By Generation Of Certificate Patents (Class 713/175)
-
Publication number: 20090240944Abstract: The present invention relates to an authorization key generating method and an authorization key updating method in a mobile communication system. A terminal and a base station generate an authorization key by using a terminal random value and a base station random value that are exchanged in an authorization key generating procedure as input data. In addition, a lifetime of an authorization key is established to be shorter than a lifetime of a root key, and the authorization key is updated with an updating period that is shorter than that of the root period.Type: ApplicationFiled: June 8, 2009Publication date: September 24, 2009Applicant: Electronics and Telecommunications Research InstituteInventors: Seok-Heon Cho, Chul-Sik Yoon
-
Patent number: 7590853Abstract: Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment.Type: GrantFiled: August 20, 2007Date of Patent: September 15, 2009Assignee: Intertrust Technologies CorporationInventors: Victor H. Shear, W. Olin Sibert, David M. Van Wie
-
Patent number: 7587588Abstract: A system for controlling network access to products. The system includes a security appliance connected to a product under operational control of a first entity, a product connection platform and a user terminal under operational control of a second entity, the product connection platform being accessed by the user terminal, and a trust relationship established between the first entity and the second entity based on predetermined criteria between the first entity and the second entity, the trust relationship being represented by a certificate or public/private key exchange. Authentication of access by a user of the user terminal of the second entity to the product of the first entity is deferred to the product connection platform of the second entity based on the predetermined criteria of the trust relationship, whereupon if authentication is granted, the user is provided access to the product.Type: GrantFiled: August 11, 2004Date of Patent: September 8, 2009Assignee: Avaya Inc.Inventors: Merlon Odell Clemmons, II, Subrata Mazumdar, Robert R Seibel, TK Srinivas, Sriram Chittur Viswanathan
-
Publication number: 20090222659Abstract: A communication device for performing communication by employing first and second communication units, includes: a reception unit for receiving a communication packet including a random number generated for every connection with another communication device, a certificate calculated with the random number, and authentication method information indicating whether or not an authentication method at the second communication unit is compatible with the public key system, through the first communication unit; and a method determining unit for determining whether or not an originator of the communication packet accepts public key encryption based on the authentication method information included in the communication packet; wherein in a case of the method determining unit determining that the originator of the communication packet does not accept the public key system, the random number included in the communication packet is replied to the originator as the identification information of the device itself.Type: ApplicationFiled: February 13, 2009Publication date: September 3, 2009Applicant: Sony CorporationInventors: Naoki Miyabayashi, Yoshihiro Yoneda, Isao Soma, Seiji Kuroda, Yasuharu Ishikawa, Kazuo Takada, Masahiro Sueyoshi
-
Publication number: 20090222667Abstract: Current MAC algorithms impose a significant system performance requirement in order to process messages in real time. According to an exemplary embodiment of the present invention, a hardware implemented generator for generating a MAC is provided, that results in a significant improvement in hardware performance requirements for processing messages in real time. The engine is based on linear feedback shift registers which are adapted to generate secure MACs.Type: ApplicationFiled: February 24, 2006Publication date: September 3, 2009Applicant: NXP B.V.Inventors: Marc Vauclair, Serret Avila Javier, Ventzislav Nikov
-
Patent number: 7584360Abstract: A management unit (110) which issues a digital certificate to a new transmission unit (410) includes a wireless communication section for performing communication in a network (300) and a wire communication section to which the new transmission unit (410) can be connected; when the new transmission unit (410) is wire-connected to the management unit (110), it is judged in accordance with the received device type information of the new transmission unit (410), whether or not the new transmission unit (410) is a device having a communication means that can communicate in the network (300); and if the new transmission unit is judged as a device having that type of means, the management unit creates a digital certificate by using a device identifier specific to the new transmission unit (410), and sends the digital certificate to the new transmission unit (410).Type: GrantFiled: November 5, 2004Date of Patent: September 1, 2009Assignee: Mitsubishi Electric CorporationInventors: Tsuyoshi Kasaura, Sadayuki Inoue, Soichiro Matsumoto, Tetsuro Shida, Toshimitsu Sato, Masahiro Tsujishita
-
Patent number: 7584351Abstract: A method of transferring digital certificates from a digital-certificate transferring apparatus to a communications counterpart. The method includes authenticating the communications counterpart using a common certificate and transferring a normal certificate to the communications counterpart when the authenticating succeeds. The method further includes receiving a first normal certificate at an address from said communications counterpart, and when, it is determined to be necessary, transferring to the communications counterpart a second normal certificate along with the information identifying the communications counterpart and an address corresponding to a second normal certificate. The second normal certificate is of a different type than the first normal certificate.Type: GrantFiled: January 7, 2005Date of Patent: September 1, 2009Assignee: Ricoh Company, Ltd.Inventor: Hiroshi Kakii
-
Publication number: 20090217047Abstract: A service providing system is provided, which includes a client device capable of accessing a tamper-resistant secure memory, an area management server managing memory area of the secure memory and a service providing server providing service that uses the secure memory to the client device, and which improves the security at the time of sending an access control list provided by the area management server and an instruction set provided by the service providing server to the client device by using a digital signature and a certificate.Type: ApplicationFiled: November 18, 2008Publication date: August 27, 2009Inventors: Hideki AKASHIKA, Takeshi Takeuchi, Shuichi Sekiya
-
Patent number: 7581096Abstract: We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.Type: GrantFiled: September 5, 2003Date of Patent: August 25, 2009Assignee: Xerox CorporationInventors: Dirk Balfanz, Diana K. Smetters, Paul Joseph Stewart, Glenn E. Durfee, Rebecca E. Grinter, Hao-Chi Wong
-
Patent number: 7581102Abstract: A method of confirming a certificate by using a management computer that issues the certificate is disclosed. The management computer is coupled to an application terminal for applying for issuance of the certificate and to a confirmation terminal for reading a display code printed on the certificate.Type: GrantFiled: January 13, 2005Date of Patent: August 25, 2009Assignee: Ricoh Company, Ltd.Inventor: Hiroshi Yasuda
-
Publication number: 20090210712Abstract: Problem The combination of a tendency towards permissivity when verifying certificate authenticity and the use of in-band client authentication opens up an opportunity for attackers to mount man-in-the-middle attacks on SSL connections. Solution The invention exposes any discrepancy between the intended recipient of the client credential and the actual recipient of the client credential by cryptographically including parameters that are uniquely linked to the channel (i.e., the communication session, as characterized by the parameters of the protocols that are being used), preferably the channel end points, in the calculation of the client credential. This links the process that provides the secure channel (e.g., the SSL protocol session) to the process that provides the authentication credential (e.g., the OTP token operation), thus exposing any attack that would break up the client-server channel.Type: ApplicationFiled: February 19, 2008Publication date: August 20, 2009Inventor: Nicolas Fort
-
Publication number: 20090210702Abstract: A system and method for facilitating approval of an application and for making the application available for download by mobile computing devices has a first module configured to receive a user input received from a software development environment, a second module configured to initiate an application approval process based on the user input, and a third module configured to make the application available for download by mobile computing devices based on the approval process.Type: ApplicationFiled: January 28, 2009Publication date: August 20, 2009Inventors: Bharat Welingkar, Rajesh Kanungo, Srikiran Prasad
-
Patent number: 7577834Abstract: Embodiments of a system and method using message authentication with message gates are described. A message gate is the message endpoint for a client or service in a distributed computing environment. A message gate may provide a secure endpoint that sends and receives type-safe messages. Gates may perform the sending and receiving of messages between clients and services using a protocol specified in a service advertisement. In one embodiment, the messages are eXtensible Markup Language (XML) messages. For a client, a message gate represents the authority to use some or all of a service's capabilities. Each capability may be expressed in terms of a message that may be sent to the service. Creation of a message gate may involve an authentication service that may authenticate the client and/or service and that generates an authentication credential. A message gate may perform verification of messages against a message schema to ensure that the messages are allowed.Type: GrantFiled: August 31, 2000Date of Patent: August 18, 2009Assignee: Sun Microsystems, Inc.Inventors: Bernard A. Traversat, Thomas E. Saulpaugh, Michael J. Duigou, Gregory L. Slaughter
-
Patent number: 7577999Abstract: A licensor receives a request from a requestor including an identifier identifying the requestor and rights data associated with digital content, where the rights data lists at least one identifier and rights associated therewith. The licensor thereafter locates the identifier of the requestor in a directory, and locates in the directory based thereon an identifier of each group which the requestor is a member of. Each of the located requestor identifier and each located group identifier is compared to each identifier listed in the rights data to find a match, and a digital license to render the content is issued to the requestor with the rights associated with the matching identifier.Type: GrantFiled: February 11, 2003Date of Patent: August 18, 2009Assignee: Microsoft CorporationInventors: Attila Narin, Chandramouli Venkatesh, Frank D. Byrum, Marco A. DeMello, Peter David Waxman, Prashant Malik, Rushmi U. Malaviarachchi, Steve Bourne, Vinay Krishnaswamy, Yevgeniy (Eugene) Rozenfeld
-
Patent number: 7574607Abstract: Methods and apparatus for secure transmission of data in pipeline fashion. A pair of transaction certificates can be used to verify the authenticity and integrity of data transmitted in more than one block.Type: GrantFiled: October 29, 2002Date of Patent: August 11, 2009Assignee: Zix CorporationInventors: Gary G. Liu, David P. Cook
-
Publication number: 20090198997Abstract: A system, method and software module for secure electronic communication services, wherein a public key (25) of private-public-key pair (30,25) is associated with an email address (24), internet name or other registered unique identifier; the registered user of the unique identifier holds the private-key (30) securely, and the respective public-key (25) is made accessible on a key server (6) for look-up and retrieval by other users, for encryption of communications to be sent to the holder of the private-key, and optionally for message confidentiality, message integrity and authentication of sender and recipient, without requiring certificates.Type: ApplicationFiled: May 19, 2008Publication date: August 6, 2009Inventors: Tet Hin Yeap, Thomas Anton Goeller
-
Publication number: 20090199007Abstract: A system and method for searching and retrieving certificates, which may be used in the processing of encoded messages. In one broad aspect, certificate identification data that uniquely identifies a certificate associated with a message is generated. The certificate identification data can then be used to determine whether the certificate is stored on a computing device. Only the certificate identification data is needed to facilitate the determination alleviating the need for a user to download the entire message to the computing device in order to make the determination.Type: ApplicationFiled: March 17, 2009Publication date: August 6, 2009Applicant: RESEARCH IN MOTION LIMITEDInventors: Neil P. Adams, Michael S. Brown, Herbert A. Little
-
Patent number: 7571314Abstract: A method for assembling authorization certificate chains among an authorizer, a client, and a third party allows the client to retain control over third party access. The client stores a first certificate from the authorizer providing access to a protected resource and delegates some or all of the privileges in the first certificate to the third party in a second certificate. The client stores a universal resource identifier (URI) associated with both the first certificate and the third party and provides the second certificate and the URI to the third party. The third party requests access to the protected resource by providing the second certificate and the URI, without knowledge or possession of the first certificate. When the authorizer accesses the URI, the client provides the first certificate to the authorizer, so that the client retains control over the third party's access.Type: GrantFiled: December 13, 2001Date of Patent: August 4, 2009Assignee: Intel CorporationInventor: Victor B. Lortz
-
Patent number: 7571312Abstract: A virtual manufacturer authority is launched in a protected portion of a processing system. A key for the virtual manufacturer authority is created. The key is protected by a security coprocessor of the processing system, such as a trusted platform module (TPM). Also, the key is bound to a current state of the virtual manufacturer authority. A virtual security coprocessor is created in the processing system. A delegation request is transmitted from the processing system to an external processing system, such as a certificate authority (CA). After transmission of the delegation request, the key is used to attest to trustworthiness of the virtual security coprocessor. Other embodiments are described and claimed.Type: GrantFiled: June 29, 2005Date of Patent: August 4, 2009Assignee: Intel CorporationInventors: Vincent R. Scarlata, Willard M. Wiseman
-
Publication number: 20090193250Abstract: A signature generating device for generating digital signature data that certifies authenticity of information of a person, and making the information obfuscated.Type: ApplicationFiled: October 26, 2006Publication date: July 30, 2009Inventors: Kaoru Yokota, Natsume Matsuzaki, Masao Nonaka
-
Publication number: 20090193254Abstract: Digital content protection can be effectively implemented through use of an anchor point and binding records in a user domain. An anchor point domain may include a secure anchor point, and data storage to store digital property instances and rights objects. The secure anchor point may be configured to receive a title pre-key from the rights object and use a binding key to decrypt the title pre-key to yield a title key. The binding key may include data uniquely associating the encrypted digital property instance with the secure anchor point.Type: ApplicationFiled: January 27, 2009Publication date: July 30, 2009Applicant: SEAGATE TECHNOLOGY, LLCInventor: Paul Marvin Sweazey
-
Patent number: 7568095Abstract: Disclosed herein are several digital certificate discovery and management systems. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.Type: GrantFiled: August 13, 2004Date of Patent: July 28, 2009Assignee: Venafi, Inc.Inventors: Russell S. Thornton, Benjamin Hodson, Jayson Seegmiller
-
Publication number: 20090187764Abstract: A system and method for electronic certification, identification and communication. According to an exemplary implementation, these processes are performed by using an electronic graphic image with encrypted information concerning the certified object. The object is accompanied with an application specific image hereafter called Electronic Virtual Stamp (EV-Stamp) having embedded and encrypted control information (keys and electronic signatures, identifiers of senders and receivers, date and other transaction related information) as well as any message to be passed. Each transaction of the EV-Stamp is monitored by a specialized Web server that maintains the records of all issued electronic stamps, all subscribed users, all involved financial transactions, and all registered assets. It is also possible to use any other graphical images to reflect on various possible applications such as exchange of the EV-Stamp for a good/service.Type: ApplicationFiled: August 19, 2008Publication date: July 23, 2009Inventors: Pavel Astakhov, Roman Tankelevich, Anton Klimov
-
Patent number: 7558955Abstract: Digitally signed and encrypted synchronous online messages are conducted between prescribed online messaging service subscribers.Type: GrantFiled: November 19, 2003Date of Patent: July 7, 2009Assignee: AOL LLC, a Delaware limited liability companyInventors: Jeff Hooker, James A. Odell, Robert B. Lord, Terry N. Hayes
-
Patent number: 7558952Abstract: A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.Type: GrantFiled: March 1, 2004Date of Patent: July 7, 2009Assignee: Hitachi, Ltd.Inventors: Yoko Kumagai, Takahiro Fujishiro, Tadashi Kaji, Shingo Hane, Hitoshi Shimonosono
-
Publication number: 20090171982Abstract: Personal information of users is used to customize the browsing experiences of the users on a World-Wide-Web site. To ensure privacy of the users' personal information, each user is assigned a unique Universal Anonymous Identifier (UAI). The UAI is generated by a trusted third party and provided to the Web site operator. The Web site operator then indexes the users' personal information by UAI. Only the user has the ability to correlate his/her true identity with his/her personal information.Type: ApplicationFiled: March 4, 2009Publication date: July 2, 2009Inventors: Thomas Hagan, David Levy, Matthew Kamerman
-
Publication number: 20090169019Abstract: A method and system for generating data for generating an authenticity certificate to be stored on a media. The authenticity certificate authenticates an object. A request for a step certificate includes a media identifier, a media key block, an object identifier, a requester entity type, and a requester identity certificate. The object identifier is hashed. A created signature includes the hashed object identifier, the requester entity type, a certifier identity certificate, and the requester identity certificate. A generated hashing result is a concatenation of the object identifier, the requester entity type, the certifier entity certificate, the requester identity certificate, and the signature. The step certificate including the hashing result is generated and encrypted. The encrypted step certificate and an encrypted random key are sent to a requester of the step certificate. The object may be determined to be an authentic object, a counterfeited object, or a stolen object.Type: ApplicationFiled: February 14, 2007Publication date: July 2, 2009Inventors: Frederic Bauchot, Gerard Marmigere, Christophe Mialon, Pierre Secondo
-
Patent number: 7555652Abstract: A method for generating and verifying a user attestation-signature value and issuing an attestation value for using a user attestation-signature value that corresponds to at least one attribute, each with an attribute value remaining anonymous includes: providing a module public key and a security module attestation value providing a user public key that includes: at least one user determined attribute value and a proof value demonstrating that the user public key is validly derived from the module public key of the security module deriving an attester determined attribute value and an attestation value based on an attester secret key, the user public key, and an anonymous attribute value and verifying whether or not (i) the user attestation-signature value was validly derived from the security module attestation value provided by the security module and the attestation value, (and (ii) the attestation value is associated with a subset of at least one attribute, each attribute in the subset having a revealedType: GrantFiled: August 20, 2004Date of Patent: June 30, 2009Assignee: International Business Machines CorporationInventor: Jan Camenisch
-
Publication number: 20090164788Abstract: The present invention relates to a method of generating an authorization key for a wireless communication system. In the wireless communication system, when an authorization key is generated after authentication between a subscriber station and base station is successfully performed, the authorization key is generated using a value indicating the number of generation times of the authorization key. Subsequently, the subscriber station and the base station confirm through a predetermined procedure whether or not they share the same authorization key and the same number of generation times of the authorization key. According to such a method of generating an authorization key, an authentication function for messages to be transmitted and received between the subscriber station and the base station can be efficiently supported. Further, replay attacks by malignant users can be powerfully protected against.Type: ApplicationFiled: April 19, 2007Publication date: June 25, 2009Inventors: Seok-Heon Cho, Sung-Cheol Chang, Chul-Sik Yoon
-
Patent number: 7549043Abstract: A system and method for searching and retrieving certificates, which may be used in the processing of encoded messages. In one broad aspect, a message management server generates certificate identification data from a message that uniquely identifies a certificate associated with the message. The certificate identification data can then be used to determine whether a given located certificate retrieved from one or more certificate servers in response to a certificate search request is the certificate associated with the message. Only the certificate identification data is needed to facilitate the determination at a user's computing device (e.g. a mobile device), alleviating the need for the user to download the entire message to the computing device in order to make the determination.Type: GrantFiled: September 1, 2004Date of Patent: June 16, 2009Assignee: Research In Motion LimitedInventors: Neil P. Adams, Michael S. Brown, Herbert A. Little
-
Patent number: 7549051Abstract: A digital certificate is employed to produce a digital signature for a digital construct. In the digital certificate is set forth a certificate validity period defining for the digital certificate a time period during which the digital certificate is to be honored as valid for producing digital signatures, and a signature validity period defining for each digital signature produced based on the digital certificate a time period during which the digital signature is to be honored as valid.Type: GrantFiled: March 10, 2005Date of Patent: June 16, 2009Assignee: Microsoft CorporationInventors: Blair Brewster Dillaway, Brian LaMacchia, John Manferdelli, Muthukrishnan Paramasivam
-
Patent number: 7548620Abstract: A method for provisioning a device such as a token. The device issues a certificate request to a Certification Authority. The request includes a public cryptographic key uniquely associated with the device. The Certification Authority generates a symmetric cryptographic key for the device, encrypts it using the public key, and creates a digital certificate that contains the encrypted symmetric key as an attribute. The Certification Authority sends the digital certificate to the device, which decrypts the symmetric key using the device's private key, and stores the decrypted symmetric key.Type: GrantFiled: February 23, 2004Date of Patent: June 16, 2009Assignee: VeriSign, Inc.Inventor: Nicolas Popp
-
Publication number: 20090150675Abstract: A system and method for providing secure message services. The system includes a forwarding service to receive message for delivery to a recipient. The system checks for preferences for delivery of the message content including encryption preferences and notifies the recipient or delivers the message according to the encryption preferences. The system includes an interoperability engine to determine delivery preferences including security preferences, the security preferences indicating a security protocol by which the message can be securely delivered to the recipient.Type: ApplicationFiled: January 2, 2009Publication date: June 11, 2009Inventor: David P. Cook
-
Patent number: 7546463Abstract: A method and system to delegate an authority to access collaborative resources are provided. The system enables a participant to re-delegate the authority to another participant by an authorization certificate. A chain of authorization certificates is established along with the re-delegation of the authority from one participant to another. The participant requesting access to the collaborative resources is requested to provide the owner with the chain of authorization certificates for verification. Therefore, the re-delegation process may be performed without the need to notify the owner and yet without comprising the security of the collaborative resources.Type: GrantFiled: November 30, 2004Date of Patent: June 9, 2009Assignee: SAP AGInventor: Yuecel Karabulut
-
Publication number: 20090144551Abstract: A method for securing encryption keys is described, the method including providing a first device and a second device, the first device including first secure hardware and first insecure hardware, and the second device including second secure hardware and second insecure hardware, generating in the first secure hardware at least two period keys, the at least two period keys stored in the first secure hardware, generating in the first secure hardware a plurality of session keys, the session keys being stored in either the first secure hardware or the first insecure hardware, encrypting at least one of the plurality of session keys generated in the first device according to a first of the two period keys included in the first secure hardware, encrypting at least one of the plurality of session keys generated in the first device according to a second of the two period keys included in the first secure hardware, generating in the second secure hardware at least two period keys, the at least two period keys storedType: ApplicationFiled: January 22, 2007Publication date: June 4, 2009Applicant: NDS LimitedInventor: Yaacov Belenky
-
Patent number: 7543140Abstract: A digital certificate identifies an entity as having authority over the certificate to revoke same as delegated by the issuer. The certificate also has at least one revocation condition relating to possible revocation of the certificate. To authenticate the certificate, the identification of the delegated revocation authority, a location from which a revocation list is to be obtained, and any freshness requirement to be applied to the revocation list are determined from the certificate. It is then ensured that the revocation list from the location is present and that the present revocation list satisfies the freshness requirement, that the revocation list is promulgated by the delegated revocation authority identified in the certificate, and that the certificate is not identified in the revocation list as being revoked.Type: GrantFiled: February 26, 2003Date of Patent: June 2, 2009Assignee: Microsoft CorporationInventors: Blair Brewster Dillaway, Philip Lafornara, Brian A. LaMacchia, Rushmi U. Malaviarachchi, John L. Manferdelli, Charles F. Rose, III
-
Patent number: 7543147Abstract: A method for creating a proof of possession confirmation for inclusion by an attribute certificate authority into an attribute certificate, the attribute certificate for use by an end user. The method includes receiving from the attribute certificate authority in response to a request by the end user, a plurality of data fields corresponding to a target system, the identity of the end user, and a proof of identity possession by the end user. The method further includes preparing a data structure corresponding to an authorization attribute of the attribute certificate, the data structure including a target system name, the identity of the end user, and the key identifier of the end user. Using a private key associated with the target system, the method includes signing the data structure resulting in a proof of possession confirmation, and sending the proof of possession confirmation to the attribute certificate authority for inclusion into the attribute certificate.Type: GrantFiled: October 28, 2004Date of Patent: June 2, 2009Assignee: International Business Machines CorporationInventors: Messaoud B. Benantar, Thomas L. Gindin, James W. Sweeny
-
Patent number: 7543146Abstract: In response to an indication of a desire to initiate a secure communication session (e.g., a session utilizing a the SSL communication protocol) with a computer resource, a digital certificate indicative of whether or not a user consents to monitoring of the secure communication session is requested. The response to this request will permit or deny such monitoring, allowing the session to proceed or be cancelled, accordingly.Type: GrantFiled: June 18, 2004Date of Patent: June 2, 2009Assignee: Blue Coat Systems, Inc.Inventors: Shrikrishna Karandikar, Thomas J. Kelly
-
Patent number: 7543141Abstract: A method and apparatus for user authentication using infrared communication of a mobile terminal is disclosed. The user authentication system, which is for identifying a user who requests service from an automated machine, comprises a mobile terminal for transmitting electronic signature data for the user in the form of an infrared signal, automated information providing means for providing the requested service after verifying the validity of the electronic signature data, and certificate providing means for registering an authorization certificate in response to a request from the mobile terminal and transmitting the certificate to the automated information providing means for verifying the user authentication.Type: GrantFiled: March 31, 2004Date of Patent: June 2, 2009Assignee: SK Telecom Co., Ltd.Inventors: Jae Sic Jeon, Eun Su Jung
-
Patent number: 7540024Abstract: The described systems, methods and data structures are directed to a portable computing environment. A communication link is established between a portable device and a host device. The portable device is equipped with a processing unit and is configured to execute a process that is accessible by the host device. The host device includes an application configured to interact with the process on the portable device. The process on the portable device provides data to the application on the host device using the communication link. The application uses the data to provide a computing environment.Type: GrantFiled: November 3, 2004Date of Patent: May 26, 2009Assignee: Microsoft CorporationInventors: Thomas G Phillips, Christopher A Schoppa, William J Westerinen, Mark A Myers
-
Patent number: 7539868Abstract: A computing platform (10) protects system firmware (30) using a manufacturer certificate (36). The manufacturer certificate binds the system firmware (30) to the particular computing platform (10). The manufacturer certificate may also store configuration parameters and device identification numbers. A secure run-time platform data checker (200) and a secure run-time checker (202) check the system firmware during operation of the computing platform (10) to ensure that the system firmware (30) or information in the manufacturer certificate (36) has not been altered. Application software files (32) and data files (34) are bound to the particular computing device (10) by a platform certificate (38). A key generator may be used to generate a random key and an encrypted key may be generated by encrypting the random key using a secret identification number associated with the particular computing platform (10). Only the encrypted key is stored in the platform certificate (36).Type: GrantFiled: July 14, 2003Date of Patent: May 26, 2009Assignee: Texas Instruments IncorporatedInventors: Eric Balard, Alain Chateau, Jerome Azema
-
Patent number: 7539867Abstract: A file format for a serverless distributed file system is composed of two parts: a primary data stream and a metadata stream. The data stream contains a file that is divided into multiple blocks. Each block is encrypted using a hash of the block as the encryption key. The metadata stream contains a header, a structure for indexing the encrypted blocks in the primary data stream, and some user information. The indexing structure defines leaf nodes for each of the blocks. Each leaf node consists of an access value used for decryption of the associated block and a verification value used to verify the encrypted block independently of other blocks. In one implementation, the access value is formed by hashing the file block and encrypting the resultant hash value using a randomly generated key. The key is then encrypted using the user's key as the encryption key. The verification value is formed by hashing the associated encrypted block using a one-way hash function.Type: GrantFiled: December 16, 2004Date of Patent: May 26, 2009Assignee: Microsoft CorporationInventors: William J. Bolosky, Gerald Cermak, Atul Adya, John R. Douceur
-
Publication number: 20090132824Abstract: An original data circulation system for storing or circulating original data which is digital information is provided. The original data circulation system includes an issuer apparatus, a user apparatus and a collector apparatus. The issuer apparatus generates originality information including first information corresponding to the issuer apparatus and second information corresponding to data and sends the originality information. The user apparatus verifies the validity of the source apparatus of the originality information and stores the originality information when the validity is verified. The collector apparatus verifies the validity of the source apparatus of the originality information and processes data corresponding to the second information when the validity is verified.Type: ApplicationFiled: December 18, 2008Publication date: May 21, 2009Inventors: Masayuki Terada, Ko Fujimura, Hiroshi Kuno, Masayuki Hanadate
-
Publication number: 20090125721Abstract: A computer including at least two processors is used to preferably perform a secure data communication. Data containing a processor ID identifying one of the at least two processors provided for a first computer (computer 31) is transmitted from the first computer to a second computer (a node at the other party) (S91, S92). The second computer returns data containing the processor ID contained in the data transmitted in S91 and S92 and a public key certificate relating to the second computer. The first computer receives the data returned from the second computer, acquires, from the received data, the processor ID contained therein, and causes a processor (SPE1), which is identified by the processor ID, to process the received data. At this moment, the processing of the data is restricted according to a content of the public key certificate contained in the received data.Type: ApplicationFiled: August 2, 2006Publication date: May 14, 2009Applicant: SONY COMPUTER ENTERTAINMENT INC.Inventor: Chisato Numaoka
-
Patent number: 7533065Abstract: The invention relates to a method and arrangement for making electronic purchases. In the method according to the invention, a creditor (11) grants to a customer (10) a certificate provided with an electronic signature, and the customer stores said certificate in an electronic device (13). In connection with a purchase transaction, the customer produces the certificate to an automatic service or goods vending machine (14), which checks the certificate information. If the information is accepted, the desired purchase can be made, and the purchase information is saved in the memory of the vending machine (14). The separate purchase information stored in the vending machine memory is transferred in one batch to the data system (12) of the creditor organization (11), when a predetermined criterion is fulfilled.Type: GrantFiled: June 10, 2002Date of Patent: May 12, 2009Assignee: Nokia CorporationInventor: Lauri Piikivi
-
Patent number: 7533257Abstract: A server certificate verification method in a terminal during. Extensible Authentication Protocol authentication for Internet access is provided, the method including (a) receiving a server certificate from a wireless LAN authentication server, and transmitting a server certificate verification request message of the server certificate to a wireless LAN authentication server via a wireless LAN access server; (b) transmitting by the wireless LAN authentication server an On-line Certificate Status Protocol request message to an On-line Certificate Status Protocol server to verify the server certificate; (c) receiving a result of the server certificate verification performed by the OCSP server using an Extensible Authentication Protocol packet from the wireless LAN authentication server; and (d) determining whether the result of the server certificate verification is valid.Type: GrantFiled: August 24, 2004Date of Patent: May 12, 2009Assignee: Electronics and Telecommunications Research InstituteInventors: Sok Joon Lee, Byung Ho Chung, Kyo Il Chung
-
Patent number: 7529927Abstract: To determine whether digital content can be released to an element such as a computer application or module, a scaled value representative of the relative security of the element is associated therewith, and the digital content has a corresponding digital license setting forth a security requirement. The security requirement is obtained from the digital license and the scaled value is obtained from the element, and the scaled value of the element is compared to the security requirement of the digital license to determine whether the scaled value satisfies the security requirement. The digital content is not released to the element if the scaled value does not satisfy the security requirement.Type: GrantFiled: November 3, 2004Date of Patent: May 5, 2009Assignee: Microsoft CorporationInventors: Marcus Peinado, Rajasekhar Abburi, Jeffrey R. C. Bell
-
Patent number: 7526644Abstract: Methods and apparatuses for providing cryptographic assurance based on ranges as to whether a particular data item is on a list. According to one computer-implemented method, the items on the list are sorted and ranges are derived from adjacent pairs of data items on the list. Next, cryptographically manipulated data is generated from the plurality of ranges. At least parts of the cryptographically manipulated data is transmitted onto a network for use in cryptographically demonstrating whether any given data item is on the list. According to another computer-implemented method, a request message is received requesting whether a given data item is on a list of data items. In response, a range is selected that is derived from the pair of data items on the list that define the smallest range that includes the given data item. A response message is transmitted that cryptographically demonstrates whether the first data item is on the list using cryptographically manipulated data derived from the range.Type: GrantFiled: March 1, 2005Date of Patent: April 28, 2009Assignee: Axway Inc.Inventor: Paul Carl Kocher
-
Patent number: 7526648Abstract: The present invention relates to a cryptographic method of protecting an electronic chip against fraud and a device including an electronic chip which is adapted to protect the electronic chip against fraud. The method includes: mixing some or all of the input parameters (Em) to supply an output data item E?=(e?1, e?2, . . . , e?n, . . . , e?N), changing the state of a finite state automaton from an old state to a new state as a function of the data item E?=(e?1, e?2, . . . , e?n, . . . , e?N), and calculating a certificate (S) by means of an output function having at least one state of the automaton as an input argument. The device includes: mixing means, a finite state automaton, and output means for calculating a certificate (S).Type: GrantFiled: June 7, 2002Date of Patent: April 28, 2009Assignee: France TelecomInventors: David Arditti, Jacques Burger, Henri Gilbert, Marc Girault, Jean-Claude Pailles
-
Patent number: 7526649Abstract: According to an embodiment of the invention, a method and apparatus for session key exchange are described. An embodiment of a method comprises requesting a service for a platform; certifying the use of the service for one or more acceptable configurations of the platform; and receiving a session key for a session of the service, the service being limited to the one or more acceptable configurations of the platform.Type: GrantFiled: December 30, 2003Date of Patent: April 28, 2009Assignee: Intel CorporationInventors: Willard M. Wiseman, David W. Grawrock, Ernie Brickell, Matthew D. Wood, Joseph F. Cihula