Pre-loaded With Certificate Patents (Class 713/173)
-
Patent number: 8074266Abstract: By enabling to write information which is readable only by an IC card owner on an IC card without inputting a PIN and to authenticate a creator of the written information and prevent falsification, it is guaranteed that data written on the IC card can be read only by the IC card owner, the creator of the written data can be specified, and the written data has not been falsified. A secure memory card 101 includes a card private key storing unit 208 storing a private key, a card certificate storing unit 202 storing a certificate of a public key which forms a pair with the private key, a certificate sending unit 201 sending the certificate to a PC 102, a private storing unit 203 which is readable/writable from the outside only when a correct PIN is input, a public storing unit 210 which is readable/writable from the outside without checking a PIN, a confidential data receiving unit 211 receiving confidential data from the PC 102, and so on.Type: GrantFiled: August 20, 2004Date of Patent: December 6, 2011Assignee: Mitsubishi Electric CorporationInventor: Takeshi Yoneda
-
Patent number: 8061589Abstract: A method is described that involves creating a private key and a public key cryptographic key pair, generating a unique and random identifier for a voter's vote and accepting an election vote from said voter. The vote and identifier are electronically signed with the private key to create a digital signature. The vote and identifier are provided in a human readable format to the voter.Type: GrantFiled: October 19, 2007Date of Patent: November 22, 2011Inventors: Barry Cohen, Ira Cohen
-
Patent number: 8065717Abstract: This invention provides a system, method and computer program product to allow a user to access administrative security features associated with the use of a security token. The administrative security features provide the user the ability to unlock a locked security token, diagnose a security token, activate and deactivate a security token, request a replacement security token or temporary password or report the loss of a security token. The invention comprises a client application which integrates into the standard user login dialog associated with an operating system. A portion of the user dialog is linked to a remote server to access the administrative services.Type: GrantFiled: November 27, 2002Date of Patent: November 22, 2011Assignee: ActivcardInventor: Jamie Angus Band
-
Patent number: 8065516Abstract: A magnetic disk drive is provided capable of reducing a processing load even in a mode of, for example, reproduction during recording. In one embodiment, a magnetic disk drive includes a storage unit for storing certificate information that relates to the magnetic disk drive and corresponds to a root key of a certification organization. The certificate information is used on the host side to perform authentication processing of the magnetic disk drive.Type: GrantFiled: September 27, 2006Date of Patent: November 22, 2011Assignee: Hitachi Global Storage Technologies Netherlands B.V.Inventors: Yoshiju Watanabe, Tatsuya Hirai
-
Patent number: 8060925Abstract: A processor communicating with a first memory configured to store first information and first data, and communicating with a second memory configured to store second information and second data, includes a computing unit configured to perform computation using the first data and the second data; an storing unit configured integrally with the computing unit to store first authentication information and second authentication information; a reading unit configured to read out the first information and the second information; an authenticating unit configured to authenticate the first memory by comparing the first information and the first authentication information, and to authenticate the second memory by comparing the second information and the second authentication information; and an controlling unit configured to control an access of the computing unit to the first memory and the second memory based on a result of the authentications.Type: GrantFiled: August 24, 2006Date of Patent: November 15, 2011Assignee: Kabushiki Kaisha ToshibaInventors: Kenichiro Yoshii, Tatsunori Kanai
-
Patent number: 8059818Abstract: The present invention relates to a method and a system of securely storing data on a network (100) for access by an authorized domain (101, 102, 103), which authorized domain includes at least two devices that share a confidential domain key (K), and an authorized domain management system for securely storing data on a network for access by an authorized domain. The present invention enables any member device to store protected data on the network such that any other member device can access the data in plaintext without having to communicate with the device that actually stored the data.Type: GrantFiled: February 11, 2005Date of Patent: November 15, 2011Assignee: Nokia CorporationInventors: Nadarajah Asokan, Philip Ginsboorg, Seamus Moloney, Tapio Suihko
-
Patent number: 8051010Abstract: A method, system and computer program product relating to automatically validating a transaction between an issuer having a signing key, an emitter having an emitter key, an acceptor having a unique identity and a limit on transactions and a validator.Type: GrantFiled: May 24, 2007Date of Patent: November 1, 2011Assignee: International Business Machines CorporationInventors: Jan L. Camenisch, Susan R. Hohenberger
-
Publication number: 20110258453Abstract: A method, apparatus, and computer readable medium is provided. According to an embodiment, a method includes, receiving a message from a client. The method further includes, forwarding the message to a first service when the message includes an authentication token, where the authentication token indicates that the client can access the first service. The method further includes, forwarding the message to a second service when the message excludes the authentication token. The receiving the message from the client and the forwarding the message to the first service occur over a confidential channel.Type: ApplicationFiled: April 15, 2010Publication date: October 20, 2011Applicant: ANONYMIZER, INC.Inventor: Jason Michael MANSFIELD
-
Patent number: 8041955Abstract: A mechanism for mutual authorization of a secondary resource in a grid of resource computers is provided. When a primary resource attempts to offload a grid computing job to a secondary resource, the primary resource sends a proxy certificate request to the user machine. Responsive to a proxy certificate request, the user machine performs authorization with the secondary resource. If authorization with the secondary resource is successful, the user machine generates and returns a valid proxy certificate. The primary resource then performs mutual authentication with the secondary resource. If the authorization with the secondary resource fails, the user machine generates and returns an invalid proxy certificate. Mutual authentication between the primary resource and the secondary resource will fail due to the invalid proxy certificate. The primary resource then selects another secondary resource and repeats the process until a resource is found that passes the mutual authorization with the user machine.Type: GrantFiled: November 7, 2008Date of Patent: October 18, 2011Assignee: International Business Machines CorporationInventors: Susann Marie Keohane, Gerald Francis McBrearty, Shawn Patrick Mullen, Jessica Kelley Murillo, Johnny Meng-Han Shieh
-
Patent number: 8041942Abstract: A method of authentication of peers of a peer-to-peer network includes a certificate issuer tracking at most a predetermined number of node IDs for each peer on the peer-to-peer network, a requesting peer requesting from the certificate issuer a certificate for authenticating a communicating peer and each certificate issued listing at least one node ID of the predetermined number of node IDs assigned for the communicating peer.Type: GrantFiled: September 5, 2006Date of Patent: October 18, 2011Assignee: Panasonic CorporationInventors: Sathya Narayanan, Eunsoo Shim
-
Patent number: 8041949Abstract: An information processing system in which information transfers between communication devices through a network is limited within a prescribed range by registering unique information obtainable within the prescribed range into each device and permitting information transfer between devices which share common unique information, where the unique information is formed by a pair of public and secret unique information, a bridge device is controlled such that, upon receiving a proxy check request from a reception device, whether a transmission device is another bridge device or not is judged when the public unique information registered by the reception device is registered in the bridge device and one public unique information registered in the bridge device is registered by the transmission device. Then, the secret unique information registered by the reception device is transmitted to the transmission device when the transmission device is not another bridge device.Type: GrantFiled: March 4, 2005Date of Patent: October 18, 2011Assignee: Kabushiki Kaisha ToshibaInventors: Hiroshi Isozaki, Takeshi Saito, Tatsuyuki Matsushita, Tooru Kamibayashi
-
Patent number: 8041749Abstract: Methods and apparatus, including computer program products, related to managing specification, enforcement, or auditing of electronic health information use. In general, data characterizing a request to modify access rights to health information is received and the access rights are modified in accordance with the request, where the modifying includes modifying a property characterizing access rights of a relationship between a first user and second users, or an organization of the second users. The access rights may be independent of the health information and modification of access rights may be independent of a security of the health information.Type: GrantFiled: April 11, 2007Date of Patent: October 18, 2011Assignee: Medox Exchange, Inc.Inventor: Michael E. Beck
-
Patent number: 8037307Abstract: A system and method for providing an authentication code across a network for use in authentication of documents, such as printed lottery tickets. The system includes document-printing terminals that include a key that is used in a mathematical function with the bet information for a specific-game entry to generate a document code that is sent to a central server. The central server stores the received document code and then generates an authentication code for the document desired to be printed at the terminal, and sends the authentication code back to the terminal for printing on the issued document. The authentication code can be a further mathematical processing of the document code. Verification of the document occurs from comparison of the authentication code on the document and stored authentication and/or document codes at the server.Type: GrantFiled: July 7, 2006Date of Patent: October 11, 2011Assignee: Scientific Games International Inc.Inventor: Kenneth E. Irwin, Jr.
-
Patent number: 8037294Abstract: An identification tag for authenticating a product is associated with the product and has authentication data transmissible to a reader device. The authentication data include source data including a tag identifier that uniquely identifies the identification tag and a signature value that is a result of a private key encryption of a representation of the source data, where the private key encryption uses a private key of a public key encryption method.Type: GrantFiled: April 7, 2006Date of Patent: October 11, 2011Assignee: SAP AGInventor: Zoltan Nochta
-
Publication number: 20110238995Abstract: Authentication methods are used to authenticate, a device1 having an ESN1 (electronic serial number), a device2 having an ESN2, and/or a user of the devices. In one implementation, device1 receives the ESN2 in a near-field signal; derives an authentication result as a function of the ESN1 and ESN2; and sends the authentication result to an authenticator device to use in completing authentication. Authentication is confirmed when the device1 authentication result matches an authentication result independently generated by the authenticator device, which is provisioned with the ESN1 and ESN2. In a second implementation, device1 generates a RAND1 (random number) and sends the RAND1 to device2 over a near-filed link. An authenticator device confirms authentication upon receiving the same RAND1 from both device1 and device2.Type: ApplicationFiled: March 29, 2010Publication date: September 29, 2011Applicant: MOTOROLA, INC.Inventors: ALEJANDRO G. BLANCO, GEORGE S. HANNA, JOHN B. PRESTON, MARK BOERGER
-
Patent number: 8028157Abstract: A boot method an apparatus are described which reduce the likelihood of a security breach in a mobile device, preferably in a situation where a reset has been initiated. A predetermined security value, or password, is stored, for example in BootROM. A value of a security location within FLASH memory is read and the two values are compared. Polling of the serial port is selectively performed, depending on the result of such comparison. In a presently preferred embodiment, if the value in the security location matches the predetermined security value, then polling of the serial port is not performed. This reduces potential security breaches caused in conventional arrangements where code may be downloaded from the serial port and executed, which allows anyone to access and upload programs and data in the FLASH memory, including confidential and proprietary information.Type: GrantFiled: May 1, 2008Date of Patent: September 27, 2011Assignee: Research In Motion LimitedInventors: Richard C. Madter, Ryan J. Hickey, Christopher Pattenden
-
Patent number: 8027923Abstract: The invention provides a method and apparatus for transmitting a message from a sender to an intended recipient. The method includes encrypting a message using a symmetric key, sending the encrypted message to an intended recipient without the symmetric key and providing the symmetric key to a third party. If the intended recipient signs and returns to the third party a receipt for the message, the method includes transferring, by the third party, the receipt to the sender and providing the symmetric key to the intended recipient.Type: GrantFiled: December 3, 2007Date of Patent: September 27, 2011Assignee: Zix CorporationInventor: Gary G. Liu
-
Patent number: 8019998Abstract: A method for establishing secure access to a media peripheral in a home via a node in a communication network may include acquiring by the node, security data associated with the media peripheral. The method may include searching by the node, for a previously acquired security data associated with a location of previous operation of the media peripheral. The method may further include communicating between the node and the media peripheral, information associated with the media peripheral, while the media peripheral is located in the home, when the previously acquired security data is not found. The node may utilize the acquired security data associated with the media peripheral and the previously acquired security data to facilitate secure communication between the media peripheral in the home and the communication network, when the previously acquired security data is found.Type: GrantFiled: September 1, 2009Date of Patent: September 13, 2011Inventors: Jeyhan Karaoguz, James Bennett
-
Patent number: 8015412Abstract: A method of authenticating an object is disclosed. Coded data portions are provided on a surface of the object. Each coded data portion encodes a position of coded data portion on the surface, an identity associated with the object and a signature fragment. The signature fragment is a fragment of a digital signature of at least part of the identity associated with the object. Next, indicating data is received from a sensing device in response to the sensing device sensing coded data portions. The indicating data is representative of the data encoded in the coded data portions sensed by the sensing device. From the indicating data the identity associate with the object, a plurality of signature fragments encoded in respective coded data portions, and the position of respective coded data portions are determined. A signature fragment identifier for respective signature fragments is determined from the respective positions.Type: GrantFiled: November 17, 2008Date of Patent: September 6, 2011Assignee: Silverbrook Research Pty LtdInventors: Paul Lapstun, Kia Silverbrook
-
Patent number: 8015409Abstract: An industrial automation system is provided. This includes at least one license component that is granted by a third party to permit access to a portion of an industrial control component. At least one protocol component that is based in part on a private key exchange facilitates authentication and access to the portion of the industrial control component.Type: GrantFiled: January 26, 2007Date of Patent: September 6, 2011Assignee: Rockwell Automation Technologies, Inc.Inventors: John C. Wilkinson, Jr., Taryl J. Jasper, Michael D. Kalan, Nicholas L. Perrotto, Jr., Glenn B. Schulz, James A. Meeker, Kevin M. Tambascio, Jack M. Visoky
-
Patent number: 8015597Abstract: Issuing and disseminating a data about a credential includes having an entity issue authenticated data indicating that the credential has been revoked, causing the authenticated data to be stored in a first card of a first user, utilizing the first card for transferring the authenticated data to a first door, having the first door store information about the authenticated data, and having the first door rely on information about the authenticated data to deny access to the credential. The authenticated data may be authenticated by a digital signature and the first door may verify the digital signature. The digital signature may be a public-key digital signature. The public key for the digital signature may be associated with the credential. The digital signature may be a private-key digital signature. The credential and the first card may both belong to the first user.Type: GrantFiled: July 16, 2004Date of Patent: September 6, 2011Assignee: CoreStreet, Ltd.Inventors: Phil Libin, Silvio Micali, David Engberg, Alex Sinelnikov
-
Patent number: 8015599Abstract: A method for provisioning a device such as a token. The device issues a certificate request to a Certification Authority. The request includes a public cryptographic key uniquely associated with the device. The Certification Authority generates a symmetric cryptographic key for the device, encrypts it using the public key, and creates a digital certificate that contains the encrypted symmetric key as an attribute. The Certification Authority sends the digital certificate to the device, which decrypts the symmetric key using the device's private key, and stores the decrypted symmetric key.Type: GrantFiled: May 19, 2009Date of Patent: September 6, 2011Assignee: Symantec CorporationInventor: Nicolas Popp
-
Patent number: 8005969Abstract: A communication system includes a server and at least one client. The server includes a first communication unit that performs first communication with each client based on a first protocol, a second communication unit that performs second communication with each client based on a second protocol, an information receiving unit that receives first information with the first communication unit, an information extracting unit that extracts second information, a judging unit that judges whether the second communication is feasible based on the first and second information, and a command sending unit that sends a command for issuing a request for establishing the second communication when the second communication is feasible. Each client includes an information sending unit that sends the first information, a command receiving unit that receives the command, and a request sending unit that issues the request to the first communication unit in response to the command.Type: GrantFiled: September 24, 2007Date of Patent: August 23, 2011Assignee: Brother Kogyo Kabushiki KaishaInventors: Masafumi Miyazawa, Naoki Otsuka, Kiyotaka Ohara
-
Patent number: 8006085Abstract: A license-management system and method is provided. A method of issuing a proxy certificate includes transmitting a proxy-certificate-issuance-request message to a license server in order for the local license manager to acquire an authority to issue a license by a local license manager; enabling the license server to verify the proxy-certificate-issuance-request message; if the proxy-certificate-issuance-request message is valid, transmitting a proxy certificate to the local license manager by the license server, the proxy certificate including information regarding the authority to issue a license; and verifying the proxy certificate by the local license manager.Type: GrantFiled: July 2, 2008Date of Patent: August 23, 2011Assignee: Samsung Electronics Co., Ltd.Inventors: Jae-Won Lee, Hee-Youl Kim, Hyun-Soo Yoon, Byung-Chun Chung, Youn-Ho Lee
-
Patent number: 8001380Abstract: A system and method for providing a unique encryption key including a receiver, at a Voice over Internet Protocol (VoIP) adapter, configured to receive a configuration file, a processor, at the VoIP adapter, configured to decrypt the configuration file using a default key stored in the VoIP adapter, update one or more profile parameters of the configuration file, and install an encryption key at the VoIP adapter using the configuration file, and a transmitter, at the VoIP adapter, configured to register, with a network element, for network service using the updated configuration file such that the receiver is configured to receive network service from the network element when the updated configuration file is authenticated by the network element.Type: GrantFiled: July 1, 2008Date of Patent: August 16, 2011Assignee: Verizon Patent and Licensing Inc.Inventors: Lakshmi N. Chakarapani, Elliot G. Eichen
-
Patent number: 7996684Abstract: A digital logic circuit comprises a programmable logic device and a programmable security circuit. The programmable security circuit stores a set of authorized configuration security keys. The programmable security circuit compares the authorized configuration security keys with an incoming configuration request, and selectively enables a new configuration for the programmable logic device in response to the configuration request. In another exemplary embodiment, a programmable security circuit also stores a set of authorized operation security keys. The programmable security circuit compares the authorized operation security keys with an incoming operation request from the programmable logic device, and selectively enables an operation within the programmable logic device in response to the operation request.Type: GrantFiled: May 16, 2006Date of Patent: August 9, 2011Assignee: Infineon Technologies AGInventors: Stephen L. Wasson, David K. Varn, John D. Ralston
-
Patent number: 7996682Abstract: Techniques are described herein for securely prompting a user to confirm sensitive operations, input sensitive information or the like. The techniques include receiving or intercepting calls from applications to prompting routines. When a call to a prompting routine is received or intercepted a hint may be provided to the user to switch to a secure desktop. When the user switches from the user desktop to the secure desktop the particular prompt is displayed. The input to the prompt is received on the secure desktop and verified to have been provided by the user. The user input or a representation of the input is then returned to the application running on the user desktop. Using these techniques, interception of prompting messages by malware does not result in sensitive information being revealed. Furthermore, spoofing of new messages by malware does not lead to the dismissal of critical prompting.Type: GrantFiled: October 17, 2005Date of Patent: August 9, 2011Assignee: Microsoft CorporationInventors: Klaus U. Schutz, Matthew W. Thomlinson, Scott A. Field
-
Patent number: 7992190Abstract: Various technologies and techniques are disclosed that provide a centralized model to assign, monitor, and manage security on home electronic devices. A three-dimensional security matrix uses a role-based model that allows users to map security into groupings. Users can be assigned security levels based on application role (what activity is involved), user role (what each family member or guest is allowed to do), and device role (what this device is allowed to do while preserving system integrity). An authorization service determines whether a particular activity requested by the user should be granted or denied based upon whether the user has authorization to access the particular activity and whether the particular device can support the particular activity without comprising the security of the network.Type: GrantFiled: January 27, 2006Date of Patent: August 2, 2011Assignee: Microsoft CorporationInventors: Ron Mevissen, Mark Gilbert
-
Patent number: 7992215Abstract: The invention described herein is generally directed to a method and apparatus for creating and retrieving audio data. In one implementation the invention comprises an annotation system configured to record, store, and retrieve media. The annotation system contains a set of client-processing devices configured to capture media for subsequent playback. Each client-processing device typically contains a record button to initiate the capture and is configured upon performing the capture operation to trigger an association of a unique ID with the media. The client-processing devices are further configured to upload the media and a unique ID to a server for purposes of storage. The server obtains the media and unique ID for subsequent retrieval and provides the media and the unique ID to at least one client-processing device from the set of client processing devices.Type: GrantFiled: April 8, 2009Date of Patent: August 2, 2011Assignee: Trio Systems, LLCInventor: Alan Bartholomew
-
Patent number: 7987368Abstract: In a peer-to-peer environment, copyrights and users' privacies can be protected by a tracking mechanism. In described implementations, tracking mechanisms can use certificates that are produced using random numbers to protect the privacy of users and/or certificates that are produced responsive to at least one hardware identifier to enable uploader to be identified to protect copyrights.Type: GrantFiled: May 5, 2006Date of Patent: July 26, 2011Assignee: Microsoft CorporationInventors: Bin Zhu, Xiaoming Wang, Shipeng Li
-
Patent number: 7987365Abstract: A subscription-based computing device has hardware and a subscription enforcer implemented in the hardware. The enforcer has an accumulator that accumulates a usage value as the computing device is being used and an expiration value register that stores an expiration value. The enforcer allows the computing device to operate in a subscription mode without hindrance and with full use when the usage value is less than the stored expiration value, and allows the computing device to operate in an expiration mode with hindrance and without full use when the usage value reaches the stored expiration value to signal that the subscription for the computing device has expired.Type: GrantFiled: March 24, 2006Date of Patent: July 26, 2011Assignee: Microsoft CorporationInventors: Andrew David Birrell, Charles P. Thacker, Michael Isard
-
Patent number: 7978856Abstract: Methods of managing a key cache are provided. One method may include determining whether a given key has previously been loaded to a trusted platform module (TPM), loading the given key to the TPM and generating a key cache object corresponding to the given key if the determining step determines the given key has not previously been loaded to the TPM and restoring the given key to the TPM based on the key cache object corresponding to the given key if the given key has previously been loaded. Another method may include extracting a key from a TPM if the TPM does not have sufficient memory to load a new key, the extracted key corresponding to a least frequently used key cache object within the TPM. Another method may include restoring a key to a TPM, the restored key having been previously loaded to and extracted from the TPM.Type: GrantFiled: May 25, 2007Date of Patent: July 12, 2011Assignee: Samsung Electronics Co., Ltd.Inventors: Kyung-min Cho, Jong-il Park
-
Patent number: 7975290Abstract: A certificate registry system is configured to issue authentication certificates to each one of a plurality of information providers and to maintain a root certificate corresponding to all of the authentication certificates. Each one of the authentication certificates links respective authentication information thereof to identification information of a corresponding one of the information providers. Each one of the authentication certificates includes a respective Instant Messaging (IM) screen name information of the information provider. The authentication certificates of the certificate registry are associated in a manner at least partially dependent upon at least one of a particular type of information that the information providers provide, a particular organization that the information providers are associated with, a particular type profession in which the information providers are engaged and a particular geographical region in which the information providers are located.Type: GrantFiled: June 7, 2007Date of Patent: July 5, 2011Assignee: Alcatel LucentInventors: Stanley Chow, Jeff Smith, Christophe Gustave
-
Patent number: 7970386Abstract: A system is disclosed in which a wireless device is monitored and maintained over a network. One embodiment of the system comprises a wireless device including: a service to maintain data objects, provide messaging capability, and provide data access capability on behalf of a user of the wireless device; and a rules engine communicatively coupled to the service to execute a set of rules transmitted to the wireless device from a server, the set of rules to instruct the rules engine to gather information related to the wireless device and to take action on the wireless device based on the gathered information.Type: GrantFiled: June 3, 2005Date of Patent: June 28, 2011Assignee: Good Technology, Inc.Inventors: Sathyanarayana Pattavayal Bhat, Vinay Shashikumar Badami, Benson Wei-Ming Tse
-
Patent number: 7966652Abstract: The present invention provides a method that allows the MashSSL protocol to be used to provide a secure and efficient way for delegated authentication. The invention allows services which already have an SSL infrastructure to reuse that infrastructure for delegated authentication, and to do so in a fashion where the cryptographic overhead is amortized across multiple users, and which provides the user with greater control of what information is shared on their behalf.Type: GrantFiled: April 7, 2008Date of Patent: June 21, 2011Assignee: SAFEMASHUPS Inc.Inventor: Ravi Ganesan
-
Patent number: 7965845Abstract: A medical ad hoc wireless network (10) is deployed in a healthcare medical facility surrounding individual patients and including wireless nodes (A, B, . . . , Z). Before deployment, each node (A, B, . . . , Z) is pre-initialized with a public key certificate (22) and offers a trust and symmetric key distribution service (32). In joining the ad hoc network (10), a node (B) authenticates and registers to one randomly self-chosen node (A) by using certified public keys (20). Such node (A) becomes Trusted Portal (TPA) of the node (B). The node (B) dynamically registers to a new self-chosen TP node when its old TP node leaves the ad hoc network (10). The network (10) supports symmetric key authentication between nodes registered to the same TP node. Additionally, it supports symmetric key authentication between nodes registered to different TP nodes.Type: GrantFiled: June 7, 2005Date of Patent: June 21, 2011Assignee: Koninklijke Philips Electronics N. V.Inventors: Heribert Baldus, David Sanchez Sanchez
-
Patent number: 7966487Abstract: Facilitating a transaction between a first party and a second party includes, prior to initiating the transaction, one of the parties obtaining an artificially pre-computed OCSP response about a specific digital certificate, where the artificially pre-computed OCSP response is generated by an entity other than the first party and the second party, one of the parties initiating the transaction, in connection with the transaction, the first party providing the specific digital certificate to the second party, and the second party verifying the specific digital certificate using the artificially pre-computed OCSP response. The second party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The second party may cache the artificially pre-computed OCSP response for future transactions. The first party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated.Type: GrantFiled: January 10, 2005Date of Patent: June 21, 2011Assignee: CoreStreet, Ltd.Inventors: David Engberg, Phil Libin, Silvio Micali
-
Patent number: 7958360Abstract: The present invention includes a computer-implemented method and an Enterprise Resource Planning System (ERP). The method and system allows a user to enable an electronic signature approval process for modification of data in a transaction. The method includes accessing a table that corresponds with the transaction and adding a signature field having a property sheet to the table. The method also includes defining a select property in the property sheet with a select parameter. The select property configured to provide approval of modified data in the transaction upon entry of a valid electronic signature.Type: GrantFiled: May 12, 2005Date of Patent: June 7, 2011Assignee: Microsoft CorporationInventors: Jacob Lind, Jan Lysgaard Jensen
-
Patent number: 7958348Abstract: A method is for securing and verifying an electronic certificate issued by an authority to an owner. The certificate is stored in the memory of a user unit operated by the owner. The user unit transmits all or part of the data of the certificate to the authority. Further, during an initialization phase, the method includes determining, by the authority, a network identifier pertaining to the user unit, and storing, by the authority, the identifier in connection with the data of the certificate. As such, the use of an electronic certificate by individuals other than the owner may be prevented. Further, damages to the owner, in the case of the theft or copying of a certificate, may be avoided.Type: GrantFiled: July 14, 2004Date of Patent: June 7, 2011Assignee: Nagravision S.A.Inventor: Philippe Stransky
-
Publication number: 20110119484Abstract: The invention is directed to a system for use with a first device in communication with a second device. The system includes a storage medium that is connectable with the first device, a hardened, stand alone, web browser stored on the storage medium, and client authentication data. The web browser uses the client authentication data to facilitate secure communication between the first device and the second device, and the first device communicates with a third device that provides configuration data that includes one or more approved addresses.Type: ApplicationFiled: November 11, 2009Publication date: May 19, 2011Inventors: Ramsey Jallad, Patrick Stach, John Terrill, Gary Bartholomew, Lyndon Paul Wright, Paul Anton Sop
-
Patent number: 7937594Abstract: A digital logic circuit comprises a programmable logic device and a programmable security circuit. The programmable security circuit stores a set of authorized configuration security keys. The programmable security circuit compares the authorized configuration security keys with an incoming configuration request, and selectively enables a new configuration for the programmable logic device in response to the configuration request. In another exemplary embodiment, a programmable security circuit also stores a set of authorized operation security keys. The programmable security circuit compares the authorized operation security keys with an incoming operation request from the programmable logic device, and selectively enables an operation within the programmable logic device in response to the operation request.Type: GrantFiled: May 16, 2006Date of Patent: May 3, 2011Assignee: Infineon Technologies AGInventors: Stephen L. Wasson, David K. Varn, John D. Ralston
-
Patent number: 7937587Abstract: An information communication method performed by a communication terminal apparatus, the method including: sharing a first encryption key with a first server; receiving a request for sending identification information of the communication terminal apparatus; authenticating the first server based on certificate information of the first server that is acquired while sharing the first encryption key and verification information retained in the communication terminal apparatus; encrypting the identification information of the communication terminal apparatus using a second encryption key; and encrypting, using the first encryption key, according to an authentication result, encrypted identification information of the communication terminal apparatus as generated by using the second encryption key, and transmitting resulting double-encrypted identification information of the communication terminal apparatus to the first server.Type: GrantFiled: August 11, 2009Date of Patent: May 3, 2011Assignee: Kabushiki Kaisha ToshibaInventor: Osamu Yoshida
-
Patent number: 7930542Abstract: The present invention provides a method that allows three parties to mutually authenticate each other and share an encrypted channel. The invention is based on a novel twist to the widely used two party transport level SSL protocol. One party, typically a user at a browser, acts as a man in the middle between the other two parties, typically two web servers with regular SSL credentials. The two web servers establish a standard mutually authenticated SSL connection via the user's browser, using a novel variation of the SSL handshake that guarantees that a legitimate user is in the middle.Type: GrantFiled: April 7, 2008Date of Patent: April 19, 2011Assignee: Safemashups Inc.Inventor: Ravi Ganesan
-
Patent number: 7930536Abstract: In view of the fact that devices connected on a home network are located in home, that is, at close range and therefore a user can physically access the devices within a relatively short period of time, identifying whether or not a home server for distributing the contents and a client terminal using the contents are connected to the same home network based on whether or not they can share access to the same physical medium within a short period of time. The authenticity of devices connected on a home network connected to an external network via a router is authenticated.Type: GrantFiled: February 24, 2004Date of Patent: April 19, 2011Assignee: Sony CorporationInventors: Kazuhiko Takabayashi, Takehiko Nakano, Yasuaki Honda, Tatsuya Igarashi
-
Patent number: 7930541Abstract: An E-mail communication apparatus relays an E-mail transmitted from a source to a destination, stores information indicating a destination and an electronic certificate of the destination in a correspondence, receives the E-mail in which an address of the source and an address of the destination are specified; refers a certificate storage unit when a transmit command for the E-mail is issued for the E-mail received by a receiving unit, determines whether or not the electronic certificate of the destination of the E-mail is stored and, when the electronic certificate is stored, encrypts the E-mail with the electronic certificate, requests the destination to transmit the electronic certificate when it is determined that the electronic certificate is not stored, and transmits the encrypted request mail to the destination.Type: GrantFiled: December 17, 2007Date of Patent: April 19, 2011Assignee: Murata Machinery, Ltd.Inventor: Kazuhiro Okada
-
Patent number: 7926093Abstract: The present invention discloses a system and method for configuration of access rights to sensitive information handled by a sensitive Web-Service. In a case of requested configuration changes initiated by the client system the Web-Server system provides a configuration data file to the client system preferably using a SOAP-communication protocol. The changes of the configuration data file are exclusively performed offline at the client side and the updated configuration data file is signed with authentication information and sent as a part of a SOAP-request to the Web-Server system. The Web-Server system provides a filter component for identifying and discarding non-SOAP requests as well as an access control manager for providing authentication examination for incoming SOAP-requests. After successful passing these components the SOAP-request is used for updating the existing configuration data file.Type: GrantFiled: May 1, 2008Date of Patent: April 12, 2011Assignee: International Business Machines CorporationInventors: Wolfgang Eibach, Matthias Gruetzner, Dietmar Kuebler
-
Patent number: 7925878Abstract: A system and method for creating a trusted network capable of facilitating secure transactions via an open network using batch credentials, such as batch PKI certificates, is presented. A certificate is bound to a group, or batch, or devices. This certificate is referenced by an activation authority upon processing a request for service by a device. Information regarding the device batch certificate is maintained in a permanent, or escrow, database. A user identity is bound to a device, as a device key is used to sign a user key created on the device in the presence of the user, and a copy of the device key is later used to decrypt the signed user key upon its transmission and receipt.Type: GrantFiled: September 24, 2002Date of Patent: April 12, 2011Assignee: Gemalto SAInventors: Lionel Merrien, Jean-Louis Carrara, Youri Bebic, Paul Miller
-
Patent number: 7917746Abstract: A method of authenticating data transmitted in a digital transmission system, in which the method comprises the steps, prior to transmission, of determining at least two encrypted values for at least some of the data, each encrypted value being determined using a key of a respective encryption algorithm, and outputting said at least two encrypted values with said data.Type: GrantFiled: July 19, 2006Date of Patent: March 29, 2011Assignee: THOMAS Licensing S.A.Inventors: Jean-Bernard G. M. Beuque, Philippe Poulain
-
Patent number: 7904720Abstract: System and method for providing secure resource management. The system includes a first device that creates a secure, shared resource space and a corresponding root certificate for the shared space. The first device associates one or more resources that it can access with the shared space. The first device invites one or more other devices to join as members of the space, and establishes secure communication channels with the devices that accept this invitation. The first device generates a member certificate for each accepting device, and sends the root certificate and the generated member certificate to the device through the secure channel. These devices may then access resources associated with the shared space by presenting their member certificates. Further, members of the shared space may invite other device to join the space, and may create member certificates in the same manner as the first device.Type: GrantFiled: November 6, 2002Date of Patent: March 8, 2011Assignee: Palo Alto Research Center IncorporatedInventors: Diana Kathryn Smetters, Warren Keith Edwards, Dirk Balfanz, Hao-Chi Wong, Mark Webster Newman, Jana Zdislava Sedivy, Trevor Smith, Shahram Izadi
-
Patent number: 7886342Abstract: A computer implemented web based access control facility for a distributed environment, which allows users to request for access, take the request through appropriate approval work flow and finally make it available to the users and applications. This program also performs an automatic task of verifying the health of data, access control data as well as the entitlements, to avoid malicious user access. The system also provides an active interface to setup a backup, to delegate the duty in absence. Thus this system provides a comprehensive facility to grant, re-certify and control the entitlements and users in a distributed environment.Type: GrantFiled: June 9, 2008Date of Patent: February 8, 2011Assignee: International Business Machines CorporationInventors: Rahul Jindani, Vinod Kannoth, Deepak Kanwar, Rinku Kanwar, Jay Krishnamurthy, Gregory L. McKee, Sandeep Mehta, Penny J. Peachey-Kountz, Ravi K. Ravipati