By Generation Of Certificate Patents (Class 713/175)
  • Patent number: 9680700
    Abstract: Some demonstrative embodiments include devices, systems and/or methods of configuring a radio transceiver. For example, some embodiment include a radio virtual machine (RVM) to configure a radio transceiver, the RVM including a radio processor to execute a first code configuring one or more transceiver functionalities independent of a configuration of the radio transceiver, and to generate a second code based on the configuration of the radio transceiver and the first code, wherein the second code is to be executed by the radio transceiver to configure the one or more transceiver functionalities for the radio transceiver.
    Type: Grant
    Filed: September 8, 2013
    Date of Patent: June 13, 2017
    Assignee: INTEL CORPORATION
    Inventors: Vladimir Ivanov, Markus Dominik Mueck, Hossein Alavi
  • Patent number: 9660974
    Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.
    Type: Grant
    Filed: February 13, 2015
    Date of Patent: May 23, 2017
    Assignee: SecureAuth Corporation
    Inventors: Garret Florian Grajek, Chihwei Liu, Allen Yu Quach, Jeffrey Chiwai Lo
  • Patent number: 9646332
    Abstract: Disclosed is a manufacturing process and feature licensing system for provisioning personalized (device-unique) licenses to devices. The secure system uses a secure key wrapping mechanism to deliver the LSK to LPS. Another feature is that various network communication links are secured using standard security protocol. Application messages, license templates, licenses are digitally signed. The system is flexible, configured to allow multiple manufacturers and to allow various feature configurations via the use of License Template; scalable, as it is possible to use multiple LPS hosts to serve multiple programming stations; and available in that the delegation of license signing capability from CLS to LPS eliminates the dependency on unreliable Internet connections. Redundant LPS hosts provide high level of availability required for high volume license provisioning.
    Type: Grant
    Filed: September 21, 2011
    Date of Patent: May 9, 2017
    Assignee: Google Technology Holdings LLC
    Inventors: Jinsong Zheng, Tat Keung Chan, Liqiang Chen, Greg N. Nakanishi, Jason A. Pasion, Xin Qiu, Ting Yao
  • Patent number: 9584492
    Abstract: A cryptographic proxy service may be provided. Upon determining that data associated with a network destination comprises at least some sensitive data, a cryptographic service may provide a security certificate associated with the network destination. The plurality of data may be encrypted according to the security certificate associated with the network destination and provided to the cryptographic service for re-encryption and transmission to the network destination.
    Type: Grant
    Filed: June 23, 2014
    Date of Patent: February 28, 2017
    Assignee: VMware, Inc.
    Inventor: Erich Stuntebeck
  • Patent number: 9565211
    Abstract: A method, system or computer usable program product for managing exchanges of sensitive data including utilizing a processor to request a service across a network from an application, the service requiring a disclosure of a first set of sensitive data by the application; providing a set of certified policy commitments regarding the first set of sensitive data to the application for a determination of acceptability; and upon a positive determination, receiving the service including the disclosure of the first set of sensitive data.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: February 7, 2017
    Assignee: TRUE ULTIMATE STANDARDS EVERYWHERE, INC.
    Inventor: Daniel J. Guinan
  • Patent number: 9548970
    Abstract: A method for managing unlinkable database user identifiers includes distributing to a first database a first encrypted user identifier, a first database identifier, and a first database user identifier; distributing to a second database a second encrypted user identifier, a second database identifier, and a second database user identifier; receiving from the first database a third encryption and a fourth encryption, the third encryption being formed from the first encrypted user identifier, the second database identifier, and a message comprised in the fourth encryption; decrypting the third encryption thereby obtaining a decrypted value; deriving a blinded user identifier from the decrypted value; and sending the encrypted blinded user identifier and the fourth encrypted value to the second server thereby enabling the second server to compute the second database user identifier from the encrypted blinded database user identifier and the decrypted fourth encrypted value.
    Type: Grant
    Filed: May 8, 2015
    Date of Patent: January 17, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jan L. Camenisch, Anja Lehmann
  • Patent number: 9544150
    Abstract: A first digital identification document is transmitted from an identification authority to a mobile device of an identified individual. This first digital identification document is digitally signed and includes a set of attributes about the identified individual. In the same manner, a second digital identification document is also transmitted to the identified individual's mobile device. The second digital identification document is also digitally signed but includes a different set of attributes about the identified individual. The identified individual is then confronted by a series of challengers, wherein each challenger requires a different amount of information about the identified individual. Based on the identity of each challenger, the identified individual selects an appropriate identification document and transmits it to the applicable challenger's device.
    Type: Grant
    Filed: June 4, 2014
    Date of Patent: January 10, 2017
    Assignee: International Business Machines Corporation
    Inventor: Richard Redpath
  • Patent number: 9515829
    Abstract: [Objective] When installing software into an in-vehicle terminal from a server, it is required to prevent the software from being installed into an unsuitable terminal, and to reduce time and efforts for data input and download, thereby improving the convenience of the user. [Solution] In an information distribution system, terminal identification information and a terminal unique key for an in-vehicle terminal are stored in a server as well as in itself. The in-vehicle terminal transmits the terminal identification information to the server for terminal authentication via a communication terminal after encrypting with the terminal unique key, and then the server transmits encrypted software to the communication terminal. The communication terminal transmits the encrypted software to the in-vehicle terminal, which in turn obtains a software unique key encrypted with the terminal unique key from the server and decrypts the encrypted software for installation using the software unique key.
    Type: Grant
    Filed: December 21, 2012
    Date of Patent: December 6, 2016
    Assignee: Clarion Co., Ltd.
    Inventors: Takashi Matsumoto, Atsushi Shimizu, Katsuyuki Umezawa, Tatsuaki Osafune, Koichi Mitsui, Hiroyoshi Endo
  • Patent number: 9473482
    Abstract: In accordance with the exemplary embodiments of the invention there is at least a method and apparatus to perform operations including deploying, with a device of a private network, an application instance with an application web service in a cloud network; and based on the deploying, communicating with the application web service in the cloud network to establish a trust relationship with the application web service for the application instance.
    Type: Grant
    Filed: December 16, 2014
    Date of Patent: October 18, 2016
    Assignee: Nokia Technologies Oy
    Inventors: Samuli J. Koivuniemi, Zahid N. Ahmed, Sumit Lonial, Mike Beauford
  • Patent number: 9455979
    Abstract: A system, apparatus, method, and machine readable medium are described for establishing trust using secure communication protocols.
    Type: Grant
    Filed: July 31, 2014
    Date of Patent: September 27, 2016
    Assignee: NOK NOK LABS, INC.
    Inventor: William J. Blanke
  • Patent number: 9450760
    Abstract: A system, apparatus, method, and machine readable medium are described for authenticating a client to a device.
    Type: Grant
    Filed: July 31, 2014
    Date of Patent: September 20, 2016
    Assignee: NOK NOK LABS, INC.
    Inventor: Rolf Lindemann
  • Patent number: 9438584
    Abstract: A method of provisioning DRM credentials on a client device, comprising receiving DRM credentials at an update server from a key generation system, the DRM credentials having been encrypted by the key generation system, receiving a DRM credential request from a client device, the DRM credential request comprising a digital signature, a device class certificate, and an authorization token, authenticating the DRM credential request by validating the digital signature and the device class certificate, extracting and validating the authorization token, and providing the DRM credentials to the client device.
    Type: Grant
    Filed: October 31, 2014
    Date of Patent: September 6, 2016
    Assignee: ARRIS Enterprises, Inc.
    Inventors: Tat Keung Chan, Alexander Medvinsky, Paul Moroney
  • Patent number: 9417871
    Abstract: A system includes at least one computing device. The computing device has one or more processors, a memory, and a storage storing computer executable code. The computer executable code, when executed at the processors, is configured to process a plurality of source modules to generate a plurality of binary modules corresponding to the source modules. Each source module has at least one source file and a control file including a certificate of origin (COO) of the source module, and each binary module generated from each source module has at least one corresponding binary file and a copy of the control file. Once the binary modules are generated, the computer executable code combines the binary files of each of the binary modules to generate an executable file, and generates a COO file for the executable file based on the control files from the source modules or the binary modules.
    Type: Grant
    Filed: December 9, 2014
    Date of Patent: August 16, 2016
    Assignee: AMERICAN MEGATRENDS, INC.
    Inventors: Samvinesh Christopher, Anurag Bhatia, Winston Thangapandian
  • Patent number: 9413536
    Abstract: Presented herein are techniques for securely configuring or managing devices in a variety of geographic locations. At a device manager for a device, a first public key of a first public-private key pair is presented to a network management system as part of a request for one or more work orders. The work order, generated and signed by the network management system using a second private key of a second public-private key pair, includes the first public key, and is received by the device manager. The signed work order is provided to the endpoint device for validation of the signed work order using a second public key, and all subsequent communications from the device manager to the endpoint device are sent such that the communications are signed with the first private key. In some embodiments, each work order is valid for a specified amount of time.
    Type: Grant
    Filed: June 12, 2014
    Date of Patent: August 9, 2016
    Assignee: Cisco Technology, Inc.
    Inventors: Jonathan W. Hui, Raja Rajaram Kannan, Wei Hong
  • Patent number: 9414226
    Abstract: Systems and methods of providing a secure access layer in a mobile phone and a computer system coupled to the mobile phone to provide authentication for transmitting data between the phone and the computer system.
    Type: Grant
    Filed: October 21, 2014
    Date of Patent: August 9, 2016
    Assignee: FUTURE DIAL, INC.
    Inventor: Benedict Chong
  • Patent number: 9385872
    Abstract: Effecting reissue in a data processing system of a cryptographic credential certifying a set of attributes, the credential being initially bound to a first secret key stored in a first processing device. A backup token is produced using the first device and comprises a commitment to said set of attributes and first proof data permitting verification that the set of attributes in said commitment corresponds to the set of attributes certified by said credential. At a second processing device, a second secret key is stored and blinded to produce a blinded key. A credential template token produced from the backup token and the blinded key is sent to a credential issuer where said verification is performed using the first proof data and the credential template token is used to provide a reissued credential, certifying said set of attributes, to the second device, the reissued credential being bound to the second secret key.
    Type: Grant
    Filed: October 10, 2013
    Date of Patent: July 5, 2016
    Assignee: International Business Machines Corporation
    Inventors: Jan Camenisch, Anja Lehmann, Gregory Neven
  • Patent number: 9378599
    Abstract: An access management system and method are provided. The access management system includes an authentication means having an authentication key indicating an identity of a visitor, an authentication terminal configured to register by receiving user information corresponding to the authentication key, and store the user information matched with the authentication key recognized when the visitor accesses as an access history information of the visitor, and a user terminal configured to provide the user information corresponding to the authentication key to the authentication terminal.
    Type: Grant
    Filed: October 30, 2014
    Date of Patent: June 28, 2016
    Assignee: SAMSUNG SDS CO., LTD.
    Inventor: Young-Hee Lee
  • Patent number: 9338160
    Abstract: A method and system for a content provider to enable the consumption of content by properly entitled consumers (e.g., end-users, clients, customers) within a cloud provider network. A first certificate checkin service (CCS) executed by a processing device deployed in the cloud provider network receives a first set of usage data relating to content of a content provider consumed by a client of the cloud provider network. The first CCS provides the usage data to a communicatively coupled parent CCS. The first CCS provides the parent CCS with a request for entitlement data relating to the cloud provider, and stores the entitlement data received from the parent CCS. The entitlement data may be used by the first CCS to determine if the client is entitled to consume the content.
    Type: Grant
    Filed: August 7, 2013
    Date of Patent: May 10, 2016
    Assignee: Red Hat, Inc.
    Inventors: John Matthews, Wes Hayutin, Christopher Duryee, James Slagle, Chris Morgan, Todd Sanders
  • Patent number: 9323486
    Abstract: A terminal device may perform receiving a specific key from a print intermediation server. The terminal device may perform sending the received specific key to a print intermediation server in response to the terminal device accepting a print related instruction relating to printing in a printer after the specific key is received. The terminal device may perform receiving an authentication key from the print intermediation server in response to sending the specific key. The terminal device may perform sending a first request to the print intermediation server after a first item of the authentication key is received from the print intermediation server. The terminal device may perform sending a second request to the printer after a second item of the authentication key is received from the print intermediation server.
    Type: Grant
    Filed: January 22, 2015
    Date of Patent: April 26, 2016
    Assignee: Brother Kogyo Kabushiki Kaisha
    Inventor: Naoto Shiraga
  • Patent number: 9323914
    Abstract: A portable data or information carrier in the form of a smart card with partially or fully virtualized components. To maximize the confidentiality of information stored in the carrier, and more specifically to limit the amount of information available to a potential defrauder, electronic components such as circuits, I/O, cryptographic, memory and dummy objects are built, modified or influenced on demand from physical characteristics of an eligible person or device. Digitized unique biometric or hardware identifiers are read upon start-up and runtime of the device and, in case of an eligible person or device, subsequently supply all values necessary for determination of the characteristics of the user specific virtual smart cards objects, their placement and connections. By multi-factor authentication, the end-user or device will retain sole control of its keys and use them for authentication, signature or encryption purposes as if he had a physical smart card in his hand.
    Type: Grant
    Filed: April 2, 2015
    Date of Patent: April 26, 2016
    Assignee: Open Invention Network, LLC
    Inventor: Martin Wieland
  • Patent number: 9300656
    Abstract: One or more computer processors identify a first certificate that is used to establish a secure Internet connection. One or more computer processors identify a stored second certificate that shares at least one attribute with the first certificate. One or more computer processors determine a policy action based, at least in part, on a result of a comparison between an attribute of the first certificate and an attribute of the second certificate.
    Type: Grant
    Filed: August 21, 2014
    Date of Patent: March 29, 2016
    Assignee: International Business Machines Corporation
    Inventors: Paul A. Ashley, Carsten Hagemann
  • Patent number: 9276902
    Abstract: A recursive DNS nameserver system and related domain name resolution techniques are disclosed. The DNS nameservers utilize a local cache having previously retrieved domain name resolution to avoid recursive resolution processes and the attendant DNS requests. If a matching record is found with a valid (not expired) TTL field, the nameserver returns the cached domain name information to the client. If the TTL for the record in the cache has expired and the nameserver is unable to resolve the domain name information using DNS requests to authoritative servers, the recursive DNS nameserver returns to the cache and accesses the resource record having an expired TTL. The nameserver generates a DNS response to the client device that includes the domain name information from the cached resource record. In various embodiments, subscriber information is utilized to resolve the requested domain name information in accordance with user-defined preferences.
    Type: Grant
    Filed: February 24, 2014
    Date of Patent: March 1, 2016
    Assignee: OpenDNS, Inc.
    Inventors: Noah Treuhaft, David Ulevitch, Michael Damm
  • Patent number: 9276738
    Abstract: A digital tachograph has a security module. A public key, a secure private key, and a signage are stored in the security module. Vehicle-relevant data and the corresponding checksum are encoded using a secure private key and stored in the digital tachograph in a data format by the security module.
    Type: Grant
    Filed: October 20, 2011
    Date of Patent: March 1, 2016
    Assignee: Continental Automotive GmbH
    Inventors: Charles Hardinge, Andreas Lindinger
  • Patent number: 9270667
    Abstract: An authentication scheme may be utilized for a single sign-on operation between servers. One or more servers receive a data request directed to a disparate server. A root certificate (e.g., an X.509 root certificate) is loaded for accessing the disparate server. A user certificate is dynamically generated for identifying a logged-in user. The user certificate is signed with the root certificate and sent to the disparate server for binding with the data request. The data request is sent to the disparate server for authentication using the user certificate. The disparate server accesses a mapping table to map a subject name in the user certificate. When an entry for the logged-in user is found in the mapping table, data operations are enabled between the servers. An open web protocol response containing the requested data is then received from the disparate server.
    Type: Grant
    Filed: November 1, 2012
    Date of Patent: February 23, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ajay Gupta, Sudeep Rastogi, Shyam Sundar Jayasankar, Diwakar Mantha
  • Patent number: 9239911
    Abstract: A subscription proxy receives, from an end user system, a request for a resource provided by a content delivery network, the request comprising a local credential associated with the end user system. The subscription proxy identifies a remote credential associated with the content delivery network and corresponding to the local credential. The subscription proxy replaces the local credential in the request with the corresponding remote credential and sends the request for the resource with the remote credential to the content delivery network.
    Type: Grant
    Filed: April 26, 2012
    Date of Patent: January 19, 2016
    Assignee: Red Hat, Inc.
    Inventors: Christopher Duryee, James Bowes, Bryan Kearney
  • Patent number: 9231983
    Abstract: Methods and systems for providing trusted signaling of domain-specific security policies. One method includes intercepting a connection request to a remote server from a client device on a domain and returning a security certificate with policy information for regulating the communications with the target server.
    Type: Grant
    Filed: December 24, 2014
    Date of Patent: January 5, 2016
    Assignee: CITRIX SYSTEMS, INC.
    Inventor: John Kennedy
  • Patent number: 9225743
    Abstract: A method and apparatus for automatically generating policies from a set of cryptographic certificates is described. An automated policy generator, executing on a computing system, receives information from a set of one or more cryptographic certificates deployed in a network. The automated policy generator automatically generates a policy from the information of the set of cryptographic certificates.
    Type: Grant
    Filed: April 12, 2012
    Date of Patent: December 29, 2015
    Assignee: Symantec Corporation
    Inventor: Alok Naik
  • Patent number: 9219713
    Abstract: Electronic electricity meter with integrated digital-certification mechanism for secure communication, comprising current sensors, voltage sensors, electronic circuit for conditioning the current signals and voltage signals in the electrical levels required by the processing unit, processing unit able to continuously sample the current signals and voltage signals provided by the circuit and that reflect, using a known ratio, the real value of the current and voltage delivered to the meter connection terminals, the processing unit calculates the active and passive through energy and determines the energy values to be counted, and a communication unit, linked to the processing unit, which uses a digital data protocol and a physical interface to communicate with the world outside the meter, and a processing unit with digital certification functions located between the processing unit and the communication unit.
    Type: Grant
    Filed: November 25, 2011
    Date of Patent: December 22, 2015
    Inventors: FƔbio de Oliveira Toledo, Welson Regis Jacometti, Rodrigo Jardim Riella, Celso Pinto Saraiva
  • Patent number: 9215716
    Abstract: A wireless communication apparatus on the receiving side receives communication data that is a transmitted to the wireless communication apparatus using one of the plurality of channels. Subsequently, the wireless communication apparatus on the receiving side obtains channel information contained in the communication data received by the receiving unit and judges whether the obtained channel information is target information indicating a channel of a processing target. The wireless communication apparatus on the receiving side performs a receiving process on the received communication data, when the judging unit determines that the obtained channel information is the target information, performs a receiving process on the communication data received by the receiving unit and that, when the judging unit determines that the obtained channel information is not the target information, discards the received communication data.
    Type: Grant
    Filed: April 2, 2012
    Date of Patent: December 15, 2015
    Assignee: FUJITSU LIMITED
    Inventors: Kouki Mie, Kenji Yamada, Yuichi Inao
  • Patent number: 9203609
    Abstract: Various methods for implementing keystream hierarchy in a distributed memory environment are provided. One example method may comprise causing a generated keystream to be accessed on a memory device, wherein the keystream was generated in an instance in which the memory device was in radio communications range. One example method may further comprise determining a session key based on the generated keystream and a modified keystream. In some example embodiments, the modified keystream is created by the memory device based on the generated keystream and a keystream received by the memory device from a second device. One example method may further comprise causing communications data to be transmitted to the memory device or to the second device. In some example embodiments, the communications data is protected using at least a portion of the session key and is intended for the second device.
    Type: Grant
    Filed: December 12, 2011
    Date of Patent: December 1, 2015
    Assignee: Nokia Technologies Oy
    Inventors: Jan-Erik Ekberg, Jari-Jukka Harald Kaaja
  • Patent number: 9183374
    Abstract: Techniques for providing identity-enabled interfaces for deployment are presented. Specifically, an agent of an enterprise infrastructure authenticates and acquires an agent identity for interacting with a cloud processing environment. Once the agent is deployed in the cloud processing environment, enterprise policy can be enforced within the cloud processing environment on actions occurring within the cloud. The agent acts as an Application Programming Interface between the enterprise and the cloud processing environment. The reverse is also achievable, where a cloud deploys an agent to the enterprise to deploy a cloud interface within the enterprise for policy enforcement.
    Type: Grant
    Filed: July 13, 2011
    Date of Patent: November 10, 2015
    Assignee: Novell, Inc.
    Inventors: Stephen R Carter, Douglas Garry Earl
  • Patent number: 9184913
    Abstract: A method for authenticating a telecommunications terminal having an identity module includes: storing a first private key, a first public key and a first signature, the first signature being based on signing the first public key using a second private key; generating identity information and a second signature, the second signature being based on signing the identity information using the first private key; transmitting the first public key, the identity information, and the first and second signatures to a server device; verifying, by the server device, the authenticity of the first public key using a second public key; and verifying, by the server device, the authenticity of the identity information using the verified first public key. The identity information includes International Mobile Subscriber Identity (IMSI) information.
    Type: Grant
    Filed: August 22, 2012
    Date of Patent: November 10, 2015
    Assignee: DEUTSCHE TELEKOM AG
    Inventors: Martin Froels, Martin Tessmer
  • Patent number: 9160706
    Abstract: An addressing scheme enables mobile web-service providing devices located within private address domains to be contacted by other devices located on the same LAN segment regardless of whether or not the two devices are located in the same private IP address domain, providing a working network path can be identified directly or indirectly between the two devices. In this way, if a device-label (such as a telephone number which is associable with an addressed device) is provided by an addressing device to an addressing server, the server is able to resolve the device-label to a private address via which the addressing device can contacted. The private address is utilized by the web-browser application to seamlessly and transparently obtain a requested web-service from the addressed device using any suitable communications channel, e.g. WiFI, Bluetooth, etc, that provides a working path between the two devices.
    Type: Grant
    Filed: March 30, 2010
    Date of Patent: October 13, 2015
    Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
    Inventors: Francis J Scahill, Richard J Evenden
  • Patent number: 9148445
    Abstract: A method and system for discovering inappropriate and/or illegitimate use of Web page content, comprising: monitoring access to a first Web page by a user; comparing information from the first Web page to information from a second known legitimate Web page; and determining whether the first Web page is legitimate based on the compared information.
    Type: Grant
    Filed: May 6, 2009
    Date of Patent: September 29, 2015
    Assignee: CYVEILLANCE INC.
    Inventors: Steve Smith, Vlad Serban, Andy Walker, Greg Ogorek
  • Patent number: 9137014
    Abstract: One exemplary embodiment involves receiving a request for a document key for accessing a document on a client device. The request comprises a user identity identifying a requester requesting access to the document. The request also comprises information about the document. The exemplary embodiment further involves determining, at the server, whether access to the document by the requester is permitted. And, the exemplary embodiment further involves, if access to the document is permitted computing, at the server, the document key using the user identity and using the information about the document. The document key is document specific and, prior to the computing of the document key, the document key is not stored for access by the server. The exemplary embodiment further involves responding to the request by providing the document key for use in accessing the document on the client device.
    Type: Grant
    Filed: January 25, 2011
    Date of Patent: September 15, 2015
    Assignee: Adobe Systems Incorporated
    Inventors: Jonathan Herbach, Dharmendra Kumar
  • Patent number: 9118659
    Abstract: A method and an apparatus protect location-related messages which are transmitted from a provider to a plurality of temporally changing recipients and receiver devices in a plurality of localities in each case. The method and apparatus are distinguished by the fact that key certificates for signed messages are issued only in a location-related manner and are thus valid only in a particular defined local environment.
    Type: Grant
    Filed: February 3, 2012
    Date of Patent: August 25, 2015
    Assignee: Siemens Aktiengesellschaft
    Inventors: Klaus Lukas, Reiner Mueller, Elmar Sommer
  • Patent number: 9118699
    Abstract: Methods and apparatus related to the determination of the trustworthiness of information communicated in a message and/or the exchange of trust information are described. Various described methods and apparatus are well suited to peer to peer wireless communications in an ad-hoc network. At a given time, a communications device may have a trust relationship with a first set of devices. A first communications device determines trustworthiness of a received message from a second device, which is not a member of the first set of devices, based on information received from a third device which is a member of the first set of devices. The first communications device makes an informed decision as to whether or not to act upon the first message based upon its trustworthiness determination.
    Type: Grant
    Filed: January 26, 2009
    Date of Patent: August 25, 2015
    Assignee: QUALCOMM Incorporated
    Inventors: Wassim Michel Haddad, M. Scott Corson, Vincent D. Park
  • Patent number: 9113393
    Abstract: A system, method, and apparatus are provided for establishing a wireless network connection between a mobile terminal and an electronic apparatus by using a near field communication network. At least one electronic apparatus is connected to the near field communication network. A mobile terminal is connected to the near field communication network, exchanges information with the at least one electronic apparatus for a wireless communication network connection through the connected near field communication network, and establishes the wireless communication network connection with the at least one electronic apparatus based on the exchanged information.
    Type: Grant
    Filed: August 16, 2010
    Date of Patent: August 18, 2015
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Tae-Shik Shon, Yong-Suk Park, Soon-Seob Han, Jeong-Sik In, Bong-Wan Jun, Tae-Won Ahn, Eui-Jik Kim, Bon-Hyun Koo
  • Patent number: 9084031
    Abstract: Content license storage is provided by holding, in a temporary license store on the content consumption device, a plurality of content licenses for a plurality of content streams, wherein each content license of the plurality of content licenses includes a removal date. The method further includes for each content license of the plurality of content licenses corresponding to a content stream of the plurality of content streams which is designated for archived playback, copying the content license into an embedded license store within the content stream to form an archived content stream. The method further includes removing one or more of the plurality of content licenses held at the temporary license store if the removal date included in the content license has been reached, while leaving each content license stored within an archived content stream even if the removal date has been reached.
    Type: Grant
    Filed: December 13, 2010
    Date of Patent: July 14, 2015
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventor: Quintin S. Burns
  • Patent number: 9078128
    Abstract: A system and method for securely processing identity information. For example, in one embodiment of the invention, a first user is registered on an identity service with one or more identification (ID) codes and a token. In response to a query from a second user to connect with the first user, a query signature is generated using the one or more ID codes and token of the first and second users, and a timestamp. The query signature is usable by network services to authenticate communication between the first and second users on the network over a specified period of time. In another embodiment, user ID codes and tokens are cached on mobile devices and/or a system cache to improve performance. The validity of the cached data is determined by calculating a fingerprint which, in one embodiment, is a hash of the ID code, token and a timestamp.
    Type: Grant
    Filed: September 2, 2011
    Date of Patent: July 7, 2015
    Assignee: Apple Inc.
    Inventors: Alexander A. Medina, Andrew H. Vyrros, Darryl N. Bleau, Jeffrey T. Davey, Justin E. Santamaria, Justin N. Wood, Thomas Devanneaux
  • Publication number: 20150149783
    Abstract: A method and apparatus to securely distribute embedded firmware to a module in an industrial control system is disclosed. A security certificate corresponding to the firmware is generated utilizing a proprietary algorithm. The certificate includes an identifier corresponding to the module on which the firmware is to be loaded and an identifier corresponding to a removable medium on which the firmware is distributed. The removable medium is inserted into the module in the industrial control system on which the firmware is to be loaded. The module reads the security certificate and verifies that the firmware is intended for the module and verifies that the security certificate includes the identifier for the removable medium which was inserted into the module. If the firmware is intended for the module and the security certificate includes the identifier for the removable medium, the module loads the firmware from the removable medium.
    Type: Application
    Filed: November 26, 2013
    Publication date: May 28, 2015
    Applicant: Rockwell Automation Technologies, Inc.
    Inventors: Daniel Clark, James Kay
  • Publication number: 20150143127
    Abstract: Embodiments include method, systems, and computer program products for filtering trust services records. Embodiments include receiving a trust services record that includes a plurality of security components and that is usable to secure data that is stored in an untrusted location. It is determined whether the trust services record has been tampered with, including verifying each of the plurality of security components of the trust services record. The trust services record is filtered based on the determination of whether the trust services record has been tampered with. The filtering includes, when the trust services record is determined to have not been tampered with, allowing performance of at least one task with respect to the secured data; and, when the trust services record is determined to have been tampered with, disallowing performance of any task with respect to the secured data.
    Type: Application
    Filed: January 29, 2015
    Publication date: May 21, 2015
    Inventors: Irina Gorbach, Venkatesh Krishnan, Andrey Shur, Dmitry Denisov, Lars Kuhtz, Sumant Mehta, Marina Galata
  • Publication number: 20150134968
    Abstract: Systems and methods are provided to allow a smart phone or any terminal to activate a door lock using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes a processor and a communication module. The process has control of a door lock and is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the door lock when a current reservation certificate has been presented.
    Type: Application
    Filed: January 23, 2015
    Publication date: May 14, 2015
    Applicant: LIBERTY PLUGINS, INC.
    Inventors: Chris Outwater, William Gibbens Redmann
  • Publication number: 20150134967
    Abstract: Methods and systems for configuring a network are disclosed. An example method can comprise receiving a first token and an encryption key from a first device. A second token can be received from a second device. A determination can be made as to whether the first token matches the second token. Configuration information can be provided to the second device if the second token matches the first token. The configuration information can comprise information for connecting to a proxy configured on the first device. A request for content can be received from the proxy on behalf of the second device. The request for content can comprise the encryption key.
    Type: Application
    Filed: November 14, 2013
    Publication date: May 14, 2015
    Applicant: Comcast Cable Communications, LLC
    Inventor: Jonathan Moore
  • Patent number: 9032493
    Abstract: A three-way trust relationship is established between a mobile device, Internet-connected vehicle system, and a cloud-based service. Access rights are granted to the mobile device from the vehicle system, such that the mobile device can securely connect to, and obtain status information and/or control the Internet-connected vehicle system, through the cloud-based service.
    Type: Grant
    Filed: March 31, 2011
    Date of Patent: May 12, 2015
    Assignee: Intel Corporation
    Inventors: Victor B. Lortz, Anand P. Rangarajan, Somya Rathi, Vijay Sarathi Kesavan
  • Patent number: 9026794
    Abstract: An information processing system including a medium where a content to be played is stored; and a playing apparatus for playing a content stored in the medium; with the playing apparatus being configured to selectively activate a playing program according to a content type to be played, to obtain a device certificate correlated with the playing program from storage by executing the playing program, and to transmit the obtained device certificate to the medium; with the device certificate being a device certificate for content types in which content type information where the device certificate is available is recorded; and with the medium determining whether or not an encryption key with reading being requested from the playing apparatus is an encryption key for decrypting an encrypted content matching an available content type recorded in the device certificate, and permitting readout of the encryption key only in the case of matching.
    Type: Grant
    Filed: July 11, 2012
    Date of Patent: May 5, 2015
    Assignee: Sony Corporation
    Inventors: Kenjiro Ueda, Hiroshi Kuno, Takamichi Hayashi
  • Publication number: 20150121079
    Abstract: A distributing device for generating private information correctly even if shared information is destroyed or tampered with. A shared information distributing device for use in a system for managing private information by a secret sharing method, including: segmenting unit that segments private information into a first through an nth pieces of shared information; first distribution unit that distributes the n pieces of shared information to n holding devices on a one-to-one basis; and second distribution unit that distributes the n pieces of shared information to the n holding devices so that each holding device holds an ith piece of shared information distributed by the first distribution unit, as well as a pieces of shared information being different from the ith piece of shared information in ordinal position among n pieces of shared information, ā€œiā€ being an integer in a range from 1 to n.
    Type: Application
    Filed: November 25, 2014
    Publication date: April 30, 2015
    Inventors: Manabu MAEDA, Masao NONAKA, Yuichi FUTA, Kaoru YOKOTA, Natsume MATSUZAKI, Hiroki SHIZUYA, Masao SAKAI, Shuji ISOBE, Eisuke KOIZUMI, Shingo HASEGAWA, Masaki YOSHIDA
  • Publication number: 20150121078
    Abstract: Embodiments disclosed facilitate secure communication for cloud-based and/or distributed computing applications. In some embodiments, a method may comprise: instantiating a first Virtual Machine (VM) on a cloud infrastructure, wherein the at least one first VM is dynamically configured with a private key and a wildcard security certificate comprising a public key corresponding to the private key, and registering, with a domain name server, a domain name derived from an Internet Protocol (IP) address associated with the first VM and a Common Name associated with the wildcard security certificate.
    Type: Application
    Filed: October 25, 2013
    Publication date: April 30, 2015
    Applicant: CLIQR TECHNOLOGIES INC.
    Inventors: TIANYING FU, JAGADISH PARANJAPE
  • Patent number: 9009477
    Abstract: In various embodiments, a computerized method includes receiving electronic content to be archived. The electronic content comprises a digital signature. The method may include archiving the digital signature, by determining a validity status of the digital signature and storing the validity status in the electronic content. The method may also include archiving the electronic content after the validity status has been stored in the electronic content.
    Type: Grant
    Filed: August 20, 2013
    Date of Patent: April 14, 2015
    Assignee: Adobe Systems Incorporated
    Inventor: Sujata Das
  • Patent number: 9003191
    Abstract: An intermediary system facilitates a connection request from a client to a server. The intermediary system may participate in either or both of a token creation phase and a server connection phase. If participating in the token creation phase, the intermediary system generates a token that may later be used by the client during a server connection phase. The token includes a session identifier and is returned to the client. If participating in the server connection phase, the intermediary receives the token, which is sent from the client in conjunction with a connection request, extracts the session identifier from the token, and compares against the session identifier for the session in which the token was created. If the session identifiers match, then the intermediary connects to the server to complete the connection request for the client.
    Type: Grant
    Filed: August 8, 2014
    Date of Patent: April 7, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Dimitrios Soulios