By Generation Of Certificate Patents (Class 713/175)
  • Patent number: 8898240
    Abstract: Example methods and apparatus associated with a messaging policy controlled email deduplication are provided. In one example a messaging policy is accessed. It is determined whether a received message complies with the policy based on rules of the messaging policy. If a message complies with the messaging policy, the message is displayed. If the message does not comply with the messaging policy, it is determined whether the message is duplicative. If the message is deemed duplicative it is not displayed. Conversely, if the message is not deemed duplicative it is displayed.
    Type: Grant
    Filed: August 16, 2011
    Date of Patent: November 25, 2014
    Inventor: Roderick B. Wideman
  • Patent number: 8898458
    Abstract: A method includes receiving at a first computer a new certificate which is to replace an old certificate associated with the first computer and associating by the first computer the new certificate with the first computer. In response to the first computer associating the new certificate with the first computer, the first computer accesses an email address book of the first computer having information identifying a second computer as having received the old certificate to determine from the information that the second computer is to associate the new certificate in place of the old certificate with the first computer. In turn, the first computer transmits the new certificate to the second computer for the second computer to associate the new certificate with the first computer.
    Type: Grant
    Filed: July 7, 2010
    Date of Patent: November 25, 2014
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Brian M. Novack, Daniel L. Madsen, Michael D. Cheaney, Timothy R. Thompson
  • Patent number: 8898120
    Abstract: A computer-implemented method for distributed data deduplication may include (1) identifying a deduplicated data system, the deduplicated data system include a plurality of nodes, wherein each node within the plurality of nodes is configured to deduplicate data stored on the node, (2) identifying a data object to store within the deduplicated data system, (3) generating a similarity hash of the data object, the similarity hash representing a probabilistic dimension-reduction of the data object, (4) selecting, based at least in part on the similarity hash, a target node from the plurality nodes on which to store the data object, and then (5) routing the data object for storage on the target node based on the selection of the target node. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: October 9, 2011
    Date of Patent: November 25, 2014
    Assignee: Symantec Corporation
    Inventor: Petros Efstathopoulos
  • Patent number: 8898472
    Abstract: A mechanism and method for managing credentials on an electronic device configured with an iOS based operating system. The iOS based device includes a “keychain” configured in device memory. According to an embodiment, the electronic device comprises an application configured to generate a public certificate object in the keychain and a password object in the keychain. The public certificate object is configured to store a public certificate, and the password object is configured to store a private key. The password object further includes a label or thumbprint for associating the private key with the corresponding public certificate. According to an embodiment, the application stores the private key in an encrypted container in the password object to provide an additional layer of security. The application is configured to unlock the encrypted container utilizing a password provided the user. According to a further aspect, the user password is not stored in memory on the device.
    Type: Grant
    Filed: July 18, 2011
    Date of Patent: November 25, 2014
    Assignee: Echoworx Corporation
    Inventors: Yauheni Kandrasheu, Sarah Happe, Christian Peel
  • Patent number: 8898473
    Abstract: A system and method are provided for pre-processing encrypted and/or signed messages at a host system before the message is transmitted to a wireless mobile communication device. The message is received at the host system from a message sender. There is a determination as to whether any of the message receivers has a corresponding wireless mobile communication device. For each message receiver that has a corresponding wireless mobile communication device: the message is processed so as to modify the message with respect to encryption and/or authentication aspect. The processed message is transmitted to a wireless mobile communication device that corresponds to the first message receiver. The system and method may include post-processing messages sent from a wireless mobile communications device to a remote system. Authentication and/or encryption message processing is performed upon the message. The processed message may then be sent through the remote system to one or more receivers.
    Type: Grant
    Filed: September 12, 2012
    Date of Patent: November 25, 2014
    Assignee: BlackBerry Limited
    Inventors: James A. Godfrey, Herbert A. Little, Michael K. Brown, Neil P. Adams, Carl L. Cherry, Timothy R. Tyhurst, Michael S. Brown
  • Patent number: 8892892
    Abstract: A computer method, computer system, and article for enabling digital signature auditing. The method includes the steps of: receiving at least one signature request issued by at least one application, forwarding a first data corresponding to the received at least one signature request to at least one signing entity for subsequent signature of the first data, storing an updated system state that is computed using a function of: i) a reference system state and ii) a second data corresponding to the received at least one signature request, where the reference system state and the updated system state attest to the at least one signature request, and repeating the above steps, using the updated system state as a new reference system state, where the steps of the method are executed at a server of a computerized system.
    Type: Grant
    Filed: March 15, 2012
    Date of Patent: November 18, 2014
    Assignee: International Business Machines Corporation
    Inventors: Michael Charles Osborne, Tamas Visegrady
  • Patent number: 8892880
    Abstract: A system and method for obtaining an authorization key to use a product utilizes a secured product identification code, which includes a serial number and at least one code that is generated based on a cryptographic algorithm.
    Type: Grant
    Filed: October 28, 2010
    Date of Patent: November 18, 2014
    Assignee: NXP B.V.
    Inventors: Ralf Malzahn, Hauke Meyn
  • Publication number: 20140331053
    Abstract: A terminal unique information transmission method including: receiving, by a server, from a terminal, a terminal unique information acquisition request including a terminal unique public key certificate of the terminal; generating an encrypted terminal unique public key certificate by encrypting the terminal unique public key certificate of the terminal; checking, by the server, whether the generated encrypted terminal unique public key certificate is described in a discarded terminal information table; and transmitting, by the server, when the generated encrypted terminal unique public key certificate is not described in the discarded terminal information table, a terminal unique information of the terminal to the terminal.
    Type: Application
    Filed: July 17, 2014
    Publication date: November 6, 2014
    Inventor: Hidefumi MARUYAMA
  • Patent number: 8880877
    Abstract: A method for assembling authorization certificate chains among an authorizer, a client, and a third party allows the client to retain control over third party access. The client stores a first certificate from the authorizer providing access to a protected resource and delegates some or all of the privileges in the first certificate to the third party in a second certificate. The client stores a universal resource identifier (URI) associated with both the first certificate and the third party and provides the second certificate and the URI to the third party. The third party requests access to the protected resource by providing the second certificate and the URI, without knowledge or possession of the first certificate. When the authorizer accesses the URI, the client provides the first certificate to the authorizer, so that the client retains control over the third party's access.
    Type: Grant
    Filed: December 22, 2011
    Date of Patent: November 4, 2014
    Assignee: Intel Corporation
    Inventor: Victor B. Lortz
  • Publication number: 20140325232
    Abstract: A client system may be configured to request a certificate from a server system and store the certificate locally. The stored certificate may be used to later authenticate a secure connection between the client system and the server system. The secure connection validated by the stored certificate may be, for example, a secure sockets layer/transport layer security (SSL/TLS) connection.
    Type: Application
    Filed: April 30, 2013
    Publication date: October 30, 2014
    Applicant: Unisys Corporation
    Inventors: Jason C. Schultz, James R. Heit, Robert L. Bergerson
  • Patent number: 8874919
    Abstract: Provided is an apparatus and method of a portable terminal authenticating another portable terminal. The portable terminal may receive a seed generated by the other portable terminal, issue an authentication certificate generated using the seed to the other portable terminal, authenticate the other portable terminal based on the authentication certificate, and provide a secure communication.
    Type: Grant
    Filed: January 14, 2011
    Date of Patent: October 28, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Dae Youb Kim
  • Publication number: 20140317412
    Abstract: A method for securely searching, finding, reproducing, recovering, and/or exporting electronic data from at least two systems which can be found in a network and which are organized in a functionally identical and decentralized manner. The individual systems include a system certificate and a corresponding serial number by the manufacturer and can carry out an authentication process using said system certificate and serial number. Information is provided on user authorizations between the systems using configuration tables which are stored on each of the systems. A maximum level of security is ensured by combining cryptographic methods and the mutual authentication of the involved systems. A user interface is provided for the user, wherein the user receives a pre-selection of the requested electronic data in the user interface and can then mark the pre-selection for further processing.
    Type: Application
    Filed: November 14, 2012
    Publication date: October 23, 2014
    Applicant: ARTEC COMPUTER GMBH
    Inventors: Jerry John Artishdad, Christian Hett
  • Patent number: 8869241
    Abstract: A computationally-implemented method, for certain example embodiments, may include, but is not limited to: identifying a network connection coupling a computer server to a computing device; and transmitting, via the network connection, a behavioral fingerprint associated with an authorized user of the computing device, the behavioral fingerprint providing at least one status of the authorized user with respect to the computing device. In addition to the foregoing, other example aspects are presented in the claims, drawings, and written description forming a part of the present disclosure.
    Type: Grant
    Filed: June 29, 2012
    Date of Patent: October 21, 2014
    Assignee: Elwha LLC
    Inventors: Marc E. Davis, Matthew G. Dyor, Daniel A. Gerrity, Xuedong Huang, Roderick A. Hyde, Royce A. Levien, Richard T. Lord, Robert W. Lord, Mark A. Malamud, Nathan P. Myhrvold, Clarence T. Tegreene
  • Patent number: 8869252
    Abstract: An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device.
    Type: Grant
    Filed: May 19, 2008
    Date of Patent: October 21, 2014
    Assignee: Nokia Corporation
    Inventors: Nadarajah Asokan, Jan-Erik Ekberg, Antti Kiiveri, Olli Muukka
  • Patent number: 8868913
    Abstract: A network device initiates a transmission control protocol (TCP) connection to establish a TCP session with a management device, and performs, via the TCP session, a secure protocol client/server role reversal for the management device. The network device receives, from the management device, initiation of a secure connection over the TCP session in accordance with a secure protocol, and provides, to the management device, a trusted certificate with an embedded host key that is dynamically generated using a cryptographic processor of the network device, based on the initiation of the secure connection. The network device also establishes the secure connection with the management device based on an authentication of the host key by the management device via the trusted certificate.
    Type: Grant
    Filed: September 29, 2011
    Date of Patent: October 21, 2014
    Assignee: Juniper Networks, Inc.
    Inventor: Kent A. Watsen
  • Patent number: 8863303
    Abstract: A system and method for allowing access to digitally protected content are disclosed. License metadata and credentials from multiple types of digital rights management systems may be used to grant access to content protected by a different type of digital rights management system. Hierarchical levels of access to the content may be granted based on at least one of license metadata and credentials.
    Type: Grant
    Filed: August 12, 2008
    Date of Patent: October 14, 2014
    Assignee: Disney Enterprises, Inc.
    Inventor: Arnaud Robert
  • Patent number: 8862872
    Abstract: Aspects describe spectrum authorization, access control, and configuration parameters validation. Devices in an ad-hoc or peer-to-peer configuration can utilize a licensed spectrum if the devices are authorized to use the spectrum, which can be determined automatically. Aspects relate to distribution of authorization tickets by an authorization server as a result of validating a device's credentials and services to which the device is entitled. An exchange and verification of authorization tickets can be performed by devices as a condition for enabling a validated wireless link using the spectrum.
    Type: Grant
    Filed: September 12, 2008
    Date of Patent: October 14, 2014
    Assignee: QUALCOMM Incorporated
    Inventors: Michaela Vanderveen, Lu Xiao
  • Patent number: 8854650
    Abstract: In a system including a client, a print server, an image forming device and a database, when the print server verifies a certificate transmitted from the image forming device upon performing TLS communication, verification of certificates that are registered in advance with the database is accelerated. A search key, which is for acquiring information of a desired image forming device from data stored in the database, is set in the print server. Certificate information is registered with the database in association with the search key. In this way, the certificate information can be searched for using the search key and verification can be accelerated.
    Type: Grant
    Filed: August 23, 2012
    Date of Patent: October 7, 2014
    Assignee: Canon Kabushiki Kaisha
    Inventor: Norihisa Kishimoto
  • Patent number: 8856527
    Abstract: A graphical user interface can be provided for creating a digital certificate profile for a digital certificate. In one embodiment, a security metric is determined using a first subset certificate profile attributes selected by a user, and a usability metric is determined using a second subset of certificate profile attributes. Graphical representations of the security metric and a graphical representation of the usability metric can then be provided the graphical user interface. In one embodiment, the first subset of certificate profile attributes is the same as the second subset.
    Type: Grant
    Filed: February 7, 2012
    Date of Patent: October 7, 2014
    Assignee: Symantec Corporation
    Inventors: Stefan Schwengler, Len Toyoshiba
  • Patent number: 8856894
    Abstract: An Always-On Authentication (“AOA”) system comprises a computer system, such as a server, that automatically monitors and authenticates an enrolled individual's online transactions and/or activities to, for example, detect and/or prevent fraud. The AOA system actively monitors and/or authenticates the individual's online transactions and/or activities with service providers. A risk level may be associated with transactions and/or activities, and if a monitored transaction or activity is determined to exceed risk level for the individual, the individual may be prompted for further authentication information. A risk profile may be built for the individual over time based on the individual's history or pattern of transactions and activities. The AOA system may issue a virtual credential to the individual and/or to one or more of the individual's computing devices.
    Type: Grant
    Filed: March 12, 2013
    Date of Patent: October 7, 2014
    Assignee: Consumerinfo.com, Inc.
    Inventors: Michael John Dean, Mark Joseph Kapczynski
  • Patent number: 8856514
    Abstract: A renewed digital certificate is obtained within an asynchronous messaging environment from a certificate server of an issuer of an existing digital certificate to replace the existing digital certificate. The renewed digital certificate includes an extended attribute that stores a serial number value of the existing digital certificate. A message is received with a symmetric key that is encrypted using the existing digital certificate. The symmetric key is identified within the message by the serial number value of the existing digital certificate. The message is processed using the renewed digital certificate.
    Type: Grant
    Filed: March 12, 2012
    Date of Patent: October 7, 2014
    Assignee: International Business Machines Corporation
    Inventors: Bret W. Dixon, Scot W. Dixon
  • Patent number: 8856875
    Abstract: Generally, this disclosure describes software delivery systems (and methods). A server is provided that operates to provision software on a customer's local machine. The server system, in response to a software purchase from an end user (customer), is configured to install the software on the customer's machine, encrypt the software, and provision encryption keys to grant the customer access to the software. In addition, a software agent is installed on the customer's machine that enables monitoring, by the server, of the customer's installed software. The server system is configured to control customer access to the installed software, via the software agent, and to terminate customer access to the software (for example, for nonpayment of fees). Thus, the software provider can retain control over software that is remotely deployed at an end user location.
    Type: Grant
    Filed: July 24, 2012
    Date of Patent: October 7, 2014
    Assignee: Intel Corporation
    Inventor: Vikas Aditya
  • Patent number: 8856532
    Abstract: An embodiment of the disclosure can receive a composite resource document containing at least one resource. An updated manifest resource can be obtained. The updated manifest resource can list all resources in the composite resource document. A set of zero or more (0 . . . N) resources can be indicated. Each indicated resource is one that is to be subtracted from the list of resources in the updated manifest resource in order to create a generated signature reference list of identified resources to be signed. A hash token can be generated using the resources identified in the generated signature reference list to form a signature hash token. The signature hash token can be encrypted with a secret key.
    Type: Grant
    Filed: June 24, 2011
    Date of Patent: October 7, 2014
    Assignee: International Business Machines Corporation
    Inventors: John M. Boyer, Ragunathan Mariappan, Nazeer S. Unnisa
  • Patent number: 8850208
    Abstract: Embodiments relate to a method for generating a set of authentication certificates by a set of certificate authority devices. The method includes receiving, by the set of certificate authority devices, a set of certificate requests from a user device. The method includes generating, by the set of certificate authority devices, a set of crosschecked certificates, each crosschecked certificate of the set of crosschecked certificates being configured to cryptographically verify the remaining crosschecked certificate of the set of crosschecked certificates. The method includes transmitting, by the set of certificate authority devices, the set of crosschecked certificates to the user device, the set of crosschecked certificates configured to be utilized by the user device in establishing a secured communication channel over a network between the user device and a client device.
    Type: Grant
    Filed: June 24, 2011
    Date of Patent: September 30, 2014
    Assignee: EMC Corporation
    Inventor: Sean F. Parkinson
  • Patent number: 8848919
    Abstract: Providing revocation status of at least one associated credential includes providing a primary credential that is at least initially independent of the associated credential, binding the at least one associated credential to the primary credential, and deeming the at least one associated credential to be revoked if the primary credential is revoked. Providing revocation status of at least one associated credential may also include deeming the at least one associated credential to be not revoked if the primary credential is not revoked. Binding may be independent of the contents of the credentials and may be independent of whether any of the credentials authenticate any other ones of the credentials. The at least one associated credential may be provided on an integrated circuit card (ICC). The ICC may be part of a mobile phone or a smart card.
    Type: Grant
    Filed: June 18, 2012
    Date of Patent: September 30, 2014
    Assignee: Assa Abloy AB
    Inventors: Eric F. Le Saint, Robert S. Dulude
  • Patent number: 8850207
    Abstract: A controller is provided with a controller key and a first controller identification information unique to the controller. The controller generates a controller unique key unique to a respective controller based on the controller key and the first controller identification information, and a second controller identification information based on the first controller identification information. A decryptor decrypts the encrypted medium device key using the controller unique key to obtain a medium device key. An authentication/key exchange process unit performs authentication/key exchange process with the host device through an interface unit using the medium device key, the medium device key certificate and the second controller identification information to establish a secure channel.
    Type: Grant
    Filed: March 22, 2012
    Date of Patent: September 30, 2014
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Taku Kato, Yuji Nagai, Tatsuyuki Matsushita
  • Patent number: 8850186
    Abstract: An information processing apparatus that communicates using an electronic certificate is provided. When identification information is configured that identifies the information processing apparatus on a network, the configured identification information is stored in a storage unit. A request for issue of an electronic certificate containing the identification information stored in the storage unit is issued to a certificate authority. Once the request for issue is issued, a determination is made as to whether or not the identification information contained in the request for issue matches the identification information stored in the storage unit prior to obtaining the electronic certificate that is issued by the certificate authority in response to the request for issue. If it is determined that a mismatch exists, the user is notified to that effect.
    Type: Grant
    Filed: January 5, 2007
    Date of Patent: September 30, 2014
    Assignee: Canon Kabushiki Kaisha
    Inventor: Hisayuki Yamauchi
  • Patent number: 8850188
    Abstract: A system and method for processing certificates located in a certificate search. Certificates located in a certificate search are processed at a data server (e.g. a mobile data server) coupled to a computing device (e.g. a mobile device) to determine status data that can be used to indicate the status of those certificates to a user of the computing device. Selected certificates may be downloaded to the computing device for storage, and the downloaded certificates are tracked by the data server. This facilitates the automatic updating of the status of one or more certificates stored on the computing device by the data server, in which updated status data is pushed from the data server to the computing device.
    Type: Grant
    Filed: September 13, 2012
    Date of Patent: September 30, 2014
    Assignee: BlackBerry Limited
    Inventors: Neil P. Adams, Herbert A. Little, Michael K. Brown, Michael S. Brown, Michael G. Kirkup
  • Patent number: 8850210
    Abstract: An authentication system, including a service use device 1 which presents blurred information obtained by blurring certification information desired to be certified, service providing devices 3a to 3c which verify the validity of blurred information presented by the service use device 1, and an authentication device 2 which supports the service use device 1 to issue valid blurred information. The authentication device 2 adds a digital signature to information including certification information and blurred information, and generates authentication information including the obtained digital signature, certification information, and blurred information (S2). The service use device 1 generates, based on the authentication information generated in the authentication device 2, blurred authentication information including blurred information selected according to an instruction from a user, instruction information representing the instruction, and a digital signature (S4).
    Type: Grant
    Filed: June 2, 2006
    Date of Patent: September 30, 2014
    Assignee: Panasonic Corporation
    Inventors: Kaoru Yokota, Natsume Matsuzaki, Masao Nonaka
  • Patent number: 8843757
    Abstract: A method and system is provided for generating a one-time passcode (OTP) configured for use as a personal identification number (PIN) for a user account from a user device. The OTP may be generated using an OTP generator which may include an algorithm an user account-specific OTP key. The OTP key may be camouflaged by encryption, obfuscation or cryptographic camouflaging using a PIN or a unique machine identifier defined by the user device. Obtaining an OTP from the user device may require inputting a data element which may be one of a PIN, a character string, an image, a biometric parameter, a user device identifier such as an machine effective speed calibration (MESC), or other datum. The OTP may be used for any transaction requiring a user PIN input, including ATM and debit card transactions, secure access and online transactions.
    Type: Grant
    Filed: November 10, 2010
    Date of Patent: September 23, 2014
    Assignee: CA, Inc.
    Inventor: Rammohan Varadarajan
  • Patent number: 8843750
    Abstract: Embodiments of the present disclosure include methods (and corresponding systems and computer program products) for monitoring secured communication channels based on certificate authority impersonation. One aspect is a method comprising: intercepting a certificate transmitted by the remote server to the software application, the certificate comprising a public key; generating a first public key and a first private key pair for the intercepted certificate; replacing the public key in the intercepted certificate with the first public key; transmitting a modified intercepted certificate including the first public key to the software application in place of the intercepted certificate; and monitoring the security communication channel between the software application and the remote server, wherein the security communication channel is established based at least in part on the modified intercepted certificate.
    Type: Grant
    Filed: January 28, 2011
    Date of Patent: September 23, 2014
    Assignee: Symantec Corporation
    Inventor: Ilya Sokolov
  • Patent number: 8843749
    Abstract: Described are a system and method for presenting security information about a current site or communications session. Briefly stated, a browsing software is configured to receive a certificate during a negotiation of a secure session between a local device and a remote device. The certificate includes security information about a site maintained at the remote device. The security information is displayed to a user of the browsing software in a meaningful fashion to allow the user to make a trust determination about the site. Displaying the security information may include presenting a certificate summary that includes the most relevant information about the certificate, such as the name of the owner of the site and the name of the certificating authority of the certificate.
    Type: Grant
    Filed: May 7, 2010
    Date of Patent: September 23, 2014
    Assignee: Microsoft Corporation
    Inventors: Aaron J. Sauve, Cornelis K. Van Dok, Marc A. Silbey
  • Patent number: 8843413
    Abstract: The present invention provides for a digital rights management system with a centralized domain service capable of creating and managing membership criteria for joining a domain in accordance with business rules defined by a content owner. A domain identification is created that allows a content provider to uniquely bind content licenses to a domain. The content licenses include usage rights that define how content associated with the licenses may be consumed by one or more members of the domain. The centralized domain service can enforce digital rights by validating membership criteria including at least one of a domain proximity check for validating that a requestor is in close proximity to the domain, a total number of requestors, or the frequency that the requests have been made by various requestors to join the domain and unjoin from the domain.
    Type: Grant
    Filed: February 13, 2004
    Date of Patent: September 23, 2014
    Assignee: Microsoft Corporation
    Inventors: Arnaud Robert, James M. Alkove, Chadd B. Knowlton
  • Patent number: 8843740
    Abstract: A first device with a changing identity establishes a secure connection with a second device in a network by acting as its own certificate authority. The first device issues itself a self-signed root certificate that binds an identity of the first device to a long-term public key of the first device. The root certificate is digitally signed using a long-term private key, where the long-term public key and the long-term private key form a public/private key pair. The first device provides its root certificate to the second device in any trusted manner. The first device can then create a certificate for one or more short-term identities acquired by the first device and sign the newly-created certificate using the long-term private key. The first device can authenticate itself to the second device by sending the newly-created certificate to the second device.
    Type: Grant
    Filed: December 2, 2011
    Date of Patent: September 23, 2014
    Assignee: BlackBerry Limited
    Inventors: Michael Stephen Brown, David Francis Tapuska
  • Publication number: 20140281554
    Abstract: A client device that is coupled to a host device sends a parent public key and an associated certificate to the host device. The parent public key, the certificate and a corresponding parent private key are stored in secure persistent storage included in a secure device associated with the client device. The client device receives instructions from the host device for generating a child private and public key pair. In response to receiving the instructions, the client device generates a child private key based on a first random number produced within the secure device, and a child public key associated with the child private key. The client device computes a first signature on the child public key using the parent private key. The client device sends the child public key and the first signature to the host device.
    Type: Application
    Filed: March 13, 2013
    Publication date: September 18, 2014
    Applicant: ATMEL CORPORATION
    Inventors: Kerry David Maletsky, Michael J. Seymour, Brad Phillip Garner
  • Patent number: 8838966
    Abstract: In one embodiment, a computing apparatus that receives respective unique identifiers corresponding to a machine and a diagnostic tool and a requested parameter setting for configuring a machine component residing in the machine, and provides an authorization code with a payload comprising the requested parameter setting, the payload encrypted based on the unique identifiers.
    Type: Grant
    Filed: September 27, 2010
    Date of Patent: September 16, 2014
    Assignee: AGCO Corporation
    Inventors: Joshua A. Tolle, Ty D. Klein, Gerald R. Johnson, Josh W. Russell
  • Patent number: 8838973
    Abstract: Reflective factors are used in combination with a, one-time password (OTP) in order to strengthen a system's ability to prevent man in the middle (MITM) phishing attacks. These reflective factors may include information such as URL information, HTTPS, a server's certificate, a session key, or transaction information. These reflective factors help to ensure that a client that wishes to access a server is the legitimate client, because even if a phisher (including a phisher attacking the legitimate client in real time) records identifying information from the legitimate client, it cannot replicate the reflective information to authenticate itself with the server.
    Type: Grant
    Filed: February 28, 2012
    Date of Patent: September 16, 2014
    Assignee: Google Inc.
    Inventors: Marcel Mordechai Moti Yung, Omer Berkman
  • Patent number: 8838964
    Abstract: A method and system for software package auditing is described. A processing device receives user input that identifies one or more software packages to be included in a software product release. The one or more identified packages are imported into a package audit tool executable by the processing device and the package audit tool automatically validates that the imported packages comply with a set of one or more requirements specified for the software product release using the package audit tool.
    Type: Grant
    Filed: November 30, 2010
    Date of Patent: September 16, 2014
    Assignee: Red Hat, Inc.
    Inventors: Dennis George Gregorovic, Tomas Kopecek, Martin Magr, Daniel W. Riek
  • Patent number: 8832443
    Abstract: A method for increasing the security of private keys is provided that includes generating transaction data at a device operated by a user and processing the transaction data. Moreover, the method includes determining whether the user permits using a private key that is associated with the user and with a public-private key pair of the user. The private key is stored in a computer system different from the device. Furthermore, the method includes authenticating the user when the user permits using the private key, applying the private key to other data after successfully authenticating the user, and transmitting the other data to the device. The method also includes conducting a transaction with the transaction data.
    Type: Grant
    Filed: May 31, 2012
    Date of Patent: September 9, 2014
    Assignee: Daon Holdings Limited
    Inventors: Andrew Supplee Webb, Michael Peirce
  • Patent number: 8831569
    Abstract: Systems and methods for processing encoded messages within a wireless communications system are disclosed. A server within the wireless communications system performs signature verification of an encoded message and provides, together with the message, an indication to the mobile device that the message has been verified. In addition, the server provides supplemental information, such as, for example, a hash of the certificate or certificate chain used to verify the message, to the device, to enable the device to perform additional checks on the certificate, such as, for example, validity checks, trust checks, strength checks, or the like.
    Type: Grant
    Filed: September 12, 2012
    Date of Patent: September 9, 2014
    Assignee: BlackBerry Limited
    Inventors: Michael K. Brown, Michael S. Brown, Herbert A. Little
  • Patent number: 8832430
    Abstract: A system for managing security certificates on a plurality of remote computers comprises a certificate manager that can determine in accordance with at least one preestablished criterion whether a security certificate on a remote computer is to be managed. The system also includes an installer module that can access an account of the remote computer to manage the security certificate. Methods of using the system are also provided.
    Type: Grant
    Filed: September 17, 2010
    Date of Patent: September 9, 2014
    Assignee: Microsoft Corporation
    Inventors: Adam E. Zilinskas, Laura Delhy Machado de Wright, S. Morris Brown
  • Patent number: 8832441
    Abstract: A mobile terminal includes a near-field communication device capable of performing near-field wireless communication with an external device, and a controller configured to instruct the external device or the near-field communication device to execute a command. The near-field communication device has a storage unit, a first mutual authentication unit for authenticating the controller and for requesting the controller to authenticate the near-field communication device, a first communication key setting unit for setting a first communication key, a second mutual authentication unit for authenticating the external device and for requesting the external device to authenticate the near-field communication device, and a second communication key setting unit for setting a second communication key.
    Type: Grant
    Filed: August 27, 2010
    Date of Patent: September 9, 2014
    Assignee: FeliCa Networks, Inc.
    Inventors: Taro Kurita, Toshiharu Takemura
  • Patent number: 8832800
    Abstract: A method for producing an electro-biometric signature allowing legal interaction between and the identification of persons utilizing biometric features. The method includes inputting a user's biometric features in a pre-determined sequence and checking that no feature is entered repeatedly.
    Type: Grant
    Filed: August 24, 2010
    Date of Patent: September 9, 2014
    Assignee: Administradora de Proyectos y Sistemas Avanzados, S.C.
    Inventors: Pedro Pablo Garcia Perez, Juan Luis Soto Decuir, Ciro Alfonso Herrera Ramirez
  • Patent number: 8825011
    Abstract: A method for controlling wireless communications to and from a macro wireless network includes provoking an access request from a wireless device to register the device with an intelligent network access controller for a local wireless network. The method then includes locking the wireless device to the controller and determining a category of the wireless device. If the determined category of the wireless device is a first category, the method includes preventing access to wireless communications using the macro wireless network. If the determined category of the wireless device is a second category, the method includes directing the wireless device to re-attempt access with the macro wireless network.
    Type: Grant
    Filed: July 19, 2012
    Date of Patent: September 2, 2014
    Assignee: Tecore, Inc.
    Inventors: Jay Salkini, Thomas Joseph, Youssef Dergham
  • Patent number: 8826008
    Abstract: A system, methods and devices for the secure notification of an identity in a communications network. The methods include sending or receiving a communication including a hash of a certificate of a device to notify or detect the presence of the device in a network. Each certificate is associated with an identity which is excluded from the communication of the hash of the certificate. The received hash is compared to hashes of certificates stored in an electronic device to determine an identity. The identity may represent an electronic device or a user of the electronic device.
    Type: Grant
    Filed: August 3, 2012
    Date of Patent: September 2, 2014
    Assignee: BlackBerry Limited
    Inventors: Michael Stephen Brown, David Francis Tapuska
  • Patent number: 8819438
    Abstract: A method for issuing a digital residence certificate using a module associated with a counter. Data from the counter are continuously monitored, whereby the data are read and a consistency test is performed on the basis of a predetermined criterion. In addition, after receiving a residence certificate request, a decision is made as to whether or not the request should be fulfilled, based on the results of the continuous data monitoring.
    Type: Grant
    Filed: March 27, 2009
    Date of Patent: August 26, 2014
    Assignee: Electricite de France
    Inventors: Ludovic Pietre-Cambacedes, Yves Dherbecourt
  • Patent number: 8819424
    Abstract: An intermediary system that facilitates a connection request from a client to a server. The intermediary system may participate in either or both of a token creation phase and a server connection phase. If participating in the token creation phase, the intermediary system generates a token that may later be used by the client during a server connection phase. The token includes a session identifier and is returned to the client. If participating in the server connection phase, the intermediary receives the token, extracts the session identifier from the token, and compares against the session identifier for the session in which the token was created. If the session identifiers match, then the intermediary connects to the server to complete the connection request.
    Type: Grant
    Filed: September 30, 2010
    Date of Patent: August 26, 2014
    Assignee: Microsoft Corporation
    Inventor: Dimitrios Soulios
  • Patent number: 8819439
    Abstract: Method and apparatus for generating cryptographic credentials certifying user attributes and making cryptographic proofs about attributes encoded in such credentials. Attributes are encoded as prime numbers E in accordance with a predetermined mapping and a cryptographic credential is generated encoding E. To prove that an attribute encoded in a cryptographic credential associated with a proving module of the system is a member of a predetermined set of user attributes, without revealing the attribute in question, the proving module determines the product Q of respective prime numbers corresponding to the attributes in the set in accordance with the predetermined mapping of attributes to prime numbers. The proving module demonstrates to the receiving module possession of a cryptographic credential encoding a secret value that is the prime number E, and then whether this secret value divides the product value Q.
    Type: Grant
    Filed: August 24, 2012
    Date of Patent: August 26, 2014
    Assignee: International Business Machines Corporation
    Inventors: Jan Leonhard Camenisch, Thomas R Gross
  • Patent number: 8812838
    Abstract: A valid duration period for a digital certificate is established by a process that includes assigning numeric values to certificate term. The numeric value assigned to each certificate term is representative of the valid duration period. The method continues by identifying one certificate term, which may include requesting a user to select a certificate term. The method may include transmitting the requested certificate term to a server. The certificate term requested is sent via a certificate request. The server is configured to convert the numeric value associated with the requested certificate term into a duration counter value. The method may also include a certificate server receiving from the server, the certificate request including the duration counter value. The method may conclude with transmitting the signed certificate request to a client device capable of generating the digital certificate with the requested certificate term.
    Type: Grant
    Filed: June 17, 2013
    Date of Patent: August 19, 2014
    Assignee: SecureAuth Corporation
    Inventors: Garret Florian Grajek, Stephen Moore, Mark V. Lambiase, Craig J. Lund
  • Patent number: 8812851
    Abstract: The invention relates to a method for reading at least one attribute stored in an ID token (106, 106?) using first (136), second (150) and third (100) computer systems, wherein the third computer system comprises a browser (112) and a client (113), and wherein a service certificate (144) is assigned to the second computer system, wherein the service certificate comprises an identifier which is used to identify the second computer system, wherein the ID token is assigned to a user (102), having the following steps: —a first cryptographically protected connection (TLS1) is set up between the browser of the third computer system and the second computer system, wherein the third computer system receives a first certificate (176), —the first certificate is stored by the third computer system, —the third computer system receives a signed attribute specification (182) via the first connection, —a second cryptographically protected connection (TLS2) is set up between the browser of the third computer system and the f
    Type: Grant
    Filed: April 20, 2011
    Date of Patent: August 19, 2014
    Assignee: Bundesdruckerei GmbH
    Inventors: Carsten Schwarz, Günter Koch