By Generation Of Certificate Patents (Class 713/175)
  • Publication number: 20150095650
    Abstract: The present disclosure is generally related to embedding public key infrastructure information to a system-on-chip (SOC). The method includes generating a key pair including a public key and a private key. The method includes creating a digital certificate corresponding to the public key. The method includes signing the digital certificate with a unique signature. The method includes extracting the public key and the unique signature into a key file, wherein the key file is to be stored in a plurality of silicon fuses on the SOC.
    Type: Application
    Filed: September 27, 2013
    Publication date: April 2, 2015
    Inventors: Daniel Nemiroff, William Stevens, JR.
  • Patent number: 8997239
    Abstract: Code injection is detected based on code digests associated with hashes of selected portions of content supplied to clients by a server. A client receives the content and generates a corresponding code digest, and based upon a comparison with the code digest received from the server, determines if the received content has been corrupted. The code digest can be signed or supplied with a digital certification for verification that the code digest originated from the server providing the content.
    Type: Grant
    Filed: May 17, 2011
    Date of Patent: March 31, 2015
    Assignee: Infosys Limited
    Inventors: Prashant Venkatesh Kanakapura, Arjun Govindaraju, Abishek C
  • Patent number: 8992631
    Abstract: Systems and methods of theft prevention of communication devices are provided. In one embodiment, the method may include, for example, one or more of the following: registering a communication device being used at a home, where the device is connected to a communication network; entering validation information relating to the communication device; and analyzing the validation information to determine whether the communication device is authorized for use in the communication network.
    Type: Grant
    Filed: December 31, 2012
    Date of Patent: March 31, 2015
    Assignee: Broadcom Corporation
    Inventors: Jeyhan Karaoguz, James D. Bennett
  • Patent number: 8996884
    Abstract: Systems and methods for providing privacy of file synchronization with sharing functionality are presented. In embodiments, a file synchronization system comprises one or more folders associated with one or more non-shared encryption keys, which may be a managed key shared across an organization, and/or a personal key that is not shared or has limited third-party sharing. The one or more non-shared encryption keys are not known to the data storage service. The file synchronization system may also include one or more folders associated with a shared encryption key that is shared with the data storage service, and in embodiments, with a set of users of the service. The system may include a mapping correlating folders to encryption type so items in each folder can be handled appropriately. The system may have additional folders, such as one or more public folders that may be available with limited or no restrictions.
    Type: Grant
    Filed: March 24, 2014
    Date of Patent: March 31, 2015
    Assignees: VMware, Inc., Decho Corporation
    Inventor: David John Hartley
  • Patent number: 8997175
    Abstract: A wireless LAN communication terminal and its communication control method are provided that make it possible to configure desired security between the terminal and an other-end terminal, without increasing power consumption of the terminals. The wireless LAN communication terminal (103) in a wireless LAN system including an access point (102), if the other-end terminal (101) has connected to the access point 102, acquires from the other-end terminal information about security functions the other-end terminal has and information about a current connection with the access point; compares the security function information and the connection information on the other-end terminal with its own security policy; selects, based on results of the comparisons, either a direct connection (106) with the other-end terminal or a relay connection (105) via the access point so that the security policy is met; and performs communication with the other-end terminal by using the selected connection.
    Type: Grant
    Filed: July 15, 2011
    Date of Patent: March 31, 2015
    Assignee: Lenovo Innovations Limited (Hong Kong)
    Inventor: Youko Omori
  • Publication number: 20150089232
    Abstract: Systems and methods that facilitate dynamic directory service object creation and certificate management are discussed. One such method can include discovering a device deployed on a network, creating and deploying a corresponding directory services object, automatically creating and deploying a certificate to the device and updating attributes associated with the device. The disclosed system and method reduce the time involved in deploying and configuring directory services and public key infrastructure (PKI), increase efficiency, improve network availability and lessen the chances for errors associated with manual configuration.
    Type: Application
    Filed: September 25, 2013
    Publication date: March 26, 2015
    Applicant: WELLS FARGO, N.A.
    Inventors: Lawrence T. Belton, Lynn A. Smith, Nathan T. Suri, Joseph R. Kaluzny, Douglas Rambo, Marci J. Alley, Timothy H. Morris, Marcos Bilbao, Ryan Benskin, Scott Hinzman
  • Patent number: 8990573
    Abstract: A method of packet security management to ensure a secure connection from one network node to another. The method includes creating a security tag for each packet in a network session, selecting one of a number of possible tag locations within the packet, inserting the security tag at that location, transmitting the tagged packets from a sending node to the receiving node, authenticating the packets' security tags at the receiving node, and dropping non-authenticated packets. The method also includes determining best possible tag locations when sending a packet and locating a security tag when receiving a packet.
    Type: Grant
    Filed: November 10, 2008
    Date of Patent: March 24, 2015
    Assignee: Citrix Systems, Inc.
    Inventors: Srinivas Kumar, Vijayashree S. Bettadapura
  • Publication number: 20150082043
    Abstract: The present application provides a terminal, a server and a digital content authorization method. The terminal comprises: an extracting unit, configured to extract identification information of the terminal when the terminal requests an authorization for a designated layer of content of digital contents from a server; a transceiver unit, configured to transmit the identification information of the terminal to the server and receive an authorization certificate and the designated layer of content of the digital contents from the server; and a decryption unit, configured to decrypt the designated layer of content of the digital contents based on the identification information and the authorization certificate. Embodiments of the present invention may support the copyright protection by using layered encryption technique. The digital content cannot be read only by copying so as to enhance the protection of the digital contents.
    Type: Application
    Filed: December 3, 2013
    Publication date: March 19, 2015
    Applicants: Peking University Founder Group Co., Ltd., Founder Information Industry Group, Founder Apabi Technology Limited
    Inventors: Haitao WANG, Li DING, Yun LI, Jiayin CAO
  • Patent number: 8984283
    Abstract: Methods and apparatuses for validating the status of digital certificates include a relying party receiving at least one digital certificate and determining if the at least one digital certificate is to be validated against a private certificate status database. The relying party accesses the private certificate status database and cryptographically validates the authenticity of data in the private certificate status database. The relying party also validates the at least one digital certificate based on information in at least one of the private certificate status database and a public certificate status database.
    Type: Grant
    Filed: August 3, 2011
    Date of Patent: March 17, 2015
    Assignee: Motorola Solutions, Inc.
    Inventors: Erwin Himawan, Anthony R. Metke, Shanthi E. Thomas
  • Patent number: 8977857
    Abstract: A client device has one or more processors and memory. An application running on the device obtains a client certificate from a system service running on the device. The certificate includes a public key for the device. The device is authenticated to a remote server using the certificate. The application receives encrypted application identification information and an encrypted access token from the server. The application is authenticated to the device by comparing the received application identification information with corresponding application identification information from the application. The application invokes the system service to unencrypt the access token using the private key corresponding to the public key. The application sends a request for protected information to the server. The request includes the unencrypted access token.
    Type: Grant
    Filed: February 8, 2013
    Date of Patent: March 10, 2015
    Assignee: Google Inc.
    Inventor: Oscar del Pozo Triscon
  • Publication number: 20150067340
    Abstract: To generate a group signature on a message, a processor generates a two-level signature on an identity of the group member at the first level and the message at the second level; generates a commitment to the identity of the group member, commitments to each group element and a proof that the identity and the group elements satisfy a predetermined equation; encodes the identity of the group member in the group signature in a bit-wise manner using an identity-based encryption scheme where the message serves as the identity of the identity-based encryption scheme to produce a ciphertext; generates a first proof that the ciphertext encrypts the identity of the group member; generates a second proof that the encoded identity is an identity of a group member in a certificate signed by a group manager and that the certificate was used to generate the signature on the message at the second level; and outputs the group signature comprising the two-level signature, the commitments, the encoded identity of the group me
    Type: Application
    Filed: September 4, 2014
    Publication date: March 5, 2015
    Inventors: Marc JOYE, Benoit Libert
  • Patent number: 8972735
    Abstract: Methods and apparatus to certify digital signatures are disclosed. An example method includes retrieving, from a first database, a first geographical location associated with an identification number associated with a network device and identified in a request to certify a digital signature, comparing the first geographical location associated with the identification number to a second geographical location to verify the second geographical location, determining that the first geographical location matches the second geographical location, and certifying the digital signature to indicate an authenticity of the digital signature based on the verification of the second geographical location and a comparison of (a) biometric information associated with a user associated with the request and (b) stored biometric information.
    Type: Grant
    Filed: April 3, 2014
    Date of Patent: March 3, 2015
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Brian M. Novack, David L. Dunmire, Daniel L. Madsen, Michael D. Cheaney, Timothy R. Thompson
  • Patent number: 8972591
    Abstract: A method for downloading software from a host device to an electronic device through a communication line, which, even when the download is interrupted, can simplify the procedure to restart the download while maintaining security. In the method, a certificate of authenticity data, which the card reader has obtained from the HOST computer, is stored in the non volatile memory. The download of the software from the HOST computer to the card reader is executed. The verification of authenticity data is obtained by calculation with respect to the downloaded software. This verification of authenticity data is then compared with the certificate of authenticity data obtained from the HOST computer, and the downloaded software is run when the certificate of authenticity data matches the verification of authenticity data.
    Type: Grant
    Filed: January 11, 2011
    Date of Patent: March 3, 2015
    Assignee: Nidec Sankyo Corporation
    Inventor: Tsutomu Baba
  • Publication number: 20150058633
    Abstract: The present invention relates to a self-authenticated tag generation method and interpretation method used in the self-authenticated key system, which comprises the following steps: inputting data by the publisher; generating tag via a self-authenticated tag device by the publisher; transmitting generated tag to the receiver; interpreting tag via the self-authenticated tag device by the receiver; and displaying data. The present invention is easy and safe, the generated self-authenticated tag can be transmitted by various carriers, can distinguish the object and upload abundant information without easily tampered. Moreover, the acquisition of the public key is not achieved by the third party, which decreases wasting the network resources, and avoids the unsecure factors brought by the third party.
    Type: Application
    Filed: April 27, 2013
    Publication date: February 26, 2015
    Inventors: Li LIU, Steve Yi long CHAO, Chenggong YANG
  • Publication number: 20150058634
    Abstract: A network device initiates a transmission control protocol (TCP) connection to establish a TCP session with a management device, and performs, via the TCP session, a secure protocol client/server role reversal for the management device. The network device receives, from the management device, initiation of a secure connection over the TCP session in accordance with a secure protocol, and provides, to the management device, a trusted certificate with an embedded host key that is dynamically generated using a cryptographic processor of the network device, based on the initiation of the secure connection. The network device also establishes the secure connection with the management device based on an authentication of the host key by the management device via the trusted certificate.
    Type: Application
    Filed: September 30, 2014
    Publication date: February 26, 2015
    Inventor: Kent A. WATSEN
  • Publication number: 20150058635
    Abstract: A method and system for generating and processing an authenticity certificate. A request for a step certificate is received from a requester entity. The step certificate authenticates an involvement of the requester entity about an object. The request includes an object identifier, a requester entity type of the requester entity, and a requester identity certificate of the requester entity. The object identifier is hashed. A signature is created and includes the hashed object identifier, the requester entity type, a certifier identity certificate, and the requester identity certificate. A hashing result is generated by hashing a concatenation of the object identifier, the requester entity type, the certifier entity certificate, the requester identity certificate, and the signature. The step certificate is generated and includes the hashing result. The step certificate is encrypted. The encrypted step certificate is sent to the requester entity for subsequently storing the step certificate on a media.
    Type: Application
    Filed: October 6, 2014
    Publication date: February 26, 2015
    Inventors: Frederic Bauchot, Gerard Marmigere, Christophe Mialon, Pierre Secondo
  • Patent number: 8966270
    Abstract: Novel, Internet-related architectures, methods and devices are proposed that are based on a fundamentally different philosophy: hosts (e.g., source and destination nodes) are given the ability to specify their access control policies to the network they are a part of, and the network enforces these policies. The architecture proposed is mobility friendly to the ever increasing number of mobile hosts and is scalable as well.
    Type: Grant
    Filed: December 29, 2006
    Date of Patent: February 24, 2015
    Assignee: Alcatel Lucent
    Inventors: Tian Bu, Li Li, Ramachandran Ramjee
  • Patent number: 8966246
    Abstract: A method for handling digital certificate status requests between a client system and a proxy system is provided. The method includes the steps of receiving at the proxy system digital certificate status request data transmitted from the client system and generating query data for the digital certificate status in response to receiving the digital certificate status request data. The query data is transmitted to a status provider system, and status data from the status provider system in response to the query data is received at the proxy system. Digital certificate status data based on the status data received is generated and transmitting to the client system.
    Type: Grant
    Filed: December 21, 2011
    Date of Patent: February 24, 2015
    Assignee: BlackBerry Limited
    Inventors: Herbert A. Little, Stefan E. Janhunen
  • Patent number: 8966271
    Abstract: To verify a pair of correspondents in an electronic transaction, each of the correspondents utilizes respective parts of first and second signature schemes. The first signature scheme is computationally more difficult in signing than verifying and the second signature scheme is computationally more difficult in verifying than signing. The first correspondent signs information according to the first signature scheme, the second correspondent verifies the first signature received from the first correspondent, using the first signature scheme. The second correspondent then signs information according to the second signature scheme and the first correspondent verifies the second signature received from the second correspondent, according to the second signature algorithm. The method thereby allows one of the correspondents in participate with relatively little computing power while maintaining security of the transaction.
    Type: Grant
    Filed: September 10, 2012
    Date of Patent: February 24, 2015
    Assignee: Certicom Corp.
    Inventor: Scott A. Vanstone
  • Publication number: 20150052362
    Abstract: Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, network devices, including a peer managed devices, a management device and a trusted peer managed device are deployed within a network. The network devices are pre-configured to form a web of trust by storing within each network device (i) a digital certificate signed by a manufacturer or a distributor and (ii) a unique identifier. The peer managed device establishes a management tunnel with the management device based on an address received from an external source. Prior to allowing the management device to use the management tunnel to perform management functionality, the peer managed device verifies credentials of the managed device by causing its unique identifier to be confirmed with reference to a pre-configured identifier of an authorized management device stored within the peer managed device.
    Type: Application
    Filed: September 27, 2014
    Publication date: February 19, 2015
    Applicant: Fortinet, Inc.
    Inventor: Andrew Krywaniuk
  • Patent number: 8959598
    Abstract: A method and system for roaming between heterogeneous networks. The method involves authenticating a mobile communication device on a first network, and providing the device with a single-use token that can be used to sign on to a second network without requiring conventional re-authentication over the second network.
    Type: Grant
    Filed: September 28, 2012
    Date of Patent: February 17, 2015
    Assignee: BCE Inc.
    Inventor: Brian Norman Smith
  • Patent number: 8959357
    Abstract: A system, method and program product for generating a private key. A system is disclosed that includes a signal acquisition system for obtaining biometric input from a user and encoding the biometric input into an acquired biometric; a recognition system for determining an identity based on the acquired biometric and outputting an absolute biometric associated with the identity; an input device for accepting a knowledge input from the user; and a key generator that generates a private key based on the knowledge input and the absolute biometric.
    Type: Grant
    Filed: July 15, 2010
    Date of Patent: February 17, 2015
    Assignee: International Business Machines Corporation
    Inventor: Aaron Keith Baughman
  • Patent number: 8959645
    Abstract: A distributed operation is performed using at least one first and second computer-based object, wherein control information is used to influence or determine a property, a function of the first and/or second computer-based objects. The control information includes details of a parameter identifier, a value associated with the parameter identifier, a range of validity and a remote access attribute. The control information is provided in a retrievable manner, according to the included range of validity, in a memory organized according to ranges of validity and is associated with the first computer-based object. During a function or service call for performing the distributed operation, which is sent from the first computer-based object to the second, the control information is transmitted to the second computer-based object, provided in a retrievable manner in the memory organized according to the ranges of validity and associated with the second computer-based object.
    Type: Grant
    Filed: September 2, 2009
    Date of Patent: February 17, 2015
    Assignee: Siemens Aktiengesellschaft
    Inventors: Harald Herberth, Ulrich Kröger, Allan Sobihard
  • Patent number: 8959351
    Abstract: Embodiments are directed to securely filtering trust services records. In one scenario, a client computer system receives at least one of the following trust services records: a trust services certificate, a principal certificate, a group certificate and a trust services policy. The client computer system performs a time validity check to validate the trust services record's timestamp, performs an integrity check to validate the integrity of the trust services record and performs a signature validity check to ensure that the entity claiming to have created the trust services record is the actual creator of the trust services record. The client computer system then, based on the time validity check, the integrity check and the signature validity check, determines that the trust services record is valid and allows a client computer system user to perform a specified task using the validated trust services record.
    Type: Grant
    Filed: September 13, 2012
    Date of Patent: February 17, 2015
    Assignee: Microsoft Corporation
    Inventors: Irina Gorbach, Venkatesh Krishnan, Andrey Shur, Dmitry Denisov, Lars Kuhtz, Sumant Mehta, Marina Galata
  • Publication number: 20150046715
    Abstract: A self-authenticating device and a method for authenticating the self-authenticating device may be provided. In one aspect, a device may comprise a sensing circuit, which may comprise a circuit to be measured. The sensing circuit may generate measurement data for one or more physical properties of the device using the circuit to be measured. The device may further comprise a storage to store an authenticity certificate that contains authentication data derived from the measurement data and a communication port to communicate the authenticity certificate and measurement data with a communication partner via a link coupled to the communication port.
    Type: Application
    Filed: August 5, 2014
    Publication date: February 12, 2015
    Applicant: OLogN Technologies AG
    Inventor: Sergey IGNATCHENKO
  • Patent number: 8954742
    Abstract: A method for digital certification of authenticity of a physical object, and corresponding computer program and storage device, as well as to the use of the method for digital certification of authenticity of a physical object of value. The method includes the steps of issuing a storage device including a digital certificate of authenticity including encrypted information reflecting at least one characteristic unique to the physical object, checking, whenever required, the validity of the digital certificate of authenticity by use of a network computer, the network computer cooperating with the storage device and a validating or a certifying authority so as to output sensibly in real time the status of validity of the digital certificate of authenticity, and modifying the status of validity of the digital certificate of authenticity, whenever required.
    Type: Grant
    Filed: July 28, 2008
    Date of Patent: February 10, 2015
    Assignee: Wisekey S.A.
    Inventors: Juan Carlos Creus Moreira, Jérôme Darbellay, Kevin Blackman, Carlos Moreno
  • Patent number: 8953790
    Abstract: Methods and systems for secure key generation are provided. In embodiments, during the manufacturing process, a device generates a primary seed for the device and stores the seed within the device. The device exports the device primary key to a secure manufacturer server. The secure manufacturer server generates a public/private root key for the device and requests a certificate for the public root key of the device from a certificate authority. The device, having the stored primary seed, is integrated into an end-user system. Upon occurrence of a condition, the device after integration into the end-user system generates the public/private root key in the field. The system also receives and installs the certificate for the public root key.
    Type: Grant
    Filed: June 14, 2012
    Date of Patent: February 10, 2015
    Assignee: Broadcom Corporation
    Inventors: Zheng Qi, Mark Buer
  • Patent number: 8949599
    Abstract: According to an embodiment, provided is a device management apparatus that issues a digital certificate to a device. The device management apparatus includes: a storage unit that stores therein device identification information unique to the device in advance; a device-data obtaining unit that, when receiving a connection request from the device, obtains the device identification information contained in the connection request; and a certificate issuing unit that, when the device identification information that is obtained matches up with the device identification information that is stored, issues the digital certificate to the device.
    Type: Grant
    Filed: February 26, 2013
    Date of Patent: February 3, 2015
    Assignee: Ricoh Company, Limited
    Inventor: Masato Nakajima
  • Patent number: 8949609
    Abstract: The user device includes: a recording unit which stores system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate; an input/output unit which receives input of the document from the user and an attribute the user intends to disclose; a cryptograph generating module which generates a cryptograph based on the inputted document, the attribute to be disclosed, and each of the parameters; a signature text generating module which generates a zero-knowledge signature text from the generated cryptograph; and a signature output module which outputs the cryptograph and the zero-knowledge signature text as the signature data. The user public key and the attribute certificate are generated by using a same power.
    Type: Grant
    Filed: July 6, 2010
    Date of Patent: February 3, 2015
    Assignee: NEC Corporation
    Inventor: Isamu Teranishi
  • Publication number: 20150033022
    Abstract: A valid duration period for a digital certificate is established by a process that includes assigning numeric values to certificate term. The numeric value assigned to each certificate term is representative of the valid duration period. The method continues by identifying one certificate term, which may include requesting a user to select a certificate term. The method may include transmitting the requested certificate term to a server. The certificate term requested is sent via a certificate request. The server is configured to convert the numeric value associated with the requested certificate term into a duration counter value. The method may also include a certificate server receiving from the server, the certificate request including the duration counter value. The method may conclude with transmitting the signed certificate request to a client device capable of generating the digital certificate with the requested certificate term.
    Type: Application
    Filed: August 13, 2014
    Publication date: January 29, 2015
    Inventors: Garret Florian Grajek, Stephen Moore, Mark V. Lambiase, Craig J. Lund
  • Patent number: 8943578
    Abstract: An apparatus comprising a processor configured to implement an anti-replay check for a plurality of received packets and a plurality of corresponding sequence numbers; and a circular buffer coupled to the processor and comprising a bitmap, wherein the bitmap is slided in a circular manner by updating a low index that points to a first sequence number for a first received packet and a high index that points to a last sequence number for a last received packet without bit-shifting, and wherein, when the update results in the new value of one of the low index and the high index exceeding the end of the circular buffer, the one of the low index and the high index wraps around from the beginning of the circular buffer.
    Type: Grant
    Filed: May 28, 2013
    Date of Patent: January 27, 2015
    Assignee: Futurewei Technologies, Inc.
    Inventors: Xiangyang Zhang, Xiaoyong Yi
  • Patent number: 8943549
    Abstract: This disclosure describes, generally, methods and systems for certifying user identities (IDs). The method includes receiving, from a customer, a certification request for a user ID. The method then identifies the user ID's owner and collects information about the owner. The information may include financial information, personal information, biographical information, etc. The method then analyzes the collected information to generate a risk score associated with the user ID, and based on the risk score exceeding a threshold, the method certifies the user ID.
    Type: Grant
    Filed: August 12, 2008
    Date of Patent: January 27, 2015
    Assignee: First Data Corporation
    Inventor: Mark D. Baumgart
  • Patent number: 8943323
    Abstract: A method is provided for provisioning a device certificate. A device certificate request is transmitted from a communication device to a server in a communication network using an established communications channel between the communication device and the server. The device certificate request comprises at least a user identifier and a device identifier. The server provides to the communication device a device certificate that includes the user identifier and the device identifier and that is signed by a private key of a certificate authority.
    Type: Grant
    Filed: May 1, 2012
    Date of Patent: January 27, 2015
    Assignee: BlackBerry Limited
    Inventors: Michael K. Brown, Michael S. Brown, Michael Kirkup
  • Patent number: 8943324
    Abstract: A method is provided for authenticating characteristics of electrical energy. The method comprises acquiring a key, acquiring an amount of electrical energy, and generating a digital signature based on the amount and the key. The method further comprises generating a certificate comprising the signature and the amount.
    Type: Grant
    Filed: January 20, 2011
    Date of Patent: January 27, 2015
    Assignee: Sony Corporation
    Inventors: Yoshihiro Wakita, Jun Nakano, Masaru Kuramoto, Yutaka Imai
  • Publication number: 20150026476
    Abstract: A method for reading at least one attribute stored in an ID token using first, second and third computer systems, wherein the third computer system comprises a browser and a client, and wherein a service certificate is assigned to the second computer system, wherein the service certificate comprises an identifier which is used to identify the second computer system, wherein the ID token is assigned to a user,: a first cryptographically protected connection (TLS1) is set up between the browser of the third computer system and the second computer system, wherein the third computer system receives a first certificate, the first certificate is stored by the third computer system, the third computer system receives a signed attribute specification via the first connection, a second cryptographically protected connection (TLS2) is set up between the browser of the third computer system and the first computer system, wherein the third computer system receives a second certificate, the signed attribute specification
    Type: Application
    Filed: August 6, 2014
    Publication date: January 22, 2015
    Applicant: BUNDESDRUCKEREI GMBH
    Inventors: Carsten SCHWARZ, Günter KOCH
  • Patent number: 8938792
    Abstract: At least one machine accessible medium having instructions stored thereon for authenticating a hardware device is provided. When executed by a processor, the instructions cause the processor to receive two or more device keys from a physically unclonable function (PUF) on the hardware device, generate a device identifier from the two or more device keys, obtain a device certificate from the hardware device, perform a verification of the device identifier, and provide a result of the device identifier verification. In a more specific embodiment, the instructions cause the processor to perform a verification of a digital signature in the device certificate and to provide a result of the digital signature verification. The hardware device may be rejected if at least one of the device identifier verification and the digital signature verification fails.
    Type: Grant
    Filed: December 28, 2012
    Date of Patent: January 20, 2015
    Assignee: Intel Corporation
    Inventors: Patrick Koeberl, Jiangtao Li
  • Patent number: 8938614
    Abstract: The invention relates to a motor vehicle electronics device comprising a first interface (116) for establishing a first connection to a first ID token (134) in order to read data from the first ID token, —a memory (104) for storing a certificate, —means (122) for the cryptographic authentication with respect to the first ID token using the certificate, —means (130) for actuating at least one display apparatus (136, 138) for reproducing the data, and —a second interface (118) for storing the certificate in the memory.
    Type: Grant
    Filed: July 24, 2009
    Date of Patent: January 20, 2015
    Assignee: Bundesdruckerei GmbH
    Inventors: Jorg Fischer, Frank Dietrich, Manfred Paeschke
  • Patent number: 8935747
    Abstract: An authentication includes a unit that issues right transfer information that is to be transmitted to a service providing device and a token that corresponds to the right transfer information and is to be transmitted to a service proxy access device on a basis of information about a user to whom a right is transferred and a condition under which the right is transferred, a unit that provides the token to the service proxy access device, and a unit that receives from the service providing device the token transferred from the service proxy access device and transmits to the service providing device the right transfer information that corresponds to the token and is kept by the authentication device.
    Type: Grant
    Filed: September 4, 2013
    Date of Patent: January 13, 2015
    Assignee: NEC Corporation
    Inventor: Makoto Hatakeyama
  • Patent number: 8930703
    Abstract: Methods, systems and computer program products are provided for controlling the disclosure time of information by a publisher to one or more recipients. A trusted body generates an asymmetrical key pair for a specified date and time of disclosure with an encryption key and a decryption key. The trusted body provides a digital certificate signed with a private key of the trusted body providing the publisher with the encryption key prior to the specified date and time. The publisher uses the encryption key to encrypt data and a recipient obtains the encrypted data at any time prior to the specified date and time. The trusted body then makes the decryption key available to the recipient at or after the specified date and time.
    Type: Grant
    Filed: May 25, 2004
    Date of Patent: January 6, 2015
    Assignee: International Business Machines Corporation
    Inventor: Gary Paul Noble
  • Patent number: 8925059
    Abstract: A network authentication system authenticates a connection-request based on a manner that the connection-request traverses the network. In client-server terminology, a server authenticates a client request for connection by examining one or more sequences of network entities (or network nodes) that form entity-patterns. The client pseudo-randomly selects entities of the network to be redirectors that redirect a received connection-request to further redirectors and/or the server. The client generates a different connection-request for each of the redirectors, and each redirector does the same for each of the further redirectors. This results in substantially unique connection-requests transmitted by each entity of the network in connection with the user request. Thus, redirector patterns are substantially unique and may be used for authentication.
    Type: Grant
    Filed: June 8, 2012
    Date of Patent: December 30, 2014
    Assignee: Lockheed Martin Corporation
    Inventor: Russell T. Mackler
  • Patent number: 8924716
    Abstract: A communication device for performing communication by employing first and second communication units, includes: a reception unit for receiving a communication packet including a random number generated for every connection with another communication device, a certificate calculated with the random number, and authentication method information indicating whether or not an authentication method at the second communication unit is compatible with the public key system, through the first communication unit; and a method determining unit for determining whether or not an originator of the communication packet accepts public key encryption based on the authentication method information included in the communication packet; wherein in a case of the method determining unit determining that the originator of the communication packet does not accept the public key system, the random number included in the communication packet is replied to the originator as the identification information of the device itself.
    Type: Grant
    Filed: January 10, 2013
    Date of Patent: December 30, 2014
    Assignee: Sony Corporation
    Inventors: Naoki Miyabayashi, Yoshihiro Yoneda, Isao Soma, Seiji Kuroda, Yasuharu Ishikawa, Kazuo Takada, Masahiro Sueyoshi
  • Patent number: 8924727
    Abstract: Technologies for labeling diverse content are described. In some embodiments, a content creation device generates a data structure that may include encrypted diverse content and metadata including at least one rights management (RM) label applying to the diverse content. The RM label may attribute all or a portion of the diverse content to one or more authors. The metadata may also be signed using an independently verifiable electronic signature. A consumption device receiving such a data structure may verify the authenticity of the electronic signature and, if verification succeeds, decrypt the encrypted diverse content in the data structure. Because the metadata is encapsulated with the diverse content in the data structure, it may accompany the diverse content upon its transfer or incorporation into other diverse content.
    Type: Grant
    Filed: October 12, 2012
    Date of Patent: December 30, 2014
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Kenneth T. Layton, Michael M. Amirfathi
  • Patent number: 8924714
    Abstract: Techniques and systems for authentication with an untrusted root between a client and a server are disclosed. In some aspects, a client may connect to a server. The server and client may initiate a secure connection by exchanging certificates. The server may accept a client certificate having an untrusted root that does not chain up to a root certificate verifiable to the server certificate authority. In further aspects, the server may enable the client to associate an untrusted certificate with an existing account associated with the server. The client certificate may be hardware based or generated in software, and may be issued to the client independent of interactions with the server.
    Type: Grant
    Filed: June 27, 2008
    Date of Patent: December 30, 2014
    Assignee: Microsoft Corporation
    Inventors: Kristjan E. Hatlelid, Kelvin S. Yiu
  • Patent number: 8924717
    Abstract: An information processing apparatus and method that prior to using a digital certification considers a validity expiration date of the digital certificate as well as a usable deadline of an algorithm or a public key used in the digital certificate.
    Type: Grant
    Filed: March 2, 2012
    Date of Patent: December 30, 2014
    Assignee: Canon Kabushiki Kaisha
    Inventor: Yasuharu Sugano
  • Patent number: 8914637
    Abstract: A computer method, computer system, and article for enabling digital signature auditing. The method includes the steps of: receiving at least one signature request issued by at least one application, forwarding a first data corresponding to the received at least one signature request to at least one signing entity for subsequent signature of the first data, storing an updated system state that is computed using a function of: i) a reference system state and ii) a second data corresponding to the received at least one signature request, where the reference system state and the updated system state attest to the at least one signature request, and repeating the above steps, using the updated system state as a new reference system state, where the steps of the method are executed at a server of a computerized system.
    Type: Grant
    Filed: August 23, 2012
    Date of Patent: December 16, 2014
    Assignee: International Business Machines Corporation
    Inventors: Michael Charles Osborne, Tamas Visegrady
  • Patent number: 8914905
    Abstract: Terminal certification means of a communication terminal manages a content and certification information on the content in association with each other. Upon access to a server associated with the execution of the content, request means sends the server a request including certification information associated with the content. In response to the request from the communication terminal, the server uses server certification means to certify the request. Access control means performs access control based on policy information stored in policy information storage means.
    Type: Grant
    Filed: October 5, 2010
    Date of Patent: December 16, 2014
    Assignee: NEC Corporation
    Inventors: Gen Okuyama, Yoshinori Miyamoto, Takuya Murakami
  • Publication number: 20140365778
    Abstract: A method and system for roaming website accounts and passwords are provided. The method is operational on a first client and includes: authenticating website accounts and passwords that have been stored; obtaining the stored website addresses, accounts and passwords according to a success verification; encrypting the stored website addresses, accounts and passwords for generating encrypted information, and generating a first QR code to be obtained by a second client according to the encrypted information. The website accounts and passwords are roamed and synchronized to be shared. The synchronization process verifies the accounts and passwords, and would not need a third-party server. Risk of data lost in case that the third-party server is attacked would be eliminated, and the safety for the accounts and passwords is improved.
    Type: Application
    Filed: April 30, 2014
    Publication date: December 11, 2014
    Applicant: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Wanxin WANG
  • Patent number: 8909918
    Abstract: Techniques are provided for obtaining first and second digital certificates from a certificate authority database for establishing a secure exchange between network devices. The first digital certificate contains identity information of a first network device, and the second digital certificate contains classification information of the first network device. In one embodiment, a secure key exchange is initiated with the second network device, and the first and second digital certificates are transmitted as a part of the secure key exchange to the second network device. In another embodiment, the first and second digital certificates are received by an intermediate network device. The first digital certificate is encrypted and is not evaluated by the intermediate network device. The second digital certificate is evaluated for classification information of the first network device.
    Type: Grant
    Filed: October 5, 2011
    Date of Patent: December 9, 2014
    Assignee: Cisco Technology, Inc.
    Inventors: Kunal Patel, Yixin Sun, Puneet Gupta, Vinod Arjun, David McGrew
  • Patent number: 8904172
    Abstract: A method for registering a first device with a second device over a wireless network includes receiving a registration request from the first device and sending one or more user input choices to the first device. The user input choices each specify a user input action available though a user interface associated with the second device. A device description describing the second device is sent to the first device in a manner that allows it to be presented to the user by the first device. At least one of the user input actions are sequentially received through the user interface in response to instructions provided to the user by the first device. The first device is registered with the second device if the user input actions received by the second device correctly reflect the instructions provided to the user by the first device.
    Type: Grant
    Filed: June 16, 2010
    Date of Patent: December 2, 2014
    Assignee: Motorola Mobility LLC
    Inventors: Paul Moroney, Jiang Zhang
  • Patent number: 8904040
    Abstract: Systems and processes of the present invention allow for digital identity validation. In an example embodiment, a digital identity is registered to a Registrant. During the registration process, one or more registration records are collected from the Registrant and stored in a Records Database. The registration records may include information regarding a digital identity, its Registrant, or another person or entity associated with the digital identity. They may also include name, address, phone number, email address, website, URL, or other information. The information is then verified, possibly by contacting a Registrant, administrative contact, technical contact, or another contact to confirm at least some information in the records. If the information is verified, the Digital Identity Provider may provide the Registrant with a Validation Marker indicating that the digital identity has been validated.
    Type: Grant
    Filed: May 9, 2007
    Date of Patent: December 2, 2014
    Assignee: Go Daddy Operating Company, LLC
    Inventors: Warren Adelman, Michael Chadwick