Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Tickets (e.g., Kerberos or certificates, etc.)

Subclass of:

726 - Information security

726002000 - ACCESS CONTROL OR AUTHENTICATION

726003000 - Network

726005000 - Credential

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20080263653APPARATUS, SYSTEM, AND METHOD FOR ESTABLISHING A REUSABLE AND RECONFIGURABLE MODEL FOR FAST AND PERSISTENT CONNECTIONS IN DATABASE DRIVERS - An apparatus, system, and method for establishing a reusable and reconfigurable trusted connection within a trusted context. The invention enhances interoperability with any existing authentication methods including the Kerberos, the DCE, and a combination of a user name and a password. The present invention includes common interfaces in a database driver for a middleware server to obtain a trusted connection. The invention enhances trusted context interoperability by allowing different types of trusted connections such as a normal connection, a pooled connection, or even a distribution transaction connection. The database driver generates unique identifiable information once a trusted connection is authenticated that can be utilized to reuse and reconfigure the trusted connection without re-authentication. The present invention allows various types of trusted connections to be established through any authentication mechanisms and allows those trusted connections to be reused and reconfigured, even by a different client, in a fast and persistent way.10-23-2008
20100050247AUTHENTICATION SYSTEM AND METHOD INCLUDING IMAGE FORMING APPARATUS - The present invention enables any authentication for a plurality of authentication methods with an authentication server for storing management data on a user. The present invention uses one of set information for logging in with an IC card and user input information from operation means in the case of logging in to a directory server; requests the directory server from a Kerberos authentication operation part for a service ticket; requests the directory server from an LDAP communication operation part for authentication with the service ticket obtained by the relevant request; and requests the directory server from the authentication processing functioning part for a search for granting use of the relevant MFP to a user with one of card information read by a card reader and a user name of user input information in the case where authentication to the directory server by the relevant request is successful.02-25-2010
20110202992 METHOD FOR AUTHENTICATING A TRUSTED PLATFORM BASED ON THE TRI-ELEMENT PEER AUTHENTICATION(TEPA) - A method for authenticating a trusted platform based on the Tri-element Peer Authentication (TePA). The method includes the following steps: A) a second attesting system sends the first message to a first attesting system; B) the first attesting system sends a second message to the second attesting system after receiving the first message; C) the second attesting system sends a third message to a Trusted Third Party (TTP) after receiving the second message; D) the TTP sends a fourth message to the second attesting system after receiving the third message; E) the second attesting system sends a fifth message to the first attesting system after receiving the fourth message; and F) the first attesting system performs an access control after receiving the fifth message. The method for authenticating a trusted platform based on TePA of the present invention adopts the security architecture of TePA, and improves the safety of an evaluation agreement of the trusted platform, realizes the mutual evaluation of the trusted platform between the attesting systems, and extends the application ranges.08-18-2011
20130042315Client-Client-Server Authentication - Described is a technology by which machines of a (typically small) network have associated public key-based certificates for use in authentication with a server and validation of other machines in the network. This provides an inexpensive and straightforward mechanism to control, manage and maintain client machines, as well as to allow valid client machines to securely communicate with one another and recognize machines that are not valid on the network. Certificates are maintained on the server and checked for validity as needed.02-14-2013
20130042316METHOD AND APPARATUS FOR REDIRECTING DATA TRAFFIC - A method and apparatus for redirecting data traffic are provided. The method includes receiving a service request from a first device, allocating resources for the service, associating the resources with a first unique identifier, confirming the service request with the first device, receiving a connection request from a second device including the first unique identifier and an authentication certificate, passing the authentication certificate to the first device, and receiving an authentication confirmation from the first device. The method further includes, in response to receiving the authentication confirmation, accepting the connection request from the second device, providing an indication regarding at least one lo-cal area network to the second device, and providing required credentials associated with the at least one local area network to the second device.02-14-2013
20090158414METHOD AND APPARATUS FOR MUTUALLY AUTHENTICATING A USER DEVICE OF A PRIMARY SERVICE PROVIDER - A system and method for communicating between a secondary content provider and a user device includes a primary service provider having an authentication server of a primary service provider authenticating the user device. The primary service provider provides primary content to the user device. The system also includes a supplemental service provider. The authentication server authenticates the service provider. The user device and the supplemental service provider mutually authenticate each other. Thereafter, the supplemental service provider communicates supplemental content to the user device.06-18-2009
20090119765INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND STORAGE MEDIA STORING USER CERTIFICATION PROGRAM - The information processing device includes, a communication portion that communicates with a certification device which performs certification of whether or not a user has usage permission, a reception portion that receives input identification information for identifying the user, a storage portion that stores previously registered identification information, a certification portion that performs user certification, when the reception portion receives the input identification information and the communication portion requests certification of a user by sending the identification information to the certification device, based on result information, when result information is obtained from the certification device indicating a certification result, and based on whether or not the identification information is stored in the storage portion, when the result information is not obtained, and a registration portion that registers the certified identification information in the storage portion, when certification that a user has usage permission is obtained based on the result information.05-07-2009
20120192261SYSTEM AND METHOD FOR THE MANAGEMENT OF SECURE ELECTRONIC CORRESPONDENCE SESSIONS - A system and method for the management of secure electronic correspondences. The system includes at least one directory, at least one domicile server, at least one processing operator and at least one certification operator. The correspondence sessions are opened by a strong authentication procedure comprising the routing of a secret code over a channel different from the session channel and an identifier specific to the current session. In addition, in order to allow the delivery of correspondence to be sent, it is necessary for the validity of the trust attributes of the sender, the recipients and those involved in the document processing chain be certified by the certification operator for the level required for delivery. The compliance of the processing operations with the operator's specifications is checked by sending, acknowledging and returning certification tokens specific to each of the processing steps.07-26-2012
20090055918METHOD OF MUTUALLY AUTHENTICATING BETWEEN SOFTWARE MOBILITY DEVICE AND LOCAL HOST AND A METHOD OF FORMING INPUT/OUTPUT (I/O) CHANNEL - A method of mutually authenticating between a local host and a software mobility device including an operating system virtualization layer, and a method of forming an input/output (I/O) channel. The method of authenticating a local host in the software mobility device includes requesting a certificate from the local host in which an integrity value of the local host is stored, and receiving the certificate from the local host; receiving an integrity value measured in the local host and comparing the measured integrity value with the integrity value included in the certificate to verify the local host; and when the local host is verified, encrypting a security profile of the software mobility device and transmitting the encrypted security profile to the local host so as to provide secure communication between the local host and the software mobility device.02-26-2009
20090055917Authentication method and authentication system using the same - An authentication method is provided in which authentication is performed between terminals respectively belonging to a first realm and a second realm that is different from the first realm, with using a Kerberos authentication method. In order to obtain authentication with a terminal belonging to the second realm, a terminal belonging to the first realm requests a ticket granting ticket for accessing a key distribution center in the second realm, from a key distribution center in the first realm. The key distribution center in the first realm transmits an encrypted IP address of the key distribution center in the second realm together with the requested ticket granting ticket, to the terminal belonging to the first realm.02-26-2009
20120117639REMOTE AUTHENTICATION BASED ON CHALLENGE-RESPONSE USING DIGITAL CERTIFICATES - Embodiments of the invention provide for authenticating users of web-based applications by presenting a previously acquired signed digital signature. Examples establish secure user sessions between a client and a user in response to a verification of an identification of the user by the client, the client creating a unique username for the user and unlocking access by the user to a client digital signature for use with a request for service from a third party web server. A secure facilitator session is established between the client and a third party web server, wherein messages exchanged with the unique username and a unique session identification indicia of the secure facilitator session signed by the unlocked digital signature result in executed processes requested by the service identifier data if the messages are validated without the client requiring the user to verify user identification for any message until a secure facilitator session ends.05-10-2012
20090235347METHOD AND SYSTEM FOR SECURELY STREAMING CONTENT - A system and method for securely streaming media. The system includes a gateway server that receives requests for access to a secured data resource from an end users. The request include an authorization ticket and a referring website. The gateway server validates the authorization ticket using a secret key shared with the referring website, and validates the referring website by verifying that referring website is on a white-list for the secured data resource. The gateway server selects a data server to service the request, and formats a data server access request containing the data server location and data server request parameter data and transmits the data server access request to the end users. When end users transmit the data server access requests to a data server, the data server validates the request and transmits it to the end user.09-17-2009
20080295162METHOD AND APPARATUS FOR AUTHENTICATING USERS IN A NETWORK11-27-2008
20090031410Certificate generation for a network appliance - A method and system for generating identity certificates. The method may include receiving a user request to activate a network appliance, and causing a network appliance identifier and a transaction identifier of an activation transaction associated with the user request to be transmitted to the network appliance. A certificate signing request (CSR) and the transaction identifier may be received from the network appliance, the CSR including the network appliance identifier. A certificate may be generated for the network appliance if the activation transaction is valid.01-29-2009
20110289577ACCESSING DATA UTILIZING ENTITY REGISTRATION IN MULTIPLE DISPERSED STORAGE NETWORKS - A method begins by a processing module determining whether a data access request is requesting access to data stored in a plurality of dispersed storage networks (DSNs). The method continues with the processing module determining whether one of the plurality of DSNs is a home DSN to a requesting entity when the data access request is requesting access to data stored in the plurality of DSNs. The method continues with the processing module utilizing a local signed certificate to access one or more dispersed storage (DS) units of the home DSN, validating a global signed certificate with one or more DS units of a non-home DSN of the plurality of DSNs to produce a valid global signed certificate, and utilizing the valid signed certificate to access the one or more DS units of the non-home DSN when the plurality of DSNs includes the home DSN.11-24-2011
20110296515METHOD FOR MANAGING COMPUTER RESOURCES ACCESSED BY A PROGRAM OPERATING IN A RESTRICTED ENVIRONMENT - A resource manager of an operating system of a data processing system receives a first request from a first program for a ticket for accessing at least one of resources of the data processing system. In response to the first request, the resource manager determines whether the first program is entitled to access the resource. The ticket for accessing the resource is issued to the first program if the first program is entitled to access the resource. The ticket can be used by a second program to obtain rights to access the resource by acquiring the ticket from the first program, where the second program would not otherwise be entitled to access the resource based on a security profile associated with the second program.12-01-2011
20120023568Method and Apparatus for Trusted Federated Identity Management and Data Access Authorization - Systems, methods, and instrumentalities are disclosed that may provide for integration of trusted OpenID (TOpenID) with OpenID. The authentication may be accomplished, in part, via communications between a trusted ticket server on a UE and a network application function. The UE may retrieve platform validation data (e.g., from a trusted platform module on the UE). The UE may receive a platform verification in response to the platform validation data. The platform verification may indicate that the network application function has verified the platform validation data and the user. The platform verification may indicate that the platform validation data matches a previously generated reference value.01-26-2012
20100071048SERVICE BINDING - Embodiments for performing service binding between a client and a target server are disclosed. In accordance with one embodiment, a clear text client service binding value is received from a client at the target server, the client service binding value is compared to a server service binding value, and a communication channel is formed between the client and the target server when the client service binding value matches the server service binding value.03-18-2010
20110219442Policy-Based Security Certificate Filtering - Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.09-08-2011
20120110654SECURE CONNECTION SYSTEMS AND METHODS FOR VEHICLES - A communication system of a vehicle includes a mode determination module and a connection control module. The mode determination module sets a mode of operation to one of a first mode and a second mode based on a comparison of a common name (CN) of a root certificate with first and second predetermined CNs associated with operation in the first and second modes, respectively. The connection control module selectively transmits a request to one of a first server and a second server to establish a secure wireless connection between the connection control module and the one of the first and second servers. The first and second servers are different, and the first and second predetermined CNs are different.05-03-2012
20090150989USER AUTHENTICATION - A device, method, and system disclosed herein may be used to integrate and control authentication and passwords among various applications and platforms. The exemplary method may obtain a service ticket from a key distribution center of the key distribution center authentication process and generate a random key. A port between the client and the service may be created and utilized to transmit the service ticket and the random key to a service from the client. The random key may replace a password provided by the user. The random key in the password field of the service logon is transmitted to the service. The service authenticates the random key in the password field with the stored random key in the cache of the service. Once authenticated the service ticket is validated.06-11-2009
20090150988Authenticated service virtualization - Virtualizing a service is disclosed. A request to access a service from a first server is received from a client. A secret data associated with the first server is used to process the received request. The processed request is sent to a second server. The first and second servers are associated with a virtualization; and wherein the processed request can be used by the second server to authenticate the client.06-11-2009
20090187983METHOD AND SYSTEM FOR DISTRIBUTED, LOCALIZED AUTHENTICATION IN THE FRAMEWORK OF 802.11 - A method for controlling Internet access of a mobile device by using a communication system having a number of access points includes the steps of performing a certificate-based authentication between an authentication access point and a mobile device seeking access to the Internet; transmitting a certificate from the mobile device to the authentication access point; verifying the certificate by the authentication access point; determining whether the authenticating mobile device's certificate has been revoked prior to the expiration of its lifetime; and granting the authenticating mobile device access to the Internet, if the certificate has been verified successfully and not revoked prior to the expiration of its lifetime.07-23-2009
20120297473CERTIFICATE VALIDATION AND CHANNEL BINDING - A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate.11-22-2012
20120297474RELAY NODE AUTHENTICATION METHOD, APPARATUS, AND SYSTEM - Embodiments of the present invention disclose a relay node authentication method, apparatus, and system. The method provided in an embodiment of the present invention includes: sending, by a relay node, an authentication request message to a peer node, where the authentication request message includes a certificate of the relay node, so that the peer node authenticates the relay node according to the certificate of the relay node, where the peer node is a network side node or a security gateway in a security domain where the network side node is located; and receiving, by the relay node, an authentication response message sent by the peer node, where the authentication response message includes a certificate of the peer node, and authenticating the peer node according to the certificate of the peer node.11-22-2012
20110173691METHOD FOR DOWNLOADING SOFTWARE - A method for downloading software from a host device to an electronic device through a communication line, which, even when the download is interrupted, can simplify the procedure to restart the download while maintaining security. In the method, a certificate of authenticity data, which the card reader has obtained from the HOST computer, is stored in the non volatile memory. The download of the software from the HOST computer to the card reader is executed. The verification of authenticity data is obtained by calculation with respect to the downloaded software. This verification of authenticity data is then compared with the certificate of authenticity data obtained from the HOST computer, and the downloaded software is run when the certificate of authenticity data matches the verification of authenticity data.07-14-2011
20080216166Method and Apparatus for Detecting Grid Intrusions - A method, apparatus, and computer instructions for authorizing a user to access grid resources. A request is received from the user to access a resource on the data processing system. This request includes a certificate. An authentication process is performed using the certificate when the request is received. In response to successfully authenticating the user in the authentication process, a first host name for the certificate is requested from a trusted source. A reply containing the first host name is received. Access to the resource is provided if the first host name returned by the trusted source matches a second host name for the user from which the request originated.09-04-2008
20090007250Client authentication distributor - The claimed method and system provides a client authentication distributor component (CAD) that handles multiple client application requests for authentication to a common authentication provider. In one embodiment, only a single user sign on process may be required after which the CAD manages future authentication processes on behalf of the user without the user requiring to provide credentials.01-01-2009
20080289024Printing Apparatus and Information Processing Apparatus - A printing apparatus is connected to a network which includes an information processing apparatus transmitting printing data and an authentication information issuance server issuing authentication information to the information processing apparatus. The printing apparatus includes a transmitting unit, a receiving unit, and a printing unit. The transmitting unit transmits, to the information processing apparatus, information showing the authentication information being required, the authentication information is required in order to perform printing based on the printing data transmitted from the information processing apparatus, and the authentication information is issued from the authentication information issuance server. The authentication information indicates permission issued from the authentication information issuance server. The receiving unit receives the authentication information issued from the authentication information issuance server and the printing data from the information processing apparatus. The printing unit performs a print job based on the printing data received by the receiving unit.11-20-2008
20080289025Method and an apparatus to validate a web session in a proxy server - Some embodiments of a method and an apparatus to validate a web session in a proxy server have been presented. In one embodiment, a first message authentication code is generated at a proxy server communicatively coupled between an application server and a client upon receiving a message from the application server. The message is generated by the application server in response to an authentication request from the client to initiate a web session. The proxy server then adds the first message authentication code and one or more timestamps to the message. Then the proxy server may send the message to the client, wherein the client may use the first message authentication code and the one or more timestamps to request access to predetermined content during the web session.11-20-2008
20100313259Method for Establishing a Secure Connection from a Service Technician to a Component of an Automation Environment that can be Remotely Diagnosed and/or Maintained and is Experiencing Failure - A method for establishing a secure connection from a service technician to a component of an automation environment that can be remotely diagnosed and/or maintained and is experiencing failure. A service certificate is required for establishing the secure connection, wherein a secure initial connection is first established to the automation environment by the service technician using a one-time password. With the initial connection, a service certificate required for establishing the secure connection to the component of the automation environment experiencing the failure is subsequently transmitted from the automation environment to the service technician. The secure connection from the service technician to the component experiencing the failure is then established by means of the service certificate. The invention further relates to an automation environment that is suitable for carrying out a method of said kind.12-09-2010
20080271133Authenticating a Requestor Without Providing a Key - A method for authenticating a requesting entity in a communications environment. In an exemplary embodiment, the method includes determining a client identification of a client node associated with the requesting entity, and determining whether the requesting entity associated with the client node is acting in a supervisor capacity. A key to the requesting entity is returned from a resource provider node upon determining that the client identification of the client node indicates that the client node is permitted to access one or more resources of the provider node, and that the client node is acting in a supervisor capacity.10-30-2008
20110214174STATISTICAL SECURITY FOR ANONYMOUS MESH-UP ORIENTED ONLINE SERVICES - Web pages and applications commonly consume functionality provided by services to provide users with a rich experience. For example, a backend mapping service may provide access to these services. However, the users and application consuming the services may be anonymous and unverified. Accordingly, a two ticket validation technique is provided to validate service execution requests from anonymous applications. In particular, a user is provided with a client ticket comprising a reputation. The reputation may be adjusted over time based upon how the user consumes services. An application may request access to a service by providing the client ticket and an application ticket for validation. The reputation of the user may be used to determine an access level at which the application may access the service. Users with a high reputation may receive high quality access to the service, while users with a low reputation may receive lower quality access.09-01-2011
20090178130VERIFYING THAT GROUP MEMBERSHIP REQUIREMENTS ARE MET BY USERS - In an embodiment, a verifier receives requirements for membership in a group from a service and receives proof of attributes from users. The verifier verifies whether the proof of attributes meets the membership requirements and sends acceptance or rejection to the service. If the proof meets the requirements, the service allows the users to become members of the group and allows the members to transfer data to and from other members. If the proof does not meet the requirements, the service prevents the users from becoming members. In this way, the service and group members know that other group members satisfy the group membership requirements without needing to know the identity of the group members or other information unrelated to the group membership requirements.07-09-2009
20120198540Internet-based fill-level measurement value and diagnostic information polling system - An Internet-based fill-level measurement value and diagnostic information polling system includes several field devices, a central server and a processing unit that is connected to the server by way of the internet. In response to a user inquiry the server generates a certificate and an associated data object that characterizes the data that may be polled by the user. In response to an inquiry by the user, with which inquiry the certificate is sent along to the server, the server automatically transmits the requested data to the user if a check of the certificate shows that the user is authorized to receive this.08-02-2012
20090025076Mail certificate responder - A method and apparatus for generating a mail certificate is described. A client determines whether the client possesses a certificate. If a certificate is needed, the client sends a request to a certificate responder for a new certificate in response to the determination. The certificate responder generates and sends the new certificate back to the client.01-22-2009
20090025075On-demand authentication of call session party information during a telephone call - A method comprises a plurality of operations. An operation is performed for requesting authentication of a target call session party during a call session between the target party and a call session party requesting said authentication. An operation is performed for receiving authentication information of the target call session party during the call session in response to requesting said authentication. An operation is performed for facilitating authentication of said authentication information during the call session in response to receiving said authentication information.01-22-2009
20090031411Method and sytsem for assuring security of a transaction in a telecommunication network - The invention relates to a method for assuring security of a commercial transaction between a terminal (01-29-2009
20090031409Preventing Unauthorized Poaching of Set Top Box Assets - To prevent poaching of an Internet Protocol (IP) set top box (STB) asset or similar network computing device from one system operator to another, code executing in the IP STB not only authenticates downloaded software images using a public key provided in a serial-number assigned digital certificate, but also confirms that the serial number appears on a signed whitelist, or does not appear on a signed blacklist. The code executing in the STB further preferably enforces a rule that only the authority that signed the already-loaded whitelist/blacklist may replace it with a new list. Such a “sticky whitelist/blacklist” ensures that if the STB boots or resets in a new network, the existing authentication list will not be replaced by a list that is valid for a new or different network, and, as a result, that new software code images will not be authenticated.01-29-2009
20090064303TRANSFERABLE RESTRICTED SECURITY TOKENS - In a web-based service environment, third party providers need to have varying degrees of access to user data for their complementary services. To prevent third party providers from having broader access than necessary or not adequate levels of access, transferable restricted security tickets are employed to determine an appropriate level of access for third parties. Tickets with expiration and restriction roles define a duration and level of access for a third party. The restrictions are determined through an intersection of the authorizing user's security role and restriction roles defined in the system.03-05-2009
20120079585PROXY AUTHENTICATION AND INDIRECT CERTIFICATE CHAINING - Embodiments of proxy authentication and indirect certificate chaining are described herein. In an implementation, authentication for a client occurs via a proxy service. Proxy service communicates between client and server, and caches security tokens on behalf of the client. In an implementation, trustworthiness of certificate presented to a client to establish trust is determined utilizing a signed data package which incorporates a plurality of known certificates. The presented certificate is verified without utilizing root certificates installed on the client device.03-29-2012
20120079584Authenticating A Node In A Communication Network - A method and apparatus for authenticating a first node's identity in a communication network. An authentication node receives from a second node an authentication request. The authentication request includes a first certificate that has previously been presented to the second node by a node purporting to be the first node. The authentication node retrieves a second certificate belonging to the first node from the first node, and compares the first certificate with the second certificate. If the certificates match, then the first node's identity can be authenticated but if the certificates do not match, then the first node's identity cannot be authenticated. The results of the comparison are then sent to the second node.03-29-2012
20090100512Setting a preliminary time on a network appliance using a digital certificate - A method and system for setting a time on a network appliance. The method may include attempting to establish a secure connection with a server using a certificate issued for a network appliance, and determining that an attempt to establish a secure connection has failed. The method may further include determining that a possible cause of the failure to establish a secure connection is incorrect time data provided by the network appliance, and updating the time on the network appliance using time data contained in the certificate.04-16-2009
20090205037Mobile terminal, resource access control system for mobile terminal, and resource access control method in mobile terminal - The present invention provides a mobile terminal, a resource access control system for a mobile terminal, and a resource access control method in a mobile terminal which can flexibly change resources that can be accessed by an application. An application manager 08-13-2009
20090222902Methods And Apparatus For Use In Enabling A Mobile Communication Device With A Digital Certificate - In one illustrative scenario, a mobile communication device causes a communication session to be established with a host server of a communication network. The mobile device performs communication operations in the communication session for activating a communication service, such as a data synchronization service, with the host server. In the communication session, the mobile device also receives configuration information which includes information for use in constructing a request message for obtaining a digital certificate from a certificate authority (CA). After receipt of the configuration information, the mobile device constructs the request message for the digital certificate and causes it to be sent to the host server. In response, the host server requests and obtains the digital certificate from the CA on behalf of the mobile device, and thereafter “pushes” the received digital certificate to the mobile device. The mobile device receives the digital certificate and stores it for use in subsequent communications. The host server may be part of a local area network (LAN) which includes a wireless LAN (WLAN) adapted to authenticate the mobile device based on the digital certificate, so that the mobile device may obtain access to the WLAN.09-03-2009
20090222901Collecting Account Access Statistics from Information Provided by Presence of Client Certificates - A method and system for collecting account access statistics from information provided by client certificates. In one embodiment, the method comprises requesting client certificates from remote terminals that request to access a computing resource. The method further comprises updating the account access statistics based on information provided by presence or absence of the client certificates and contents of the client certificates for the client certificates that are present.09-03-2009
20090222903SYSTEM AND METHOD FOR SHARED RESOURCE OWNER BASED ACCESS CONTROL - Method and system for controlling application access to a shared resource in a runtime environment. The shared resource is owned by a remote resource owner. An access control ticket including a permission for the shared resource, a cryptographically verifiable remote resource owner identifier and a cryptographically verifiable application owner identifier are generated. The access control ticket is approved and signed by the remote resource owner, and transmitted to the runtime environment. The application, when executed in the runtime environment, accesses the resource based on the permission.09-03-2009
20090249463METHOD AND APPARATUS FOR SECURED EMBEDDED DEVICE COMMUNICATION - In a computing device that includes a host operating system and a management engine separate from the host operating system, if the primary operating system is not operating, a management engine may obtain from a credential server via a first network connection logon information for a secured network and the management engine connects to the secure network through a secured connection using the logon information. If the operating system is operating the operating system provides the logon information to the management engine. Certificate verification may be performed by a remote server on behalf of the management engine. Other embodiments are disclosed and claimed.10-01-2009
20100169963SYSTEMS AND METHODS TO ROTATE SECURITY ASSETS USED FOR SECURE COMMUNICATIONS - Systems and methods to rotate security assets used to for secure communications are disclosed. The system includes receiving a first certificate that includes a first subject name for the remote servers. The first certificate further includes a first public key. Next, the system receives a second certificate that includes the first subject name for the remote servers. The second certificate further includes a second public key that is different from the first public key. Next, the system stores the first and second certificates in a trust module. Next, the system receive a third certificate from a first server included in the plurality of remote servers. Next, the system identifies the first server is trusted. The identifying is based on the third certificate matching any one of the first certificate and the second certificate. Finally, the system establishes a secure communication session with the first server based on the identifying the first server is trusted.07-01-2010
20100154048Digital Receipt For A Transaction - A first user (06-17-2010
20100175121ADDING BIOMETRIC IDENTIFICATION TO THE CLIENT SECURITY INFRASTRUCTURE FOR AN ENTERPRISE SERVICE BUS SYSTEM - An enterprise service bus client accesses a user's biometric information, where the biometric information is accessed from a biometric input device coupled to the enterprise service bus client. Furthermore, the enterprise service bus client retrieves a certificate using the user's biometric information. With the certificate, the enterprise service bus client establishes a connection with an enterprise service bus server and accesses an enterprise service bus service.07-08-2010
20100180330Securing Communications for Web Mashups - Techniques described herein provide security for communications in web mashups. Some implementations secure web mashups by specifying and monitoring a lifecycle of one or more web applications that communicate with each other through implementation of lifecycle declarations. Furthermore, some implementations herein may use access tickets to provide access control between web applications in a web mashup.07-15-2010
20100251354IMAGE FORMING APPARATUS AND IMAGE FORMING SYSTEM - An image forming apparatus according to the present invention includes an authentication control unit configured to transmit authentication information including a login user name to an authentication server to cause the authentication server to perform authentication. When the authentication has been successful, the authentication control unit acquires user attribute information associated with the login user name from the authentication server. A job-history managing unit is configured to store the log information of a job in association with a display user name in the user attribute information.09-30-2010
20100146614Devices and Methods for Secure Internet Transactions - Devices and methods are disclosed which provide a mobile communications device with multiple methods of wireless communication which can use one method, such as WiFi, to connect to an independent wireless access point while using another method, such as cellular, to verify the security of the wireless access point. The wireless access point provides two SSID's: one private SSID, which is usually encrypted to prevent access, and one public SSID, which is open to any mobile communications device. The mobile communications device connects to the public SSID and downloads a digital certificate. The mobile communications device then uses its cellular connection to verify the authenticity of the digital certificate with its service provider. If verified, the mobile communications device can make use of the wireless access point.06-10-2010
20110067095METHOD AND APPARATUS FOR TRUSTED AUTHENTICATION AND LOGON - A method and apparatus for trusted authentication and logon is disclosed. A trusted platform module (TPM) based logon method is presented for authentication and access. A user registers an identity with an identity provider that is tightly bound to the user's specific platform, e.g., the TPM. If the user decides to login, for example to a service provider using this identity, the identity provider challenges the user to provide the correct credentials. The credentials consist of a TPM generated ticket, that is, a credential chain. This allows the user to login without the need for a password at the identity provider.03-17-2011
20100223664TOOLBAR DASHBOARD FUNCTIONALITY - A system described herein includes a receiver component that receives an indication that a user has selected a first selectable buttontab in a toolbar installed in a client application. The system further includes a display component that causes a dashboard to be displayed on a display device in response to receipt of the indication that the user has selected the buttontab. The dashboard includes a content window that displays content and the buttontab, wherein the dashboard is a seamless visual combination of the buttontab and the content window.09-02-2010
20090037997METHOD FOR DETECTING DNS REDIRECTS OR FRAUDULENT LOCAL CERTIFICATES FOR SSL SITES IN PHARMING/PHISHING SCHEMES BY REMOTE VALIDATION AND USING A CREDENTIAL MANAGER AND RECORDED CERTIFICATE ATTRIBUTES - Certificate information associated with a received certificate, such as a Secure Sockets Layer (SSL) certificate is stored in a trusted local cache and/or in one or more remote trusted sources, such as a single remote trusted source and/or a trusted peer network. When a site certificate is received on a host computer system, certificate information associated with the received site certificate is obtained and compared with the stored certificate information to determine whether or not the site certificate indicates malicious activity, such as a malicious DNS redirection or a fraudulent local certificate. When a site certificate is not found indicative of malicious activity, the site certificate is released. Alternatively, when a site certificates is found indicative of malicious activity protective action is taken. In some embodiments, a user's log-in credentials are automatically obtained from a trusted local cache and automatically submitted to a web site.02-05-2009
20100293609Processing communication events in a communications system - A method of communicating over a communications system includes determining that a communication event at a user terminal of the communications system requires use of a feature for processing data, the communication event being over the communications system and determining that the feature required by the communication event is not enabled for use at the user terminal when the communication event is initiated. Following the step of determining that the feature is not enabled, the method further includes retrieving a certificate enabling the use of the feature at the user terminal and using the feature at the user terminal to process data of the communication event.11-18-2010
20130139242Network Accessing Device and Method for Mutual Authentication Therebetween - A method for a mutual authentication between access network devices and an access network device are disclosed by the present invention. The method includes: configuring a certificate on the access network device; performing a mutual authentication based on the certificate between the access network devices. The present invention realizes the authentication between the access network devices, thus the user data can be transmitted directly.05-30-2013
20120174208Device API for Securely Monitoring and Managing Mobile Broadband Devices - There is provided a device application programming interface (API) for securely monitoring and managing mobile broadband devices. There is provided a client device with a processor configured to detect, using an API, the WWAN device, wherein the WWAN device conforms to the API, to perform a mutual authentication with the WWAN device by using a digital certificate of the WWAN device and a client digital certificate of the client device, to establish a secure connection with the WWAN device upon a successful authentication of the mutual authentication with the WWAN device. Moreover, the processor may be configured to issue, using the API, various commands to the WWAN device to monitor and manage the WWAN device.07-05-2012
20110010766System and Method for Policy Enforcement and Token State Monitoring - Systems and methods for monitoring the state of a token and communication exchanges between the token containing an embedded integrated circuit chip and a system are provided. Communications between the token and the system are established and the exchanged of commands and responses between the token and the system are monitored and evaluated for compliance with an identified policy. The identified policy contains lists of impermissible commands, responses and content, and delivery of the commands and responses is contingent upon compliance with the identified policy. The token is in communication with a token reader which communicates with the system using token reader driver software. Either the token reader driver software or the token itself is adapted to provide for the desired monitoring, evaluation and policy enforcement. Systems and methods are also provided that enforce policies at access points within a physical access system. The physical access system can be used in combination with tokens.01-13-2011
20110113481IP SECURITY CERTIFICATE EXCHANGE BASED ON CERTIFICATE ATTRIBUTES - Architecture that provides Internet Protocol security (IPsec) certificate exchange based on certificate attributes. An IPsec endpoint can validate the security context of another IPsec endpoint certificate by referencing certificate attributes. By facilitating IPsec certificate exchange using certificate attributes rather than solely certificate roots, it is now possible to build multiple isolated network zones using a single certificate authority rather than requiring one certificate authority per zone. Moreover, the ability to use certificate attributes during the IPsec certificate exchange can be leveraged for more focused communications such as QoS (quality of service). Certificate attributes can be utilized to identify the security context of the endpoint. The IPsec certificate use can be locked down to a single IP or group of IPs.05-12-2011
20110131643Token Mediation Service in a Data Management System - A method and system for mediating security tokens to authorization data transactions in a data management system. The methods and systems intercept a data request between two applications or services, and validate and translate a security token sent with the data request from a format compatible with the first application or service to a format compatible with the second application or service.06-02-2011
20100138907METHOD AND SYSTEM FOR GENERATING DIGITAL CERTIFICATES AND CERTIFICATE SIGNING REQUESTS - A certificate server is provided for issuing digital certificates to be used by a network resource and/or a client resource. The certificate server is configured to communicate with the network resource or the client resource to receive a certificate request. Upon receiving the certificate request, the certificate server may automate the process for authenticating the certificate request, validating the terms of the certificate request and digitally signing the certificate request. An authentication appliance may communicate with or be integrated within the certificate server. The certificate server includes a web service server, a certificate authority component, and a database that enable communication with either the network resource, client resource, or the authentication appliance to automate the administration process typically involved in receiving and signing a certificate request. The certificate authority component may sign the certificate request with a trusted root chain associated with the network resource.06-03-2010
20090172798WIRELESS DEVICE AUTHENTICATION USING DIGITAL CERTIFICATES - A method, information processing system, and wireless device provide authentication information to a network. The method includes determining that at least one authentication context (07-02-2009
20100071049A METHOD FOR IDENTIFYING A TASK AUTHORIZATION - In an ad hoc mesh network, roles are assignment to the different network nodes, for example mesh point or mesh portal. The invention envisages that a network node identifies the certification and thus the permitted roles of another network node before it sends a message to said other network node. This ensures that the roles maintain their integrity and the security in the network is enhanced.03-18-2010
20100064361SECURELY ROAMING DIGITAL IDENTITIES - A cryptographic session key is utilized to maintain security of a digital identity. The session key is valid only for a limited period of time. Additional security is provided via a bimodal credential allowing different levels of access to the digital identify. An identity token contains pertinent information associated with the digital identity. The identity token is encrypted utilizing public-key cryptography. An identifier utilized to verify the validity of the digital identity is encrypted with the cryptographic session key. The encrypted identity token and the encrypted identifier are provided to a service for example. The service decrypts the encrypted identity token utilizing public key cryptography, and decrypts, with the cryptographic session key obtained from the identity token, the encrypted identifier. If the identifier is determined to be valid, the transaction proceeds normally. If the identifier is determined to be invalid, the transaction is halted.03-11-2010
20100058454COLLECTING ANONYMOUS AND TRACEABLE TELEMETRY - Aspects of the subject matter described herein relate to collecting anonymous and traceable telemetry. In aspects, a telemetry source may obtain a certificate or other data from an escrow certificate issuer. The certificate includes information usable by a certificate collector to verify that the certificate is valid, but does not include information usable to identify the telemetry source to the telemetry collector.03-04-2010
20100100953PassThru for Client Authentication - This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.04-22-2010
20080320579Method and system for validating references - The present invention relates to enhanced workflow solutions for authors (e.g., researchers, scientists, and scholarly authors) and publishers (e.g., journals and professional and technical societies) in preparing documents in structured format for facilitating efficient and accurate validation of references cited or included in papers and other submissions for publication or for review. An author prepares a document containing a set of cited references using a formatting structure. A system includes a processor to process the document to extract embedded metadata associated with the set of cited references. The processor executes code associated with a reference validation software module and automatically recognizes the formatting structure and the embedded metadata. The processor automatically extracts the embedded metadata and compares the extracted metadata against an authority database to determine the validity of the set of cited references.12-25-2008
20090126001TECHNIQUES TO MANAGE SECURITY CERTIFICATES - Techniques to manage security certificates are described. An apparatus may comprise a certificate proxy server having a transceiver and a certificate manager module. The certificate manager module may be operative to register a digital identity certificate for a call terminal to perform authentication operations on behalf of the call terminal, and manage the digital identity certificate for the call terminal. Other embodiments are described and claimed.05-14-2009
20100333186TWO-WAY AUTHENTICATION USING A COMBINED CODE - An authentication process for a client and a target service to perform mutual authentication. A combined code is received that comprises a combined code hash of at least two sets of data from which an encoding scheme of the at least two sets of data can be determined. The two sets of data comprise a first set of data that includes a first hash of a public key associated with a certificate used to establish a secure channel with a target service, and a second set of data that includes a credential for authentication. The certificate can be validated with the first set of data included in the combined code. In response to a successful validation of the certificate, the credential from the second set of data can be provided to the target service for authentication.12-30-2010
20100031337METHODS AND SYSTEMS FOR DISTRIBUTED SECURITY PROCESSING - Methods and systems for processing information that is secured in transit between communicating computers utilizing a security protocol. In accordance with one embodiment of the present invention, processing with respect to the security protocol is performed by an intermediate network device located remotely from a secure data center, while maintaining the security of persistent credentials such as passwords and private cryptographic keys. The invention may be employed in conjunction with beneficial networking functions such as acceleration, traffic management and monitoring, content filtering, and the like, allowing such functions to be performed on secured traffic. The invention allows the remotely located network device to perform security protocol processing on behalf of a computer without having direct access to the persistent credentials of that computer, thereby improving overall system security.02-04-2010
20080271132Host Identity Protocol Method and Apparatus - A method is provided of at least partially securing communications between first and second hosts using the Host Identity Protocol, HIP, where the first host is not HIP enabled and the second host is HIP enabled. A persistent HIP identity is associated with the first host and maintained at a remote server. A public part of the persistent HIP identity is obtained from the remote server together with a certificate authorising a gateway node between the first and second hosts to use a temporary HIP identity associated with the first host in a subsequent negotiating step. A secure HIP connection is then negotiated between the gateway node and the second host using at least part of each of the persistent HIP identity, the temporary HIP identity and the certificate. A Host Identity Protocol, HIP, method is provided for use in a network in which a non-HIP-enabled host is communicating with a HIP-enabled host via a plurality of gateway nodes in turn, comprising using a persistent HIP identity for the first host, maintained at a remote server, for each such gateway node used.10-30-2008
20120011580INFORMATION PROCESSING APPARATUS, VERIFICATION SYSTEM, CONTROL METHOD OF VERIFICATION SYSTEM, PROGRAM OF CONTROL METHOD OF VERIFICATION SYSTEM, AND STORAGE MEDIUM - An information processing apparatus employing user access authorization management verifies user access authorization using a portable storage medium storing identification (ID) information for the portable storage medium and user verification information registered in the information processing apparatus while including the portable storage medium ID as verified ID information for the portable storage medium. The information processing apparatus includes a processor to conduct generating ticket information including read portable storage medium ID; transmitting the generated ticket information to a designated issuee; receiving a request to update the ID information for the portable storage medium; obtaining the generated ticket information and the ID information for a new portable storage medium; verifying authenticity of the obtained ticket information; and updating the portable storage medium ID, included in the user verification information registered, with the ID information for the new portable storage medium when the authenticity of the obtained ticket information is verified.01-12-2012
20090178129SELECTIVE AUTHORIZATION BASED ON AUTHENTICATION INPUT ATTRIBUTES - Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input.07-09-2009
20120317633System and method to control display of a realm name - A method for dynamically assigning a displayable realm name begins upon receipt of an authentication request to an application, such as a web application, being executed by an application server. In response, a determination is made whether an application realm name has been set in a configuration file associated with the application. If not, a custom display property is then evaluated. If the custom display property is set true, a realm name associated with an active authentication mechanism is retrieved and provided for display in an authentication panel. If the custom display property is set false, a default string is provided for display in the authentication panel. In this manner, an application server administrator can control what realm name is displayed to an end user in the event an application developer has not specified the realm name in the application configuration.12-13-2012
20120137355Methods for Accessing Content Based on a Session Ticket - A method for accessing content stored on a memory device is provided. In this method, a request to access the content is transmitted and a session ticket is received. The session ticket includes a parameter used to decrypt the content and the session ticket is generated based on a variable that is configured to change at a session. The content may be accessed based on the session ticket.05-31-2012
20120137354APPARATUS, SYSTEM, AND METHOD OF MANAGING OBJECT TO BE ACCESSED, AND RECORDING MEDIUM STORING PROGRAM FOR MANAGING OBJECT TO BE ACCESSED - An access object management system manages an object in a transmission system, which is allowed for access by a terminal in the transmission system, based on whether access by the terminal is restricted. The access object management system allows the terminal to access a part of the transmission system even when access by the terminal is restricted.05-31-2012
20120260330USER AUTHENTICATION FOR INTERMEDIATE REPRESENTATIONAL STATE TRANSFER (REST) CLIENT VIA CERTIFICATE AUTHORITY - The present description refers to a computer implemented method, computer program product, and computer system for receiving a resource request at a representational state transfer (REST) client from a user, the resource request including a user ID, determining, by the REST client, a key pair including a public key and a corresponding private key that are associated with the user ID, obtaining, by the REST client, a certificate associated with the user ID that is signed by a certificate authority and based on at least the user ID and the public key associated with the user ID, impersonating, by the REST client, the user to a REST server using the certificate and the private key associated with the user ID, and accessing, by the REST client on behalf of the user, using a stateless protocol with the REST server, the requested resource.10-11-2012
20080301793APPARATUS AND METHOD OF VERIFYING ONLINE CERTIFICATE FOR OFFLINE DEVICE - An apparatus and a method are provided for verifying an online certificate for an offline device. The apparatus includes a nonce generation unit which generates a nonce and a certificate verification request message that requests verification of a certificate on a target online device subject to authentication, wherein the certificate verification request message includes the generated nonce; a transmitting and receiving unit which transmits the certificate verification request to an online device and receives an online certificate status protocol (OCSP) response message from the online device; and a certificate verification result determination unit which extracts a nonce from the OCSP response and compares the extracted nonce with the nonce generated by the nonce generation unit to determine whether the OCSP response is reliable.12-04-2008
20120240212SYSTEMS AND METHODS FOR GENERATING MODULAR SECURITY DELEGATES FOR APPLICATIONS - Embodiments of the present teachings relate to systems and methods for generating modular security delegates for application instances, including, for example, applications usable on physical machines, virtualized environments, in the cloud, etc. According to embodiments, in a multiple network environment, multiple machines (or clients) can be configured, each having a defined security level. Each machine can include a plurality of application instances and corresponding security delegates for various defined security levels. For example, the defined security levels can be based on various authentication mechanisms, including, Kerberos, NT Lan Manager (NTLM) authentication protocol, secure sockets layer/transport security layer (SSL/TSL), token authentication, virtual private network (VPN), remote access security (RAS), digest authentication, etc.09-20-2012
20120331540Authentication and authorization method for tasking in profile-based data collection - An apparatus and a new method of authentication and authorization of tasking requests to data collection agents on wireless devices directly makes use of public key cryptography, rather than depending on domain-name-based authenticated using the standard HTTPS chain-of-trust: A set of digital credentials is stored in the device's secure credential store. These credentials include at least one “supertasking authority” credential, as well as one or more normal “tasking authority” credentials. Profiles are only accepted by the agent if they are signed by a trusted tasking authority credential. Supertasking authority credentials thus serve as credential authorities (CAs) for tasking authority credentials.12-27-2012
20100229233SYSTEMS AND METHODS OF MODIFYING SYSTEM RESOURCES - A method for modifying one or more system resources is provided. One or more licenses for modifying one or more system resources on a client device can be acquired. An authenticator can be generated and stored on a remote server. The authenticator can be transferred to the client device. The client device can be connected to the remote server and the remote server can authenticate the client device via the authenticator. The remote server can confirm the availability of one or more licenses, and based on the availability of one or more licenses, modify one or more system resources disposed in, on, or about the client device. After modifying the one or more system resources the remote server can decrement the remaining license count.09-09-2010
20100199342SYSTEM AND METHOD FOR GENERATING A DIGITAL CERTIFICATE - A system and method for generating a digital certificate is provided wherein a new digital record is received and is assigned a sequence value. A first composite digital value is generated by applying a first deterministic function to the digital records stored in a repository. The sequence value and first composite digital value are included in a first certificate. After the digital record is added to the repository, a second composite digital value is generated by applying a second deterministic function to the digital records in the repository. This second composite digital value, and a composite sequence value, are published. An interval digital value which is based upon the first and second composite digital values, and the sequence value, are included in a second certificate which thus verifies the authenticity and sequence value of the digital record.08-05-2010
20100132025COMMUNICATION APPARATUS, COMMUNICATION SYSTEM, CERTIFICATE TRANSMISSION METHOD, ANOMALY DETECTION METHOD AND A PROGRAM THEREFOR - A communication apparatus has a communication part and authenticates a communication partner by using a digital certificate. The communication apparatus includes an authentication part carrying out authentication of the communication partner by using a common certificate. The common certificate is a digital certificate not including identification information of an apparatus. An individualized certificate transmission part acquires, in the case the authentication by the authentication part has been made successfully, an individualized certificate and transmits the individualized certificate to the communication partner. The individualized certificate is a digital certificate including identification information of the communication partner.05-27-2010
20120151570 SYSTEM FOR AND METHOD OF AUTHENTICATING MEDIA MANAGER AND OBTAINING A DIGITAL TRANSMISSION CONTENT PROTECTION (DTCP) CERTIFICATE - A system for and method of authenticating a media manager and obtaining DTCP certificates is presented. The system and method may include receiving a request for digital transmission content protection certificate provided by a user of a content provider, verifying user information associated with the user of the content provider, providing the request for digital transmission content protection certificate to a digital transmission content protection certificate system, and receiving a digital transmission content protection certificate.06-14-2012
20130097690SECURITY AND SUPPORT FOR FLEXIBLE CONFERENCING TOPOLOGIES SPANNING PROXIES, FIREWALLS AND GATEWAYS - A method and system for setting up and managing secure data/audio/video conferences with a wide range of topologies is described. The disclosed method and system allow extending the range of topologies possible with the H.323 conferencing standards while overcoming T.120 negotiating constraints. Security in such conferences may be based on a trusted node system or on more complex security procedures. Furthermore, the taught conference topologies fully utilize the T.120 standards while also permitting the reach of the conferences to the extent enabled by the H.323 standards by implementing additional modules to manage the setting up and tearing down of one or more conference connections. In addition, the method and system allow for dynamically adjusting conference connections to improve bandwidth usage and utilize H.323 support for gatekeepers.04-18-2013
20130125229Theft prevention of media peripherals in a media exchange network - Systems and methods of theft prevention of communication devices are provided. In one embodiment, the method may include, for example, one or more of the following: registering a communication device being used at a home, where the device is connected to a communication network; entering validation information relating to the communication device; and analyzing the validation information to determine whether the communication device is authorized for use in the communication network.05-16-2013
20110225643SECURE DYNAMIC AUTHORITY DELEGATION - In a communication network wherein a first computing device represents a resource owner and a second computing device represents a resource requestor, the resource owner detects an occurrence of an event, wherein the event occurrence represents a request to access one or more resources of the resource owner stored in a resource residence. The resource owner sends an authorization token to the resource requestor in response to the event occurrence, the authorization token serving as a proof of authorization delegated by the resource owner to be presented by the resource requestor to the resource residence so as to permit the resource requestor to access the one or more requested resources stored in the resource residence.09-15-2011
20110239287METHOD FOR SHARING CONTENT - Disclosed is a method of sharing content. According to the content sharing method, content is received from a service provider using a receive device. A content protection solution supported in a target device is detected. The content is converted so that it is compatible with a content protection solution supported in any one of the target device and the receive device on the basis of the detected content protection solution. The receive device can include a security solution level, indicating a security characteristic of the receive device, in a certificate of the receive device. Accordingly, content transmitted from a service provider using a receive device can be shared efficiently by redistributing the content in such a way as to be compatible with a security solution of a home device.09-29-2011
20130198828APPLICATION-ACCESS AUTHENTICATION AGENT - In response to requests from a manager to the agents for connections to the applications executing, the agents authenticate the manager. In response to the authenticating, the agents establish connections to the applications. In response to the establishing of connections, the agents provide the connections to the manager.08-01-2013
20080320578METHODS AND APPARATUS FOR DYNAMIC SUBSCRIPTION BINDING - A method for dynamic management of subscription based data for a fielded system utilizing a remote computer system is described. The method comprises providing unique identification data for the fielded system to the remote computer system, receiving user identification data at the remote computer system, and determining, at the remote computer system, from at least one of the unique fielded system identification data and the user identification data, if the fielded system is bound to a set of subscription based data, or if the fielded system is available to be bound to a set of subscription based data.12-25-2008
20130212667METHOD AND APPLIANCE FOR AUTHENTICATING, BY AN APPLIANCE, A CLIENT TO ACCESS A VIRTUAL PRIVATE NETWORK CONNECTION, BASED ON AN ATTRIBUTE OF A CLIENT-SIDE CERTIFICATE - In a method and appliance for authenticating, by an appliance, a client to access a virtual network connection, based on an attribute of a client-side certificate, a client authentication certificate is requested from a client. A value of at least one field in the client authentication certificate received from the client is identified. One of a plurality of types of access is assigned responsive to an application of a policy to the identified value of the at least one field, each of the plurality of access types associated with at least one connection characteristic.08-15-2013

Patent applications in class Tickets (e.g., Kerberos or certificates, etc.)