Filed: February 2, 2007
    Date of Patent: November 13, 2012
    Assignee: Canon Kabushiki Kaisha
    Inventor: Nobuhiko Maki
  • Patent number: 8311214
    Abstract: Communication and validation of information transfer from a transmitter to a receiver is achieved by generating a cipher (400) from a message m (410) using parameters of an elliptic curve, a generator point P (406) on the elliptic curve and a public key Q (416) of the receiver. The cipher includes a first element that is the product kP of a random number k (404) with the generator point P and a second element that is the product of m and the x-coordinate of the product kQ. The message m is generated from two mathematically independent representations of the information and, optionally, a random number. The cipher is communicated to the receiver and decoded to recover a message m? (502). A validation token (500) is generated by the receiver and passed to the transmitter, which validates communication of the information to the receiver if the product mkQ is equal to the validation token.
    Type: Grant
    Filed: April 24, 2006
    Date of Patent: November 13, 2012
    Assignee: Motorola Mobility LLC
    Inventors: Ronald F. Buskey, Barbara B. Frosik, Douglas A. Kuhlman
  • Publication number: 20120284517
    Abstract: Systems, methods, and other embodiments associated with wireless authentication using beacon messages are described. According to one embodiment, an access point controller includes a transmitter configured to wirelessly transmit a beacon message. The beacon message is configured to announce to a remote device that a wireless access point is available to provide access to a network. The beacon message includes a security identifier that identifies a public key for the wireless access point.
    Type: Application
    Filed: May 3, 2012
    Publication date: November 8, 2012
    Inventor: Paul A. LAMBERT
  • Patent number: 8307208
    Abstract: In SSL encryption communication in which a client and a server share a password, the client generates random number data, encrypts the random number data with a public key and a password, and transmits the encrypted random number data to the server, so that the client and the server safely share the random number data having a bit length longer than that of the password. Safe cryptographic communication is performed without intermediaries by using the random number data or by mutually presenting a hash value of the random number data.
    Type: Grant
    Filed: June 2, 2009
    Date of Patent: November 6, 2012
    Assignee: Panasonic Corporation
    Inventor: Masakatsu Matsuo
  • Patent number: 8307406
    Abstract: A method allows access to a set of secure databases and database applications over an untrusted network without replicating the secure database. The method involves authenticating a user using a first authentication application. When the user is verified, then the user's credentials are directed to a second authentication application associated with a secure database based on a first set of user settings retrieved for the user. The second authentication application, based on a second set of user settings, grants the user access to the secure database and database applications associated with the secure database.
    Type: Grant
    Filed: December 28, 2005
    Date of Patent: November 6, 2012
    Assignee: AT&T Intellectual Property II, L.P.
    Inventors: Roger Aboujaoude, Hossein Eslambolchi, John McCanuel, Michael Morris, Saeid Shariati