Pre-loaded With Certificate Patents (Class 713/173)
  • Patent number: 10333775
    Abstract: Disclosed herein are systems, devices, and methods for provisioning a local analytics device to interact with a remote computing system on behalf of an asset that is coupled to the local analytics device and that is associated with a particular customer account hosted by the remote computing system.
    Type: Grant
    Filed: December 6, 2016
    Date of Patent: June 25, 2019
    Assignee: Uptake Technologies, Inc.
    Inventors: Brad Nicholas, Brett Heliker
  • Patent number: 10305898
    Abstract: During secure communications between two parties, the identity of the message creator is not always certain. In many cases, the signature of the message is automatically generated by the computer of the sending party. On the other hand, the signature of the received message from the sender indicates only form whose account the message comes, but it may not be the sender himself sending the message. In this patent, we propose the use of a personal attribute to be included in the secure message protocols. This personal attribute could be the personal typing rhythm (keystroke dynamics) of the message originator. This patent defines a methodology and algorithms for two different cases: when the information is encrypted, and when it is not. Also included in this methodology are the cases where a Rhythm Certification Agency (RCA) is used to validate rhythm information, or without an RCA.
    Type: Grant
    Filed: April 22, 2018
    Date of Patent: May 28, 2019
    Inventor: Carlos Manuel Gonzalez
  • Patent number: 10262158
    Abstract: A firmware includes a firmware module for copying a digitally signed binary file that includes a firmware globally unique identifier (GUID), tool GUIDs, and feature GUIDs to an Advanced Configuration and Power Management interface (ACPI) table (the Firmware Enabled Tool Registry (FETR) table). If the FETR table is stored in memory, a firmware tool determines whether a digital signature of the signed binary file can be verified. If the digital signature can be verified, the firmware tool determines if the firmware GUID stored in the FETR table matches a firmware GUID stored in another ACPI table. If the firmware GUIDs match, the firmware tool determines whether its tool GUID matches a tool GUID stored in the FETR table. The firmware tool can continue to execute if the tool GUIDs match. Firmware tool features are enabled if feature GUIDs in the FETR table match feature GUIDs of the firmware tool.
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: April 16, 2019
    Assignee: American Megatrends, Inc.
    Inventors: Stefano Righi, Paul Anthony Rhea
  • Patent number: 10206103
    Abstract: Systems and methods of providing a secure access layer in a mobile phone and a computer system coupled to the mobile phone to provide authentication for transmitting data between the phone and the computer system.
    Type: Grant
    Filed: August 5, 2016
    Date of Patent: February 12, 2019
    Assignee: FUTURE DIAL, INC.
    Inventor: Benedict Chong
  • Patent number: 10158608
    Abstract: It is disclosed a method and a constrained resource device (502, 70, 90) for establishing a secret first key between a client device (506) and the constrained resource device. The invention also relates to a method and an authorization server (504, 60, 80) for enabling establishing a secret first key between a client device (506) and the constrained resource device. Based on a secret second key shared (508) between the constrained RD and the AS, the secret first key shared between the constrained resource device and the client device can be established. Devices having constrained resources cannot use protocols with which additional messages are required to share a secure identity. Embodiments of the present invention have the advantage that a secret identity can be established within an authentication protocol and that no additional messages are required to establish the secret identity.
    Type: Grant
    Filed: July 2, 2013
    Date of Patent: December 18, 2018
    Inventor: Göran Selander
  • Patent number: 10013565
    Abstract: An information handling system includes a trusted platform module (TPM) and a storage device, the TPM provides boot authentication for the information handling system such that, during a pre-boot phase, the TPM can access a platform configuration register (PCR). During a first instance of the pre-boot phase, the information handling system provides a public/private key pair including a public key and a private key, stores the private key to an encrypted storage of the TPM, seals the private key in the encrypted storage to the PCR, and stores the public key to the storage device. During an operating system phase that is after the first instance of the pre-boot phase, the information handling system retrieves the public key from the storage device, encrypts transfer data using the public key, and stores the encrypted transfer data to the storage device.
    Type: Grant
    Filed: August 18, 2014
    Date of Patent: July 3, 2018
    Assignee: DELL PRODUCTS, LP
    Inventors: Ricardo L. Martinez, Anand P. Joshi
  • Patent number: 9985939
    Abstract: In a case in which information about authorization that is identified based on an authorization token issued in an old authentication system satisfies a condition, the old authorization token is updated with a new authorization token.
    Type: Grant
    Filed: May 17, 2016
    Date of Patent: May 29, 2018
    Assignee: Canon Kabushiki Kaisha
    Inventor: Masahito Numata
  • Patent number: 9918226
    Abstract: The disclosed embodiments related to a first electronic device (such as a cellular telephone) that includes a secure element. In response to a challenge and a request for a secure-element identifier associated with the secure element, which are received from a second electronic device (such as a trusted services manager that loads content onto the secure element), the secure element provides to the second electronic device: the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature. The digital signature may include a signed version of the challenge and the secure-element identifier, which are encrypted using an encryption key associated with a provider of the secure element. In this way, the second electronic device may certify the secure element.
    Type: Grant
    Filed: September 2, 2014
    Date of Patent: March 13, 2018
    Assignee: APPLE INC.
    Inventor: Ahmer A. Khan
  • Patent number: 9471948
    Abstract: The product unit disclosed herein has identification data that are stored internally in memory. This stored identification data can be viewed as the product unit's “digital nameplate,” in that the data can represent the product unit's identifier, brand, and so on. Each data set is digitally signed while on the production line by using an encryption technique. The digitally signed data set is then written into the product unit's memory where it can be used for verification. A first digitally-signed data set can be used to control the use of one or more software modules that are provided by a software owner. The data that are undergoing signature contain at least one globally-unique identifier, which can be used to identify cloning attempts. Additionally, more than one digital signature can be used, in order to protect and control the use of features other than the software, such as the product brand.
    Type: Grant
    Filed: December 8, 2014
    Date of Patent: October 18, 2016
    Assignee: Seed Labs Sp. z o.o.
    Inventors: Maciej Langman, Szymon Slupik, Adam Gembala
  • Patent number: 9450951
    Abstract: In one embodiment, a device and a services provisioning system establish an over-the-air connection with each other, and perform device posture validation to obtain a unique identification (ID) of the device at the provisioning system. The device and provisioning system then participate in device and user authentication in response to a confirmed unique ID by a backend access control system, where the device generates a secure key pair after successful user authentication. In response to the device being approved for services (e.g., checked by the provisioning system via a registration system), the provisioning system provides a root certificate to the device, and the device sends a certificate enrollment request back to the provisioning system. In response to a certificate authority signing the certificate request, the provisioning system returns a valid certificate to the device, and the valid certificate is installed on the device.
    Type: Grant
    Filed: December 29, 2015
    Date of Patent: September 20, 2016
    Assignee: Cisco Technology, Inc.
    Inventors: Plamen Nedeltchev, Helder F. Antunes, David Sisto Iacobacci, Pedro Leonardo, Parag Thakore, Gautam M. Aggarwal, Anuj Sawani
  • Patent number: 9405925
    Abstract: Applications are stored on removable storage of a mobile device in an encrypted form to provide isolation and piracy protection. In one implementation, each application is encrypted using its own associated encryption key that is generated based on an identifier of the application and a master key that is associated with a trusted platform module of the mobile device. In another implementation, each application is encrypted using two associated encryption keys. One key is used to encrypt binary data associated with the application such as source code, and the other key is used to encrypt application data such as graphics and configuration files. The encryption keys are each generated using the identifier of the application, the master key, and identifiers of the folders where the corresponding data types are stored on the mobile device. The removable storage includes SD cards formatted using the FAT or exFAT file systems.
    Type: Grant
    Filed: February 9, 2014
    Date of Patent: August 2, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: David Callaghan, Ravisankar Pudipeddi, Geir Olsen, Sachin Patel, JianMing Zhou, Dylan D'Silva
  • Patent number: 9385871
    Abstract: An apparatus and method for authenticating a Non-Volatile Memory (NVM) device are provided. A host device that authenticates the NVM device transmits challenge information for authentication to the NVM device, receives pieces of authentication information in response to the challenge information from the NVM device, and authenticates the NVM device using the pieces of authentication information by the host device. The pieces of authentication information are generated based on the challenge information and secret key information stored in the NVM device.
    Type: Grant
    Filed: May 23, 2012
    Date of Patent: July 5, 2016
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Bo-Gyeong Kang, Moon-Sang Kwon
  • Patent number: 9240979
    Abstract: A method and apparatus for providing an automated key distribution to enable communication between two networked devices. A monitoring device receives a request from a network device to send a certificate using a second secure connection prior to an expiration of a timeout period, wherein the second secure connection was created using a known port in response to determining that a request to create a first secure connection was rejected. The monitoring device sends the certificate to the network device using the second secure connection, and establishes the first secure connection with the network device in response to the network device receiving the public key of the monitoring device from a server system by using the certificate.
    Type: Grant
    Filed: January 17, 2014
    Date of Patent: January 19, 2016
    Assignee: Red Hat, Inc.
    Inventor: James Paul Schneider
  • Patent number: 9152794
    Abstract: A method relating generally to generating a boot image, as performed by an information handling system, for an embedded device is disclosed. This method includes a public key obtained by a boot image generator. A first hash for the public key is generated by the boot image generator. The first hash is provided to a signature generator. A first signature for the first hash is generated by the signature generator. A first partition for the boot image is obtained by the boot image generator. A second hash for the first partition is generated by the boot image generator. The second hash is provided to the signature generator. A second signature for the second hash is generated by the signature generator. The boot image generator and the signature generator are programmed into the information handling system. The boot image includes the public key, the first signature, and the second signature. The boot image is output from the information handling system.
    Type: Grant
    Filed: September 5, 2013
    Date of Patent: October 6, 2015
    Assignee: XILINX, INC.
    Inventors: Lester S. Sanders, Yatharth K. Kochar
  • Patent number: 9076000
    Abstract: An authentication device includes circuitry that holds L (L?2) secret keys si (i=1 to L) and L public keys yi that satisfy yi=F(si) with respect to a set F of multivariate polynomials of n-th order (n?2). The circuitry also performs with a verifier, an interactive protocol for proving knowledge of (L?1) secret keys si that satisfy yi=F(si). The circuitry receives L challenges from the verifier, arbitrarily selects (L?1) challenges from the L challenges received. The circuitry also generates, by using the secret keys si, (L?1) responses respectively for the (L?1) challenges selected, and transmits the (L?1) responses generated.
    Type: Grant
    Filed: July 12, 2011
    Date of Patent: July 7, 2015
    Assignee: Sony Corporation
    Inventors: Koichi Sakumoto, Taizo Shirai, Harunaga Hiwatari
  • Patent number: 9026794
    Abstract: An information processing system including a medium where a content to be played is stored; and a playing apparatus for playing a content stored in the medium; with the playing apparatus being configured to selectively activate a playing program according to a content type to be played, to obtain a device certificate correlated with the playing program from storage by executing the playing program, and to transmit the obtained device certificate to the medium; with the device certificate being a device certificate for content types in which content type information where the device certificate is available is recorded; and with the medium determining whether or not an encryption key with reading being requested from the playing apparatus is an encryption key for decrypting an encrypted content matching an available content type recorded in the device certificate, and permitting readout of the encryption key only in the case of matching.
    Type: Grant
    Filed: July 11, 2012
    Date of Patent: May 5, 2015
    Assignee: Sony Corporation
    Inventors: Kenjiro Ueda, Hiroshi Kuno, Takamichi Hayashi
  • Publication number: 20150121077
    Abstract: A method and an apparatus for controlling a lock state of an electronic device, and a system therefor are provided. The method includes signing a lock state update request by using a unique key loaded in a confidence region of the electronic device when a lock state change is requested, generating a lock state control request message including the lock state update request, the signed lock state update request, and a certificate of the electronic device, transmitting the generated lock state control request message to a service provider server, and authenticating a lock state update command in a communication processor of the electronic device and updating a state of the communication processor according to the lock state update command when the lock state update command is received from the service provider server.
    Type: Application
    Filed: October 24, 2014
    Publication date: April 30, 2015
    Inventors: Bumhan KIM, Chankyu HAN, Michael PARK
  • Patent number: 9021566
    Abstract: A web server authenticates a user with a web client using a database user table and provides a list of new applications, suspended application sessions, and running application sessions. In response to a request for a new application session, a connection is made from an agent server to an application server hosting the requested application, and connection information including a unique session_ID is added to a database session table such that the client can send a user selection for a session_ID to the web server, which associates the requested session_ID to an existing suspended or running application session using the connection database. For additional security, the client is determined to be trusted or untrusted, and if untrusted, connections to the client are made through a forwarding host, which makes connections to the agent server, and the agent server maintains persistent connections from the agent server to the application server.
    Type: Grant
    Filed: October 19, 2012
    Date of Patent: April 28, 2015
    Assignee: Starnet Communications Corporation
    Inventors: Panagiotis Panayotopoulos, Martin Porcelli, Steven Schoch
  • Patent number: 9021572
    Abstract: A method of anonymous access to a service, comprising the allocation, by at least one certifying entity, of a plurality of certificates to a user entity, the certificates being calculated on the basis of at least one attribute associated with the user entity, the calculation, by the user entity, of an aggregated certificate on the basis of a plurality of certificates among the certificates allocated to the user entity, the calculation, by the user entity, of a proof of knowledge of the aggregated certificate and a verification, performed by a verifying entity, of at least one of these certificates by means of said proof of knowledge, the access to the service being provided by the verifying entity to the user entity as a function of the result of this verification.
    Type: Grant
    Filed: December 19, 2011
    Date of Patent: April 28, 2015
    Assignee: Orange
    Inventors: Sébastien Canard, Roch Lescuyer
  • Patent number: 9015817
    Abstract: A computer system receives a request to access a server. The request includes a first device tag set. When the first device tag set matches a previously assigned device tag set, the computer system allows access to the server without requesting full access credentials of a user. The computer system invalidates the first device tag set, and sends a second device tag set. When the first device tag set does not match the previously assigned device tag set, the computer system requests full access credentials from the user.
    Type: Grant
    Filed: April 3, 2013
    Date of Patent: April 21, 2015
    Assignee: Symantec Corporation
    Inventors: Mingliang Pei, Liyu Yi, Ajay Ramamurthy, Mark Chan, Salil Sane
  • Patent number: 9015821
    Abstract: A user authentication method and system. A computing system receives from a user, a first request for accessing specified functions executed by a specified software application. The computing system enables a security manager software application and connects the specified software application to a computing apparatus. The computing system executes first security functions associated with the computing apparatus. The computing system executes second security functions associated with additional computing apparatuses. The computing system determines if the user may access the specified functions executed by the specified software application based on results of executing the first security functions and the second security functions. The computing system generates and stores a report indicating the results.
    Type: Grant
    Filed: July 26, 2013
    Date of Patent: April 21, 2015
    Assignee: International Business Machines Corporation
    Inventors: Sara H. Basson, Dimitri Kanevsky, Edward E. Kelley, Irina Rish
  • Patent number: 8996873
    Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
    Type: Grant
    Filed: April 8, 2014
    Date of Patent: March 31, 2015
    Assignee: Cloudflare, Inc.
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
  • Patent number: 8997191
    Abstract: Embodiments of the invention relate to collecting keystroke timing data of samples of a phrase input by a user on an input device during different user sessions, and creating a biometric user template based on the timing data collected during the different sessions. Once a sufficient number of samples are collected, the template may be used to authenticate the user.
    Type: Grant
    Filed: February 3, 2009
    Date of Patent: March 31, 2015
    Assignee: Servicesource International, Inc.
    Inventors: Yvonne J. Stark, Mechthild Reginu Kellas-Dicks
  • Patent number: 8997192
    Abstract: A secure processor such as a TPM generates one-time-passwords used to authenticate a communication device to a service provider. In some embodiments the TPM maintains one-time-password data and performs the one-time-password algorithm within a secure boundary associated with the TPM. In some embodiments the TPM generates one-time-password data structures and associated parent keys and manages the parent keys in the same manner it manages standard TPM keys.
    Type: Grant
    Filed: May 17, 2013
    Date of Patent: March 31, 2015
    Assignee: Broadcom Corporation
    Inventors: Mark Buer, Douglas Allen
  • Patent number: 8990559
    Abstract: Embodiments of the present invention provide for a method, system, and apparatus for creating a policy compliant environment on a computer. In an embodiment of the invention, an encrypted file can be loaded into memory of a computing. The encrypted file can define a security policy for the computing device. The method can further include validating the encrypted file to ensure an authenticity of the encrypted file and updating the security policy of a target computing device in response to a successful validation of the encrypted file according to the validated encrypted file.
    Type: Grant
    Filed: February 7, 2013
    Date of Patent: March 24, 2015
    Assignee: SteelCloud, LLC
    Inventors: Brian H. Hajost, Bao Nguyen
  • Patent number: 8990890
    Abstract: In a first embodiment of the present invention, a method for operating a presence server in a home network is provided, the method comprising: receiving a request for presence information; sending an event notification to all subscribed control points informing them of the request for presence information; receiving an action from one of the subscribed control points accepting or rejecting the request for presence information; and if the action received from the one of the subscribed control points accepts the request for presence information, causing presence information regarding the one of the subscribed control points to be sent to the entity that sent the request for presence information.
    Type: Grant
    Filed: April 27, 2011
    Date of Patent: March 24, 2015
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Mahfuzur Rahman, Russell Berkoff
  • Patent number: 8977844
    Abstract: An embodiment generally relates to a method of managing tokens. The method includes detecting a presence of a token at a client and determining a status of the token. The method also includes formatting the token at the client in response to the status of the token being unformatted.
    Type: Grant
    Filed: August 31, 2006
    Date of Patent: March 10, 2015
    Assignee: Red Hat, Inc.
    Inventors: Steven William Parkinson, Robert B. Lord
  • Patent number: 8977857
    Abstract: A client device has one or more processors and memory. An application running on the device obtains a client certificate from a system service running on the device. The certificate includes a public key for the device. The device is authenticated to a remote server using the certificate. The application receives encrypted application identification information and an encrypted access token from the server. The application is authenticated to the device by comparing the received application identification information with corresponding application identification information from the application. The application invokes the system service to unencrypt the access token using the private key corresponding to the public key. The application sends a request for protected information to the server. The request includes the unencrypted access token.
    Type: Grant
    Filed: February 8, 2013
    Date of Patent: March 10, 2015
    Assignee: Google Inc.
    Inventor: Oscar del Pozo Triscon
  • Patent number: 8972591
    Abstract: A method for downloading software from a host device to an electronic device through a communication line, which, even when the download is interrupted, can simplify the procedure to restart the download while maintaining security. In the method, a certificate of authenticity data, which the card reader has obtained from the HOST computer, is stored in the non volatile memory. The download of the software from the HOST computer to the card reader is executed. The verification of authenticity data is obtained by calculation with respect to the downloaded software. This verification of authenticity data is then compared with the certificate of authenticity data obtained from the HOST computer, and the downloaded software is run when the certificate of authenticity data matches the verification of authenticity data.
    Type: Grant
    Filed: January 11, 2011
    Date of Patent: March 3, 2015
    Assignee: Nidec Sankyo Corporation
    Inventor: Tsutomu Baba
  • Patent number: 8973122
    Abstract: A two-factor network authentication system uses “something you know” in the form of a password/Pin and “something you have” in the form of a key token. The password is encrypted in a secure area of the USB device and is protected from brute force attacks. The key token includes authentication credentials. Users cannot authenticate without the key token. Four distinct authentication elements that the must be present. The first element is a global unique identifier that is unique to each key. The second is a private credential generated from the online service provider that is stored in a secure area of the USB device. The third element is a connection profile that is generated from the online service provider. The fourth element is a credential that is securely stored with the online service provider. The first two elements create a unique user identity. The second two elements create mutual authentication.
    Type: Grant
    Filed: April 20, 2012
    Date of Patent: March 3, 2015
    Assignee: Directpointe, Inc.
    Inventors: Justin M. Beck, Chad L Swensen
  • Patent number: 8966262
    Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.
    Type: Grant
    Filed: October 8, 2013
    Date of Patent: February 24, 2015
    Inventors: Stephan V. Schell, Arun G. Mathias, Jerrold Von Hauck, David T. Haggerty, Kevin McLaughlin, Ben-Heng Juang, Li Li
  • Patent number: 8959356
    Abstract: A storage controller and program product is provided for performing double authentication for controlling disruptive operations on storage resources generated by a system administrator. A first request is received from a first user for generation of a first key. A first key is generated, provided to the first user and associated with the storage resource. An input is received from the administrator, the input comprises a second key and a command for performing the disruptive operation. The second key and the first key are compared. It is verified that the administrator is authorized as an administrator of the storage resource. The disruptive operation is performed on the storage resource if the second key and the first key match and the administrator is authorized. Otherwise, the performance of the disruptive operation is denied.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: February 17, 2015
    Assignee: International Business Machines Corporation
    Inventors: Vincent Boucher, Sebastien Chabrolles, Benoit Granier, Arnaud Mante
  • Patent number: 8955061
    Abstract: An information processing apparatus for executing authentication processing, characterized by comprises: storage means for storing, in association with each other, an image, region information indicating a region included in the image, and word information indicating an object linked with the region; determination means for determining an image to be used for the authentication processing among the images stored in the storage means; display means for displaying the image determined by the determination means; specification means for specifying, in a case where a user designates a position within the image displayed by the display means, word information associated with region information of a region including the position; and authentication means for executing authentication processing using the word information specified by the specification means.
    Type: Grant
    Filed: April 10, 2013
    Date of Patent: February 10, 2015
    Assignee: Canon Kabushiki Kaisha
    Inventor: Manami Hatano
  • Patent number: 8954759
    Abstract: A magnetic memory device includes a main memory made of magnetic memory, the main memory and further includes a parameter area used to store parameters used to authenticate data. Further, the magnetic memory device has parameter memory that maintains a protected zone used to store protected zone parameters, and an authentication zone used to store authentication parameters, the protection zone parameters and the authentication parameters being associated with the data that requires authentication. Upon modification of any of the parameters stored in the parameter memory by a user, a corresponding location of the parameter area of the main memory is also modified.
    Type: Grant
    Filed: September 14, 2012
    Date of Patent: February 10, 2015
    Assignee: Avalanche Technology, Inc.
    Inventors: Siamack Nemazie, Ngon Van Le
  • Patent number: 8955039
    Abstract: Generally, this disclosure describes devices, methods and systems for securely providing context sensor data to mobile platform applications. The method may include configuring sensors to provide context data, the context data associated with a mobile device; providing an application programming interface (API) to a sensor driver, the sensor driver configured to control the sensors; providing a trusted execution environment (TEE) operating on the mobile device, the TEE configured to host the sensor driver and restrict control and data access to the sensor driver and to the sensors; generating a request for the context data through the API, the request generated by an application associated with the mobile device; receiving, by the application, the requested context data and a validity indicator through the API; verifying, by the application, the requested context data based on the validity indicator; and adjusting a policy associated with the application based on the verified context data.
    Type: Grant
    Filed: September 12, 2012
    Date of Patent: February 10, 2015
    Assignee: Intel Corporation
    Inventors: Gyan Prakash, Jesse Walker, Saurabh Dadu
  • Patent number: 8955044
    Abstract: A method of generating a time managed challenge-response test is presented. The method identifies a geometric shape having a volume and generates an entry object of the time managed challenge-response test. The entry object is overlaid onto the geometric shape, such that the entry object is distributed over a surface of the geometric shape, and a portion of the entry object is hidden at any point in time. The geometric shape is rotated, which reveals the portion of the entry object that is hidden. A display region on a display is identified for rendering the geometric shape and the geometric shape is presented in the display region of the display.
    Type: Grant
    Filed: October 4, 2010
    Date of Patent: February 10, 2015
    Assignee: Yahoo! Inc.
    Inventors: Kunal Punera, Shanmugasundaram Ravikumar, Anirban Dasgupta, Belle Tseng, Hung-Kuo (James) Chu
  • Patent number: 8925046
    Abstract: A device includes a memory which stores a program, and a processor which executes, based on the program, a procedure comprising establishing a session with a request source when a request for a service, made to a second providing source, has been received from the request source, the second providing source providing the service based on data stored in a first providing source; and when an inquiry about whether to transmit the data to the second providing source has been received from the first providing source, notifying, so as to encrypt a mask range of the data, the first providing source of session information indicating the session established with the request source and notifying the request source of the session information so as to decrypt the encrypted mask range of data based on the session information.
    Type: Grant
    Filed: February 25, 2013
    Date of Patent: December 30, 2014
    Assignee: Fujitsu Limited
    Inventors: Takao Ogura, Fumihiko Kozakura
  • Patent number: 8918848
    Abstract: Methods and systems for third party client authentication of a client. A method includes displaying a user interface on a display of the client, the user interface including an option to select a supported credential type of a third party authentication server, receiving a command selecting the supported credential type, and sending credential information and the selected supported credential type to an authentication server for third party authentication by the third party authentication server. The third party authentication server may support a token-based authentication protocol for implementing single sign on (SSO).
    Type: Grant
    Filed: April 26, 2010
    Date of Patent: December 23, 2014
    Assignee: BlackBerry Limited
    Inventors: Girish Kumar Sharma, Lenny Kwok-Ming Hon, Joseph Daniel Burjoski, Kenneth Cyril Schneider
  • Publication number: 20140372762
    Abstract: A trusted device, such as a wristwatch 2, is provided with authentication circuitry 26, used to perform an authentication operation to switch the trusted device into an authenticated state. Retention monitoring circuitry 32 monitors the physical possession of the trusted device by the user following the authentication operation and switches the trusted device out of an authenticated state if the trusted device does not remain in the physical possession of the user. While the trusted device remains in the physical possession of the user, communication triggering circuitry 38 is used to detect a request to establish communication with a target device that is one of a plurality of different target devices and communication circuitry 40 is used to communicate with that target device using an authenticated identity of the user.
    Type: Application
    Filed: June 18, 2013
    Publication date: December 18, 2014
    Inventors: Krisztian FLAUTNER, Hugo John Martin Vincent, Amyas Edward Wykes Phillips, Robert George Taylor
  • Publication number: 20140359294
    Abstract: Systems, software, and methods are provided for configurable, encrypted, secure QR code creation and use. Furthermore, these codes can be used by many entities to provide improved monitoring for a variety of systems.
    Type: Application
    Filed: May 23, 2014
    Publication date: December 4, 2014
    Applicant: Cartasite, Inc.
    Inventor: David L. Armitage
  • Publication number: 20140359295
    Abstract: A method is provided for transferring control of a security module from a first entity to a second entity. The security module has a first security domain controlled by the first entity by at least one first secret control key specific to the first entity, and a second security domain, the second domain containing a private key and a certificate of a public key of a controlling authority. The method includes: receiving a request to obtain the certificate; sending the certificate; receiving data encrypted by the public key of the certificate, the data including at least one second secret control key specific to the second entity; decrypting the data; verifying the data; and if the verification is positive, replacing the at least one first secret control key by the at least one second secret control key.
    Type: Application
    Filed: October 12, 2012
    Publication date: December 4, 2014
    Applicant: ORANGE
    Inventors: Ahmad Saif, Bertrand Pladeau
  • Patent number: 8904178
    Abstract: A method and apparatus for directing a client to establish a secure connection with a server across a public network. The server and the client exchange a Server Authentication Public Key, a Client Authentication Public Key, and a Remote Service Unique Identifier (RSUID) during a registration process. In one embodiment, the method includes the client transmitting to the server a client information package having the RSUID and a client challenge information package encrypted with the Server Authentication Public Key, the client receiving from the server a server information package having the RSUID and a server challenge information package and a portion of the received client challenge information encrypted with the Client Authentication Public Key, the client decrypting and verifying the server challenge information package with the Client Authentication Private Key, and, the client transmitting to the server an encrypted portion of the received client challenge information.
    Type: Grant
    Filed: September 26, 2007
    Date of Patent: December 2, 2014
    Assignee: International Business Machines Corporation
    Inventors: Mark F. Wilding, Randall W. Horman
  • Patent number: 8904193
    Abstract: A method for operating a security device includes a microcontroller, a protected memory area, in which at least one item of protection-worthy information is stored, and a unit, the microcontroller being connected to the protected memory area via the unit, the at least one item of protection-worthy information being accessed by the microcontroller via the unit when the method is carried out.
    Type: Grant
    Filed: November 22, 2010
    Date of Patent: December 2, 2014
    Assignee: Robert Bosch GmbH
    Inventors: Markus Ihle, Robert Szerwinski, Oliver Bubeck, Jan Hayek, Jamshid Shokrollahi
  • Patent number: 8898458
    Abstract: A method includes receiving at a first computer a new certificate which is to replace an old certificate associated with the first computer and associating by the first computer the new certificate with the first computer. In response to the first computer associating the new certificate with the first computer, the first computer accesses an email address book of the first computer having information identifying a second computer as having received the old certificate to determine from the information that the second computer is to associate the new certificate in place of the old certificate with the first computer. In turn, the first computer transmits the new certificate to the second computer for the second computer to associate the new certificate with the first computer.
    Type: Grant
    Filed: July 7, 2010
    Date of Patent: November 25, 2014
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Brian M. Novack, Daniel L. Madsen, Michael D. Cheaney, Timothy R. Thompson
  • Patent number: 8874918
    Abstract: A method for conditionally allowing fruition of broadcast contents, broadcast by a contents broadcaster and received by a user by means of a receiving equipment, includes: performing, locally at the receiving equipment of the user, a first fruition entitlement check based on first fruition entitlement data available locally at the receiving equipment; having the receiving equipment provide to the contents broadcaster the first fruition entitlement data exploiting a return communications channel of the receiving equipment; having the contents broadcaster perform a second fruition entitlement check based on a comparison between the received first fruition entitlement data and second fruition entitlement data available locally to the contents broadcaster; and conditioned on a result of the second check, having the contents broadcaster provide to the receiving equipment, exploiting the return communications channel, a fruition entitlement confirmation notification; at the receiving equipment, conditioning the fru
    Type: Grant
    Filed: April 28, 2005
    Date of Patent: October 28, 2014
    Assignee: Telecom Italia S.p.A.
    Inventor: Paolo Goria
  • Patent number: 8874938
    Abstract: A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program.
    Type: Grant
    Filed: July 26, 2013
    Date of Patent: October 28, 2014
    Assignee: Panasonic Intellectual Property Corporation of America
    Inventors: Hideki Matsushima, Teruto Hirota, Yukie Shoda, Shunji Harada
  • Publication number: 20140304514
    Abstract: The present invention includes a system for monitoring the transmission of digital files across a secured boundary of a private ecosystem. Because an application programming interface making calls to a web application platform controls the placement of security tokens, distinct programs on devices from which transmissions originate, or are bound, to place and update tokens is generally obviated.
    Type: Application
    Filed: April 7, 2014
    Publication date: October 9, 2014
    Applicant: MACH 1 DEVELOPMENT, INC.
    Inventor: Paul Greene
  • Patent number: 8856904
    Abstract: A mechanism is provided for enhancing password protection. a combination password that comprises dynamic text interspersed within a static user password is received from a user. A determination is made as to whether the combination password is to be verified without the dynamic text. Responsive to identifying that the combination password is to be verified without the dynamic text, the dynamic text is filtered from the combination password based on an identified dynamic suggestion issued to the user prior to the combination password being received thereby forming a filtered password. The filtered password is then authenticated using information stored for the user. Responsive to validating the filtered password, access is granted by the user to a secured system.
    Type: Grant
    Filed: February 22, 2013
    Date of Patent: October 7, 2014
    Assignee: International Business Machines Corporation
    Inventors: Abdullah Q. Chougle, Vishal V. Chougule, Priyanka P. Jain
  • Patent number: 8856514
    Abstract: A renewed digital certificate is obtained within an asynchronous messaging environment from a certificate server of an issuer of an existing digital certificate to replace the existing digital certificate. The renewed digital certificate includes an extended attribute that stores a serial number value of the existing digital certificate. A message is received with a symmetric key that is encrypted using the existing digital certificate. The symmetric key is identified within the message by the serial number value of the existing digital certificate. The message is processed using the renewed digital certificate.
    Type: Grant
    Filed: March 12, 2012
    Date of Patent: October 7, 2014
    Assignee: International Business Machines Corporation
    Inventors: Bret W. Dixon, Scot W. Dixon
  • Patent number: 8856531
    Abstract: Methods, computer program products, and systems are provided for using a single shared secured connection among all servers in a cluster by efficiently establishing and securely disseminating a shared key between the servers. In particular, this is done by using a Diffie-Hellman key agreement scheme among the servers using an ordered list of servers generated on-the-fly.
    Type: Grant
    Filed: June 27, 2011
    Date of Patent: October 7, 2014
    Assignee: EMC Corporation
    Inventors: Peter Alan Robinson, Kanchan Kaur, Sean Parkinson