Intelligent Token Patents (Class 713/172)
  • Patent number: 8281135
    Abstract: A method, system, and computer-readable storage medium containing instructions for controlling access to data stored on a plurality of storage devices associated with a first platform. The method includes authenticating a user to access the first platform, wherein the first platform includes first and second storage devices, chipset encryption hardware, and a memory. Data stored on the storage devices are encrypted, with first data on the first storage device being encrypted by the chipset encryption hardware and second data stored on the second storage device being encrypted by another encryption mechanism. The data are decrypted and the user is allowed to access the first data and the second data.
    Type: Grant
    Filed: December 13, 2011
    Date of Patent: October 2, 2012
    Assignee: Intel Corporation
    Inventor: Ned Smith
  • Patent number: 8281136
    Abstract: Techniques for key distribution used with encrypted communications are provided. A shared secret associated with a principal is maintained securely and separately from the principal. If a principal is authenticated, then the shared secret is acquired from secure data store and used to encrypt a session key. An encrypted authentication token is also generated. The session key is used by the principal to encrypt communications with services and the authentication token vouches for an identity of the principal.
    Type: Grant
    Filed: February 7, 2006
    Date of Patent: October 2, 2012
    Assignee: Novell, Inc.
    Inventor: Preetam Ramakrishna
  • Patent number: 8281373
    Abstract: A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.
    Type: Grant
    Filed: April 6, 2011
    Date of Patent: October 2, 2012
    Assignees: Kabushiki Kaisha Toshiba, Toshiba Solutions Corporation
    Inventors: Yoshihiro Fujii, Minoru Nishizawa, Tatsuro Ikeda, Koji Okada, Tomoaki Morijiri, Hidehisa Takamizawa, Asahiko Yamada
  • Patent number: 8271789
    Abstract: Disclosed is a system managing usage authorizations, comprising a central computer system, field devices and smart cards, wherein the system maintains databases containing all information relating to the users, user accounts, user smart cards, field devices and products, establishes and maintains at least at times communication with the field devices, issues instructions based on the available information and transmits to a plurality of field devices, with the field devices maintaining information relating to the smart cards and products so that communication between a field device and a smart card allows at least a portion of the smart card-related instructions to be processed from the instruction list and stored on the field device and to be transmitted to the computer system during the next communication, and wherein the smart cards carry to allow exchange of information with a field device and store instructions.
    Type: Grant
    Filed: August 13, 2004
    Date of Patent: September 18, 2012
    Assignee: Scheidt & Bachmann GmbH
    Inventors: Norbert Miller, Wolfgang Flugge, Martin Koczwara
  • Patent number: 8272032
    Abstract: A method is provided for controlling multiple access to a network service to prevent fraudulent use of the network service. The method includes identifying an account access counter for an account using identification information received from a user at a first device using a network, wherein the user is requesting access to a service provided at a second device, and further wherein the account access counter is the number of service access sessions active for the account; comparing the account access counter to a maximum account access number, wherein the maximum account access number defines a maximum number of service access sessions allowed for the account; and providing the user at the first device access to the service at the second device if the account access counter is less than the maximum account access number.
    Type: Grant
    Filed: November 10, 2004
    Date of Patent: September 18, 2012
    Assignee: MLB Advanced Media, L.P.
    Inventors: Joseph Francis Choti, Justin Alexander Shaffer, Christopher Sun, Elangovan Soundararajan, Shadeed S. Willis, Lincoln Hochberg, Sean Curtis
  • Patent number: 8266679
    Abstract: An information processing system is supplied capable of holding a security; and transferring an output authority which is had by a transfer source portability terminal to a transfer destination portability terminal.
    Type: Grant
    Filed: August 26, 2008
    Date of Patent: September 11, 2012
    Assignee: Oki Data Corporation
    Inventor: Fumiaki Yoshida
  • Patent number: 8261089
    Abstract: There is provided a method for authenticating a mobile device user against an authenticating system connected to a client computer accessible to said user. The authenticating system uses a communication channel to send to the client computer a logon screen. This logon screen contains a 2D-code embedding, a URL of the authenticating system and a challenge generated by the authenticating system. With a 2D-code reader in the user's mobile device the URL and the challenge are decoded. The user then inputs a password and a response to the challenge is computed. The response is sent together with the user ID to the authenticating system. The authenticating system is able to ascertain that the response to the challenge necessarily comes from the user thereby verifying his identity. Once the user is authenticated, the authenticating system pushes to the client computer (identified by the challenge) a welcome screen.
    Type: Grant
    Filed: September 17, 2009
    Date of Patent: September 4, 2012
    Assignee: GMV Soluciones Globales Internet, S.A.
    Inventors: Juan Jesus Leon Cobos, Pedro Celis De La Hoz
  • Patent number: 8261072
    Abstract: Aspects of the present invention include a method and system for generating a secure access code at a remote device in communication with a computer system having a secure storage device; conveying the secure access code to the system secure storage device; receiving the secure access code at the system secure storage device with unique data characteristics associated with remote device; and, securely providing content to the remote device.
    Type: Grant
    Filed: November 30, 2006
    Date of Patent: September 4, 2012
    Assignee: Atmel Corporation
    Inventors: Kerry D. Maletsky, Nathanael J. Bohlmann
  • Patent number: 8261333
    Abstract: A biometrics authentication system using biometrics media simplifies the process, and reduces the costs, of issuing a portable communication terminal having biometrics functions. A biometrics application program is downloaded from a server to a portable communication terminal, an area for authenticated biometrics information is caused to be created, and biometrics information on an individual card of the user is stored in a common area of the portable communication terminal. Thus, the portable communication terminal has the functions of an individual card storing biometrics information, and the portable communication terminal can be used as an individual card for biometrics authentication.
    Type: Grant
    Filed: March 1, 2006
    Date of Patent: September 4, 2012
    Assignees: Fujitsu Limited, Fujitsu Frontech Limited
    Inventors: Kiyotaka Awatsu, Masanori Ohkoshi, Takahiro Kudoh, Kazuhiro Akutsu, Yoshiharu Ogawa
  • Patent number: 8261073
    Abstract: Provided are a digital rights management (DRM) method and apparatus, and more particularly, a DRM method and apparatus which can support different DRMs and use various digital content. The DRM method includes receiving a hello message request from a host device; comparing information included in the hello message request to information stored in advance; generating an error code when the hello message request contains unsupported information; and generating a hello message response that contains the error code.
    Type: Grant
    Filed: May 11, 2007
    Date of Patent: September 4, 2012
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Yun-sang Oh, Sang-gyoo Sim, Suk-bong Lee, Yeo-jin Kim, Kyung-im Jung, Ji-soo Kim
  • Publication number: 20120221859
    Abstract: Strong authentication tokens for generating dynamic security values having an acoustical input interface for acoustically receiving input data are disclosed. The tokens may also include an optical interface for receiving input data and may have a selection mechanism to select either the acoustical or the optical input interface to receive data. A communication interface may be provided to communicate with a removable security device such as a smart card and the token may be adapted to generate dynamic security values in cooperation with the removable security device. The acoustic signal received by the token may be modulated using a frequency shift keying modulation scheme using a plurality of coding frequencies to code the acoustical signal where each coding frequency may be an integer multiple of a common base frequency.
    Type: Application
    Filed: February 23, 2012
    Publication date: August 30, 2012
    Applicant: Vasco Data Security, Inc.
    Inventor: DIRK MARIEN
  • Publication number: 20120221860
    Abstract: Methods and apparatus for encoding and decoding data transmitted acoustically and/or optically to strong authentication tokens to generate dynamic security values are disclosed. The tokens may also include a selection mechanism to select either an acoustical or an optical input interface to receive data. A communication interface may be provided to communicate with a removable security device such as a smart card and the token may be adapted to generate dynamic security values in cooperation with the removable security device.
    Type: Application
    Filed: February 24, 2012
    Publication date: August 30, 2012
    Applicant: Vasco Data Security, Inc.
    Inventors: Frank Hoornaert, Dirk Marien
  • Patent number: 8250633
    Abstract: In various embodiments, techniques for flexible resource authentication are provided. A principal attempts to login to a target resource using first credentials. The target resource does not recognize the first credentials and in response thereto forwards the first credentials to an identity service. The identity service authenticates the principal via the first credentials and supplies second credentials to the target resource. The target resource recognizes and authenticates the second credentials and grants access to the principal.
    Type: Grant
    Filed: October 26, 2007
    Date of Patent: August 21, 2012
    Assignee: EMC Corporation
    Inventors: Srinivas Vedula, Larry Hal Henderson, Stephen Kent Winn
  • Patent number: 8250644
    Abstract: A method, system, and medium are provided for forcing a mobile device to request online content using a proxy server. In one embodiment, the mobile device sends a request to the content provider directly. The content provider may respond to the requesting browser with an instruction to request the content through a proxy server. The requesting mobile device may then send a second request for the content to the proxy server. The proxy server then sends a request to the content provider on behalf of the requesting mobile device.
    Type: Grant
    Filed: June 10, 2011
    Date of Patent: August 21, 2012
    Assignee: Sprint Communications Company L.P.
    Inventors: Piyush Upadhyay, Badri Prasad Subramanyan, Ayodeji Abidogun, Lyle T. Bertz
  • Patent number: 8250665
    Abstract: A method for controlling a digital television (DTV) includes receiving independent space identification information recorded in a storage area of a compact wireless device and a wired equivalent privacy (WEP) key value of an access point (AP) card, receiving the WEP key value corresponding to the AP card of the DTV from a management server, and comparing the WEP key value received from the compact wireless device with the WEP key value received from the management server. If the WEP key values are identical to each other, receiving first checklist information associated with the use of the independent space from the management server, displaying the received first checklist information, and transmitting second checklist information, in which one or more elements of the displayed first checklist information is marked, to the management server.
    Type: Grant
    Filed: October 26, 2009
    Date of Patent: August 21, 2012
    Assignee: LG Electronics Inc.
    Inventors: Sang Rea Woo, Dae Jin Lim, Hak Joo Lee
  • Publication number: 20120210135
    Abstract: Apparatus, systems, and methods may operate to invoke multiple authentication mechanisms, by a client node, to encrypt N split-keys using credentials associated with corresponding ones of the authentication mechanisms. Further activity may include transforming the split-keys to provide N encrypted split-keys, and storing each of the encrypted split-keys with an associated local user identity and an identity of corresponding ones of the authentication mechanisms. Additional apparatus, systems, and methods are disclosed.
    Type: Application
    Filed: February 16, 2011
    Publication date: August 16, 2012
    Inventors: Santosh Kumar Panchapakesan, Vinayak Hegde
  • Patent number: 8245052
    Abstract: A method and apparatus of using a token comprises receiving an indication of a presence of a nearby short-range terminal and waking up the token in response to receiving the indication. The method further comprises performing authentication between the token and the terminal, without requiring a user to directly interact with the token.
    Type: Grant
    Filed: February 22, 2006
    Date of Patent: August 14, 2012
    Assignee: DigitalPersona, Inc.
    Inventor: Vance C. Bjorn
  • Patent number: 8245051
    Abstract: Systems and methods directed at enhancing the capability of a federated authentication system by configuring the system with extensibility points for adding new account stores and customizing claim transformations. The federated authentication system includes accounts stores, a security token service (STS), and custom claim transformation modules. The account stores are configured to maintain data associated with accounts and to provide security claims in an intermediate format. The STS is configured to retrieve the security claims provided by the account stores and includes built-in transformations for transforming each security claim from the intermediate format to formats associated with resource providers. The STS is further configured to provide extensibility points for custom claim transformations that are not available from the built-in transformations. The custom claim transformation modules are configured to perform at least one custom claim transformation.
    Type: Grant
    Filed: May 13, 2005
    Date of Patent: August 14, 2012
    Assignee: Microsoft Corporation
    Inventors: Ryan D. Johnson, Donald E. Schmidt, Jeffrey F. Spelman, Kahren Tevosyan, Vijayavani Nori
  • Patent number: 8245292
    Abstract: Methods and systems are provided for non-cryptographic capabilities of a token such as a smartcard to be used as an additional authentication factor when multi-factor authentication is required. Smartcards are configured to generate a transaction code each time a transaction is attempted by the smartcard. The transaction code is dynamic, changing with each transaction, and therefore is used as a one-time password. When a user attempts to access a service or application requiring at least two authentication factors, a secure processor is used to read transaction code from the smartcard. The secure processor establishes a secure communication with the remote computer hosting the service or application. The transaction code can then be encrypted prior to transmission over the public Internet, providing an additional layer of security.
    Type: Grant
    Filed: November 15, 2006
    Date of Patent: August 14, 2012
    Assignee: Broadcom Corporation
    Inventor: Mark Buer
  • Patent number: 8245040
    Abstract: An authenticated apparatus generates scrambled data from key data and authentication data, such that another key data, which configures the product data, or authentication data is obtained through back-calculation of the product data by using the authentication data or key data, the scrambled data including the product data and the like generated by multiplying the authentication data indicative of the authenticated apparatus's or a user's authenticity by the key data. The authenticated apparatus generates verification data through an operation of the authentication data, key data, or scrambled data, and transmits the verification data and scrambled data to an authenticating apparatus. The authenticating apparatus then verifies authenticity of the authenticated apparatus based on the verification data and scrambled data received from the authenticated apparatus and each authenticated apparatus's or each user's authentication data stored in the authenticating apparatus.
    Type: Grant
    Filed: April 17, 2009
    Date of Patent: August 14, 2012
    Assignee: Panasonic Corporation
    Inventor: Masakatsu Matsuo
  • Patent number: 8244211
    Abstract: A mobile electronic security device may include a biometric sensor to measure a physical characteristic of a user, an interface component to operatively couple the electronic security device with another device, and a control circuit that are assembled as a single portable unit. Other components, such as a battery, a display, and a memory may be included in the security device. The security device authenticates the identity of a user using output data from the biometric sensor and, in some embodiments, using data from an environmental sensor. Once validated, an encrypted authentication certificate may be output to another device. The security device provides a trusted platform that enables a user to verify his or her identity, show proof of presence of the user, control access to data, etc., and may operate in a standalone manner and/or in conjunction with another device.
    Type: Grant
    Filed: February 5, 2009
    Date of Patent: August 14, 2012
    Assignee: Inflexis LLC
    Inventor: Garrett Clark
  • Patent number: 8239928
    Abstract: Disclosed relates to an access control system and method based on hierarchical keys. The system comprises an access control server (ACS), a home gateway, and a plurality of sensor devices disposed on a home network. The ACS sets up user's access limits of authority and authorization verifier, and saves the related data of user's password and the user's access limits of authority. The gateway records the authority limits' level and the authority limits' key which are constructed based on a hierarchical key structure. When a user logs in the ACS to request access, an one-time communication key between the user and the home gateway is established by exchanging the ticket and the token that are issued by the ACS. This allows the user to access the information of the sensor devices.
    Type: Grant
    Filed: January 9, 2009
    Date of Patent: August 7, 2012
    Assignee: Industrial Technology Research Institute
    Inventors: Yi-Hsiung Huang, Lun-Chia Kuo, Wen-Guey Tzeng, Huan-Chung Lin, Chya-Hung Tsai
  • Patent number: 8234687
    Abstract: A method of establishing secure communications between a first computer, eg a client computer (20), and a second computer, eg a web server (70), whereby the client computer (20) receives one or more security policies (85) relating to the web server (70). A client application (10) examines the client computer (20) and preferably configures one or more aspects of the client computer (20) in order to make it comply with the security policies (85). Once the web server (70) receives the results of this examination and/or configuration process, it can determine whether the secure communications are to be established and whether any restrictions need to be placed on this communication and/or the activity conducted via the communication.
    Type: Grant
    Filed: May 29, 2007
    Date of Patent: July 31, 2012
    Assignee: Symbiotic Technologies Pty Ltd.
    Inventor: Andreas Baumhof
  • Patent number: 8230480
    Abstract: A method and apparatus are provided for network security based on a security status of a device. A security update status of a device is evaluated; and one or more of a plurality of security policies are selected to apply to the device based on the security update status. The available security philosophies may include, for example, a “protect the good” philosophy, an “encourage the busy” philosophy and a “shut off the non-compliant” philosophy. The security update status can evaluate, for example, a version level of one or more security features installed on the device or can be based on a flag indicating whether the device satisfies predefined criteria for maintaining one or more computer security protection features up-to-date.
    Type: Grant
    Filed: April 26, 2004
    Date of Patent: July 24, 2012
    Assignee: Avaya Inc.
    Inventors: Lookman Y. Fazal, Martin Kappes, Anjur S. Krishnakumar, Parameshwaran Krishnan
  • Publication number: 20120185695
    Abstract: A computerized device can implement a content player to access a content stream using a network interface, the content stream comprising encrypted content and an embedded license comprising a content key encrypted according to a global key accessible by the content player. The content player determines whether a token meeting an authorization condition is present and uses the global key to decrypt the content key only if such a token is present. The authorization condition may be evaluated at least in part based on data included in the content stream. The authorization condition can include presence of a token having a content ID matching a corresponding ID in the license; presence of a token with a correct device ID; presence of a token signed according to a digital signature identified in the licenses; and/or presence of a token that is unexpired, with expiration evaluated based on a time-to-live indicator in the token.
    Type: Application
    Filed: January 13, 2011
    Publication date: July 19, 2012
    Applicant: Adobe Systems Incorporated
    Inventors: Kunal Shah, Sunil Agrawal
  • Patent number: 8225092
    Abstract: An access authentication method includes pre-establishing a security channel between the authentication server of the access point and the authentication server of the user terminal and performing the authentication process at user terminal and access point. The authentication process includes 1) the access point sending the authentication_activating message; 2) the user terminal sending the authentication server of user terminal request message; 3) the authentication server of the user terminal sending to the user terminal response message; and 4) completing the authentication.
    Type: Grant
    Filed: February 21, 2006
    Date of Patent: July 17, 2012
    Assignee: China Iwncomm Co., Ltd.
    Inventors: Xiaolong Lal, Jun Cao, Hong Guo, Zhenhai Huang, Bianling Zhang
  • Patent number: 8219816
    Abstract: A token representing encrypted data is used to initiate a call routing strategy based on receipt of the token. The call routing strategy is configured to initiate a query. Decrypted data associated with the encrypted data may be accessed to determine a data relationship based on the query.
    Type: Grant
    Filed: December 23, 2008
    Date of Patent: July 10, 2012
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Steven W. Statham, Kirk R. Hill
  • Patent number: 8219804
    Abstract: Techniques are provided for securely managing, using smart cards, the usage of a peripheral device. In one embodiment, both the peripheral device and the smart card have digital certificates and a means for authenticating each other. Each device requires authentication of the other device before access to the device's resources is granted. In one embodiment of the invention, the smart card executes a local Java application for managing usage data. The application provides quota and prior usage data to the peripheral device, and updates on the smart card usage data provided by the peripheral device. The usage data on the smart card is used to limit, audit, or track access to resources and operations on the peripheral device. In another embodiment, the authentication and usage management functions of the smart card is implemented on a remote server.
    Type: Grant
    Filed: September 13, 2007
    Date of Patent: July 10, 2012
    Assignee: Ricoh Company, Ltd.
    Inventor: Jiang Hong
  • Patent number: 8214642
    Abstract: The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user. The credential user is provided with a user device. A first channel and a second channel are provided for communication between the user device and the credential issuer. A shared key is distributed between the user device and the credential issuer by means of the second channel. A binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated. The binary representation of the set of credentials is encrypted by means of the shared key. The encrypted set of credentials is distributed via the first channel from the credential issuer to the user device. The encrypted set of credentials is decrypted by the user device by means of the shared key.
    Type: Grant
    Filed: April 4, 2008
    Date of Patent: July 3, 2012
    Assignee: International Business Machines Corporation
    Inventors: Michael Baentsch, Peter Buhler, Thomas Eirich, Thorsten Kramp, Thomas Weigold
  • Patent number: 8214879
    Abstract: A system for enforcing policy in a communication network includes a policy server which is operable to receive a request to invoke an application, receive a policy profile for a network user, and decide a proper allocation of network users based on the policy profile, the application, and available network resources. The policy server is further operable to communicate with a non-SIP application. The system also includes a network resource manager operably associated with the policy server and operable to monitor available network in the resources in the communication network. In addition, the network resource manager is functional to allocate network resource amongst a plurality of network users. The system also contains an application control point which is operably associated with the policy server and operable to communicate with a SIP application. The system is operable to use policy peering between the home and visited network to enable user-specific policies to be enforced while roaming.
    Type: Grant
    Filed: August 31, 2011
    Date of Patent: July 3, 2012
    Assignee: Cisco Technology, Inc.
    Inventors: Flemming Stig Andreasen, Jonathan D. Rosenberg
  • Patent number: 8213901
    Abstract: There is disclosed a method for verifying a first identity and a second identity of an entity, said method comprising: receiving a first and second identity of said entity at a checking entity; sending information relating to at least one of the first and second identities to a home subscriber entity; and verifying that said first and second identities both belong to the entity from which said first and second identities have been received.
    Type: Grant
    Filed: April 26, 2005
    Date of Patent: July 3, 2012
    Assignee: Nokia Corporation
    Inventors: Auvo Hartikainen, Kalle Tammi, Toni Miettinen, Lauri Laitinen, Philip Ginzboorg, Pekka Laitinen
  • Patent number: 8214630
    Abstract: A method, device and system for controlling JTAG interface enablement within a communication device. The JTAG interface can be selectively enabled based on the receipt of an encrypted access token generated by an access token server. The access token server generates the access token in response to an end user providing appropriate device-specific information. The access token includes appropriate information that, upon appropriate authentication and decryption, can temporarily device bind the boot code image of the device in a manner that enables the JTAG interface. Alternatively, the access token includes appropriate information that instructs the general purpose processor to choose between JTAG interface enablement information and JTAG interface disablement information for use with the boot code image of the device. The access token can include expiration information that causes an enabled JTAG interface to revert back to its disabled status upon expiration of the access token.
    Type: Grant
    Filed: February 24, 2009
    Date of Patent: July 3, 2012
    Assignee: General Instrument Corporation
    Inventors: Petr Peterka, Alexander Medvinsky
  • Patent number: 8209744
    Abstract: Mobile device assisted secure computer network communications embodiments are presented that employ a mobile device (e.g., a mobile phone, personal digital assistant (PDA), and the like) to assist in user authentication. In general, this is accomplished by having a user enter a password into a client computer which is in contact with a server associated with a secure Web site. This password is integrated with a secret value, which is generated in real time by the mobile device. The secret value is bound to both the mobile device's hardware and the secure Web site being accessed, such that it is unique to both. In this way, a different secret value is generated for each secure Web site accessed, and another user cannot impersonate the user and log into a secure Web site unless he or she knows the password and possesses the user's mobile device simultaneously.
    Type: Grant
    Filed: May 16, 2008
    Date of Patent: June 26, 2012
    Assignee: Microsoft Corporation
    Inventors: Bin Zhu, Min Feng, Xu Yin, Yang Yang, Yao Zhang, Jun Shao
  • Patent number: 8209753
    Abstract: An anonymous secure messaging method, system and computer program product for implementation over a wireless connection. The invention allows the securely exchange of information between a security token enabled computer system and an intelligent remote device having an operatively coupled security token thereto over the wireless connection. The invention establishes an anonymous secure messaging channel between the security token and the security token enabled computer system, which allows the intelligent remote device to emulate a locally connected security token peripheral device without requiring a physical connection. A dedicated wireless communications channel is incorporated to prevent several concurrent wireless connections from being established with the security token and potentially compromising the security of the information being sent on concurrent wireless connections.
    Type: Grant
    Filed: December 22, 2003
    Date of Patent: June 26, 2012
    Assignee: Activcard, Inc.
    Inventors: Wu Wen, Eric F. Le Saint, Jerome Antoine Marie Becquart
  • Patent number: 8209754
    Abstract: A secure NFC apparatus includes a plug-in socket, an NFC unit, and a protocol matching unit. A security module is inserted in the plug-in socket. The NFC unit communicates with the outside via non-contact NFC using signals based on an S2C protocol. The protocol matching unit determines the type of chip in the inserted security module, generates a chip identification signal according to results of the identification, and matches the protocol of the signals based on the S2C protocol, which are input to and output from the NFC unit, with the protocol of the signals, which are input to and output from the security module, according to the chip identification signal.
    Type: Grant
    Filed: September 1, 2006
    Date of Patent: June 26, 2012
    Assignee: SK Telecom Co., Ltd.
    Inventors: Sung-Rock Cheon, Jae-Sic Jeon, O-Hyon Kwon, Joo-Sik Lee
  • Patent number: 8205083
    Abstract: A system for providing program information has a user terminal, a recording medium capable of reading information therefrom and writing information thereto through a command issued by the user terminal, and a server connected to the user terminal via a network, and provides program information from the server to the recording medium. The recording medium has a first control unit that performs a first mutual authentication operation with a first storage unit capable of writing program information thereto and the user terminal, and that executes a command to write program information to the first storage unit only if the first mutual authentication operation is successful. The user terminal performs a second mutual authentication operation with the server, obtains program information transmitted from the server if the second mutual authentication operation is successful, and issues a command to write the program information to the first storage unit of the recording medium.
    Type: Grant
    Filed: April 16, 2008
    Date of Patent: June 19, 2012
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Hiroshi Suu, Akira Miura, Akihiro Kasahara
  • Patent number: 8205240
    Abstract: A method of putting a first gateway device into service, the first gateway device having an application service module and a network module enabling communications between the first gateway device and the activation manager, the application service module residing on a user premises side of a network service provider demarcation. The method comprises identifying, at the first gateway device disposed at a user premises, an activation manager in communication with the first gateway device, transmitting, from the first gateway device, an activation certificate to the activation manager for verification and authentication, generating a service authentication key associated with the first gateway device, storing the service authentication key and an indication that the associated gateway device status is activated in a database, determining the services available to the first gateway device, and transmitting the service authentication key and an identification of the available services to the first gateway device.
    Type: Grant
    Filed: December 28, 2007
    Date of Patent: June 19, 2012
    Assignee: Prodea Systems, Inc
    Inventors: Amir Ansari, George A. Cowgill, Ramprakash Masina, Jude P. Ramayya, Alvin R. McQuarters, Atousa Raissyan, Leon E. Nicholls, Wesley R. Erhart, Michael P. Cooper
  • Patent number: 8204232
    Abstract: Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and so that v=w/z. The verification equality R=uG+vQ may then be computed as ?zR+(uz mod n) G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained.
    Type: Grant
    Filed: January 18, 2006
    Date of Patent: June 19, 2012
    Assignee: Certicom Corp.
    Inventors: Marinus Struik, Daniel R. Brown, Scott A. Vanstone, Robert P. Gallant, Adrian Antipa, Robert J. Lambert
  • Patent number: 8200978
    Abstract: A two-varying-password generator having two varying passwords of different digit lengths and different time intervals is disclosed. A two-varying-password generator has a printed circuit board where a processor is soldered onto, a battery, a display window and an on/off key and code key. The processor is loaded with two predetermined programs that can produce two passwords (or more than two passwords) of different digit length and different time interval. Meanwhile, the host computer also stores these two programs in the customer's account. As the clocks of both two-varying-password generator and host computer work in synchronously, both of them can produce two identical passwords of the same moment. Application of two-varying-password generator can counter phishing sites, fight credit card forgery and unauthorized transaction, tackle cloned ATM card.
    Type: Grant
    Filed: July 6, 2007
    Date of Patent: June 12, 2012
    Inventor: Gong Ling Ll
  • Patent number: 8200195
    Abstract: An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction.
    Type: Grant
    Filed: January 28, 2011
    Date of Patent: June 12, 2012
    Assignee: Activcard Ireland, Limited
    Inventors: Eric F. Le Saint, Dominique Louis Joseph Fedronic
  • Patent number: 8199917
    Abstract: A method and a system for unlocking a storage device that has become locked or cannot be unlocked are disclosed. A hint is generated from a key by removing bits and adding bits. A position of removed bits, a position of added bits, the number of removed bits and the number of added bits are stored and known securely. When the key cannot unlock a storage device corresponding to the key, the position of removed bits, the position of added bits, the number of removed bits (N) and the number of added bits are retrieved. Then, the added bits are removed in the hint. Each possible N bits are placed in the hint at the position of removed bits to generate 2N possible keys. Then, each of 2N possible key are tried to unlock the storage device.
    Type: Grant
    Filed: October 29, 2008
    Date of Patent: June 12, 2012
    Assignee: International Business Machines Corporation
    Inventors: Natalie S. Hogan, Raymond Jepson, Andrew J. E. Menadue, Barry J. Wood
  • Publication number: 20120144201
    Abstract: Secure element authentication techniques are described. In implementations, a confirmation is received that an identity of a user has been physically verified using one or more physical documents. One or more credentials that are usable to authenticate the user are caused to be stored in a secure element of a mobile communication device of the user, the secure element implemented using tamper-resistant hardware.
    Type: Application
    Filed: December 3, 2010
    Publication date: June 7, 2012
    Applicant: MICROSOFT CORPORATION
    Inventors: Anoop Anantha, Murali R. Krishnan, Alan L. Marshall, Kamran Rajabi Zargahi, Miller Thomas Abel
  • Patent number: 8195943
    Abstract: Techniques for deriving temporary identifiers (IDs) used to address specific user equipments (UEs) in a wireless communication network are described. At a network entity, a first ID assigned to a UE and additional information such as, e.g., a salt value and/or shared secret data for the UE, are transformed to obtain a second ID for the UE. The first ID and/or the shared secret data may be updated, e.g., whenever a signaling message is sent to the UE. A signaling message directed to the UE is generated based on the second ID and sent via a common channel. At the UE, a message is received via the common channel. The first ID and additional information such as, e.g., a salt value obtained from the received message and/or shared secret data for the UE, are transformed to obtain the second ID, which is used to determine whether the received message is intended for the UE.
    Type: Grant
    Filed: February 9, 2007
    Date of Patent: June 5, 2012
    Assignee: Qualcomm Incorporated
    Inventor: Nathan Edward Tenny
  • Patent number: 8195233
    Abstract: Methods and devices for allowing a wireless communication device (1301) initially unauthorized for communication with a network to obtain persistent soft network subscription credential information (1303) from a wireless communication device (1401) initially authorized for communication with the network are disclosed. In performing the persistent transfer of the soft network subscription credential information (1303), one of a token management module (1312), a session initiation protocol communication module (1408), or a electronic rights manager (1406) may be used to ensure that only one communication device is capable of communicating with a network at any one time.
    Type: Grant
    Filed: July 30, 2007
    Date of Patent: June 5, 2012
    Assignee: Motorola Mobility, Inc.
    Inventors: James J. Morikuni, Bashar Jano
  • Patent number: 8190899
    Abstract: System and method for establishing a remote connection over a network with a personal security device connected to a local client without using a local APDU interface or local cryptography.
    Type: Grant
    Filed: December 30, 2009
    Date of Patent: May 29, 2012
    Assignee: ActivCard
    Inventors: Yves Louis Gabriel Audebert, Olivier Clemot
  • Patent number: 8190893
    Abstract: A technique for providing message authenticity includes accepting transaction information, accepting a first data item used for authenticating an originating user, cryptographically processing the transaction information using only a second data item, wherein the entropy of the first data item is less than the entropy of the second data item, and authenticating the originating user using the first data item. The first data item can be a sequence of digits corresponding to those displayed on an external device, such as, for example, an RSA authorization token, credit card, etc. In general, the first data item will be a short alphanumeric string and the second data item will generally be much larger, e.g., a 128 bit sequence to be used principally for data authentication. According to another aspect of the present invention, consequential evidence of the transaction may be secured to provide after-the-fact evidence of the transaction.
    Type: Grant
    Filed: July 1, 2004
    Date of Patent: May 29, 2012
    Assignee: JP Morgan Chase Bank
    Inventors: Glenn Stuart Benson, Joseph R. Calaceto, Russell M. Logar
  • Patent number: 8190900
    Abstract: A communications protocol is used to provide data privacy, message integrity, message freshness, and user authentication to telemetric traffic, such as to and from implantable medical devices in a body area network. In certain embodiments, encryption, message integrity, and message freshness are provided through use of token-like nonces and ephemeral session-keys derived from device identification numbers and pseudorandom numbers.
    Type: Grant
    Filed: April 18, 2011
    Date of Patent: May 29, 2012
    Assignee: Medtronic, Inc.
    Inventor: Eric D. Corndorf
  • Patent number: 8185639
    Abstract: Described are techniques for providing a host identifier for a host. A first portion including a first identifier associated with a system for the host is received. A second portion including a second identifier generated in accordance with a hardware property of the host is received. The host identifier is formed using the first and second portions. The host identifier is used to uniquely identify the host in a storage area network.
    Type: Grant
    Filed: January 3, 2006
    Date of Patent: May 22, 2012
    Assignee: EMC Corporation
    Inventors: Sriram Krishnan, Andreas L. Bauer, Russell R. Laporte, Gregory W. Lazar
  • Patent number: 8185737
    Abstract: Communication across domains is described. In at least one implementation, a determination is made that an amount of data to be communicated via an Iframe exceeds a threshold amount. The data is divided into a plurality of portions that do not exceed the threshold amount. A plurality of messages is formed to communicate the divided data across domains.
    Type: Grant
    Filed: May 22, 2007
    Date of Patent: May 22, 2012
    Assignee: Microsoft Corporation
    Inventors: Scott Isaacs, George Moore, Danny Thorpe, Vasileios Zissimopoulos
  • Patent number: 8185950
    Abstract: An information forming apparatus includes: a communication unit that carries out data communication with an authentication card inserted into a card slot; an authentication unit that authenticates that a user who attempts to operate the apparatus is an authorized user by sending entered authenticating information to the authentication card; a storing unit that stores the entered authenticating information; and a process execution unit that, when a process is invoked that requires input of authenticating information to the authentication card, executes the process using the authenticating information stored in the storing unit.
    Type: Grant
    Filed: April 9, 2008
    Date of Patent: May 22, 2012
    Assignee: Fuji Xerox Co., Ltd.
    Inventor: Takanori Masui