Including Particular Multiplication Or Exponentiation Circuit Patents (Class 713/174)
  • Patent number: 9998445
    Abstract: A device authentication system for use with an authenticatable device having a physically-unclonable function and constructed to, in response to input, of challenge C, internally generate an output O characteristic to the PUF and the challenge C, and configured to: i) upon receiving challenge C, generate a corresponding commitment value that depends upon a private value r, and ii) upon receiving an authentication query that includes the challenge C and a nonce, return a zero knowledge proof authentication value that corresponds to the commitment value.
    Type: Grant
    Filed: May 20, 2015
    Date of Patent: June 12, 2018
    Assignee: Analog Devices, Inc.
    Inventor: John Ross Wallrabenstein
  • Patent number: 9454495
    Abstract: According to one embodiment, a memory system includes an application module, a storage module, and a control module. The storage module stores user data, application software configured to control operation of the application module, and management information used to manage the user data and the application software. The control module controls writing and erasing of the storage module. The control module masks information indicating an access-prohibited area included in the management information read from the storage module, the access-prohibited area includes the application software.
    Type: Grant
    Filed: September 18, 2011
    Date of Patent: September 27, 2016
    Assignee: KABUSHIKI KAISHA TOSHIBA
    Inventors: Shuichi Sakurai, Takashi Wakutsu, Kuniaki Ito, Yasufumi Tsumagari
  • Patent number: 9038150
    Abstract: There is provided a provisioning device which provides, in advance, setting information necessary for joining in a wireless network to a first field device which is to newly join the wireless network to exchange data with an existing field device that is installed in a plant. The provisioning device includes: a storage unit that stores a white list which contains unique information of the first field device and the setting information such that the unique information and the setting information are correlated with each other; a device information acquiring unit that acquires the unique information from the first field device by wireless communication; an extracting unit that extracts, from the white list, the setting information that is correlated with the acquired unique information; and a setting unit that sends the extracted setting information to the first field device by wireless communication.
    Type: Grant
    Filed: August 9, 2011
    Date of Patent: May 19, 2015
    Assignee: YOKOGAWA ELECTRIC CORPORATION
    Inventor: Kazutoshi Kodama
  • Publication number: 20150134966
    Abstract: A device authentication system for use with an authenticatable device having a physically-unclonable function and constructed to, in response to input of challenge C, internally generate an output O characteristic to the PUF and the challenge C, and configured to: i) upon receiving challenge C, generate a corresponding commitment value that depends upon a private value r, and ii) upon receiving an authentication query that includes the challenge C and a nonce, return a zero knowledge proof authentication value that corresponds to the commitment value.
    Type: Application
    Filed: December 11, 2013
    Publication date: May 14, 2015
    Applicant: Sypris Electronics, LLC
    Inventor: John Ross Wallrabenstein
  • Patent number: 9021566
    Abstract: A web server authenticates a user with a web client using a database user table and provides a list of new applications, suspended application sessions, and running application sessions. In response to a request for a new application session, a connection is made from an agent server to an application server hosting the requested application, and connection information including a unique session_ID is added to a database session table such that the client can send a user selection for a session_ID to the web server, which associates the requested session_ID to an existing suspended or running application session using the connection database. For additional security, the client is determined to be trusted or untrusted, and if untrusted, connections to the client are made through a forwarding host, which makes connections to the agent server, and the agent server maintains persistent connections from the agent server to the application server.
    Type: Grant
    Filed: October 19, 2012
    Date of Patent: April 28, 2015
    Assignee: Starnet Communications Corporation
    Inventors: Panagiotis Panayotopoulos, Martin Porcelli, Steven Schoch
  • Patent number: 9021605
    Abstract: To protect sensitive data in program code, a method includes providing a programming interface with a capability of allocating a protected region of memory which can only be accessed by authorized code. Sensitive data present in program code is stored in the protected region of memory. The method includes marking parts of code in a program as authorized or not authorized to access the sensitive data, and determining if that part of a program which is executing is authorized to access protected data by reference to the marking.
    Type: Grant
    Filed: January 2, 2008
    Date of Patent: April 28, 2015
    Assignee: International Business Machines Corporation
    Inventors: George Meldrum Blue, John James Ralph Scott, Jamie Peter Squibb, Philip Graham Willoughby
  • Patent number: 9015821
    Abstract: A user authentication method and system. A computing system receives from a user, a first request for accessing specified functions executed by a specified software application. The computing system enables a security manager software application and connects the specified software application to a computing apparatus. The computing system executes first security functions associated with the computing apparatus. The computing system executes second security functions associated with additional computing apparatuses. The computing system determines if the user may access the specified functions executed by the specified software application based on results of executing the first security functions and the second security functions. The computing system generates and stores a report indicating the results.
    Type: Grant
    Filed: July 26, 2013
    Date of Patent: April 21, 2015
    Assignee: International Business Machines Corporation
    Inventors: Sara H. Basson, Dimitri Kanevsky, Edward E. Kelley, Irina Rish
  • Patent number: 9015817
    Abstract: A computer system receives a request to access a server. The request includes a first device tag set. When the first device tag set matches a previously assigned device tag set, the computer system allows access to the server without requesting full access credentials of a user. The computer system invalidates the first device tag set, and sends a second device tag set. When the first device tag set does not match the previously assigned device tag set, the computer system requests full access credentials from the user.
    Type: Grant
    Filed: April 3, 2013
    Date of Patent: April 21, 2015
    Assignee: Symantec Corporation
    Inventors: Mingliang Pei, Liyu Yi, Ajay Ramamurthy, Mark Chan, Salil Sane
  • Patent number: 8990890
    Abstract: In a first embodiment of the present invention, a method for operating a presence server in a home network is provided, the method comprising: receiving a request for presence information; sending an event notification to all subscribed control points informing them of the request for presence information; receiving an action from one of the subscribed control points accepting or rejecting the request for presence information; and if the action received from the one of the subscribed control points accepts the request for presence information, causing presence information regarding the one of the subscribed control points to be sent to the entity that sent the request for presence information.
    Type: Grant
    Filed: April 27, 2011
    Date of Patent: March 24, 2015
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Mahfuzur Rahman, Russell Berkoff
  • Patent number: 8978124
    Abstract: A system receives a request to store a document in a database, receives a user security token, analyzes the document to determine an adjudicated security level for the document, compares the user security token to the adjudicated security level, stores the document when the user security token is equal to the adjudicated security level, when the user security token is not equal to the adjudicated security level, queries the user as to whether the document should be stored with the adjudicated security level, receives a response to the query from the user, stores the document when the user agrees to store the document with the adjudicated security level, and when the user does not agree to store the document with the adjudicated security level, transmits a message to a security officer and quarantine the document.
    Type: Grant
    Filed: October 16, 2012
    Date of Patent: March 10, 2015
    Assignee: Raytheon Company
    Inventors: Charles B. Bradley, II, Thomas D. Farley, Jason S. Nadeau
  • Patent number: 8977844
    Abstract: An embodiment generally relates to a method of managing tokens. The method includes detecting a presence of a token at a client and determining a status of the token. The method also includes formatting the token at the client in response to the status of the token being unformatted.
    Type: Grant
    Filed: August 31, 2006
    Date of Patent: March 10, 2015
    Assignee: Red Hat, Inc.
    Inventors: Steven William Parkinson, Robert B. Lord
  • Patent number: 8977857
    Abstract: A client device has one or more processors and memory. An application running on the device obtains a client certificate from a system service running on the device. The certificate includes a public key for the device. The device is authenticated to a remote server using the certificate. The application receives encrypted application identification information and an encrypted access token from the server. The application is authenticated to the device by comparing the received application identification information with corresponding application identification information from the application. The application invokes the system service to unencrypt the access token using the private key corresponding to the public key. The application sends a request for protected information to the server. The request includes the unencrypted access token.
    Type: Grant
    Filed: February 8, 2013
    Date of Patent: March 10, 2015
    Assignee: Google Inc.
    Inventor: Oscar del Pozo Triscon
  • Patent number: 8966262
    Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.
    Type: Grant
    Filed: October 8, 2013
    Date of Patent: February 24, 2015
    Inventors: Stephan V. Schell, Arun G. Mathias, Jerrold Von Hauck, David T. Haggerty, Kevin McLaughlin, Ben-Heng Juang, Li Li
  • Patent number: 8959356
    Abstract: A storage controller and program product is provided for performing double authentication for controlling disruptive operations on storage resources generated by a system administrator. A first request is received from a first user for generation of a first key. A first key is generated, provided to the first user and associated with the storage resource. An input is received from the administrator, the input comprises a second key and a command for performing the disruptive operation. The second key and the first key are compared. It is verified that the administrator is authorized as an administrator of the storage resource. The disruptive operation is performed on the storage resource if the second key and the first key match and the administrator is authorized. Otherwise, the performance of the disruptive operation is denied.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: February 17, 2015
    Assignee: International Business Machines Corporation
    Inventors: Vincent Boucher, Sebastien Chabrolles, Benoit Granier, Arnaud Mante
  • Patent number: 8954759
    Abstract: A magnetic memory device includes a main memory made of magnetic memory, the main memory and further includes a parameter area used to store parameters used to authenticate data. Further, the magnetic memory device has parameter memory that maintains a protected zone used to store protected zone parameters, and an authentication zone used to store authentication parameters, the protection zone parameters and the authentication parameters being associated with the data that requires authentication. Upon modification of any of the parameters stored in the parameter memory by a user, a corresponding location of the parameter area of the main memory is also modified.
    Type: Grant
    Filed: September 14, 2012
    Date of Patent: February 10, 2015
    Assignee: Avalanche Technology, Inc.
    Inventors: Siamack Nemazie, Ngon Van Le
  • Patent number: 8955061
    Abstract: An information processing apparatus for executing authentication processing, characterized by comprises: storage means for storing, in association with each other, an image, region information indicating a region included in the image, and word information indicating an object linked with the region; determination means for determining an image to be used for the authentication processing among the images stored in the storage means; display means for displaying the image determined by the determination means; specification means for specifying, in a case where a user designates a position within the image displayed by the display means, word information associated with region information of a region including the position; and authentication means for executing authentication processing using the word information specified by the specification means.
    Type: Grant
    Filed: April 10, 2013
    Date of Patent: February 10, 2015
    Assignee: Canon Kabushiki Kaisha
    Inventor: Manami Hatano
  • Patent number: 8955039
    Abstract: Generally, this disclosure describes devices, methods and systems for securely providing context sensor data to mobile platform applications. The method may include configuring sensors to provide context data, the context data associated with a mobile device; providing an application programming interface (API) to a sensor driver, the sensor driver configured to control the sensors; providing a trusted execution environment (TEE) operating on the mobile device, the TEE configured to host the sensor driver and restrict control and data access to the sensor driver and to the sensors; generating a request for the context data through the API, the request generated by an application associated with the mobile device; receiving, by the application, the requested context data and a validity indicator through the API; verifying, by the application, the requested context data based on the validity indicator; and adjusting a policy associated with the application based on the verified context data.
    Type: Grant
    Filed: September 12, 2012
    Date of Patent: February 10, 2015
    Assignee: Intel Corporation
    Inventors: Gyan Prakash, Jesse Walker, Saurabh Dadu
  • Patent number: 8955044
    Abstract: A method of generating a time managed challenge-response test is presented. The method identifies a geometric shape having a volume and generates an entry object of the time managed challenge-response test. The entry object is overlaid onto the geometric shape, such that the entry object is distributed over a surface of the geometric shape, and a portion of the entry object is hidden at any point in time. The geometric shape is rotated, which reveals the portion of the entry object that is hidden. A display region on a display is identified for rendering the geometric shape and the geometric shape is presented in the display region of the display.
    Type: Grant
    Filed: October 4, 2010
    Date of Patent: February 10, 2015
    Assignee: Yahoo! Inc.
    Inventors: Kunal Punera, Shanmugasundaram Ravikumar, Anirban Dasgupta, Belle Tseng, Hung-Kuo (James) Chu
  • Patent number: 8925046
    Abstract: A device includes a memory which stores a program, and a processor which executes, based on the program, a procedure comprising establishing a session with a request source when a request for a service, made to a second providing source, has been received from the request source, the second providing source providing the service based on data stored in a first providing source; and when an inquiry about whether to transmit the data to the second providing source has been received from the first providing source, notifying, so as to encrypt a mask range of the data, the first providing source of session information indicating the session established with the request source and notifying the request source of the session information so as to decrypt the encrypted mask range of data based on the session information.
    Type: Grant
    Filed: February 25, 2013
    Date of Patent: December 30, 2014
    Assignee: Fujitsu Limited
    Inventors: Takao Ogura, Fumihiko Kozakura
  • Patent number: 8918637
    Abstract: One embodiment of the invention is directed to a method including receiving an alias identifier associated with an account associated with a presenter, determining an associated trusted party using the alias identifier, sending a verification request message to the trusted party after determining the associated trusted party, and receiving a verification response message.
    Type: Grant
    Filed: June 3, 2013
    Date of Patent: December 23, 2014
    Assignee: Visa U.S.A. Inc.
    Inventors: David Wentker, Michael Lindelsee, Olivier Brand, James Dimmick, Tribhuwan A. Singh Grewal
  • Patent number: 8918848
    Abstract: Methods and systems for third party client authentication of a client. A method includes displaying a user interface on a display of the client, the user interface including an option to select a supported credential type of a third party authentication server, receiving a command selecting the supported credential type, and sending credential information and the selected supported credential type to an authentication server for third party authentication by the third party authentication server. The third party authentication server may support a token-based authentication protocol for implementing single sign on (SSO).
    Type: Grant
    Filed: April 26, 2010
    Date of Patent: December 23, 2014
    Assignee: BlackBerry Limited
    Inventors: Girish Kumar Sharma, Lenny Kwok-Ming Hon, Joseph Daniel Burjoski, Kenneth Cyril Schneider
  • Patent number: 8908866
    Abstract: A method and apparatus to provide a cryptographic protocol for secure authentication, privacy, and anonymity. The protocol, in one embodiment, is designed to be implemented in a small number of logic gates, executed quickly on simple devices, and provide military grade security.
    Type: Grant
    Filed: April 13, 2012
    Date of Patent: December 9, 2014
    Assignee: Symantec Corporation
    Inventors: Joseph A. Adler, David M'Raihi
  • Patent number: 8904179
    Abstract: A communication system exchanges key generation parameters for secure communications. An internet service and communications device of a user are in communication with each other. The internet service includes an account authentication mechanism for a user and includes a database having stored cryptographic keys and key generation parameters. A device client operates on the communications device and initiates a request to the internet service that authenticates the user and establishes a secure communications channel between the internet service and communications device and determines key generation parameters based on an authenticated user identifier and transmits the key generation parameters for initiating key generation and securely establishing a cryptographic key between the internet service and communications device.
    Type: Grant
    Filed: September 7, 2012
    Date of Patent: December 2, 2014
    Assignee: BlackBerry Limited
    Inventors: Edward Dean, Roberto Diaz, James Godfrey
  • Patent number: 8897445
    Abstract: A combination-based broadcast encryption method includes: assigning by a server a base group of different combinations to each user; producing and sending secret information for each user by using as a base the base group allocated to each user; producing and sending an inverse-base parameter value through calculations with integers used to produce the base group and key value information of one or more privileged users; and deriving a group key by using the key value information of the privileged users, encrypting a session key by using the derived group key, and sending the encrypted session key to each user. Accordingly, each user is assigned a different base through a combination, thereby having security against collusion attacks.
    Type: Grant
    Filed: April 30, 2012
    Date of Patent: November 25, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Weon-il Jin, Dae-youb Kim, Hwan-joon Kim, Sung-joon Park
  • Patent number: 8891766
    Abstract: Secure function evaluation SFE) with input consistency verification is performed by two parties to evaluate a function. For each execution, the first party computes a garbled circuit corresponding to the function and uses an Oblivious Transfer protocol to provide wire secrets that are an encrypted version ki of the input xi of the second party. The second party stores the encrypted version ki of the input xi of the second party for the plurality of executions. The second party receives the garbled circuit for computation of an output, which is sent to the first party. To verify the inputs of the second party for two executions, the first party computes a check garbled circuit corresponding to a verification function based on the input keys of the garbled circuits being verified; and sends the check garbled circuit to the second party for computation of a verification output. The verification output is computed by applying the stored encrypted versions ki for the two executions to the check garbled circuit.
    Type: Grant
    Filed: September 28, 2012
    Date of Patent: November 18, 2014
    Assignee: Alcatel Lucent
    Inventor: Vladimir Y. Kolesnikov
  • Patent number: 8850544
    Abstract: The present invention provides a new method for user centered privacy which works across all 3rd party sites where users post content, or even for encryption of emails. Users have an identity with a Hyde-It Identity provider (HIP) which authenticates the user to a Hyde-It Service (HITS) which performs key distribution. The functionality can be invoked through a user toolbar, built into the browser or be downloaded on demand via a bookmarklet.
    Type: Grant
    Filed: April 23, 2009
    Date of Patent: September 30, 2014
    Inventor: Ravi Ganesan
  • Patent number: 8819439
    Abstract: Method and apparatus for generating cryptographic credentials certifying user attributes and making cryptographic proofs about attributes encoded in such credentials. Attributes are encoded as prime numbers E in accordance with a predetermined mapping and a cryptographic credential is generated encoding E. To prove that an attribute encoded in a cryptographic credential associated with a proving module of the system is a member of a predetermined set of user attributes, without revealing the attribute in question, the proving module determines the product Q of respective prime numbers corresponding to the attributes in the set in accordance with the predetermined mapping of attributes to prime numbers. The proving module demonstrates to the receiving module possession of a cryptographic credential encoding a secret value that is the prime number E, and then whether this secret value divides the product value Q.
    Type: Grant
    Filed: August 24, 2012
    Date of Patent: August 26, 2014
    Assignee: International Business Machines Corporation
    Inventors: Jan Leonhard Camenisch, Thomas R Gross
  • Patent number: 8806573
    Abstract: Techniques are provided for the controlled scheduling of the authentication of devices in a lossy network, such as a mesh network. An authenticator device that is configured to authenticate devices in a lossy network receives an authentication start message from a particular device to be authenticated. The authenticator device determines a schedule for engaging in an authentication procedure for the particular device based on an indication of current network utilization.
    Type: Grant
    Filed: August 9, 2011
    Date of Patent: August 12, 2014
    Assignee: Cisco Technology, Inc.
    Inventors: Atul Mahamuni, Navindra Yadav, Jonathan Hui, Alec Woo, Wei Hong
  • Patent number: 8800004
    Abstract: A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity.
    Type: Grant
    Filed: March 21, 2012
    Date of Patent: August 5, 2014
    Inventor: Gary Martin Shannon
  • Patent number: 8769656
    Abstract: A method for providing fast and secure access to MIFARE applications installed in a MIFARE memory being configured as a MIFARE Classic card or an emulated MIFARE Classic memory, comprises: keeping a repository of MIFARE memories and user identifications assigned to said MIFARE memories as well as of all MIFARE applications installed in the MIFARE memories, wherein, when a new MIFARE application is to be installed in a MIFARE memory identified by a user identification the present memory allocation of said MIFARE memory is retrieved, an appropriate sector of said MIFARE memory is calculated, a key is calculated for said MIFARE application and the MIFARE application together with the assigned sector and key are linked to the user identification and are stored in the repository.
    Type: Grant
    Filed: May 14, 2009
    Date of Patent: July 1, 2014
    Assignee: NXP B.V.
    Inventors: Alexandre Corda, Ismaila Wane, Vincent Lemonnier
  • Publication number: 20140181524
    Abstract: A method is disclosed for authenticating, by a processor that controls a parent device, a child device includes: authenticating the child device by making a comparison between a value obtained by operating, for a first response value, a third transform function, which is decided based on a number of a difference between the value set in an authentication chip of the parent device and the value set in an authentication chip of the child device, and the second response value, wherein a first and a second response values are obtained by operating a first and a second transform functions for output values generated by operating an encryption function for performing encryption for secret keys in authentication chips of the parent device and the child device, respectively.
    Type: Application
    Filed: September 6, 2013
    Publication date: June 26, 2014
    Applicant: FUJITSU LIMITED
    Inventors: Kouichi ITOH, Masahiko TAKENAKA
  • Patent number: 8756690
    Abstract: The present disclosure provides systems and methods for detecting attacks against authentication mechanisms that generate Transport Layer Security (TLS) tunnels using a server public key. Such attacks can include misconfigured wireless local area network (WLAN) clients that fail to authenticate the server public key prior to creating the TLS tunnels and exchanging credentials. In an exemplary embodiment, an intrusion detection system (IDS) or intrusion prevention system (IPS) is aware of the server public key and monitors for authentication handshakes to detect invalid keys.
    Type: Grant
    Filed: September 30, 2009
    Date of Patent: June 17, 2014
    Assignee: Symbol Technologies, Inc.
    Inventor: Jason Orgill
  • Patent number: 8752127
    Abstract: Embodiments of the invention provide systems and methods for identifying devices by a trusted service manager. According to one example embodiment of the invention, a method for identifying communications is provided. The method can include receiving, by a service provider from a device, a message comprising card production life cycle (CPLC) information associated with a secure element incorporated into the device; and evaluating, by the service provider, the received CPLC information in order to identify the secure element.
    Type: Grant
    Filed: May 25, 2012
    Date of Patent: June 10, 2014
    Assignee: First Data Corporation
    Inventors: Roger Lynn Musfeldt, Brent Dewayne Adkisson, Brian Kean
  • Patent number: 8732459
    Abstract: In one embodiment, the invention provides a portable wireless personal communication system for cooperating with a remote certification authority to employ time variable secure key information pursuant to a predetermined encryption algorithm to facilitate convenient, secure encrypted communication. The disclosed system includes a wireless handset, such as PDA, smartphone, cellular telephone or the like, characterized by a relatively robust data processing capability and a body mounted key generating component which is adapted to be mounted on an individual's body, in a permanent or semi-permanent manner, for wirelessly broadcasting, within the immediate proximity of the individual, a secret or private key identifying signal corresponding to a time variable secure key information under the control of the certification authority.
    Type: Grant
    Filed: December 21, 2012
    Date of Patent: May 20, 2014
    Assignee: MLR, LLC
    Inventor: Charles M. Leedom, Jr.
  • Patent number: 8719907
    Abstract: A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity.
    Type: Grant
    Filed: May 11, 2012
    Date of Patent: May 6, 2014
    Inventor: Gary Martin Shannon
  • Patent number: 8689291
    Abstract: The disclosure discloses a wireless access device (2), which includes: a wireless module (204) which establishes a wireless connection with a network, a solid state memory (203) partitioned into different storage volumes, a driver management module (202) and an enumeration management module (201). In the solid state memory, the fourth storage volume stores a bootstrap, the first storage volume stores an operating system and system management software, and the third storage volume stores encryption driver management software, device drive software and device management software. The driver management module (202) stores storage volume information.
    Type: Grant
    Filed: October 29, 2010
    Date of Patent: April 1, 2014
    Assignee: ZTE Corporation
    Inventor: Jian Cui
  • Patent number: 8683205
    Abstract: A method begins by a processing module determining whether a data access request is requesting access to data stored in a plurality of dispersed storage networks (DSNs). The method continues with the processing module determining whether one of the plurality of DSNs is a home DSN to a requesting entity when the data access request is requesting access to data stored in the plurality of DSNs. The method continues with the processing module utilizing a local signed certificate to access one or more dispersed storage (DS) units of the home DSN, validating a global signed certificate with one or more DS units of a non-home DSN of the plurality of DSNs to produce a valid global signed certificate, and utilizing the valid signed certificate to access the one or more DS units of the non-home DSN when the plurality of DSNs includes the home DSN.
    Type: Grant
    Filed: May 11, 2011
    Date of Patent: March 25, 2014
    Assignee: Cleversafe, Inc.
    Inventors: Jason K. Resch, Gary W. Grube, Timothy W. Markison
  • Patent number: 8677128
    Abstract: An encryption based method of enabling a plurality of parties to share, create, hide, or reveal message or token information over a network includes a commutative group cipher (CGC), where the underlying CGC is secure against ciphertext-only attack (COA) and plaintext attacks (KPA), and is deterministic. The protocols doe not require a trusted third party (TTP), and execute rapidly enough on ordinary consumer computers as to be effective for realtime play among more than two players. Protocols are defined which include VSM-L-OL, VSM-VL, VSM-VPUM, and VSM-VL-VUM, wherein the letters V, O, SM, P, and UM represent, respectively, Verified, Locking Round, Open, Shuffle-Masking Round, Partial, and Unmasking Round.
    Type: Grant
    Filed: October 13, 2010
    Date of Patent: March 18, 2014
    Inventor: Sergio Demian Lerner
  • Patent number: 8660268
    Abstract: A method and apparatus for client authentication using a pseudo-random number generation system. The pseudo-random number generation utilizes a secret key as well as state information as input into the hash function to generate a pseudo-random number. The state information that is part of the input can be any number of prior generated pseudo-random numbers. The authentication allows for synchronization of the client and server by exchanging state information. The authentication is not dependent on any absolute time and consequently the client and servers are not required to maintain a reliable shared time base.
    Type: Grant
    Filed: April 29, 2008
    Date of Patent: February 25, 2014
    Assignee: Red Hat, Inc.
    Inventor: James Paul Schneider
  • Patent number: 8631231
    Abstract: One embodiment of the invention is directed to a method including receiving an alias identifier associated with an account associated with a presenter, determining an associated trusted party using the alias identifier, sending a verification request message to the trusted party after determining the associated trusted party, and receiving a verification response message.
    Type: Grant
    Filed: March 1, 2010
    Date of Patent: January 14, 2014
    Assignee: Visa U.S.A. Inc.
    Inventors: David Wentker, Michael Lindelsee, Olivier Brand, James Dimmick, Tribhuwan A. Singh Grewal
  • Patent number: 8595492
    Abstract: On-demand protection and authorization of playback of media assets includes receiving digital media at a server computer, storing intermediary data in a data store, and receiving a request from a client for the digital media. The method also includes generating a protected copy of the digital media from the digital media and the intermediary data. The method also includes storing a description of the protected copy in a database and sending the protected copy to the client. The method also includes receiving a request from the client to access the digital media and reading the description from the database based on information in the request. The method also includes sending a response to the client, the response indicating whether the client is authorized to access the digital media, and the response including cryptographic data to decrypt the protected digital media if the client is authorized to access the digital media.
    Type: Grant
    Filed: August 19, 2009
    Date of Patent: November 26, 2013
    Assignee: Pix System, LLC
    Inventors: Paul McReynolds, Eric B. Dachs, Erik Bielefeldt, Craig Wood
  • Patent number: 8582757
    Abstract: A method for protecting the execution of a ciphering or deciphering algorithm against the introduction of a disturbance in a step implementing one or several first values obtained from second values supposed to be invariant and stored in a non-volatile memory in which, during an execution of the algorithm: a current signature of the first values is calculated; this current signature is combined with a reference signature previously stored in a non-volatile memory; and the result of this combination is taken into account at least in the step of the algorithm implementing said first values.
    Type: Grant
    Filed: August 26, 2009
    Date of Patent: November 12, 2013
    Assignee: STMicroelectronics (Rousset) SAS
    Inventors: Albert Martinez, Yannick Teglia
  • Patent number: 8577028
    Abstract: There are disclosed systems and methods for computing an exponentiatied message. In one embodiment blinding is maintained during the application of a Chinese Remainder Theorem (CRT) algorithm and then removed subsequent to the completion of the CRT algorithm. In another embodiment, fault injection attacks, such as the gcd attack, can be inhibited by applying and retaining blinding during the application of the CRT algorithm to yield a blinded exponentiation value, and then subsequently removing the blinding in a manner that causes an error injected into the CRT computation to cascade into the exponent of the value used to unblind the blinded exponentiated value.
    Type: Grant
    Filed: February 18, 2010
    Date of Patent: November 5, 2013
    Assignee: Certicom Corp.
    Inventors: Nevine Maurice Nassif Ebeid, Robert John Lambert
  • Patent number: 8566908
    Abstract: A method allows access to a set of secure databases and database applications over an untrusted network without replicating the secure database. The method involves authenticating a user using a first authentication application. When the user is verified, then the user's credentials are directed to a second authentication application associated with a secure database based on a first set of user settings retrieved for the user. The second authentication application, based on a second set of user settings, grants the user access to the secure database and database applications associated with the secure database.
    Type: Grant
    Filed: September 14, 2012
    Date of Patent: October 22, 2013
    Assignee: AT&T Intellectual Propert II, L.P.
    Inventors: Roger Aboujaoude, Hossein Eslambolchi, John McCanuel, Michael Morris, Saeid Shariati
  • Patent number: 8560859
    Abstract: A storage controller and program product is provided for performing double authentication for controlling disruptive operations on storage resources generated by a system administrator. A first request is received from a first user for generation of a first key. A first key is generated, provided to the first user and associated with the storage resource. An input is received from the administrator, the input comprises a second key and a command for performing the disruptive operation. The second key and the first key are compared. It is verified that the administrator is authorized as an administrator of the storage resource. The disruptive operation is performed on the storage resource if the second key and the first key match and the administrator is authorized. Otherwise, the performance of the disruptive operation is denied.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: October 15, 2013
    Assignee: International Business Machines Corporation
    Inventors: Vincent Boucher, Sebastien Chabrolles, Benoit Granier, Arnaud Mante
  • Patent number: 8555067
    Abstract: Methods and apparatus enabling programming of electronic identification information of a wireless apparatus. In one embodiment, a previously purchased or deployed wireless apparatus is activated by a cellular network. The wireless apparatus connects to the cellular network using an access module to download operating system components and/or access control client components. The described methods and apparatus enable updates, additions and replacement of various components including Electronic Subscriber Identity Module (eSIM) data, OS components. One exemplary implementation of the invention utilizes a trusted key exchange between the device and the cellular network to maintain security.
    Type: Grant
    Filed: May 19, 2011
    Date of Patent: October 8, 2013
    Assignee: Apple Inc.
    Inventors: Stephan V. Schell, Arun G. Mathias, Jerrold Von Hauck, David T. Haggerty, Kevin McLaughlin, Ben-Heng Juang, Li Li
  • Patent number: 8549604
    Abstract: A user authentication method and system. A computing system receives from a user, a first request for accessing specified functions executed by a specified software application. The computing system enables a security manager software application and connects the specified software application to a computing apparatus. The computing system executes first security functions associated with the computing apparatus. The computing system executes second security functions associated with additional computing apparatuses. The computing system determines if the user may access the specified functions executed by the specified software application based on results of executing the first security functions and the second security functions. The computing system generates and stores a report indicating the results.
    Type: Grant
    Filed: March 23, 2009
    Date of Patent: October 1, 2013
    Assignee: International Business Machines Corporation
    Inventors: Sara H. Basson, Dimitri Kanevsky, Edward Emile Kelley, Irina Rish
  • Patent number: 8533796
    Abstract: In general, the subject matter described in this specification can be embodied in methods, systems, and program products for providing access to secured resources. A token providing system stores a primary authentication token that is used to obtain temporary authentication tokens. The token providing system provides, to application programs that are unable to access the primary authentication token, the temporary authentication tokens. The token providing system receives, from a first application program of the application programs, a first request to obtain a first temporary authentication token. The first request does not include the primary authentication token. The token providing system transmits a second request to obtain the first temporary authentication token. The second request includes the primary authentication token. The token providing system receives the first temporary authentication token.
    Type: Grant
    Filed: April 26, 2011
    Date of Patent: September 10, 2013
    Assignee: Google Inc.
    Inventors: Vittaldas Sachin Shenoy, Pankaj Risbood, Vivek Sahasranaman, Christoph Kern, Evan K. Anderson
  • Patent number: 8522317
    Abstract: A device for maintaining an address translation table, placed in series between a user terminal and a third-party entity of a telecommunications network, is disclosed. The device is adapted to verify the existence in the address translation table of an entry specific to the exchange of application signaling messages using said protocol between the terminal and the third-party entity and, if there is no entry specific to the exchange of application signaling messages using said protocol between the terminal and the third-party entity, to create a specific entry in the address translation table associating with a private address and a private port of the terminal in a private network connecting it to said device a public address and a public port of the terminal in the telecommunications network and an indication of the validity of the entry, this validity indication taking into account the first reception time.
    Type: Grant
    Filed: November 24, 2008
    Date of Patent: August 27, 2013
    Assignee: France Telecom
    Inventors: Jean-Claude Le Rouzic, RĂ©gis Savoure
  • Patent number: 8498411
    Abstract: A method, integrated circuit chip, and computer program product for cryptographically processing an input value with Elliptic Curve Cryptography (ECC) using ECC scalar multiplication are provided. The ECC scalar multiplication is performed with the use of an enhanced acceleration table (EAT). The EAT uses multiple running totals with multiples above 2. The EAT, in some embodiments, uses reference values other than 0 and 2^window size.
    Type: Grant
    Filed: September 29, 2009
    Date of Patent: July 30, 2013
    Assignee: EMC Corporation
    Inventors: Sean Parkinson, Mark Hibberd, Peter Alan Robinson, David Paul Makepeace