Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees

By generation of certificate

Subclass of:

713 - Electrical computers and digital processing systems: support


713168000 - Particular communication authentication technique

Patent class list (only not empty are listed)

Deeper subclasses:

20110179278APPARATUS AND METHOD OF A PORTABLE TERMINAL AUTHENTICATING ANOTHER PORTABLE TERMINAL - Provided is an apparatus and method of a portable terminal authenticating another portable terminal. The portable terminal may receive a seed generated by the other portable terminal, issue an authentication certificate generated using the seed to the other portable terminal, authenticate the other portable terminal based on the authentication certificate, and provide a secure communication.07-21-2011
20120204033DEVICE-BOUND CERTIFICATE AUTHENTICATION - A device-bound certificate authority binds a certificate to one or more devices by including digital fingerprints of the devices in the certificate. A device only uses a device-bound certificate if the digital fingerprint of the device is included in the certificate and is verified. Thus, a certificate is only usable by one or more devices to which the certificate is explicitly bound. Such device-bound certificates can be used for various purposes served by certificates generally such as device driver authentication and authorization of access to secure content, for example.08-09-2012
20110191590METHOD AND APPARATUS FOR DIGITAL AUTHENTICATION OF VALUABLE GOODS - A method for digital certification of authenticity of a physical object, and corresponding computer program and storage device, as well as to the use of the method for digital certification of authenticity of a physical object of value. The method includes the steps of issuing a storage device including a digital certificate of authenticity including encrypted information reflecting at least one characteristic unique to the physical object, checking, whenever required, the validity of the digital certificate of authenticity by use of a network computer, the network computer cooperating with the storage device and a validating or a certifying authority so as to output sensibly in real time the status of validity of the digital certificate of authenticity, and modifying the status of validity of the digital certificate of authenticity, whenever required.08-04-2011
20110202771Method for governing the ability of computing devices to communicate - A method is provided to perform network access control. A computing device utilising Online Certificate Status Protocol responder functionality determines whether attempted communication should be allowed between other computing devices appropriately configured with Internet Protocol Security (IPsec), digital certificates and OCSP client software. This determination is based on a set of rules considering the role or roles of the computing devices attempting to communicate, and whether the computing devices attempting to communicate have previously exhibited suspicious or undesirable behaviour.08-18-2011
20100077217DIGITAL RIGHTS MANAGEMENT SYSTEM AND METHOD - The present invention concerns application of digital rights management to industrial automation devices including programmable logic controllers (PLCs), I/O devices, and communication adapters. Digital rights management involves a set of technologies for controlling and managing access to device objects and/or programs such as ladder logic programs. Access to automation device objects and/or programs can be managed by downloading rules of use that define user privileges with respect to automation devices and utilizing digital certificates, among other things, to verify the identity of a user desiring to interact with device programs, for example. Furthermore, the present invention provides for secure transmission of messages to and amongst automation devices utilizing public key cryptography associated with digital certificates.03-25-2010
20130086384METHOD AND SYSTEM FOR POWER MANAGEMENT USING ICMPv6 OPTIONS - A method and system that facilitates power management over an IPv6 network connection is described. A first host having an application creates a power management option for managing power management settings of one or more second hosts, which is in network communication with the first host. A neighbor solicitation request is sent with the power management option to the one or more second hosts, wherein the power management option requests the power management settings of the one or more second hosts. A table of the power management settings for each of the one or more second hosts is generated from the responses received from the neighbor solicitation request, and the power management settings are applied to the one or more second hosts.04-04-2013
20130080784METHODS AND DEVICES FOR MONITORING THE INTEGRITY OF AN ARTICLE DURING TRANSPORTING SAID ARTICLE - The method for obtaining information relating to the integrity of an article (03-28-2013
20130042114INFORMATION PROCESSING DEVICE AND INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing system including a medium where a content to be played is stored; and a playing apparatus for playing a content stored in the medium; with the playing apparatus being configured to selectively activate a playing program according to a content type to be played, to obtain a device certificate correlated with the playing program from storage by executing the playing program, and to transmit the obtained device certificate to the medium; with the device certificate being a device certificate for content types in which content type information where the device certificate is available is recorded; and with the medium determining whether or not an encryption key with reading being requested from the playing apparatus is an encryption key for decrypting an encrypted content matching an available content type recorded in the device certificate, and permitting readout of the encryption key only in the case of matching.02-14-2013
20130138962CONTROL METHOD, PROGRAM AND SYSTEM FOR LINK ACCESS - A plurality of users is assumed in which user A is the owner of content providing the source of a link, user B is the owner of the content providing the destination of the link, and user C is a viewer. Each user has a private key and a public key, and the public keys are shared by the users. User B selects user C in advance as a viewer. User B creates data including a value in which an encryption key with a proxy signature generated on the basis of the public key of user C and its own private key is encrypted using the public key of user A, and distributes the data to user A, which is the owner of the content providing the source of the link. User A decrypts the received data including the value using its own private key. This makes a function available based on encryption with the proxy signature. User A converts the link information using this function, signs the information using its own private key, and sends it to user C. User C verifies the signature by checking the received information using the public key of user A and the public key of user B, extracts the link information generated by user A using the function, decrypts it using its own private key, and obtains the link information.05-30-2013
20100325438System and Method for Binding a Smartcard and a Smartcard Reader - Systems and methods for binding a smartcard and a smartcard reader are provided. A smartcard is provision to store a first set of credentials for use in traditional transactions such as at a brick and mortar retail store and a second set of credentials for use when performing a transaction using a smartcard reader associated with a user such as an on-line transaction. The user smartcard reader registers with a smartcard issuer server by cryptographically authenticating a secure processor associated with the smartcard reader. As a result of the registration, the secure processor obtains a set of private keys associated with the second set of credentials. When a request for a authorizing a transaction via the user's smartcard reader is received, the smartcard reader cryptographically authenticates itself to the smartcard using a private key associated with a credential to be used to authorize the transaction.12-23-2010
20100325437METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING - A method and system for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided.12-23-2010
20100332839METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING - A method and system for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided.12-30-2010
20090125721DATA COMMUNICATION METHOD, COMPUTER AND INFORMATION STORING MEDIUM - A computer including at least two processors is used to preferably perform a secure data communication. Data containing a processor ID identifying one of the at least two processors provided for a first computer (computer 05-14-2009
20100095125CERTIFICATE VERIFICATION - An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.04-15-2010
20130046988SYSTEMS AND METHODS FOR PROVIDING A CRYPTOGRAPHIC KEY MANAGER FOR AN APPLICATION SERVER - Embodiments relate to systems and methods for maintaining cryptographic keys for application servers. In particular, applications and/or services of the application servers can desire to encrypt and/or decrypt data during operation of the applications. A key management tool can receive requests, and associated digital certificates from applications of the application servers for associated keys for use by the applications to encrypt and/or decrypt the data. The key management tool can generate a new key for the applications, or locate and retrieve an existing key for the applications. Further, the key management tool can provide a copy of the key to the applications.02-21-2013
20130097425Providing Consistent Cryptographic Operations Across Several Applications - Providing consistent cryptographic operations across several applications using secure structured data objects includes a security middleware component, using an application programming interface, receiving a data input from an originating application operating in application space. Both the application and the middleware component execute in the data processing system. A security schema object is retrieved by the security middleware component from an object store, the security schema object describing a sequence of cryptographic operations and includes several components describing aspects of the cryptographic operations. The data input is transformed from a first format to a second format where one of the formats is a secure structured data object formed using the sequence of cryptographic operations. A property of the secure structured data object contains data about the security schema object. The data input is transmitted in the second format to a consumer application operating in application space.04-18-2013
20130067231Load Balanced and Prioritized Data Connections - In embodiments of load balanced and prioritized data connections, a first connection is established to communicate first data from a first server to a second server over a public network, where the first data is communicated from a private network to a first device or subnet that is connected to the second server. A second connection is established to communicate second data from the first server to the second server over the public network, where the second data is communicated from the private network to a second device or subnet that is connected to the second server. The second server can distinguish the first data from the second data according to an authentication certificate field that identifies one of a first communication interface of the first connection or a second communication interface of the second connection.03-14-2013
20110022845METHOD AND DEVICE FOR ISSUING A DIGITAL RESIDENCE CERTIFICATE - A method for issuing a digital residence certificate using a module associated with a counter. Data from the counter are continuously monitored, whereby the data are read and a consistency test is performed on the basis of a predetermined criterion. In addition, after receiving a residence certificate request, a decision is made as to whether or not the request should be fulfilled, based on the results of the continuous data monitoring.01-27-2011
20110035596Method of Secure Broadcasting of Digital Data to an Authorized Third Party - The invention relates to a method of secure broadcasting of encrypted digital data of a proprietary entity, these data being stored in a storage module (02-10-2011
20110035595CODEWORD-ENHANCED PEER-TO-PEER AUTHENTICATION - Peer-to-peer authentication may be accomplished by sending a digital certificate to a responder, receiving a randomized codeword in response to the sending, creating a secure fingerprint based at least in part on the digital certificate and randomized codeword, creating a first bit sequence based at least in part on a first portion of the secure fingerprint and a second portion of the randomized codeword and indicating the first digital certificate is authenticated based upon whether the first bit sequence matches a second bit sequence received from the responder via an out-of-band communication in response to the sending. The size of the first bit sequence is less than the size of the secure fingerprint. According to another aspect, the first bit sequence is compared with a rendering of the second bit sequence, using an out-of-band communication, by associating the first bit sequence with one or more indices into an array of representations.02-10-2011
20120102328Method for implementing the real time data service and real time data service system - The present invention discloses a method for implement real time data service and a real time data service system. After starting to forward data messages to an accessed user terminal, an access point (AP) of the real time data service system verifies the user terminal, and continues forwarding the data messages to the user terminal after the verification is successful. Therefore, with the method and system of the present invention, when accessing the real time data service system by adopting the way of authentication and key management based on pre-shared key, it is able to authenticate a user before the user obtains a big amount of service data, thereby the accessing security is effectively improved; furthermore, with the method and system of the present invention, it is able to provide free preview service data to the user at first, and after the preview, obtain and verify the WLAN authentication and privacy infrastructure (WAPI) certificate and signature of the user by initiating a signature authentication request to the user, and then start to charge, which is convenient for the user and is favourable for the operators to popularize the real time data service.04-26-2012
20100153731Lightweight Authentication Method, System, and Key Exchange Protocol For Low-Cost Electronic Devices - An algorithm or an authentication system for a low-cost authenticating device such as a radio frequency identification (RFID) tag, or a sensor node are provided, by which authentication is processed efficiently without requiring complicated hardware. A claimant entity attempting to be authenticated and a verifying entity to authenticate the claimant entity, share a plurality of secret keys so that authentication is processed as the claimant entity responds to a challenge by the verifying entity. The verifying entity and the claimant entity perform authentication using Learning Parity with Noise (LPN) problem. The verifying entity and the claimant entity generate keys independently from one another, and exchange the generated keys. The claimant entity may generate an encrypted value for use in the authentication, using a basic Boolean Exclusive OR and a logical AND operations.06-17-2010
20110283108METHOD & APPARATUS FOR ESTABLISHING A TRUSTED AND SECURE RELATIONSHIP BETWEEN TWO PARTIES CONNECTED TO A NETWORK - A trusted relationship service includes a certificate authentication server and a secure file host. The certificate authentication server operates to receive requests from a supplier and a customer to register with the service, verifies the identities of the supplier and the customer and sends digital certificates to both the supplier and the customer. The supplier can send information to the trusted relationship service where it is posted in a secure file host. The supplier can solicit the customer to visit the trusted relationship service web site to view the supplier information stored there, whereupon the customer can use their digital certificate to access the trusted relationship service site and is granted permission by the site to view the supplier information.11-17-2011
20110219234SYSTEM AND METHOD FOR HYPERVISOR-BASED REMEDIATION AND PROVISIONING OF A COMPUTER - A computer located outside of an organizational computing environment is remotely prepared and configured to work in the organizational computing environment. A hypervisor operating system is installed and replaces the primary operating system of the computer, and the primary operating system, virtual software appliances (VSA) and virtual machines (VM) can execute as processes of the hypervisor. The hypervisor is configured to establish secure connection with organizational computing environment and to receive from it organization-configured image software for configuring the compute to work in the organizational computing environment. The secure connection can also be used for remote maintenance of the computer even when the computer operating system is faulty or inactive.09-08-2011
20100169648COMMUNICATION TERMINAL APPARATUS AND INFORMATION COMMUNICATION METHOD - An information communication method performed by a communication terminal apparatus, the method including: sharing a first encryption key with a first server; receiving a request for sending identification information of the communication terminal apparatus; authenticating the first server based on certificate information of the first server that is acquired while sharing the first encryption key and verification information retained in the communication terminal apparatus; encrypting the identification information of the communication terminal apparatus using a second encryption key; and encrypting, using the first encryption key, according to an authentication result, encrypted identification information of the communication terminal apparatus as generated by using the second encryption key, and transmitting resulting double-encrypted identification information of the communication terminal apparatus to the first server.07-01-2010
20090150675SECURE MESSAGE FORWARDING SYSTEM DETECTING USER'S PREFERENCES INCLUDING SECURITY PREFERENCES - A system and method for providing secure message services. The system includes a forwarding service to receive message for delivery to a recipient. The system checks for preferences for delivery of the message content including encryption preferences and notifies the recipient or delivers the message according to the encryption preferences. The system includes an interoperability engine to determine delivery preferences including security preferences, the security preferences indicating a security protocol by which the message can be securely delivered to the recipient.06-11-2009
20090193254ANCHOR POINT-BASED DIGITAL CONTENT PROTECTION - Digital content protection can be effectively implemented through use of an anchor point and binding records in a user domain. An anchor point domain may include a secure anchor point, and data storage to store digital property instances and rights objects. The secure anchor point may be configured to receive a title pre-key from the rights object and use a binding key to decrypt the title pre-key to yield a title key. The binding key may include data uniquely associating the encrypted digital property instance with the secure anchor point.07-30-2009
20100088518Method of exchanging data such as cryptographic keys between a data processing system and an electronic entity such as a microcircuit card - A method of exchanging data between a data processing system and an electronic entity, characterized by the following steps: 04-08-2010
20090287932Consumer-Driven Secure Sockets Layer Modulator - A software system and method for executing secure commercial transactions online is disclosed. A user's password is received to initiate secure socket layer (SSL) communications with a transaction site on a server. A web session associated with the SSL communications is encrypted by associating a domain name of the transaction site with its SSL public key. Then, the user's password is added to a hypertext markup language (HTML) header of a message within the web session. When added, the password is invisible to a hypothetical man-in-the-middle (MITM) attacker, who cannot read the encrypted message nor mimic the user. The MITM is thus unable to compromise the user's account as the MITM is unable to provide the correct password into any fraudulent message.11-19-2009
20110197068METHODS FOR PROVIDING SECURITY OVER UNTRUSTED NETWORKS - Methods for providing for secure communications across data networks, including untrusted networks. In one embodiment, the method comprises establishing security associations between devices on the network using a digital certificate and key exchange protocol. In one variant, the digital certificate comprises a public encryption key; the recipient of the certificate authenticates the sender using at least the signature, and then generates a cryptographic element (e.g., key), and initialization vector. The key is encrypted and sent back to the originator, where it is decrypted and used to encrypt datagrams sent between the devices. The initialization vector may be used to initialize the encryption algorithm on the receiving device.08-11-2011
20090287931Establishing Proof of Existence and Possession of Digital Content - A method for establishing proof of existence and possession of source digital content, the method comprising the steps of generating a content certificate by calculating a content hash derived from the source digital content; creating code incorporating the content hash and content details, and a certifying body time-stamping and digitally signing the content hash and the content details to create a content certificate; transmitting the content certificate via a secure channel so that the recipient can verify that the certificate came from the certifying body; transmitting a digitally signed file representing the content certificate content details. A tamper-proof audit trail of certification is generated by: calculating a proving hash of a concatenated file of data relating to a plurality of content certificates; publishing the proving hash, and publishing the concatenated file. Existence of content is proved by: verifying certified digital content against the content certificate using hash verification and checking history of public keys from digital identities; and proving prior existence of the content certificate by reference to published proving hashes and historic content hashes without reference to the certifying body.11-19-2009
20100146281SECURITY AND CERTIFICATE MANAGEMENT FOR ELECTRONIC BUSINESS TO BUSINESS TRANSACTIONS - Methods, systems, and devices are described for the secure electronic exchange of procurement documents. A server computer system may manage different sets of security procedures, distributing certificates to trading partners. These certificates may be community-specific certificates for a limited community of trading partners. When particular trading partners (e.g., of the community) agree to exchange procurement documents, they may first exchange their certificates (or portions thereof) with each other. A sending trading partner may then provide an electronic signature for a procurement document to be transmitted, and encrypt the signed procurement document using the receiving trading partner's public key.06-10-2010
20080244269Data processing system, memory device, data processing unit, and data processing method and program - To provide an improved management structure of memory devices storing service-use applications. A card for a memory device applied to use various services is provided as one child card or more corresponding to each of the services, a parent card stores data for child-card issue management, and the child-card issue processing is executed based on the parent card, such as parent card authentication. An issue certificate having a parent-card digital signature is stored in the child card, the issue certificate contains a service code and a child-card identification, and thus it becomes possible to confirm a service set in the child card based on the issue certificate as the parent-card signature data.10-02-2008
20120185696DEVICE INTRODUCTION AND ACCESS CONTROL FRAMEWORK - In an embodiment, a method includes registering applications and network services for notification of an out-of-band introduction, and using the out-of-band introduction to bootstrap secure in-band provisioning of credentials and policies that are used to control subsequent access and resource sharing on an in-band channel. In another embodiment, an apparatus implements the method.07-19-2012
20100318803System and Methods for Assignation and Use of Media Content Subscription Service Privileges - This invention describes a system and methods for media content subscription service distribution; typical services include cable television, premium content channels, pay-per-view, XM radio, and online mp3 services. Subscribers use portable electronic devices to store digital certificates certifying the subscriber's privileges and an assigned public key. The devices can communicate with specially enabled televisions, radios, computers, or other media presentation apparatuses. These, in turn, can communicate with central databases owned by the provider, for verification purposes. Methods of the invention describe media content subscription service privilege issuing and use. The invention additionally describes methods for protecting media content transmitted to users with a variety of encryption schemes. The invention also comprises methods for subscribed users to bestow a subset of their privileges to a number of secondary users, with appropriate permission from the media content subscription service provider.12-16-2010
20100005304Security and ticketing system control and management - A security device of this invention includes a nonvolatile storage unit 01-07-2010
20120272066System, Apparatus, Method, And Program Product For Authenticating Communication Partner Using Electronic Certificate Containing Personal Information - Object To provide a technique for authenticating a communication partner using an electronic certificate containing personal information. Solving Means When a client apparatus receives a request for an electronic certificate from a server apparatus, the server apparatus reads a client certificate containing personal information and a server public key of the server apparatus from a storage unit and encrypts the client certificate using the server public key. The client apparatus also creates a temporary electronic certificate by setting, in a basic field of an electronic certificate, a predetermined item indicating that the electronic certificate is a temporary electronic certificate and by setting the client certificate having been encrypted in an extension field of the electronic certificate. Then, the client apparatus sends the temporary electronic certificate to the server apparatus.10-25-2012
20090164788EFFICIENT GENERATION METHOD OF AUTHORIZATION KEY FOR MOBILE COMMUNICATION - The present invention relates to a method of generating an authorization key for a wireless communication system. In the wireless communication system, when an authorization key is generated after authentication between a subscriber station and base station is successfully performed, the authorization key is generated using a value indicating the number of generation times of the authorization key. Subsequently, the subscriber station and the base station confirm through a predetermined procedure whether or not they share the same authorization key and the same number of generation times of the authorization key. According to such a method of generating an authorization key, an authentication function for messages to be transmitted and received between the subscriber station and the base station can be efficiently supported. Further, replay attacks by malignant users can be powerfully protected against.06-25-2009
20130219181METHOD FOR READING AN ATTRIBUTE FROM AN ID TOKEN - The invention relates to a method for reading at least one attribute stored in an ID token (08-22-2013
20090144551Period Keys - A method for securing encryption keys is described, the method including providing a first device and a second device, the first device including first secure hardware and first insecure hardware, and the second device including second secure hardware and second insecure hardware, generating in the first secure hardware at least two period keys, the at least two period keys stored in the first secure hardware, generating in the first secure hardware a plurality of session keys, the session keys being stored in either the first secure hardware or the first insecure hardware, encrypting at least one of the plurality of session keys generated in the first device according to a first of the two period keys included in the first secure hardware, encrypting at least one of the plurality of session keys generated in the first device according to a second of the two period keys included in the first secure hardware, generating in the second secure hardware at least two period keys, the at least two period keys stored in the second secure hardware, generating in the second secure hardware a plurality of session keys, the session keys being stored in either the second secure hardware or the second insecure hardware, encrypting at least one of the plurality of session keys generated in the second device according to a first of the two period keys included in the second secure hardware, encrypting at least one of the plurality of session keys generated in the second device according to a second of the two period keys included in the second secure hardware, at a time when a session is established between the first device and the second device, decrypting one encrypted session key in the first device and decrypting one encrypted session key in the second device, and establishing an encrypted session between first device and the second device, the encrypted session being encrypted according to the one decrypted session key included in the first device and the one decrypted session key included in the second device, wherein the at least two period keys included in the first device and the at least two period keys included in the second device are periodically regenerated in order to produce new period keys, thereby rendering useless any session keys encrypted according to an old period key.06-04-2009
20090024849Information acquisition device, information acquisition method, and information acquisition program - Conventionally, before reading content from a recording medium, a drive device and a playback device that plays back content perform device authentication, in order to verify whether the playback device is authorized or not. Once the playback device has been verified as authorized, the playback device is permitted to read any content stored on the recording medium. In view of this, a reading device is provided that limits a type of content acquirable by the playback device by permitting the playback device to read content which satisfies a specific condition and prohibiting the playback device to read other content.01-22-2009
20090024850USER CONTROLLED ANONYMITY WHEN EVALUATING INTO A ROLE - A method, system, and program for user controlled anonymity when evaluating into a role are provided. An anonymous authentication controller enables a user to control anonymity of the user's identity for role based network accesses to resources, without requiring reliance on any single third party to maintain user anonymity. First, a role authentication certificate is received from a role authenticator, wherein the role authentication certificate certifies that the holder of the role authentication certificate is a member of a particular role without allowing the role authenticator issuing the role authentication certificate the ability to track an identity of a user holding the role authentication certificate. Next, an anonymous channel is established for anonymously presenting the role authentication certificate to a resource protector, wherein the resource protector requires the user to authenticate into the particular role to access a resource, wherein the role authentication certificate authenticates the user into the particular role without enabling the resource protector to ascertain the identity of the user, such that the user is in control of maintaining user anonymity for authenticated role-based accesses.01-22-2009
20110225425PREVENTING CAUSALITY VIOLATIONS IN DECENTRALIZED DISTRIBUTED SYSTEMS - A trusted read and write platform provides write-indisputability and read-undeniability for a distributed application. The platform is implemented at each node of the distributed application using a trusted platform module. To provide write-indisputability, the read and write platform of a node may generate a proof that is signed by the platform module and sent with a purportedly written result. The proof is decrypted using a public key associated with the platform module and includes indicators of the process taken by the read and write platform to write the result. To provide read-undeniability, the read and write platform may bind a key to a state of the platform module. A result to be read at the read and write platform is encrypted using the key and can only be decrypted when the read and write platform updates its state to the bound state.09-15-2011
20090210712METHOD FOR SERVER-SIDE DETECTION OF MAN-IN-THE-MIDDLE ATTACKS - Problem The combination of a tendency towards permissivity when verifying certificate authenticity and the use of in-band client authentication opens up an opportunity for attackers to mount man-in-the-middle attacks on SSL connections.08-20-2009
20090199007PROVIDING CERTIFICATE MATCHING IN A SYSTEM AND METHOD FOR SEARCHING AND RETRIEVING CERTIFICATES - A system and method for searching and retrieving certificates, which may be used in the processing of encoded messages. In one broad aspect, certificate identification data that uniquely identifies a certificate associated with a message is generated. The certificate identification data can then be used to determine whether the certificate is stored on a computing device. Only the certificate identification data is needed to facilitate the determination alleviating the need for a user to download the entire message to the computing device in order to make the determination.08-06-2009
20090100266SERVICE PROVISION SYSTEM AND COMMUNICATION TERMINAL - A first memory unit is arranged outside a block that is under security control. The block includes: a second memory unit; an acquisition unit for acquiring biological information on a living body from a captured image of a location of the living body; an encryption unit for encrypting attribute information with an encryption key; a registration unit for registering encrypted attribute information encrypted by the encryption unit into the first memory unit, and registering the biological information and the encryption key into the second memory unit; and a presentation unit for decrypting the encrypted attribute information with the encryption key and presenting the attribute information decrypted to the service provision server if the biological information registered in the second memory unit and biological information acquired by the acquisition unit coincide with each other.04-16-2009
20090222667GENERATOR FOR GENERATING A MESSAGE AUTHENTICATION CODE, METHOD OF GENERATING A MESSAGE AUTHENTICATION CODE, PROGRAM ELEMENT AND COMPUTER-READABLE MEDIUM - Current MAC algorithms impose a significant system performance requirement in order to process messages in real time. According to an exemplary embodiment of the present invention, a hardware implemented generator for generating a MAC is provided, that results in a significant improvement in hardware performance requirements for processing messages in real time. The engine is based on linear feedback shift registers which are adapted to generate secure MACs.09-03-2009
20080307226Verifying authenticity of e-mail messages - A certificate registry system configured to issue authentication certificates to each one of a plurality of information providers and to maintain a root certificate corresponding to all of the authentication certificates, wherein each one of the authentication certificates links respective authentication information thereof to identification information of a corresponding one of the information providers, wherein each one of the authentication certificates is devoid of linkage between the corresponding one of the information providers and e-mail address information thereof, and wherein the authentication certificates of the certificate registry are associated in a manner at least partially dependent upon at least one of a particular type of information that the information providers provide, a particular organization that the information providers are associated with, a particular type profession in which the information providers are engaged and a particular geographical region in which the information providers are located.12-11-2008
20100169647Data Transmission - A method of and apparatus for transmitting data in systems such as computer networks, for example in client-server or peer-to-peer arrangements. Access to transmitted data received by a destination apparatus is limited by the provision of software code at the destination apparatus. The software code is arranged to produce a result which is a function of the state of the destination apparatus, and this result is used to access the data. The software code may be either transmitted to the destination apparatus, for example along with the data it is used to access or from a separate server, or may be generated at the destination apparatus. The method and apparatus is particularly applicable in the field of on-line gaming, wherein the transmitted data is encrypted gaming data and the result of the software code provides the access key to the encrypted data.07-01-2010
20100185864Multi-Dimensional Credentialing Using Veiled Certificates - In accordance with certain embodiments of the present disclosure, a method for creating a veiled certificate is provided. The method comprises requesting a certificate from a regulator by sending a message with a digital signature of the message signed by the owner. The message comprises an owner's veiled certificate token, the veiled certificate token comprising an encrypted version of the owner's identification data and the owner's identification public key for the certificate. The message further comprises the identification public key, the whole message being encrypted using the regulator's external public key. The certificate request is validated by verifying the sender's identity through validation of the digital signature using the owner's external public key and verifying the veiled certificate token using the individual' external public key. A veiled certificate is created by combining the veiled certificate token, identification public key and digitally signing the veiled certificate with the regulator's private key, wherein the owner's identification information is inaccessible from the veiled certificate, except to the certificate owner.07-22-2010
20090019285Establishing a Trust Relationship Between Computing Entities - A first computing entity provides evidence to a second computing entity to demonstrate that the first computing entity has a trusted configuration specification that is one of a set of such specifications agreed between the computing entities. This evidence comprises a computed commitment, made using (but not revealing) the configuration specification of the first computing entity, and a ring signature generated using a plurality of keys where each such key is generated using the commitment and one of the trusted configuration specifications. The second computing entity verifies the ring signature in order to convince itself that the configuration specification of the first computing entity is in the set.01-15-2009
20090077384Accelerated signature verification on an elliptic curve - A public key encryption system exchanges information between a pair of correspondents. The recipient performs computations on the received data to recover the transmitted data or verify the identity of the sender. The data transferred includes supplementary information that relates to intermediate steps in the computations performed by the recipient.03-19-2009
20100228982FAST-RECONNECTION OF NEGOTIABLE AUTHENTICATION NETWORK CLIENTS - Modern network communications often require a client application requesting data to authenticate itself to an application providing the data. Such authentication requests can be redundant, especially in the case of stateless network protocols. When a full authentication is performed, a conversation identifier and one or more encryption keys can be agreed upon. Subsequent authentication requests can be answered with a fast reconnect token comprising the conversation identifier and a cryptographically signed version of it using the one or more encryption keys. Should additional security be desirable, a sequence number can be established and incremented in a pre-determined or a random manner to enable detection of replayed fast reconnect tokens. If the recipient can verify the fast reconnect token, the provider can be considered to have been authenticated based on the prior authentication. If an aspect of the fast re-authentication should fail, recourse can be had to the original full authentication process.09-09-2010
20100217989VISUALIZATION OF TRUST IN AN ADDRESS BAR - Described are a system and method for presenting security information about a current site or communications session. Briefly stated, a browsing software is configured to receive a certificate during a negotiation of a secure session between a local device and a remote device. The certificate includes security information about a site maintained at the remote device. The security information is displayed to a user of the browsing software in a meaningful fashion to allow the user to make a trust determination about the site. Displaying the security information may include presenting a certificate summary that includes the most relevant information about the certificate, such as the name of the owner of the site and the name of the certificating authority of the certificate.08-26-2010
20100217988ELECTRONIC DOCUMENT MANAGEMENT AND DELIVERY - In one embodiment, system to manage and deliver electronic documents is disclosed.08-26-2010
20100217987Document Security Management System - A document security management system for securely managing documents for users. The document management system comprises a document repository providing a facility for storing data files representing the documents. A key repository stores a public key of one or more encryption key pairs, each of the encryption key pairs being associated with one of the documents stored in the document repository. Each document stored in the document repository is encrypted with the public key of the encryption key pair associated with the document. A plurality of client terminals are operable to store and to retrieve the documents from the documentary repository for processing by a user. Each user is in possession of a digital certificate comprising a certificate key pair. The key repository includes the private key of the encryption key pair encrypted with the public key of the certificate key pair associated with the user. The client terminal is operable with the private key of the certificate key pair in possession of a user. The client terminal is operable to decrypt the private key of the encryption key pair using the private key of the certificate key pair of a user, and to retrieve the encrypted document from the document repository and to decrypt the document using the decrypted private key of the encryption key pair. Thus, in accordance with the present invention a two tier arrangement of private key/public key pairs is provided with a first private key/public key pair called the encryption key pair being associated with each of the documents and a second digital certificate private key/public key pair called a certificate key pair being associated with the users. A document management system according to the present invention is therefore provided with an improvement in security with respect to document management and document management security.08-26-2010
20120036364SELF-AUTHENTICATION COMMUNICATION DEVICE AND DEVICE AUTHENTICATION SYSTEM - In a system where a communication device performs secure communication by using a digital certificate, to enable a device of a communication party to verify that a self certificate is certainly generated by a device indicated on the self certificate even if the self certificate is not delivered offline in advance. Based on a master key and a public parameter, a communication device generates an ID-based encryption private key for which a device unique ID is used as a public key. Then, the communication device generates the digital signature of an RSA public key as a ID-based encryption signature by using the ID-based encryption private key. Then, the communication device generates an RSA self signature for the RSA public key, an expiration date, a host name, the device unique ID, and the ID-based encryption signature as the target. Then, the communication device generates a self-signed certificate to include the ID-based encryption signature and the RSA self signature.02-09-2012
20100235642APPARATUS, SYSTEM, AND METHOD OF SETTING A DEVICE - A device setting apparatus performs setting operation with respect to a counterpart apparatus using secure communication even when the counterpart apparatus is not previously provided with information required for secure communication. The device setting apparatus detects an error when the error occurs during the setting operation, and executes a browser to request a user to correct the error during the setting operation.09-16-2010
20100250947SYSTEM AND METHOD OF PREVENTING SPAM BY USING PAY-CHARGE-CONTRIBUTION AND AUTHENTICATION MEANS - A system for preventing junk mails includes a sender email server (09-30-2010
20100250948SYSTEM AND METHOD FOR CHECKING DIGITAL CERTIFICATE STATUS - A method for handling digital certificate status requests between a client system and a proxy system is provided. The method includes the steps of receiving at the proxy system digital certificate status request data transmitted from the client system and generating query data for the digital certificate status in response to receiving the digital certificate status request data. The query data is transmitted to a status provider system, and status data from the status provider system in response to the query data is received at the proxy system. Digital certificate status data based on the status data received is generated and transmitting to the client system.09-30-2010
20100115281ATTRIBUTES IN CRYPTOGRAPHIC CREDENTIALS - Method and apparatus for generating cryptographic credentials certifying user attributes and making cryptographic proofs about attributes encoded in such credentials. Attributes are encoded as prime numbers E in accordance with a predetermined mapping and a cryptographic credential is generated encoding E. To prove that an attribute encoded in a cryptographic credential associated with a proving module of the system is a member of a predetermined set of user attributes, without revealing the attribute in question, the proving module determines the product Q of respective prime numbers corresponding to the attributes in the set in accordance with the predetermined mapping of attributes to prime numbers. The proving module demonstrates to the receiving module possession of a cryptographic credential encoding a secret value that is the prime number E, and then whether this secret value divides the product value Q.05-06-2010
20090276629METHOD FOR DERIVING TRAFFIC ENCRYPTION KEY - A mobile station is provided. The mobile station includes one or more radio transceiver module and a processor. The processor generates an Authorization Key (AK) context including at least one secret key shared with a base station, transmits at least one association negotiation message via the radio transceiver module to the base station to obtain an association of a service flow established by the base station, and generates at least one TEK according to the secret key and an identifier associated with the association. The service flow is established for traffic data transmission with the base station and the TEK is a secret key shared with the base station for encrypting and decrypting the traffic data.11-05-2009
20100223470SECURE INSTANT MESSAGING SYSTEM - A secure instant messaging (IM) system integrates secure instant messaging into existing instant messaging systems. A certificate authority (CA) issues security certificates to users binding the user's IM screen name to a public key, used by sending users to encrypt messages and files for the user. The CA uses a subscriber database to keep track of valid users and associated information, e.g. user screen names, user subscription expiration dates, and enrollment agent information. A user sends his certificate to an instant messaging server which publishes the user's certificate to other users. Users encrypt instant messages and files using an encryption algorithm and the recipient's certificate. A sending user can sign instant messages using his private signing key. The security status of received messages is displayed to recipients.09-02-2010
20080276092Method for Authentication of Sensor Data, and an Associated Sensor - A method for authentication of sensor data (D) which is interchanged between at least one sensor (S11-06-2008
20090037738Digital certificates - A method for producing a certificate, the certificate including data, the method including choosing a seed s, the seed s including a result of applying a function H to the data, generating a key pair (E,D), such that E=F(s,t), F being a publicly known function, and including s and t in the certificate. Related methods, and certificates produced by the various methods, are also described.02-05-2009
20130132726DIGITAL CERTIFICATION METHOD AND APPARATUS - A method for recording a document with authenticity certification information. The method includes receiving an indication from a user regarding their intention to accept and/or receive a proposed set of documentary content elements and presenting a visual display of the documentary content elements. The method further includes presenting and detecting an actuatable acknowledgment mechanism and receiving and transmitting account information to an account provider. The method also includes generating a digital certificate and key pairs from one or more items associated the account information.05-23-2013
20100306545COMMUNICATION APPARATUS - A communication apparatus includes: a first storage unit storing a certification authority certificate; a verification unit verifying an electronic signature attached to a first electronic mail received by a receiving unit from a mail server based on the certification authority certificate; an output unit outputting the first electronic mail when a verification result of the verification unit is positive; a deletion unit deleting the first electronic mail from the mail server; a notification unit notifying a user of information regarding a specific certification authority when a specific certification authority certificate is not stored in the first storage unit; an acquiring unit acquiring the specific certification authority certificate; and a storage control unit storing the acquired specific certification authority certificate. The receiving unit again receives the first electronic mail. The verification unit verifies an electronic signature attached to the again received first electronic mail based on the certification authority certificate.12-02-2010
20100250946AD HOC DISTRIBUTION - Systems and methods for developing an application for a data processing device using a portal, such as a world wide web portal. In one exemplary method, an application signing certificate is generated using the portal, and the portal designates the data processing device using a unique device identifier. A unique application identifier for the application is created using the portal. An application provisioning file is created using the portal. The application provisioning profile comprises the application signing certificate, the unique application identifier, and the unique device identifier.09-30-2010
20110010553On-Line Membership Verification - A system and method of providing on-line verification of various credentials without requiring second site authentication utilizes protocols and cryptography to assure customers (generally referred to hereinafter as “users”) that they are dealing with a person (or organization) that can present multiple, non-repudiable proof of their identification. The system is launched directly from the user's browser such that certificate verification is performed “locally”, without needing to go out and obtain information from a second web site. The system is based upon the creation of a new MIME (i.e. Multipurpose Internet Mail Extensions) type that is employed by the user's browser and utilizes public keys associated with the credentialing organizations in combination with a public key of the verification organization.01-13-2011
20110010554METHOD AND APPARATUS FOR PROVIDING INTELLIGENT ERROR MESSAGING - A method and apparatus for providing intelligent error messaging is disclosed wherein a user of a mobile communications device is provided with descriptive error messaging information to assist the user in overcoming errors associated with the processing of electronic messages and data. For example, when the mobile device is being used to decrypt a cryptographically secured electronic message, and a problem is encountered, program logic of the device provides the user with (1) an indication of exactly what problem is preventing opening of the message, for example, a required cryptographic key is not available; (2) an indication of exactly what may be done to overcome the problem, for example, what utilities should be run on the device; and (3) exactly what data, if any, needs to be downloaded to the device, for example, what cryptographic keys should be downloaded.01-13-2011
20110113252CONCIERGE REGISTRY AUTHENTICATION SERVICE - In an example embodiment described herein is an apparatus comprising a transceiver configured to send and receive data, and logic coupled to the transceiver. The logic is configured to determine from a beacon received by the wireless transceiver whether an associated wireless device sending the beacon supports a protocol for advertising available services from the associated wireless device. The logic is configured to send a request for available services from the associated wireless device via the wireless transceiver responsive to determining the associated wireless device supports the protocol. The logic is configured to receive a response to the request via the wireless transceiver, the response comprising a signature. The logic is configured to validate the response by confirming the signature comprises network data cryptographically bound with service data.05-12-2011
20110078448Short-Lived Certificate Authority Service - An integrated authentication service is described which may receive a bundled request from one or more clients. One or more of the described techniques may be utilized to provide, in response to a single bundled request, a token for proof of identity and a certificate for establishing secure communications.03-31-2011
20100223469Method, System and Computer Program Product for Certifying Software Origination - The disclosed embodiments present a method, system and computer program product for certifying software origination. The method for certifying software origination comprises generating at least one certificate of originality for a software artifact, generating a key for authenticating the certificate of originality, incorporating the key into the certificate of originality, and embedding the certificate of originality in the software artifact.09-02-2010
20100131766NOTIFYING USERS OF SERVER CHANGES VIA SSL - An apparatus and a method for authenticating a secure communication is described. A server receives a request from a client for an original SSL certificate. The server embeds a message in a common name (CN) of a new SSL certificate directing the client to another server. The client is transparently reconfigured and establishes a secure communication with the other server using the new SSL certificate.05-27-2010
20100131765ANONYMOUS VERIFIABLE PUBLIC KEY CERTIFICATES - The anonymity of a user at a client computer may be preserved when authenticating with an on-line service or content provider through the use of an anonymous and verifiable (i.e., “blind”) certificate set that is created by a certificate authority from a fixed-size set of PKI key pairs. The certificate authority randomly selects a subset of PKI key pairs to generate the blind certificate set where each certificate in the set includes a respective public key from the PKI key pair subset. The certificate authority also sends the private keys from the PKI key pair subset to the user. During authentication, the client computer is configured to randomly select a subset of one or more certificates from the set to present to the provider. The provider will encrypt content using the public keys in the subset of certificates and the client will decrypt the content with the corresponding private keys.05-27-2010
20100180121METHOD AND APPARATUS FOR ENHANCING SECURITY IN NETWORK-BASED DATA COMMUNICATION - Various embodiments of a method and associated equipment for enhancing security in a network-based data communication are provided. In one embodiment, the method includes: a) maintaining at least access to data which a transmitting user may selectively transmit, b) providing a submit control associated with a recipient user to which the data may be selectively transmitted, c) in response to the transmitting user activating the submit control, presenting information to the transmitting user that identifies the recipient user to which the data is about to be sent, and d) in response to the transmitting user activating a verification control, transmitting the data to the recipient user. In one embodiment, the associated equipment includes a first computing device associated with a transmitting user, a second computing device associated with a recipient user; and a communication network through which the first computing device can operatively communicate with the second computing device.07-15-2010
20090313474NON-TRANSFERABLE ANONYMOUS DIGITAL RECEIPTS - The present invention relates electronic receipts. There is provided a method for generating an electronic receipt in a communication system providing a public key infrastructure, the method comprising the steps of receiving by a second party a request message from a first party, the request message comprising a transaction request and a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party, electronically signing at least part of the request message with a second public key assigned to the second party to issue the electronic receipt, and providing the electronic receipt to the first party. Further, there is provided a method for verifying the ownership of an electronic receipt in a communication system providing a public key infrastructure, the verification arising out of a series of messages being sent and received between a first party and a verifying party, the method comprising the steps of receiving a proof message from the first party, the proof message being derived from at least a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party and an electronic receipt that has been issued by electronically signing a request message with a second public key, determining whether or not the proof message was derived from the second public key.12-17-2009
20090313473METHOD AND APPARATUS FOR SECURE MEASUREMENT CERTIFICATION - The invention relates to methods and apparatuses for acquiring a physical measurement, and for creating a cryptographic certification of that measurement, such that its value and time can be verified by a party that was not necessarily present at the measurement.12-17-2009
20090217047SERVICE PROVIDING SYSTEM, SERVICE PROVIDING SERVER AND INFORMATION TERMINAL DEVICE - A service providing system is provided, which includes a client device capable of accessing a tamper-resistant secure memory, an area management server managing memory area of the secure memory and a service providing server providing service that uses the secure memory to the client device, and which improves the security at the time of sending an access control list provided by the area management server and an instruction set provided by the service providing server to the client device by using a digital signature and a certificate.08-27-2009
20110072270SYSTEM AND METHOD FOR SUPPORTING MULTIPLE CERTIFICATE STATUS PROVIDERS ON A MOBILE COMMUNICATION DEVICE - A method and system for supporting multiple digital certificate status information providers are disclosed. An initial service request is prepared at a proxy system client module and sent to a proxy system service module operating at a proxy system. The proxy system prepares multiple service requests and sends the service requests to respective multiple digital certificate status information providers. One of the responses to the service requests received from the status information providers is selected, and a response to the initial service request is prepared and returned to the proxy system client module based on the selected response.03-24-2011
20110078447SECURE INTER-PROCESS COMMUNICATIONS - Securing inter-process communications includes receiving, from a device that supports a first process that is an instantiation of a first application being executed, a request to initiate inter-process communications. Securing inter-process communications also includes replying to the device with a request for information of a first digital certificate that uniquely authenticates an identity of the first process. An identity of a second process that is a distinct instantiation of the first application is authenticated using a second digital certificate distinct from the first digital certificate.03-31-2011
20110072269NETWORK AV CONTENTS PLAYBACK SYSTEM, SERVER, PROGRAM AND RECORDING MEDIUM - A system, including: an audio-visual terminal; and a storage terminal, wherein the audio-visual terminal establishes a first connection protected by authentication and encryption, to server providing AV contents on a network; acquires an authorization to use of the contents by the first connection, concurrently acquires download control information including contents location information that indicates a location of the AV contents on the network and license information about the AV contents; and transmits the acquired download control information to the storage terminal, and the storage terminal acquires the download control information from the audio-visual terminal, downloads the contents from the server based on the contents location information via the network and stores the contents; acquires a license of the contents from the server based on the license information and stores the license; and uses the contents for a predetermined period based on the stored license.03-24-2011
20110016324DATA CARD VERIFICATION SYSTEM - A method of verifying a pair of correspondents in electronic transaction, the correspondents each including first and second signature schemes and wherein the first signature scheme is computationally more difficult in signing than verifying and the second signature scheme is computationally more difficult in verifying than signing. The method comprises the step of the first correspondent signing information according to the first signature scheme and transmitting the first signature to the second correspondent, the second correspondent verifying the first signature received from the first correspondent, wherein the verification is performed according to the first signature scheme. The second correspondent then signs information according to the second signature scheme and transmits the second signature to the first correspondent, the first correspondent verifies the second signature received from the second correspondent, wherein the verification is performed according to the second signature algorithm; the transaction is rejected if either verification fails. The method thereby allows one of the correspondents to participate with relatively little computing power while maintaining security of the transaction.01-20-2011
20100306546MOBILE CERTIFICATE DISTRIBUTION IN A PKI - A method of providing certificate issuance and revocation checks involving mobile devices in a mobile ad-hoc network (MANET). The wireless devices communicate with each other via Bluetooth wireless technology in the MANET, with an access point (AP) to provide connectivity to the Internet. A Certificate authority (CA) distributes certificates and certification revocation lists (CRLs) to the devices via the access point (AP). Each group of devices has the name of the group associated with the certificate and signed by the CA. A device that is out of the radio range of the access point may still connect to the CA to validate a certificate or download the appropriate CRL by having all the devices participate in the MANET.12-02-2010
20090240944GENERATION METHOD AND UPDATE METHOD OF AUTHORIZATION KEY FOR MOBILE COMMUNICATION - The present invention relates to an authorization key generating method and an authorization key updating method in a mobile communication system. A terminal and a base station generate an authorization key by using a terminal random value and a base station random value that are exchanged in an authorization key generating procedure as input data. In addition, a lifetime of an authorization key is established to be shorter than a lifetime of a root key, and the authorization key is updated with an updating period that is shorter than that of the root period.09-24-2009
20110055575Enhancement to Volume License Keys - A method includes issuing a digital certificate to a licensee, the digital certificate identifying a licensed product and the licensee to enable the licensee to enable the licensed product. The method involves receiving a request to enable the licensed product from an entity, the request including the digital certificate and determining whether the entity is the licensee of the licensed product based on the digital certificate. A system includes a relational structure having associations among authorized entities and digital certificates within an organization. Each to digital certificate identifies a licensed product licensed to the organization. A certificate distribution module distributes the digital certificates to associated authorized entities.03-03-2011
20100146280REMOTE ASSISTING METHOD AND SYSTEM - A remote assisting method is applied in a remote assisting system, which includes a server, a help-asking device and a helping device. The remote assisting method includes the following steps. First, ticket information is encrypted into encrypted ticket information, which is provided to the server, in response to a help-asking event and according to a first key. Next, the encrypted ticket information provided by the help-asking device is decoded into the ticket information according to a second key. Then, the ticket information, generated by decoding, is provided to the helping device such that the helping device can log in the help-asking device and perform a remote assisting operation.06-10-2010
20110093713SIGNATURE METHOD AND DEVICE - A method for signing a document to be transmitted between two correspondents, i.e. a sender and an addressee, including recording the sender and the addressee of the document for the allocation of a digital identity thereto; authorizing by the addressee a correspondence with the sender; ciphering the document; indicating to the addressee that the document is available; detecting an access to the document by the addressee; generating an electronic report indicating the delivery of the document, the document-delivery electronic report including a set of data associated with the transmission of the document to the addressee, the set including identification of elements concerning the addressee authentication, the sealing of the document, the access to the document by the addressee and the time-stamping of the access to the document by the addressee; and electronically signing, by a reliable third-party using the private key thereof, the document-delivery electronic report.04-21-2011
20090077383SYSTEM AND METHOD FOR AUTHENTICATION, DATA TRANSFER, AND PROTECTION AGAINST PHISHING - Methods and systems for secure electronic data communication over public communication networks. A secure data communication component may be utilized to implement a communication protocol. New versions of the data communication component may be generated, with each version containing a different communication protocol. Source code of the data communication component may be modified using a polymorph engine to create a functionally-equivalent component having a different code structure. An anti-phishing component may intercept a link in an electronic communication activated by a user, analyze the link and the electronic communication, determine a phishing risk to the user posed by the link, and direct the user to a location indicated by the link or redirect the user to a valid location. A server authentication component may detect and prevent DNS attacks, injections, and defacing activities.03-19-2009
20120005481AUTHENTICATED PROGRAM EXECUTION METHOD - According to a conventional technique, in the case where a program is stored into a non-volatile memory once and then activated, authentication of the program is performed immediately before such activation. However, calculations such as decryption of encrypted values are required before the activation of the program starts, which causes the problem that responsiveness is decreased in proportion to the time required for calculations. In order to solve this problem, authentication of a program is performed immediately before such program is stored, so that no authentication is performed or only a part of the authentication is performed to verify the validity of certificates at program activation time.01-05-2012
20120005480METHODS FOR FIRMWARE SIGNATURE - A method for installing embedded firmware is provided. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware.01-05-2012
20110099379AUGMENTED SINGLE FACTOR SPLIT KEY ASYMMETRIC CRYPTOGRAPHY-KEY GENERATION AND DISTRIBUTOR - A system for authenticating a user of a communication network is disclosed. The system includes a user station associated with the user and an authenticating station communicatively coupled to the user station via the communication network. The authenticating station is configured to authenticate the user. The authenticating station is further configured to perform an operation, which includes receiving a first value, from a user station associated with the user, via the communication network. The first value represents a first user credential. A first key portion is generated based on the first value and a second value that is unknown to the user. The first key portion, along with a second key portion, is used for authenticating credentials of the user for a predefined period of time or for authenticating user credentials for a predefined number of times. The second key portion is generated based on the first key portion. A cookie that includes the second value or a value derived from the second value is generated and transmitted to the user station and then the second value is destroyed.04-28-2011
20120124379ANONYMOUS AUTHENTICATION SIGNATURE SYSTEM, USER DEVICE, VERIFICATION DEVICE, SIGNATURE METHOD, VERIFICATION METHOD, AND PROGRAM THEREFOR - The user device includes: a recording unit which stores system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate; an input/output unit which receives input of the document from the user and an attribute the user intends to disclose; a cryptograph generating module which generates a cryptograph based on the inputted document, the attribute to be disclosed, and each of the parameters; a signature text generating module which generates a zero-knowledge signature text from the generated cryptograph; and a signature output module which outputs the cryptograph and the zero-knowledge signature text as the signature data. The user public key and the attribute certificate are generated by using a same power.05-17-2012
20090132824Original, data circulation method, system, apparatus, and computer readable medium - An original data circulation system for storing or circulating original data which is digital information is provided. The original data circulation system includes an issuer apparatus, a user apparatus and a collector apparatus. The issuer apparatus generates originality information including first information corresponding to the issuer apparatus and second information corresponding to data and sends the originality information. The user apparatus verifies the validity of the source apparatus of the originality information and stores the originality information when the validity is verified. The collector apparatus verifies the validity of the source apparatus of the originality information and processes data corresponding to the second information when the validity is verified.05-21-2009
20120166805METHOD AND SYSTEM FOR EXCHANGE MULTIFUNCTION JOB SECURITY USING IPV6 NEIGHBOR DISCOVERY OPTIONS - A method that facilitates exchange multifunction job security using IPv6 Neighbor Discovery, which includes generating a job on a first node, the first node having a software module, which creates at least one security option for the job; sending a neighbor solicitation request with the at least one security option to a second node; receiving the neighbor solicitation request on the second node, the second node having a software module for processing the neighbor solicitation request with the at least one security option; sending a neighbor advertisement to the first node; receiving the neighbor advertisement from the second node to obtain a job identifier for the job; and if the job identifier for the job is obtained, processing the job on the first node.06-28-2012
20100275024METHOD AND SYSTEM FOR DISPLAYING VERIFICATION INFORMATION INDICATORS ON A NON-SECURE WEBSITE - A method and system of displaying information indicators that help provide security assurances to consumers. The method works by having a plug-in or browser extension that determines the URL of a browsed to website. The browser then initiates a secure connection to the domain associated with the URL of a browsed-to website. The plug-in can then show an indicator based on whether or not a digital certificate exists. If desired, the plug-in can perform further checks to ensure the validity and authenticity of the certificate. The information indicators can be static, pre-selected by the program, or selected by the end user.10-28-2010
20100011214METHOD AND APPARATUS FOR SECURE TRUSTED TIME TECHNIQUES - A method and apparatus to establish a trustworthy local time based on trusted computing methods are described. The concepts are scaling because they may be graded by the frequency and accuracy with which a reliable external time source is available for correction and/or reset, and how trustworthy this external source is in a commercial scenario. The techniques also take into account that the number of different paths and number of hops between the device and the trusted external time source may vary. A local clock related value which is protected by a TPM securely bound to an external clock. A system of Accuracy Statements (AS) is added to introduce time references to the audit data provided by other maybe cheaper sources than the time source providing the initial time.01-14-2010
20120084566METHODS AND SYSTEMS FOR PROVIDING AND CONTROLLING CRYPTOGRAPHIC SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS - Methods and systems for providing secure access to network resources are disclosed. A method includes defining in a provisioning utility one or more communities of interest, each community of interest including one or more users and associated with a key. The method includes providing a service key to a client computing device that is useable to establish a secure connection to a service enclave including an authorization server. The method also includes transmitting from the authorization server, for each community of interest including an identified user of the client computing device, an identity of a customer enclave and a key associated with a community of interest including the user of the client computing device, the community of interest including computing resources included in the customer enclave.04-05-2012
20100332838SYSTEMS AND METHODS FOR AUTHENTICATING AND PROVIDING ANTI-COUNTERFEITING FEATURES FOR IMPORTANT DOCUMENTS - A method for authenticating a document comprises obtaining the contents of a document, obtaining biometric characteristics from an individual, forming a message based on the contents of the document and the biometric characteristics of the individual, generating a digital signature based on the message and a key, and writing the digital signature to an Radio Frequency Identification (RFID) tag affixed to the document.12-30-2010
20110004763CERTIFICATE VALIDATION METHOD AND CERTIFICATE VALIDATION SERVER AND STORAGE MEDIUM - A certificate validation method for causing a certificate validation server to receive a certificate validation request from a given terminal device, build a certification path of from a first certificate authority (CA) to a second CA, perform validation of the certification path, and send a validation result to the terminal which issued the certificate validation request is disclosed. The validation server detects either a key update of any given CA or a compromise of the given CA, acquires a certificate of relevant CA and first certificate status information and second certificate status information, stores the acquired information in a storage unit or, alternatively, updates the information stored in the storage based on the acquired information, and performs the building of a certification path and validation of the certification path by use of the information of the storage unit.01-06-2011
20110238996TRUSTED NETWORK CONNECT HANDSHAKE METHOD BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network connect handshake method based on tri-element peer authentication is provided, which comprises the following steps. An access controller (AC) sends message 09-29-2011
20120278625Social network based PKI authentication - A user device generates a social graph-based user certificate that conveys a trust level to other users of the social network. A user certificate for a user is obtained, the user having a user public key and corresponding user private key. A plurality of potential signers is identified within one or more social networks. The certificate is then sent to the identified plurality of potential signers. One or more signed versions of the user certificate may be received from at least some of the plurality of potential signers. The user device may assign a signer weight to each signed version of the user certificate, each corresponding signer weight associated with the signer of each signed version of the certificate. The user certificate, the user signature, one or more signed versions of the user certificate, and the user-assigned signer weights are distributed to one or more recipients.11-01-2012
20120089842COMMUNICATION SYSTEM FOR AUTHENTICATING MESSAGES WITH UNIQUELY SPECIFIED GENUINE INFORMATION - In a sensor network system, a transmitter device uses a message authentication key generated by a message generator to transmit a message with authenticator to plural receiver devices, which in reply produce a certification by a certification generator from a message with authenticator held by a message holder to transmit the certification to the transmitter device. An information generator of the transmitter device uses an identification from a reception checker and the message authentication key thus generated to generate an authentication key notification, which will be transmitted to receiver devices having transmitted the certification. In the receiver devices, the message holder holds the authentication key notification, from which an authentication key acquirer acquires the message authentication key, which a message authenticator uses to compare the message with authenticator generated with the message with authenticator held in the message holder to confirm the received message.04-12-2012
20120089841DIGITAL SIGNATURES OF COMPOSITE RESOURCE DOCUMENTS - An embodiment of the disclosure can receive a composite resource document containing at least one resource. An updated manifest resource can be obtained. The updated manifest resource can list all resources in the composite resource document. A set of zero or more (0 . . . N) resources can be indicated. Each indicated resource is one that is to be subtracted from the list of resources in the updated manifest resource in order to create a generated signature reference list of identified resources to be signed. A hash token can be generated using the resources identified in the generated signature reference list to form a signature hash token. The signature hash token can be encrypted with a secret key.04-12-2012
20110276803SYSTEM AND METHOD FOR MULTI-CERTIFICATE AND CERTIFICATE AUTHORITY STRATEGY - Operations or functions on a device may require an operational certificate to ensure that the user of the device or the device itself is permitted to carry out the operations or functions. A system and a method are provided for providing an operational certificate to a device, whereby the operational certificate is associated with one or more operations of the device. A manufacturing certificate authority, during the manufacture of the device, obtains identity information associated with the device and provides a manufacturing certificate to the device. An operational certificate authority obtains and authenticates at least a portion of the identity information associated with the device from the manufacturing certificate and, if at least the portion of the identity information is authenticated, the operational certificate is provided to the device.11-10-2011
20110320818SYSTEM AND METHOD FOR PROVIDING SECURITY IN BROWSER-BASED ACCESS TO SMART CARDS - A method of operating a host computer having a web-browser with the capability of executing at least one web-browser add-on to provide a web application access to a smart card to protect the smart card from security threats associated with being connected to the Internet. Prior to establishing a connection between a web application executing in the web browser, verifying that the web application has been authorized to connect to a smart care using the web-browser add-on to provide a web application access to a smart card.12-29-2011
20110320817ELECTRONIC CERTIFICATE ISSUANCE SYSTEM, ELECTRONIC CERTIFICATE ISSUING DEVICE, COMMUNICATION DEVICE, AND PROGRAM THEREFOR - An electronic certificate issuance system comprising at least one communication device, and an electronic certificate issuing device for issuing a set of an electronic certificate and a private key corresponding to the electronic certificate as a certification set for each of the at least one communication device, is provided. The electronic certificate issuing device includes a first connecting interface, an obtaining system, which is adapted to obtain a node ID assigned to each of the at least one communication device, a generating system, and a writing system. The at least one communication device includes a second connecting interface, a judging system, and an installing system.12-29-2011
20120331299COMMUNICATIONS APPARATUS, COMMUNICATIONS SYSTEM, AND METHOD OF SETTING CERTIFICATE - An apparatus in a system which includes at least a high-level apparatus and a plurality of low-level apparatuses, said apparatus being one of the low-level apparatuses. The apparatus includes a storage unit configured to store an individual certificate set and a common certificate set and a communication unit configured to transmit own authentication information to the high level apparatus to allow the high level apparatus to perform decryption to authenticate the validity of the apparatus.12-27-2012
20130024695MECHANISM AND METHOD FOR MANAGING CREDENTIALS ON IOS BASED OPERATING SYSTEM - A mechanism and method for managing credentials on an electronic device configured with an iOS based operating system. The iOS based device includes a “keychain” configured in device memory. According to an embodiment, the electronic device comprises an application configured to generate a public certificate object in the keychain and a password object in the keychain. The public certificate object is configured to store a public certificate, and the password object is configured to store a private key. The password object further includes a label or thumbprint for associating the private key with the corresponding public certificate. According to an embodiment, the application stores the private key in an encrypted container in the password object to provide an additional layer of security. The application is configured to unlock the encrypted container utilizing a password provided the user. According to a further aspect, the user password is not stored in memory on the device. According to an embodiment, the private key is generated and provided by a credential management system operatively coupled to the electronic device for digitally signing an email message.01-24-2013
20110264916MOTOR VEHICLE ELECTRONICS DEVICE, MOTOR VEHICLE, METHOD FOR DISPLAYING DATA ON A MOTOR VEHICLE DISPLAY APPARATUS, AND COMPUTER PROGRAM PRODUCT - The invention relates to a motor vehicle electronics device comprising a first interface (10-27-2011
20120254618AUTHENTICATION CERTIFICATES - An audio/video content delivery system having a network content source linked by an internet data connection to a content receiver that receives content from the network content source via the internet data connection, and also receives access-controlled encoded broadcast content from the network content source or another content source via a separate broadcast data path. The network content source requests a client certificate from the content receiver. The content receiver includes a host module to store a network client certificate and send it to the network content source, and a conditional access module (CAM) with an access control unit for decoding the access-controlled encoded broadcast content. The host module and the CAM provide an encrypted communication link for decoded access-controlled encoded broadcast content. The broadcast content source transmits a client certificate to the CAM. The CAM transmits the client certificate to the host module via the encrypted communication link.10-04-2012
20110225426TRUSTED GROUP OF A PLURALITY OF DEVICES WITH SINGLE SIGN ON, SECURE AUTHENTICATION - A system creates a trusted group of devices for single sign on. The trusted group is a set of two or more devices which can communicate securely to exchange information about the states of the devices. The two or more devices can arrange or establish the trusted group through the exchange of credentials or authentication information. After the establishment of the trusted group, the two or more devices may communicate through a secure connection established between the members of the trusted group. Each device may then execute normally and may encounter events that change the status of the device. Information about the locking or unlocking of the computer can be exchanged with the other members of the trusted group and the other members may also lock or unlock in concert.09-15-2011
20110314289REMOTE VERIFICATION OF ATTRIBUTES IN A COMMUNICATION NETWORK - It is provided an apparatus, comprising property checking means configured to check whether a claimant property information received from a claimant device corresponds to a predefined claimant attribute; obtaining means configured to obtain a result, which is positive only if the claimant property information corresponds to the predefined claimant attribute as checked by the property checking means; key generation means configured to generate a first claimant intermediate key from a predefined claimant permanent key stored in the apparatus; supplying means configured to supply, to the claimant device, the first claimant intermediate key using a secured protocol, wherein at least one of the key generation means and the supplying means is configured to generate and to supply, respectively, the first claimant intermediate key only if the result is positive.12-22-2011
20120030469Streamlined CSR Generation, Certificate Enrollment, and Certificate Delivery - The process of acquiring SSL certificates for enterprise SSL customers is improved by reducing the number of steps used to acquire the SSL certificate and streamlining the process. An on-line CSR generator on the certificate enrollment form is used to submit the customer information (i.e. Common Name, Organizational Unit, Organization, City/Locality, State/Province, and Country Code) and generate the CSR. By making the CSR generation part of the enrollment process, the administrator can use the same enrollment form to submit the customer information along with the contact information pertinent to the enterprise.02-02-2012
20130198521Secure File Drawer and Safe - An online file storage system having secure file drawer and safe is disclosed for securely storing and sharing confidential files. The system comprises a web-based user interface, tools for setting up server-side encryption method and client-side encryption method, tools for synchronizing encryption between different computers, tools for uploading files, tools for tracking files, tools for granting the right of access to files to the owner of other safes, and tools for generating authenticity certificate for proving the upload time and the substance of the files in a future time.08-01-2013
20120047368AUTHENTICATING A MULTIPLE INTERFACE DEVICE ON AN ENUMERATED BUS - A method for authenticating a multiple interface accessory device is provided. The method includes receiving enumeration information identifying the multiple interfaces supported by the accessory. The enumeration information includes information about a master interface supported by the accessory. A host device obtains authentication information from the accessory in accordance with a protocol associated with the master interface. Based on the authentication information, the host device determines whether the accessory is authorized to communicate with the host device. In the event that the accessory is authorized, the host device permits communication with the accessory using one or more of the multiple interfaces supported by the accessory.02-23-2012

Patent applications in class By generation of certificate