Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Revocation or expiration

Subclass of:

713 - Electrical computers and digital processing systems: support

713150000 - MULTIPLE COMPUTER COMMUNICATION USING CRYPTOGRAPHY

713155000 - Central trusted authority provides computer authentication

713156000 - By certificate

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20130031363GENERATING A CRL USING A SUB-SYSTEM HAVING RESOURCES SEPARATE FROM A MAIN CERTIFICATE AUTHORITY SUB-SYSTEM - A server computing system initiates a first sub-system to generate a certificate revocation list (CRL) using resources that are separate from resources of a second sub-system that performs certificate authority (CA) management functions other than generating a CRL. The first sub-system receives a command from the second sub-system to update revocation data in a cache that is coupled to the first sub-system and generates a CRL using the updated revocation data in the cache. The first sub-system provides the CRL to the second sub-system.01-31-2013
20100088508METHOD FOR PROTECTING CONTENT - Disclosed are a method of protecting content and a method of processing information. The method of protecting content can include service related information including revocation application information of content from the outside by employing a content management and protection system, and apply or not apply a content revocation process on the content according to the re- vocation application information. Accordingly, whether to apply a content revocation process can be controlled according to revocation application information.04-08-2010
20110191581METHOD AND SYSTEM FOR USE IN MANAGING VEHICLE DIGITAL CERTIFICATES - A system and method is provided for managing digital certificates, the system including one or more a certificate authorities and a vehicle-bound digital certificate manager, the apparatus comprising: a mobile client having a wireless transceiver with internet protocol capabilities and a vehicle communication device; the client further including at least one processor and at least one non-transitory computer readable medium encoded with instructions, which when loaded on the at least one computer, establishes processes for information handling, comprising: establishing secure communications with a certificate authority to receive at least one of a Vehicle Identification Digital Certificate (“VIDC”), an Anonymous Vehicle digital Certificate (“AVDC”), and a Certificate Revocation Lists (“CRLs”); storage management of at least one of the VIDC, AVDCs, and CRLs; and forwarding of at least one of the VIDC, AVDCs, and CRLs received from the certificate authority to the digital certificate manager using the vehicle communication device.08-04-2011
20120246470INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING SYSTEM, SOFTWARE ROUTINE EXECUTION METHOD, AND REMOTE ATTESTATION METHOD - Techniques for protecting memory locations within a stakeholder's engine according to the Multi-Stakeholder Model, and a protocol for remote attestation to a device supporting the Multi-Stakeholder Model that provides extra evidence of the identity of the three actors.09-27-2012
20100077208CERTIFICATE BASED AUTHENTICATION FOR ONLINE SERVICES - In one embodiment, a client computer system receives user credentials from a computer user. The client computer system formulates a system identifier that uniquely identifies the system, and sends the received user credentials with the system identifier to an authentication service running on a datacenter server. The authentication service is configured to authenticate the user credentials and generate an authentication certificate based on the user credentials and the system identifier. The client computer system receives the generated authentication certificate from the authentication service and stores the received authentication certificate. The computer system receives an authentication request to authenticate the user subsequent to storing the certificate and, in response to the authentication request, automatically sends the stored authentication certificate to indicate to the datacenter server that the user is authorized to access the datacenter-provided information, without prompting the user to provide user credentials for authentication.03-25-2010
20130080771APPARATUS AND METHOD FOR DIRECT ANONYMOUS ATTESTATION FROM BILINEAR MAPS - A method and apparatus for direct anonymous attestation from bilinear maps. In one embodiment, the method includes the creation of a public/private key pair for a trusted membership group defined by an issuer; and assigning a unique secret signature key to at least one member device of the trusted membership group defined by the issuer. In one embodiment, using the assigned signature key, a member may assign a message received as an authentication request to prove membership within a trusted membership group. In one embodiment, a group digital signature of the member is verified using a public key of the trusted membership group. Accordingly, a verifier of the digital signature is able to authenticate that the member is an actual member of the trusted membership group without requiring of the disclosure of a unique identification information of the member or a private member key to maintain anonymity of trusted member devices. Other embodiments are described and claimed.03-28-2013
20130036303PRIVATE CERTIFICATE VALIDATION METHOD AND APPARATUS - Methods and apparatuses for validating the status of digital certificates include a relying party receiving at least one digital certificate and determining if the at least one digital certificate is to be validated against a private certificate status database. The relying party accesses the private certificate status database and cryptographically validates the authenticity of data in the private certificate status database. The relying party also validates the at least one digital certificate based on information in at least one of the private certificate status database and a public certificate status database.02-07-2013
20100332826Memory Device and Method for Updating a Security Module - A memory device and method for updating a security module are disclosed. In one embodiment, a memory device is provided comprising a memory operative to store content and a controller in communication with the memory. The controller is configured to send an identification of the memory device's security module to a host and receive an identification of the host's security module. If the memory device's security module is out-of-date with respect to the host's security module, the memory device receives a security module update from the host. If the host's security module is out-of-date with respect to the memory device's security module, the memory device sends a security module update to the host.12-30-2010
20100106968CONTENT DISTRIBUTION STORAGE SYSTEM, METHOD FOR OBTAINING CONTENT, NODE DEVICE, AND COMPUTER READABLE MEDIUM - A content distribution storage system includes: a first transmission unit configured to transmit a special content including certificate revocation list information indicating a list of at least an invalid electronic certificate to a first node group; a second transmission unit configured to transmit identification information for identifying the special content to a second node group; and a first node device. The first node device includes: a certificate obtaining unit configured to obtain the electronic certificate; an identification information obtaining unit configured, based on the obtained electronic certificate, to obtain the identification information of the special content comprising the certificate revocation list information corresponding to the obtained electronic certificate obtained; and a special content obtaining unit configured to obtain the special content from at least one node device of the first node group which stores the special content associated with the obtained identification information.04-29-2010
20100106967METHOD AND ARRANGEMENT FOR PROVISIONING AND MANAGING A DEVICE - A system, method, and owner node for securely changing a mobile device from an old owner to a new owner, or from an old operator network to a new operator network. The old owner initiates the change of owner or operator. The old owner or operator then commands the mobile device to change a currently active first key to a second key. The second key is then transferred to the new owner or operator. The new owner or operator then commands the mobile device to change the second key to a third key for use between the mobile device and the new owner or operator. Upon completion of the change, the new owner or operator does not know the first key in use before the change, and the old owner does not know the third key in use after the change.04-29-2010
20130061043METHOD OF VALIDATION PUBLIC KEY CERTIFICATE AND VALIDATION SERVER - In response to a validation request that includes second information identifying the certificate authority, key information of the certificate authority at issuance of the public key certificate, and information identifying the public key certificate, if the second information identifying the certificate authority included in the validation request corresponds to the first information identifying the certificate authority included in the authority certificate, and the information identifying the public key certificate included in the validation request does not exist in the revocation information, the validation server creates a validation result indicating that the public key certificate corresponding to the information identifying the public key certificate included in the validation request is valid.03-07-2013
20090031127Methods and systems for proofing identities using a certificate authority - A digital certificate is provided to a customer having an electronic account linked to the customer's physical address. Using the digital certificate, the customer performs electronic transactions with a third party. A proofing workstation receives a request from a third party to validate the digital certificate. The proofing workstation communicates with a proofing server that maintains a list of valid certificates and a list of revoked certificates. The proofing server sends a response to the proofing workstation, where it is received by the third party.01-29-2009
20130067221MASTER KEY TRUST GRANTS AND REVOCATIONS FOR MINOR KEYS - A method and apparatus is provided that allows code signed by a master key to grant trust to an arbitrary second key, and also allows code, referred to as an antidote and also signed by the master key to revoke permanently the trust given to the second key.03-14-2013
20090235071CERTIFICATE ASSIGNMENT STRATEGIES FOR EFFICIENT OPERATION OF THE PKI-BASED SECURITY ARCHITECTURE IN A VEHICULAR NETWORK - A system and method for assigning certificates and reducing the size of the certificate revocation lists in a PKI based architecture for a vehicle wireless communications system that includes separating a country, or other area, into geographic regions and assigning region-specific certificates to the vehicles. Therefore, a vehicle need only process certificates and certificate revocation lists for the particular region that it is traveling in. Vehicles can be assigned multiple certificates corresponding to more than one region in the vehicles vicinity as advance preparation for possible travel or transmission into nearby regions. Further, the expiration time of certificates assigned to vehicles corresponding to a given geographic region can be tailored to be inversely proportional to the distance from a registered home region of the vehicle. A scalable design for a back-end certifying authority with region-based certificates can also be provided.09-17-2009
20080294891Method for Authenticating a Mobile Node in a Communication Network - A method for authenticating a mobile node (11-27-2008
20110302411METHOD AND SYSTEM FOR UPDATING AND USING DIGITAL CERTIFICATES - A method and system for updating and using a digital certificate, and the method comprises: a first terminal establishing a secure link with an access point and using the secure link to send a certificate updating request to the access point, where the certificate updating request includes a digital certificate to be updated which is currently used by the first terminal; and the access point sending the digital certificate to be updated to a local Authentication Service Unit which issues the certificate to be updated; and the local Authentication Service Unit which issues the digital certificate to be updated verifying the digital certificate to be updated, and after the digital certificate is verified to be valid, a local Authentication Service Unit corresponding to the access point generating a new digital certificate of the first terminal and sending the new digital certificate to the first terminal through the access point.12-08-2011
20110219227AUTOMATED CERTIFICATE MANAGEMENT - A certificate management system provides automated management of certificate lifecycles and certificate distribution. Rather than depend upon an administrator to manually distribute and manage certificates, the system self-generates certificates, distributes the certificates to appropriate servers or other parties, and transitions from old certificates to new certificates in a well-defined manner that avoids breaking functionality. After generating one or more certificates, the system securely shares certificates in a way that parties that use them can find the new certificates without an administrator manually distributing the certificates. When it is time to update certificates, the system generates new certificates and shares the new certificates in a similar way. During a transition period, the system provides a protocol by which both old and new certificates can be used to perform authenticated access to resources, so that the transition from an old to a new certificate does not break services.09-08-2011
20090138704Cryptographic method with integrated encryption and revocation, system, device and programs for implementing this method - A first entity (05-28-2009
20100275015ANONYMOUS REGISTER SYSTEM AND METHOD THEREOF - A uniform certificate revocation list managing apparatus is provided for managing canceled register information of all believable groups in a believable anonymous register system. Canceled register information includes canceled member information of each believable group, list information of unbelievable groups, and list information of unbelievable register service institutions. The uniform certificate revocation list managing apparatus interacts with each believable group and each register system, so as to update a certificate revocation list of each believable group in real time.10-28-2010
20110264911MEMORY DEVICE, HOST DEVICE, AND MEMORY SYSTEM - A memory device includes: a storage section configured to store public key information of a certificate authority for verifying a certificate and revocation information for revoking illegal devices and to include a secret area for storing data of which the confidentiality is to be guaranteed; and a control section configured to have a function of communicating with an external device and to control access to the secret area of the storage section at least in accordance with the revocation information.10-27-2011
20100122081METHOD OF VALIDATION PUBLIC KEY CERTIFICATE AND VALIDATION SERVER - In response to a validation request that includes second information identifying the certificate authority, key information of the certificate authority at issuance of the public key certificate, and information identifying the public key certificate, if the second information identifying the certificate authority included in the validation request corresponds to the first information identifying the certificate authority included in the authority certificate, and the information identifying the public key certificate included in the validation request does not exist in the revocation information, the validation server creates a validation result indicating that the public key certificate corresponding to the information identifying the public key certificate included in the validation request is valid.05-13-2010
20100005292METHOD AND APPARATUS FOR EFFICIENT CERTIFICATE REVOCATION - Revocation of digital certificates in a public-key infrastructure is disclosed, particularly in the case when a certificate might need to be revoked prior to its expirations. For example, if an employee was terminated or switched roles, his current certificate should no longer be valid. Accordingly, novel methods, components and systems are presented for addressing this problem. A solution set forth herein is based on the construction of grounded dense hash trees. In addition, the grounded dense hash tree approach also provides a time-communication tradeoff compared to the basic chain-based version of NOVOMODO, and this tradeoff yields a direct improvement in computation time in practical situations.01-07-2010
20100082977SIP Signaling Without Constant Re-Authentication - A proxy server causes an authentication authority to authenticate a client in response to a first Session Initiation Protocol (SIP) request of the client on a connection. It does not cause the client to be authenticated in response subsequent requests on the connection as long as the underlying connection is not broken, the subsequent requests are on behalf of the same client, the client has not been removed from the system, the client's password has not changed, a “safety net” timer has not expired, or any other policy that the server chooses to enforce. This eliminates the overhead of constant re-authentication in response to each SIP request.04-01-2010
20090150666INFORMATION PROCESSING APPARATUS AND LICENSE DISTRIBUTION SYSTEM - There are provided an information processing apparatus and a license distribution system including the information processing apparatus in which the reproduction or duplication of a content can be limited to the interior of a domain and a benefit based on the fact that an external device has participated in the domain can be made available at the time of reissuing a license.06-11-2009
20100146265Method, apparatus and system for employing a secure content protection system - A method, apparatus and system for employing a secure content protection system is disclosed. In one embodiment, a certificate having a unique device identification associated with a first device is received, and, at a second device, a revocation list having unauthorized device identifications is received. The unique device identification is incrementally compared with the unauthorized device identifications of the revocation list, and media content is transmitted from the second device to the first device, if the unique device identification is not matched with the unauthorized device identifications of the revocation list.06-10-2010
20080244264PUBLIC KEY CERTIFICATE VALIDATION SYSTEM - To validate a certificate of a service provider apparatus, a service receiving apparatus determines a certificate validation method on based on a combination of the performance of the service receiving apparatus, the performance of a CRL repository apparatus, the performance of a certificate validation apparatus, and the performance of a network, and performs validation of a certificate by the determined method. Furthermore, to validate a certificate of a service provider apparatus, a service receiving apparatus requests a method selection apparatus to validate the certificate, and the method selection apparatus determines a certificate validation method based on a combination of the performance of the method selection apparatus, the performance of the CRL repository apparatus, the performance of the certificate validation apparatus and the performance of the network, validates the certificate by the determined method, and notifies a validation result to the service receiving apparatus.10-02-2008
20090265547REVOCATION OF CRYPTOGRAPHIC DIGITAL CERTIFICATES - Different targets (c10-22-2009
20080244263Certificate management system - A system and method for generating and storing a large number of public key certificates that enables a revocation status to be determined while providing a smaller amount of storage than is typically required.10-02-2008
20080270790APPARATUS AND METHOD FOR ENHANCED REVOCATION OF DIRECT PROOF AND DIRECT ANONYMOUS ATTESTATION - In some embodiments, a method and apparatus for enhanced revocation of direct proof and direct anonymous attestation are described. In one embodiment a trusted hardware device verifies that membership of the device within a trusted membership group is not revoked according to a revocation list received with a challenge request from a verifier. Once such verification is performed, the device convinces the verifier of possessing cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. In one embodiment, the trusted hardware device computes a digital signature on a message received with the challenge request to the verifier if membership of the anonymous hardware device within a trusted membership group is verified. In one embodiment, the verifier authenticates the digital signature according to a public key of the trusted membership group to enable a trusted member device to remain anonymous to the verifier. Other embodiments are described and claimed.10-30-2008
20100138652CONTENT CONTROL METHOD USING CERTIFICATE REVOCATION LISTS - Host devices present both the host certificate and the pertinent certificate revocation lists to the memory device for authentication so that the memory device need not obtain the list on its own. Processing of the certificate revocation list and searching for the certificate identification may be performed concurrently by the memory device. The certificate revocation lists for authenticating host devices to memory devices may be stored in an unsecured area of the memory device for convenience of users.06-03-2010
20120036353TAG GENERATION METHOD IN BROADCAST ENCRYPTION SYSTEM - A tag generation method for generating tags used in data packets in a broadcast encryption system is provided. The method includes detecting at least one revoked leaf node; setting a node identification (node ID) assigned to at least one node among nodes assigned node IDs at a layer 0 and to which the at least one revoked leaf node is subordinate, to a node path identification (NPID) of the at least one revoked leaf node at the layer 0; generating a tag list in the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at the layer 0 in order of increment of node IDs of the corresponding at least one revoked leaf nodes; and generating a tag list in a lowest layer by repeatedly performing the setting and generation operation down to the lowest layer.02-09-2012
20120072721Certificate Revocation - A communication system includes a plurality of nodes, the communication system being arranged to assign each of the plurality of nodes a certificate by means of which it can authenticate itself to other nodes in the communication system. The communication system further includes an authentication node arranged to determine that a certificate should be revoked and to, responsive to that determination, write an indicator of that certificate's revocation to a location in the communication system that is external to the authentication node and to which the node assigned the revoked certificate is not permitted to write.03-22-2012
20110213967PRE-ENCODING A CACHED CERTIFICATE REVOCATION LIST - A method and system for pre-encoding a cached CRL is described.09-01-2011
20090164776REVOCATION STATUS CHECKING FOR DIGITAL RIGHTS MANAGMENT - In accordance with an embodiment, a method, apparatus or tangible computer medium (which stores computer executable code or program code) performs or facilitates: maintaining information identifying a plurality of devices with which interaction has occurred; transmitting the information identifying the plurality of devices to a remote trusted party; receiving from the trusted party status information pertaining to a trustworthiness of the identified devices based on the transmitted information; and controlling subsequent interaction relating to transfer or exchange of access rights for electronic content with one or more devices based on the received status information corresponding to the one or more devices.06-25-2009
20110145569METHOD AND SYSTEM FOR PROVISIONING MULTIPLE DIGITAL CERTIFICATES - A method of provisioning a first digital certificate and a second digital certificate based on an existing digital certificate includes receiving information related to the existing digital certificate. The existing digital certificate includes a first name listed in a Subject field and a second name listed in a SubjectAltName extension. The method also includes receiving an indication from a user to split the existing digital certificate and extracting the first name from the Subject field and the second name from the SubjectAltName extension of the existing digital certificate. The method further includes extracting the public key from the existing digital certificate, provisioning the first digital certificate with the first name listed in a Subject field of the first digital certificate and the public key, and provisioning the second digital certificate with the second name listed in a Subject field of the second digital certificate and the public key.06-16-2011
20110225420MODULE SIGNING FOR UNPRIVILEGED USERS TO CREATE AND LOAD TRUSTWORTHY KERNEL MODULES - A module building system, hosted by a server, receives a user script to be run to monitor software on a client using an introspection tool. The server adds safety constraints to the user script and generates a client kernel module using the user script which includes the safety constraints. The server signs the client kernel module and sends the signed client kernel module to the client. The signed client kernel module allows a user to use the introspection tool to load and execute the client module on the client for monitoring the software on the client.09-15-2011
20080263354AUTHENTICATION OF DATA TRANSMITTED IN A DIGITAL TRANSMISSION SYSTEM - A method of authenticating data transmitted in a digital transmission system, in which the method comprises the steps, prior to transmission, of determining at least two encrypted values for at least some of the data, each encrypted value being determined using a key of a respective encryption algorithm, and outputting said at least two encrypted values with said data.10-23-2008
20090113206Revocation List Improvement - A method for enforcing use of certificate revocation lists in validating certificates, the lists being associated with a series of list generation indices such that each list is assigned one index which advances according to a time of generation of the list, the lists and the indices being cryptographically signed, the method including receiving one of the lists and an associated index as an identifier of the one list, checking the certificates against the list, associating each of the certificates, which have been checked against the list, with the index, receiving an enforcement generation index (EGI) associated with a latest list in use, storing the EGI as a last known EGI, and refusing performance of an action associated with a certificate if the one index of the one certificate is earlier in the series than the last known EGI. Related apparatus and methods are also included.04-30-2009
20090249062METHOD AND APPARATUS FOR DISTRIBUTING CERTIFICATE REVOCATION LISTS (CRLs) TO NODES IN AN AD HOC NETWORK - A method and apparatus for distributing Certificate Revocation List (CRL) information in an ad hoc network are provided. Ad hoc nodes in an ad hoc network can each transmit one or more certificate revocation list advertisement message(s) (CRLAM(s)). Each CRLAM includes an issuer certification authority (CA) field that identifies a certification authority (CA) that issued a particular certificate revocation list (CRL), a certificate revocation list (CRL) sequence number field that specifies a number that specifies the version of the particular certificate revocation list (CRL) that was issued by the issuer certification authority (CA). Nodes that receive the CRLAMs can then use the CRL information provided in the CRLAM to determine whether to retrieve the particular certificate revocation list (CRL).10-01-2009
20090210704SYSTEM AND METHOD FOR WITHDRAWING RIGHTS OBJECT OF THE DIGITAL CONTENTS - A system in which a source device can withdraw a Rights Object (RO) that a source device requested a target device to move through a Rights Issuer (RI) and operation method thereof are provided. The method includes transmitting a rights object withdrawal request message to a rights issuing server by a device, transmitting a rights object withdrawal response message to the device by the rights issuing server in response to the rights object withdrawal request message, and withdrawing and installing a corresponding rights object when receiving the rights object withdrawal response message by the device.08-20-2009
20090210705Revocation for direct anonymous attestation - Direct Anonymous Attestation involves a Signer using a credential supplied by an Issuer to anonymously prove to a Verifier, on the basis of a public key of the Issuer, the Issuer's attestation to the Signer's membership of a particular group. To facilitate membership revocation, the Issuer updates the public key at intervals, and also effects a complementary updating to the Signer's credential unless the Signer has ceased to be a legitimate group member. A non-updated credential is inadequate to enable the Signer to prove its Issuer attested group membership to a Verifier on the basis of the updated Issuer public key.08-20-2009
20080307223APPARATUS AND METHOD FOR ISSUER BASED REVOCATION OF DIRECT PROOF AND DIRECT ANONYMOUS ATTESTATION - In some embodiments, a method and apparatus for issuer based revocation of direct proof and direct anonymous attestation are described. In one embodiment, a trusted hardware device convinces a verifier that the trusted hardware device possesses cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. Once the verifier is convinced that the hardware device possesses the cryptographic information, the verifier may issue a denial of revocation request to the trusted hardware device, including a base value B12-11-2008
20100153713Systems and methods for detecting exposure of private keys - A system and method can include comparing entities associated with public certificates and private keys in a keystore to detect compromised private keys. This increases security of systems implementing public key cryptography over a network. The comparison can be triggered by a trigger event in one embodiment. If a private key belonging to a certificate authority is detected, a notification can be generated. Alternatively or in addition, a revocation request can be generated for public certificates corresponding to the compromised private key.06-17-2010
20120246469MASTER KEY TRUST GRANTS AND REVOCATIONS FOR MINOR KEYS - A method and apparatus is provided that allows code signed by a master key to grant trust to an arbitrary second key, and also allows code, referred to as an antidote and also signed by the master key to revoke permanently the trust given to the second key.09-27-2012
20100161972DEVICE AND METHOD FOR KEY BLOCK BASED AUTHENTICATION - The invention relates to a device (06-24-2010
20120036354Wireless communication system, terminal, method for reporting status of terminal, and progam - A wireless communication system includes a plurality of terminals connected to at least one wireless network on the basis of authority of security configuration parameters shared by the plurality of terminals. Each of the plurality of terminals revokes security configuration parameters of the terminal itself or security configuration parameters of another terminal in accordance with an agreement with said another terminal.02-09-2012
20100250922METHOD AND SYSTEM FOR PROPAGATING TRUST IN AN AD HOC WIRELESS COMMUNICATION NETWORK - A method and system enable robust and scalable propagation of trust between a first organization and a second organization, both operating in an ad hoc wireless communication network. The method includes establishing at a first member node of the first organization pair-wise trust with a first member node of the second organization using a predetermined inter-organizational trust establishment device (step 09-30-2010
20100235628System and Method for Accessing Keys for Secure Messaging - Methods and systems for handling on an electronic device a secure message to be sent to a recipient. Data is accessed about a security key associated with the recipient. The received data is used to perform a validity check related to sending a secure message to the recipient. The validity check may uncover an issue that exists with sending a secure message to the recipient. A reason is determined for the validity check issue and is provided to the mobile device's user.09-16-2010
20100049971Apparatus and Method for Using Secure Removable Media (SRM) in Digital Rights Management - An apparatus and a method for using a Secure Removable Media (SRM) in Digital Rights Management (DRM) are provided. The method for using the SRM in Digital Rights Management (DRM) includes determining, at a plurality of content service providers, an SRM usage rule and providing the determination to a trust authority using an eXtensible Markup Language (XML); receiving messages comprising the SRM usage rule from the content service providers and sending the messages to an apparatus together with an electronic signature; and receiving the messages comprising the SRM usage rule and changing an operation of the apparatus according to requirements of at least one content service provider. Thus, various content business models can be realized.02-25-2010
20090259843REVOCATION OF CRYPTOGRAPHIC DIGITAL CERTIFICATES - Different targets (c10-15-2009
20090287924REVOCATION OF CRYPTOGRAPHIC DIGITAL CERTIFICATES - Different targets (c11-19-2009
20090319784DYNAMIC VERIFICATION VALUE SYSTEM AND METHOD - A method for forming a dynamic verification value. The method includes altering a first data string to form a second data string, and forming a first dynamic verification value using at least a portion of the second data string. The first dynamic verification value is used to authenticate a portable consumer device in a first transaction. The second data string is used to form a third data string. A second dynamic verification value is formed using at least a portion of the third data string. The second dynamic verification value is used to authenticate the portable consumer device in a second transaction.12-24-2009
20090177881Proactive forced renewal of content protection implementations - A system for proactive forced renewal of content protection implementations in devices includes a key generation facility to generate and allocate keys for the devices, and to generate revocation data corresponding to revoked keys in response to at least one of a security compromise and on a periodic basis independent of a security compromise; and a device manufacturer to receive the keys from the key generation facility, to embed the keys in content protection implementations for the devices, to distribute the devices, and to renew the content protection implementations in devices after the devices are distributed, in response to at least one of a security compromise and on a periodic basis independent of a security compromise.07-09-2009
20090037729AUTHENTICATION FACTORS WITH PUBLIC-KEY INFRASTRUCTURE - A user access control system comprising a workstation coupled to a computer network and operable to receive a request for an authenticated access to the computer network, and to prompt for and receive one or more credentials associated with the request, a gating authentication server coupled to the computer network and operable to receive the one or more credentials and to provide as a gating factor an authenticated credential, and a public key infrastructure server coupled to the computer network and operable to generate private/public key pairs associated with the authenticated credential, wherein the private/public key pairs are either generated after a request for access to the computer system has been received at the workstation and the gating authentication server has authenticated the one or more credentials provided through the workstation, or the private/public key pairs are retrieved from a previously generated virtual smart card based on the authentication credential.02-05-2009
20130132718System And Method For Long-Term Digital Signature Verification Utilizing Light Weight Digital Signatures - Various embodiments of a system and method for long-term digital signature verification utilizing light weight digital signatures are described. Embodiments may include a verifying entity system that receives digitally signed data including a portion of data, signing time, and digital signature. The verifying entity system may receive a digital certificate that includes information for verifying the digital signature and an expiration time for the certificate. The verifying entity system may receive CRL that persists revocation information corresponding to ones of the revoked digital certificates that have already expired. The verifying entity system may utilize the CRL to determine that the digital signature is valid subsequent to its expiration time. The verifying entity system may evaluate the CRL to determine that the digital certificate was not revoked at the signing time. The verifying entity system may determine the digital signature is a valid digital signature and generate a corresponding result.05-23-2013
20100318790CARD MANAGEMENT DEVICE AND CARD MANAGEMENT SYSTEM - A card management device includes: a card device configured to include a controller on which a cryptographic IP is mounted in advance; and an individual information writing device configured to allow the card device to be connected to the individual information writing device in such a way that the card device is capable of data transfer to the individual information writing device, individual information assigned to the card device in advance being set in the individual information writing device, the individual information writing device being capable of writing the individual information to the card device connected to the individual information writing device.12-16-2010
20100313014DOWNLOADABLE SECURITY BASED ON CERTIFICATE STATUS - A conditional access system (CAS) computer in a downloadable CAS receives a downloadable management certificate (DMC) and determines, using the DMC, security information including a DMC key size and an expiration time of a DMC subordinate certificate authority (sub-CA) certificate, for the client device. The CAS computer then determines whether the DMC is valid based on the expiration time of the DMC sub-CA certificate. If the DMC is determined to be valid, the CAS server sends a cryptographic identity for the client device and a CAS client to the client device protected using the DMC. At a later time, if the DMC key size is considered to be still sufficiently secure, the validity of the DMC is extended by issuing a new DMC sub-CA certificate with the same public key as the original DMC sub-CA certificate.12-09-2010
20100325429SYSTEMS AND METHODS FOR MANAGING CRLS FOR A MULTI-CORE SYSTEM - The present invention is directed towards systems and methods for maintaining Certificate Revocation Lists (CRLs) for client access in a multi-core system. A first core may generate a secondary CRL corresponding to a master CRL maintained by the first core. The CRLs may identify certificates to revoke. The first core can store the secondary CRL to a memory element accessible by the cores. A second core may receive a request to validate a certificate. The second core can provisionally determine, via access to the secondary CRL, whether the certificate is revoked. The second core may also determine not to revoke the certificate. Responsive to the determination, the second core may request the first core to validate the certificate. The first core can determine whether to revoke the certificate based on the master CRL. The first core may send a message to the second core based on the determination.12-23-2010
20100332825System and Method for Dynamic Multi-Attribute Authentication - In accordance with the teachings of the present invention, a system and method for dynamic, multi-attribute authentication are provided. In a particular embodiment, a method for authentication includes receiving, at an authentication web server, an authentication request comprising a workstation message and a user message, wherein the workstation message comprises a workstation object and a workstation signature, the workstation object comprises a workstation certificate associated with a workstation, the user message comprises a user object and a user signature, and the user object comprises a copy of the workstation message and a user certificate associated with a user of the workstation. The method further includes verifying the workstation signature and user signature, validating the workstation certificate and the user certificate, retrieving one or more caveats associated with the workstation and one or more caveats associated with the user, and determining one or more caveats associated with both the workstation and the user.12-30-2010
20110246765Efficient, Secure, Cloud-Based Identity Services - An Identity Ecosystem Cloud (IEC) provides global, scalable, cloud-based, cryptographic identity services as an identity assurance mechanism for other services, such as data storage, web services, and electronic commerce engines. The IEC complements these other services by providing enhanced identity protection and authentication. An IEC performs identity services using surrogate digital certificates having encryption keys that are never exposed to the public. An individual requesting other services must meet an identity challenge before access to these other services is granted. Service requests to the IEC, and responses from the IEC, are securely encrypted. An IEC integrates smoothly into existing services by layering on top of, or being used in conjunction with, existing security measures. Identity transactions may be logged in a manner that complies with strict medical and financial privacy laws.10-06-2011
20110213965IDENTITY MANAGEMENT CERTIFICATE OPERATIONS - A method and system for identity management certificate operations is described.09-01-2011
20100153714USE OF MODULAR ROOTS TO PERFORM AUTHENTICATION INCLUDING, BUT NOT LIMITED TO, AUTHENTICATION OF VALIDITY OF DIGITAL CERTIFICATES - Authentication of elements (e.g. digital certificates 06-17-2010
20090063855Reduced computation for generation of certificate revocation information - A method and apparatus for propagating certificate revocation information. A first query is received regarding a revocation status of a first digital certificate. One or more additional queries are received regarding revocation statuses of one or more additional digital certificates. A response to the first query and the one or more additional queries is generated, the response including the revocation status of the first digital certificate and the revocation statuses of the one or more additional digital certificates.03-05-2009
20110213970PROACTIVE FORCED RENEWAL OF CONTENT PROTECTION IMPLEMENTATIONS - A method, apparatus, and system for proactive forced renewal of content protection implementations in devices. The method includes, on a first substantially periodic basis, automatically pushing a new content protection implementation to a device that contains an existing content protection implementation; wherein the existing content protection implementation comprises (a) existing software for presenting protected content and (b) an existing key to facilitate presentation of protected content; and wherein the new content protection implementation comprises a new key to supersede the existing key for facilitating presentation of protected content. On a second substantially periodic basis, the method includes automatically pushing revocation data to the device, the revocation data to identify a plurality of revoked keys, each revoked key of the plurality of revoked keys comprising a key that has been superseded by the new key of the new content protection implementation.09-01-2011
20110213966AUTOMATICALLY GENERATING A CERTIFICATE OPERATION REQUEST - A method and system for automatically generating a certificate operation request is described.09-01-2011
20110213964AUTOMATICALLY DETERMINING AN ACCEPTABLE CRL SIZE BASED ON SYSTEM CAPABILITY - A certificate revocation list (CRL) deployment system loads a portion of test data that represents revoked certificates into a cache at periodic intervals and generates a CRL for a corresponding periodic interval using the test data that is loaded in the cache at that corresponding periodic interval. The CRL deployment system determines a CRL size that the server computing system is capable to support using the generated CRLs and notifies a user of the CRL size that the server computing system is capable to support.09-01-2011
20090327708CERTIFICATE DISTRIBUTION USING SECURE HANDSHAKE - A method, system, and computer usable program product for certificate distribution using a secure handshake are provided in the illustrative embodiments. A client sends an indication in a request, the request being a part of a secure data communication with a server. The indication indicates an ability of the client to accept a certificate as a part of a response from the server. The server retrieves a new certificate. The server sends as a result of the indication, a new certificate in the response corresponding to the request. The client receives as a result of the indication, the new certificate in a response that corresponds to the request. The client separates the new certificate from the response and uses the new certificate in the secure data communication with the server. The server uses the new certificate in the secure data communication with the client.12-31-2009
20110083011METHOD FOR A PUBLIC-KEY INFRASTRUCTURE FOR VEHICULAR NETWORKS WITH LIMITED NUMBER OF INFRASTRUCTURE SERVERS - A system, and method related thereto, for providing a vehicular communications network public-key infrastructure. The system comprises a plurality of communications infrastructure nodes and a plurality of vehicles each having a communications component. The communications component provides vehicle to vehicle (V2V) communications, and communications via infrastructure nodes. A communications security component in each of the plurality of vehicles provides security for the communications between the plurality of vehicles using a plurality of security modules. The security modules include a certificate management module. A public key interface module may include a public key, a private key, an anonymous key and a management key. The system further includes a detection and response module for attack detection and attack mitigation. The communications security component assigns and installs at least one security key, a certificate of operation, and a current certificate revocation list. The communications component provides secure communications between the plurality of vehicles.04-07-2011
20120303952Dynamic Platform Reconfiguration By Multi-Tenant Service Providers - A manageability engine or adjunct processor on a computer platform may receive a request for activation and use of features embedded within that platform from a service provider authorized by the manageability engine's manufacturer. The manageability engine may initiate a request for authority through the service provider to a permit server. The permit server may provide, through the service provider, proof of the service provider's authority, together with a certificate identifying the service provider. Then the manageability engine may enable activation of the features on the platform coupled to the manageability engine, but only by the one particular service provider who has been authorized.11-29-2012
20110154028SYSTEM AND METHOD FOR ADMINISTERING DIGITAL CERTIFICATE CHECKING - Systems and methods for handling electronic messages. An electronic message that is associated with a digital certificate is to be processed. A decision whether to check the validity of the digital certificate is based upon digital certificate checking criterion. An IT administrator may provide to one or more devices configuration data that establishes the digital certificate checking criterion.06-23-2011
20080320301METHOD AND APPARATUS FOR RESTRICTING OPERATION OF DEVICE - A method of restricting operation of a device is provided. Based on a revocation list, which is a list regarding revoked devices, the method determines whether the device is the revoked device, based on the determination, decides whether to operate a Digital Rights Management (DRM) module of the device, and based on the decision, selectively restricts the operation of the device.12-25-2008
20080320300Authorisation and Authentication - The invention relates to content distribution over a network and provides methods of controlling the distribution, of receiving the content and of publishing content. The method of controlling distribution of content over a network includes receiving a content description and location information for a source of the content from a publisher, where the content description comprises authorisation details associated with the publisher. The validity of the authorisation details is checked and if found to be valid, the content description is provided to a node in the network12-25-2008
20110258435Threat Mitigation in a Vehicle-to-Vehicle Communication Network - A method is provided for obtaining a certificate revocation list (CRL) for a vehicle in a vehicle-to-vehicle communication system. A portable security unit is provided to access secured operations for the vehicle. The portable security unit is linked to a device having access to a communication network. The communication network is in communication with a certificate authority for issuing an updated CRL. The updated CRL is downloaded from the certificate authority to the portable security unit. At a later time, when a user enters the vehicle, a communication link is established between the portable security unit and a vehicle processor unit. Mutual authentication is exchanged between the portable security unit and the vehicle processing unit. The updated CRL stored in the portable security unit is downloaded to a memory of the vehicle communication system in response to a successful mutual authentication.10-20-2011
20100287370REVOCATION OF CRYPTOGRAPHIC DIGITAL CERTIFICATES - Different targets (c11-11-2010
20110126005DYNAMIC CONFIGURATION OF CONNECTORS FOR SYSTEM-LEVEL COMMUNICATIONS - A host device comprises a configurable connector. The host device connector can be connected to a configurable connector of an accessory device. The host device can select connector functions to be enabled for connecting to the accessory device connector. The selection of connector functions can be based on accessory device information such as accessory device power consumption, power configuration and application information. The accessory device can exclude connector functions supported by the accessory device from the list of accessory device functions sent to the host device. The accessory device can exclude connector functions based on information about the host and connector devices. Single or mutual authentication can be performed before connection functions are enabled at either device. Host and accessory devices can require that a host device be licensed to use an accessory device connector function or to gain access to accessory device resources. Tiered licensing policies can be supported.05-26-2011
20120311323System and Method of Accessing Keys for Secure Messaging - Methods and systems for handling on an electronic device a secure message to be sent to a recipient. Data is accessed about a security key associate with the recipient. The received data is used to perform a validity cheek related to sending a secure message to the recipient. The validity check may uncover an issue that exists with sending a secure message to the recipient. A reason is determined for the validity check issue and is provided to the mobile device's user.12-06-2012
20110154026SYSTEMS AND METHODS FOR PARALLEL PROCESSING OF OCSP REQUESTS DURING SSL HANDSHAKE - The present invention is directed towards systems and methods for processing an Online Certificate Status Protocol (OCSP) request in parallel to processing a Secure Socket Layer (SSL) handshake. The method includes transmitting, by an OCSP responder of an intermediary device between a plurality of clients and one or more servers, an OCSP request to a OCSP server for a status of a client certificate responsive to receiving the client certificate from a client during a SSL handshake. The intermediary device may continue to perform remaining portions of the SSL handshake while the OCSP request to the OCSP server is outstanding. The intermediary device may establish an SSL connection for the SSL handshake. The intermediary device may determine whether to terminate or maintain the established SSL connection based on the status of the client certificate received via a response from the OCSP server.06-23-2011
20090013177LICENSE MANAGEMENT SYSTEM AND METHOD - A license-management system and method is provided. A method of issuing a proxy certificate includes transmitting a proxy-certificate-issuance-request message to a license server in order for the local license manager to acquire an authority to issue a license by a local license manager; enabling the license server to verify the proxy-certificate-issuance-request message; if the proxy-certificate-issuance-request message is valid, transmitting a proxy certificate to the local license manager by the license server, the proxy certificate including information regarding the authority to issue a license; and verifying the proxy certificate by the local license manager.01-08-2009
20100023760METHOD, SYSTEM, AND DATA SERVER FOR CHECKING REVOCATION OF CONTENT DEVICE AND TRANSMITTING DATA - A method of checking revocation of a device and software, and transmitting data to a secure device and secure software whose keys have not been leaked is provided. The method includes receiving authentication information of a device requesting transmission of data, and authentication information of software accessing the data in the device; checking revocation of the device and the software, based on the received authentication information; and transmitting the data to the software of the device, when the device and the software are not revoked as a result of the checking. By doing so, during transmission of data, such as content or a license, it is possible to check security of a device and software being executed in the device, so that the data can be more safely transmitted.01-28-2010
20110154027METHOD AND SYSTEM FOR CO-TERMINATION OF DIGITAL CERTIFICATES - A method of renewing a plurality of digital certificates includes receiving, at a first time, a request from a user to renew a first digital certificate and determining an expiration date for the first digital certificate. The method also includes receiving, at a second time, a request from the user to renew a second digital certificate and determining an expiration date for the second digital certificate. The expiration date for the second certificate is later than the expiration date for the first certificate. The method further includes determining a new expiration date occurring after the first time and the second time and renewing the first digital certificate. An expiration date for the renewed first digital certificate is equal to the new expiration date. Moreover, the method includes renewing the second digital certificate. An expiration date for the renewed second digital certificate is equal to the new expiration date.06-23-2011
20120017083GROUP SIGNATURE WITH LOCAL REVOCATION VERIFICATION WITH CAPACITY FOR LIFTING ANONYMITY - The cryptographic scheme subdivides time into periods with an index j=0, 1, 2, etc. A public key indicates elements u and v of a first cyclic group G01-19-2012
20120210124CLIENT DEVICE AND LOCAL STATION WITH DIGITAL RIGHTS MANAGEMENT AND METHODS FOR USE THEREWITH - A current version certificate is stored that includes a corresponding current version identifier. A current instance certificate is received from the certificate authority, wherein the current instance certificate includes the current version identifier of the current version certificate and a current instance public key corresponding to the current instance private key. The current instance certificate is sent to a local station, during a registration with the local station. A request for video content is generated and sent to the local station. First encrypted data is received from the local station, wherein the first encrypted data includes a content key that is encrypted via the current instance public key. Second encrypted data is received from the local station, wherein the second encrypted data includes the video content that is encrypted via the content key.08-16-2012
20110107090System and Method for Flying Squad Re Authentication of Enterprise Users - Enterprise users access several applications and services routinely to carry out their work-related activities on a day-to-day basis. These applications and services could be hosted within an enterprise or on a third-party data center. The enterprise users login into the applications and services so as to gain access to the applications and services. In the case of single sign-on, it is expected that the users authenticate once to a specific application/service/system and obtain access to any other application/service/system. In such a scenario, it is important to ensure that during the course of this authenticated access grant, the right users are provided access to right information. This is achieved by a re-authentication system that demands minimum re-authentication effort from “right” users and maximum re-authentication effort from “non-right” users. A system and method of on the fly re-authentication involves a novel challenge-response mechanism.05-05-2011
20090132813Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones - Apparatus and methods perform transactions in a secure environment between an individual and another party, such as a merchant, in various embodiments. The individual possesses a mobile electronic device, such as a smartphone, that can encrypt data according to a public key infrastructure. The individual authenticates the individual's identity to the device, thereby unlocking credentials that may be used in a secure transaction. The individual causes the device to communicate the credentials, in a secure fashion, to an electronic system of a relying party, in order to obtain the relying party's authorization to enter the transaction. The relying party system determines whether to grant the authorization, and communicates the grant and the outcome of the transaction to the device using encryption according to the public key infrastructure.05-21-2009
20120166796SYSTEM AND METHOD OF PROVISIONING OR MANAGING DEVICE CERTIFICATES IN A COMMUNICATION NETWORK - A certificate manager transmits a certificate service advertisement to a plurality of certificate clients. The certificate service advertisement identifies the certificate manager and includes segregation data. The segregation data indicates a set of services offered or a set of clients for which the certificate manager offers service. Responsive to the transmitting of the certificate service advertisement, the certificate manager receives a certificate service request from at least one certificate client of the plurality of certificate clients. The certificate manager verifies that the at least one certificate client is associated with the set of clients for which the certificate manager offers service, and the certificate manager fulfills the certificate service request.06-28-2012
20100205431SYSTEM, METHOD AND PROGRAM PRODUCT FOR CHECKING REVOCATION STATUS OF A BIOMETRIC REFERENCE TEMPLATE - A system, method and program product for checking the revocation status of a biometric reference template. The method includes creating a revocation object for a reference template generated for an individual, where the revocation object contains first plaintext data providing a location for checking revocation status of the reference template and containing ciphertext data identifying the unique reference template identifier and a hash of the reference template. The method further includes providing the revocation object to a relying party requesting revocation status and sending a request to an issuer of the reference template for checking the revocation status of the reference template, without revealing identity of the individual. The method further includes returning results of the revocation status check to the relying party. In an embodiment, a random value is added to the ciphertext data for preserving privacy of the reference template holder.08-12-2010
20100275016DATA SECURITY - In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data. Many modifications, variations, and alternatives are possible without departing from this embodiment.10-28-2010
20120233458INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM - An information processing apparatus and method that prior to using a digital certification considers a validity expiration date of the digital certificate as well as a usable deadline of an algorithm or a public key used in the digital certificate.09-13-2012
20120254610REMOTE DISABLING OF APPLICATIONS - The claimed subject matter provides a method for revoking licensed software in a computing environment. An exemplary method includes receiving a machine ID from a computer system. An application program and a license credential for the application program are sent to the computer system. Subsequently, upon theft or other loss of the computer system, a request to revoke the license credential is received. The request identifies the machine ID. When the computer system subsequently initiates a connection, the connection is detected based on the machine ID. An indication that the license credential for the application program is revoked is sent to the computer system. When the application program is later initiated, its operation is disabled because of the revocation of the license credential.10-04-2012
20090019280Method of validating a digital certificate and a system therefor - A method of validating a digital certificate comprises retrieving from a first data store a digital certificate, retrieving from a second data store a plurality of certificate revocation lists (CRLs), and selecting one of the plurality of CRLs to validate the digital certificate as of a date which is before the current date.01-15-2009
20120324218Peer-to-Peer Trusted Network Using Shared Symmetric Keys - A unique, strong, shared, symmetric network-wide key (or a limited number of group-wide keys) is generated by a central authority and initially provisioned to nodes in a network, which use it for ensuing traffic encryption. Nodes establish trust by sending each other authentication messages encrypted with the shared secret key, and thereupon adding each other to their respective trust lists. Also, an optional rekeying scheme whereby an existing shared secret key can be replaced by a new secret key that is introduced by the central authority and automatically propagated from node to node through the network.12-20-2012
20110213963USING AN OCSP RESPONDER AS A CRL DISTRIBUTION POINT - A certificate revocation list (CRL) distribution system receives a request from a client pertaining to a status of a certificate and determines whether the client is an online certificate status protocol (OCSP) compliant client. The certificate status distribution system sends the certificate status to the client using OCSP in response to a determination that the client is an OCSP compliant client and sends a certificate revocation list to the client in response to a determination that the client is not an OCSP compliant client.09-01-2011
20110213969DYNAMIC CRYPTOGRAPHIC SUBSCRIBER-DEVICE IDENTITY BINDING FOR SUBSCRIBER MOBILITY - A method of authentication and authorization over a communication system is provided. The method performs a first authentication of a device based on a set of device identity and credentials. The first authentication includes creation of a first set of keying material. The method also includes performing a second authentication of a subscriber based on a set of subscriber identity and credentials. The second authentication includes creation of a second set of keying material. A set of compound key material is created with a key derivation mechanism that uses the first set of keying material and the second set of keying material. A binding token is created by cryptographically signing at least the device identity authenticated in the first authentication and the subscriber identity authenticated in the second authentication using the set of compound keying material. The signed binding token is exchanged for verification with an authenticating and authorizing party.09-01-2011
20110320811INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing device includes: a data processing unit that executes a process of reproducing content recorded in a medium, wherein the data processing unit acquires a token from the medium, the token being management data corresponding to content recorded in the medium, compares a server ID recorded in the acquired token with a server ID recorded in a server certificate acquired from a server from which the management data is acquired, and halts reproduction of content when the two server IDs are not identical.12-29-2011
20110320810INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing device includes: a data processing unit that executes a process of reproducing content recorded in a medium; and a memory storing a content revocation list in which an identifier (ID) of revoked content is recorded, wherein the data processing unit compares a minimum allowable version of a content revocation list recorded in a token which is management data corresponding to content recorded in the medium with a version of a content revocation list acquired from the memory, and when the version of the content revocation list acquired from the memory is an old version lower than the minimum allowable version of the content revocation list recorded in the token, the data processing unit halts determination on revocation of content based on the content revocation list acquired from the memory and reproduction of content.12-29-2011
20110320809METHOD AND APPARATUS FOR KEY REVOCATION IN AN ATTRIBUTE-BASED ENCRYPTION SCHEME - A method and apparatus for key revocation in an attribute-based encryption scheme is provided herein. Prior to operation, a key management service performs a randomized setup algorithm resulting in the generation of public parameters and the key management service's master secret, MK. During operation, the key management service is provided with verified user attribute information. The key management service creates keys for users based on their list of attributes. The keys can then be used to decode appropriate ciphertext. During the key creation, each attribute is associated with a particular text string. As attributes are revoked, the text string is updated.12-29-2011
20130019093CERTIFICATE AUTHORITYAANM Seidl; RobertAACI KonigsdorfAACO DEAAGP Seidl; Robert Konigsdorf DEAANM Goetze; NorbertAACI EichenauAACO DEAAGP Goetze; Norbert Eichenau DEAANM Bauer-Hermann; MarkusAACI MunichAACO DEAAGP Bauer-Hermann; Markus Munich DE - A protocol for issuing and controlling digital certificates is described in which an identity management system is used to identify a user requesting a digital certificate and is also used to issue the digital certificate itself. Accordingly, an IDM-based PKI system is provided.01-17-2013
20110161663INTELLIGENT CACHING FOR OCSP SERVICE OPTIMIZATION - An online certificate status checking protocol (OCSP) system is provided for use with a first device, an end device and a certificate authority. The first device can provide a certificate. The end device can provide an OCSP request based on the certificate and process an OCSP response. The certificate authority can provide a CRL update. The certificate has a validity period. The OCSP system includes an OCSP responder, and OCSP proxy and a cache. The OCSP responder can provide the OCSP response. The OCSP proxy can receive the OCSP request from the end device, can send the OCSP request to the OCSP responder, can receive the OCSP response from the OCSP responder and can send the OCSP response to the end device. The cache can store information based on the OCSP response. The OCSP proxy can further store, in the cache, information based on the OCSP response and can send a proactive OCSP request to the OCSP responder based on a predetermined policy. The OCSP responder can further send a proactive OCSP response to the OCSP proxy in response to the proactive OCSP request. The OCSP proxy can further update the information in the cache based on the proactive OCSP response. The OCSP proxy can additionally provide, using the updated information in the cache, a second OCSP response to the end device in response to a subsequent request from the end device related to information of the certificate.06-30-2011
20130124858METHOD, HOST APPARATUS AND MACHINE-READABLE STORAGE MEDIUM FOR AUTHENTICATING A STORAGE APPARATUS - A method, a host apparatus, and a machine-readable storage medium are provided for authenticating a storage apparatus. The method includes acquiring an identification of the storage apparatus based on a request for using content stored in the storage apparatus; determining whether authentication of the identification of the storage apparatus is revoked; determining whether usage of the content is allowed, based on at least one of additional information about the content and additional information about a certificate revocation of the storage apparatus, when the authentication of the identification of the storage apparatus is revoked; and receiving the content from the storage apparatus, when the usage of the content is allowed.05-16-2013
20130132719INFORMATION PROCESSING APPARATUS, INFORMATION STORAGE APPARATUS, INFORMATION PROCESSING SYSTEM, AND INFORMATION PROCESSING METHOD AND PROGRAM - An information processing apparatus includes a data processing unit which executes processing for decoding and reproducing encrypted content. The data processing unit executes processing for determining whether the content can be reproduced by applying an encrypted content signature file. The encrypted content signature file stores information on issue date of the encrypted content signature file and an encrypted content signature issuer certificate with a public key of an encrypted content signature issuer. In determining whether the content can be reproduced, the data processing unit compares expiration date of the encrypted content signature issuer certificate with the information on issue date of the encrypted content signature file, and does not perform processing for decoding and reproducing the encrypted content when the expiration date is before the issue date, and performs the processing for decoding and reproducing the encrypted content only when the expiration date is not before the issue date.05-23-2013
20130145157SYSTEM AND METHOD FOR ADJUSTING THE FREQUENCY OF UPDATING CERTIFICATE REVOCATION LIST - A method for adjusting the frequency of updating certificate revocation list is provided. The method is used in a certificate authority. The method includes: receiving a first information indicating security levels from neighbor certificate authorities in a neighborhood or a central certificate authority; detecting whether the certificate authority has received a signal indicating that a user is using a revoked certificate and generating a second information of a security level; calculating an index value or a set of index values by the first information indicating the security levels of neighborhoods and the second information indicating its own security level; and adjusting the update frequency of updating the certificate revocation list according to the calculated index values or the set of index values.06-06-2013
20130145158System and Web Security Agent Method for Certificate Authority Reputation Enforcement - Network security administrators are enabled to revoke certificates with their customizable certificate authority reputation policy store which is informed by an independent certificate authority reputation server when a CA is deprecated or has fraudulent certificate generation. The custom policy store overrides trusted root certificate stores accessible to an operating system web networking layer or to a third party browser. Importing revocation lists or updating browsers or operating system is made redundant. The apparatus protects an endpoint from a man-in-the-middle attack when a certificate authority has lost control over certificates used in TLS.06-06-2013
20080209210MASTER KEY TRUST GRANTS AND REVOCATIONS FOR MINOR KEYS - A method and apparatus is provided that allows code signed by a master key to grant trust to an arbitrary second key, and also allows code, referred to as an antidote and also signed by the master key to revoke permanently the trust given to the second key.08-28-2008
20110213968System and Methods to Perform Public Key Infrastructure (PKI) Operations in Vehicle Networks using One-Way Communications Infrastructure - A set of certificate management methods designed to significantly reduce or eliminate reliance on infrastructure network connectivity after vehicles are sold uses techniques to support certificate management operations in order to reduce the frequency which vehicles need to communicate with the Certificate Authorities (CAs) and the amount of data that needs to be exchanged between vehicles and the CA. These methods include, for example, approaches to use one-way communications and vehicle-to-vehicle (V2V) communications to replace expired certificates, approaches to use one-way communications and V2V communications to replace revoked certificates, and use of a small subset of vehicles as proxies to help retrieve and distribute Certificate Revocation Lists (CRLs) and replacement certificates. The combination of these techniques leads to solutions that can eliminate the need for roadside infrastructure networks completely.09-01-2011
20100318791CERTIFICATE STATUS INFORMATION PROTOCOL (CSIP) PROXY AND RESPONDER - Systems and methods are disclosed for providing certificate status information about a certificate includes receiving, at a Certificate Status Information Protocol (CSIP) proxy device the certificate identity information about the certificate of the second device. Then determining, using the CSIP proxy device, whether the certificate status information is stored in a CSIP proxy device memory. If the certificate status information is not stored in the CSIP proxy device memory, creating a CSIP request based on the certificate identity information and sending the CSIP request, including the certificate identity information, to a CSIP responder computer outside the local network domain. If the certificate status information is stored in the CSIP proxy device memory, sending the certificate status information to the first device. Also, a system and method are disclosed for using a CSIP responder computer.12-16-2010
20130185553SYSTEM AND METHOD FOR ADMINISTERING DIGITAL CERTIFICATE CHECKING - Systems and methods for handling electronic messages. An electronic message that is associated with a digital certificate is to be processed. A decision whether to check the validity of the digital certificate is based upon digital certificate checking criterion. An IT administrator may provide to one or more devices configuration data that establishes the digital certificate checking criterion.07-18-2013
20090063854Method for revoking a digital signature - A method and apparatus for revoking a digital signature using a signature revocation list. In one embodiment, the method includes generating the signature revocation list to indicate revocation status of a signature. The signature is created from an encryption key and a document. The method also includes computing an identifier of the signature in the signature revocation list based on contents of the signature. The method further includes publishing the signature revocation list for access by users of the document.03-05-2009
20130191633SYSTEM AND METHOD FOR SUPPORTING MULTIPLE CERTIFICATE STATUS PROVIDERS ON A MOBILE COMMUNICATION DEVICE - A method and system for supporting multiple digital certificate status information providers are disclosed. An initial service request is prepared at a proxy system client module and sent to as proxy system service module operating at a proxy system. The proxy system prepares multiple service requests and sends the service requests to respective multiple digital certificate status information providers. One of the responses to the service requests received from the status information providers is selected, and a response to the initial service request is prepared and returned to the proxy system client module based on the selected response.07-25-2013
20120023329INFORMATION PROCESSING DEVICE, CONTROLLER, KEY ISSUING AUTHORITY, METHOD FOR JUDGING REVOCATION LIST VALIDITY, AND KEY ISSUING METHOD - A memory card 01-26-2012
20120030461MOBILE CERTIFICATE DISTRIBUTION IN A PKI - A method of providing certificate issuance and revocation checks involving mobile devices in a mobile ad-hoc network (MANET). The wireless devices communicate with each other via Bluetooth wireless technology in the MANET, with an access point (AP) to provide connectivity to the Internet. A Certificate authority (CA) distributes certificates and certification revocation lists (CRLs) to the devices via the access point (AP). Each group of devices has the name of the group associated with the certificate and signed by the CA. A device that is out of the radio range of the access point may still connect to the CA to validate a certificate or download the appropriate CRL by having all the devices participate in the MANET.02-02-2012
20090106551DYNAMIC DISTRIBUTED KEY SYSTEM AND METHOD FOR IDENTITY MANAGEMENT, AUTHENTICATION SERVERS, DATA SECURITY AND PREVENTING MAN-IN-THE-MIDDLE ATTACKS - A distributed key encryption system and method is provided in which a key storage server provides a session key to the source and destination computers by encrypting the session key with unique distributed private keys that are associated with the respective source and destination computers by unique private key identifiers The destination computer then decrypts the encrypted session key using it's distributed private key and then decrypts the communication using the decrypted session key.04-23-2009
20120072720Certificate Revocation - A communication system includes a plurality of nodes, the communication system being arranged to assign each of the plurality of nodes a certificate by means of which it can authenticate itself to other nodes in the communication system and periodically distribute to the plurality of nodes an update formed by compressing a data set representing the validity of the certificates assigned to the plurality of nodes. The update is such that a node may not be able to unambiguously determine from the update whether or not a particular certificate is valid. The system further provides the plurality of nodes with a source of information about the validity of the plurality of certificates that is different from the update and by means of which a node may resolve an ambiguity in the update regarding a particular certificate's validity.03-22-2012
20130212383Revocation Information for Revocable Items - Techniques for providing revocation information for revocable items are described. In implementations, a revocation service is employed to manage revocation information for various revocable items. For example, the revocation service can maintain a revoked list that includes revoked revocable items, such as revoked digital certificates, revoked files (e.g., files that are considered to the unsafe), unsafe network resources (e.g., a website that is determined to be unsafe), and so on. In implementations, the revocation service can communicate a revoked list to a client device to enable the client device to maintain an updated list of revocation information.08-15-2013

Patent applications in class Revocation or expiration