By Generation Of Certificate Patents (Class 713/175)
  • Patent number: 8468354
    Abstract: A method for authentication authorization and accounting (AAA) in an interworking between at least two networks. The at least two networks are capable of communicating with a broker and include a first network and a second network to user certificate from a user device corresponding to a user of the first network. The first network to user certificate is signed by at a first network private key and includes a broker to first network certificate and a user public key. The broker to first network certificate is signed by a broker private key and includes a first network public key. A session key is sent from the second network to the user device when the broker to first network certificate and the first network to user certificate are determined to be authentic by the second network based upon the broker public key and the first network public key, respectively. The session key is encrypted with the user public key. The session key is permitting the user device to access the second network.
    Type: Grant
    Filed: May 27, 2003
    Date of Patent: June 18, 2013
    Assignee: Thomson Licensing
    Inventor: Junbiao Zhang
  • Patent number: 8468355
    Abstract: In accordance with certain embodiments of the present disclosure, a method for creating a veiled certificate is provided. The method comprises requesting a certificate from a regulator by sending a message with a digital signature of the message signed by the owner. The message comprises an owner's veiled certificate token, the veiled certificate token comprising an encrypted version of the owner's identification data and the owner's identification public key for the certificate. The message further comprises the identification public key, the whole message being encrypted using the regulator's external public key. The certificate request is validated by verifying the sender's identity through validation of the digital signature using the owner's external public key and verifying the veiled certificate token using the individual' external public key.
    Type: Grant
    Filed: December 21, 2009
    Date of Patent: June 18, 2013
    Assignee: University of South Carolina
    Inventors: John H. Gerdes, Jr., Joakim Kalvenes, Chin-Tser Huang
  • Patent number: 8468359
    Abstract: Techniques for creating and using credentials for blinded intended audiences are provided. A principal desires access to a target service. An identity associated with the target service is hidden from an identity service via a random identifier. The identity service supplies an assertion with credentials and the random identifier. The principal sends the assertion and an access message, which also includes the random identifier to the target service. The target service compares the identifier included with the message to the identifier in the assertion and when a match occurs access is permitted to the target service, assuming other credentials associated with the assertion are satisfied as well.
    Type: Grant
    Filed: June 30, 2006
    Date of Patent: June 18, 2013
    Assignee: Novell, Inc.
    Inventors: Cameron Craig Morris, Lloyd Leon Burch, Tammy Anita Green
  • Patent number: 8464063
    Abstract: A system creates a trusted group of devices for single sign on. The trusted group is a set of two or more devices which can communicate securely to exchange information about the states of the devices. The two or more devices can arrange or establish the trusted group through the exchange of credentials or authentication information. After the establishment of the trusted group, the two or more devices may communicate through a secure connection established between the members of the trusted group. Each device may then execute normally and may encounter events that change the status of the device. Information about the locking or unlocking of the computer can be exchanged with the other members of the trusted group and the other members may also lock or unlock in concert.
    Type: Grant
    Filed: March 7, 2011
    Date of Patent: June 11, 2013
    Assignee: Avaya Inc.
    Inventors: Amit Agarwal, Mehmet Balasaygun, Swapnil Kamble, Raj Sinha
  • Patent number: 8458786
    Abstract: Systems, methods and apparatus for tunneling in a cloud based security system. In an aspect, tunnel session data describing authentication and unauthenticated sessions, and location data describing tunnel identifiers for tunnels, locations, and security policies specific to the locations are accessed. Tunnel packets are received, and for each tunnel packet it is determined, from the tunnel identifier associated with the packet, whether a session entry in the session data exists for the tunnel identified by the tunnel identifier. In response to determining that a session entry does not exist in the session data, then a session entry is created for the tunnel identifier, an authentication process to determine a location to be associated with the session entry is performed, and an entry in the location data for the location is associated with the session entry.
    Type: Grant
    Filed: August 13, 2010
    Date of Patent: June 4, 2013
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Jose Raphel, Srikanth Devarajan
  • Patent number: 8458462
    Abstract: A network device, such as an access control server, verifies the integrity of other network devices requiring access to a secure multicast. The network device receives a health status report from the other network devices and grants or denies access to the secure multicast based on a comparison of the health status report with a set of one or more stored policies. The network device then provides group keys to authorized network devices. The network device may also include a monitoring module that monitors activities of authorized network devices. Where the network device monitors authorized network devices, authorized network devices with behavior that fails to satisfy one or more behavioral policies will have their authorization revoked and will no longer have access to the secure multicast.
    Type: Grant
    Filed: November 14, 2008
    Date of Patent: June 4, 2013
    Assignee: Juniper Networks, Inc.
    Inventor: Stephen R. Hanna
  • Patent number: 8458458
    Abstract: A security module is provided in a data recording medium, data to be written to the data recording medium is encrypted with an content key different from one data to another, and the content key is safely stored in the security module. Also, the security module makes a mutual authentication using the public-key encryption technology with a drive unit to check that the counterpart is an authorized (licensed) unit, and then gives the content key to the counterpart, thereby preventing data from being leaked to any illegal (unlicensed) unit. Thus, it is possible to prevent copyrighted data such as movie, music, etc. from being copied illegally (against the wish of the copyrighter of the data).
    Type: Grant
    Filed: June 4, 2010
    Date of Patent: June 4, 2013
    Assignee: Sony Corporation
    Inventors: Tomoyuki Asano, Yoshitomo Osawa
  • Publication number: 20130138962
    Abstract: A plurality of users is assumed in which user A is the owner of content providing the source of a link, user B is the owner of the content providing the destination of the link, and user C is a viewer. Each user has a private key and a public key, and the public keys are shared by the users. User B selects user C in advance as a viewer. User B creates data including a value in which an encryption key with a proxy signature generated on the basis of the public key of user C and its own private key is encrypted using the public key of user A, and distributes the data to user A, which is the owner of the content providing the source of the link. User A decrypts the received data including the value using its own private key. This makes a function available based on encryption with the proxy signature. User A converts the link information using this function, signs the information using its own private key, and sends it to user C.
    Type: Application
    Filed: November 23, 2012
    Publication date: May 30, 2013
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: International Business Machines Corporation
  • Patent number: 8452979
    Abstract: Portable telecommunications apparatus having one or more functionalities including providing user access to a telecommunications network, the portable telecommunications apparatus comprising integrated circuit card (ICC) reader circuitry, storage circuitry and processing circuitry, wherein the ICC reader circuitry is configured to communicate with one or more network-access ICCs; the storage circuitry is arranged to comprise a list of at least one network-access ICC authorised for use with the apparatus; and wherein the processing circuitry is arranged to undertake an authentication process on removable storage circuitry in communication with the apparatus to determine whether or not the security circuitry is authenticated for use with the apparatus; to allow the authorisation of network-access ICCs in the storage circuitry according to whether authenticated security circuitry is in communication with the apparatus; and to permit a user access to the one or more functionalities of the apparatus according to w
    Type: Grant
    Filed: May 22, 2007
    Date of Patent: May 28, 2013
    Assignee: Nokia Corporation
    Inventor: Jason Dai
  • Patent number: 8452974
    Abstract: An image processing apparatus includes a first partial information providing unit that provides first partial information to another device holding a first signing key KS corresponding to a first verification key KV, the first partial information constituting a part of a second verification key KV? (KV??KV) that is capable of verifying an electronic signature ? generated using the first signing key KS and being unable to identify the second verification key KV?; a second partial information acquisition unit that acquires second partial information which is generated by the another device using the first partial information and the first signing key KS, and which is unable to identify the first signing key KS and used for generating the remaining part of the second verification key KV?; and a second verification key generation unit that generates the second verification key KV? based on the first and second partial information.
    Type: Grant
    Filed: April 23, 2010
    Date of Patent: May 28, 2013
    Assignee: Sony Corporation
    Inventor: Koichi Sakumoto
  • Publication number: 20130132726
    Abstract: A method for recording a document with authenticity certification information. The method includes receiving an indication from a user regarding their intention to accept and/or receive a proposed set of documentary content elements and presenting a visual display of the documentary content elements. The method further includes presenting and detecting an actuatable acknowledgment mechanism and receiving and transmitting account information to an account provider. The method also includes generating a digital certificate and key pairs from one or more items associated the account information.
    Type: Application
    Filed: January 22, 2013
    Publication date: May 23, 2013
    Inventors: Stephen M. Hitchen, Susan E. Morrow, James A.L. Porter, Gerard D. O'Brien
  • Patent number: 8443448
    Abstract: A system and method for performing a security check may include using at least one processor to periodically check a status of a flag, generate and store a baseline representation of modules stored on the device where the flag is determined to be set to a first state, and, where the flag is determined to be set to a second state, generate an active representation of modules stored on the first device, compare the active representation of modules to the baseline representation of modules, and, responsive to a determination in the comparing step of a difference between the baseline and active representations of modules, output an alert. The flag status may depend on an association of the device with one of a plurality of authorization policies, each mapped to one of the two states. Results of the comparison may be appended to an activity log of the device.
    Type: Grant
    Filed: August 20, 2009
    Date of Patent: May 14, 2013
    Assignee: Federal Reserve Bank of New York
    Inventors: Danny Brando, Joonho Lee, Jia Ye
  • Patent number: 8438394
    Abstract: A device-bound certificate authority binds a certificate to one or more devices by including digital fingerprints of the devices in the certificate. A device only uses a device-bound certificate if the digital fingerprint of the device is included in the certificate and is verified. Thus, a certificate is only usable by one or more devices to which the certificate is explicitly bound. Such device-bound certificates can be used for various purposes served by certificates generally such as device driver authentication and authorization of access to secure content, for example.
    Type: Grant
    Filed: July 8, 2011
    Date of Patent: May 7, 2013
    Assignee: NetAuthority, Inc.
    Inventors: Craig S. Etchegoyen, Dono Harjanto
  • Patent number: 8433929
    Abstract: Provided is a data management device for managing data recorded onto a readable and writable recording medium by an application that is verified based on a digital certificate. The recording medium has a plurality of areas and access to each area is restricted to a different application. The data management device includes an application authentication module, a mapping module, and a local storage display module. The application authentication module verifies that an application is an authentic application based on a digital certificate attached to the application. The mapping module associates, if the application is verified, an area accessible by the application with a subject name described in the digital certificate used for the verification. The local storage display module displays information regarding the area accessible by the application, with the use of the subject name associated with the area.
    Type: Grant
    Filed: April 3, 2008
    Date of Patent: April 30, 2013
    Assignee: Panasonic Corporation
    Inventor: Ken Yamashita
  • Patent number: 8429410
    Abstract: In at least one embodiment, there is provided a mobile wireless device comprising: a microprocessor and memory, the memory comprising a set of control settings used to control a plurality of device operations; wherein the microprocessor is configured to: receive a first digital signature key for verifying digital signatures on software applications to be installed on the device; determine if any digital signature keys for verifying digital signatures on software applications to be installed on the device exist on the device, and if not, store the received first digital signature key in the memory; receive a software application for installation on the device; verify a digital signature on the received software application using the first digital signature key; and install the software application on the device if the digital signature on the received software application is successfully verified.
    Type: Grant
    Filed: July 2, 2010
    Date of Patent: April 23, 2013
    Assignee: Research In Motion Limited
    Inventors: Herbert Anthony Little, David Clark, Russell Norman Owen, Scott William Totzke, Neil Patrick Adams, Michael Stephen Brown
  • Patent number: 8429734
    Abstract: Certificate information associated with a received certificate, such as a Secure Sockets Layer (SSL) certificate is stored in a trusted local cache and/or in one or more remote trusted sources, such as a single remote trusted source and/or a trusted peer network. When a site certificate is received on a host computer system, certificate information associated with the received site certificate is obtained and compared with the stored certificate information to determine whether or not the site certificate indicates malicious activity, such as a malicious DNS redirection or a fraudulent local certificate. When a site certificate is not found indicative of malicious activity, the site certificate is released. Alternatively, when a site certificates is found indicative of malicious activity protective action is taken. In some embodiments, a user's log-in credentials are automatically obtained from a trusted local cache and automatically submitted to a web site.
    Type: Grant
    Filed: July 31, 2007
    Date of Patent: April 23, 2013
    Assignee: Symantec Corporation
    Inventors: Paul Agbabian, William E. Sobel, Bruce McCorkendale
  • Publication number: 20130097425
    Abstract: Providing consistent cryptographic operations across several applications using secure structured data objects includes a security middleware component, using an application programming interface, receiving a data input from an originating application operating in application space. Both the application and the middleware component execute in the data processing system. A security schema object is retrieved by the security middleware component from an object store, the security schema object describing a sequence of cryptographic operations and includes several components describing aspects of the cryptographic operations. The data input is transformed from a first format to a second format where one of the formats is a secure structured data object formed using the sequence of cryptographic operations. A property of the secure structured data object contains data about the security schema object. The data input is transmitted in the second format to a consumer application operating in application space.
    Type: Application
    Filed: October 13, 2011
    Publication date: April 18, 2013
    Applicant: International Business Machines Corporation
    Inventors: Patricio Marcelo Reyna Almandos, Eduardo Martin Coria, Mariela Claudia Lanza, Guillermo Manzato, Mariano Alejandro Prediletto, James J. Whitmore
  • Patent number: 8421593
    Abstract: Apparatus, systems and methods for authenticating objects, comprising receiving an encrypted object identifier associated with an unknown object having multiple components, decrypting the encrypted object identifier using a first public key of a first public/private key pair to obtain unknown object information including unknown identification data for the multiple components, inspecting the unknown object to obtain actual object information including actual identification data for the multiple components, and comparing the unknown identification data with the actual identification data to determine whether the unknown object is an authentic object, wherein an authentic object has an object identifier generated using a first private key of the first public/private key pair to encrypt the actual object information.
    Type: Grant
    Filed: August 7, 2008
    Date of Patent: April 16, 2013
    Inventor: Bertil A. Brandin
  • Patent number: 8423773
    Abstract: A multimedia messaging system for receiving/sending multimedia messages, includes: a wireless LAN; and a MMS gateway. The MMS gateway performs: receiving/sending the multimedia message to/from a MMS user device via the wireless LAN; and encrypting the multimedia message. The encryption is performed by: issuing a certificate to the MMS user device; sending a session ID and a master key encrypted by the MMS gateway's private key to the MMS user device in response to a request of the MMS user device having the certificate; generated a shared secret key using an algorithm combining the master key with the MMS user device's phone number and the session ID; and encrypting the multimedia message using the shared secret key.
    Type: Grant
    Filed: September 4, 2012
    Date of Patent: April 16, 2013
    Assignee: International Business Machines Corporation
    Inventors: Jun Shen, Song Song, Pei Sun, Jian Ming Zhang
  • Patent number: 8424080
    Abstract: An authentication method of an electronic device is disclosed. A plurality of key inputs is received from a user via activation of input keys. At least one key input from the key inputs is validated based on a predefined criterion to obtain a password. The password is compared to a registered password to obtain an authenticated password.
    Type: Grant
    Filed: September 28, 2010
    Date of Patent: April 16, 2013
    Assignee: KYOCERA Corporation
    Inventor: Norihiro Takimoto
  • Patent number: 8423763
    Abstract: A method and system for supporting multiple digital certificate status information providers are disclosed. An initial service request is prepared at a proxy system client module and sent to a proxy system service module operating at a proxy system. The proxy system prepares multiple service requests and sends the service requests to respective multiple digital certificate status information providers. One of the responses to the service requests received from the status information providers is selected, and a response to the initial service request is prepared and returned to the proxy system client module based on the selected response.
    Type: Grant
    Filed: November 26, 2010
    Date of Patent: April 16, 2013
    Assignee: Research In Motion Limited
    Inventors: Herbert A. Little, Stefan E. Janhunen, Dale J. Hobbs
  • Patent number: 8423762
    Abstract: What is disclosed is a system and method that allows a secondary certificate authority to rely on one or more existing primary certificate authorities to establish identity of a user and provide identity certificates. The secondary certificate authority applies business rules to those identity certificates to establish a community of privilege, and then issues and maintains new privilege certificates without issuing new private keys or smart cards. The new privilege certificates bind the original identity, the sponsor, i.e., the primary certificate authority, and the privilege. The new privilege certificates can be used on a Public Key Infrastructures (PKI) transaction basis, for example, to grant access to unclassified and Multi-Level Secure (MLS) resources without further reference to the existing primary certificate authorities.
    Type: Grant
    Filed: July 25, 2006
    Date of Patent: April 16, 2013
    Assignee: Northrop Grumman Systems Corporation
    Inventors: Kenneth W. Aull, Erik J. Bowman, James B. Rekas
  • Publication number: 20130091352
    Abstract: Techniques are provided for obtaining first and second digital certificates from a certificate authority database for establishing a secure exchange between network devices. The first digital certificate contains identity information of a first network device, and the second digital certificate contains classification information of the first network device. In one embodiment, a secure key exchange is initiated with the second network device, and the first and second digital certificates are transmitted as a part of the secure key exchange to the second network device. In another embodiment, the first and second digital certificates are received by an intermediate network device. The first digital certificate is encrypted and is not evaluated by the intermediate network device. The second digital certificate is evaluated for classification information of the first network device.
    Type: Application
    Filed: October 5, 2011
    Publication date: April 11, 2013
    Applicant: CISCO TECHNOLOGY, INC.
    Inventors: Kunal Patel, Yixin Sun, Puneet Gupta, Vinod Arjun, David McGrew
  • Patent number: 8418236
    Abstract: A system, method, computer program and/or computer readable medium for providing streaming of one or more applications from streaming servers onto one or more clients. The computer readable medium includes computer-executable instructions for execution by a processing system. The one or more applications are contained within one or move isolated environments, and the isolated environments are streamed from the servers onto clients. The system may include authentication of the streaming servers and authentication of clients and credentialing of the isolated environments and applications the clients are configured to run. The system may further include encrypted communication between the streaming servers and the clients. The system may further include a management interface where administrators may add, remove and configure isolated environments, configure client policies and credentials, and force upgrades.
    Type: Grant
    Filed: July 20, 2010
    Date of Patent: April 9, 2013
    Assignee: Open Invention Network LLC
    Inventor: Allan Havemose
  • Publication number: 20130086384
    Abstract: A method and system that facilitates power management over an IPv6 network connection is described. A first host having an application creates a power management option for managing power management settings of one or more second hosts, which is in network communication with the first host. A neighbor solicitation request is sent with the power management option to the one or more second hosts, wherein the power management option requests the power management settings of the one or more second hosts. A table of the power management settings for each of the one or more second hosts is generated from the responses received from the neighbor solicitation request, and the power management settings are applied to the one or more second hosts.
    Type: Application
    Filed: September 29, 2011
    Publication date: April 4, 2013
    Applicant: KONICA MINOLTA LABORATORY U.S.A., INC.
    Inventor: Maria PEREZ
  • Patent number: 8412927
    Abstract: Embodiments of the present invention provide a profile framework for handling enrollment requests. In particular, when a token processing system receives an enrollment request, it selects an applicable profile based on information in the request. The profile may indicate a variety of parameters for fulfilling the enrollment request, such as the locations of the applicable certificate authority, token key service, and the like. The profile may also indicate items, such as the number of keys to generate on a token, a token label, and connection information to securely communicate with other components and the client making the enrollment request.
    Type: Grant
    Filed: June 7, 2006
    Date of Patent: April 2, 2013
    Assignee: Red Hat, Inc.
    Inventors: Nang Kon Kwan, Chandrasekar Kannan, Shuk Yee Ho, Steven William Parkinson, Christina Fu
  • Patent number: 8412932
    Abstract: A method and system for collecting account access statistics from information provided by client certificates. In one embodiment, the method comprises requesting client certificates from remote terminals that request to access a computing resource. The method further comprises updating the account access statistics based on information provided by presence or absence of the client certificates and contents of the client certificates for the client certificates that are present.
    Type: Grant
    Filed: February 28, 2008
    Date of Patent: April 2, 2013
    Assignee: Red Hat, Inc.
    Inventor: James P. Schneider
  • Patent number: 8412944
    Abstract: A professional subscriber station, a document authority station and a client station are provided. The professional subscriber station has a first electronic device for creating a document for being certified. The document authority station has a second electronic device adapted to receive the document and to certify the document and to transmit a document of certification and a cover sheet with codes to the professional subscriber station. The client station is adapted to receive the document and cover sheet with codes from the professional subscriber station. The client station has a third electronic device for viewing the certificate of authenticity at the client station and the document.
    Type: Grant
    Filed: December 17, 2010
    Date of Patent: April 2, 2013
    Inventor: Pasquale Mazzone
  • Publication number: 20130080784
    Abstract: The method for obtaining information relating to the integrity of an article (2) as assessed from an exposure of said article (2) to physical or environmental conditions during a time span during which said article (2) is transported comprises a) providing a device (1) to be located in proximity to said article (2) during said transport, digital certificate data (C) and first digital private key data (K1*) being stored in said device (1); d) storing in said device (1) data (I) related to said physical or environmental conditions, said data being referred to as integrity data (I); e) creating within said device (1) first digitally signed data (DS1) by digitally signing data comprising said integrity data (I) and said digital certificate data (C), using said first digital private key data (K1*); f) storing said first digitally signed data (DS1) in said device (1). A high degree of security against malpractice and data falsification can be achieved. A corresponding device (1) is also presented.
    Type: Application
    Filed: August 27, 2012
    Publication date: March 28, 2013
    Applicant: Q-TAG AG
    Inventor: Christian Oertli
  • Patent number: 8407483
    Abstract: A system for authenticating personal use of contents by using a portable storage medium includes: a portable personal use authentication device configured to store domain authentication information; and a contents personal use authentication apparatus configured to extract playback information for playing a provided content based on the domain authentication information and provide the extracted playback information to a player.
    Type: Grant
    Filed: November 27, 2009
    Date of Patent: March 26, 2013
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Jooyoung Lee, Hyon-Gon Choo, Jeho Nam, Jin-Woo Hong, Moon-Kyun Oh, Sang-Kwon Shin, Won-Sik Cheong, Sangwoo Ahn
  • Publication number: 20130073845
    Abstract: A signature unit, in which a user device generates/transmits digital signature data to an authentication device, includes: a first function, which receives as input a plurality of subsets in which a plurality of characteristics of the users are classified; a second function, which generates a first encrypted text acquired by encrypting a user device public key with an identification device public key; a third function, which generates a second encrypted text, acquired by encrypting characteristic values belonging to a specific subset among the subsets with a characteristic value disclosure device public key; and a fourth function, which employs portions of a group public key and a member certificate to generates a signature of knowledge that denotes that data, of multiplication of a portion of the user device public key and all of the numerical values of a characteristic value certificate corresponding to each of the characteristics, satisfies the specific conditions.
    Type: Application
    Filed: May 23, 2011
    Publication date: March 21, 2013
    Applicant: NEC CORPORATION
    Inventors: Isamu Teranishi, Jun Furukawa
  • Patent number: 8401196
    Abstract: A method and apparatus for performing Joint Randomness Not Shared by Others (JRNSO) is disclosed. In one embodiment, JRNSO is determined in Frequency Division Duplex (FDD) using a baseband signal loop back and private pilots. In another embodiment, JRNSO is determined in Time Division Duplex (TDD) using a baseband signal loop back and combinations of private pilots, private gain functions and Kalman filtering directional processing. In one example, the FDD and TDD JRSNO embodiments are performed in Single-Input-Single-Output (SISO) and Single-Input-Multiple-Output (SIMO) communications. In other examples, the FDD and TDD embodiments are performed in Multiple-Input-Multiple-Output (MIMO) and Multiple-Input-Single-Output (MISO) communications. JRNSO is determined by reducing MIMO and MISO communications to SISO or SIMO communications. JRNSO is also determined using determinants of MIMO channel products. Channel restrictions are removed by exploiting symmetric properties of matrix products.
    Type: Grant
    Filed: April 21, 2008
    Date of Patent: March 19, 2013
    Assignee: InterDigital Technology Corporation
    Inventors: Steven J. Goldberg, Yogendra C. Shah, Alexander Reznik
  • Publication number: 20130067231
    Abstract: In embodiments of load balanced and prioritized data connections, a first connection is established to communicate first data from a first server to a second server over a public network, where the first data is communicated from a private network to a first device or subnet that is connected to the second server. A second connection is established to communicate second data from the first server to the second server over the public network, where the second data is communicated from the private network to a second device or subnet that is connected to the second server. The second server can distinguish the first data from the second data according to an authentication certificate field that identifies one of a first communication interface of the first connection or a second communication interface of the second connection.
    Type: Application
    Filed: September 12, 2011
    Publication date: March 14, 2013
    Inventors: Uma Mahesh Mudigonda, Sai Ganesh Ramachandran, Amit Kumar Nanda
  • Patent number: 8397078
    Abstract: Unlike the technology for a program downloaded through conventional broadcast waves, in the case of downloading a program via a network, there is a possibility that such program will be activated without noticing that the program is tampered with. For this reason, when a program is downloaded via a network, a file hierarchy for the program located on a server is constructed in a local area of a terminal. Subsequently, the authentication of the program is performed with respect to the file hierarchy constructed in the local area, and the credibility of the program is guaranteed.
    Type: Grant
    Filed: August 24, 2011
    Date of Patent: March 12, 2013
    Assignee: Panasonic Corporation
    Inventors: Tadao Kusudo, Yoshio Kawakami
  • Patent number: 8397071
    Abstract: The present invention relates to an authorization key generating method and an authorization key updating method in a mobile communication system. A terminal and a base station generate an authorization key by using a terminal random value and a base station random value that are exchanged in an authorization key generating procedure as input data. In addition, a lifetime of an authorization key is established to be shorter than a lifetime of a root key, and the authorization key is updated with an updating period that is shorter than that of the root period.
    Type: Grant
    Filed: June 8, 2009
    Date of Patent: March 12, 2013
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Seok-Heon Cho, Chul-Sik Yoon
  • Patent number: 8397062
    Abstract: A method and system for authentication is provided. A central node for issuing certificates to a plurality of nodes associated with the central node in a network is also provided. The central node receives a first key from at least one node from among the plurality of nodes and generates a second key based on the received first key and generates a certificate for the at least one node. The generated certificate is transmitted to the at least one node.
    Type: Grant
    Filed: April 21, 2010
    Date of Patent: March 12, 2013
    Assignee: University of Maryland, College Park
    Inventors: Ayan Roy-Chowdhury, John S. Baras
  • Patent number: 8396211
    Abstract: A system and method for dynamically and automatically updating the appropriate fields on the message application screen of an electronic message to show which of the appropriate service book, security encoding or security properties are acceptable or allowed for the message being composed. This updating occurs automatically based on the contents of the fields that are modified during composition of the message, such as, for example, modifications to classification of the message, recipients, keywords, or the like. Thus, the properties in place for a given message is reflected in a dynamic options list provided to the user based on the contents of various fields of the electronic message and the system policies resident on the system. The dynamic updating may provide an updated list of options to the user, or may optionally automatically apply minimum level settings based on security policy and contents of the message.
    Type: Grant
    Filed: July 11, 2006
    Date of Patent: March 12, 2013
    Assignee: Research In Motion Limited
    Inventors: Michael K. Brown, Michael S. Brown, Michael G. Kirkup
  • Patent number: 8392710
    Abstract: An entity bidirectional-identification method for supporting fast handoff involves three security elements, which includes two identification elements A and B and a trusted third party (TP). All identification entities of a same element share a public key certification or own a same public key. When any identification entity in identification element A and any identification entity in identification element B need to identify each other, if identification protocol has never been operated between the two identification elements that they belong to respectively, the whole identification protocol process will be operated; otherwise, interaction of identification protocol will be acted only between the two identification entities.
    Type: Grant
    Filed: May 27, 2009
    Date of Patent: March 5, 2013
    Assignee: China Iwncomm Co., Ltd.
    Inventors: Manxia Tie, Jun Cao, Zhenhai Huang, Xiaolong Lai
  • Patent number: 8392716
    Abstract: An initiator shares y_ir with a responder, calculates HASH_I on the basis of y_ir, and sends HASH_I to an IKE proxy server. The initiator receives a digital signature SIG_S generated for HASH_I and the address of the initiator from the IKE proxy server and sends the digital signature SIG_S to the responder.
    Type: Grant
    Filed: January 21, 2005
    Date of Patent: March 5, 2013
    Assignee: Canon Kabushiki Kaisha
    Inventor: Kazuomi Oishi
  • Patent number: 8392712
    Abstract: According to one embodiment of the invention, a method for controlling access to a network comprises a first operation of determining one or more device characteristics of an electronic device seeking to join the network. Then, one or more unique device credentials are generated for the electronic device. The format of the unique device credentials are based on the one or more device characteristics of the electronic device.
    Type: Grant
    Filed: April 4, 2012
    Date of Patent: March 5, 2013
    Assignee: Aruba Networks, Inc.
    Inventor: David Wilson
  • Patent number: 8386785
    Abstract: Methods and systems for creating and managing certificates for gaming machines in a gaming network using a portable memory device are described. A gaming machine creates a certificate signing request which is stored on a portable memory device at the machine by an operator. The memory device is handed over to a certificate authority (CA) security officer at the casino and is coupled with an appropriate CA server. A certificate batch utility program on the server downloads and processes the CSRs. A certificate services program on the server issues gaming machine certificates according to the CSRs. In one embodiment, the certificates are uploaded onto the memory device, along with copies of certificate authority server certificates, including a root CA certificate. The CA security officer hands the memory device to the casino floor operator. At the machine, the operator inserts or couples the device and software on the machine identifies and downloads its certificate based on the certificate file name.
    Type: Grant
    Filed: June 18, 2008
    Date of Patent: February 26, 2013
    Assignee: IGT
    Inventors: John H. Kim, Matthew D. Kerr, Nicholas M. Hansen-Hiraki, William M. Salivar, Warner R. Cockerille, IV, A. Michael Kinsley, Regan J. Snyder
  • Patent number: 8386776
    Abstract: In a certificate generating/distributing system, an authentication apparatus includes token transmitting means transmitting, to a service mediating apparatus, a certificate generation request token, which is information corresponding to a first certificate valid in the service mediating apparatus, together with the first certificate. The service mediating apparatus includes mediating apparatus token forwarding means forwarding the certificate generation request token to a service providing apparatus. The service providing apparatus includes certificate requesting means transmitting the certificate generation request token to the authentication apparatus when requesting a second certificate valid in the service providing apparatus. The authentication apparatus includes certificate transmitting means transmitting, to the service providing apparatus, the second certificate generated based on the first certificate in response to the request of the second certificate by the certificate requesting means.
    Type: Grant
    Filed: September 17, 2008
    Date of Patent: February 26, 2013
    Assignee: NEC Corporation
    Inventors: Hidehito Gomi, Makoto Hatakeyama
  • Patent number: 8387130
    Abstract: Virtualizing a service is disclosed. A request to access a service from a first server is received from a client. A secret data associated with the first server is used to process the received request. The processed request is sent to a second server. The first and second servers are associated with a virtualization; and wherein the processed request can be used by the second server to authenticate the client.
    Type: Grant
    Filed: December 10, 2007
    Date of Patent: February 26, 2013
    Assignee: EMC Corporation
    Inventors: Philip C. Love, Srinivas Mandayam Aji, Zhaohui Guo
  • Publication number: 20130046988
    Abstract: Embodiments relate to systems and methods for maintaining cryptographic keys for application servers. In particular, applications and/or services of the application servers can desire to encrypt and/or decrypt data during operation of the applications. A key management tool can receive requests, and associated digital certificates from applications of the application servers for associated keys for use by the applications to encrypt and/or decrypt the data. The key management tool can generate a new key for the applications, or locate and retrieve an existing key for the applications. Further, the key management tool can provide a copy of the key to the applications.
    Type: Application
    Filed: August 17, 2011
    Publication date: February 21, 2013
    Inventor: Anil Saldhana
  • Patent number: 8380982
    Abstract: A communication device for performing communication by employing first and second communication units, includes: a reception unit for receiving a communication packet including a random number generated for every connection with another communication device, a certificate calculated with the random number, and authentication method information indicating whether or not an authentication method at the second communication unit is compatible with the public key system, through the first communication unit; and a method determining unit for determining whether or not an originator of the communication packet accepts public key encryption based on the authentication method information included in the communication packet; wherein in a case of the method determining unit determining that the originator of the communication packet does not accept the public key system, the random number included in the communication packet is replied to the originator as the identification information of the device itself.
    Type: Grant
    Filed: February 13, 2009
    Date of Patent: February 19, 2013
    Assignee: Sony Corporation
    Inventors: Naoki Miyabayashi, Yoshihiro Yoneda, Isao Soma, Seiji Kuroda, Yasuharu Ishikawa, Kazuo Takada, Masahiro Sueyoshi
  • Publication number: 20130042114
    Abstract: An information processing system including a medium where a content to be played is stored; and a playing apparatus for playing a content stored in the medium; with the playing apparatus being configured to selectively activate a playing program according to a content type to be played, to obtain a device certificate correlated with the playing program from storage by executing the playing program, and to transmit the obtained device certificate to the medium; with the device certificate being a device certificate for content types in which content type information where the device certificate is available is recorded; and with the medium determining whether or not an encryption key with reading being requested from the playing apparatus is an encryption key for decrypting an encrypted content matching an available content type recorded in the device certificate, and permitting readout of the encryption key only in the case of matching.
    Type: Application
    Filed: July 11, 2012
    Publication date: February 14, 2013
    Applicant: Sony Corporation
    Inventors: Kenjiro Ueda, Hiroshi Kuno, Takamichi Hayashi
  • Patent number: 8375204
    Abstract: A method for forming a digital certificate includes receiving contact information associated with the digital certificate. The contact information includes at least a name, a mailing address, and an email address. The method also includes receiving billing information associated with the digital certificate and receiving a Certificate Signing Request (CSR) for the digital certificate. The method further includes receiving a first name for use in forming the digital certificate and receiving a second name for use in forming the digital certificate. Moreover, the method includes receiving an indication of a vendor of web server software, receiving an indication of a service period for the digital certificate, and forming the digital certificate. The first name is stored in a Subject field of the digital certificate and the second name is stored in the SubjectAltName extension of the digital certificate.
    Type: Grant
    Filed: December 16, 2009
    Date of Patent: February 12, 2013
    Assignee: Symantec Corporation
    Inventors: Quentin Liu, Marc Williams, Richard F. Andrews
  • Patent number: 8375213
    Abstract: Systems and methods consistent with the present invention enable explicit and multilateral trust across a community of federated servers via a network. A trusted third party establishes a framework of policies and procedures governing a federation. Organizations joining the federation submit to an audit process of internal policies and procedures to ensure compliance with the policies and procedures of the federation. Upon successful completion of an audit, an organization may receive a digital certificate containing the digital public key of the organization and indicating approval of the trusted third party. The organization may then use the associated digital private key for signing security assertions associated with a request for resources from another federation service provider. The service provider may trust the assertion from the organization based on trust placed in trusted third party by the service provider and the trust placed in the organization by the trusted third party.
    Type: Grant
    Filed: May 6, 2011
    Date of Patent: February 12, 2013
    Assignee: Exostar Corporation
    Inventors: Christopher Allen Borneman, James Gerard Kobielus, Jeffrey Dean Nigriny, Robert Edmund Sherwood, Vijay Kumar Takanti
  • Publication number: 20130036302
    Abstract: A secure instant messaging (IM) system integrates secure instant messaging into existing instant messaging systems. A certificate authority (CA) issues security certificates to users binding the user's IM screen name to a public key, used by sending users to encrypt messages and files for the user. The CA uses a subscriber database to keep track of valid users and associated information, e.g. user screen names, user subscription expiration dates, and enrollment agent information. A user sends his certificate to an instant messaging server which publishes the user's certificate to other users. Users encrypt instant messages and files using an encryption algorithm and the recipient's certificate. A sending user can sign instant messages using his private signing key. The security status of received messages is displayed to recipients.
    Type: Application
    Filed: October 5, 2012
    Publication date: February 7, 2013
    Applicant: MARATHON SOLUTIONS
    Inventor: MARATHON SOLUTIONS
  • Patent number: 8370631
    Abstract: A trusted certification authority service allows a user to control a combination or a subset of personal credentials associated with different trusted identities of the user to create a new identity that may be used by the user to entitle him to access or obtain a third party service. The copying and/or transfer of trust values (such as bank balances or loyalty points) between different trusted identities in order can maintain the anonymity of a person having one or more of said identities.
    Type: Grant
    Filed: July 29, 2002
    Date of Patent: February 5, 2013
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventor: Siani Pearson