Management Patents (Class 726/6)
-
Patent number: 8335925Abstract: A method and arrangement for utilising a generally available personal data terminal as a secure and reliable authentication factor for user authentication is described. Also, a method for secure transfer of data between two parties, a user and a service provider, where the user generates a unique authentication factor adapted for user authentication (104), called a user code, and the service provider registering the user's user code as an authentication factor is disclosed. The method is useful for various security services involving a user and a service provider in electronic channels where service providers are faced with the challenges of authenticating the users of their services.Type: GrantFiled: October 3, 2006Date of Patent: December 18, 2012Assignee: Encap ASInventor: Petter Taugbøl
-
Patent number: 8336082Abstract: A method for realizing the synchronous authentication among the different authentication control devices is provided. The user accesses the network and initiates the authentication by the slave authentication control device. Then the master authentication control device obtains the authentication information of the user from the slave authentication control device and transmits it to the master authentication server of the master authentication control device. Finally, the master authentication server performs the authentication process to the user according to the authentication information of the user. Therefore the accessing user can obtain the network authority of a plurality of service providers with only one logging on in the network in which a plurality of service providers are interconnected.Type: GrantFiled: December 13, 2005Date of Patent: December 18, 2012Assignee: Huawei Technologies Co., Ltd.Inventor: Tao Jin
-
Patent number: 8336088Abstract: An alias management and value transfer claim processing system is disclosed. A sending entity initiates value transfer identifying a recipient entity using an alias that is unregistered with the system. The value transfer is authorized, but not settled until the recipient entity registers with the system and claims the value transfer. The registered alias can be used for subsequent value transfers.Type: GrantFiled: February 24, 2011Date of Patent: December 18, 2012Assignee: Visa International Service AssociationInventors: Thanigaivel Ashwin Raj, Jacob Saul Fuentes, John Tullis, Vishwanath Shastry
-
Publication number: 20120317629Abstract: In the presently preferred embodiment of the invention, every time a user submits a form the client software tries to match the submitted information with the stored profile of that user. If a match is discovered, the program tags the field of the recognized data with a corresponding type. The resulting profile can be used after that to help all subsequent users to fill the same form.Type: ApplicationFiled: August 23, 2012Publication date: December 13, 2012Inventors: Ognian Z. Topalov, Eric Hohenstein
-
Patent number: 8332952Abstract: Tools and techniques related to time window based canary solutions for browser security are provided. These tools may receive requests to generate canary values in connection with providing content maintained on server systems, and compute canary values in response to these requests. These canary values may be based on identity information associated with different users, site-specific values associated with websites accessed by these users, and representations of time windows associated with the requests.Type: GrantFiled: May 22, 2009Date of Patent: December 11, 2012Assignee: Microsoft CorporationInventors: Yun Zhang, Brian Robert Tunning
-
Patent number: 8332918Abstract: Techniques real-time adaptive password policies are presented. Patterns for passwords are regularly analyzed along with other factors associated with the patterns to dynamically determine password strength values. The strength values can change over time based on usage statistics. When a strength value falls below an acceptable threshold, passwords associated with that particular pattern can be downgraded or rejected in real-time and existing policy can be adapted to reflect the undesirability of that pattern.Type: GrantFiled: December 6, 2007Date of Patent: December 11, 2012Assignee: Novell, Inc.Inventors: Srinivas Vedula, Cameron Craig Morris, Larry Hal Henderson
-
Patent number: 8332919Abstract: [Subject] In a distributed authentication system, if a terminal including a plurality of communication devices changes a communication device to another communication device during using a service, the service under use can be used in succession, and the number of times for execution by the user can reduced. [Solving Means] An authentication-information management unit (5) registers authentication information of the user authenticated by each authentication unit (4), and allows sharing of said authentication information. A session-information management device (24) of a service providing unit (2) manages session information including a session identifier of a session established between the same and the terminal unit (3). More specifically, the service providing unit 2 performs individualized management of sessions established between the same and the terminal unit (3).Type: GrantFiled: February 14, 2007Date of Patent: December 11, 2012Assignee: NEC CorporationInventors: Hidehito Gomi, Makoto Hatakeyama, Shigeru Hosono
-
Patent number: 8332912Abstract: A server in a home domain for managing the authentication of clients that are subscribers of the home domain, but are attached to a visited domain. Based on knowledge of the type of security being used in an access network of the visited domain, the server determines whether a given client is to be authenticated by the visited domain or the home domain. The server then signals the result to the visited domain.Type: GrantFiled: January 4, 2007Date of Patent: December 11, 2012Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Mats Näslund, John Michael Walker
-
Publication number: 20120311684Abstract: Various embodiments provide systems for registering a user with one or more websites. Such systems comprise at least one processor configured to: receive an IP address for a computing device being used by the user; and after receiving the IP address: (1) obtain a location associated with the IP address; and (2) identify whether the user is in a jurisdiction that permits the user to register with a website. The systems may then receive one or more parameters obtained from the user, upon which the systems verify an age of the user; determine which of the one or more types of transaction activities the user is permitted to conduct; query one or more registration attempts over a predetermined previous time period to identify duplicate or similar parameters; and verify the user's identity based at least on one of the one or more parameters. Associated methods are also provided.Type: ApplicationFiled: May 31, 2012Publication date: December 6, 2012Applicant: UC GROUP LIMITEDInventors: Kobus Paulsen, Christopher D. Thom, Ian Hughes, Mark Holland
-
Publication number: 20120311683Abstract: Disclosed are various embodiments for facilitating network security parameter distribution and generation in a converged network incorporating multiple heterogeneous link layer networking technologies. Embodiments are provided for connecting network devices through multiple heterogeneous link layer networking technologies using a converged network password. Embodiments are provided for connecting network devices through multiple heterogeneous link layer networking technologies using a pairing event protocol, such as, for example, a push button protocol.Type: ApplicationFiled: June 28, 2011Publication date: December 6, 2012Applicant: BROADCOM CORPORATIONInventors: Philippe Klein, Avi Kliger
-
Patent number: 8327448Abstract: Methods and arrangements to persist a trusted time for a protected clock based upon a non-trusted but persistent time source are disclosed. Embodiments may comprise an embedded device, which may be hardware, software, firmware, and/or other logic, to maintain a trusted time in a protected clock. The embedded device may initialize the protected clock by obtaining a trusted time from a trusted time source such as a network server. The embedded device then maintains the trusted time in the event of a power loss to the protected clock by monitoring a time differential between the protected clock and a non-trusted system clock. Many embodiments also employ the protected clock without a battery backup to advantageously save manufacturing costs and space, while maintaining the trusted time in the event of a power loss by relying on a battery backup for the non-trusted system clock. Other embodiments are disclosed and claimed.Type: GrantFiled: June 22, 2005Date of Patent: December 4, 2012Assignee: Intel CorporationInventors: Avigdor Eldar, Omer Levy
-
Patent number: 8327131Abstract: A target machine can be verified prior to being granted access to a resource on a network by interrogating and analyzing digests of various elements of the target machine. The digests can be collected into an integrity report and provided to a Trust Scoring Service. The Trust Scoring Service receives the integrity report and compares the digests with signatures stored in a signature database. A trust score certificate can then be issued to the target machine. The Trust Scoring Service can include a Score Evaluation Server which can interact with a Kerberos Authentication Server and a Ticket Granting Server to embed a trust score within a Kerberos Ticket to enforce a richer set of access policies. The integrity of a web server can be verified and a Trust Score Certificate Logo can be displayed on a corresponding home page of a merchant. By clicking on the Trust Score Certificate Logo, a user can verify the integrity of the merchant's web servers prior to completing a transaction with the merchant.Type: GrantFiled: July 11, 2007Date of Patent: December 4, 2012Assignee: Harris CorporationInventors: Thomas Parasu Hardjono, David Maurits Bleckmann, William Wyatt Starnes, Bradley Douglas Andersen
-
Patent number: 8327417Abstract: Techniques for the remote authorization of secure operations are provided. A secure security system restricts access to a secure operation via an access key. An authorization acquisition service obtains the access key on request from the secure security system when an attempt is made to initiate the secure operation. The authorization acquisition service gains access the access key from a secure store via a secret. That is, the secret store is accessible via the secret. The secret is obtained directly or indirectly from a remote authorization principal over a network.Type: GrantFiled: August 30, 2010Date of Patent: December 4, 2012Assignee: Novell, Inc.Inventors: Stephen R Carter, Lloyd Leon Burch
-
Patent number: 8327134Abstract: A system, method and program product for checking the revocation status of a biometric reference template. The method includes creating a revocation object for a reference template generated for an individual, where the revocation object contains first plaintext data providing a location for checking revocation status of the reference template and containing ciphertext data identifying the unique reference template identifier and a hash of the reference template. The method further includes providing the revocation object to a relying party requesting revocation status and sending a request to an issuer of the reference template for checking the revocation status of the reference template, without revealing identity of the individual. The method further includes returning results of the revocation status check to the relying party. In an embodiment, a random value is added to the ciphertext data for preserving privacy of the reference template holder.Type: GrantFiled: February 12, 2009Date of Patent: December 4, 2012Assignee: International Business Machines CorporationInventor: Phillip H. Griffin
-
Patent number: 8327428Abstract: Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.Type: GrantFiled: November 30, 2006Date of Patent: December 4, 2012Assignee: Microsoft CorporationInventors: David W. Bailey, Lynn C. Ayres, Lin Huang, Yordan I Rouskov, Weiqiang Michael Guo
-
Patent number: 8327436Abstract: Architecture defining a secure virtual network of communities of two or more participants where security and business management reporting is a result of a network architecture and where participants can maintain absolute security and control over their services independent of any other participant according to implemented selection rules of the network architecture administration.Type: GrantFiled: June 27, 2006Date of Patent: December 4, 2012Inventors: William M. Randle, Randall E. Orkis
-
Patent number: 8327424Abstract: A certificate authority selection unit implements a method for selecting one of a plurality of certificate authorities servicing a plurality of administrative domains in a communication system. The method includes: receiving, from an end-entity via an interface, a certificate service request associated with an identifier; selecting, based on the identifier, one of the plurality of administrative domains in the communication system, wherein the plurality of administrative domains are serviced by a plurality of certificate authorities; retrieving a security profile for the end-entity; and selecting, based on the security profile for the end-entity, one of the plurality of certificate authorities to process the certificate service request.Type: GrantFiled: December 22, 2009Date of Patent: December 4, 2012Assignee: Motorola Solutions, Inc.Inventors: Ananth Ignaci, Adam C. Lewis, Anthony R. Metke
-
Patent number: 8327414Abstract: A method and system for managing a policy includes, in response to determining the presence of a conflict, determining a semantic equivalence between a component of a policy rule and at least one additional policy rule. The determining a semantic equivalence is performed by using a semantic reasoning algorithm that includes the steps of determining a first policy target of a first policy rule and a second policy target of a second policy rule, determining a meaning of the first policy target and a meaning of the second policy rule, assigning a confidence value based on the determined meaning of the first policy, assigning a confidence value based on the determined meaning of the second policy, performing a semantic comparison between the first policy target and the second policy target, and determining, based at least in part on the semantic comparison, the presence of a conflict between the first and second policy targets.Type: GrantFiled: June 21, 2007Date of Patent: December 4, 2012Assignee: Motorola Solutions, Inc.Inventors: John C. Strassner, Gregory W. Cox
-
Patent number: 8327152Abstract: This invention describes a system and methods for media content subscription service distribution; typical services include cable television, premium content channels, pay-per-view, XM radio, and online mp3 services. Subscribers use portable electronic devices to store digital certificates certifying the subscriber's privileges and an assigned public key. The devices can communicate with specially enabled televisions, radios, computers, or other media presentation apparatuses. These, in turn, can communicate with central databases owned by the provider, for verification purposes. Methods of the invention describe media content subscription service privilege issuing and use. The invention additionally describes methods for protecting media content transmitted to users with a variety of encryption schemes.Type: GrantFiled: August 23, 2010Date of Patent: December 4, 2012Assignee: Privaris, Inc.Inventors: David C. Russell, Barry W. Johnson, Kristen R. Olvera
-
Patent number: 8327423Abstract: A method and apparatus for distributed authorization by anonymous flexible credential are provided. Pseudonym authority issues a root pseudonym to a user. The user may generate large amount of derived pseudonym from the root pseudonym. The user may obtain resource credentials from resource protectors by using derived pseudonyms. The user may select a set of resource credentials, generate a flexible credential from this set of resource credentials and request access to the resource corresponding to the set of resource credentials to a resource protector by using the flexible credential and a derived pseudonym. Revocation list for each resource may be maintained in the system such that any one of resource credentials of any user may be revoked without affecting other resource credentials of that user.Type: GrantFiled: June 26, 2008Date of Patent: December 4, 2012Assignee: NEC (China) Co., Ltd.Inventor: Ke Zeng
-
Patent number: 8327425Abstract: A method is disclosed for establishing an agency relationship to perform delegated computing tasks. The method provides for initiation of the agency relationship, establishment of credentials to perform a delegated computing task, and performance of the delegated computing task. Benefits of establishing an agency relationship in a computing environment include improved security, efficiency, and reliability in performing delegated computing tasks.Type: GrantFiled: June 23, 2010Date of Patent: December 4, 2012Assignee: International Business Machines CorporationInventors: Colin S. Dawson, Glen Hattrup, Avishai H. Hochberg, Michael Kaczmarski, Thomas F. Ramke, Jr., James P. Smith
-
Patent number: 8327147Abstract: The present invention relates electronic receipts. There is provided a method for generating an electronic receipt in a communication system providing a public key infrastructure, the method comprising the steps of receiving by a second party a request message from a first party, the request message comprising a transaction request and a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party, electronically signing at least part of the request message with a second public key assigned to the second party to issue the electronic receipt, and providing the electronic receipt to the first party.Type: GrantFiled: August 20, 2009Date of Patent: December 4, 2012Assignee: International Business Machines CorporationInventors: Elsie van Herrewegen, Jan Camenisch
-
Patent number: 8327135Abstract: A software based wireless infrastructure system is provided. The system has a driver that communicates with the network stack and a network interface card (NIC), a station server in communication with the station driver and an 802.1X supplicant or an 802.1X authenticator. Each NIC provides station and/or access point functionality support. The driver drops packets that have been received if the packet has not been authenticated and associated. Packets that have been fragmented or encrypted are unfragmented and decrypted. An association manager is used in conjunction with a configuration table manager to associate stations and access points via management packets. A manager receives 802.1X data packets from the packet processor and sends them up to a station server that communicates with user mode applications and an 802.1X supplicant or an 802.1X authenticator that are used to authenticate and deauthenticate stations and access points. APIs are provided to enable communication between the components.Type: GrantFiled: January 23, 2007Date of Patent: December 4, 2012Assignee: Microsoft CorporationInventors: Abhishek Abhishek, Arun Ayyagari, Hui Shen, Krishna Ganugapati, Jiandong Ruan
-
Patent number: 8327151Abstract: A biometrics authentication system uses biometrics authentication media to simplify the process of issuing biometrics authentication media, and reduce issuing costs. A biometrics authentication application is downloaded from a server to a mobile communication terminal, and an area for authenticated biometrics information is created. A user brings this mobile communication terminal to a service area and causes an image of his own biometrics information to be captured, and this biometrics data and an account number are stored in a common area of the mobile communication terminal. Therefore, the mobile communication terminal has functions of an individual card storing biometrics information, and issuing of a card for use in biometrics authentication is completed.Type: GrantFiled: January 24, 2006Date of Patent: December 4, 2012Assignees: Fujitsu Limited, Fujitsu Frontech LimitedInventors: Kiyotaka Awatsu, Masanori Ohkoshi, Takahiro Kudoh
-
Publication number: 20120304263Abstract: A server generates a first ID in response to a user inputting a username on a web portal provided by the server. If the user selects a link page displayed through the web portal, the server generates a second ID and sends the first ID and the second ID to the selected link page. The server detects if the user can access the selected link page by reference to the first ID and the second ID. If the server verifies the information successfully, the link page may be entered using the portal information.Type: ApplicationFiled: April 19, 2012Publication date: November 29, 2012Applicants: HON HAI PRECISION INDUSTRY CO., LTD., Hong Fu Jin Precision Industry (ShenZhen) Co., LtdInventors: CHUNG-I LEE, HAI-HONG LIN, DE-YI XIE, SHUAI-JUN TAO, ZHI-QIANG YI, AN-SHENG LUO
-
Publication number: 20120304262Abstract: Technologies are generally described for automatically reconnecting a security principal to cloud services through correlation of security principal identifier attributes. A new security principal for a user may be detected and automatically reconnected to the user's cloud based services. An administrator for the security domains may specify a value of a unique security principal metadata attribute for the original security principal in a customizable security principal metadata attribute in the new security principal in the same or new security domain. A secondary verification metadata attribute may optionally be specified to ensure the correct security principal is reconnected to the user's cloud based resources. The correlation between the original security principal for the user and the new security principal may be used to reconnect the user's cloud resources.Type: ApplicationFiled: August 8, 2011Publication date: November 29, 2012Applicant: MICROSOFT CORPORATIONInventors: John B. Cucco, Veniamin Rybalka, Ulric Dihle, Larry Draper, Kanika Agrawal, Tony Chan, Guruprakash Rao, Ashwin Chandra
-
Publication number: 20120304264Abstract: A key protecting method includes the steps of: (a) in response to receipt of an access request, configuring a control application program module to generate a key confirmation request; (b) in response to receipt of the key confirmation request, configuring a hardware control module to generate, via the control application program module, a key input request to prompt a user for a key input; (c) upon receipt of the key input, configuring the hardware control module to determine if the key input matches a predefined key preset in the hardware control module; (d) configuring the hardware control module to enter an execution mode if it is determined in step (c) that the key input matches the predefined key; and (e) configuring the hardware control module to enter a failure mode if it is determined in step (c) that the key input does not match the predefined key.Type: ApplicationFiled: July 26, 2012Publication date: November 29, 2012Inventor: Hung-Chien CHOU
-
Patent number: 8319606Abstract: A validation module provides for the upgrading of a physical access control system (PACS) to full HSPD-12 compliance without requiring modification or replacement of the existing PACS. The validation module may contain all of the validation functionality required by federal specifications and technical requirements. The validation module may be installed between an existing PACS panel and a supported card/biometric reader. Readers may be selected based on assurance level requirements, e.g., contactless or contact readers for low and medium assurance level areas and full biometric readers for high assurance areas. The validation module may validate a card according to the assurance level setting, extract ID information from data on the card and then pass the ID information to the PACS panel for an access decision. Cardholder data captured by one validation module may be distributed to other validation modules of the PACS using a management station.Type: GrantFiled: October 29, 2009Date of Patent: November 27, 2012Assignee: CoreStreet, Ltd.Inventor: John J. McGeachie
-
Patent number: 8321918Abstract: The present invention provides an apparatus for sharing a user control enhanced digital identity that allows a user to have all controls and control the flow of identity sharing on the user basis when the user shares user's personal information. According to the present invention, a user can decrease infringement of personal information due to illegal usage of the personal information by allowing a user to control usage of user's personal information and prevent the user's personal information from being carelessly used. Further, a provider that provides the services can efficiently associate the services between providers.Type: GrantFiled: December 9, 2008Date of Patent: November 27, 2012Assignee: Electronics and Telecommunications Research InstituteInventors: Sangrae Cho, Youngseob Cho, Jonghyouk Noh, Daeseon Choi, Soohyung Kim, Seunghyun Kim, Seunghun Jin
-
Patent number: 8321955Abstract: Systems and methods utilizing the network layer and/or application layer to provide security in distributed computing systems in order to thwart denial of service attacks. The systems and methods of the present invention utilize puzzles placed at the network layer level and/or application layer level to protect against denial of service attacks. Further, the systems and methods of the present invention advantageously provide a robust and flexible solution to support puzzle issuance at arbitrary points in the network, including end hosts, firewalls, and routers and thereby a defense against denial of service attacks.Type: GrantFiled: April 22, 2008Date of Patent: November 27, 2012Inventors: Wu-chang Feng, Ed Kaiser
-
Patent number: 8321924Abstract: The present invention provides a method for protecting software based on network, which combines a client program that communicates with a server in C/S (or B/S) architecture with a key device, the client program authenticates a user using the key device for protecting software, the method includes the steps of: running the client program; authenticating the user using the key device by the client program; and continuing to run the client program with a server if the user has passed the authentication. In the prior art, the username and password are easy to intercept in transmission as plain text over network. In the method, the client program is combined with a key device. In addition, the complete client program cannot be executed without involving the server. Therefore, the strength of software protection is increased.Type: GrantFiled: September 14, 2007Date of Patent: November 27, 2012Assignee: Feitian Technologies Co., Ltd.Inventors: Zhou Lu, Huazhang Yu
-
Patent number: 8321678Abstract: A system may include a sender computing system to transmit first authentication data in association with a message, the first authentication data conforming to a first authentication mechanism, and to transmit second authentication data in association with the message, the second authentication data conforming to a second authentication mechanism. The system may also include a component to receive the first authentication data in association with the message from the sender computing system, and to receive the second authentication data in association with the message from the sender computing system.Type: GrantFiled: October 17, 2006Date of Patent: November 27, 2012Assignee: SAP AGInventors: Christoph H. Hofmann, Martijn De Boer
-
Patent number: 8321683Abstract: An electronic control device and method for operating an electric roller shutter include establishing a wireless connection between the electronic control device and an electronic device if a preset login password is input. The electronic control device provides an operation interface to the electronic device, and receives a function instruction from the electronic device if a function key on the operation interface is pressed. The electric roller shutter is operated by the electronic control device according to the received function instruction.Type: GrantFiled: August 31, 2010Date of Patent: November 27, 2012Assignee: Hon Hai Precision Industry Co., Ltd.Inventor: Ming-Yuan Hsu
-
Patent number: 8321916Abstract: An apparatus and system for enabling users to remotely manage their devices. Specifically, in one embodiment, in the event of a theft of a device or other such occurrence, a user may send a command to the device to execute a specified command. The command may include actions such as locking the device, shutting down the device, disabling logon's to the device and other such actions that may secure the device and the data on the device from unauthorized access. Upon receipt of an authorized unlock credential, the device may once again be made accessible.Type: GrantFiled: December 19, 2008Date of Patent: November 27, 2012Assignee: Intel CorporationInventors: Selim Aissi, Jasmeet Chhabra, Gyan Prakash
-
Publication number: 20120297187Abstract: A method for performing user security operations using a mobile communications device includes, storing at least one security credential for a user in the mobile communications device, receiving a request from a client computer to perform an action requiring the stored at least one security credential, wherein the request includes information regarding a service application for which the action is requested, determining a response to the request based upon at least one user configured personal security preference at the mobile communications device, and transmitting the determined response to the client computer. Corresponding system and computer program products are also described.Type: ApplicationFiled: August 4, 2011Publication date: November 22, 2012Applicant: Google Inc.Inventors: Ismail Cem PAYA, Marcel Mordechai Moti YUNG
-
Publication number: 20120297465Abstract: A user identification method and a system thereof are provided. A user device delivers a certificate packet with a user identification number to a certificate server, and receives a reply packet with a code from a password server. The user device uses the code to produce a user terminal identification code, and delivers an identification packet with the user terminal identification code to the certificate server. After having received the certificate packet, the certificate server delivers an inquiry packet with the user identification number to the password server, for the password server to inquire about the password and expiration time according to the user identification number. After having received the identification packet, the certificate server verifies the validity of the user terminal identification code and the expiration time with a database to determine whether the user is allowed to proceed to the subsequent transaction.Type: ApplicationFiled: March 29, 2012Publication date: November 22, 2012Applicant: FONESTOCK TECHNOLOGY INC.Inventor: Ching-Feng Wang
-
Patent number: 8316422Abstract: A system may include a sender computing system, an intermediary component, and a receiver computing system. The sender computing system may transmit first authentication data and second authentication data, and the intermediary component may receive the first authentication data and second authentication data from the sender computing system, perform an authentication action based on the second authentication data, and transmit the first authentication data. The receiver computing system may receive the first authentication data.Type: GrantFiled: October 17, 2006Date of Patent: November 20, 2012Assignee: SAP AGInventors: Christoph H. Hofmann, Martijn De Boer
-
Patent number: 8316230Abstract: A revocation determination service determines for a client whether a particular digital certificate as issued by a particular certificate authority (CA) has been revoked by such CA. In the service, an engine receives a query from the client, where the query identifies the particular certificate and the CA that issued the particular certificate. At least one provider is resident at the service, where each provider corresponds to a revocation information repository and represents the corresponding repository at the service, and connects to the corresponding repository. Each repository has revocation information from at least one CA. A configuration store includes a configuration information record corresponding to each provider resident at the service. Each configuration information record includes an identification of the provider and of each CA that the repository corresponding to such provider has revocation information for.Type: GrantFiled: November 14, 2005Date of Patent: November 20, 2012Assignee: Microsoft CorporationInventors: Avi Ben-Menahem, Monica I. Ene-Pietrosanu, Vishal Agarwal
-
Patent number: 8316424Abstract: A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.Type: GrantFiled: July 28, 2010Date of Patent: November 20, 2012Assignee: AT&T Intellectual Property II, L.P.Inventors: Paul Shala Henry, Zhimei Jiang, Hui Luo, Frederick Kenneth Schmidt, Jr.
-
Patent number: 8316418Abstract: Computer-implemented system and methods for authenticating the identity of a person, for example a customer (1) of an E-Commerce web site (15). The web site or other verification “client” (110) contacts a verification engine (10, 100) (“Authentex”), which may be implemented as a web server (604). The verification engine (10), in turn, has limited access to a plurality of independent, third-party secure databases (21, 112) which are maintained by Trusted Validators (3, 610, 620, etc), which are entities such as banks that have a pre-existing relationship with customer (FIG. 4), and due to that relationship, acquire and maintain “out-of-wallet” data (4) that may be useful to authenticate the identity of the customer. That confidential customer data—held by the third-party “Trusted Validators”—is not disclosed.Type: GrantFiled: September 12, 2011Date of Patent: November 20, 2012Assignee: RAF Technology, Inc.Inventor: David Justin Ross
-
Publication number: 20120291108Abstract: In some embodiments, a user has use a single universal text- or image-based secret for generating a service-provider specific identity credential, for example username plus password, for authentication is derived. A human (i.e., the user) must interpret an image to enter this universal text (or image) based secret. For example, an image based challenge is presented to the user, and a credential is obtained based on the user's response to the challenge.Type: ApplicationFiled: May 12, 2011Publication date: November 15, 2012Applicant: Konvax CorporationInventors: Maurizio Talamo, Franco Arcieri, Guido Maria Marinelli, Christian H. Schunck
-
Publication number: 20120291109Abstract: A user information utilization system includes: a user information storage means that stores user information; a temporary ID acquisition means that acquires a temporary ID for identifying the identicalness of a user between a plurality of devices or a plurality of service providers, the temporary ID being an identifier corresponding to a user of the stored user information; a user information comparing/determining means that compares legitimately-read user information of a plurality of users read in response to acquired two or more temporary IDs and a user information comparison/determination request that designates a predetermined condition that represents a desired relationship between a plurality of users represented by the two or more temporary IDs to thereby determine whether the relationship between the designated users satisfies the predetermined condition, and outputs the determination result; and a process execution means that receives the comparison/determination result for the user information andType: ApplicationFiled: December 1, 2010Publication date: November 15, 2012Applicant: NEC CorporationInventor: Takeaki Minamizawa
-
Patent number: 8312276Abstract: A network reputation system and its controlling method are provided. A credential and exchange component permits a user to generate credentials and exchange matching items with those persons having a social relationship with the user. A reputation evaluation component enables other users to make evaluations about an estimatee via the sharing of social network information. A query and response component receives a query from a person having a social relationship with the user for requesting an evaluation about the estimatee, and responds with an associated evaluation result to the person having a social relationship with the user, via the sharing of social network information and the evaluations made by the other users about the estimatee.Type: GrantFiled: March 26, 2009Date of Patent: November 13, 2012Assignee: Industrial Technology Research InstituteInventors: Shin-Yan Chiou, Shih-Ying Chang, Ghita Mezzour, Adrian Perrig, Hung-Min Sun
-
Patent number: 8312518Abstract: The present invention is directed to establishing an island of trust using credentials issued by a manufacturer or service provider and protecting the credentials by embedding them in application code.Type: GrantFiled: September 27, 2007Date of Patent: November 13, 2012Assignee: Avaya Inc.Inventors: Joel M. Ezell, Manish Gaur, Richard J. Pennenga, Andrew Zmolek
-
Patent number: 8312520Abstract: A method and system are disclosed for detecting interference with a remote visual interface, such as a HTML webpage, at a client computer, particularly to determine if a malicious attack such as at HTML attack has occurred. When the web server receives a request for a page, a script is embedded in the page, and as a consequence the client computer requests at least one session key and at least one one time password from an enterprise server. The client computer also performs a check of the HTML interface present on the client computer, which an attack of this type would change. The result of the interface check, encrypted with the session key and one time password, is sent to the enterprise server, so that a comparison with the expected value for the website can be performed.Type: GrantFiled: October 27, 2011Date of Patent: November 13, 2012Assignee: Symbiotic Technologies Pty LtdInventor: Andreas Baumhof
-
Patent number: 8310691Abstract: A printing system which is capable of preventing print restriction information from affecting the embedding of copy restriction information, thereby being capable of positively performing copy restriction on printed documents. An information processing apparatus includes a print restriction information-receiving section that acquires print restriction information for restricting use of functions concerning printing processing, a copy restriction information-acquiring section that acquires copy restriction information for restricting copying of a document printed based on print data, and a copy restriction information and print restriction information-adding section that adds the copy restriction information and print restriction information to the print data.Type: GrantFiled: May 28, 2008Date of Patent: November 13, 2012Assignee: Canon Kabushiki KaishaInventor: Yukiyoshi Hikichi
-
Patent number: 8312519Abstract: A method, system, and apparatus for agile generation of one time passcodes (OTPs) in a security environment, the security environment having a token generator comprising a token generator algorithm and a validator, the method comprising generating a OTP at the token generator according to a variance technique; wherein the variance technique is selected from a set of variance techniques, receiving the OTP at a validator, determining, at the validator, the variance technique used by the token generator to generate the OTP, and determining whether to validate the OTP based on the OTP and variance technique.Type: GrantFiled: September 30, 2010Date of Patent: November 13, 2012Inventors: Daniel V Bailey, John G. Brainard, William M. Duane, Michael J. O'Malley, Robert S. Phipott
-
Patent number: 8312540Abstract: In general, the invention is directed toward techniques for controlling access to a network or other computing resource in order to slow down the execution of a password attack while providing minimal obstruction to normal network activity. The method includes generating a history of successful network logins, detecting symptoms of a network password attack, and activating countermeasures in response to the detection. The method further includes receiving a valid login request from the user while the countermeasures are activated and analyzing the history of successful network logins to determine whether the valid login request satisfies a match condition. The method further includes granting the user access to the network when the valid login request satisfies the match condition and denying the user access to the network when the valid login request does not satisfy the match condition even though the valid login request contains a valid username and a valid password.Type: GrantFiled: August 26, 2008Date of Patent: November 13, 2012Assignee: Juniper Networks, Inc.Inventors: Clifford E. Kahn, Jeffrey C. Venable, Sr., Roger A. Chickering
-
Patent number: 8312508Abstract: In an information processing apparatus for generating an operation permission specifying an application subject for a permission determination of an operation based on a subject of the operation, a resource to be a subject for the operation, and a type of the operation, an operation permission managing part manages the operation permission, and an operation permission generating part generates the operation permission for each combination of one or more categories of the subject, one or more categories of the resource, and one or more types of the operation, which are indicated as the application subject of the operation permission in a generation request, in response to the generation request of the operation permission, and a duplication detecting part detects a duplication of the application subject with an existing operation permission registered in the operation permission data managing part, with respect to the operation permission for each combination.Type: GrantFiled: April 22, 2005Date of Patent: November 13, 2012Assignee: Ricoh Company, Ltd.Inventor: Jun Ebata
-
Patent number: 8312530Abstract: According to one embodiment of the present invention, there is provided a method for providing security in a network environment that includes receiving a flow that propagates through an access gateway. The flow is initiated by an end user associated with the flow and propagates through a network. The method also includes receiving accounting information indicative of the termination of the flow. In response, tearing down of the communication associated with the flow is initiated.Type: GrantFiled: May 24, 2006Date of Patent: November 13, 2012Assignee: Cisco Technology, Inc.Inventors: Hien T. Thai, Kevin D. Shatzkamer, Andrew G. Gasson, Laurent Andriantsiferana, Eric Hamel, Jayaraman R. Iyer