By Generation Of Certificate Patents (Class 713/175)
-
Publication number: 20040250075Abstract: The present invention provides systems and methods to automatically install and trust a self-signed (e.g., untrusted) web site certificate on one or more web clients local to the network. In addition, the systems and methods provide for automatic installation of the self-signed certificate and/or a signed (e.g., trusted) certificate on a web server, and automatic configuration to enable an authentication and/or encryption mechanism (e.g., SSL encryption) with at least a portion of the web site. Conventionally, certificate installation, configuration and trusting are achieved manually, which can be time consuming and prone to errors such as trusting a fictitious certificate, for example. The systems and methods of the present invention provide a novel approach to mitigate manual web site certificate installation (e.g., trusted and untrusted) and trusting, web client interruption via untrusted web site warning notifications, and domain web site redirection to a fictitious web site.Type: ApplicationFiled: June 3, 2003Publication date: December 9, 2004Inventors: Charles John Anthe, Huseyin Gokmen Gok
-
Publication number: 20040250077Abstract: A method of establishing a home domain capable of reproducing multimedia content, and a smart card therefor. The method includes creating a domain certificate for a reproducing device by inserting the smart card into the reproducing device, creating a session key by inserting the smart card into a home server, and verifying the domain certificate of the reproducing device and transmitting the created session key to the reproducing device if the device is a legitimate device. Alternatively, the method includes using an external certificate authority to determine whether the reproducing device is a legitimate device.Type: ApplicationFiled: May 4, 2004Publication date: December 9, 2004Applicant: SAMSUNG ELECTRONICS CO., LTD.Inventors: Yong-Jin Jang, Myung-Sun Kim, Yang-Lim Choi, Yong-Kuk You, Su-Hyun Nam
-
Publication number: 20040250076Abstract: The present invention provides a flexible, tamper-resistant authentication system, or personal authentication device (PAD), which can support applications in authentication, authorization and accounting. The PAD stores at least one public key associated with a certificate authority (CA) and receives one or more digital certificates, which may be authenticated based on the stored CA public keys. The PAD outputs a service key that, depending on the application, may be used to gain access to a controlled space, obtain permission for taking a certain action, or receive some service. The operation of the PAD and the nature of the service key may be determined by digital certificates that it receives during operation. Using a stored PAD private key that is kept secret, the PAD may perform a variety of security-related tasks, including authenticating itself to a user, signing service keys that it generates, and decrypting content on received digital certificates.Type: ApplicationFiled: January 2, 2004Publication date: December 9, 2004Inventor: Hsiang-Tsung Kung
-
Patent number: 6829708Abstract: To determine whether digital content can be released to an element such as a computer application or module, a scaled value representative of the relative security of the element is associated therewith, and the digital content has a corresponding digital license setting forth a security requirement. The security requirement is obtained from the digital license and the scaled value is obtained from the element, and the scaled value of the element is compared to the security requirement of the digital license to determine whether the scaled value satisfies the security requirement. The digital content is not released to the element if the scaled value does not satisfy the security requirement.Type: GrantFiled: March 15, 2000Date of Patent: December 7, 2004Assignee: Microsoft CorporationInventors: Marcus Peinado, Rajasekhar Abburi, Jeffrey R. C. Bell
-
Publication number: 20040243805Abstract: A digital certificate management apparatus updates a proof key used for proving validity of a digital certificate used for authentication for establishing communication between a client and a server. The apparatus acquires a new proof key for updating, acquires a new digital certificate used for the authentication for which validity can be proved with the use of said new proof key, transmits the new proof key to the client and transmits a new server certificate which is a new digital certificate for the server to the server. The apparatus transmits the new server certificate to the server after receiving, from the client, information indicating that the client has received the new proof key.Type: ApplicationFiled: March 19, 2004Publication date: December 2, 2004Inventor: Tomoaki Enokida
-
Publication number: 20040243846Abstract: Network devices access a communications network and engage in secure associations with one or more network access points upon authenticating the access points and upon verifying the discovery information that is broadcast by the access point. Once a secure association is created, management frames that are subsequently transmitted between the network devices and the access points and that are used to control the secure association are verified to further enhance the security of the communications network.Type: ApplicationFiled: December 12, 2003Publication date: December 2, 2004Inventors: Bernard D. Aboba, Timothy M. Moore
-
Publication number: 20040243665Abstract: Systems and methods applicable, for example, to searching for entities reachable via networking, allowing for communications among node users, and performing sharing operations. Such systems and methods could for instance, be employed in the provision of services such as sharing, messaging, and/or chat.Type: ApplicationFiled: May 27, 2003Publication date: December 2, 2004Inventors: Outi Markki, Timo Vesalainen
-
Publication number: 20040243804Abstract: A network access control method comprises setting certificate information for each of user terminals, the certificate information including a user identification and access right information indicating a limited access right to a network, determining whether the user terminal is authenticated based on a user identification, and controlling access to the network in accordance with the certificate information when the user terminal is authenticated.Type: ApplicationFiled: March 10, 2004Publication date: December 2, 2004Inventor: Takeshi Tajima
-
Patent number: 6826690Abstract: A device certificate identifies a particular device using a globally-unique device identifier and contains a public key associated therewith. A private key stored in protected storage of the device is used to digitally sign outbound messages, enabling communicating devices to authenticate one another using the associated device certificate and public key, before returning a response. Devices functioning as servers can thereby securely participate in dynamic, automatic address assignment services using a service such as a Boot Protocol or Dynamic Host Configuration Protocol, and/or to update address information stored in a Domain Name System (DNS) server, ensuring that the update is authentic, and when the DNS is also authenticated, ensuring that a legitimate DNS has been contacted.Type: GrantFiled: November 8, 1999Date of Patent: November 30, 2004Assignee: International Business Machines CorporationInventors: John R. Hind, Marcia L. Peters
-
Patent number: 6826685Abstract: Method and system aspects for automated generation and distribution of certificates in a computer network of computer systems are described. These aspects include generating a request by a first computer system for a certificate from a second computer system, and responding to the request in the second computer system by automatically generating the certificate and distributing the certificate to the first computer system. Further, generating a request includes issuing a POST/CERTREQ request, and sending a self-signed certificate from the first computer system to the second computer system using HTTP. Automatically generating the certificate includes sending a sequence of certificates to the first computer system, the sequence of certificates including the newly generated certificate of the first computer system with a signature from the second computer system and a self-signed certificate from the second computer system.Type: GrantFiled: June 10, 1998Date of Patent: November 30, 2004Assignee: International Business Machines CorporationInventor: Daniel Graham Douglas
-
Publication number: 20040236965Abstract: A communication system includes a first node, a second node and, at least one intermediate node between said first and second nodes. The first and second nodes are arranged to be in communication. The first and second nodes have a first security association and one of the intermediate nodes and the second node have a second security association. The first security association authenticates the second node to the first node and the second security association authenticates the at least one intermediate node to the second node.Type: ApplicationFiled: August 7, 2003Publication date: November 25, 2004Inventor: Petri Krohn
-
Publication number: 20040236948Abstract: This invention allows a Certifying Authority (CA) in a Public Key Infrastructure (PKI) to allow a sub-CA to issue a pre-determined number of certificates without excessive overhead by the former CA. The regulation is performed by means of a security token that includes a count of the number of certificates issued by the sub-CA.Type: ApplicationFiled: January 29, 2004Publication date: November 25, 2004Inventor: Brian Bernard McKeon
-
Patent number: 6823454Abstract: A device certificate identifies a particular device using a globally-unique device identifier and contains a public key associated therewith. A private key stored in protected storage of the device is used to digitally sign outbound messages, enabling the message receiver to authenticate the message originator. Devices requesting address assignment from a service such as a Boot Protocol or Dynamic Host Configuration Protocol service can be authenticated by that service before an address is assigned. The device of the service providing the address assignment may also digitally sign the requested address, using its own private key, enabling the address receiver to verify that the address provider is authentic before accepting and using the assigned address. A device requesting an update to address information stored in a Domain Name System (DNS) server can be authenticated and/or can ensure that a legitimate DNS has been contacted.Type: GrantFiled: November 8, 1999Date of Patent: November 23, 2004Assignee: International Business Machines CorporationInventors: John R. Hind, Marcia L. Peters
-
Patent number: 6816900Abstract: An update process is used to update root certificates in a root certificate store of a client computer, maintaining the integrity of the existing root certificates as well as any new root certificates. In one embodiment, the root certificate store is updated by adding root certificates to the store, removing root certificates from the store, or modifying usage restrictions of root certificates in the store. A cryptographically signed message including a certificate trust list, as well as any new root certificates to be added to the root certificate store, is accessed by an update root control to update the root certificates in the root certificate store. The update root control verifies the integrity of the message, and thus the integrity of the certificate trust list contained therein. Once such integrity is verified, the update root control proceeds to update the root certificate store in accordance with the information in the certificate trust list.Type: GrantFiled: April 4, 2000Date of Patent: November 9, 2004Assignee: Microsoft CorporationInventors: Keith R. Vogel, Charlie D. Chase, Kelvin S. Yiu, Philip J. Hallin, Louis K. Thomas
-
Patent number: 6802002Abstract: A structured digital certificate is adapted to be certified by a digital signature of a certificate authority in an unprotected form, a first protected form, and a second protected form of the digital certificate. The digital certificate includes a first type field of authorization information relevant to a first recipient and being readable in the unprotected form and the first protected form of the digital certificate, and a first cryptographic folder containing a second type field of authorization information relevant to a second recipient and being readable in the unprotected form and the second protected form of the digital certificate, but not readable in the first protected form of the digital certificate. The digital certificate is configured to permit the subject to convert the structured digital certificate from the unprotected form to at least one of the first protected form and the second protected form.Type: GrantFiled: January 14, 2000Date of Patent: October 5, 2004Assignee: Hewlett-Packard Development Company, L.P.Inventor: Francisco Corella
-
Patent number: 6801998Abstract: A method and system for granting an applicant associated with a client computer in a client-server system access to a requested service without providing the applicant with intelligible information regarding group membership. The applicant transmits a request for service to an application server over a computer network. In response, the application server prepares an encrypted message which includes the identification of the group or groups having access privileges and transmits the encrypted message to the client along with a request that the client prove membership in at least one of the groups. The message is encrypted with an encryption key which can be decrypted by a group membership server.Type: GrantFiled: November 12, 1999Date of Patent: October 5, 2004Assignee: Sun Microsystems, Inc.Inventors: Stephen R. Hanna, Anne H. Anderson, Yassir K. Elley, Radia J. Perlman, Sean J. Mullan
-
Patent number: 6802003Abstract: Content is authenticated by generating signature certificates for content that has been successfully watermark screened. When a request is received for importation of content into a secured domain, a search is made in a signature certificates cache for a signature certificate associated with that requested content. If an identified signature certificate authenticates the requested content, the content is imported into the secured domain. If no signature certificate is identified, the content is watermark screened. If the content successfully passes the watermark screening process, a new signature certificate is then added to the signature certificate cache.Type: GrantFiled: June 30, 2000Date of Patent: October 5, 2004Assignee: Intel CorporationInventors: Mark T. Gross, David M. Barth, Richard P. Mangold
-
Publication number: 20040193885Abstract: A context manager supports creation, storage and retrieval of data to implement state maintenance in a vault process using “scoping” of multiple levels of storage. A user request is initiated by invoking an URL with embedded Application Domain and Instance Context. The URL request is processed by a Vault Supervisor to obtain a user ID and password to initiate a vault process running in a secure vault for the user. On vault process start up, access to the vault encryption/decryption keys are made available to the request. A global context file stored on disk is decrypted and read in to memory. If the global context file does not exist, a new global context file is created on disk. For each Application Domain, the application context is decrypted and read in to memory. If an application context file does not exist, a new application context file on disk is created based on the request. All Instance Context files are scanned to determine if they have expired.Type: ApplicationFiled: February 3, 2004Publication date: September 30, 2004Applicant: International Business Machines CorporationInventors: Mark Fisk, Robert Carroll, Hiroshi Maruyama, Hatem Ghafir
-
Publication number: 20040193884Abstract: A watchdog controller securely interrogates a main system CPU of an application module to determine if the main system CPU and its associated programming software are trustworthy. The watchdog controller and the application module preferably reside within a set top box. The watchdog controller includes a watchdog CPU which generates a digitally signed status request message using a watchdog certificate. The status request message is received by the main system CPU and validated for authenticity. The main system CPU then generates a status response message using a system certificate. The status response message is received by the watchdog processor and validated for authenticity. If the status response message is not valid then the watchdog controller preferably triggers a system reset. After the system is reset, a similar attempt is made to receive a valid status response message from the main system CPU.Type: ApplicationFiled: March 26, 2003Publication date: September 30, 2004Applicants: Sony Corporation, Sony Electronics Inc.Inventors: Donald Molaro, Ted Dunn
-
Publication number: 20040187002Abstract: A cross-site search process reads a script definition corresponding to a search condition received from a web browser, and transmits authentication information to a target information retrieval site according to an authentication function when the script definition includes the authentication function. Receiving certification based on the authentication information, the cross-site search process receives search result from the target information retrieval site by executing functions defined in the script definition. Then, the cross-site search process responds screen data to the web browser. Accordingly, the search results matching the same search condition from all target information retrieval sites can be acquired regardless of whether an information retrieval site requires authentication or not.Type: ApplicationFiled: January 26, 2004Publication date: September 23, 2004Applicant: FUJITSU LIMITEDInventor: Kazue Iida
-
Publication number: 20040187014Abstract: In one embodiment, a content license is created that defines parameters for accessing a piece of digital content. A first logical expression in the content license defines a plurality of playback devices that are authorized to access the piece of digital content. A second logical expression in the content license defines at least one time interval when the plurality of playback devices are authorized to access the piece of digital content. The content license is used to access the piece of digital content.Type: ApplicationFiled: March 18, 2003Publication date: September 23, 2004Inventor: Donald Joseph Molaro
-
Publication number: 20040187001Abstract: A first device (110) arranged for exchanging data with a second device (130). The first device (110) receives from the second device (130) a certificate comprising a public key (UPK) for the second device. The first device (110) then authenticates the second device (130) as a strongly protected device upon a successful verification of the received certificate with a public key (CAPK) of a Certifying Authority, if the public key of the Certifying Authority is available, and authenticates the second device (130) as a weakly protected device upon a successful verification of the received certificate with a locally available public key (SPK). The second device (130) does the same to achieve mutual authentication. Having authenticated each other, the devices (110, 130) can securely set up session keys and exchange data. The data preferably has associated DRM rules.Type: ApplicationFiled: December 11, 2003Publication date: September 23, 2004Inventor: Laurent Pierre Francois Bousis
-
Patent number: 6792531Abstract: A method and system for creating, reviewing and revoking, if necessary, a certificate for a client of a service provider of a communications network, wherein the client has a client private key and a client public key. The method includes the steps of establishing a communications link with the service provider through a dedicated communication channel; requesting a client certificate from the service provider; obtaining a caller-ID, including a telephone number from an operator of the dedicated communication channel; and creating the requested client certificate including the caller-ID. Preferably, the method also includes the step of verifying that the caller-ID obtained from the operator of the dedicated communication channel is the same as client identifying information provided by the client when requesting the client certificate. The certificate can be stored at a caller ID server or a client's storage.Type: GrantFiled: December 21, 2001Date of Patent: September 14, 2004Assignee: Pitney Bowes Inc.Inventors: Richard W. Heiden, Monroe A. Weiant, Jr.
-
Patent number: 6789193Abstract: A method and system for creating a certificate for a client of a service provider of a communications network, wherein the client has a client private key and a client public key. The method includes the steps of establishing a communications link with the service provider through a dedicated communication channel; requesting a client certificate from the service provider; obtaining a caller-ID from an operator of the dedicated communication channel; and creating the requested client certificate using the caller-ID. Preferably, the method also includes the step of verifying that the caller-ID obtained from the operator of the dedicated communication channel is the same as client information provided by the client when requesting the client certificate. The certificate can be stored at a caller ID server or a client's storage.Type: GrantFiled: October 27, 2000Date of Patent: September 7, 2004Assignee: Pitney Bowes Inc.Inventor: Richard W. Heiden
-
Publication number: 20040172538Abstract: A data storage device includes an encryption circuit for encrypting desired data and personal identification information by use of an encryption key created out of a given piece of the personal identification information such as a password, a magnetic disk for recording the data and the personal identification information which are encrypted by the encryption circuit, and a central processing unit for executing user verification by use of the encrypted personal identification information stored in the magnetic disk. The user verification is executed based on such verification data. The write data transmitted from a host system are encrypted by use of the foregoing encryption key and are recorded in the magnetic disk. Alternatively, the data read out of the magnetic disk are decrypted by use of the encryption key and are transmitted to the host system.Type: ApplicationFiled: December 9, 2003Publication date: September 2, 2004Applicant: International Business Machines CorporationInventors: Akashi Satoh, Sumio Morioka, Kohji Takano
-
Publication number: 20040162984Abstract: A process for generating a unique, secure and printable identity document, for authenticating the use of the document, and for granting privileges based on the document, includes generating an identity certificate for an individual. This certificate incorporates a pointer to biometric and other identifying data for the individual which are stored in a reference database. The identity certificate is encoded to produce, for example, a machine-readable printable 2-dimensional barcode as an identity document. The identity document may then be used by the document holder for generation of an encoded privilege document and this, in turn, is compared with the stored reference data, including the stored biometric when the privilege is to be exercised.Type: ApplicationFiled: May 1, 2002Publication date: August 19, 2004Inventors: William E. Freeman, Mark A. Bellmore, Kenneth W. Aull
-
Patent number: 6775770Abstract: A platform and a corresponding method for protecting the integrity of data transferred between the user input device and a secure processing unit. In one embodiment, this can be accomplished by establishing a virtual secure path between a device controller of the user input device and the secure processing unit. Thereafter, when sensitive information is input by the user via the user input device, the device controller is placed in a first mode of operation to securely transfer the sensitive information from the user input device to the secure processing unit over the virtual secure path. Additionally, a security indicator is placed in an Active state to indicate to the user that the sensitive information is being securely transferred to the secure processing unit.Type: GrantFiled: December 30, 1999Date of Patent: August 10, 2004Assignee: Intel CorporationInventors: Derek L. Davis, Shawn C. Beckman
-
Patent number: 6775779Abstract: An architecture for protecting premium content in a nonsecure computer environment executes only a small number of code modules in a secure memory. The modules are arranged in a hierarchy of trust, where a module names other modules that it is willing to trust, and those modules in turn name other modules that they are willing to trust. A secure loader loads a security manager that oversees a number of content-providing modules for manipulating the content. A memory manager assigns permissions to various pages of the secure memory. The memory has rings of different security. The security model can be extended to program modules and other devices on the computer's bus, such as DMA controllers and peripherals.Type: GrantFiled: April 6, 1999Date of Patent: August 10, 2004Assignee: Microsoft CorporationInventors: Paul England, Butler W. Lampson
-
Patent number: 6775536Abstract: A wireless domain (602) sets a security policy for all mobile communication devices (606) within the domain by use of a system entry proxy server (604). A developer makes an application or code segment available at a developer station (600). The application is certified by a certificate defining a developer security setting. The user of the mobile communication device initiates a download of the application so that it can be installed onto the mobile communication device. The application is downloaded through the system entry proxy server which authenticates the application, then re-certifies it with a compact certificate including an operator defined security policy. In this way the operator can control which resources of the mobile communication device are accessed by all applications coming into the wireless domain.Type: GrantFiled: November 3, 2000Date of Patent: August 10, 2004Assignee: Motorola, IncInventors: Robert L. Geiger, Jyh-Han Lin, James E. Van Peursem, Avinash C. Palaniswamy, Ambiga Subramanian, Anna Battenhouse
-
Patent number: 6772341Abstract: A method and system for processing signed data objects in a data processing system is presented. A signed data object utility allows a user to view and edit the contents of data objects embedded within a signed data object via a graphical user interface. Graphical objects represent the data objects embedded within a signed data object. A user may drag and drop objects onto other objects within the signed data object, and the signed data object utility automatically performs the necessary signing operations. Logical associations between data objects contained within the signed data object are determined, and the logical associations are displayed using visual indicators between graphical objects representing the associated data objects. As data objects are added or deleted, the visual indicators are updated to reflect any updates to the logical associations. The user may direct other operations on the signed data object through the graphical user interface.Type: GrantFiled: December 14, 1999Date of Patent: August 3, 2004Assignee: International Business Machines CorporationInventors: Theodore Jack London Shrader, Anthony Joseph Nadalin, Bruce Arland Rich, Julianne Yarsa
-
Publication number: 20040148505Abstract: A system using digital certificates having overlapping validity intervals. The overlapping certificates can be used in a hierarchical certificate authorities network in order to obtain benefits such as to increase the usage of all the certificates in the certificate chain; reduce/eliminate the certificate updates/downloads to a large population; only replace the minimum number of certificates in the trust hierarchy to re-establish the certificate chain; reduce the complexity of maintaining certificate nesting in certificate generation process; reduce the risk of service interruption; and control the extent of older technology in circulation and to reduce the risk associated with older products being more susceptible to attack. The certificate renewal process of a preferred embodiment is described.Type: ApplicationFiled: November 5, 2003Publication date: July 29, 2004Applicant: GENERAL INSTRUMENT CORPORATIONInventor: Xin Qiu
-
Publication number: 20040139323Abstract: User certificate method for data broadcasting including the steps of inputting a code recollection starting key on a remote control device during a user watches a data broadcasting, extracting a program title from an Electronic Program Guide table received from a broadcasting station, inputting a successive sequence of keys for user certification, inputting a code recollection end key on the remote control device for finishing the inputting of the sequence of keys, inputting a user code according to a screen displayed after inputting the code recollection key, and storing a record having the user code, the program title and the input key sequence in the code certificate table, whereby permitting easier watching of a data broadcasting program that requires a used certificate.Type: ApplicationFiled: October 9, 2003Publication date: July 15, 2004Inventor: Han Moon
-
Publication number: 20040139329Abstract: A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.Type: ApplicationFiled: August 6, 2003Publication date: July 15, 2004Inventors: David S. Abdallah, Barry W. Johnson
-
Patent number: 6763459Abstract: A PKI includes an off-line registration authority that issues a first unsigned certificate to a subject that binds a public key of the subject to long-term identification information related to the subject and maintains a certificate database of unsigned certificates in which it stores the first unsigned certificate An on-line credentials server issues a short-term disposable certificate to the subject that binds the public key of the subject from the first unsigned certificate to the long-term identification information related to the subject from the first unsigned certificate. The credentials server maintains a table that contains entries corresponding to valid unsigned certificates stored in the certificate database. The subject presents the short-term disposable certificate to a verifier for authentication and demonstrates that the subject has knowledge of a private key corresponding to the public key in the short-term disposable certificate.Type: GrantFiled: January 14, 2000Date of Patent: July 13, 2004Assignee: Hewlett-Packard Company, L.P.Inventor: Francisco Corella
-
Patent number: 6760843Abstract: Methods, systems, and devices are provided for securely updating private keys, key pairs, passwords, and other confidential information in a distributed environment. A transaction is created including appropriate encrypted soft-token content, and then transmitted to a new ocation. Comparisons are made to determine whether the new soft-token content should be recognized as authentic and entered at the new location. Updates are accomplished without ever sending the plain text form of a key or a password across the wire between the distributed locations.Type: GrantFiled: September 13, 2000Date of Patent: July 6, 2004Assignee: Novell, Inc.Inventor: Stephen R. Carter
-
Publication number: 20040128316Abstract: Systems and methods are disclosed for providing secure electronic archiving of customer (120) data over a network (110). Electronic postmarks are used to track archival of the data, access request for the archived (101) data, and fulfillment of the access requests.Type: ApplicationFiled: February 24, 2003Publication date: July 1, 2004Inventor: Leo J. Campbell
-
Patent number: 6757824Abstract: Each software component loaded for a verified operating system on a client computer must satisfy a set of boot rules for a boot certificate. A verified operating system identifier is created from the boot certificate. The boot certificate is published and signed by a boot authority that attests to the validity of the operating system booted under the boot certificate. Each software component for the operating system is associated with a component certificate published and signed by the same boot authority that signed the boot certificate. The boot rules determine the validity of the software component based on the contents of the component and boot certificates. The client computer transmits the verified operating system identity and the boot certificate to a server computer, such as a content provider, and the content provider determines whether to trust the verified operating system with its content.Type: GrantFiled: December 10, 1999Date of Patent: June 29, 2004Assignee: Microsoft CorporationInventor: Paul England
-
Patent number: 6754829Abstract: In one embodiment, methods and apparatus for an operator of a console to authenticate to a system of heterogeneous computers by logging in only once to a representative computer or “core”. After logging in, the operator acquires a session certificate (e.g., an X.509-based certificate), allowing the operator to prove identity and group membership information to other nodes on a network. The core, before signing session certificates, embeds data in an extended data area of the certificates. The extended data includes the operator's username and groups to which the operator belongs, and possibly other information such operator context (or domain). The username, group membership, and other extended data is based on the namespace of the core computer, and other devices on the network need not belong to that namespace or even use the same network operating system.Type: GrantFiled: December 14, 1999Date of Patent: June 22, 2004Assignee: Intel CorporationInventors: Alan B. Butt, Paul B. Hillyard, Jin Su
-
Publication number: 20040117626Abstract: A first certificate is provided from a first peer to a second peer. The first certificate includes a plurality of first parameters. A first exponentiation operation is performed to generate a first public key from the second peer using the plurality of first parameters and the first private key from the second peer. A second certificate and the first public key from the second peer are provided to the first peer. The second certificate comprises a plurality of second parameters. A second exponentiation operation is performed to generate a shared secret key for the second peer using at least one parameter from the plurality of first parameters. A third exponentiation operation is performed to generate the shared secret key for the first peer using the first public key from the second peer and a private key from the first peer.Type: ApplicationFiled: September 12, 2003Publication date: June 17, 2004Applicant: PIONEER RESEARCH CENTER USA, INC.Inventor: ASHOT ANDREASYAN
-
Publication number: 20040117659Abstract: Systems and methods that prevent unauthorized access in a communications network are provided. In one embodiment, a system that prevents unauthorized access to a network device may include, for example, a network device and a headend. The headend may be coupled to a communications network. The network device may be deployed in a home environment and may be communicatively coupled to the communications network via the headend. The headend may be adapted, for example, to determine whether a request to access the network device is authorized.Type: ApplicationFiled: September 26, 2003Publication date: June 17, 2004Inventors: Jeyhan Karaoguz, James D. Bennett
-
Patent number: 6748530Abstract: Certification will be performed without the use of any external certification organizations in an organization such as an enterprise. A server and a plurality of clients are connected via a network to thereby constitute a certification system for the entire enterprise. A public secondary memory in the server holds a server name, a certificate list, a temporary registrant list and the like. The certificate list includes individual and group certificates, and the certificate includes specifying information on a certification target, a public key and signature by an responsible person of a group, to which the certification target belongs. The group responsible person signs the public key of the group member and specifying information by using the information on a registrant list to generate a certificate.Type: GrantFiled: October 19, 1999Date of Patent: June 8, 2004Assignee: Fuji Xerox Co., Ltd.Inventor: Ryuichi Aoki
-
Publication number: 20040107363Abstract: A system and method for anticipating the trustworthiness of an Internet site having content comprising dynamically analyzing the content to assess the number of criteria the content complies with to create an analytical result and subsequently communicating to an Internet user the analytical result.Type: ApplicationFiled: August 22, 2003Publication date: June 3, 2004Applicant: EMERGENCY 24, INC.Inventor: Dante Monteverde
-
Patent number: 6745327Abstract: An electronic certificate signature program to create electronic signatures for documents, filings, and commercial transactions effectuated over the Internet, other computer networks or by other transmission means. A digital certificate is issued to a computer user after a personal identity verification. The personalized digital certificate may include biometric data, such as a photograph, a retinal scan, a voice print, a fingerprint, a handwriting exemplar, or other biologically derived data, and a date and time stamp, all of which is digitally signed using the private key of the issuing computer. If a hardware token is employed to house the certificate, some or all of the biometric data is printed on the exterior. A digital signature is effectuated using a network computer's private key. A user presents the digital certificate and enters a unique passphrase or other identifying secret to gain access.Type: GrantFiled: February 3, 1999Date of Patent: June 1, 2004Inventor: John H. Messing
-
Publication number: 20040103283Abstract: A method of authenticating a client (42) and a server (44) to each other via a gateway (46) in which the client uses a first encryption protocol between itself and the gateway and the server uses a second different encryption protocol between itself and the gateway, the method comprising the steps of: installing in the server that the gateway is a trusted certification authority (48); the gateway issuing a digital certificate authenticating the client; and the server verifying the digital certificate in order to confirm to itself that the digital certificate comes from the trusted certification authority.Type: ApplicationFiled: December 8, 2003Publication date: May 27, 2004Inventor: Zoltan Hornak
-
Patent number: 6742114Abstract: Methods, signals, devices, and systems are provided for delegating rights in a distributed computer system from a principal to one or more deputies. The deputies have identities separate from the principal. This allows the deputies to persist after the principal logs off the system, and permits deputization across boundaries imposed by namespaces and particular network protocols. A deputy may also delegate rights to additional deputies. Deputization is accomplished using certificates, domain/realm-specific credentials, public and private keys, process creation, and other tools and techniques.Type: GrantFiled: November 18, 1999Date of Patent: May 25, 2004Assignee: Novell, Inc.Inventors: Stephen R. Carter, Carlos A. Nevarez
-
Publication number: 20040098590Abstract: Method for checking the signature of a message, the message, signature and a certificate having,been sent by a signer having a public key to a recipient having a message storage device (11).Type: ApplicationFiled: November 12, 2003Publication date: May 20, 2004Inventor: Arnaud Fausse
-
Publication number: 20040088548Abstract: System and method for providing secure resource management. The system includes a first device that creates a secure, shared resource space and a corresponding root certificate for the shared space. The first device associates one or more resources that it can access with the shared space. The first device invites one or more other devices to join as members of the space, and establishes secure communication channels with the devices that accept this invitation. The first device generates a member certificate for each accepting device, and sends the root certificate and the generated member certificate to the device through the secure channel. These devices may then access resources associated with the shared space by presenting their member certificates. Further, members of the shared space may invite other device to join the space, and may create member certificates in the same manner as the first device.Type: ApplicationFiled: November 6, 2002Publication date: May 6, 2004Applicant: Xerox CorporationInventors: Diana Kathryn Smetters, Warren Keith Edwards, Dirk Balfanz, Hao-Chi Wong, Mark Webster Newman, Jana Zdislava Sedivy, Trevor Smith, Shahram Izadi
-
Publication number: 20040088549Abstract: A method for using digital contents is provided. In the method, a request is made to a provider apparatus for a certificate containing a first provider ID embedded therein by a certification authority, and the certificate is received from the provider apparatus. A decision is made by using the certificate as to whether or not the provider is authorized by the certification authority. A request is made to the provider apparatus for a digital content having a second provider ID embedded therein by a contents guarantee authority when the provider is authorized by the certification authority, and the digital content is received from the provider. The first provider ID is read from the certificate, the digital content is correlated with the second provider ID, and the digital content is stored in a storage medium. The second provider ID is detected from the digital content in response to a request to use the digital content.Type: ApplicationFiled: July 15, 2003Publication date: May 6, 2004Applicant: HITACHI, LTD.Inventors: Hiromi Ukai, Shigeki Hirasawa, Kousuke Anzai, Isao Echizen, Hiroshi Yoshiura, Masataka Okayama, Shuichi Tago
-
Publication number: 20040083380Abstract: A security module for use with a terminal comprises a data interface adapted to be coupled to a terminal, for receiving at least part of an algorithm code or the complete algorithm code from the terminal, as well as an energy interface for receiving supply energy. A volatile memory coupled to the energy interface in order to have energy supplied thereto stores the part of the algorithm code or the complete algorithm code received via the data interface, with a processor performing the algorithm code in order to obtain an algorithm code result that can be delivered to the terminal. Due to the storing of at least part of an algorithm code in the volatile memory of the security module, according to the invention, the algorithm code of the security module is effectively protected against spying out by a potential attacker.Type: ApplicationFiled: July 15, 2003Publication date: April 29, 2004Inventor: Marcus Janke
-
Publication number: 20040078573Abstract: A remote access system includes target units to be accessed, a home gateway serving as an entrance of a home network to which the target units belong, and a portable unit carried by the user to access the target units. When the portable unit sends and presents an attribute certificate in which at least privilege with regard to a resource and information of the home gateway are described, to the target units through the home gateway, an access made by the portable unit to the resource is checked.Type: ApplicationFiled: July 10, 2003Publication date: April 22, 2004Inventor: Shinako Matsuyama