Management Patents (Class 726/6)
-
Patent number: 8117440Abstract: Some embodiments of the present invention provide an apparatus that provides routing services between a red network and a black network. The apparatus includes a red router within the red network, a black router within the black network, and an IP encryptor having a red side IPv4-only interface and a black side interface, with the red side interface operatively coupled to the red router and the black side interface operatively coupled to the black network. The apparatus is configured to provide unified IPv6/IPv4 OSPFv3 routing over IPv4-only interfaces using cross-layer extensions.Type: GrantFiled: October 28, 2008Date of Patent: February 14, 2012Assignee: The Boeing CompanyInventors: Guangyu Pei, Phillip A. Spagnolo, Fred L. Temolin
-
Patent number: 8117647Abstract: A process is provided for enabling the generation of valid secure numbers during a given period, these secure numbers having an optimal security level, while preserving the possibility for creating additional numbers or increasing the security level in accordance with the requirements. In at least one embodiment, the method permits the generation of as many secure numbers as are required, while having a maximum security level, which reduces the risks of sending a random number allowing the assignment of entitlements or a credit. The contradictory parameters for the quantity of generated numbers and security can be corrected at any time.Type: GrantFiled: August 28, 2006Date of Patent: February 14, 2012Assignee: Nagravision S.A.Inventor: Marco Sasselli
-
Patent number: 8117648Abstract: A system for secure information storage and delivery includes a vault repository that includes a secure vault associated with a user, wherein the secure vault is associated with a service level including at least one of a data type or a data size limit associated with the secure vault, the secure vault being adapted to receive and at least one data entry and securely store the at least one data entry if the at least one of a size or a type of the at least one data entry is consistent with the service level. A mobile vault server coupled to the vault repository creates a mobile vault on a mobile device based on the secure vault and is capable of authenticating the mobile device based on user authentication information. The mobile vault server includes a mobile device handler that communicates with the mobile device.Type: GrantFiled: February 8, 2008Date of Patent: February 14, 2012Assignee: Intersections, Inc.Inventors: Jonathan Slaton, Ryan B. Johnson, Toan Tran, David Reed, Abhilash Ravindran, George K. Tsantes
-
Patent number: 8112794Abstract: A security token access device, a user device such as a computing device or communications device, and a method for managing multiple connections between multiple user devices and the access device. The access device maintains connection information, including security information, for each user device securely paired with the access device. Each time a new user device is paired with the access device, the access device transmits a notification to the user devices already paired to the user device. A user may provide instructions to the access device to terminate a pairing with one of the user devices by overwriting at least a portion of the connection information associated with the designated user device. A user device may further request a listing of all user devices currently paired with the access device.Type: GrantFiled: July 17, 2006Date of Patent: February 7, 2012Assignee: Research In Motion LimitedInventors: Herbert A. Little, Neil P. Adams
-
Patent number: 8111413Abstract: An approach is provided for securely printing policy-enabled electronic documents. According to the approach, a determination is made at a client device whether policy-enabled printing has been specified for a particular electronic document. If policy-enabled printing has been specified for the particular electronic document, then a determination is made whether a print driver, installed on the client device for supporting printing for a particular printing device, is configured to support policy-enabled printing. Also, a determination is made whether the particular printing device is currently configured to support policy-enabled printing. The particular electronic document is allowed to be processed at the client device for printing only if both the print driver is configured to support policy-enabled printing and the particular printing device is currently configured to support policy-enabled printing.Type: GrantFiled: February 9, 2009Date of Patent: February 7, 2012Assignee: Ricoh Company, Ltd.Inventors: Jayasimha Nuggehalli, Seiichi Katano, Seong Kim
-
Patent number: 8112791Abstract: Methods and apparatus include securely launching a web browser from a privileged process of a workstation to minimize enterprise vulnerabilities. The workstation includes a web browser pointed toward a web server and a Logon API for use with a password/credential. An executable file is wrapped about the browser and imposes restrictions, such as preventing the writing to a registry or installing ActiveX controls. It also has functionality to prevent users from linking to web locations in other than an https protocol or following links beyond an original host. Upon indication of a forgotten password/credential, a DLL logs onto a user account which invokes the executable file to launch the web browser in the https protocol. Upon authentication of identity, the user changes their password/credential for later logging-on to the workstation via the Logon API, but in a capacity without the limited functionality or the imposed browser restrictions.Type: GrantFiled: November 14, 2007Date of Patent: February 7, 2012Inventors: W. Scott Kiester, Cameron Mashayekhi, Karl E. Ford
-
Patent number: 8112812Abstract: In a recording medium, a device administration program for making a computer execute the following steps using a usage restriction definition file is recorded. The usage restriction definition file is capable of defining at least one administration function among a plurality of administration functions of a device and includes a device password for obtaining an authentication of the device. The steps comprises a step of reading a usage availability definition information of the administration functions and the device password from the usage restriction definition file, a step of transmitting the read device password to the device, a step of recognizing usage availabilities of a plurality of administration functions of the device based on the read definition information, and a step of executing processing for using only usage available administration function based on the recognized results.Type: GrantFiled: May 18, 2006Date of Patent: February 7, 2012Assignee: Konica Minolta Business Technologies, Inc.Inventor: Akira Murakawa
-
Patent number: 8112790Abstract: Methods and apparatus are provided for authenticating a remote service to another service on behalf of a user. A user client authorizes a remote application client to perform one or more actions with a server on behalf of the user client. The user client provides one or more keys to a remote authentication service; receives an identifier of the remote application client, where the remote authentication client is remote from the server; and notifies the remote authentication service that the remote application client is authorized to obtain a response from the remote authentication service regarding a challenge from the server, where the response is based on at least one of the one or more keys stored by the remote authentication service on behalf of the user client.Type: GrantFiled: June 30, 2005Date of Patent: February 7, 2012Assignee: Alcatel LucentInventors: Eric Henry Grosse, Victor C Zandy
-
Publication number: 20120030742Abstract: Methods and apparatus for providing an application credential for an application running on a device. In one embodiment, a method provides an application credential to an application running on a device, wherein the application credential is used by the application to authenticate to a data server. The method comprises receiving a request to generate the application credential, wherein the request includes an application identifier. The method also comprises generating the application credential using the application identifier and a master credential associated with the device.Type: ApplicationFiled: October 11, 2011Publication date: February 2, 2012Inventor: Laurence LUNDBLADE
-
Publication number: 20120030741Abstract: A method for terminal configuration and management includes: acquiring a configuration file, where the configuration file includes server account information; configuring the server account information in the acquired configuration file onto a Device Management Tree (DMT) of a terminal; based on the server account information, establishing a management session between the terminal and the server, and performing management and subsequent configuration on the terminal during the session. A corresponding terminal device and a corresponding system are also provided. Through the method, the terminal can determine, according to protocol version information supported by or corresponding to the corresponding server and carried in a configuration packet, a protocol that should be used for communication with a server, and perform configuration according to the correct protocol version, thus improving the operation efficiency.Type: ApplicationFiled: October 5, 2011Publication date: February 2, 2012Applicant: Huawei Technologies Co., LtdInventors: Xiaoqian Chai, Linyi Tian
-
Publication number: 20120030739Abstract: A method and an apparatus for securing media independent handover message transportation are provided. The method for securing media independent handover message transportation, include: performing an authentication procedure by a terminal with an access router to generate a master session key; transmitting the generated master session key and address information of the terminal to an information server by the access router; generating an information server key to be used in transmitting and receiving a message by the information server with the terminal using the received master session key and the address information of the terminal; and forming a secure channel by the terminal and the information server using the generated information server key. Since a key formed at a layer 2 is used in an MIH authentication step being a layer 3 not to repeatedly create a secure key, a security procedure may be rapidly performed.Type: ApplicationFiled: December 24, 2009Publication date: February 2, 2012Applicant: SAMSUNG ELECTRONICS CO., LTD.Inventors: Murahari Vadapalli, Jeong Jae Won, Young Seok Kim
-
Publication number: 20120030740Abstract: A method begins by a first processing module generating a dispersed storage network (DSN) authentication request frame that includes authenticating data and an authenticating code, wherein the authenticating code references a valid authenticating process. The method continues with the first processing module transmitting the DSN authentication request frame to a second processing module. The method continues with the second processing module determining whether the second processing module includes the valid authentication process referenced by the authentication code. When the second processing module includes the valid authentication process, processing, by the second processing module, the authenticating data in accordance with the valid authentication process to produce processed authenticating data.Type: ApplicationFiled: July 12, 2011Publication date: February 2, 2012Applicant: CLEVERSAFE, INC.Inventors: ANDREW BAPTIST, WESLEY LEGGETTE, JASON K. RESCH
-
Publication number: 20120030738Abstract: Digital media controller and a method for sharing media data include setting an account and a password. The method further includes when the second DMC sending input account and input password and logging on legally, searching and storing first shared media data in a first DMS into the shared folder and informing the second DMC to obtain a list of the first shared media data from the shared folder. The method further includes sending the first shared media data using a stream packet to the second DLNA network, in response that the first DLNA network receiving a request of accessing the first shared media data in the shared folder from the second DLNA network through a VPN.Type: ApplicationFiled: September 30, 2010Publication date: February 2, 2012Applicant: HON HAI PRECISION INDUSTRY CO., LTD.Inventor: HUNG-CHANG LIN
-
Patent number: 8108918Abstract: Some embodiments of zero knowledge attribute storage and retrieval have been presented. In one embodiment, the content of a piece of data is encrypted at a client machine. Further, an identifier of the piece of data is hashed at the client machine. The encrypted content and the hashed identifier may be stored in a database maintained by a server without disclosing the content of the data to the server.Type: GrantFiled: February 27, 2007Date of Patent: January 31, 2012Assignee: Red Hat, Inc.Inventor: Peter A. Rowley
-
Patent number: 8108919Abstract: Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.Type: GrantFiled: April 2, 2010Date of Patent: January 31, 2012Assignee: Salesforce.com, Inc.Inventors: Thomas Nabiel Boulos, Prasanta Kumar Behera
-
Patent number: 8108916Abstract: A system and method are disclosed for user fraud protection and prevention of access to a distributed network communication system. A first set of identification data associated with a first network access are stored. A second set of identification data associated with a second network access are stored. The first and second sets of identification data comprise a first computing device identification and a second computing device identification, respectively. If one or more fraud indicators are determined in the two sets of identification data, then the first and/or second network access may be revoked. The fraud indicators may include, e.g., use of the same username with different computing device identifications, use of the same computing device identification at different geographical locations, violation of a threshold for computing device identifications, violation of a threshold for authentication failures, and violation of a threshold for rate of network propagation by a user account.Type: GrantFiled: May 21, 2003Date of Patent: January 31, 2012Assignee: Wayport, Inc.Inventors: Ian M. Fink, James D. Keeler
-
Patent number: 8108917Abstract: There is provided a management apparatus, which comprises a transmission condition judgment unit which refers to a target digital certificate and judges whether a predetermined transmission condition is satisfied based on a period of validity written in the target digital certificate, a mail generating unit which generates an e-mail provided with link information to a web page where updating operation on the target digital certificate is acceptable if the predetermined transmission condition is judged as satisfied by the transmission condition judgment unit, a destination setting unit which sets an destination e-mail address of the e-mail generated by the mail generating unit, and a mail transmission unit which transmits the e-mail generated by the mail generating unit to the destination e-mail address set by the destination setting unit.Type: GrantFiled: December 21, 2006Date of Patent: January 31, 2012Assignee: Brother Kogyo Kabushiki KaishaInventor: Masafumi Miyazawa
-
Publication number: 20120023560Abstract: An information processing apparatus includes: a memory that stores, for each of a plurality of items that can be described in extensions included in a certificate signing request, item names and item contents with associating each of the item names with a respective one of the item contents; an acquiring unit that acquires specific information; a preparation unit that makes out a specific certificate signing request including specific extensions in which a specific item name and a specific item content are described, according to a condition for making out specific extensions which is determined in response to a user's instruction, by acquiring the specific item name and the specific item content from the memory and using the acquired specific information, specific item name and specific item content; and an output unit that outputs the specific certificate signing request to an outside.Type: ApplicationFiled: July 20, 2011Publication date: January 26, 2012Applicant: BROTHER KOGYO KABUSHIKI KAISHAInventor: Satoru YANAGI
-
Publication number: 20120023559Abstract: The invention relates to a telecommunication method having the following steps: establishing a first connection (101) between a first ID token (106) and a first computer system (136) via a second computer system (100) for reading at least one first attribute from the first ID token, generating a first soft token, wherein the first soft token comprises the at least one first attribute and a time specification, and wherein the first soft token is signed by the first computer system, sending the first soft token from the first computer system to a third computer system (150), wherein the first connection is a connection with end-to-end encryption.Type: ApplicationFiled: September 4, 2009Publication date: January 26, 2012Applicant: BUNDESDRUCKEREI GMBHInventors: Frank Dietrich, Manfred Paeschke, Robert Fiedler
-
Publication number: 20120023561Abstract: To prevent specification and tracking of a terminal across a plurality of service providers when a user uses a plurality of services. An ID authentication system according to the present invention is an ID authentication system including a terminal apparatus, a service providing apparatus, and an authentication server. A terminal apparatus 100 includes a one-time ID automatic generator 120 for generating a one-time ID, a one-time ID transmitter 130 for transmitting the one-time ID to the service providing apparatus, and a user ID transmitter 140 for transmitting to the authentication server the one-time ID and an ID to uniquely identify a user. An authentication server 200 includes an authentication information manager 220 that stores authentication information of the user used by a plurality of service providing apparatuses.Type: ApplicationFiled: March 24, 2010Publication date: January 26, 2012Inventor: Yoshinori Saida
-
Publication number: 20120023558Abstract: The present disclosure describes systems and methods of an authentication framework to implement varying authentication schemes in a configurable and extendable manner. This authentication framework provides a level of abstraction in which requirements for credential gathering and authentication workflow are independent from the agents or authentication implementation that does the credential gathering and authentication workflow. A higher level of abstraction and a more comprehensive authentication framework allows handling the associated authentication transactions of complex authentication schemes without requiring any specific understanding of their internals. For example, the requirements to gather certain credentials for a particular authentication scheme may be configured and maintained separately from the client-side authentication agent that gathers the credentials.Type: ApplicationFiled: July 21, 2010Publication date: January 26, 2012Inventor: Pierre Rafiq
-
Patent number: 8103871Abstract: Methods and apparatus for enabling a Pervasive Authentication Domain. A Pervasive Authentication Domain allows many registered Pervasive Devices to obtain authentication credentials from a single Personal Authentication Gateway and to use these credentials on behalf of users to enable additional capabilities for the devices. It provides an arrangement for a user to store credentials in one device (the Personal Authentication Gateway), and then make use of those credentials from many authorized Pervasive Devices without re-entering the credentials. It provides a convenient way for a user to share credentials among many devices, particularly when it is not convenient to enter credentials as in a smart wristwatch environment. It further provides an arrangement for disabling access to credentials to devices that appear to be far from the Personal Authentication Gateway as measured by metrics such as communications signal strengths.Type: GrantFiled: October 31, 2007Date of Patent: January 24, 2012Assignee: International Business Machines CorporationInventors: James R. Giles, Reiner Sailer
-
Patent number: 8104069Abstract: Secure interactions between administrative domains are modeled. The modeled process specifies role information for each of the administrative domains and interaction between the administrative domains. Role information associated with candidate administrative domains is received, and appropriate administrative domains from the candidate administrative domains are dynamically resolved based on the modeled process and the received role information. Trust realms between the dynamically resolved appropriate administrative domains are automatically derived based on the role information and the interactions from the modeled process. The secure interaction between the dynamically resolved appropriate administrative domains is effected through the automatically derived trust realms.Type: GrantFiled: March 19, 2008Date of Patent: January 24, 2012Assignee: SAP AGInventors: Bernhard Thurm, Ji Hu
-
Patent number: 8104075Abstract: Systems and methods are presented for facilitating the configuration of a trust management framework for use in conjunction with web services, digital rights management systems, and/or other applications. A method for configuring a trust management framework involves providing graphical user interfaces (GUIs) to a user that prompt the user to define certain aspects of the trust management framework in a self-consistent manner. In one embodiment, a method comprises providing a roles GUI that prompts a user to define roles, a services GUI that prompts the user to define services corresponding to the roles, a principals GUI that prompts the user to define principals, including associating at least one of the roles with a principal, and a nodes GUI that presents role bindings for principals that are designated to function as nodes and that prompts the user to define interactions between nodes.Type: GrantFiled: August 9, 2007Date of Patent: January 24, 2012Assignee: Intertrust Technologies Corp.Inventor: Vadim O. Spector
-
Patent number: 8099772Abstract: When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection. A secret key holding section is provided for holding different secret keys for different apparatuses.Type: GrantFiled: May 28, 2008Date of Patent: January 17, 2012Assignee: Sony CorporationInventors: Masayuki Takada, Takayasu Muto
-
Patent number: 8099767Abstract: Mechanisms for securing dynamic discovery of an enterprise computing infrastructure is provided. One implementation involves maintaining enterprise credential information in a secured trust store, receiving an access request through a secure connection for access to a remote infrastructure component, determining the type of the access request, for a root-level type access request, responding to the request via the secure connection with enterprise root credentials from the trust store, and for an unprivileged type access request, responding to the request via the secure connection with unprivileged access enterprise credentials from the trust store.Type: GrantFiled: July 1, 2008Date of Patent: January 17, 2012Assignee: International Business Machines CorporationInventors: Enrica Alberti, Luigi Pichetti, Marco Secchi, Antonio Secomandi
-
Patent number: 8099603Abstract: A cost-effective system that provides for the efficient protection of transmitted non-public attribute information may be used, for example, to control access to a secure area. Encryption of the attribute information may be performed using symmetric encryption techniques, such as XOR and/or stream cipher encryption. A centralized database that stores and transmits the encrypted attribute information may generate the encryption/decryption key based on selected information bytes, for example, as taken from a card inserted into a handheld device used at the secure area. The selected information to generate the encryption key stream may be varied on a periodic basis by the centralized database. Information as to which selected bytes are to be used for a particular access authorization request may be transmitted to the handheld unit or may be input through action of a user of the handheld unit, for example by entry of a PIN code.Type: GrantFiled: May 21, 2007Date of Patent: January 17, 2012Assignee: CoreStreet, Ltd.Inventors: Phil Libin, David Engberg
-
Patent number: 8099766Abstract: A technique efficiently transmits credentials between network elements and disk elements in a clustered storage system. According to the novel technique, in response to a user request to access data served by a data element, a network element inserts (adds) a credential associated with the user to a network element credential cache and creates a corresponding credential handle that indexes the credential in that cache. The network element relays the credential and credential handle to the disk element, which adds the credential to a corresponding disk element credential cache at a location indexed by the corresponding credential handle. Requests may then be sent between the elements using the credential handle. In addition, the network element may further send a series of chained requests to the disk element for the same credential/credential handle with an indication that the requests are for the same credential without sending the credential or credential handle.Type: GrantFiled: March 26, 2007Date of Patent: January 17, 2012Assignee: NetApp, Inc.Inventor: Peter F. Corbett
-
Publication number: 20120008769Abstract: A method for managing a distributed identity, including retrieving identification data of a user, wherein the identification data includes a username, a password, and metadata; receiving, from a general-use device, a unique physical identifier of the user; combining the unique physical identifier and the identification data to create a unique identity record of the user; encrypting at least a component of the unique identity record; creating a hash of an identifying token of the unique identity record; passing the hash of the identity token of the unique identity record to be parsed into a hierarchy; organizing the unique identity record in a distributed database of a plurality of unique identity records; and storing the unique identity record, containing the encrypted component, in the distributed database of the plurality of unique identity records.Type: ApplicationFiled: July 12, 2011Publication date: January 12, 2012Inventors: Kurt Raffiki Collins, Aaron Knoll, Jennifer Paul
-
Patent number: 8095970Abstract: Dynamically associating an attribute and an associated value to an object includes dynamically associating attribute-value sets to an object, but is not so limited. An exemplary system includes a directory component that can be configured to dynamically assign different values, for a set attributes, to an object. An exemplary directory application can be configured to select an attribute-value set for an object based in part on a group membership determination, and a precedence parameter associated with an attribute-value, set, or other grouping. Other embodiments are available.Type: GrantFiled: September 14, 2007Date of Patent: January 10, 2012Assignee: Microsoft CorporationInventors: Khushru M. Irani, William S. Jack, III, Greg Johnson, Colin Brace, Gokay K. Hurmali, Qi Cao, William James Whalen, Umit Akkus
-
Patent number: 8095969Abstract: Security assertion revocation enables a revocation granularity in a security scheme down to the level of individual assertions. In an example implementation, a security token includes multiple respective assertions that are associated with multiple respective assertion identifiers. More specifically, each individual assertion is associated with at least one individual assertion identifier.Type: GrantFiled: September 8, 2006Date of Patent: January 10, 2012Assignee: Microsoft CorporationInventors: Blair B. Dillaway, Moritz Y. Becker, Andrew D. Gordon, Cedric Fournet, Brian A. LaMacchia
-
Publication number: 20120005733Abstract: Computer-implemented system and methods for authenticating the identity of a person, for example a customer (1) of an E-Commerce web site (15). The web site or other verification “client” (110) contacts a verification engine (10, 100) (“Authentex”), which may be implemented as a web server (604). The verification engine (10), in turn, has limited access to a plurality of independent, third-party secure databases (21, 112) which are maintained by Trusted Validators (3, 610, 620, etc), which are entities such as banks that have a pre-existing relationship with customer (FIG. 4), and due to that relationship, acquire and maintain “out-of-wallet” data (4) that may be useful to authenticate the identity of the customer. That confidential customer data—held by the third-party “Trusted Validators”—is not disclosed.Type: ApplicationFiled: September 12, 2011Publication date: January 5, 2012Applicant: RAF TECHNOLOGY, INC.Inventor: David Justin Ross
-
Publication number: 20120005731Abstract: A handover method of a mobile terminal between heterogeneous networks for facilitating the handover with pre-authentication procedure is provided. A handover method between heterogeneous networks includes receiving, at a mobile terminal connected to a source network, information on at least one target authenticator of a target network from a source authenticator in response to an attach request; creating an authentication key between the mobile terminal and the target authenticator selected among the at least one target authenticator through a pre-authentication process; determining, when the mobile terminal transmits a handover request to the selected target authenticator, whether the authentication key contained in the handover request matches with the authentication key stored in the selected target authenticator; and connecting, when the authentication keys match with each other, to the target network via the selected target authenticator.Type: ApplicationFiled: December 23, 2009Publication date: January 5, 2012Applicant: SAMSUNG ELECTRONICS CO., LTD.Inventors: Peng Lei, Jeong Jae Won, Young Seok Kim
-
Publication number: 20120005734Abstract: A system for registering a password derivation pattern for deriving a password to be used in user verification includes a terminal device and a server. The terminal device is configured to display a presentation pattern, the presentation pattern including a plurality of elements, each of the plurality elements being assigned with predetermined characters, so as to cause the user to input a character assigned to a specific element with respect to the presentation pattern. The server is connected with the terminal device via a communication channel. The server is configured to repeat the process of displaying a new presentation pattern until the password derivation pattern is specified based on the character inputted by the user. The server is configured to store the specified password derivation pattern.Type: ApplicationFiled: September 15, 2011Publication date: January 5, 2012Applicant: Passlogy Company Ltd.Inventor: Hideharu OGAWA
-
Publication number: 20120005732Abstract: A person authentication system includes: an authentication server storing biometric data for matching related to an anonymous ID of a user; a biometric sensor acquiring biometric data of the user; and a terminal acquiring an anonymous ID stored in an electronic storage medium and transmitting the anonymous ID to the authentication server together with the biometric data acquired by the biometric sensor, wherein the authentication server transmits data needed for an access to personal data stored in the electronic storage medium to the terminal when there is a correspondence to a predetermined extent between the biometric data acquired by the biometric sensor and biometric data for matching related to the anonymous ID.Type: ApplicationFiled: September 12, 2011Publication date: January 5, 2012Applicant: FUJITSU LIMITEDInventor: Takashi SHINZAKI
-
Patent number: 8091121Abstract: Techniques for supporting concurrent data services with different credentials are described. A wireless communication network authenticates a user/device whenever new credentials are used. An access terminal sends first credentials via a Point-to-Point Protocol (PPP) link to a Packet Data Serving Node (PDSN) and receives an indication of successful authentication for a first data service based on the first credentials. The access terminal may receive a request for a second data service and second credentials from an internal application or a terminal device coupled to the access terminal. The access terminal then sends the second credentials via the PPP link to the PDSN while the first data service is ongoing. The access terminal receives from the PDSN an indication of successful authentication for the second data service based on the second credentials.Type: GrantFiled: December 1, 2006Date of Patent: January 3, 2012Assignee: QUALCOMM IncorporatedInventor: Marcello Lioy
-
Patent number: 8090945Abstract: A multi-factor remote user authentication card-device has innovative features that enable this one card-device itself to function and accomplish a multi-factor remote user authentication of “what you know”, “what you have”, “where you are” and “what you are”, to a network. In one embodiments of the card-device, one card-device enables two-factor authentication of “what you have” and “what you are”. In another embodiment, one card-device enables two-factor authentication of “what you know” and “what you have”. In yet another embodiment, one card-device enables three-factor authentication of “what you know”, “what you have”, and “what you are”. In yet another embodiment, one card-device enables four-factor authentication of “what you know”, “what you have”, “where you are”, and “what you are”.Type: GrantFiled: September 13, 2006Date of Patent: January 3, 2012Inventor: Tara Chand Singhal
-
Patent number: 8091122Abstract: A mobile terminal for securely communicating with a network includes a user identity module (UIM) and a user equipment module. The user equipment module includes a client application. The UIM is in operable communication with the user equipment and includes a password provisioning module (PPM), a password generating module, a response verification module (RVM) and a response generation module (RGM). The PPM is configured to store a password. The password generating module is in operable communication with the PPM and configured to generate the password. The RGM and RVM are in operable communication with both the client application and the PPM. The RGM is configured to generate an authentication response from the password in response to a request from the client application. The RVM is configured to verify a request for a server digest response and generate a verification result in response to a request from the client application.Type: GrantFiled: December 5, 2006Date of Patent: January 3, 2012Assignee: Nokia CorporationInventors: Yile Guo, Tat Chan
-
Publication number: 20110321143Abstract: Embodiments of the invention are directed to systems and methods for protecting content by automatically identifying a display surface viewable only to authorized users and displaying protected content on the identified display surface. In one example embodiment, content is displayed on a first display surface in viewable range of a first user authorized to view the content. The entrance of a second user into viewable range of the first display surface is detected, and automatically determined to be unauthorized to view the content. A second display surface in viewable range of the first user but not viewable by the second user is automatically identified in response to detecting the entrance of the second, unauthorized user into viewable range of the first display surface. The display of the content is automatically moved from the first display surface to the second display surface to prevent the content from being viewed by the unauthorized user.Type: ApplicationFiled: June 24, 2010Publication date: December 29, 2011Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Srihari V. Angaluri, Gary D. Cudak, Christopher J. Hardee, Randall C. Humes
-
Publication number: 20110321144Abstract: A communication system and method are disclosed for establishing a secure communication channel including: a server for generating and storing a first instance of a unique personalized client application associated with a first-time user on the server, a client terminal for the user to communicate with the server over a communication channel and a standalone computing device having a second instance of the unique personalized application. The user authenticates the server based on a first dynamic identifier (DI-1) generated by the first instance of the unique personalized client application and the server authenticates the user based on a second dynamic identifier (DI-2) generated by the second instance of the unique personalized client application.Type: ApplicationFiled: September 30, 2010Publication date: December 29, 2011Applicant: INFOSYS TECHNOLOGIES LIMITEDInventors: Ashutosh SAXENA, Harigopal K.B. PONNAPALLI
-
Patent number: 8087072Abstract: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. A system is provided using a common identity data store for both DIR issuance and identity token issuance, decreasing synchronization issues. Various methods are provided for creating new DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.Type: GrantFiled: September 17, 2007Date of Patent: December 27, 2011Assignee: Microsoft CorporationInventors: Vijay K. Gajjala, Colin H. Brace, Derek T. Del Conte, Kim Cameron, Arun K. Nanda, Hervey O. Wilson, Stuart L. S. Kwan, Rashmi Raj, Vijayavani Nori
-
Patent number: 8086868Abstract: Public-key cryptography is realized by means of PKI in which biometrics data, in which biological information of users is converted to numerical values, are used to authenticate users that transmit and receive data, and based on the biometrics data, identical secret keys (common secret keys) are generated in each of the user terminal devices that are used by the users without releasing the secret keys onto the network.Type: GrantFiled: May 30, 2005Date of Patent: December 27, 2011Assignee: NEC CorporationInventors: Tomoki Kubota, Seiichi Hiratsuka
-
Patent number: 8086863Abstract: Secure message transfer of at least one message from a sender to a receiver within a network system may be provided. For example, a message structure information regarding the at least one message may be computed on a sender-side and according to a pre-given scheme. The computed message structure information may be added as message account information into the at least one message to be sent. The message account information may be protected by a signature. The at least one message may be transferred through the network system to the receiver. On a receiver-side, the message account information may be validated after reception of the at least one message and according to the pre-given scheme.Type: GrantFiled: July 11, 2007Date of Patent: December 27, 2011Assignee: SAP AGInventor: Maarten Rits
-
Publication number: 20110314527Abstract: Provided are an Internet Protocol (IP)-based filtering device and method and a legitimate user identifying device and method. The IP-based filtering method includes receiving packets from terminals, determining whether the packets are transmitted based on legitimate user IPs, transmitting the packets to a web server when it is determined that the packets are transmitted based on the legitimate user IPs, and determining whether a capacity capable of processing the packets exists in the web server when it is determined that the received packets are not the packets transmitted based on the legitimate user IPs, and transmitting the packets to the web server when it is determined that the capacity exists in the web server, and blocking the packets when the capacity does not exist.Type: ApplicationFiled: May 10, 2011Publication date: December 22, 2011Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Su Yong KIM, Hyung Geun OH
-
Publication number: 20110314526Abstract: A system, method, and client registration and verification device for handling personal identification information. The client device collects from an individual, a sufficient amount of biometric information to uniquely identify the individual, as well as historical mobility information providing a history of locations where the individual has lived. A caching manager stores the collected biometric information at a selected cache node in a hierarchical database having a plurality of cache nodes at multiple levels of the database. The caching manager selects the cache node based on the historical mobility information collected from the individual. The client device sends subsequent requests to verify the identity of the individual to a local cache node where newly input biometric information is compared with the cached information.Type: ApplicationFiled: June 21, 2010Publication date: December 22, 2011Inventors: Eric Lee Valentine, Inayat Syed
-
Publication number: 20110314285Abstract: When a registration station appends an anonymous ID (AID), a linking validity of the anonymous ID and actual user ID (UID) is assured for an application businessperson in the case of applying to use a biometric authentication. Specifically, a biometric authentication service system includes a biometric authentication server, an application server, a registration station server and a client server, for holding a hash value alone of personal information (P) in the registration station server, supplying again the personal information on applying to use a template (T) for the application server, collating the hash with the previously held hash, and verifying that the user applying to use the template is identical with the user registered the biologic information in the registration station server, in addition, secret information (S) different for every user is added to the personal information to generate unique data and identify the user correctly.Type: ApplicationFiled: February 24, 2011Publication date: December 22, 2011Inventors: SHINJI HIRATA, Kenta Takahashi, Osamu Takata
-
Patent number: 8082269Abstract: An account item management system is provided, wherein account item elements are classified into first to n'th groups in order from highest to lowest levels, such that the first group encompasses the highest-level concepts, and the n'th group encompasses the lowest-level concepts, and the account item elements classified into the first to n'th groups are memorized in the system 10 chronologically from the past to the present. The system 10 is capable of constructing a hierarchically-structured accounting database based on the account item elements, such that the account item elements are systematically related to one another, and the system comprises: database generation means for generating, in real time, the hierarchically-structured accounting database as of any given point in the past or at the present; and database output means for outputting the generated hierarchically-structured accounting database in real time.Type: GrantFiled: May 23, 2006Date of Patent: December 20, 2011Assignee: Class Technology Co., Ltd.Inventor: Mikio Yotsukura
-
Patent number: 8082442Abstract: In one embodiment of this invention, a computer system performs a method for securely sharing applications installed by unprivileged users. The method involves the computer system receiving a user associated command from a user of the computer system. A previous application installation included installing an application manifest and application data objects in a shared repository and installing a user manifest and user configuration data objects in a private repository for an initial installing user. The computer system verifies that a digital signature of the application manifest corresponds to a public key of a user manifest for the associated user. The computer system verifies that an application identifier of the application manifest matches an application identifier of the user manifest. The computer system verifies that the data objects belong to the software application by comparing the application data objects to one or more data object identifiers in the application manifest.Type: GrantFiled: August 10, 2006Date of Patent: December 20, 2011Assignee: Microsoft CorporationInventors: Jonathan Keljo, Charles William Kaufman
-
Publication number: 20110307945Abstract: An active slave device for a Bluetooth system comprises a non-volatile memory unit for storing a plurality of link keys corresponding to a master device capable of switching among a plurality of operating modes, wherein the plurality of link keys correspond to the plurality of operating modes and are generated by a key pairing performed between the active slave device and the master device; and a key fishing unit for searching whether any of the plurality of link keys conforms to a qualified link key that can enable the active slave device under the current operating mode of the master device.Type: ApplicationFiled: March 11, 2011Publication date: December 15, 2011Inventor: Jia-Bin Huang
-
Patent number: 8079076Abstract: In one embodiment, an apparatus comprises logic for detecting stolen authentication cookie attacks. A first transport connection is established between a client and a gateway server, where the first transport connection is authenticated by the gateway server. A first authentication cookie is associated with a client session, between the client and the gateway server, that includes the first transport connection. A second transport connection is established at the gateway server. A request is received over the second transport connection. The request includes the first authentication cookie to associate the second transport connection with the client session. A second authentication cookie is generated for the client session and is returned over the second transport connection. Thereafter, a determination is made whether the second authentication cookie is received over the first transport connection.Type: GrantFiled: November 2, 2006Date of Patent: December 13, 2011Assignee: Cisco Technology, Inc.Inventors: Tarun Soin, Vineet Dixit, Yixin Sun