Patent application number | Description | Published |
20100144314 | Verification Methods And Apparatus For Use In Providing Application Services To Mobile Communication Devices - A mobile communication device operates in a wireless communication network with use of a communication service provided by a service provider (e.g. a wireless carrier for voice telephony, or data service provider for data synchronization). An application server receives, via the wireless network, a message from the mobile device. The message has a field for inclusion of a token having a digital signature corresponding to the service provider. The application server performs token validation of the message, which includes a verification step for verifying the digital signature of the token with a public key corresponding to the service provider. The application server then grants or denies access to an application service depending on the outcome of the token validation. In one embodiment, the application service is an e-commerce transaction service, wherein a proof-of-work (POW) test (e.g. a Captcha test) otherwise utilized for the service is bypassed or excluded. | 06-10-2010 |
20100223471 | Cookie Verification Methods And Apparatus For Use In Providing Application Services To Communication Devices - In one illustrative example, a method in a communication device adapted for communications using Hypertext Transport Protocol (HTTP) involves setting, at the communication device, an HTTP cookie which includes a user identification of a user of the communication device and a message portion which is signed with a digital signature of the user. The communication device sends, to an application server site via the communication network, a request message which includes the HTTP cookie. If verification of the digital signature at the application server site is successful, the communication device will receive access to an application service of the application server site. In one variation, the HTTP cookie is alternatively set with a group identification of a group with which the user is associated, and the message portion is signed with a digital signature of the group. The group may be a plurality of users associated with a service provider which provides the communication device access to a communication service in the communication network. In this case, the HTTP cookie may be set with a token retrieved from the service provider, where the token includes the digital signature of the service provider. | 09-02-2010 |
20120003988 | Method and Apparatus for Sharing Information from a Communication Device - Provided is a method and apparatus for sharing information from a communication device. The communication device is to send first information to a first apparatus and second information to a second apparatus. In accordance with an embodiment of the application, the communication device combines the first information and the second information in a single message and then sends the message to a network node. In accordance with another embodiment of the application, the network node separates the first information from the second information and sends the first information and the second information to the first apparatus and the second apparatus, respectively. Note that the communication device did not have to send separate messages to the apparatuses and therefore there is a reduction in number of messages sent by the communication device. This reduction has an effect of reducing network utilization by the communication device. | 01-05-2012 |
20130144788 | Verification Methods And Apparatus For Use In Providing Application Services To Mobile Communication Devices - A technique in a mobile device which is configured to communicate in a wireless network with use of a communication service provided by a service provider is described. The mobile device is configured to access via the wireless network a server for execution of an e-commerce transaction. The server is configured to administer a proof-of-work test in order to allow completion of the e-commerce transaction. The mobile device receives via the wireless network a token from a token server. The token is digitally signed by the service provider with a digital signature thereof. The mobile device sends via the wireless network a message to the server, and this message includes the token. When token validation of the message at the server is successful, the mobile device completes the e-commerce transaction with the server without performing the proof-of-work test, which is bypassed for the mobile device. | 06-06-2013 |
Patent application number | Description | Published |
20090161876 | METHODS AND SYSTEMS FOR SECURE CHANNEL INITIALIZATION TRANSACTION SECURITY BASED ON A LOW ENTROPY SHARED SECRET - Methods and systems for secure channel initialization transaction security between a client network element and a server network element are disclosed. In accordance with one embodiment of the present disclosure, the method includes: choosing a random client ephemeral private key at a client network element; utilizing the client ephemeral private key and the shared secret to create a client ephemeral public key at the client network element; forwarding the client ephemeral public key in a channel initialization request to a server network element; selecting a random server ephemeral private key at the server network element; using the server ephemeral private key and the shared secret to create a server ephemeral public key at the server network element; creating a high entropy shared secret based on the client ephemeral public key and the server ephemeral private key; creating a message authentication code ‘MAC’ and encrypting a payload with the high-entropy shared secret; sending the encrypted payload and the server ephemeral public key to the client network element; utilizing the server ephemeral public key and the client ephemeral private key to derive the high-entropy shared secret; and decrypting the payload and verifying the MAC with the high-entropy shared secret. | 06-25-2009 |
20090164774 | METHODS AND SYSTEMS FOR SECURE CHANNEL INITIALIZATION - Methods and systems for secure channel initialization between a client network element and a server network element are disclosed. In accordance with one embodiment of the present disclosure, the method includes: sending a secure channel initialization request from the client network element to the server network element; receiving the secure channel initialization request at the server network element; creating a server credential and a client credential at the server network element; and sending a secure channel initialization response from the server network element to the client network element, the secure channel initialization response including the server credential and the client credential, wherein said server credential and said client credential are used to establish a secure session. | 06-25-2009 |
20090222903 | SYSTEM AND METHOD FOR SHARED RESOURCE OWNER BASED ACCESS CONTROL - Method and system for controlling application access to a shared resource in a runtime environment. The shared resource is owned by a remote resource owner. An access control ticket including a permission for the shared resource, a cryptographically verifiable remote resource owner identifier and a cryptographically verifiable application owner identifier are generated. The access control ticket is approved and signed by the remote resource owner, and transmitted to the runtime environment. The application, when executed in the runtime environment, accesses the resource based on the permission. | 09-03-2009 |
20090282255 | Bundle Verification - Systems, devices, and methods for modifying a signed bundle and verifying the modified bundle are disclosed. A signed bundle may be modified by removing a file specified in a server file list from a plurality of files in the bundle. The signed bundle comprises a catalog of files in the signed bundle and their associated hashes. The modified bundle includes the remaining files of the signed bundle that are not specified in the server file list and the catalog file of the signed bundle, the catalog signature of the signed bundle. The modified bundle may be verified by verifying the catalog signature of the modified signed bundle, and checking that the files specified in the catalog are either in the modified signed bundle or specified in the server file list. The hashes of the files in the modified signed bundle may also be checked to verify the modified signed bundle. | 11-12-2009 |
Patent application number | Description | Published |
20120072824 | CONTENT ACQUISITION DOCUMENTS, METHODS, AND SYSTEMS - A method can extract content of interest from a structured electronic document with an electronic device having a processor, an input device, and a display device. The method includes receiving through the input device an indication of a plurality of content elements within a first structured electronic document; determining with the processor a portion of the first structured electronic document associated with each indicated content element; and forming with the processor a common expression based on the determined portions, the common expression being common to all of the determined portions, wherein when the common expression is applied to a second structured electronic document, another content element is extracted from the second structured electronic document. | 03-22-2012 |
20120072825 | METHODS AND SYSTEMS FOR IDENTIFYING CONTENT ELEMENTS - A method of identifying content of interest in a structured electronic document by an electronic device having a processor, an input device, and a display device, includes rendering a structured electronic document to the display device; receiving through the input device at least two separate indications of content elements within the rendered structured electronic document; and identifying with the processor a common characteristic of the indicated content elements, and identifying any further content element within the rendered structured electronic document sharing the common characteristic with the indicated content elements. | 03-22-2012 |
20120072826 | METHODS AND SYSTEMS OF OUTPUTTING CONTENT OF INTEREST - A method can output content of interest of a structured electronic document from a computer or distributed computer system having a processor and memory. The method includes loading a common expression and a data structure definition into memory, the common expression identifying a content element in a first structured electronic document, the data structure definition defined according to the common expression; creating in memory an instance of a data structure defined by the data structure definition; applying with the processor the common expression to a second structured electronic document to extract a content element from the second structured electronic document; storing the extracted content element in the instance of the data structure; and populating a template structured electronic document using the instance of the data structure to produce an output structured electronic document. | 03-22-2012 |
20120137121 | METHOD AND DEVICE FOR STORING SECURED SENT MESSAGE DATA - Methods and devices for storing sent message data are described. The sent message data corresponds to a message sent to a destination by a communication device via a server. The method includes compiling a first portion of the message which has a plurality of components; applying security encoding to the first portion; and storing the first portion. The first portion includes at least one but not all of the plurality of components in the message, and pointers to the components not included in the first portion. | 05-31-2012 |
Patent application number | Description | Published |
20120110097 | Forwarding E-Mail Message Attachments From a Wireless Device - A system and method of forwarding an e-mail from a wireless device is provided. The wireless device receives the e-mail message in portions as needed, the portions having the attachments contained therein. The portions of the e-mail message containing only a subset of attachments associated with the e-mail message in the user mailbox. When a wireless device forwards the e-mail message to one or more recipients a message identifier and an attachment indicator is provided for identifying the number of attachments in the e-mail message to be forwarded. The identified e-mail message is retrieved and the attachments are extracted from the retrieved e-mail message based on the attachment indicator. The e-mail message is forwarded to the one or more recipients and the extracted attachments. | 05-03-2012 |
20120128156 | CROSS-COMPONENT CRYPTOGRAPHIC MESSAGE SYNTAX MESSAGE CONSTRUCTION - Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for confidentiality or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver's end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, construct a cryptographic message syntax message. | 05-24-2012 |
20120131346 | SECURING PRIVATE KEY ACCESS FOR CROSS-COMPONENT MESSAGE PROCESSING - Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for secrecy or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver's end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, sign the composite message. Since signing the composite message involves access to a private key, access to that private key is secured such that such access to the private key can only be arranged responsive to an explicit request for a hash that is to be signed using the private key. | 05-24-2012 |
20120140927 | CROSS-COMPONENT MESSAGE ENCRYPTION - Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for secrecy or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver's end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, encrypt and sign the composite message. Conveniently, security considerations are maintained even in view of bandwidth optimization measures. | 06-07-2012 |
20120233252 | HANDLING RECEIPTS IN CROSS COMPONENT MESSAGE PROCESSING - By automatically obtaining the entirety of a received message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, sign the composite message. In both the above contexts, handling message receipts when message processing ahead of message transmission involved more than one component may be facilitated by storing appropriate expected receipt content during the message processing, either on the device or the server. Validation of the receipt can then be accomplished through use of the stored expected receipt content in a manner that retains the benefits of message processing ahead of message transmission that involves more than one component. | 09-13-2012 |
20120246482 | BUNDLE VERIFICATION - Systems, devices, and methods for modifying a signed bundle and verifying the modified bundle are disclosed. A signed bundle may be modified by removing a file specified in a server file list from a plurality of files in the bundle. The signed bundle comprises a catalog of files in the signed bundle and their associated hashes. The modified bundle includes the remaining files of the signed bundle that are not specified in the server file list and the catalog file of the signed bundle, the catalog signature of the signed bundle. The modified bundle may be verified by verifying the catalog signature of the modified signed bundle, and checking that the files specified in the catalog are either in the modified signed bundle or specified in the server file list. The hashes of the files in the modified signed bundle may also be checked to verify the modified signed bundle. | 09-27-2012 |
20120260097 | SYSTEM AND METHOD OF SIGNING A MESSAGE - A system and method of signing a message to be sent from a first communication device to a destination via a second communication device. The message includes a first portion on the first communication device and a second portion on the second communication device. The method includes receiving at the second communication device the first portion of the message and a first signature for the first portion from the first communication device; combining the first portion and the second portion to form the message; obtaining a second signature for the message; and sending the first signature, the second signature and the message from the second communication device to the destination. | 10-11-2012 |
20120278620 | Forwarding E-Mail From A Wireless Device - A system and method of sending an e-mail message associated with a wireless device is provided. A request to forward or reply to an original e-mail message is sent from the wireless device to a server. The request contains one or more recipients and includes a message identifier of an original e-mail message. A portion indicator is provided for retrieving portions of the original e-mail message identified by the message identifier. An e-mail message is sent to the one or more recipients comprising any added user text and the one or more retrieved portions of the original e-mail message such that text of the original message that the user may not be aware is not forwarded to new recipients. | 11-01-2012 |
20130073856 | ASSISTED CERTIFICATE ENROLLMENT - A certificate enrollment assistant module may be provided to inject a challenge password into a certificate signing request to be sent, to a Certificate Authority, from a computing device. The certificate enrollment assistant module, thereby, acts as a trusted proxy to assist the computing device in building a valid certificate signing request without the computing device having access to the challenge password. | 03-21-2013 |
20130311779 | ASSISTED CERTIFICATE ENROLLMENT - A certificate enrolment assistant module may be provided to inject a challenge password into a certificate signing request to be sent, to a Certificate Authority, from a computing device. The certificate enrolment assistant module, thereby, acts as a trusted proxy to assist the computing device in building a valid certificate signing request without the computing device having access to the challenge password. | 11-21-2013 |
20130326614 | SYSTEM AND METHOD FOR CONTROLLING ACCESS TO SECURE RESOURCES - A system and method for controlling access to a secure resource in a device are disclosed. In some embodiments, the device may include a processor capable of receiving a first request from a first application of a plurality of applications executable by the processor, where the first request requests access to the secure resource, and the first request identifies the plurality of applications. In response to the first request, the processor is capable of generating a ticket associated with the secure resource and with each of the plurality of applications, and then storing the ticket in a memory. After receiving a second request from a second application requesting access to the secure resource, the processor is capable of granting the second application access to the secure resource, if the ticket associated with the secure resource exists and if the ticket is associated with the second application. | 12-05-2013 |
20140013121 | METHOD AND DEVICE FOR STORING SECURED SENT MESSAGE DATA - Methods and devices for storing sent message data are described. The sent message data corresponds to a message sent to a destination by a communication device via a server. The method includes compiling a first portion of the message which has a plurality of components; applying security encoding to the first portion; and storing the first portion. The first portion includes at least one but not all of the plurality of components in the message, and pointers to the components not included in the first portion. A method of verifying sent message data on a communication device is also described. | 01-09-2014 |
20140089785 | METHODS AND SYSTEMS OF OUTPUTTING CONTENT OF INTEREST - A method can output content of interest of a structured electronic document from a computer or distributed computer system having a processor and memory. The method includes loading a common expression and a data structure definition into memory, the common expression identifying a content element in a first structured electronic document, the data structure definition defined according to the common expression; creating in memory an instance of a data structure defined by the data structure definition; applying with the processor the common expression to a second structured electronic document to extract a content element from the second structured electronic document; storing the extracted content element in the instance of the data structure; and populating a template structured electronic document using the instance of the data structure to produce an output structured electronic document. | 03-27-2014 |
20140136834 | HTTP Layer Countermeasures Against Blockwise Chosen Boundary Attack - A client application, when executed by a processor, is operative to create a HyperText Transfer Protocol (HTTP) request containing a target header that includes a confidential value. The HTTP request is to be sent over a Secure Sockets Layer (SSL) 3.0 connection or a Transport Layer Security (TLS) 1.0 connection to a web server. The client application implements at its HTTP layer a countermeasure to a blockwise chosen-boundary attack. The client application generates an additional header having a header name that is not recognizable by the web server and inserts the additional header into the HTTP request ahead of the target header, thus creating a modified HTTP request. The modified HTTP request is to be sent, instead of the unmodified HTTP request, over the SSL 3.0 connection or the TLS 1.0 connection to the web server. | 05-15-2014 |
20140258722 | Forwarding E-Mail From A Wireless Device - A system and method of sending an e-mail message associated with a wireless device is provided. A request to forward or reply to an original e-mail message is sent from the wireless device to a server. The request contains one or more recipients and includes a message identifier of an original e-mail message. A portion indicator is provided for retrieving portions of the original e-mail message identified by the message identifier. An e-mail message is sent to the one or more recipients comprising any added user text and the one or more retrieved portions of the original e-mail message such that text of the original message that the user may not be aware is not forwarded to new recipients. | 09-11-2014 |
20140359750 | Associating Distinct Security Modes with Distinct Wireless Authenticators - In some aspects, a first device detects information encoded in a wireless authenticator device based on a wireless interaction between the first device and the wireless authenticator device. The first device detects the information while securing resources on the first device according to a first security mode. Based on the detected information, the first device selects a second security mode associated with the wireless authenticator device. The first device then applies the selected second security mode. The selected second security mode is one of multiple distinct security modes. Each of the multiple distinct security modes is associated with a respective one of multiple wireless authenticator devices and defines accessibility attributes of the resources on the first device. | 12-04-2014 |