Entries |
Document | Title | Date |
20080216166 | Method and Apparatus for Detecting Grid Intrusions - A method, apparatus, and computer instructions for authorizing a user to access grid resources. A request is received from the user to access a resource on the data processing system. This request includes a certificate. An authentication process is performed using the certificate when the request is received. In response to successfully authenticating the user in the authentication process, a first host name for the certificate is requested from a trusted source. A reply containing the first host name is received. Access to the resource is provided if the first host name returned by the trusted source matches a second host name for the user from which the request originated. | 09-04-2008 |
20080263653 | APPARATUS, SYSTEM, AND METHOD FOR ESTABLISHING A REUSABLE AND RECONFIGURABLE MODEL FOR FAST AND PERSISTENT CONNECTIONS IN DATABASE DRIVERS - An apparatus, system, and method for establishing a reusable and reconfigurable trusted connection within a trusted context. The invention enhances interoperability with any existing authentication methods including the Kerberos, the DCE, and a combination of a user name and a password. The present invention includes common interfaces in a database driver for a middleware server to obtain a trusted connection. The invention enhances trusted context interoperability by allowing different types of trusted connections such as a normal connection, a pooled connection, or even a distribution transaction connection. The database driver generates unique identifiable information once a trusted connection is authenticated that can be utilized to reuse and reconfigure the trusted connection without re-authentication. The present invention allows various types of trusted connections to be established through any authentication mechanisms and allows those trusted connections to be reused and reconfigured, even by a different client, in a fast and persistent way. | 10-23-2008 |
20080271132 | Host Identity Protocol Method and Apparatus - A method is provided of at least partially securing communications between first and second hosts using the Host Identity Protocol, HIP, where the first host is not HIP enabled and the second host is HIP enabled. A persistent HIP identity is associated with the first host and maintained at a remote server. A public part of the persistent HIP identity is obtained from the remote server together with a certificate authorising a gateway node between the first and second hosts to use a temporary HIP identity associated with the first host in a subsequent negotiating step. A secure HIP connection is then negotiated between the gateway node and the second host using at least part of each of the persistent HIP identity, the temporary HIP identity and the certificate. A Host Identity Protocol, HIP, method is provided for use in a network in which a non-HIP-enabled host is communicating with a HIP-enabled host via a plurality of gateway nodes in turn, comprising using a persistent HIP identity for the first host, maintained at a remote server, for each such gateway node used. | 10-30-2008 |
20080271133 | Authenticating a Requestor Without Providing a Key - A method for authenticating a requesting entity in a communications environment. In an exemplary embodiment, the method includes determining a client identification of a client node associated with the requesting entity, and determining whether the requesting entity associated with the client node is acting in a supervisor capacity. A key to the requesting entity is returned from a resource provider node upon determining that the client identification of the client node indicates that the client node is permitted to access one or more resources of the provider node, and that the client node is acting in a supervisor capacity. | 10-30-2008 |
20080289024 | Printing Apparatus and Information Processing Apparatus - A printing apparatus is connected to a network which includes an information processing apparatus transmitting printing data and an authentication information issuance server issuing authentication information to the information processing apparatus. The printing apparatus includes a transmitting unit, a receiving unit, and a printing unit. The transmitting unit transmits, to the information processing apparatus, information showing the authentication information being required, the authentication information is required in order to perform printing based on the printing data transmitted from the information processing apparatus, and the authentication information is issued from the authentication information issuance server. The authentication information indicates permission issued from the authentication information issuance server. The receiving unit receives the authentication information issued from the authentication information issuance server and the printing data from the information processing apparatus. The printing unit performs a print job based on the printing data received by the receiving unit. | 11-20-2008 |
20080289025 | Method and an apparatus to validate a web session in a proxy server - Some embodiments of a method and an apparatus to validate a web session in a proxy server have been presented. In one embodiment, a first message authentication code is generated at a proxy server communicatively coupled between an application server and a client upon receiving a message from the application server. The message is generated by the application server in response to an authentication request from the client to initiate a web session. The proxy server then adds the first message authentication code and one or more timestamps to the message. Then the proxy server may send the message to the client, wherein the client may use the first message authentication code and the one or more timestamps to request access to predetermined content during the web session. | 11-20-2008 |
20080295162 | METHOD AND APPARATUS FOR AUTHENTICATING USERS IN A NETWORK | 11-27-2008 |
20080301793 | APPARATUS AND METHOD OF VERIFYING ONLINE CERTIFICATE FOR OFFLINE DEVICE - An apparatus and a method are provided for verifying an online certificate for an offline device. The apparatus includes a nonce generation unit which generates a nonce and a certificate verification request message that requests verification of a certificate on a target online device subject to authentication, wherein the certificate verification request message includes the generated nonce; a transmitting and receiving unit which transmits the certificate verification request to an online device and receives an online certificate status protocol (OCSP) response message from the online device; and a certificate verification result determination unit which extracts a nonce from the OCSP response and compares the extracted nonce with the nonce generated by the nonce generation unit to determine whether the OCSP response is reliable. | 12-04-2008 |
20080320578 | METHODS AND APPARATUS FOR DYNAMIC SUBSCRIPTION BINDING - A method for dynamic management of subscription based data for a fielded system utilizing a remote computer system is described. The method comprises providing unique identification data for the fielded system to the remote computer system, receiving user identification data at the remote computer system, and determining, at the remote computer system, from at least one of the unique fielded system identification data and the user identification data, if the fielded system is bound to a set of subscription based data, or if the fielded system is available to be bound to a set of subscription based data. | 12-25-2008 |
20080320579 | Method and system for validating references - The present invention relates to enhanced workflow solutions for authors (e.g., researchers, scientists, and scholarly authors) and publishers (e.g., journals and professional and technical societies) in preparing documents in structured format for facilitating efficient and accurate validation of references cited or included in papers and other submissions for publication or for review. An author prepares a document containing a set of cited references using a formatting structure. A system includes a processor to process the document to extract embedded metadata associated with the set of cited references. The processor executes code associated with a reference validation software module and automatically recognizes the formatting structure and the embedded metadata. The processor automatically extracts the embedded metadata and compares the extracted metadata against an authority database to determine the validity of the set of cited references. | 12-25-2008 |
20090007250 | Client authentication distributor - The claimed method and system provides a client authentication distributor component (CAD) that handles multiple client application requests for authentication to a common authentication provider. In one embodiment, only a single user sign on process may be required after which the CAD manages future authentication processes on behalf of the user without the user requiring to provide credentials. | 01-01-2009 |
20090025075 | On-demand authentication of call session party information during a telephone call - A method comprises a plurality of operations. An operation is performed for requesting authentication of a target call session party during a call session between the target party and a call session party requesting said authentication. An operation is performed for receiving authentication information of the target call session party during the call session in response to requesting said authentication. An operation is performed for facilitating authentication of said authentication information during the call session in response to receiving said authentication information. | 01-22-2009 |
20090025076 | Mail certificate responder - A method and apparatus for generating a mail certificate is described. A client determines whether the client possesses a certificate. If a certificate is needed, the client sends a request to a certificate responder for a new certificate in response to the determination. The certificate responder generates and sends the new certificate back to the client. | 01-22-2009 |
20090031409 | Preventing Unauthorized Poaching of Set Top Box Assets - To prevent poaching of an Internet Protocol (IP) set top box (STB) asset or similar network computing device from one system operator to another, code executing in the IP STB not only authenticates downloaded software images using a public key provided in a serial-number assigned digital certificate, but also confirms that the serial number appears on a signed whitelist, or does not appear on a signed blacklist. The code executing in the STB further preferably enforces a rule that only the authority that signed the already-loaded whitelist/blacklist may replace it with a new list. Such a “sticky whitelist/blacklist” ensures that if the STB boots or resets in a new network, the existing authentication list will not be replaced by a list that is valid for a new or different network, and, as a result, that new software code images will not be authenticated. | 01-29-2009 |
20090031410 | Certificate generation for a network appliance - A method and system for generating identity certificates. The method may include receiving a user request to activate a network appliance, and causing a network appliance identifier and a transaction identifier of an activation transaction associated with the user request to be transmitted to the network appliance. A certificate signing request (CSR) and the transaction identifier may be received from the network appliance, the CSR including the network appliance identifier. A certificate may be generated for the network appliance if the activation transaction is valid. | 01-29-2009 |
20090031411 | Method and sytsem for assuring security of a transaction in a telecommunication network - The invention relates to a method for assuring security of a commercial transaction between a terminal ( | 01-29-2009 |
20090037997 | METHOD FOR DETECTING DNS REDIRECTS OR FRAUDULENT LOCAL CERTIFICATES FOR SSL SITES IN PHARMING/PHISHING SCHEMES BY REMOTE VALIDATION AND USING A CREDENTIAL MANAGER AND RECORDED CERTIFICATE ATTRIBUTES - Certificate information associated with a received certificate, such as a Secure Sockets Layer (SSL) certificate is stored in a trusted local cache and/or in one or more remote trusted sources, such as a single remote trusted source and/or a trusted peer network. When a site certificate is received on a host computer system, certificate information associated with the received site certificate is obtained and compared with the stored certificate information to determine whether or not the site certificate indicates malicious activity, such as a malicious DNS redirection or a fraudulent local certificate. When a site certificate is not found indicative of malicious activity, the site certificate is released. Alternatively, when a site certificates is found indicative of malicious activity protective action is taken. In some embodiments, a user's log-in credentials are automatically obtained from a trusted local cache and automatically submitted to a web site. | 02-05-2009 |
20090055917 | Authentication method and authentication system using the same - An authentication method is provided in which authentication is performed between terminals respectively belonging to a first realm and a second realm that is different from the first realm, with using a Kerberos authentication method. In order to obtain authentication with a terminal belonging to the second realm, a terminal belonging to the first realm requests a ticket granting ticket for accessing a key distribution center in the second realm, from a key distribution center in the first realm. The key distribution center in the first realm transmits an encrypted IP address of the key distribution center in the second realm together with the requested ticket granting ticket, to the terminal belonging to the first realm. | 02-26-2009 |
20090055918 | METHOD OF MUTUALLY AUTHENTICATING BETWEEN SOFTWARE MOBILITY DEVICE AND LOCAL HOST AND A METHOD OF FORMING INPUT/OUTPUT (I/O) CHANNEL - A method of mutually authenticating between a local host and a software mobility device including an operating system virtualization layer, and a method of forming an input/output (I/O) channel. The method of authenticating a local host in the software mobility device includes requesting a certificate from the local host in which an integrity value of the local host is stored, and receiving the certificate from the local host; receiving an integrity value measured in the local host and comparing the measured integrity value with the integrity value included in the certificate to verify the local host; and when the local host is verified, encrypting a security profile of the software mobility device and transmitting the encrypted security profile to the local host so as to provide secure communication between the local host and the software mobility device. | 02-26-2009 |
20090064303 | TRANSFERABLE RESTRICTED SECURITY TOKENS - In a web-based service environment, third party providers need to have varying degrees of access to user data for their complementary services. To prevent third party providers from having broader access than necessary or not adequate levels of access, transferable restricted security tickets are employed to determine an appropriate level of access for third parties. Tickets with expiration and restriction roles define a duration and level of access for a third party. The restrictions are determined through an intersection of the authorizing user's security role and restriction roles defined in the system. | 03-05-2009 |
20090100512 | Setting a preliminary time on a network appliance using a digital certificate - A method and system for setting a time on a network appliance. The method may include attempting to establish a secure connection with a server using a certificate issued for a network appliance, and determining that an attempt to establish a secure connection has failed. The method may further include determining that a possible cause of the failure to establish a secure connection is incorrect time data provided by the network appliance, and updating the time on the network appliance using time data contained in the certificate. | 04-16-2009 |
20090119765 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND STORAGE MEDIA STORING USER CERTIFICATION PROGRAM - The information processing device includes, a communication portion that communicates with a certification device which performs certification of whether or not a user has usage permission, a reception portion that receives input identification information for identifying the user, a storage portion that stores previously registered identification information, a certification portion that performs user certification, when the reception portion receives the input identification information and the communication portion requests certification of a user by sending the identification information to the certification device, based on result information, when result information is obtained from the certification device indicating a certification result, and based on whether or not the identification information is stored in the storage portion, when the result information is not obtained, and a registration portion that registers the certified identification information in the storage portion, when certification that a user has usage permission is obtained based on the result information. | 05-07-2009 |
20090126001 | TECHNIQUES TO MANAGE SECURITY CERTIFICATES - Techniques to manage security certificates are described. An apparatus may comprise a certificate proxy server having a transceiver and a certificate manager module. The certificate manager module may be operative to register a digital identity certificate for a call terminal to perform authentication operations on behalf of the call terminal, and manage the digital identity certificate for the call terminal. Other embodiments are described and claimed. | 05-14-2009 |
20090150988 | Authenticated service virtualization - Virtualizing a service is disclosed. A request to access a service from a first server is received from a client. A secret data associated with the first server is used to process the received request. The processed request is sent to a second server. The first and second servers are associated with a virtualization; and wherein the processed request can be used by the second server to authenticate the client. | 06-11-2009 |
20090150989 | USER AUTHENTICATION - A device, method, and system disclosed herein may be used to integrate and control authentication and passwords among various applications and platforms. The exemplary method may obtain a service ticket from a key distribution center of the key distribution center authentication process and generate a random key. A port between the client and the service may be created and utilized to transmit the service ticket and the random key to a service from the client. The random key may replace a password provided by the user. The random key in the password field of the service logon is transmitted to the service. The service authenticates the random key in the password field with the stored random key in the cache of the service. Once authenticated the service ticket is validated. | 06-11-2009 |
20090158414 | METHOD AND APPARATUS FOR MUTUALLY AUTHENTICATING A USER DEVICE OF A PRIMARY SERVICE PROVIDER - A system and method for communicating between a secondary content provider and a user device includes a primary service provider having an authentication server of a primary service provider authenticating the user device. The primary service provider provides primary content to the user device. The system also includes a supplemental service provider. The authentication server authenticates the service provider. The user device and the supplemental service provider mutually authenticate each other. Thereafter, the supplemental service provider communicates supplemental content to the user device. | 06-18-2009 |
20090172798 | WIRELESS DEVICE AUTHENTICATION USING DIGITAL CERTIFICATES - A method, information processing system, and wireless device provide authentication information to a network. The method includes determining that at least one authentication context ( | 07-02-2009 |
20090178129 | SELECTIVE AUTHORIZATION BASED ON AUTHENTICATION INPUT ATTRIBUTES - Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input. | 07-09-2009 |
20090178130 | VERIFYING THAT GROUP MEMBERSHIP REQUIREMENTS ARE MET BY USERS - In an embodiment, a verifier receives requirements for membership in a group from a service and receives proof of attributes from users. The verifier verifies whether the proof of attributes meets the membership requirements and sends acceptance or rejection to the service. If the proof meets the requirements, the service allows the users to become members of the group and allows the members to transfer data to and from other members. If the proof does not meet the requirements, the service prevents the users from becoming members. In this way, the service and group members know that other group members satisfy the group membership requirements without needing to know the identity of the group members or other information unrelated to the group membership requirements. | 07-09-2009 |
20090187983 | METHOD AND SYSTEM FOR DISTRIBUTED, LOCALIZED AUTHENTICATION IN THE FRAMEWORK OF 802.11 - A method for controlling Internet access of a mobile device by using a communication system having a number of access points includes the steps of performing a certificate-based authentication between an authentication access point and a mobile device seeking access to the Internet; transmitting a certificate from the mobile device to the authentication access point; verifying the certificate by the authentication access point; determining whether the authenticating mobile device's certificate has been revoked prior to the expiration of its lifetime; and granting the authenticating mobile device access to the Internet, if the certificate has been verified successfully and not revoked prior to the expiration of its lifetime. | 07-23-2009 |
20090205037 | Mobile terminal, resource access control system for mobile terminal, and resource access control method in mobile terminal - The present invention provides a mobile terminal, a resource access control system for a mobile terminal, and a resource access control method in a mobile terminal which can flexibly change resources that can be accessed by an application. An application manager | 08-13-2009 |
20090222901 | Collecting Account Access Statistics from Information Provided by Presence of Client Certificates - A method and system for collecting account access statistics from information provided by client certificates. In one embodiment, the method comprises requesting client certificates from remote terminals that request to access a computing resource. The method further comprises updating the account access statistics based on information provided by presence or absence of the client certificates and contents of the client certificates for the client certificates that are present. | 09-03-2009 |
20090222902 | Methods And Apparatus For Use In Enabling A Mobile Communication Device With A Digital Certificate - In one illustrative scenario, a mobile communication device causes a communication session to be established with a host server of a communication network. The mobile device performs communication operations in the communication session for activating a communication service, such as a data synchronization service, with the host server. In the communication session, the mobile device also receives configuration information which includes information for use in constructing a request message for obtaining a digital certificate from a certificate authority (CA). After receipt of the configuration information, the mobile device constructs the request message for the digital certificate and causes it to be sent to the host server. In response, the host server requests and obtains the digital certificate from the CA on behalf of the mobile device, and thereafter “pushes” the received digital certificate to the mobile device. The mobile device receives the digital certificate and stores it for use in subsequent communications. The host server may be part of a local area network (LAN) which includes a wireless LAN (WLAN) adapted to authenticate the mobile device based on the digital certificate, so that the mobile device may obtain access to the WLAN. | 09-03-2009 |
20090222903 | SYSTEM AND METHOD FOR SHARED RESOURCE OWNER BASED ACCESS CONTROL - Method and system for controlling application access to a shared resource in a runtime environment. The shared resource is owned by a remote resource owner. An access control ticket including a permission for the shared resource, a cryptographically verifiable remote resource owner identifier and a cryptographically verifiable application owner identifier are generated. The access control ticket is approved and signed by the remote resource owner, and transmitted to the runtime environment. The application, when executed in the runtime environment, accesses the resource based on the permission. | 09-03-2009 |
20090235347 | METHOD AND SYSTEM FOR SECURELY STREAMING CONTENT - A system and method for securely streaming media. The system includes a gateway server that receives requests for access to a secured data resource from an end users. The request include an authorization ticket and a referring website. The gateway server validates the authorization ticket using a secret key shared with the referring website, and validates the referring website by verifying that referring website is on a white-list for the secured data resource. The gateway server selects a data server to service the request, and formats a data server access request containing the data server location and data server request parameter data and transmits the data server access request to the end users. When end users transmit the data server access requests to a data server, the data server validates the request and transmits it to the end user. | 09-17-2009 |
20090249463 | METHOD AND APPARATUS FOR SECURED EMBEDDED DEVICE COMMUNICATION - In a computing device that includes a host operating system and a management engine separate from the host operating system, if the primary operating system is not operating, a management engine may obtain from a credential server via a first network connection logon information for a secured network and the management engine connects to the secure network through a secured connection using the logon information. If the operating system is operating the operating system provides the logon information to the management engine. Certificate verification may be performed by a remote server on behalf of the management engine. Other embodiments are disclosed and claimed. | 10-01-2009 |
20100031337 | METHODS AND SYSTEMS FOR DISTRIBUTED SECURITY PROCESSING - Methods and systems for processing information that is secured in transit between communicating computers utilizing a security protocol. In accordance with one embodiment of the present invention, processing with respect to the security protocol is performed by an intermediate network device located remotely from a secure data center, while maintaining the security of persistent credentials such as passwords and private cryptographic keys. The invention may be employed in conjunction with beneficial networking functions such as acceleration, traffic management and monitoring, content filtering, and the like, allowing such functions to be performed on secured traffic. The invention allows the remotely located network device to perform security protocol processing on behalf of a computer without having direct access to the persistent credentials of that computer, thereby improving overall system security. | 02-04-2010 |
20100050247 | AUTHENTICATION SYSTEM AND METHOD INCLUDING IMAGE FORMING APPARATUS - The present invention enables any authentication for a plurality of authentication methods with an authentication server for storing management data on a user. The present invention uses one of set information for logging in with an IC card and user input information from operation means in the case of logging in to a directory server; requests the directory server from a Kerberos authentication operation part for a service ticket; requests the directory server from an LDAP communication operation part for authentication with the service ticket obtained by the relevant request; and requests the directory server from the authentication processing functioning part for a search for granting use of the relevant MFP to a user with one of card information read by a card reader and a user name of user input information in the case where authentication to the directory server by the relevant request is successful. | 02-25-2010 |
20100058454 | COLLECTING ANONYMOUS AND TRACEABLE TELEMETRY - Aspects of the subject matter described herein relate to collecting anonymous and traceable telemetry. In aspects, a telemetry source may obtain a certificate or other data from an escrow certificate issuer. The certificate includes information usable by a certificate collector to verify that the certificate is valid, but does not include information usable to identify the telemetry source to the telemetry collector. | 03-04-2010 |
20100064361 | SECURELY ROAMING DIGITAL IDENTITIES - A cryptographic session key is utilized to maintain security of a digital identity. The session key is valid only for a limited period of time. Additional security is provided via a bimodal credential allowing different levels of access to the digital identify. An identity token contains pertinent information associated with the digital identity. The identity token is encrypted utilizing public-key cryptography. An identifier utilized to verify the validity of the digital identity is encrypted with the cryptographic session key. The encrypted identity token and the encrypted identifier are provided to a service for example. The service decrypts the encrypted identity token utilizing public key cryptography, and decrypts, with the cryptographic session key obtained from the identity token, the encrypted identifier. If the identifier is determined to be valid, the transaction proceeds normally. If the identifier is determined to be invalid, the transaction is halted. | 03-11-2010 |
20100071048 | SERVICE BINDING - Embodiments for performing service binding between a client and a target server are disclosed. In accordance with one embodiment, a clear text client service binding value is received from a client at the target server, the client service binding value is compared to a server service binding value, and a communication channel is formed between the client and the target server when the client service binding value matches the server service binding value. | 03-18-2010 |
20100071049 | A METHOD FOR IDENTIFYING A TASK AUTHORIZATION - In an ad hoc mesh network, roles are assignment to the different network nodes, for example mesh point or mesh portal. The invention envisages that a network node identifies the certification and thus the permitted roles of another network node before it sends a message to said other network node. This ensures that the roles maintain their integrity and the security in the network is enhanced. | 03-18-2010 |
20100100953 | PassThru for Client Authentication - This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server. | 04-22-2010 |
20100132025 | COMMUNICATION APPARATUS, COMMUNICATION SYSTEM, CERTIFICATE TRANSMISSION METHOD, ANOMALY DETECTION METHOD AND A PROGRAM THEREFOR - A communication apparatus has a communication part and authenticates a communication partner by using a digital certificate. The communication apparatus includes an authentication part carrying out authentication of the communication partner by using a common certificate. The common certificate is a digital certificate not including identification information of an apparatus. An individualized certificate transmission part acquires, in the case the authentication by the authentication part has been made successfully, an individualized certificate and transmits the individualized certificate to the communication partner. The individualized certificate is a digital certificate including identification information of the communication partner. | 05-27-2010 |
20100138907 | METHOD AND SYSTEM FOR GENERATING DIGITAL CERTIFICATES AND CERTIFICATE SIGNING REQUESTS - A certificate server is provided for issuing digital certificates to be used by a network resource and/or a client resource. The certificate server is configured to communicate with the network resource or the client resource to receive a certificate request. Upon receiving the certificate request, the certificate server may automate the process for authenticating the certificate request, validating the terms of the certificate request and digitally signing the certificate request. An authentication appliance may communicate with or be integrated within the certificate server. The certificate server includes a web service server, a certificate authority component, and a database that enable communication with either the network resource, client resource, or the authentication appliance to automate the administration process typically involved in receiving and signing a certificate request. The certificate authority component may sign the certificate request with a trusted root chain associated with the network resource. | 06-03-2010 |
20100146614 | Devices and Methods for Secure Internet Transactions - Devices and methods are disclosed which provide a mobile communications device with multiple methods of wireless communication which can use one method, such as WiFi, to connect to an independent wireless access point while using another method, such as cellular, to verify the security of the wireless access point. The wireless access point provides two SSID's: one private SSID, which is usually encrypted to prevent access, and one public SSID, which is open to any mobile communications device. The mobile communications device connects to the public SSID and downloads a digital certificate. The mobile communications device then uses its cellular connection to verify the authenticity of the digital certificate with its service provider. If verified, the mobile communications device can make use of the wireless access point. | 06-10-2010 |
20100154048 | Digital Receipt For A Transaction - A first user ( | 06-17-2010 |
20100169963 | SYSTEMS AND METHODS TO ROTATE SECURITY ASSETS USED FOR SECURE COMMUNICATIONS - Systems and methods to rotate security assets used to for secure communications are disclosed. The system includes receiving a first certificate that includes a first subject name for the remote servers. The first certificate further includes a first public key. Next, the system receives a second certificate that includes the first subject name for the remote servers. The second certificate further includes a second public key that is different from the first public key. Next, the system stores the first and second certificates in a trust module. Next, the system receive a third certificate from a first server included in the plurality of remote servers. Next, the system identifies the first server is trusted. The identifying is based on the third certificate matching any one of the first certificate and the second certificate. Finally, the system establishes a secure communication session with the first server based on the identifying the first server is trusted. | 07-01-2010 |
20100175121 | ADDING BIOMETRIC IDENTIFICATION TO THE CLIENT SECURITY INFRASTRUCTURE FOR AN ENTERPRISE SERVICE BUS SYSTEM - An enterprise service bus client accesses a user's biometric information, where the biometric information is accessed from a biometric input device coupled to the enterprise service bus client. Furthermore, the enterprise service bus client retrieves a certificate using the user's biometric information. With the certificate, the enterprise service bus client establishes a connection with an enterprise service bus server and accesses an enterprise service bus service. | 07-08-2010 |
20100180330 | Securing Communications for Web Mashups - Techniques described herein provide security for communications in web mashups. Some implementations secure web mashups by specifying and monitoring a lifecycle of one or more web applications that communicate with each other through implementation of lifecycle declarations. Furthermore, some implementations herein may use access tickets to provide access control between web applications in a web mashup. | 07-15-2010 |
20100199342 | SYSTEM AND METHOD FOR GENERATING A DIGITAL CERTIFICATE - A system and method for generating a digital certificate is provided wherein a new digital record is received and is assigned a sequence value. A first composite digital value is generated by applying a first deterministic function to the digital records stored in a repository. The sequence value and first composite digital value are included in a first certificate. After the digital record is added to the repository, a second composite digital value is generated by applying a second deterministic function to the digital records in the repository. This second composite digital value, and a composite sequence value, are published. An interval digital value which is based upon the first and second composite digital values, and the sequence value, are included in a second certificate which thus verifies the authenticity and sequence value of the digital record. | 08-05-2010 |
20100223664 | TOOLBAR DASHBOARD FUNCTIONALITY - A system described herein includes a receiver component that receives an indication that a user has selected a first selectable buttontab in a toolbar installed in a client application. The system further includes a display component that causes a dashboard to be displayed on a display device in response to receipt of the indication that the user has selected the buttontab. The dashboard includes a content window that displays content and the buttontab, wherein the dashboard is a seamless visual combination of the buttontab and the content window. | 09-02-2010 |
20100229233 | SYSTEMS AND METHODS OF MODIFYING SYSTEM RESOURCES - A method for modifying one or more system resources is provided. One or more licenses for modifying one or more system resources on a client device can be acquired. An authenticator can be generated and stored on a remote server. The authenticator can be transferred to the client device. The client device can be connected to the remote server and the remote server can authenticate the client device via the authenticator. The remote server can confirm the availability of one or more licenses, and based on the availability of one or more licenses, modify one or more system resources disposed in, on, or about the client device. After modifying the one or more system resources the remote server can decrement the remaining license count. | 09-09-2010 |
20100251354 | IMAGE FORMING APPARATUS AND IMAGE FORMING SYSTEM - An image forming apparatus according to the present invention includes an authentication control unit configured to transmit authentication information including a login user name to an authentication server to cause the authentication server to perform authentication. When the authentication has been successful, the authentication control unit acquires user attribute information associated with the login user name from the authentication server. A job-history managing unit is configured to store the log information of a job in association with a display user name in the user attribute information. | 09-30-2010 |
20100293609 | Processing communication events in a communications system - A method of communicating over a communications system includes determining that a communication event at a user terminal of the communications system requires use of a feature for processing data, the communication event being over the communications system and determining that the feature required by the communication event is not enabled for use at the user terminal when the communication event is initiated. Following the step of determining that the feature is not enabled, the method further includes retrieving a certificate enabling the use of the feature at the user terminal and using the feature at the user terminal to process data of the communication event. | 11-18-2010 |
20100313259 | Method for Establishing a Secure Connection from a Service Technician to a Component of an Automation Environment that can be Remotely Diagnosed and/or Maintained and is Experiencing Failure - A method for establishing a secure connection from a service technician to a component of an automation environment that can be remotely diagnosed and/or maintained and is experiencing failure. A service certificate is required for establishing the secure connection, wherein a secure initial connection is first established to the automation environment by the service technician using a one-time password. With the initial connection, a service certificate required for establishing the secure connection to the component of the automation environment experiencing the failure is subsequently transmitted from the automation environment to the service technician. The secure connection from the service technician to the component experiencing the failure is then established by means of the service certificate. The invention further relates to an automation environment that is suitable for carrying out a method of said kind. | 12-09-2010 |
20100333186 | TWO-WAY AUTHENTICATION USING A COMBINED CODE - An authentication process for a client and a target service to perform mutual authentication. A combined code is received that comprises a combined code hash of at least two sets of data from which an encoding scheme of the at least two sets of data can be determined. The two sets of data comprise a first set of data that includes a first hash of a public key associated with a certificate used to establish a secure channel with a target service, and a second set of data that includes a credential for authentication. The certificate can be validated with the first set of data included in the combined code. In response to a successful validation of the certificate, the credential from the second set of data can be provided to the target service for authentication. | 12-30-2010 |
20110010766 | System and Method for Policy Enforcement and Token State Monitoring - Systems and methods for monitoring the state of a token and communication exchanges between the token containing an embedded integrated circuit chip and a system are provided. Communications between the token and the system are established and the exchanged of commands and responses between the token and the system are monitored and evaluated for compliance with an identified policy. The identified policy contains lists of impermissible commands, responses and content, and delivery of the commands and responses is contingent upon compliance with the identified policy. The token is in communication with a token reader which communicates with the system using token reader driver software. Either the token reader driver software or the token itself is adapted to provide for the desired monitoring, evaluation and policy enforcement. Systems and methods are also provided that enforce policies at access points within a physical access system. The physical access system can be used in combination with tokens. | 01-13-2011 |
20110067095 | METHOD AND APPARATUS FOR TRUSTED AUTHENTICATION AND LOGON - A method and apparatus for trusted authentication and logon is disclosed. A trusted platform module (TPM) based logon method is presented for authentication and access. A user registers an identity with an identity provider that is tightly bound to the user's specific platform, e.g., the TPM. If the user decides to login, for example to a service provider using this identity, the identity provider challenges the user to provide the correct credentials. The credentials consist of a TPM generated ticket, that is, a credential chain. This allows the user to login without the need for a password at the identity provider. | 03-17-2011 |
20110113481 | IP SECURITY CERTIFICATE EXCHANGE BASED ON CERTIFICATE ATTRIBUTES - Architecture that provides Internet Protocol security (IPsec) certificate exchange based on certificate attributes. An IPsec endpoint can validate the security context of another IPsec endpoint certificate by referencing certificate attributes. By facilitating IPsec certificate exchange using certificate attributes rather than solely certificate roots, it is now possible to build multiple isolated network zones using a single certificate authority rather than requiring one certificate authority per zone. Moreover, the ability to use certificate attributes during the IPsec certificate exchange can be leveraged for more focused communications such as QoS (quality of service). Certificate attributes can be utilized to identify the security context of the endpoint. The IPsec certificate use can be locked down to a single IP or group of IPs. | 05-12-2011 |
20110131643 | Token Mediation Service in a Data Management System - A method and system for mediating security tokens to authorization data transactions in a data management system. The methods and systems intercept a data request between two applications or services, and validate and translate a security token sent with the data request from a format compatible with the first application or service to a format compatible with the second application or service. | 06-02-2011 |
20110173691 | METHOD FOR DOWNLOADING SOFTWARE - A method for downloading software from a host device to an electronic device through a communication line, which, even when the download is interrupted, can simplify the procedure to restart the download while maintaining security. In the method, a certificate of authenticity data, which the card reader has obtained from the HOST computer, is stored in the non volatile memory. The download of the software from the HOST computer to the card reader is executed. The verification of authenticity data is obtained by calculation with respect to the downloaded software. This verification of authenticity data is then compared with the certificate of authenticity data obtained from the HOST computer, and the downloaded software is run when the certificate of authenticity data matches the verification of authenticity data. | 07-14-2011 |
20110202992 | METHOD FOR AUTHENTICATING A TRUSTED PLATFORM BASED ON THE TRI-ELEMENT PEER AUTHENTICATION(TEPA) - A method for authenticating a trusted platform based on the Tri-element Peer Authentication (TePA). The method includes the following steps: A) a second attesting system sends the first message to a first attesting system; B) the first attesting system sends a second message to the second attesting system after receiving the first message; C) the second attesting system sends a third message to a Trusted Third Party (TTP) after receiving the second message; D) the TTP sends a fourth message to the second attesting system after receiving the third message; E) the second attesting system sends a fifth message to the first attesting system after receiving the fourth message; and F) the first attesting system performs an access control after receiving the fifth message. The method for authenticating a trusted platform based on TePA of the present invention adopts the security architecture of TePA, and improves the safety of an evaluation agreement of the trusted platform, realizes the mutual evaluation of the trusted platform between the attesting systems, and extends the application ranges. | 08-18-2011 |
20110214174 | STATISTICAL SECURITY FOR ANONYMOUS MESH-UP ORIENTED ONLINE SERVICES - Web pages and applications commonly consume functionality provided by services to provide users with a rich experience. For example, a backend mapping service may provide access to these services. However, the users and application consuming the services may be anonymous and unverified. Accordingly, a two ticket validation technique is provided to validate service execution requests from anonymous applications. In particular, a user is provided with a client ticket comprising a reputation. The reputation may be adjusted over time based upon how the user consumes services. An application may request access to a service by providing the client ticket and an application ticket for validation. The reputation of the user may be used to determine an access level at which the application may access the service. Users with a high reputation may receive high quality access to the service, while users with a low reputation may receive lower quality access. | 09-01-2011 |
20110219442 | Policy-Based Security Certificate Filtering - Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific. | 09-08-2011 |
20110225643 | SECURE DYNAMIC AUTHORITY DELEGATION - In a communication network wherein a first computing device represents a resource owner and a second computing device represents a resource requestor, the resource owner detects an occurrence of an event, wherein the event occurrence represents a request to access one or more resources of the resource owner stored in a resource residence. The resource owner sends an authorization token to the resource requestor in response to the event occurrence, the authorization token serving as a proof of authorization delegated by the resource owner to be presented by the resource requestor to the resource residence so as to permit the resource requestor to access the one or more requested resources stored in the resource residence. | 09-15-2011 |
20110239287 | METHOD FOR SHARING CONTENT - Disclosed is a method of sharing content. According to the content sharing method, content is received from a service provider using a receive device. A content protection solution supported in a target device is detected. The content is converted so that it is compatible with a content protection solution supported in any one of the target device and the receive device on the basis of the detected content protection solution. The receive device can include a security solution level, indicating a security characteristic of the receive device, in a certificate of the receive device. Accordingly, content transmitted from a service provider using a receive device can be shared efficiently by redistributing the content in such a way as to be compatible with a security solution of a home device. | 09-29-2011 |
20110289577 | ACCESSING DATA UTILIZING ENTITY REGISTRATION IN MULTIPLE DISPERSED STORAGE NETWORKS - A method begins by a processing module determining whether a data access request is requesting access to data stored in a plurality of dispersed storage networks (DSNs). The method continues with the processing module determining whether one of the plurality of DSNs is a home DSN to a requesting entity when the data access request is requesting access to data stored in the plurality of DSNs. The method continues with the processing module utilizing a local signed certificate to access one or more dispersed storage (DS) units of the home DSN, validating a global signed certificate with one or more DS units of a non-home DSN of the plurality of DSNs to produce a valid global signed certificate, and utilizing the valid signed certificate to access the one or more DS units of the non-home DSN when the plurality of DSNs includes the home DSN. | 11-24-2011 |
20110296515 | METHOD FOR MANAGING COMPUTER RESOURCES ACCESSED BY A PROGRAM OPERATING IN A RESTRICTED ENVIRONMENT - A resource manager of an operating system of a data processing system receives a first request from a first program for a ticket for accessing at least one of resources of the data processing system. In response to the first request, the resource manager determines whether the first program is entitled to access the resource. The ticket for accessing the resource is issued to the first program if the first program is entitled to access the resource. The ticket can be used by a second program to obtain rights to access the resource by acquiring the ticket from the first program, where the second program would not otherwise be entitled to access the resource based on a security profile associated with the second program. | 12-01-2011 |
20120011580 | INFORMATION PROCESSING APPARATUS, VERIFICATION SYSTEM, CONTROL METHOD OF VERIFICATION SYSTEM, PROGRAM OF CONTROL METHOD OF VERIFICATION SYSTEM, AND STORAGE MEDIUM - An information processing apparatus employing user access authorization management verifies user access authorization using a portable storage medium storing identification (ID) information for the portable storage medium and user verification information registered in the information processing apparatus while including the portable storage medium ID as verified ID information for the portable storage medium. The information processing apparatus includes a processor to conduct generating ticket information including read portable storage medium ID; transmitting the generated ticket information to a designated issuee; receiving a request to update the ID information for the portable storage medium; obtaining the generated ticket information and the ID information for a new portable storage medium; verifying authenticity of the obtained ticket information; and updating the portable storage medium ID, included in the user verification information registered, with the ID information for the new portable storage medium when the authenticity of the obtained ticket information is verified. | 01-12-2012 |
20120023568 | Method and Apparatus for Trusted Federated Identity Management and Data Access Authorization - Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value. | 01-26-2012 |
20120079584 | Authenticating A Node In A Communication Network - A method and apparatus for authenticating a first node's identity in a communication network. An authentication node receives from a second node an authentication request. The authentication request includes a first certificate that has previously been presented to the second node by a node purporting to be the first node. The authentication node retrieves a second certificate belonging to the first node from the first node, and compares the first certificate with the second certificate. If the certificates match, then the first node's identity can be authenticated but if the certificates do not match, then the first node's identity cannot be authenticated. The results of the comparison are then sent to the second node. | 03-29-2012 |
20120079585 | PROXY AUTHENTICATION AND INDIRECT CERTIFICATE CHAINING - Embodiments of proxy authentication and indirect certificate chaining are described herein. In an implementation, authentication for a client occurs via a proxy service. Proxy service communicates between client and server, and caches security tokens on behalf of the client. In an implementation, trustworthiness of certificate presented to a client to establish trust is determined utilizing a signed data package which incorporates a plurality of known certificates. The presented certificate is verified without utilizing root certificates installed on the client device. | 03-29-2012 |
20120110654 | SECURE CONNECTION SYSTEMS AND METHODS FOR VEHICLES - A communication system of a vehicle includes a mode determination module and a connection control module. The mode determination module sets a mode of operation to one of a first mode and a second mode based on a comparison of a common name (CN) of a root certificate with first and second predetermined CNs associated with operation in the first and second modes, respectively. The connection control module selectively transmits a request to one of a first server and a second server to establish a secure wireless connection between the connection control module and the one of the first and second servers. The first and second servers are different, and the first and second predetermined CNs are different. | 05-03-2012 |
20120117639 | REMOTE AUTHENTICATION BASED ON CHALLENGE-RESPONSE USING DIGITAL CERTIFICATES - Embodiments of the invention provide for authenticating users of web-based applications by presenting a previously acquired signed digital signature. Examples establish secure user sessions between a client and a user in response to a verification of an identification of the user by the client, the client creating a unique username for the user and unlocking access by the user to a client digital signature for use with a request for service from a third party web server. A secure facilitator session is established between the client and a third party web server, wherein messages exchanged with the unique username and a unique session identification indicia of the secure facilitator session signed by the unlocked digital signature result in executed processes requested by the service identifier data if the messages are validated without the client requiring the user to verify user identification for any message until a secure facilitator session ends. | 05-10-2012 |
20120137354 | APPARATUS, SYSTEM, AND METHOD OF MANAGING OBJECT TO BE ACCESSED, AND RECORDING MEDIUM STORING PROGRAM FOR MANAGING OBJECT TO BE ACCESSED - An access object management system manages an object in a transmission system, which is allowed for access by a terminal in the transmission system, based on whether access by the terminal is restricted. The access object management system allows the terminal to access a part of the transmission system even when access by the terminal is restricted. | 05-31-2012 |
20120137355 | Methods for Accessing Content Based on a Session Ticket - A method for accessing content stored on a memory device is provided. In this method, a request to access the content is transmitted and a session ticket is received. The session ticket includes a parameter used to decrypt the content and the session ticket is generated based on a variable that is configured to change at a session. The content may be accessed based on the session ticket. | 05-31-2012 |
20120151570 | SYSTEM FOR AND METHOD OF AUTHENTICATING MEDIA MANAGER AND OBTAINING A DIGITAL TRANSMISSION CONTENT PROTECTION (DTCP) CERTIFICATE - A system for and method of authenticating a media manager and obtaining DTCP certificates is presented. The system and method may include receiving a request for digital transmission content protection certificate provided by a user of a content provider, verifying user information associated with the user of the content provider, providing the request for digital transmission content protection certificate to a digital transmission content protection certificate system, and receiving a digital transmission content protection certificate. | 06-14-2012 |
20120174208 | Device API for Securely Monitoring and Managing Mobile Broadband Devices - There is provided a device application programming interface (API) for securely monitoring and managing mobile broadband devices. There is provided a client device with a processor configured to detect, using an API, the WWAN device, wherein the WWAN device conforms to the API, to perform a mutual authentication with the WWAN device by using a digital certificate of the WWAN device and a client digital certificate of the client device, to establish a secure connection with the WWAN device upon a successful authentication of the mutual authentication with the WWAN device. Moreover, the processor may be configured to issue, using the API, various commands to the WWAN device to monitor and manage the WWAN device. | 07-05-2012 |
20120192261 | SYSTEM AND METHOD FOR THE MANAGEMENT OF SECURE ELECTRONIC CORRESPONDENCE SESSIONS - A system and method for the management of secure electronic correspondences. The system includes at least one directory, at least one domicile server, at least one processing operator and at least one certification operator. The correspondence sessions are opened by a strong authentication procedure comprising the routing of a secret code over a channel different from the session channel and an identifier specific to the current session. In addition, in order to allow the delivery of correspondence to be sent, it is necessary for the validity of the trust attributes of the sender, the recipients and those involved in the document processing chain be certified by the certification operator for the level required for delivery. The compliance of the processing operations with the operator's specifications is checked by sending, acknowledging and returning certification tokens specific to each of the processing steps. | 07-26-2012 |
20120198540 | Internet-based fill-level measurement value and diagnostic information polling system - An Internet-based fill-level measurement value and diagnostic information polling system includes several field devices, a central server and a processing unit that is connected to the server by way of the internet. In response to a user inquiry the server generates a certificate and an associated data object that characterizes the data that may be polled by the user. In response to an inquiry by the user, with which inquiry the certificate is sent along to the server, the server automatically transmits the requested data to the user if a check of the certificate shows that the user is authorized to receive this. | 08-02-2012 |
20120240212 | SYSTEMS AND METHODS FOR GENERATING MODULAR SECURITY DELEGATES FOR APPLICATIONS - Embodiments of the present teachings relate to systems and methods for generating modular security delegates for application instances, including, for example, applications usable on physical machines, virtualized environments, in the cloud, etc. According to embodiments, in a multiple network environment, multiple machines (or clients) can be configured, each having a defined security level. Each machine can include a plurality of application instances and corresponding security delegates for various defined security levels. For example, the defined security levels can be based on various authentication mechanisms, including, Kerberos, NT Lan Manager (NTLM) authentication protocol, secure sockets layer/transport security layer (SSL/TSL), token authentication, virtual private network (VPN), remote access security (RAS), digest authentication, etc. | 09-20-2012 |
20120260330 | USER AUTHENTICATION FOR INTERMEDIATE REPRESENTATIONAL STATE TRANSFER (REST) CLIENT VIA CERTIFICATE AUTHORITY - The present description refers to a computer implemented method, computer program product, and computer system for receiving a resource request at a representational state transfer (REST) client from a user, the resource request including a user ID, determining, by the REST client, a key pair including a public key and a corresponding private key that are associated with the user ID, obtaining, by the REST client, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the public key associated with the user ID, impersonating, by the REST client, the user to a REST server using the certificate and the private key associated with the user ID, and accessing, by the REST client on behalf of the user, using a stateless protocol with the REST server, the requested resource. | 10-11-2012 |
20120297473 | CERTIFICATE VALIDATION AND CHANNEL BINDING - A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate. | 11-22-2012 |
20120297474 | RELAY NODE AUTHENTICATION METHOD, APPARATUS, AND SYSTEM - Embodiments of the present invention disclose a relay node authentication method, apparatus, and system. The method provided in an embodiment of the present invention includes: sending, by a relay node, an authentication request message to a peer node, where the authentication request message includes a certificate of the relay node, so that the peer node authenticates the relay node according to the certificate of the relay node, where the peer node is a network side node or a security gateway in a security domain where the network side node is located; and receiving, by the relay node, an authentication response message sent by the peer node, where the authentication response message includes a certificate of the peer node, and authenticating the peer node according to the certificate of the peer node. | 11-22-2012 |
20120317633 | System and method to control display of a realm name - A method for dynamically assigning a displayable realm name begins upon receipt of an authentication request to an application, such as a web application, being executed by an application server. In response, a determination is made whether an application realm name has been set in a configuration file associated with the application. If not, a custom display property is then evaluated. If the custom display property is set true, a realm name associated with an active authentication mechanism is retrieved and provided for display in an authentication panel. If the custom display property is set false, a default string is provided for display in the authentication panel. In this manner, an application server administrator can control what realm name is displayed to an end user in the event an application developer has not specified the realm name in the application configuration. | 12-13-2012 |
20120331540 | Authentication and authorization method for tasking in profile-based data collection - An apparatus and a new method of authentication and authorization of tasking requests to data collection agents on wireless devices directly makes use of public key cryptography, rather than depending on domain-name-based authenticated using the standard HTTPS chain-of-trust: A set of digital credentials is stored in the device's secure credential store. These credentials include at least one “supertasking authority” credential, as well as one or more normal “tasking authority” credentials. Profiles are only accepted by the agent if they are signed by a trusted tasking authority credential. Supertasking authority credentials thus serve as credential authorities (CAs) for tasking authority credentials. | 12-27-2012 |
20130042315 | Client-Client-Server Authentication - Described is a technology by which machines of a (typically small) network have associated public key-based certificates for use in authentication with a server and validation of other machines in the network. This provides an inexpensive and straightforward mechanism to control, manage and maintain client machines, as well as to allow valid client machines to securely communicate with one another and recognize machines that are not valid on the network. Certificates are maintained on the server and checked for validity as needed. | 02-14-2013 |
20130042316 | METHOD AND APPARATUS FOR REDIRECTING DATA TRAFFIC - A method and apparatus for redirecting data traffic are provided. The method includes receiving a service request from a first device, allocating resources for the service, associating the resources with a first unique identifier, confirming the service request with the first device, receiving a connection request from a second device including the first unique identifier and an authentication certificate, passing the authentication certificate to the first device, and receiving an authentication confirmation from the first device. The method further includes, in response to receiving the authentication confirmation, accepting the connection request from the second device, providing an indication regarding at least one lo-cal area network to the second device, and providing required credentials associated with the at least one local area network to the second device. | 02-14-2013 |
20130097690 | SECURITY AND SUPPORT FOR FLEXIBLE CONFERENCING TOPOLOGIES SPANNING PROXIES, FIREWALLS AND GATEWAYS - A method and system for setting up and managing secure data/audio/video conferences with a wide range of topologies is described. The disclosed method and system allow extending the range of topologies possible with the H.323 conferencing standards while overcoming T.120 negotiating constraints. Security in such conferences may be based on a trusted node system or on more complex security procedures. Furthermore, the taught conference topologies fully utilize the T.120 standards while also permitting the reach of the conferences to the extent enabled by the H.323 standards by implementing additional modules to manage the setting up and tearing down of one or more conference connections. In addition, the method and system allow for dynamically adjusting conference connections to improve bandwidth usage and utilize H.323 support for gatekeepers. | 04-18-2013 |
20130111575 | SYSTEM AND METHODS FOR ASSIGNATION AND USE OF MEDIA CONTENT SUBSCRIPTION SERVICE PRIVILEGES | 05-02-2013 |
20130125229 | Theft prevention of media peripherals in a media exchange network - Systems and methods of theft prevention of communication devices are provided. In one embodiment, the method may include, for example, one or more of the following: registering a communication device being used at a home, where the device is connected to a communication network; entering validation information relating to the communication device; and analyzing the validation information to determine whether the communication device is authorized for use in the communication network. | 05-16-2013 |
20130139242 | Network Accessing Device and Method for Mutual Authentication Therebetween - A method for a mutual authentication between access network devices and an access network device are disclosed by the present invention. The method includes: configuring a certificate on the access network device; performing a mutual authentication based on the certificate between the access network devices. The present invention realizes the authentication between the access network devices, thus the user data can be transmitted directly. | 05-30-2013 |
20130198828 | APPLICATION-ACCESS AUTHENTICATION AGENT - In response to requests from a manager to the agents for connections to the applications executing, the agents authenticate the manager. In response to the authenticating, the agents establish connections to the applications. In response to the establishing of connections, the agents provide the connections to the manager. | 08-01-2013 |
20130212667 | METHOD AND APPLIANCE FOR AUTHENTICATING, BY AN APPLIANCE, A CLIENT TO ACCESS A VIRTUAL PRIVATE NETWORK CONNECTION, BASED ON AN ATTRIBUTE OF A CLIENT-SIDE CERTIFICATE - In a method and appliance for authenticating, by an appliance, a client to access a virtual network connection, based on an attribute of a client-side certificate, a client authentication certificate is requested from a client. A value of at least one field in the client authentication certificate received from the client is identified. One of a plurality of types of access is assigned responsive to an application of a policy to the identified value of the at least one field, each of the plurality of access types associated with at least one connection characteristic. | 08-15-2013 |
20130227669 | METHOD AND SYSTEM FOR TRAFFIC ENGINEERING IN SECURED NETWORKS - Aspects of a method and system for traffic engineering in an IPSec secured network are provided. In this regard, a node in a network may be authenticated as a trusted third party and that trusted third party may be enabled to acquire security information shared between or among a plurality of network entities. In this manner, the trusted third party may parse, access and operate on IPSec encrypted traffic communicated between or among the plurality of network entities. Shared security information may comprise one or more session keys utilized for encrypting and/or decrypting the IPSec secured traffic. The node may parse IPSec traffic and identify a flow associated with the IPsec traffic. In this manner, the node may generate and/or communicate statistics pertaining to said IPSec secured traffic based on the flow with which the traffic is associated. | 08-29-2013 |
20130247165 | OFFLINE AUTHENTICATION - A computer system determines whether the computer system is able to access an authentication server. If the computer system is able to access the authentication server, the computer system requesting a first set of credentials from a user. If the first set of credentials is valid, the computer system assigns the user a first role for performing operations on the computer system based on the first set of credentials. If the computer system is unable to access the authentication server, the computer system requests another set of credentials from the user. If the other set of credentials is valid, the computer system assigns the user another role for performing operations on the computer system based on the other set of credentials. | 09-19-2013 |
20130247166 | MOBILE DEVICE MANAGEMENT - Methods and apparatuses that enroll a wireless device into an enterprise service with a management server addressed in a management profile are described. The enrollment may grant a control of configurations of the wireless device to the management server via the management profile. In response to receiving a notification from the management server, a trust of the notification may be verified against the management profile. If the trust is verified, a network session may be established with the management server. The network session may be secured via a certificate in the management profile. Management operations may be performed for management commands received over the secure network session to manage the configurations transparently to a user of the wireless device according to the control. | 09-19-2013 |
20130254864 | SYSTEM AND METHOD FOR PORVIDING A CERTIFICATE TO A USER REQUEST - Provided is a system and method for providing a certificate, and more specifically a certificate for network access upon a second system based on at least one criteria and an established identity with a first system. The method includes receiving criteria, such as at least one predefined attribute. Also received from a user known to a first system is a request for network access to a second system, the request having at least one identifier. The first system is then queried with the identifier for attributes associated with the user. The attributes associated with the user are evaluated to the predefined attribute(s). In response to at least one attribute associated with the user correlating to the predefined attribute(s), providing a certificate with at least one characteristic for network access on the second system to the user. An associated system for providing a Certificate is also provided. | 09-26-2013 |
20130254865 | SYSTEM AND METHOD FOR PROVIDING A CERTIFICATE TO A THIRD PARTY REQUEST - Provided is a system and method for providing a certificate, and more specifically a certificate for network access upon a second system based on at least one criteria and an established identity with a first system. The method includes receiving criteria, such as at least one predefined attribute. Also received from a user known to a first system is a request for network access to a second system, the request having at least one identifier. The first system is then queried with the identifier for attributes associated with the user. The attributes associated with the user are evaluated to the predefined attribute(s). In response to at least one attribute associated with the user correlating to the predefined attribute(s), providing a certificate with at least one characteristic for network access on the second system to the user. An associated system for providing a Certificate is also provided. | 09-26-2013 |
20130254866 | SYSTEM AND METHOD FOR PROVIDING A CERTIFICATE BASED ON GRANTED PERMISSIONS - Provided is a system and method for providing a certificate, and more specifically a certificate for network access upon a second system based on at least one criteria and an established identity with a first system. The method includes receiving criteria, such as at least one predefined attribute. Also received from a user known to a first system is a request for network access to a second system, the request having at least one identifier. The first system is then queried with the identifier for attributes associated with the user. The attributes associated with the user are evaluated to the predefined attribute(s). In response to at least one attribute associated with the user correlating to the predefined attribute(s), providing a certificate with at least one characteristic for network access on the second system to the user. An associated system for providing a Certificate is also provided. | 09-26-2013 |
20130254867 | SYSTEM AND METHOD FOR PROVIDING A CERTIFICATE BASED ON LIST MEMBESHIP - Provided is a system and method for providing a certificate, and more specifically a certificate for network access upon a second system based on at least one criteria and an established identity with a first system. The method includes receiving criteria, such as at least one predefined attribute. Also received from a user known to a first system is a request for network access to a second system, the request having at least one identifier. The first system is then queried with the identifier for attributes associated with the user. The attributes associated with the user are evaluated to the predefined attribute(s). In response to at least one attribute associated with the user correlating to the predefined attribute(s), providing a certificate with at least one characteristic for network access on the second system to the user. An associated system for providing a Certificate is also provided. | 09-26-2013 |
20130276089 | METHOD AND SYSTEM FOR IMPROVING SECURITY AND RELIABILITY IN A NETWORKED APPLICATION ENVIRONMENT - A security application manages security and reliability of networked applications executing collection of interacting computing elements within a distributed computing architecture. The security application monitors various classes of resources utilized by the collection of nodes within the distributed computing architecture and determine whether utilization of a class of resources is approaching a pre-determined maximum limit. The security application performs a vulnerability scan of a networked application to determine whether the networked application is prone to a risk of intentional or inadvertent breach by an external application. The security application scans a distributed computing architecture for the existence of access control lists (ACLs), and stores ACL configurations and configuration changes in a database. The security application scans a distributed computing architecture for the existence of security certificates, places newly discovered security certificates in a database, and deletes outdated security certificates. Advantageously, security and reliability are improved in a distributed computing architecture. | 10-17-2013 |
20130291085 | SYSTEMS AND METHODS FOR SECURE OPERATION OF AN INDUSTRIAL CONTROLLER - A system includes an industrial controller having a memory and a processor configured to operate the industrial controller in an open mode, wherein the open mode is configured to enable the industrial controller to receive instructions via unauthenticated network connection or a local connection. The processor of the industrial controller is further configured to operate the industrial controller in a secure mode, wherein the secure mode is configured to enable the industrial controller to receive instructions only via an authenticated network connection. | 10-31-2013 |
20130291086 | ENSURING NETWORK CONNECTION SECURITY BETWEEN A WRAPPED APP AND A REMOTE SERVER - A network connection between an app on a mobile device and a remote server is either enabled or denied based on whether a security wrapped app can verify that the connection is with a known and trusted server. The wrapped app uses a socket interception layer injected into the app code along with a trust store, also part of the wrapped app to determine whether a network connection attempted by the app should be allowed. The layer buffers relevant function calls from the app by intercepting them before they reach the device operating system. If the layer determines that a network connection is attempted, then it snoops the negotiation phase data stream to discern when the server sends a certificate to the app. It obtains this certificate and compares it to data in the trust store and makes a determination of whether the server is known and trusted. | 10-31-2013 |
20130312079 | WEB-CENTRIC AUTHENTICATION PROTOCOL - Systems and methods are disclosed for providing a Web-centric authentication protocol. In one implementation, a processing device receives a user request to access a protected resource and determines that a digital certificate for accessing the protected resource is not stored locally. A processing device requests a first digital certificate from an authentication service. A processing device receives the first certificate from the authentication service. A processing device receives a certificate request from the authentication service. A processing device provides the first digital certificate to the authentication service in response to the certificate request. A processing device receives a second digital certificate from the authentication service. A processing device accesses the protected resource using the second digital certificate. | 11-21-2013 |
20130333017 | METHOD AND APPARATUS FOR AUTHENTICATING LOCATION-RELATED MESSAGES - A method and an apparatus protect location-related messages which are transmitted from a provider to a plurality of temporally changing recipients and receiver devices in a plurality of localities in each case. The method and apparatus are distinguished by the fact that key certificates for signed messages are issued only in a location-related manner and are thus valid only in a particular defined local environment. | 12-12-2013 |
20130340064 | Mechanisms for Certificate Revocation Status Verification on Constrained Devices - A process is provided for communication security certificate revocation status verification by using the client device as a proxy in online status verification protocol. The process utilizes a nonce of an authentication protocol request message (nonce_A) to derive the nonce for the revocation status protocol request (nonce_S) to reduce the number of message exchanges needed between the client and the verifier devices, and a mechanism to send the nonce (nonce_S) prior to actual authentication protocol execution to ease the connectivity requirement of client device from on-demand connectivity to periodic connectivity. Similar functionality is achieved using a random seed established between the verifier and client. The verifier picks a seed for random number generation and sends that seed to the client. The client derives the nonce_S from the seed before status protocol execution, and the verifier derives the nonce_S from the seed before proxied status response verification. | 12-19-2013 |
20140020082 | VALIDATING A CERTIFICATE CHAIN IN A DISPERSED STORAGE NETWORK - A method begins by a processing module receiving a certificate chain and determining whether at least one of one or more signed certificates of the chain has a valid signature. When the at least one of the one or more signed certificates has a valid signature, the method continues with the processing module identifying one or more certificate authorities (CA) to produce identified CAs, accessing registry information that includes one or more realm identifiers (IDs) and a plurality of trusted CA IDs, determining whether one or more of the identified CAs is a trusted CA, and when the one or more of the identified CAs is a trusted CA, indicating that the certificate chain is valid, identifying a realm ID based on a trusted CA ID, and generating certificate chain validation information to include the realm ID, trusted CAs, and the indication of the validity of the certificate chain. | 01-16-2014 |
20140033293 | SECURE TELEMATICS - A telematics system that includes a security controller is provided. The security controller is responsible for ensuring secure access to and controlled use of resources in the vehicle. The security measures relied on by the security controller can be based on digital certificates that grant rights to certificate holders, e.g., application developers. In the case in which applications are to be used with vehicle resources, procedures are implemented to make sure that certified applications do not jeopardize vehicle resources' security and vehicle users' safety. Relationships among interested entities are established to promote and support secure vehicle resource access and usage. The entities can include vehicle makers, communication service providers, communication apparatus vendors, vehicle subsystem suppliers, application developers, as well as vehicle owners/users. At least some of the entities can be members of a federation established to enhance and facilitate secure access and usage of vehicle resources. | 01-30-2014 |
20140041010 | SYSTEMS AND METHODS FOR POLICY BASED TRIGGERING OF CLIENT-AUTHENTICATION AT DIRECTORY LEVEL GRANULARITY - Systems and methods are disclosed for an appliance to authenticate access of a client to a protected directory on a server via a connection, such as a secure SSL connection, established by the appliance. A method comprises the steps of: receiving, by an appliance, a first request from a client on a first network to access a server on a second network, the appliance providing the client a virtual private network connection from the first network to the second network; determining, by the appliance, the first request comprises access to a protected directory of the server; associating, by the appliance, an authentication policy with the protected directory, the authentication policy specifying an action to authenticate the client's access to the protected directory; and transmitting, by the appliance in response to the authentication policy, a second request to the client for an authentication certificate. Corresponding systems are also disclosed. | 02-06-2014 |
20140041011 | METHOD AND DEVICE FOR CONTROL COMMUNICATION BETWEEN COUPLED TRAIN COMPONENTS - A method for control communication between coupled train components, wherein mechanical and electrical couplings as well as devices for exchanging data are present. When a first train component is coupled to at least one further train component, the at least one further train component is identified, and filtering for a permissible data communication is performed as a function of the identification in that only selected data traffic is permitted. Furthermore, a device for control communication between coupled train components is described, wherein the train buses thereof are connected via an electrical coupling, and the data communication to the respective other train component is conducted via at least one gateway with at least one Ethernet interface as well as via at least one interface for connection of each component network. As a result, the data communication of a filter policy/rule is permitted or blocked. | 02-06-2014 |
20140047532 | Secure Mobile Client with Assertions for Access to Service Provider Applications - A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request. | 02-13-2014 |
20140047533 | Method and System for Authentication-based Multi-user Online Video Game - The invention relates to a method, comprising: registering user groups to a video game server, and assigning video game identifiers for the user groups; authenticating a video game identifier and an authorization certificate input by a user; and registering the user to the video game server and the user groups if both the video game identifier and the authorization certificate are successfully authenticated. And a system, comprising: means for registering user groups to a video game server and assigning video game identifiers for the user groups; means for authenticating a video game identifier and an authorization certificate input by a user; and means for registering the user to the video game server and the user groups when both the video game identifier and the authorization certificate are successfully authenticated. | 02-13-2014 |
20140157394 | AUTHENTICATION SYSTEM - A user device is configured to request a secure web page from a web page server. The user device is further configured to receive a certificate from the web page server, the certificate including a serial number. The user device is further configured to receive different certificates from a plurality of certificate authentication servers. The user device is further configured to compare the different certificates to the certificate received from the web page server; determine that the certificate is valid; and send information to the web page server based on determining that the certificate is valid. | 06-05-2014 |
20140165180 | Secure Identification of Internet Hotspots for the Passage of Sensitive Information - A system and method for verifying the identity of internet hotspots, comprising a user device having a processor, memory, and radio transceiver, an internet hotspot, a wireless access point, coupled to the radio transceiver of the user device and the internet hotspot, and a program stored in the memory and adapted to run on the processor of the user device, wherein the program is configured to identify a mobile wireless access point for connection by a user, connect a user to the wireless access point through a login request, query an initial probe request for the identity of the authenticating source of the wireless access point, perform a security check on the wireless access point, verify the validity and authenticity of the wireless access point to prevent transmission of information associated with the user device, and either permit or drop the connection to the wireless access point upon verification. | 06-12-2014 |
20140196140 | PEER TO PEER NETWORKING AND SHARING SYSTEMS AND METHODS - An embodiment includes peer-to-peer (P2P) pairing protocols that mutually authenticate both end points and do not rely upon a backend server or a central certificate provisioning server. An embodiment provides a persistent control path for sending inter-peer control information (e.g., synchronization messages). Another inter-peer path includes an “on-demand” data path enabled when a unit determines content is ready for sharing. After the content is shared, the data path may be deconstructed, which saves resources on both sides and makes the framework more scalable. Also, embodiments include graphical user avatars to whereby a first peer shares content with a second peer by dragging content over the avatar. | 07-10-2014 |
20140208411 | SECURE ONLINE DATING SUPPORT SYSTEM AND METHOD - A secure online dating support system and method requires potential members to submit personal information regarding themselves as a predicate to becoming a member of the dating system. This personal information is provided in a manner, either in-person at an information receiving center, or submitted to an information collector, or submitted directly to an online dating service, that permits its verification. Preferably, authorization is also provided by the potential member for further investigation, resulting in an investigator conducting an investigation, and communicating the results to the online dating service, so that the information revealed by the investigation can be displayed to members of the online dating service and/or to individuals outside of the dating service who have been given access by the participating member. | 07-24-2014 |
20140223535 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING DEVICE, AND AUTHENTICATION INFORMATION MANAGEMENT METHOD - An information processing system includes a receiving unit configured to receive from an external device a use initiation request designating user specific information and organization identification information, and an authentication unit configured to issue authentication information indicating that authentication has been completed in a case where the user specific information and the organization identification information designated in the use initiation request are stored in association with each other in a first storage unit that stores one or more sets of user specific information in association with the organization identification information. The authentication unit receives a new authentication information issuance request designating the authentication information and issues new authentication information that can be used even after a user termination request designating the authentication information is made. | 08-07-2014 |
20140237582 | Authenticating a Node in a Communication Network - A method and apparatus for authenticating a first node's identity in a communication network. An authentication node receives from a second node an authentication request. The authentication request includes a first certificate that has previously been presented to the second node by a node purporting to be the first node. The authentication node retrieves a second certificate belonging to the first node from the first node, and compares the first certificate with the second certificate. If the certificates match, then the first node's identity can be authenticated but if the certificates do not match, then the first node's identity cannot be authenticated. The results of the comparison are then sent to the second node. | 08-21-2014 |
20140245420 | WEB TICKET BASED UPON A SYMMETRIC KEY USABLE FOR USER AUTHENTICATION - Described herein are various aspects pertaining to a web ticket that is used in connection with authenticating a user. The web ticket is generated through use of a symmetric key, and is less than two hundred bytes in size. A ticket issuer executing on a first computing device generates the web ticket responsive to receiving authentication data from a client computing device, and transmits the web ticket to such client computing device. The client computing device includes the web ticket in requests for data transmitted to a second server computing device that is in communication with the ticket issuer. The second server computing device includes a validator that validates the web ticket using the symmetric key, which is shared between the first server and the second server. | 08-28-2014 |
20140282995 | METHOD AND APPARATUS TO AUTHENTICATE A PERSONAL DEVICE TO ACCESS AN ENTERPRISE NETWORK - In an embodiment, a device includes a processor to initialize a first wireless communication path with a computation device and initialize a second wireless communication path with a secure network, receive a first request for identification data from the secure network via the second wireless communication path to enable access to the secure network, and automatically pass the received request data to the computation device via the first wireless communication path. The processor is further to receive the identification data from the computation device responsive to the request, provide the received identification data to the secure network via the second wireless communication path, and receive session key(s) at the device from the secure network that enables the device to access the secure network. Other embodiments are described and claimed. | 09-18-2014 |
20140282996 | NON-TRANSITORY COMPUTER READABLE MEDIUM, SERVER AND SYSTEM - A server may store one or more accounts. Each account may be associated with an authentication code and a total number of information devices that are allowed to be registered. The authentication codes may be provided to users for registering information devices. The information device may transmit a connection request, including an entered authentication code, to a server. Upon receiving the connection request, the server may determine whether to register the particular information device. The server may determine whether the information device is allowed to be registered based on registerable information, which is associated with an account that is associated with the received authentication code and which represents a remaining number of information devices that are allowed to be registered using the associated authentication code. If the information device is allowed to be registered, the server may send authentication information to the information device, so it may transmit state information. | 09-18-2014 |
20140282997 | Using Client Certificates to Communicate Trusted Information - A device comprises: a receiver configured to receive a client certificate; a processor coupled to the receiver and configured to: authenticate the client certificate, extract, in response to the authentication, attributes from the client certificate, and create, in response to the extraction, a message comprising reformatted attributes based on the attributes, wherein the reformatted attributes can be trusted; and a transmitter coupled to the processor and configured to transmit the message. A device comprises: a processor configured to: process a client certificate comprising a certificate identifier (ID) attribute, a tenant ID attribute, and a role ID attribute, and package the client certificate in a request for a shared service; and a transmitter coupled to the processor and configured to transmit the request. | 09-18-2014 |
20140304797 | METHOD AND SYSTEM FOR DISTINGUISHING HUMANS FROM MACHINES AND FOR CONTROLLING ACCESS TO NETWORK SERVICES - A method and an apparatus for distinguishing humans from computers and for controlling access to network services. One intended application of the method is a CAPTCHA technique, deployed using a shared Trusted Computing technology over a trusted network of a user terminal, a network server, and a Trusted Party, any of which may be at a Decision Point. The method distinguishes a human user making a legitimate request for network access from a programmed computer making undesired requests, by detecting unusually high network access request frequencies made by an identifiable user and/or a trusted module from the user terminal. The CAPTCHA function is further used to improve the method for controlling access to network services. The information transmitted between the members of the trusted network may be encrypted. | 10-09-2014 |
20140331303 | APPARATUS AND METHOD FOR AUTHENTICATING ACCESS OF A MOBILE STATION IN A WIRELESS COMMUNICATION SYSTEM - An apparatus and a method for access authentication of a mobile station in a wireless communication system are provided. The method includes receiving a session certificate for the access authentication from a core network, transmitting the session certificate to a new access network during a handover to the new access network, and receiving an authentication result based on the session certificate from the new access network. | 11-06-2014 |
20140337960 | TRUSTED SERVICE INTERACTION - In one embodiment a controller comprises logic configured to receive, from an application executing on an untrusted execution complex of the electronic device, a request for a secure communication session with a remote service, verify a security credential received from the remote service, establish a secure communication connection between the secure controller and the remote service, establish a secure user interface, collect one or more authentication credentials from a user via the secure user interface, forward the one or more authentication credentials to the remote service, and conduct a secure communication session with the remote service. Other embodiments may be described. | 11-13-2014 |
20140351916 | ELECTRONIC DEVICE AND MONITORING METHOD - An electronic device establishes a communication connection with a server. The electronic device determines if the electronic device comprises other communication connections. The electronic device notifies the server to terminate the communication connection with the electronic device when the electronic device comprises other communication connections. | 11-27-2014 |
20140359747 | SPATIAL AND TEMPORAL VERIFICATION OF USERS AND/OR USER DEVICES - Approaches for facilitating spatial and temporal verification of users and/or user devices are disclosed. In some implementations, a user device may be detected within a short wireless communication range. A wireless communication session with the user device may be initiated based on the detection. Information identifying a first integrity-based certificate may be received from the user device during the wireless communication session during a first time period. Information identifying a second integrity-based certificate associated with a second time period may be provided responsive to determining that the first integrity-based certificate is a valid integrity-based certificate associated with the first time period. The second integrity-based certificate may be configured to allow network access for the user device during the second time period. | 12-04-2014 |
20140359748 | NETWORK TERMINAL VALIDATION - A media asset location request redirection system causes a user terminal ( | 12-04-2014 |
20140373127 | METHOD FOR DOMAIN CONTROL VALIDATION - A system and method for domain control validation is presented. At a certificate authority a request is received. The request includes a certificate signing request and a first Internet protocol address. The certificate signing request identifies a domain and a certificate. A second Internet protocol address for the domain is retrieved from a domain name system. When the first Internet protocol address is the same as the second Internet protocol address, the certificate is signed, and the signed certificate is transmitted to a requester of the request. When the first Internet protocol address is not the same as the second Internet protocol address, the certificate signing request is rejected. | 12-18-2014 |
20140373128 | SECURE MECHANISM TO DELIVER MOBILE TRAFFIC MANAGEMENT CONFIGURATION UPON STUB ACTIVATION ON A MOBILE DEVICE OF A GLOBAL SERVICE DISCOVERY SERVER - A system, a network, and a mobile device are disclosed in which the mobile device includes an embedded stub that interacts with a global service discovery server to obtain information about an operating server that handles communications from the mobile device. The stub causes the mobile device to communicate with the global service discovery server when the mobile device initially boots up, when the mobile device resets; or when a SIM card is changed. The global service discovery server identifies information for the mobile device such as the network operator, the country of use, the IMEI number, a device manufacturer, a carrier, a country of use, a mobile country code (MCC) and/or a mobile network code (MNC). Once the operating server is identified the mobile device and request and receive application software from the operating server. | 12-18-2014 |
20150026790 | Method for Computer Access Control by Means of Mobile End Device - A method for access control to a computer with a mobile end device relies on using contactless interfaces. An authentication to the computer is carried out with the mobile end device and upon a successful authentication the access to the computer is granted or maintained. For preparing the authentication, a certificate is loaded into the mobile end device from a portable data carrier separate from the mobile end device. For authentication, authentication data comprising the certificate or obtained from the certificate are provided to the computer from the mobile end device via the contactless interfaces. | 01-22-2015 |
20150026791 | EFFICIENT NETWORK LAYER FOR IPv6 PROTOCOL - An electronic device may include a network interface that may enable the electronic device to wirelessly couple the electronic device to other electronic devices. The electronic device may also include a processor that may determine at least one data path to the other electronic devices using a Routing Information Protocol—Next Generation (RIPng) routing mechanism. After identifying at least one data path to the other electronic devices, the processor may determine whether the identified data path(s) is secure using a Datagram Transport Layer Security (DTLS) protocol. If the identified data path(s) is determined to be secure, the processor may send Internet Protocol version 6 (IPv6) data packets to the other electronic devices via the secure data path(s). | 01-22-2015 |
20150033318 | METHOD AND SYSTEM FOR PROVIDING AT LEAST ONE DIGITAL OBJECT ON A DIGITAL LIBRARY MANAGER - A method and system for providing at least one digital object to a user having a first digital reading device on which identification data, containing at least one piece of identification information related to the user, is locally stored, said method comprising: a step of generating, by means of a management server, the rights to read personal read rights data; a step of sending the personal read rights data to a personal digital library manager; and a step of authenticating the user by means of identification data. | 01-29-2015 |
20150052598 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR TICKET AUTHORIZATION - A system, method, and computer program product are provided for ticket authorization. In use, data stored by an integrated circuit of an integrated circuit card (ICC) is identified. Additionally, it is verified whether the ICC is associated with a valid ticket, based on the data and information stored remotely from the ICC. Further, the ticket is authorized, based on the verification. Still yet, based on the authorization, additional data indicative of the authorization is stored on the ICC. | 02-19-2015 |
20150067813 | Method and Apparatus for Trusted Federated Identity Management and Data Access Authorization - Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value. | 03-05-2015 |
20150067814 | Methods And Systems For Providing Controlled Access To The Internet - Novel, Internet-related architectures, methods and devices are proposed that are based on a fundamentally different philosophy: hosts (e.g., source and destination nodes) are given the ability to specify their access control policies to the network they are a part of, and the network enforces these policies. The architecture proposed is mobility friendly to the ever increasing number of mobile hosts and is scalable as well. | 03-05-2015 |
20150082411 | METHOD OF ENABLING A USER TO ACCESS A WEBSITE USING OVERLAY AUTHENTICATION - A method of enabling a user to access a website using overlay authentication. The method comprises initiating a login to a website by a user, the website providing a login page having a front end agent. The front end agent enables the user to logon to an authentication server using certificate based credentials. The authentication server communicates to a back-end agent to provide a user with a temporary website credential. The temporary website provides a credential to the front-end agent to facilitate the login to the website. | 03-19-2015 |
20150113627 | METHOD FOR ASSIGNING AN AGENT DEVICE FROM A FIRST DEVICE REGISTRY TO A SECOND DEVICE REGISTRY - An agent device is registered in a first device registry maintained by a first registry apparatus for authenticating agent devices for communicating with application providing apparatuses. The agent device can be assigned to a second device registry maintained by second registry apparatus. The method of assignment comprises the first registry apparatus receiving from a requestor device a device assignment request. In response to the device assignment request, the first registry apparatus checks whether the agent device is allowed to be assigned to the second device registry, and if so, the agent device transmits second authentication information for authenticating the identity of the agent device to the second registry apparatus which registers this in the second device registry. | 04-23-2015 |
20150113628 | INFRASTRUCTURE SUPPORT OPTIMIZATION - Systems and methods for infrastructure support optimization are described. The system includes an authorization module to verify a user, based on authorization rules, to provide access to the user to one or more infrastructure elements, and obtain ticket attribute data from a ticketing system, based on the verification, where the ticket attribute data comprises a plurality of attributes associated with a ticket to be resolved by the user. The authorization module also receives a support action, to be performed on the infrastructure element to resolve the ticket, where the support action includes at least one of an operation to resolve the ticket, and a standard support service. Further, the system includes a log generation module to append the support action to an operation log with corresponding ticket attribute data. | 04-23-2015 |
20150135298 | Context Analysis at an Information Handling System to Manage Authentication Cycles - Context captured with sensors of an information handling system is applied to selectively lock access to currently unlocked information, with conditions for locking access based upon the context. Nervous states enforce locking of selected information based upon the confidence of the security of the information under sensed external conditions. Increased sensitivity for locking access includes reduced timeouts to a lock command, increased response to sensed conditions, and more rapid response where unlocked access is to sensitive information. | 05-14-2015 |
20150135299 | METHOD AND SYSTEM FOR ESTABLISHING IPSEC TUNNEL - Provided are a method and system for establishing an IPSec tunnel. The method comprises: an base station requesting a first configuration parameter from a configuration server, and requesting a digital certificate from a CA server according to the first configuration parameter which is responded by the configuration server; the base station establishing a temporary IPSec tunnel to a security gateway according to the acquired digital certificate, and requesting a second configuration parameter from a background network management unit through the temporary IPSec tunnel; and after acquiring the second configuration parameter, the base station dismantling the temporary IPSec tunnel, and establishing a permanent IPSec tunnel between itself and the security gateway according to the second configuration parameter. | 05-14-2015 |
20150319160 | Secure Management of Operations on Protected Virtual Machines - Deploying an encrypted entity on a trusted entity is illustrated herein. A method includes, at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity. The untrusted entity is not trusted by the authority. At the trusted entity, a trust credential from the authority is used to obtain a key from a key distribution service. The key distribution service is trusted by the authority. The key is used to decrypt the encrypted entity to allow the encrypted entity to be deployed at the trusted entity. | 11-05-2015 |
20150319162 | ELECTRONIC ARRANGEMENT AND METHOD FOR ENTITY-SPECIFIC TOKEN SET MANAGEMENT AND RELATED MECHANISM FOR OFFERING PERSONALIZED DIGITAL CONTENT BASED ON INTERACTIONS BETWEEN ENTITIES | 11-05-2015 |
20150319163 | Method for Identifying a Task Authorization - In an ad hoc mesh network, roles are assignment to the different network nodes, for example mesh point or mesh portal. The invention envisages that a network node identifies the certification and thus the permitted roles of another network node before it sends a message to said other network node. This ensures that the roles maintain their integrity and the security in the network is enhanced. | 11-05-2015 |
20150319164 | SYSTEM AND METHOD FOR CONNECTING CLIENT DEVICES TO A NETWORK - A system and method are provided for enabling a client device to connect to a network. The method comprises: obtaining an authorization code via a communication channel different from the network, the authorization code corresponding to the client device; and after detecting initiation of a security negotiation protocol by the client device, using the authorization code in at least one security negotiation operation. | 11-05-2015 |
20150332044 | Technique for Enabling a Client to Provide a Server Entity - A technique for enabling a client to provide a server entity is disclosed. In method aspects, a first method is performed in the client and comprises the steps of providing the client with a secure trusted environment, the environment being trusted by the client and by at least one third party, and accommodating, in the secure trusted environment, at least a local portion of the server entity, the server entity being configured to handle one or more server requests from the client, and data required by the server entity so as to handle the server request. A second method is performed in a server and comprises the steps of providing, for the secure trusted environment of the client, the environment being trusted by the client and by the at least one third party the at least local portion of the server entity, verification operation and the data. | 11-19-2015 |
20150341787 | SECURE TELEMATICS - A telematics system that includes a security controller is provided. The security controller is responsible for ensuring secure access to and controlled use of resources in the vehicle. The security measures relied on by the security controller can be based on digital certificates that grant rights to certificate holders, e.g., application developers. In the case in which applications are to be used with vehicle resources, procedures are implemented to make sure that certified applications do not jeopardize vehicle resources' security and vehicle users' safety. Relationships among interested entities are established to promote and support secure vehicle resource access and usage. The entities can include vehicle makers, communication service providers, communication apparatus vendors, vehicle subsystem suppliers, application developers, as well as vehicle owners/users. At least some of the entities can be members of a federation established to enhance and facilitate secure access and usage of vehicle resources. | 11-26-2015 |
20150350195 | SEAMLESS AUTHENTICATION MECHANISM FOR USER PROCESSES AND WEB SERVICES RESIDING ON COMMON HOST - Techniques are presented herein for authenticating local process to a web service, both executing on a common host computer server. The local process may present a self-signed certificate to the web service. In response, the web service may identify a file system directory on the first computer server containing a file storing the self-signed certificate. If the subject information identifying the owner of the process matches file system metadata indicating an owner of the file, then the web service may consider the process as being authenticated to the web service. | 12-03-2015 |
20150373013 | METHOD AND APPARATUS FOR VERIFYING AN APPLICATION TO AUTHORIZE CONTENT REPOSITORY ACCESS USING SSL CERTIFICATES - A computer implemented method and apparatus for verifying an application to authorize content repository access using SSL certificates. The method comprises receiving a request for accessing a content repository from an application wherein the request is to perform one or more transactions on the content repository; and establishing a user identifier and one or more rules for accessing the content repository wherein the one or more rules are established using an authenticated SSL certificate to verify the application. | 12-24-2015 |
20160014113 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT | 01-14-2016 |
20160014115 | APPARATUS USED FOR SECURITY INFORMATION INTERACTION | 01-14-2016 |
20160021100 | METHOD, SYSTEM, AND DEVICE FOR GENERATING, STORING, USING, AND VALIDATING TAGS AND DATA - A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag ( | 01-21-2016 |
20160050200 | Network Identity Certificate Pinning - Systems, methods and apparatuses for ensuring that a computing device is attempting to connect to a network, such as a wireless network, provided by an expected or trusted entity. For instance, a certificate may be generated for a network and/or associated with the network. The certificate may then be transmitted to one or more computing devices that may be authorized to access the network. Accordingly, when the computing device selects the network for connection, the system may determine whether the certificate associated with the network is paired with the certificate provided on the computing device. If so, the computing device may be permitted to transmit data over the network. Alternatively, if the network certificate is not paired with the certificate provided on the computing device, the computing device may be prevented from transmitting data over the network. | 02-18-2016 |
20160057141 | NETWORK SYSTEM COMPRISING A SECURITY MANAGEMENT SERVER AND A HOME NETWORK, AND METHOD FOR INCLUDING A DEVICE IN THE NETWORK SYSTEM - The network system comprises a security management server and a first device is added to the network system by creating a one-time code on the security management server, which is used for connecting the device to the security management server. A server certificate is sent to the device, and a user device certificate generated in the device is sent to the security management server. The user device certificate is signed with an administrator key on the security management server, which signed user device certificate is sent from the security management server to the device and which is used by the device for communication with a further device of the network system. The network system is in particular a secured home network. | 02-25-2016 |
20160065565 | System, Method and Process for Detecting Advanced and Targeted Attacks with the Recoupling of Kerberos Authentication and Authorization - A method, system and computer program for recoupling Kerberos Authentication and Authorization requests, the method including the steps of (a) extracting authorization information, including a copy of a Ticket Granting Ticket (TGT), from an authorization request; (b) retrieving authentication information including the TOT, the authentication information having been previously extracted from an authentication transaction and stored; (c) cross-referencing the extracted authorization information with the retrieved authentication information, such that a discrepancy between the cross-referenced information invokes a security event alert. | 03-03-2016 |
20160087972 | CERTIFICATE-BASED AUTHENTICATION - A method for authentication, operational in a device configured to communicate with a Long-Term Evolution (LTE) network, is described. The method includes receiving a first message from the LTE network that indicates the LTE network supports establishment of an LTE security context based on executing certificate-based authentication in lieu of subscriber identity module (SIM)-based authentication. The method also includes communicating one or more messages with the LTE network to execute certificate-based authentication. The method further includes establishing the LTE security context based on keys derived from the certificate-based authentication. | 03-24-2016 |
20160087974 | DETERMINING WEBSITE SECURE CERTIFICATE STATUS VIA PARTNER BROWSER PLUGIN - Methods of the present inventions allow for determining website secure certificate status via a partner browser plugin. An exemplary method may comprise storing, on a server communicatively coupled to a network, a plugin configured to determine the secure certificate status of a website browsed in the browser. A request for the plugin, from a partner having a unique identifier, may be received at the server. The plugin may be coded with the partner's unique identifier and transmitted to the partner. The server subsequently may receive, from the plugin, the website's uniform resource locator and secure certificate status along with the partner's unique identifier, which may be used to identify the source of the data. | 03-24-2016 |
20160105423 | CERTIFICATES FOR LOW-POWER OR LOW-MEMORY DEVICES - Methods and systems for generating or validating compact certificates include receiving a first format of the certificate. Moreover, obtain a signature for the certificate in the first format. For each field of the certificate decode the field to obtain a value for the field from the first format and encoding the value for the field into a second format. Decoding and encoding for each field is done incrementally in the same order of the fields as the first format. In other words, a next field is not decoded from the first format until the field is encoded in the second format. Furthermore, a security envelope is encoded using the signature in the first format and the fields. | 04-14-2016 |
20160112405 | System, Network Terminal, Browser And Method For Displaying The Relevant Information Of Accessed Website - A method, browser, network device and system for presenting relevant information of accessed website are disclosed in the present disclosure. The method comprises the following steps: receiving the website address of the accessed website at the browser; requesting a security detecting device to detect the website address; receiving the detecting result returned from the security detecting device; when the website address is indicated to be a malicious website address by the detecting result, displaying a prompt message that the accessed website is a malicious website at the browser; and when the website address is indicated to be an un-malicious website address by the detecting result, obtaining the website certification information of the accessed website from a first server, and displaying the obtained website certification information at the browser. The technical solution of the present disclosure can solve the problem that, if a remote server had not been updated in time, the website would be displayed as a safe website even if the accessed website has a virus. A beneficial effect of higher veracity in security detecting of the accessed website is achieved. | 04-21-2016 |
20160112406 | AUTHENTICATION AND AUTHORIZATION IN AN INDUSTRIAL CONTROL SYSTEM USING A SINGLE DIGITAL CERTIFICATE - Systems and methods for performing access control in an industrial control system are described. A first component of an industrial control system may be connected to a second component of the industrial control system. A digital certificate may be generated for the first component that includes both authentication information and authorization information associated with the first component. The first component may transmit the digital certificate to the second component, and the second component may extract the authorization information from the digital certificate. The second component may identify a set of access rights based on the authorization information extracted and authorize the first component to access the second component based on the set of access rights identified. | 04-21-2016 |
20160125177 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, ACCESS CONTROL METHOD, AND PROGRAM - An information processing system including at least one information processing apparatus includes an access control unit configured to receive a request from a service use apparatus to a service providing apparatus, to give, in a case where the request includes information of a completed authentication, based on setup information in which a type of giving information to be given to the request is set, the giving information of the type set in the setup information, and to send the request to the service providing apparatus; and an information providing unit configured to administer the giving information corresponding to the information of the completed authentication, and to provide the giving information corresponding to the information of the completed authentication received from the access control unit to the access control unit. | 05-05-2016 |
20160127351 | CONTINUOUS MULTI-FACTOR AUTHENTICATION - Technologies for continuously authenticating a user via multiple authentication factors include a computing device for generating a continuous authentication assertion indicating that continuous authentication of a user is being monitored, sending the continuous authentication assertion to a key distribution center server, and requesting and receiving an initial ticket from the key distribution center server. Such technologies may also include requesting a service ticket from the key distribution center server for accessing a service provider server, receiving a service ticket from the key distribution center server including the continuous authentication assertion, requesting access to the service provider server with the service ticket including the continuous authentication assertion, and accessing the service provider server in response to the continuous authentication assertion being verified. | 05-05-2016 |
20160127354 | MANAGEMENT METHOD AND ARRANGEMENT FOR OUTPATIENT ELECTROCARDIOGRAPHY ON A PATIENT - A management method for outpatient electrocardiography on a patient using an ECG recorder, an administration network, a first mobile device and at least one second mobile device is provided. In order to initialize outpatient electrocardiography on a patient, the first mobile device is connected to the ECG recorder and to the administration network and in the process an identification code assigned to the ECG recorder is transmitted from the ECG recorder to the administration network. After the verification of the authorizations of the mobile device, at least one certificate assigned to the ECG recorder is provided by the administration network and is transmitted to the ECG recorder for storage via the mobile device. The second mobile device is connected to the ECG recorder and to the administration network and in the process the identification code assigned to the ECG recorder is transmitted from the ECG recorder to the administration network. | 05-05-2016 |
20160134617 | SENDING SESSION TOKENS THROUGH PASSIVE CLIENTS - A session token can be requested to be sent to a first computing service from a second computing service, and a first computing service can receive the requested session token from the second computing service. The first computing service can send a message that includes the session token through a passive client to the second computing service. The second computing service can receive the message that includes the session token from the passive client, and the second computing service can verify that the message is valid. This verification of the validity of the message can include verifying that the session token received back from the passive client matches the session token the second computing service sent to the first computing service. | 05-12-2016 |
20160149907 | BIOMETRIC-BASED WIRELESS DEVICE ASSOCIATION - According to one aspect of the present disclosure, a method and technique for automatically associating a wireless device to a data processing system using biometric data is disclosed. The method includes: receiving biometric data corresponding to a user of a data processing system; creating a certificate by the data processing system based on the biometric data; discovering a wireless device able to communicate with the data processing system; responsive to discovering the wireless device, automatically requesting a certificate from the wireless device; and, responsive to the certificate from the wireless device matching the certificate created by the data processing system, automatically associating the wireless device with the data processing system. | 05-26-2016 |
20160164863 | PROXY SERVER-BASED NETWORK SITE ACCOUNT MANAGEMENT - Disclosed are various embodiments for network site account management using a proxy server. A request for a secured resource on a network site is generated based at least in part on stored account information in response to receiving an initial request for the secured resource from a client. The request is sent to the network site. The secured resource is sent to the client in response to receiving the secured resource from the network site. | 06-09-2016 |
20160182305 | Methods and Apparatus for Providing Adaptive Private Network Centralized Management System Discovery Processes | 06-23-2016 |
20160182494 | DISTRIBUTED DEVICE MANAGEMENT AND DIRECTORY RESOLUTION | 06-23-2016 |