Intelligent Token Patents (Class 713/172)
-
Patent number: 8898766Abstract: A system, computer-readable storage medium storing at least one program, and a computer-implemented method for controlling a local utility are disclosed. A first request originating from an application and including a first token is received at a local utility. The application received a web page, including a plurality of links and the first token, from a first server. The plurality of links are received by the application from a second server. The first token is authenticated. Authentication includes sending the first token to a third server. In response to authenticating the first token, a second token is generated at the local utility. The second token is sent to the application for inclusion in subsequent requests from the application.Type: GrantFiled: April 10, 2012Date of Patent: November 25, 2014Assignee: Spotify ABInventors: Sten Garmark, Nicklas Söderlind, Samuel Cyprian, Aron Levin, Hannes Graah, Erik Hartwig, Gunnar Kreitz
-
Patent number: 8898732Abstract: Methods, systems, computer-readable media, and apparatuses for providing a managed browser are presented. In various embodiments, a computing device may load a managed browser. The managed browser may, for instance, be configured to provide a managed mode in which one or more policies are applied to the managed browser, and an unmanaged mode in which such policies might not be applied and/or in which the browser might not be managed by at least one device manager agent running on the computing device. Based on device state information and/or one or more policies, the managed browser may switch between the managed mode and the unmanaged mode, and the managed browser may provide various functionalities, which may include selectively providing access to enterprise resources, based on such state information and/or the one or more policies.Type: GrantFiled: October 1, 2013Date of Patent: November 25, 2014Assignee: Citrix Systems, Inc.Inventor: Waheed Qureshi
-
Publication number: 20140344580Abstract: Systems and methods for performing a secure transaction provided. In one embodiment, the method includes: reading data on a command token, reading data on a token; encrypting the token data with a key; encrypting an authentication data with a clear text token data; and transmitting the encrypted authentication data with the encrypted token data to a remote device.Type: ApplicationFiled: May 23, 2014Publication date: November 20, 2014Applicant: VeriFone, Inc.Inventors: CLAY VON MUELLER, Mihir Bellare, Scott R. Yale, Patrick K. Hazel, Paul Elbridge Catinella
-
Patent number: 8892755Abstract: A method and system for single-session sign-on management are provided. Multiple servers may be provided. The servers may have both log-in plug-in modules and session management plug-in modules. Providing the plug-ins on individual servers reduces network traffic generally required in order to grand a validate user credentials. Thus, a second server may validate a user credential created by a first server and may additionally create a user credential if it cannot validate the credential created by the first server.Type: GrantFiled: April 8, 2011Date of Patent: November 18, 2014Assignee: JPMorgan Chase Bank, N.A.Inventors: Lawrence R. Miller, Bruce J. Skingle
-
Patent number: 8892891Abstract: A method and a system is provided for establishing a communications path over a communications network between a personal security device (PSD) and a remote computer system without requiring the converting of high-level messages such as API-level messages to PSD-formatted messages such as APDU-formatted messages (and inversely) to be installed on a local client device in which the PSD is connected.Type: GrantFiled: February 13, 2013Date of Patent: November 18, 2014Assignee: Assa Abloy ABInventors: Yves Louis Gabriel Audebert, Olivier Clemot
-
Patent number: 8892880Abstract: A system and method for obtaining an authorization key to use a product utilizes a secured product identification code, which includes a serial number and at least one code that is generated based on a cryptographic algorithm.Type: GrantFiled: October 28, 2010Date of Patent: November 18, 2014Assignee: NXP B.V.Inventors: Ralf Malzahn, Hauke Meyn
-
Patent number: 8893284Abstract: A method and system for extending an authentication of a wireless device are disclosed. For example, the method includes authenticating access to the wireless device via a first authentication. The method detects a bonded authentication device as a second authentication. The method permits access to the wireless device when the bonded authentication device is detected.Type: GrantFiled: October 3, 2007Date of Patent: November 18, 2014Assignee: Motorola Mobility LLCInventors: Daniel J. Sadler, Morris Anthony Moore, Manuel Oliver
-
Patent number: 8893242Abstract: A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link.Type: GrantFiled: April 29, 2008Date of Patent: November 18, 2014Assignee: eBay Inc.Inventors: Raju Venkata Kolluru, Michael Dean Kleinpeter, Liam Sean Lynch, Christopher J. Kasten, Rajesh Kanungo
-
Patent number: 8892697Abstract: A system and a digital token for user identity verification comprise a control device for communicating over a network. The control device executes program applications and displays outputs to a user. A server communicates over the network to the control device and to other devices. The server comprises a personal identity model, a personal identity engine and a personal identity controller. The personal identity model collects and stores user information comprising personal information, personality, and biometric information. The personal identity engine processes the stored user information to produce the digital token. The personal identity controller manages exchange of the digital token in a user identity verification process. A claim point exchanges the digital token with the server in the user identity verification process in which upon verification the user's identity, the claim point provides a service to the user.Type: GrantFiled: July 24, 2012Date of Patent: November 18, 2014Assignee: Dhana Systems Corp.Inventor: Prashant Nema
-
Patent number: 8892475Abstract: Methods, apparati, and computer-readable media for providing authorization and other services. In a preferred embodiment, an authorization service includes both a messaging specification and a set of rules that govern its use. A first customer wishing to use the authorization service prepares a request that complies with the service's messaging specification and transmits it to a first participant. The first participant transmits the request to a second participant, which processes the request according to authorization information provided by a second customer and rules that have been specified for the service. The second participant then prepares a response that complies with the service's messaging specification.Type: GrantFiled: April 4, 2006Date of Patent: November 18, 2014Assignee: Identrust, Inc.Inventors: Guy S. Tallent, Jr., Paul A. Donfried, George M. (Mack) Hicks, Elizabeth Lee
-
Publication number: 20140337238Abstract: Using cryptographic techniques, sensitive data is protected against disclosure in the event of a compromise of a content delivery network (CDN) edge infrastructure. These techniques obviate storage and/or transfer of such sensitive data, even with respect to payment transactions that are being authorized or otherwise enabled from CDN edge servers.Type: ApplicationFiled: August 2, 2014Publication date: November 13, 2014Inventor: F. Thomson Leighton
-
Patent number: 8880734Abstract: A method and apparatus for compressing signal samples uses block floating point representations where the number of bits per mantissa is determined by the maximum magnitude sample in the group. The compressor defines groups of signal samples having a fixed number of samples per group. The maximum magnitude sample in the group determines an exponent value corresponding to the number of bits for representing the maximum sample value. The exponent values are encoded to form exponent tokens. Exponent differences between consecutive exponent values may be encoded individually or jointly. The samples in the group are mapped to corresponding mantissas, each mantissa having a number of bits based on the exponent value. Removing LSBs depending on the exponent value produces mantissas having fewer bits. Feedback control monitors the compressed bit rate and/or a quality metric. This abstract does not limit the scope of the invention as described in the claims.Type: GrantFiled: October 26, 2012Date of Patent: November 4, 2014Assignee: Altera CorporationInventor: Albert W. Wegener
-
Patent number: 8880888Abstract: A passport authentication protocol provides for encryption of sensitive data such as biometric data and transfer of the encryption key from the passport to the authentication authority to permit comparison to a reference value.Type: GrantFiled: May 10, 2010Date of Patent: November 4, 2014Assignee: Certicom Corp.Inventors: Daniel R. L. Brown, Scott A. Vanstone
-
Patent number: 8874922Abstract: In accordance with the present disclosure, a system and method for multilayered authentication of trusted platform updates is described. The method may include storing first cryptographic data in a personality module of an information handling system, with the first cryptographic data corresponding to a verified firmware component. A second cryptographic data may also be determined, with the second cryptographic data corresponding to an unverified firmware component. The unverified firmware component may be stored in a memory element of the information handling system, and the second cryptographic data may be determined using a processor of the information handling system.Type: GrantFiled: January 17, 2012Date of Patent: October 28, 2014Assignee: Dell Products L.P.Inventors: Muhammed Jaber, Mukund Khatri
-
Patent number: 8874904Abstract: A first cryptographic device is configured to store a set of keys that is refreshed in each of a plurality of epochs. The first cryptographic device computes for each of at least a subset of the epochs at least one view based on at least a portion of the set of keys for that epoch, and transmits the views to a second cryptographic device in association with their respective epochs. At least one view computed for a current one of the epochs is configured for utilization in combination with one or more previous views computed for one or more previous ones of the epochs to permit the second cryptographic device to confirm authenticity of the set of keys for the current epoch. The first cryptographic device may include an authentication token and the second cryptographic device may include an authentication server.Type: GrantFiled: December 13, 2012Date of Patent: October 28, 2014Assignee: EMC CorporationInventors: Ari Juels, Kevin D. Bowers
-
Patent number: 8874918Abstract: A method for conditionally allowing fruition of broadcast contents, broadcast by a contents broadcaster and received by a user by means of a receiving equipment, includes: performing, locally at the receiving equipment of the user, a first fruition entitlement check based on first fruition entitlement data available locally at the receiving equipment; having the receiving equipment provide to the contents broadcaster the first fruition entitlement data exploiting a return communications channel of the receiving equipment; having the contents broadcaster perform a second fruition entitlement check based on a comparison between the received first fruition entitlement data and second fruition entitlement data available locally to the contents broadcaster; and conditioned on a result of the second check, having the contents broadcaster provide to the receiving equipment, exploiting the return communications channel, a fruition entitlement confirmation notification; at the receiving equipment, conditioning the fruType: GrantFiled: April 28, 2005Date of Patent: October 28, 2014Assignee: Telecom Italia S.p.A.Inventor: Paolo Goria
-
Patent number: 8874794Abstract: A method and apparatus for compressing signal samples uses block floating point representations where the number of bits per mantissa is determined by the maximum magnitude sample in the group. The compressor defines groups of signal samples having a fixed number of samples per group. The maximum magnitude sample in the group determines an exponent value corresponding to the number of bits for representing the maximum sample value. The exponent values are encoded to form exponent tokens. Exponent differences between consecutive exponent values may be encoded individually or jointly. The samples in the group are mapped to corresponding mantissas, each mantissa having a number of bits based on the exponent value. Removing LSBs depending on the exponent value produces mantissas having fewer bits. Feedback control monitors the compressed bit rate and/or a quality metric. This abstract does not limit the scope of the invention as described in the claims.Type: GrantFiled: October 26, 2012Date of Patent: October 28, 2014Assignee: Altera CorporationInventor: Albert W. Wegener
-
Patent number: 8869258Abstract: A system and method for troubleshooting errors that occur during token requests. An identity provider generates a session ID and uses the session ID when logging events that occur during handling of the request. Multiple servers, processes, or threads may use the same session ID. The session ID may be sent with an error message to the requester. An ID of one or more servers that processed the request may also be sent to the requester. Upon receiving the error message, the requester may provide the error information to an administrator, who uses the information to retrieve associated logged events.Type: GrantFiled: March 12, 2010Date of Patent: October 21, 2014Assignee: Microsoft CorporationInventors: Wei Wu, Balaji Azhagiyapandiapuram
-
Patent number: 8863263Abstract: A server apparatus includes an analyzer unit which analyzes log-in information for a server received from a client, determines an authentication scheme of the server, and extracts, from the log-in information, provisional authentication information in a form representative of variable information. The analyzer unit stores, in the storage device, information representative of the authentication scheme and the provisional authentication information as the variable information. The analyzer unit also stores, in the storage device, as the variable information, authentication information of a user for the server that is associated with representative authentication information of the user.Type: GrantFiled: February 14, 2011Date of Patent: October 14, 2014Assignee: Fujitsu LimitedInventors: Yoshikazu Asano, Noriyuki Sawai, Rie Noda
-
Patent number: 8863303Abstract: A system and method for allowing access to digitally protected content are disclosed. License metadata and credentials from multiple types of digital rights management systems may be used to grant access to content protected by a different type of digital rights management system. Hierarchical levels of access to the content may be granted based on at least one of license metadata and credentials.Type: GrantFiled: August 12, 2008Date of Patent: October 14, 2014Assignee: Disney Enterprises, Inc.Inventor: Arnaud Robert
-
Patent number: 8862888Abstract: In one aspect, systems and methods for three-factor authentication include receiving a user's identification and password transmitted from the user's mobile device, generating a One Time Password (OTP), encrypting the OTP, and encoding the encrypted OTP in a two-dimensional barcode. The two-dimensional barcode of the encrypted OTP is transmitted to a computing device of the user, and an image of the two-dimensional barcode of the encrypted OTP displayed on the user's computing device is captured using the user's mobile device. The two-dimensional barcode of the encrypted OTP is decoded using the user's mobile device to obtain the encrypted OTP. The encrypted OTP is decrypted using the user's mobile device and displayed. The OTP then is spoken by the user, and the user's voice and the OTP are recognized to authenticate the user.Type: GrantFiled: January 11, 2012Date of Patent: October 14, 2014Assignee: King Saud UniversityInventors: Ahmed Saleh Mohamed Tolba, Muhammad Khurram Khan, Khaled Soliman Alghathbar
-
Patent number: 8863260Abstract: A mechanism is provided for enhancing password protection. A combination password that comprises dynamic text interspersed within a static user password is received from a user. A determination is made as to whether the combination password is to be verified without the dynamic text. Responsive to identifying that the combination password is to be verified without the dynamic text, the dynamic text is filtered from the combination password based on an identified dynamic suggestion issued to the user prior to the combination password being received thereby forming a filtered password. The filtered password is then authenticated using information stored for the user. Responsive to validating the filtered password, access is granted by the user to a secured system.Type: GrantFiled: June 7, 2012Date of Patent: October 14, 2014Assignee: International Business Machines CorporationInventors: Abdullah A. Chougle, Vishal V. Chougule, Priyanka P. Jain
-
Patent number: 8863229Abstract: The disclosure provides a method for resource and admission control of a home network, the RACF of an NGN retail service provider formulates an initial policy rule according to a resource request after receiving the resource request sent by an SCF; a CPN performs authorization check on one or more resource requests after receiving them, each of which includes the initial policy rule and is sent by an RACF of a respective NGN retail service provider, formulates a final policy rule after the authorization check is passed, and executes the final policy rule. The disclosure further provides a system for resource and admission control of a home network correspondingly, since a CGPE-FE executes corresponding operation according to the decision result of an HPD-FE, the disclosure can avoid resource control errors such as resource desynchrony or resource inconsistence, and can improve system stability.Type: GrantFiled: June 11, 2010Date of Patent: October 14, 2014Assignee: ZTE CorporationInventor: Jianjie You
-
Patent number: 8862885Abstract: An article of manufacture having a document body constructed from document layers arranged on top of each other, with a first document layer having an evaluation unit, a second document layer having a first acquisition unit for collecting first biometric data, a third document layer having a second acquisition unit for collecting second biometric data, wherein the evaluation unit is connected to the first and second acquisition units in order to receive the first and second biometric data, the evaluation unit constructed for evaluating the first and second biometric data in order to activate a function of the article of manufacture depending on a result of the evaluation.Type: GrantFiled: September 30, 2010Date of Patent: October 14, 2014Assignee: BUNDESDRUCKEREI GmbHInventors: Ulrich Hamann, Manfred Paeschke, Joerg Fischer, Joachim Kloeser
-
Patent number: 8863268Abstract: A security module and method within an information handling system are disclosed. In a particular form, a processing module can include a local processor configurable to initiate access to resources of a host processing system. The processing module can also include a security module configured to enable use of the resources of the host processing system using a security metric. According to an aspect, the security module can be further configured to detect the security metric, and enable access to a resource of the host processing system in response to the security metric. The security module can further be configured to disable access to another resource of the host processing system in response to the security metric.Type: GrantFiled: October 29, 2008Date of Patent: October 14, 2014Assignee: Dell Products, LPInventors: Roy W. Stedman, Andrew T. Sultenfuss, David Loadman
-
Patent number: 8862890Abstract: A biometric-information processing apparatus and method including storing sample biometric information of a user each time biometric authentication processing for verifying sample biometric information of a user against enrolled biometric information registered in a first storage unit succeeds, where the user's sample biometric information is stored in a second storage unit, and selecting an update-candidate biometric information for updating the user's enrolled biometric information from the user's sample biometric information stored in the second storage unit, based on a result of verification of multiple pieces of the user's sample biometric information stored in the second storage unit against enrolled biometric information of other users.Type: GrantFiled: March 19, 2010Date of Patent: October 14, 2014Assignee: Fujitsu LimitedInventor: Ken Kamakura
-
Patent number: 8856904Abstract: A mechanism is provided for enhancing password protection. a combination password that comprises dynamic text interspersed within a static user password is received from a user. A determination is made as to whether the combination password is to be verified without the dynamic text. Responsive to identifying that the combination password is to be verified without the dynamic text, the dynamic text is filtered from the combination password based on an identified dynamic suggestion issued to the user prior to the combination password being received thereby forming a filtered password. The filtered password is then authenticated using information stored for the user. Responsive to validating the filtered password, access is granted by the user to a secured system.Type: GrantFiled: February 22, 2013Date of Patent: October 7, 2014Assignee: International Business Machines CorporationInventors: Abdullah Q. Chougle, Vishal V. Chougule, Priyanka P. Jain
-
Patent number: 8856885Abstract: Methods and systems for managing cloud zones are described herein. A management server for a cloud of computing resources may add private zones to the cloud. The private zones may contain computers owned and operated by a user of the cloud, such as a cloud customer, rather than the cloud operator. The management server may manage the computing resources in the private zone by sending commands to an agent, which in turn relays the management server's commands to the individual computing resources. The agent may be authenticated using a token.Type: GrantFiled: April 30, 2012Date of Patent: October 7, 2014Assignee: Citrix Systems, Inc.Inventors: Alex Huang, Chiradeep Vittal, William Chan
-
Patent number: 8856524Abstract: A cryptographic method is provided for a host system having an associated trusted platform module. A first contribution to a message is computed by the TPM based on a first secret parameter stored in the TPM. The host system computes a second contribution to the message based on a second secret parameter stored in the host system outside the TPM. The first and second contributions to the message are then combined by either the host or the TPM and a first proof is conducted, proving to the host system that the contribution of the TPM was computed correctly or proving to the TPM that the contribution of the host was computed correctly.Type: GrantFiled: September 29, 2006Date of Patent: October 7, 2014Assignee: International Business Machines CorporationInventor: Jan Leonhard Camenisch
-
Patent number: 8856892Abstract: The present disclosure describes methods, systems, and computer program products for interactive authentication can include receiving a valid authentication credential or an invalid authentication credential associated with a digital identity. The credentials can be received from an end user at an input device in association with a login attempt. If a valid authentication credential is received, it is determined whether an identification token is received with the valid authentication credential. If received, the identification token is identified as a token included in a list of valid tokens associated with the digital identity at an authentication system. In response to the determination that the identification token is included in the list of valid tokens, it is determined whether a lockout period associated with the identification token in the list of valid tokens has expired. If expired, the end user associated with the login attempt can be authenticated.Type: GrantFiled: June 27, 2012Date of Patent: October 7, 2014Assignee: SAP AGInventor: Gabor Faludi
-
Patent number: 8856887Abstract: In some embodiments, a non-transitory processor-readable medium includes code to cause a processor to send, from an authorization client on a device to a client authorization module, an indication of multiple applications installed on the device, and receive, at the authorization client and in response to the indication, multiple application tokens from the client authorization module. Each individual application token from the multiple application tokens received by the authorization client is uniquely associated with an application from the multiple applications installed on the device. The authorization client provides each application its associated application token such that each application from the multiple applications can use that application token in order to be authenticated to an application server associated with the application.Type: GrantFiled: July 9, 2012Date of Patent: October 7, 2014Assignee: Ping Identity CorporationInventors: Bryan Field-Eliot, Sateesh Narahari, Paul Madsen
-
Publication number: 20140298029Abstract: The invention discloses a contactless seed programming method, belonging to information security field. In the method, a seed programming device obtains a token ID of a dynamic token, obtains corresponding first seed data according to the token ID, communicates with the dynamic token contactlessly, obtains first seed data from the dynamic token, decrypts the first seed data so as to obtain second seed data, encrypts the second seed data with the first data so as to obtain third seed data and sends the third seed data to the dynamic token; and the dynamic token decrypts the seed and updates seed stored in itself. By the invention, programming operation is simplified and programming efficiency is improved by communicating with the dynamic token contactlessly and security is ensured by transferring the encrypted seed during communication between the programming device and the token.Type: ApplicationFiled: December 25, 2012Publication date: October 2, 2014Applicant: FEITIAN TECHNOLOGIES CO., LTD.Inventors: Zhou Lu, Huazhang Yu
-
Publication number: 20140298030Abstract: A computer assisted name-based aggregation system that acquires anonymized data from a plurality of service providing systems without obtaining the personal information, and identifies the name of the acquired anonymized data. The computer assisted name-based aggregation system transmits a transmission request that requests transmission of data, and a value that changes for each transmission request to the plurality of service providing systems; receives a set containing hash values created based on an identification number for controlling data and the aforementioned value, and the anonymized data specified by the identification number, from the plurality of service providing systems; and identifies the name of anonymized data specified by the hash value from the anonymized data received from each of the plurality of service providing systems.Type: ApplicationFiled: March 27, 2014Publication date: October 2, 2014Applicant: International Business Machines CorporationInventors: Kazuhito Akiyama, Nobuhiro Asai, Masami Tada
-
Patent number: 8850551Abstract: Provided is a method for controlling an information processing system including a relay service device, an intermediate service device, and an authentication service device. The control method includes transmitting an authentication request from the intermediate service device to the intermediate service device; acquiring a first access token from the authentication service device that has made a success of authentication; storing the first access token; comparing the stored first access token with a second access token included in an execution request of an relation processing upon reception of the processing execution request from the relay service; and executing processing received from the intermediate service device when it is determined in the comparing that the first access token matches the second access token or not executing the processing when it is determined in the comparing that the first access token does not match the second access token.Type: GrantFiled: October 26, 2012Date of Patent: September 30, 2014Assignee: Canon Kabushiki KaishaInventor: Koichi Abe
-
Patent number: 8850548Abstract: A user-portable computing device configured as a smart card enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The device includes memory for storing user identities as information cards that are exported to a host computer, presented to a user in visual form, and then selected for use in the authentication process. A security token service installed on the device issues a security token in response to a token request sent from the host computer that references the selected user identity. The security token service uses user attribute information stored on the user device to compose the claim assertions needed to issue the security token. The token is returned to the host computer and used to facilitate the authentication process.Type: GrantFiled: May 27, 2009Date of Patent: September 30, 2014Assignee: Open Invention Network, LLCInventor: Gail-Joon Ahn
-
Patent number: 8850544Abstract: The present invention provides a new method for user centered privacy which works across all 3rd party sites where users post content, or even for encryption of emails. Users have an identity with a Hyde-It Identity provider (HIP) which authenticates the user to a Hyde-It Service (HITS) which performs key distribution. The functionality can be invoked through a user toolbar, built into the browser or be downloaded on demand via a bookmarklet.Type: GrantFiled: April 23, 2009Date of Patent: September 30, 2014Inventor: Ravi Ganesan
-
Patent number: 8850230Abstract: This document describes tools capable of enabling cloud-based movable-component binding. The tools, in some embodiments, bind protected media content to a movable component in a mobile computing device in a cryptographically secure manner without requiring the movable component to perform a complex cryptographic function. By so doing the mobile computing device may request access to content and receive permission to use the content quickly and in a cryptographically robust way.Type: GrantFiled: January 14, 2008Date of Patent: September 30, 2014Assignee: Microsoft CorporationInventors: Patrik Schnell, Alexandre V Grigorovitch, Kedarnath A Dubhashi
-
Patent number: 8848919Abstract: Providing revocation status of at least one associated credential includes providing a primary credential that is at least initially independent of the associated credential, binding the at least one associated credential to the primary credential, and deeming the at least one associated credential to be revoked if the primary credential is revoked. Providing revocation status of at least one associated credential may also include deeming the at least one associated credential to be not revoked if the primary credential is not revoked. Binding may be independent of the contents of the credentials and may be independent of whether any of the credentials authenticate any other ones of the credentials. The at least one associated credential may be provided on an integrated circuit card (ICC). The ICC may be part of a mobile phone or a smart card.Type: GrantFiled: June 18, 2012Date of Patent: September 30, 2014Assignee: Assa Abloy ABInventors: Eric F. Le Saint, Robert S. Dulude
-
Patent number: 8850188Abstract: A system and method for processing certificates located in a certificate search. Certificates located in a certificate search are processed at a data server (e.g. a mobile data server) coupled to a computing device (e.g. a mobile device) to determine status data that can be used to indicate the status of those certificates to a user of the computing device. Selected certificates may be downloaded to the computing device for storage, and the downloaded certificates are tracked by the data server. This facilitates the automatic updating of the status of one or more certificates stored on the computing device by the data server, in which updated status data is pushed from the data server to the computing device.Type: GrantFiled: September 13, 2012Date of Patent: September 30, 2014Assignee: BlackBerry LimitedInventors: Neil P. Adams, Herbert A. Little, Michael K. Brown, Michael S. Brown, Michael G. Kirkup
-
Publication number: 20140281552Abstract: A recording medium is attachable to and detachable from an apparatus body, and is supplied with power from the apparatus body when it is attached to the apparatus body. This recording medium includes: an encryption/decryption control unit performing encryption and decryption of data transmitted from the apparatus body; an authentication control unit performing an authentication procedure for authenticating a password sent from the apparatus body; a non-volatile memory storing an encryption key to be used in the encryption/decryption control unit and the authentication password to be used for authentication in the authentication control unit, and having a data recording area for recording data encrypted by the encryption/decryption control unit; and a volatile memory for storing recorded-position information of data recorded in the data recording area of the non-volatile memory under an unauthenticated condition that the authentication procedure by the authentication control unit has not been performed.Type: ApplicationFiled: February 28, 2014Publication date: September 18, 2014Applicant: PANASONIC CORPORATIONInventor: Masanori MITSUZUMI
-
Patent number: 8839395Abstract: A single sign-on (SSO) system uses simple one-to-one trust relationships between individual applications and an SSO service to extend log in services from one application to another. Each application retains its own login policies and can separately make a decision whether to trust the SSO request or challenge the user for login credentials. By structuring the SSO system to use simple identity mapping, there is no requirement for consolidating user identity records from multiple applications into a single database with its attendant overhead and dependency risks.Type: GrantFiled: May 13, 2011Date of Patent: September 16, 2014Assignee: CCH IncorporatedInventors: Maxim Poliashenko, Robert Baumann
-
Patent number: 8838973Abstract: Reflective factors are used in combination with a, one-time password (OTP) in order to strengthen a system's ability to prevent man in the middle (MITM) phishing attacks. These reflective factors may include information such as URL information, HTTPS, a server's certificate, a session key, or transaction information. These reflective factors help to ensure that a client that wishes to access a server is the legitimate client, because even if a phisher (including a phisher attacking the legitimate client in real time) records identifying information from the legitimate client, it cannot replicate the reflective information to authenticate itself with the server.Type: GrantFiled: February 28, 2012Date of Patent: September 16, 2014Assignee: Google Inc.Inventors: Marcel Mordechai Moti Yung, Omer Berkman
-
Patent number: 8838986Abstract: Invoking a computer implemented service includes receiving a request from a first user to access a service associated with a second user. The request is associated with a security token for the first user and an identity token for the second user. The acceptability of the security token is determined to authenticate the first user, and the acceptability of the identity token is determined to securely identify the second user. The first user is able to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable.Type: GrantFiled: September 23, 2011Date of Patent: September 16, 2014Assignee: Google Inc.Inventor: Conor P. Cahill
-
Patent number: 8839415Abstract: A smart card issuance system and method are disclosed. In a first aspect a method and system for issuing a smart card device (SC) is disclosed. The method and system comprise providing an initialization phase of the SC by a manufacturer and providing an authentication phase of the SC by the manufacturer. The method and system also include deploying the SC, providing a first time authentication phase for a specific customer by the issuer (IS) after the SC is deployed and starting a first phase of the registration process of the SC for the specific customer by the issuer. The method and system further include providing another authentication phase of the SC by IS after the first time authentication; and providing of an authentication of the IS by the SC. When both the SC and IS are mutually authenticated, the IS and the specific customer are allowed to complete the registration process. In a second aspect, a data transmission process and system for a smart card device (SC) of an issuer (IS) is disclosed.Type: GrantFiled: February 1, 2011Date of Patent: September 16, 2014Assignee: Kingston Technology CorporationInventor: Ben Wei Chen
-
Publication number: 20140258726Abstract: According to an embodiment, a smart card includes a communication section, a generation part, a first record section and an erasure section. The communication section transmits and receives data with the external device. The generation section generates a session key according to the command which is received by the communication section and requires generation of a session key. The first record section stores the session key generated by the generation section. The erasure section erases the session key when a holding period of the session key stored in the first record section exceeds a threshold.Type: ApplicationFiled: March 7, 2014Publication date: September 11, 2014Applicant: Kabushiki Kaisha ToshibaInventor: Aki Fukuda
-
Patent number: 8832440Abstract: A data security system includes providing a unique identification from a first system to a second system; copying the unique identification in the second system by the first system; and unlocking a memory in the first system or the second system only when the unique identifications in the first system and the second system are the same.Type: GrantFiled: January 24, 2007Date of Patent: September 9, 2014Assignee: ClevX, LLCInventors: Simon B. Johnson, Lev M. Bolotin
-
Patent number: 8826269Abstract: A virtualization system is described herein that facilitates communication between a virtualized application and a host operating system to allow the application to correctly access resources referenced by the application. When the operating system creates a virtualized application process, the virtualization system annotates a data structure associated with the process with an identifier that identifies the virtualized application environment associated with the process. When operating system components make requests on behalf of the originating virtual process, a virtualization driver checks the data structure associated with the process to determine that the helper process is doing work on behalf of the virtualized application process. Upon discovering that the thread is doing virtual process work, the virtualization driver directs the helper process's thread to the virtual application's resources, allowing the helper process to accomplish the requested work with the correct data.Type: GrantFiled: June 15, 2009Date of Patent: September 2, 2014Assignee: Microsoft CorporationInventors: Hui Li, John M. Sheehan
-
Patent number: 8825928Abstract: A device or “dongle” (30) is provided for controlling communications between a Subscriber Identity Module (or SIM) (12), such as of the type used in a GSM cellular telephone system, and a computer, such as a WINDOWS® operating system-based PC (10). The SIM (12) can be authenticated by the telephone network, in the same way as for authenticating SIMs of telephone handset users in the network, and can in this way authenticate the user of the PC (10) or the PC (10) itself. Such authentication can, for example, permit use of the PC (10) for a time-limited session in relation to a particular application which is released to the PC (10) after the authentication is satisfactorily completed. The application may be released to the PC (10) by a third party after and in response to the satisfactory completion of the authentication process. A charge for the session can be debited to the user by the telecommunications network and then passed on to the third party.Type: GrantFiled: October 9, 2003Date of Patent: September 2, 2014Assignee: Vodafone Group PLCInventors: David Jeal, George Stronach Mudie
-
Patent number: 8819413Abstract: A method and apparatus for providing collaborative claim verification using an identification management (IDM) system. The IDM system collaborates with at least one trusted authority that provides information to a validity database within the IDM system. The database information collected from the at least one trusted authority is used to verify a user's entered identification information i.e., a user's identity claim. Such validation through a plurality of trusted authorities can provide a statistical truth to the identity claims provided by a user.Type: GrantFiled: December 22, 2006Date of Patent: August 26, 2014Assignee: Symantec CorporationInventors: Brian Hernacki, Sourabh Satish
-
Patent number: 8819422Abstract: System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list.Type: GrantFiled: April 22, 2008Date of Patent: August 26, 2014Assignee: Motorola Mobility LLCInventors: Mahesh V. Tripunitara, Dean H. Vogler, Patrick Toomey