| Entries |
| Document | Title | Date |
|---|
| 20080244269 | Data processing system, memory device, data processing unit, and data processing method and program - To provide an improved management structure of memory devices storing service-use applications. A card for a memory device applied to use various services is provided as one child card or more corresponding to each of the services, a parent card stores data for child-card issue management, and the child-card issue processing is executed based on the parent card, such as parent card authentication. An issue certificate having a parent-card digital signature is stored in the child card, the issue certificate contains a service code and a child-card identification, and thus it becomes possible to confirm a service set in the child card based on the issue certificate as the parent-card signature data. | 10-02-2008 |
| 20080276092 | Method for Authentication of Sensor Data, and an Associated Sensor - A method for authentication of sensor data (D) which is interchanged between at least one sensor (S | 11-06-2008 |
| 20080307226 | Verifying authenticity of e-mail messages - A certificate registry system configured to issue authentication certificates to each one of a plurality of information providers and to maintain a root certificate corresponding to all of the authentication certificates, wherein each one of the authentication certificates links respective authentication information thereof to identification information of a corresponding one of the information providers, wherein each one of the authentication certificates is devoid of linkage between the corresponding one of the information providers and e-mail address information thereof, and wherein the authentication certificates of the certificate registry are associated in a manner at least partially dependent upon at least one of a particular type of information that the information providers provide, a particular organization that the information providers are associated with, a particular type profession in which the information providers are engaged and a particular geographical region in which the information providers are located. | 12-11-2008 |
| 20090019285 | Establishing a Trust Relationship Between Computing Entities - A first computing entity provides evidence to a second computing entity to demonstrate that the first computing entity has a trusted configuration specification that is one of a set of such specifications agreed between the computing entities. This evidence comprises a computed commitment, made using (but not revealing) the configuration specification of the first computing entity, and a ring signature generated using a plurality of keys where each such key is generated using the commitment and one of the trusted configuration specifications. The second computing entity verifies the ring signature in order to convince itself that the configuration specification of the first computing entity is in the set. | 01-15-2009 |
| 20090024849 | Information acquisition device, information acquisition method, and information acquisition program - Conventionally, before reading content from a recording medium, a drive device and a playback device that plays back content perform device authentication, in order to verify whether the playback device is authorized or not. Once the playback device has been verified as authorized, the playback device is permitted to read any content stored on the recording medium. In view of this, a reading device is provided that limits a type of content acquirable by the playback device by permitting the playback device to read content which satisfies a specific condition and prohibiting the playback device to read other content. | 01-22-2009 |
| 20090024850 | USER CONTROLLED ANONYMITY WHEN EVALUATING INTO A ROLE - A method, system, and program for user controlled anonymity when evaluating into a role are provided. An anonymous authentication controller enables a user to control anonymity of the user's identity for role based network accesses to resources, without requiring reliance on any single third party to maintain user anonymity. First, a role authentication certificate is received from a role authenticator, wherein the role authentication certificate certifies that the holder of the role authentication certificate is a member of a particular role without allowing the role authenticator issuing the role authentication certificate the ability to track an identity of a user holding the role authentication certificate. Next, an anonymous channel is established for anonymously presenting the role authentication certificate to a resource protector, wherein the resource protector requires the user to authenticate into the particular role to access a resource, wherein the role authentication certificate authenticates the user into the particular role without enabling the resource protector to ascertain the identity of the user, such that the user is in control of maintaining user anonymity for authenticated role-based accesses. | 01-22-2009 |
| 20090037738 | Digital certificates - A method for producing a certificate, the certificate including data, the method including choosing a seed s, the seed s including a result of applying a function H to the data, generating a key pair (E,D), such that E=F(s,t), F being a publicly known function, and including s and t in the certificate. Related methods, and certificates produced by the various methods, are also described. | 02-05-2009 |
| 20090077383 | SYSTEM AND METHOD FOR AUTHENTICATION, DATA TRANSFER, AND PROTECTION AGAINST PHISHING - Methods and systems for secure electronic data communication over public communication networks. A secure data communication component may be utilized to implement a communication protocol. New versions of the data communication component may be generated, with each version containing a different communication protocol. Source code of the data communication component may be modified using a polymorph engine to create a functionally-equivalent component having a different code structure. An anti-phishing component may intercept a link in an electronic communication activated by a user, analyze the link and the electronic communication, determine a phishing risk to the user posed by the link, and direct the user to a location indicated by the link or redirect the user to a valid location. A server authentication component may detect and prevent DNS attacks, injections, and defacing activities. | 03-19-2009 |
| 20090077384 | Accelerated signature verification on an elliptic curve - A public key encryption system exchanges information between a pair of correspondents. The recipient performs computations on the received data to recover the transmitted data or verify the identity of the sender. The data transferred includes supplementary information that relates to intermediate steps in the computations performed by the recipient. | 03-19-2009 |
| 20090100266 | SERVICE PROVISION SYSTEM AND COMMUNICATION TERMINAL - A first memory unit is arranged outside a block that is under security control. The block includes: a second memory unit; an acquisition unit for acquiring biological information on a living body from a captured image of a location of the living body; an encryption unit for encrypting attribute information with an encryption key; a registration unit for registering encrypted attribute information encrypted by the encryption unit into the first memory unit, and registering the biological information and the encryption key into the second memory unit; and a presentation unit for decrypting the encrypted attribute information with the encryption key and presenting the attribute information decrypted to the service provision server if the biological information registered in the second memory unit and biological information acquired by the acquisition unit coincide with each other. | 04-16-2009 |
| 20090125721 | DATA COMMUNICATION METHOD, COMPUTER AND INFORMATION STORING MEDIUM - A computer including at least two processors is used to preferably perform a secure data communication. Data containing a processor ID identifying one of the at least two processors provided for a first computer (computer | 05-14-2009 |
| 20090132824 | Original, data circulation method, system, apparatus, and computer readable medium - An original data circulation system for storing or circulating original data which is digital information is provided. The original data circulation system includes an issuer apparatus, a user apparatus and a collector apparatus. The issuer apparatus generates originality information including first information corresponding to the issuer apparatus and second information corresponding to data and sends the originality information. The user apparatus verifies the validity of the source apparatus of the originality information and stores the originality information when the validity is verified. The collector apparatus verifies the validity of the source apparatus of the originality information and processes data corresponding to the second information when the validity is verified. | 05-21-2009 |
| 20090144551 | Period Keys - A method for securing encryption keys is described, the method including providing a first device and a second device, the first device including first secure hardware and first insecure hardware, and the second device including second secure hardware and second insecure hardware, generating in the first secure hardware at least two period keys, the at least two period keys stored in the first secure hardware, generating in the first secure hardware a plurality of session keys, the session keys being stored in either the first secure hardware or the first insecure hardware, encrypting at least one of the plurality of session keys generated in the first device according to a first of the two period keys included in the first secure hardware, encrypting at least one of the plurality of session keys generated in the first device according to a second of the two period keys included in the first secure hardware, generating in the second secure hardware at least two period keys, the at least two period keys stored in the second secure hardware, generating in the second secure hardware a plurality of session keys, the session keys being stored in either the second secure hardware or the second insecure hardware, encrypting at least one of the plurality of session keys generated in the second device according to a first of the two period keys included in the second secure hardware, encrypting at least one of the plurality of session keys generated in the second device according to a second of the two period keys included in the second secure hardware, at a time when a session is established between the first device and the second device, decrypting one encrypted session key in the first device and decrypting one encrypted session key in the second device, and establishing an encrypted session between first device and the second device, the encrypted session being encrypted according to the one decrypted session key included in the first device and the one decrypted session key included in the second device, wherein the at least two period keys included in the first device and the at least two period keys included in the second device are periodically regenerated in order to produce new period keys, thereby rendering useless any session keys encrypted according to an old period key. | 06-04-2009 |
| 20090150675 | SECURE MESSAGE FORWARDING SYSTEM DETECTING USER'S PREFERENCES INCLUDING SECURITY PREFERENCES - A system and method for providing secure message services. The system includes a forwarding service to receive message for delivery to a recipient. The system checks for preferences for delivery of the message content including encryption preferences and notifies the recipient or delivers the message according to the encryption preferences. The system includes an interoperability engine to determine delivery preferences including security preferences, the security preferences indicating a security protocol by which the message can be securely delivered to the recipient. | 06-11-2009 |
| 20090164788 | EFFICIENT GENERATION METHOD OF AUTHORIZATION KEY FOR MOBILE COMMUNICATION - The present invention relates to a method of generating an authorization key for a wireless communication system. In the wireless communication system, when an authorization key is generated after authentication between a subscriber station and base station is successfully performed, the authorization key is generated using a value indicating the number of generation times of the authorization key. Subsequently, the subscriber station and the base station confirm through a predetermined procedure whether or not they share the same authorization key and the same number of generation times of the authorization key. According to such a method of generating an authorization key, an authentication function for messages to be transmitted and received between the subscriber station and the base station can be efficiently supported. Further, replay attacks by malignant users can be powerfully protected against. | 06-25-2009 |
| 20090193254 | ANCHOR POINT-BASED DIGITAL CONTENT PROTECTION - Digital content protection can be effectively implemented through use of an anchor point and binding records in a user domain. An anchor point domain may include a secure anchor point, and data storage to store digital property instances and rights objects. The secure anchor point may be configured to receive a title pre-key from the rights object and use a binding key to decrypt the title pre-key to yield a title key. The binding key may include data uniquely associating the encrypted digital property instance with the secure anchor point. | 07-30-2009 |
| 20090199007 | PROVIDING CERTIFICATE MATCHING IN A SYSTEM AND METHOD FOR SEARCHING AND RETRIEVING CERTIFICATES - A system and method for searching and retrieving certificates, which may be used in the processing of encoded messages. In one broad aspect, certificate identification data that uniquely identifies a certificate associated with a message is generated. The certificate identification data can then be used to determine whether the certificate is stored on a computing device. Only the certificate identification data is needed to facilitate the determination alleviating the need for a user to download the entire message to the computing device in order to make the determination. | 08-06-2009 |
| 20090210712 | METHOD FOR SERVER-SIDE DETECTION OF MAN-IN-THE-MIDDLE ATTACKS - Problem The combination of a tendency towards permissivity when verifying certificate authenticity and the use of in-band client authentication opens up an opportunity for attackers to mount man-in-the-middle attacks on SSL connections. | 08-20-2009 |
| 20090217047 | SERVICE PROVIDING SYSTEM, SERVICE PROVIDING SERVER AND INFORMATION TERMINAL DEVICE - A service providing system is provided, which includes a client device capable of accessing a tamper-resistant secure memory, an area management server managing memory area of the secure memory and a service providing server providing service that uses the secure memory to the client device, and which improves the security at the time of sending an access control list provided by the area management server and an instruction set provided by the service providing server to the client device by using a digital signature and a certificate. | 08-27-2009 |
| 20090222667 | GENERATOR FOR GENERATING A MESSAGE AUTHENTICATION CODE, METHOD OF GENERATING A MESSAGE AUTHENTICATION CODE, PROGRAM ELEMENT AND COMPUTER-READABLE MEDIUM - Current MAC algorithms impose a significant system performance requirement in order to process messages in real time. According to an exemplary embodiment of the present invention, a hardware implemented generator for generating a MAC is provided, that results in a significant improvement in hardware performance requirements for processing messages in real time. The engine is based on linear feedback shift registers which are adapted to generate secure MACs. | 09-03-2009 |
| 20090240944 | GENERATION METHOD AND UPDATE METHOD OF AUTHORIZATION KEY FOR MOBILE COMMUNICATION - The present invention relates to an authorization key generating method and an authorization key updating method in a mobile communication system. A terminal and a base station generate an authorization key by using a terminal random value and a base station random value that are exchanged in an authorization key generating procedure as input data. In addition, a lifetime of an authorization key is established to be shorter than a lifetime of a root key, and the authorization key is updated with an updating period that is shorter than that of the root period. | 09-24-2009 |
| 20090276629 | METHOD FOR DERIVING TRAFFIC ENCRYPTION KEY - A mobile station is provided. The mobile station includes one or more radio transceiver module and a processor. The processor generates an Authorization Key (AK) context including at least one secret key shared with a base station, transmits at least one association negotiation message via the radio transceiver module to the base station to obtain an association of a service flow established by the base station, and generates at least one TEK according to the secret key and an identifier associated with the association. The service flow is established for traffic data transmission with the base station and the TEK is a secret key shared with the base station for encrypting and decrypting the traffic data. | 11-05-2009 |
| 20090287931 | Establishing Proof of Existence and Possession of Digital Content - A method for establishing proof of existence and possession of source digital content, the method comprising the steps of generating a content certificate by calculating a content hash derived from the source digital content; creating code incorporating the content hash and content details, and a certifying body time-stamping and digitally signing the content hash and the content details to create a content certificate; transmitting the content certificate via a secure channel so that the recipient can verify that the certificate came from the certifying body; transmitting a digitally signed file representing the content certificate content details. A tamper-proof audit trail of certification is generated by: calculating a proving hash of a concatenated file of data relating to a plurality of content certificates; publishing the proving hash, and publishing the concatenated file. Existence of content is proved by: verifying certified digital content against the content certificate using hash verification and checking history of public keys from digital identities; and proving prior existence of the content certificate by reference to published proving hashes and historic content hashes without reference to the certifying body. | 11-19-2009 |
| 20090287932 | Consumer-Driven Secure Sockets Layer Modulator - A software system and method for executing secure commercial transactions online is disclosed. A user's password is received to initiate secure socket layer (SSL) communications with a transaction site on a server. A web session associated with the SSL communications is encrypted by associating a domain name of the transaction site with its SSL public key. Then, the user's password is added to a hypertext markup language (HTML) header of a message within the web session. When added, the password is invisible to a hypothetical man-in-the-middle (MITM) attacker, who cannot read the encrypted message nor mimic the user. The MITM is thus unable to compromise the user's account as the MITM is unable to provide the correct password into any fraudulent message. | 11-19-2009 |
| 20090313473 | METHOD AND APPARATUS FOR SECURE MEASUREMENT CERTIFICATION - The invention relates to methods and apparatuses for acquiring a physical measurement, and for creating a cryptographic certification of that measurement, such that its value and time can be verified by a party that was not necessarily present at the measurement. | 12-17-2009 |
| 20090313474 | NON-TRANSFERABLE ANONYMOUS DIGITAL RECEIPTS - The present invention relates electronic receipts. There is provided a method for generating an electronic receipt in a communication system providing a public key infrastructure, the method comprising the steps of receiving by a second party a request message from a first party, the request message comprising a transaction request and a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party, electronically signing at least part of the request message with a second public key assigned to the second party to issue the electronic receipt, and providing the electronic receipt to the first party. Further, there is provided a method for verifying the ownership of an electronic receipt in a communication system providing a public key infrastructure, the verification arising out of a series of messages being sent and received between a first party and a verifying party, the method comprising the steps of receiving a proof message from the first party, the proof message being derived from at least a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party and an electronic receipt that has been issued by electronically signing a request message with a second public key, determining whether or not the proof message was derived from the second public key. | 12-17-2009 |
| 20100005304 | Security and ticketing system control and management - A security device of this invention includes a nonvolatile storage unit | 01-07-2010 |
| 20100011214 | METHOD AND APPARATUS FOR SECURE TRUSTED TIME TECHNIQUES - A method and apparatus to establish a trustworthy local time based on trusted computing methods are described. The concepts are scaling because they may be graded by the frequency and accuracy with which a reliable external time source is available for correction and/or reset, and how trustworthy this external source is in a commercial scenario. The techniques also take into account that the number of different paths and number of hops between the device and the trusted external time source may vary. A local clock related value which is protected by a TPM securely bound to an external clock. A system of Accuracy Statements (AS) is added to introduce time references to the audit data provided by other maybe cheaper sources than the time source providing the initial time. | 01-14-2010 |
| 20100077217 | DIGITAL RIGHTS MANAGEMENT SYSTEM AND METHOD - The present invention concerns application of digital rights management to industrial automation devices including programmable logic controllers (PLCs), I/O devices, and communication adapters. Digital rights management involves a set of technologies for controlling and managing access to device objects and/or programs such as ladder logic programs. Access to automation device objects and/or programs can be managed by downloading rules of use that define user privileges with respect to automation devices and utilizing digital certificates, among other things, to verify the identity of a user desiring to interact with device programs, for example. Furthermore, the present invention provides for secure transmission of messages to and amongst automation devices utilizing public key cryptography associated with digital certificates. | 03-25-2010 |
| 20100088518 | Method of exchanging data such as cryptographic keys between a data processing system and an electronic entity such as a microcircuit card - A method of exchanging data between a data processing system and an electronic entity, characterized by the following steps:
| 04-08-2010 |
| 20100095125 | CERTIFICATE VERIFICATION - An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process. | 04-15-2010 |
| 20100115281 | ATTRIBUTES IN CRYPTOGRAPHIC CREDENTIALS - Method and apparatus for generating cryptographic credentials certifying user attributes and making cryptographic proofs about attributes encoded in such credentials. Attributes are encoded as prime numbers E in accordance with a predetermined mapping and a cryptographic credential is generated encoding E. To prove that an attribute encoded in a cryptographic credential associated with a proving module of the system is a member of a predetermined set of user attributes, without revealing the attribute in question, the proving module determines the product Q of respective prime numbers corresponding to the attributes in the set in accordance with the predetermined mapping of attributes to prime numbers. The proving module demonstrates to the receiving module possession of a cryptographic credential encoding a secret value that is the prime number E, and then whether this secret value divides the product value Q. | 05-06-2010 |
| 20100131765 | ANONYMOUS VERIFIABLE PUBLIC KEY CERTIFICATES - The anonymity of a user at a client computer may be preserved when authenticating with an on-line service or content provider through the use of an anonymous and verifiable (i.e., “blind”) certificate set that is created by a certificate authority from a fixed-size set of PKI key pairs. The certificate authority randomly selects a subset of PKI key pairs to generate the blind certificate set where each certificate in the set includes a respective public key from the PKI key pair subset. The certificate authority also sends the private keys from the PKI key pair subset to the user. During authentication, the client computer is configured to randomly select a subset of one or more certificates from the set to present to the provider. The provider will encrypt content using the public keys in the subset of certificates and the client will decrypt the content with the corresponding private keys. | 05-27-2010 |
| 20100131766 | NOTIFYING USERS OF SERVER CHANGES VIA SSL - An apparatus and a method for authenticating a secure communication is described. A server receives a request from a client for an original SSL certificate. The server embeds a message in a common name (CN) of a new SSL certificate directing the client to another server. The client is transparently reconfigured and establishes a secure communication with the other server using the new SSL certificate. | 05-27-2010 |
| 20100146280 | REMOTE ASSISTING METHOD AND SYSTEM - A remote assisting method is applied in a remote assisting system, which includes a server, a help-asking device and a helping device. The remote assisting method includes the following steps. First, ticket information is encrypted into encrypted ticket information, which is provided to the server, in response to a help-asking event and according to a first key. Next, the encrypted ticket information provided by the help-asking device is decoded into the ticket information according to a second key. Then, the ticket information, generated by decoding, is provided to the helping device such that the helping device can log in the help-asking device and perform a remote assisting operation. | 06-10-2010 |
| 20100146281 | SECURITY AND CERTIFICATE MANAGEMENT FOR ELECTRONIC BUSINESS TO BUSINESS TRANSACTIONS - Methods, systems, and devices are described for the secure electronic exchange of procurement documents. A server computer system may manage different sets of security procedures, distributing certificates to trading partners. These certificates may be community-specific certificates for a limited community of trading partners. When particular trading partners (e.g., of the community) agree to exchange procurement documents, they may first exchange their certificates (or portions thereof) with each other. A sending trading partner may then provide an electronic signature for a procurement document to be transmitted, and encrypt the signed procurement document using the receiving trading partner's public key. | 06-10-2010 |
| 20100153731 | Lightweight Authentication Method, System, and Key Exchange Protocol For Low-Cost Electronic Devices - An algorithm or an authentication system for a low-cost authenticating device such as a radio frequency identification (RFID) tag, or a sensor node are provided, by which authentication is processed efficiently without requiring complicated hardware. A claimant entity attempting to be authenticated and a verifying entity to authenticate the claimant entity, share a plurality of secret keys so that authentication is processed as the claimant entity responds to a challenge by the verifying entity. The verifying entity and the claimant entity perform authentication using Learning Parity with Noise (LPN) problem. The verifying entity and the claimant entity generate keys independently from one another, and exchange the generated keys. The claimant entity may generate an encrypted value for use in the authentication, using a basic Boolean Exclusive OR and a logical AND operations. | 06-17-2010 |
| 20100169647 | Data Transmission - A method of and apparatus for transmitting data in systems such as computer networks, for example in client-server or peer-to-peer arrangements. Access to transmitted data received by a destination apparatus is limited by the provision of software code at the destination apparatus. The software code is arranged to produce a result which is a function of the state of the destination apparatus, and this result is used to access the data. The software code may be either transmitted to the destination apparatus, for example along with the data it is used to access or from a separate server, or may be generated at the destination apparatus. The method and apparatus is particularly applicable in the field of on-line gaming, wherein the transmitted data is encrypted gaming data and the result of the software code provides the access key to the encrypted data. | 07-01-2010 |
| 20100169648 | COMMUNICATION TERMINAL APPARATUS AND INFORMATION COMMUNICATION METHOD - An information communication method performed by a communication terminal apparatus, the method including: sharing a first encryption key with a first server; receiving a request for sending identification information of the communication terminal apparatus; authenticating the first server based on certificate information of the first server that is acquired while sharing the first encryption key and verification information retained in the communication terminal apparatus; encrypting the identification information of the communication terminal apparatus using a second encryption key; and encrypting, using the first encryption key, according to an authentication result, encrypted identification information of the communication terminal apparatus as generated by using the second encryption key, and transmitting resulting double-encrypted identification information of the communication terminal apparatus to the first server. | 07-01-2010 |
| 20100180121 | METHOD AND APPARATUS FOR ENHANCING SECURITY IN NETWORK-BASED DATA COMMUNICATION - Various embodiments of a method and associated equipment for enhancing security in a network-based data communication are provided. In one embodiment, the method includes: a) maintaining at least access to data which a transmitting user may selectively transmit, b) providing a submit control associated with a recipient user to which the data may be selectively transmitted, c) in response to the transmitting user activating the submit control, presenting information to the transmitting user that identifies the recipient user to which the data is about to be sent, and d) in response to the transmitting user activating a verification control, transmitting the data to the recipient user. In one embodiment, the associated equipment includes a first computing device associated with a transmitting user, a second computing device associated with a recipient user; and a communication network through which the first computing device can operatively communicate with the second computing device. | 07-15-2010 |
| 20100185864 | Multi-Dimensional Credentialing Using Veiled Certificates - In accordance with certain embodiments of the present disclosure, a method for creating a veiled certificate is provided. The method comprises requesting a certificate from a regulator by sending a message with a digital signature of the message signed by the owner. The message comprises an owner's veiled certificate token, the veiled certificate token comprising an encrypted version of the owner's identification data and the owner's identification public key for the certificate. The message further comprises the identification public key, the whole message being encrypted using the regulator's external public key. The certificate request is validated by verifying the sender's identity through validation of the digital signature using the owner's external public key and verifying the veiled certificate token using the individual' external public key. A veiled certificate is created by combining the veiled certificate token, identification public key and digitally signing the veiled certificate with the regulator's private key, wherein the owner's identification information is inaccessible from the veiled certificate, except to the certificate owner. | 07-22-2010 |
| 20100217987 | Document Security Management System - A document security management system for securely managing documents for users. The document management system comprises a document repository providing a facility for storing data files representing the documents. A key repository stores a public key of one or more encryption key pairs, each of the encryption key pairs being associated with one of the documents stored in the document repository. Each document stored in the document repository is encrypted with the public key of the encryption key pair associated with the document. A plurality of client terminals are operable to store and to retrieve the documents from the documentary repository for processing by a user. Each user is in possession of a digital certificate comprising a certificate key pair. The key repository includes the private key of the encryption key pair encrypted with the public key of the certificate key pair associated with the user. The client terminal is operable with the private key of the certificate key pair in possession of a user. The client terminal is operable to decrypt the private key of the encryption key pair using the private key of the certificate key pair of a user, and to retrieve the encrypted document from the document repository and to decrypt the document using the decrypted private key of the encryption key pair. Thus, in accordance with the present invention a two tier arrangement of private key/public key pairs is provided with a first private key/public key pair called the encryption key pair being associated with each of the documents and a second digital certificate private key/public key pair called a certificate key pair being associated with the users. A document management system according to the present invention is therefore provided with an improvement in security with respect to document management and document management security. | 08-26-2010 |
| 20100217988 | ELECTRONIC DOCUMENT MANAGEMENT AND DELIVERY - In one embodiment, system to manage and deliver electronic documents is disclosed. | 08-26-2010 |
| 20100217989 | VISUALIZATION OF TRUST IN AN ADDRESS BAR - Described are a system and method for presenting security information about a current site or communications session. Briefly stated, a browsing software is configured to receive a certificate during a negotiation of a secure session between a local device and a remote device. The certificate includes security information about a site maintained at the remote device. The security information is displayed to a user of the browsing software in a meaningful fashion to allow the user to make a trust determination about the site. Displaying the security information may include presenting a certificate summary that includes the most relevant information about the certificate, such as the name of the owner of the site and the name of the certificating authority of the certificate. | 08-26-2010 |
| 20100223469 | Method, System and Computer Program Product for Certifying Software Origination - The disclosed embodiments present a method, system and computer program product for certifying software origination. The method for certifying software origination comprises generating at least one certificate of originality for a software artifact, generating a key for authenticating the certificate of originality, incorporating the key into the certificate of originality, and embedding the certificate of originality in the software artifact. | 09-02-2010 |
| 20100223470 | SECURE INSTANT MESSAGING SYSTEM - A secure instant messaging (IM) system integrates secure instant messaging into existing instant messaging systems. A certificate authority (CA) issues security certificates to users binding the user's IM screen name to a public key, used by sending users to encrypt messages and files for the user. The CA uses a subscriber database to keep track of valid users and associated information, e.g. user screen names, user subscription expiration dates, and enrollment agent information. A user sends his certificate to an instant messaging server which publishes the user's certificate to other users. Users encrypt instant messages and files using an encryption algorithm and the recipient's certificate. A sending user can sign instant messages using his private signing key. The security status of received messages is displayed to recipients. | 09-02-2010 |
| 20100228982 | FAST-RECONNECTION OF NEGOTIABLE AUTHENTICATION NETWORK CLIENTS - Modern network communications often require a client application requesting data to authenticate itself to an application providing the data. Such authentication requests can be redundant, especially in the case of stateless network protocols. When a full authentication is performed, a conversation identifier and one or more encryption keys can be agreed upon. Subsequent authentication requests can be answered with a fast reconnect token comprising the conversation identifier and a cryptographically signed version of it using the one or more encryption keys. Should additional security be desirable, a sequence number can be established and incremented in a pre-determined or a random manner to enable detection of replayed fast reconnect tokens. If the recipient can verify the fast reconnect token, the provider can be considered to have been authenticated based on the prior authentication. If an aspect of the fast re-authentication should fail, recourse can be had to the original full authentication process. | 09-09-2010 |
| 20100235642 | APPARATUS, SYSTEM, AND METHOD OF SETTING A DEVICE - A device setting apparatus performs setting operation with respect to a counterpart apparatus using secure communication even when the counterpart apparatus is not previously provided with information required for secure communication. The device setting apparatus detects an error when the error occurs during the setting operation, and executes a browser to request a user to correct the error during the setting operation. | 09-16-2010 |
| 20100250946 | AD HOC DISTRIBUTION - Systems and methods for developing an application for a data processing device using a portal, such as a world wide web portal. In one exemplary method, an application signing certificate is generated using the portal, and the portal designates the data processing device using a unique device identifier. A unique application identifier for the application is created using the portal. An application provisioning file is created using the portal. The application provisioning profile comprises the application signing certificate, the unique application identifier, and the unique device identifier. | 09-30-2010 |
| 20100250947 | SYSTEM AND METHOD OF PREVENTING SPAM BY USING PAY-CHARGE-CONTRIBUTION AND AUTHENTICATION MEANS - A system for preventing junk mails includes a sender email server ( | 09-30-2010 |
| 20100250948 | SYSTEM AND METHOD FOR CHECKING DIGITAL CERTIFICATE STATUS - A method for handling digital certificate status requests between a client system and a proxy system is provided. The method includes the steps of receiving at the proxy system digital certificate status request data transmitted from the client system and generating query data for the digital certificate status in response to receiving the digital certificate status request data. The query data is transmitted to a status provider system, and status data from the status provider system in response to the query data is received at the proxy system. Digital certificate status data based on the status data received is generated and transmitting to the client system. | 09-30-2010 |
| 20100275024 | METHOD AND SYSTEM FOR DISPLAYING VERIFICATION INFORMATION INDICATORS ON A NON-SECURE WEBSITE - A method and system of displaying information indicators that help provide security assurances to consumers. The method works by having a plug-in or browser extension that determines the URL of a browsed to website. The browser then initiates a secure connection to the domain associated with the URL of a browsed-to website. The plug-in can then show an indicator based on whether or not a digital certificate exists. If desired, the plug-in can perform further checks to ensure the validity and authenticity of the certificate. The information indicators can be static, pre-selected by the program, or selected by the end user. | 10-28-2010 |
| 20100306545 | COMMUNICATION APPARATUS - A communication apparatus includes: a first storage unit storing a certification authority certificate; a verification unit verifying an electronic signature attached to a first electronic mail received by a receiving unit from a mail server based on the certification authority certificate; an output unit outputting the first electronic mail when a verification result of the verification unit is positive; a deletion unit deleting the first electronic mail from the mail server; a notification unit notifying a user of information regarding a specific certification authority when a specific certification authority certificate is not stored in the first storage unit; an acquiring unit acquiring the specific certification authority certificate; and a storage control unit storing the acquired specific certification authority certificate. The receiving unit again receives the first electronic mail. The verification unit verifies an electronic signature attached to the again received first electronic mail based on the certification authority certificate. | 12-02-2010 |
| 20100306546 | MOBILE CERTIFICATE DISTRIBUTION IN A PKI - A method of providing certificate issuance and revocation checks involving mobile devices in a mobile ad-hoc network (MANET). The wireless devices communicate with each other via Bluetooth wireless technology in the MANET, with an access point (AP) to provide connectivity to the Internet. A Certificate authority (CA) distributes certificates and certification revocation lists (CRLs) to the devices via the access point (AP). Each group of devices has the name of the group associated with the certificate and signed by the CA. A device that is out of the radio range of the access point may still connect to the CA to validate a certificate or download the appropriate CRL by having all the devices participate in the MANET. | 12-02-2010 |
| 20100318803 | System and Methods for Assignation and Use of Media Content Subscription Service Privileges - This invention describes a system and methods for media content subscription service distribution; typical services include cable television, premium content channels, pay-per-view, XM radio, and online mp3 services. Subscribers use portable electronic devices to store digital certificates certifying the subscriber's privileges and an assigned public key. The devices can communicate with specially enabled televisions, radios, computers, or other media presentation apparatuses. These, in turn, can communicate with central databases owned by the provider, for verification purposes. Methods of the invention describe media content subscription service privilege issuing and use. The invention additionally describes methods for protecting media content transmitted to users with a variety of encryption schemes. The invention also comprises methods for subscribed users to bestow a subset of their privileges to a number of secondary users, with appropriate permission from the media content subscription service provider. | 12-16-2010 |
| 20100325437 | METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING - A method and system for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided. | 12-23-2010 |
| 20100325438 | System and Method for Binding a Smartcard and a Smartcard Reader - Systems and methods for binding a smartcard and a smartcard reader are provided. A smartcard is provision to store a first set of credentials for use in traditional transactions such as at a brick and mortar retail store and a second set of credentials for use when performing a transaction using a smartcard reader associated with a user such as an on-line transaction. The user smartcard reader registers with a smartcard issuer server by cryptographically authenticating a secure processor associated with the smartcard reader. As a result of the registration, the secure processor obtains a set of private keys associated with the second set of credentials. When a request for a authorizing a transaction via the user's smartcard reader is received, the smartcard reader cryptographically authenticates itself to the smartcard using a private key associated with a credential to be used to authorize the transaction. | 12-23-2010 |
| 20100332838 | SYSTEMS AND METHODS FOR AUTHENTICATING AND PROVIDING ANTI-COUNTERFEITING FEATURES FOR IMPORTANT DOCUMENTS - A method for authenticating a document comprises obtaining the contents of a document, obtaining biometric characteristics from an individual, forming a message based on the contents of the document and the biometric characteristics of the individual, generating a digital signature based on the message and a key, and writing the digital signature to an Radio Frequency Identification (RFID) tag affixed to the document. | 12-30-2010 |
| 20100332839 | METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING - A method and system for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided. | 12-30-2010 |
| 20110004763 | CERTIFICATE VALIDATION METHOD AND CERTIFICATE VALIDATION SERVER AND STORAGE MEDIUM - A certificate validation method for causing a certificate validation server to receive a certificate validation request from a given terminal device, build a certification path of from a first certificate authority (CA) to a second CA, perform validation of the certification path, and send a validation result to the terminal which issued the certificate validation request is disclosed. The validation server detects either a key update of any given CA or a compromise of the given CA, acquires a certificate of relevant CA and first certificate status information and second certificate status information, stores the acquired information in a storage unit or, alternatively, updates the information stored in the storage based on the acquired information, and performs the building of a certification path and validation of the certification path by use of the information of the storage unit. | 01-06-2011 |
| 20110010553 | On-Line Membership Verification - A system and method of providing on-line verification of various credentials without requiring second site authentication utilizes protocols and cryptography to assure customers (generally referred to hereinafter as “users”) that they are dealing with a person (or organization) that can present multiple, non-repudiable proof of their identification. The system is launched directly from the user's browser such that certificate verification is performed “locally”, without needing to go out and obtain information from a second web site. The system is based upon the creation of a new MIME (i.e. Multipurpose Internet Mail Extensions) type that is employed by the user's browser and utilizes public keys associated with the credentialing organizations in combination with a public key of the verification organization. | 01-13-2011 |
| 20110010554 | METHOD AND APPARATUS FOR PROVIDING INTELLIGENT ERROR MESSAGING - A method and apparatus for providing intelligent error messaging is disclosed wherein a user of a mobile communications device is provided with descriptive error messaging information to assist the user in overcoming errors associated with the processing of electronic messages and data. For example, when the mobile device is being used to decrypt a cryptographically secured electronic message, and a problem is encountered, program logic of the device provides the user with (1) an indication of exactly what problem is preventing opening of the message, for example, a required cryptographic key is not available; (2) an indication of exactly what may be done to overcome the problem, for example, what utilities should be run on the device; and (3) exactly what data, if any, needs to be downloaded to the device, for example, what cryptographic keys should be downloaded. | 01-13-2011 |
| 20110016324 | DATA CARD VERIFICATION SYSTEM - A method of verifying a pair of correspondents in electronic transaction, the correspondents each including first and second signature schemes and wherein the first signature scheme is computationally more difficult in signing than verifying and the second signature scheme is computationally more difficult in verifying than signing. The method comprises the step of the first correspondent signing information according to the first signature scheme and transmitting the first signature to the second correspondent, the second correspondent verifying the first signature received from the first correspondent, wherein the verification is performed according to the first signature scheme. The second correspondent then signs information according to the second signature scheme and transmits the second signature to the first correspondent, the first correspondent verifies the second signature received from the second correspondent, wherein the verification is performed according to the second signature algorithm; the transaction is rejected if either verification fails. The method thereby allows one of the correspondents to participate with relatively little computing power while maintaining security of the transaction. | 01-20-2011 |
| 20110022845 | METHOD AND DEVICE FOR ISSUING A DIGITAL RESIDENCE CERTIFICATE - A method for issuing a digital residence certificate using a module associated with a counter. Data from the counter are continuously monitored, whereby the data are read and a consistency test is performed on the basis of a predetermined criterion. In addition, after receiving a residence certificate request, a decision is made as to whether or not the request should be fulfilled, based on the results of the continuous data monitoring. | 01-27-2011 |
| 20110035595 | CODEWORD-ENHANCED PEER-TO-PEER AUTHENTICATION - Peer-to-peer authentication may be accomplished by sending a digital certificate to a responder, receiving a randomized codeword in response to the sending, creating a secure fingerprint based at least in part on the digital certificate and randomized codeword, creating a first bit sequence based at least in part on a first portion of the secure fingerprint and a second portion of the randomized codeword and indicating the first digital certificate is authenticated based upon whether the first bit sequence matches a second bit sequence received from the responder via an out-of-band communication in response to the sending. The size of the first bit sequence is less than the size of the secure fingerprint. According to another aspect, the first bit sequence is compared with a rendering of the second bit sequence, using an out-of-band communication, by associating the first bit sequence with one or more indices into an array of representations. | 02-10-2011 |
| 20110035596 | Method of Secure Broadcasting of Digital Data to an Authorized Third Party - The invention relates to a method of secure broadcasting of encrypted digital data of a proprietary entity, these data being stored in a storage module ( | 02-10-2011 |
| 20110055575 | Enhancement to Volume License Keys - A method includes issuing a digital certificate to a licensee, the digital certificate identifying a licensed product and the licensee to enable the licensee to enable the licensed product. The method involves receiving a request to enable the licensed product from an entity, the request including the digital certificate and determining whether the entity is the licensee of the licensed product based on the digital certificate. A system includes a relational structure having associations among authorized entities and digital certificates within an organization. Each to digital certificate identifies a licensed product licensed to the organization. A certificate distribution module distributes the digital certificates to associated authorized entities. | 03-03-2011 |
| 20110072269 | NETWORK AV CONTENTS PLAYBACK SYSTEM, SERVER, PROGRAM AND RECORDING MEDIUM - A system, including: an audio-visual terminal; and a storage terminal, wherein the audio-visual terminal establishes a first connection protected by authentication and encryption, to server providing AV contents on a network; acquires an authorization to use of the contents by the first connection, concurrently acquires download control information including contents location information that indicates a location of the AV contents on the network and license information about the AV contents; and transmits the acquired download control information to the storage terminal, and the storage terminal acquires the download control information from the audio-visual terminal, downloads the contents from the server based on the contents location information via the network and stores the contents; acquires a license of the contents from the server based on the license information and stores the license; and uses the contents for a predetermined period based on the stored license. | 03-24-2011 |
| 20110072270 | SYSTEM AND METHOD FOR SUPPORTING MULTIPLE CERTIFICATE STATUS PROVIDERS ON A MOBILE COMMUNICATION DEVICE - A method and system for supporting multiple digital certificate status information providers are disclosed. An initial service request is prepared at a proxy system client module and sent to a proxy system service module operating at a proxy system. The proxy system prepares multiple service requests and sends the service requests to respective multiple digital certificate status information providers. One of the responses to the service requests received from the status information providers is selected, and a response to the initial service request is prepared and returned to the proxy system client module based on the selected response. | 03-24-2011 |
| 20110078447 | SECURE INTER-PROCESS COMMUNICATIONS - Securing inter-process communications includes receiving, from a device that supports a first process that is an instantiation of a first application being executed, a request to initiate inter-process communications. Securing inter-process communications also includes replying to the device with a request for information of a first digital certificate that uniquely authenticates an identity of the first process. An identity of a second process that is a distinct instantiation of the first application is authenticated using a second digital certificate distinct from the first digital certificate. | 03-31-2011 |
| 20110078448 | Short-Lived Certificate Authority Service - An integrated authentication service is described which may receive a bundled request from one or more clients. One or more of the described techniques may be utilized to provide, in response to a single bundled request, a token for proof of identity and a certificate for establishing secure communications. | 03-31-2011 |
| 20110093713 | SIGNATURE METHOD AND DEVICE - A method for signing a document to be transmitted between two correspondents, i.e. a sender and an addressee, including recording the sender and the addressee of the document for the allocation of a digital identity thereto; authorizing by the addressee a correspondence with the sender; ciphering the document; indicating to the addressee that the document is available; detecting an access to the document by the addressee; generating an electronic report indicating the delivery of the document, the document-delivery electronic report including a set of data associated with the transmission of the document to the addressee, the set including identification of elements concerning the addressee authentication, the sealing of the document, the access to the document by the addressee and the time-stamping of the access to the document by the addressee; and electronically signing, by a reliable third-party using the private key thereof, the document-delivery electronic report. | 04-21-2011 |
| 20110099379 | AUGMENTED SINGLE FACTOR SPLIT KEY ASYMMETRIC CRYPTOGRAPHY-KEY GENERATION AND DISTRIBUTOR - A system for authenticating a user of a communication network is disclosed. The system includes a user station associated with the user and an authenticating station communicatively coupled to the user station via the communication network. The authenticating station is configured to authenticate the user. The authenticating station is further configured to perform an operation, which includes receiving a first value, from a user station associated with the user, via the communication network. The first value represents a first user credential. A first key portion is generated based on the first value and a second value that is unknown to the user. The first key portion, along with a second key portion, is used for authenticating credentials of the user for a predefined period of time or for authenticating user credentials for a predefined number of times. The second key portion is generated based on the first key portion. A cookie that includes the second value or a value derived from the second value is generated and transmitted to the user station and then the second value is destroyed. | 04-28-2011 |
| 20110113252 | CONCIERGE REGISTRY AUTHENTICATION SERVICE - In an example embodiment described herein is an apparatus comprising a transceiver configured to send and receive data, and logic coupled to the transceiver. The logic is configured to determine from a beacon received by the wireless transceiver whether an associated wireless device sending the beacon supports a protocol for advertising available services from the associated wireless device. The logic is configured to send a request for available services from the associated wireless device via the wireless transceiver responsive to determining the associated wireless device supports the protocol. The logic is configured to receive a response to the request via the wireless transceiver, the response comprising a signature. The logic is configured to validate the response by confirming the signature comprises network data cryptographically bound with service data. | 05-12-2011 |
| 20110179278 | APPARATUS AND METHOD OF A PORTABLE TERMINAL AUTHENTICATING ANOTHER PORTABLE TERMINAL - Provided is an apparatus and method of a portable terminal authenticating another portable terminal. The portable terminal may receive a seed generated by the other portable terminal, issue an authentication certificate generated using the seed to the other portable terminal, authenticate the other portable terminal based on the authentication certificate, and provide a secure communication. | 07-21-2011 |
| 20110191590 | METHOD AND APPARATUS FOR DIGITAL AUTHENTICATION OF VALUABLE GOODS - A method for digital certification of authenticity of a physical object, and corresponding computer program and storage device, as well as to the use of the method for digital certification of authenticity of a physical object of value. The method includes the steps of issuing a storage device including a digital certificate of authenticity including encrypted information reflecting at least one characteristic unique to the physical object, checking, whenever required, the validity of the digital certificate of authenticity by use of a network computer, the network computer cooperating with the storage device and a validating or a certifying authority so as to output sensibly in real time the status of validity of the digital certificate of authenticity, and modifying the status of validity of the digital certificate of authenticity, whenever required. | 08-04-2011 |
| 20110197068 | METHODS FOR PROVIDING SECURITY OVER UNTRUSTED NETWORKS - Methods for providing for secure communications across data networks, including untrusted networks. In one embodiment, the method comprises establishing security associations between devices on the network using a digital certificate and key exchange protocol. In one variant, the digital certificate comprises a public encryption key; the recipient of the certificate authenticates the sender using at least the signature, and then generates a cryptographic element (e.g., key), and initialization vector. The key is encrypted and sent back to the originator, where it is decrypted and used to encrypt datagrams sent between the devices. The initialization vector may be used to initialize the encryption algorithm on the receiving device. | 08-11-2011 |
| 20110202771 | Method for governing the ability of computing devices to communicate - A method is provided to perform network access control. A computing device utilising Online Certificate Status Protocol responder functionality determines whether attempted communication should be allowed between other computing devices appropriately configured with Internet Protocol Security (IPsec), digital certificates and OCSP client software. This determination is based on a set of rules considering the role or roles of the computing devices attempting to communicate, and whether the computing devices attempting to communicate have previously exhibited suspicious or undesirable behaviour. | 08-18-2011 |
| 20110219234 | SYSTEM AND METHOD FOR HYPERVISOR-BASED REMEDIATION AND PROVISIONING OF A COMPUTER - A computer located outside of an organizational computing environment is remotely prepared and configured to work in the organizational computing environment. A hypervisor operating system is installed and replaces the primary operating system of the computer, and the primary operating system, virtual software appliances (VSA) and virtual machines (VM) can execute as processes of the hypervisor. The hypervisor is configured to establish secure connection with organizational computing environment and to receive from it organization-configured image software for configuring the compute to work in the organizational computing environment. The secure connection can also be used for remote maintenance of the computer even when the computer operating system is faulty or inactive. | 09-08-2011 |
| 20110225425 | PREVENTING CAUSALITY VIOLATIONS IN DECENTRALIZED DISTRIBUTED SYSTEMS - A trusted read and write platform provides write-indisputability and read-undeniability for a distributed application. The platform is implemented at each node of the distributed application using a trusted platform module. To provide write-indisputability, the read and write platform of a node may generate a proof that is signed by the platform module and sent with a purportedly written result. The proof is decrypted using a public key associated with the platform module and includes indicators of the process taken by the read and write platform to write the result. To provide read-undeniability, the read and write platform may bind a key to a state of the platform module. A result to be read at the read and write platform is encrypted using the key and can only be decrypted when the read and write platform updates its state to the bound state. | 09-15-2011 |
| 20110225426 | TRUSTED GROUP OF A PLURALITY OF DEVICES WITH SINGLE SIGN ON, SECURE AUTHENTICATION - A system creates a trusted group of devices for single sign on. The trusted group is a set of two or more devices which can communicate securely to exchange information about the states of the devices. The two or more devices can arrange or establish the trusted group through the exchange of credentials or authentication information. After the establishment of the trusted group, the two or more devices may communicate through a secure connection established between the members of the trusted group. Each device may then execute normally and may encounter events that change the status of the device. Information about the locking or unlocking of the computer can be exchanged with the other members of the trusted group and the other members may also lock or unlock in concert. | 09-15-2011 |
| 20110238996 | TRUSTED NETWORK CONNECT HANDSHAKE METHOD BASED ON TRI-ELEMENT PEER AUTHENTICATION - A trusted network connect handshake method based on tri-element peer authentication is provided, which comprises the following steps. An access controller (AC) sends message | 09-29-2011 |
| 20110264916 | MOTOR VEHICLE ELECTRONICS DEVICE, MOTOR VEHICLE, METHOD FOR DISPLAYING DATA ON A MOTOR VEHICLE DISPLAY APPARATUS, AND COMPUTER PROGRAM PRODUCT - The invention relates to a motor vehicle electronics device comprising a first interface ( | 10-27-2011 |
| 20110276803 | SYSTEM AND METHOD FOR MULTI-CERTIFICATE AND CERTIFICATE AUTHORITY STRATEGY - Operations or functions on a device may require an operational certificate to ensure that the user of the device or the device itself is permitted to carry out the operations or functions. A system and a method are provided for providing an operational certificate to a device, whereby the operational certificate is associated with one or more operations of the device. A manufacturing certificate authority, during the manufacture of the device, obtains identity information associated with the device and provides a manufacturing certificate to the device. An operational certificate authority obtains and authenticates at least a portion of the identity information associated with the device from the manufacturing certificate and, if at least the portion of the identity information is authenticated, the operational certificate is provided to the device. | 11-10-2011 |
| 20110283108 | METHOD & APPARATUS FOR ESTABLISHING A TRUSTED AND SECURE RELATIONSHIP BETWEEN TWO PARTIES CONNECTED TO A NETWORK - A trusted relationship service includes a certificate authentication server and a secure file host. The certificate authentication server operates to receive requests from a supplier and a customer to register with the service, verifies the identities of the supplier and the customer and sends digital certificates to both the supplier and the customer. The supplier can send information to the trusted relationship service where it is posted in a secure file host. The supplier can solicit the customer to visit the trusted relationship service web site to view the supplier information stored there, whereupon the customer can use their digital certificate to access the trusted relationship service site and is granted permission by the site to view the supplier information. | 11-17-2011 |
| 20110314289 | REMOTE VERIFICATION OF ATTRIBUTES IN A COMMUNICATION NETWORK - It is provided an apparatus, comprising property checking means configured to check whether a claimant property information received from a claimant device corresponds to a predefined claimant attribute; obtaining means configured to obtain a result, which is positive only if the claimant property information corresponds to the predefined claimant attribute as checked by the property checking means; key generation means configured to generate a first claimant intermediate key from a predefined claimant permanent key stored in the apparatus; supplying means configured to supply, to the claimant device, the first claimant intermediate key using a secured protocol, wherein at least one of the key generation means and the supplying means is configured to generate and to supply, respectively, the first claimant intermediate key only if the result is positive. | 12-22-2011 |
| 20110320817 | ELECTRONIC CERTIFICATE ISSUANCE SYSTEM, ELECTRONIC CERTIFICATE ISSUING DEVICE, COMMUNICATION DEVICE, AND PROGRAM THEREFOR - An electronic certificate issuance system comprising at least one communication device, and an electronic certificate issuing device for issuing a set of an electronic certificate and a private key corresponding to the electronic certificate as a certification set for each of the at least one communication device, is provided. The electronic certificate issuing device includes a first connecting interface, an obtaining system, which is adapted to obtain a node ID assigned to each of the at least one communication device, a generating system, and a writing system. The at least one communication device includes a second connecting interface, a judging system, and an installing system. | 12-29-2011 |
| 20110320818 | SYSTEM AND METHOD FOR PROVIDING SECURITY IN BROWSER-BASED ACCESS TO SMART CARDS - A method of operating a host computer having a web-browser with the capability of executing at least one web-browser add-on to provide a web application access to a smart card to protect the smart card from security threats associated with being connected to the Internet. Prior to establishing a connection between a web application executing in the web browser, verifying that the web application has been authorized to connect to a smart care using the web-browser add-on to provide a web application access to a smart card. | 12-29-2011 |
| 20120005480 | METHODS FOR FIRMWARE SIGNATURE - A method for installing embedded firmware is provided. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware. | 01-05-2012 |
| 20120005481 | AUTHENTICATED PROGRAM EXECUTION METHOD - According to a conventional technique, in the case where a program is stored into a non-volatile memory once and then activated, authentication of the program is performed immediately before such activation. However, calculations such as decryption of encrypted values are required before the activation of the program starts, which causes the problem that responsiveness is decreased in proportion to the time required for calculations. In order to solve this problem, authentication of a program is performed immediately before such program is stored, so that no authentication is performed or only a part of the authentication is performed to verify the validity of certificates at program activation time. | 01-05-2012 |
| 20120030469 | Streamlined CSR Generation, Certificate Enrollment, and Certificate Delivery - The process of acquiring SSL certificates for enterprise SSL customers is improved by reducing the number of steps used to acquire the SSL certificate and streamlining the process. An on-line CSR generator on the certificate enrollment form is used to submit the customer information (i.e. Common Name, Organizational Unit, Organization, City/Locality, State/Province, and Country Code) and generate the CSR. By making the CSR generation part of the enrollment process, the administrator can use the same enrollment form to submit the customer information along with the contact information pertinent to the enterprise. | 02-02-2012 |
| 20120036364 | SELF-AUTHENTICATION COMMUNICATION DEVICE AND DEVICE AUTHENTICATION SYSTEM - In a system where a communication device performs secure communication by using a digital certificate, to enable a device of a communication party to verify that a self certificate is certainly generated by a device indicated on the self certificate even if the self certificate is not delivered offline in advance. Based on a master key and a public parameter, a communication device generates an ID-based encryption private key for which a device unique ID is used as a public key. Then, the communication device generates the digital signature of an RSA public key as a ID-based encryption signature by using the ID-based encryption private key. Then, the communication device generates an RSA self signature for the RSA public key, an expiration date, a host name, the device unique ID, and the ID-based encryption signature as the target. Then, the communication device generates a self-signed certificate to include the ID-based encryption signature and the RSA self signature. | 02-09-2012 |
| 20120047368 | AUTHENTICATING A MULTIPLE INTERFACE DEVICE ON AN ENUMERATED BUS - A method for authenticating a multiple interface accessory device is provided. The method includes receiving enumeration information identifying the multiple interfaces supported by the accessory. The enumeration information includes information about a master interface supported by the accessory. A host device obtains authentication information from the accessory in accordance with a protocol associated with the master interface. Based on the authentication information, the host device determines whether the accessory is authorized to communicate with the host device. In the event that the accessory is authorized, the host device permits communication with the accessory using one or more of the multiple interfaces supported by the accessory. | 02-23-2012 |
| 20120084566 | METHODS AND SYSTEMS FOR PROVIDING AND CONTROLLING CRYPTOGRAPHIC SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS - Methods and systems for providing secure access to network resources are disclosed. A method includes defining in a provisioning utility one or more communities of interest, each community of interest including one or more users and associated with a key. The method includes providing a service key to a client computing device that is useable to establish a secure connection to a service enclave including an authorization server. The method also includes transmitting from the authorization server, for each community of interest including an identified user of the client computing device, an identity of a customer enclave and a key associated with a community of interest including the user of the client computing device, the community of interest including computing resources included in the customer enclave. | 04-05-2012 |
| 20120089841 | DIGITAL SIGNATURES OF COMPOSITE RESOURCE DOCUMENTS - An embodiment of the disclosure can receive a composite resource document containing at least one resource. An updated manifest resource can be obtained. The updated manifest resource can list all resources in the composite resource document. A set of zero or more (0 . . . N) resources can be indicated. Each indicated resource is one that is to be subtracted from the list of resources in the updated manifest resource in order to create a generated signature reference list of identified resources to be signed. A hash token can be generated using the resources identified in the generated signature reference list to form a signature hash token. The signature hash token can be encrypted with a secret key. | 04-12-2012 |
| 20120089842 | COMMUNICATION SYSTEM FOR AUTHENTICATING MESSAGES WITH UNIQUELY SPECIFIED GENUINE INFORMATION - In a sensor network system, a transmitter device uses a message authentication key generated by a message generator to transmit a message with authenticator to plural receiver devices, which in reply produce a certification by a certification generator from a message with authenticator held by a message holder to transmit the certification to the transmitter device. An information generator of the transmitter device uses an identification from a reception checker and the message authentication key thus generated to generate an authentication key notification, which will be transmitted to receiver devices having transmitted the certification. In the receiver devices, the message holder holds the authentication key notification, from which an authentication key acquirer acquires the message authentication key, which a message authenticator uses to compare the message with authenticator generated with the message with authenticator held in the message holder to confirm the received message. | 04-12-2012 |
| 20120102328 | Method for implementing the real time data service and real time data service system - The present invention discloses a method for implement real time data service and a real time data service system. After starting to forward data messages to an accessed user terminal, an access point (AP) of the real time data service system verifies the user terminal, and continues forwarding the data messages to the user terminal after the verification is successful. Therefore, with the method and system of the present invention, when accessing the real time data service system by adopting the way of authentication and key management based on pre-shared key, it is able to authenticate a user before the user obtains a big amount of service data, thereby the accessing security is effectively improved; furthermore, with the method and system of the present invention, it is able to provide free preview service data to the user at first, and after the preview, obtain and verify the WLAN authentication and privacy infrastructure (WAPI) certificate and signature of the user by initiating a signature authentication request to the user, and then start to charge, which is convenient for the user and is favourable for the operators to popularize the real time data service. | 04-26-2012 |
| 20120124379 | ANONYMOUS AUTHENTICATION SIGNATURE SYSTEM, USER DEVICE, VERIFICATION DEVICE, SIGNATURE METHOD, VERIFICATION METHOD, AND PROGRAM THEREFOR - The user device includes: a recording unit which stores system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate; an input/output unit which receives input of the document from the user and an attribute the user intends to disclose; a cryptograph generating module which generates a cryptograph based on the inputted document, the attribute to be disclosed, and each of the parameters; a signature text generating module which generates a zero-knowledge signature text from the generated cryptograph; and a signature output module which outputs the cryptograph and the zero-knowledge signature text as the signature data. The user public key and the attribute certificate are generated by using a same power. | 05-17-2012 |
| 20120166805 | METHOD AND SYSTEM FOR EXCHANGE MULTIFUNCTION JOB SECURITY USING IPV6 NEIGHBOR DISCOVERY OPTIONS - A method that facilitates exchange multifunction job security using IPv6 Neighbor Discovery, which includes generating a job on a first node, the first node having a software module, which creates at least one security option for the job; sending a neighbor solicitation request with the at least one security option to a second node; receiving the neighbor solicitation request on the second node, the second node having a software module for processing the neighbor solicitation request with the at least one security option; sending a neighbor advertisement to the first node; receiving the neighbor advertisement from the second node to obtain a job identifier for the job; and if the job identifier for the job is obtained, processing the job on the first node. | 06-28-2012 |
| 20120185696 | DEVICE INTRODUCTION AND ACCESS CONTROL FRAMEWORK - In an embodiment, a method includes registering applications and network services for notification of an out-of-band introduction, and using the out-of-band introduction to bootstrap secure in-band provisioning of credentials and policies that are used to control subsequent access and resource sharing on an in-band channel. In another embodiment, an apparatus implements the method. | 07-19-2012 |
| 20120204033 | DEVICE-BOUND CERTIFICATE AUTHENTICATION - A device-bound certificate authority binds a certificate to one or more devices by including digital fingerprints of the devices in the certificate. A device only uses a device-bound certificate if the digital fingerprint of the device is included in the certificate and is verified. Thus, a certificate is only usable by one or more devices to which the certificate is explicitly bound. Such device-bound certificates can be used for various purposes served by certificates generally such as device driver authentication and authorization of access to secure content, for example. | 08-09-2012 |
| 20120254618 | AUTHENTICATION CERTIFICATES - An audio/video content delivery system having a network content source linked by an internet data connection to a content receiver that receives content from the network content source via the internet data connection, and also receives access-controlled encoded broadcast content from the network content source or another content source via a separate broadcast data path. The network content source requests a client certificate from the content receiver. The content receiver includes a host module to store a network client certificate and send it to the network content source, and a conditional access module (CAM) with an access control unit for decoding the access-controlled encoded broadcast content. The host module and the CAM provide an encrypted communication link for decoded access-controlled encoded broadcast content. The broadcast content source transmits a client certificate to the CAM. The CAM transmits the client certificate to the host module via the encrypted communication link. | 10-04-2012 |
| 20120272066 | System, Apparatus, Method, And Program Product For Authenticating Communication Partner Using Electronic Certificate Containing Personal Information - Object To provide a technique for authenticating a communication partner using an electronic certificate containing personal information. Solving Means When a client apparatus receives a request for an electronic certificate from a server apparatus, the server apparatus reads a client certificate containing personal information and a server public key of the server apparatus from a storage unit and encrypts the client certificate using the server public key. The client apparatus also creates a temporary electronic certificate by setting, in a basic field of an electronic certificate, a predetermined item indicating that the electronic certificate is a temporary electronic certificate and by setting the client certificate having been encrypted in an extension field of the electronic certificate. Then, the client apparatus sends the temporary electronic certificate to the server apparatus. | 10-25-2012 |
| 20120278625 | Social network based PKI authentication - A user device generates a social graph-based user certificate that conveys a trust level to other users of the social network. A user certificate for a user is obtained, the user having a user public key and corresponding user private key. A plurality of potential signers is identified within one or more social networks. The certificate is then sent to the identified plurality of potential signers. One or more signed versions of the user certificate may be received from at least some of the plurality of potential signers. The user device may assign a signer weight to each signed version of the user certificate, each corresponding signer weight associated with the signer of each signed version of the certificate. The user certificate, the user signature, one or more signed versions of the user certificate, and the user-assigned signer weights are distributed to one or more recipients. | 11-01-2012 |
| 20120331299 | COMMUNICATIONS APPARATUS, COMMUNICATIONS SYSTEM, AND METHOD OF SETTING CERTIFICATE - An apparatus in a system which includes at least a high-level apparatus and a plurality of low-level apparatuses, said apparatus being one of the low-level apparatuses. The apparatus includes a storage unit configured to store an individual certificate set and a common certificate set and a communication unit configured to transmit own authentication information to the high level apparatus to allow the high level apparatus to perform decryption to authenticate the validity of the apparatus. | 12-27-2012 |
| 20130007458 | GREEN ENERGY GENERATION APPARATUS, MOBILE DEVICE, ELECTRIC STORAGE APPARATUS, AND MANAGEMENT METHOD OF GREEN ENERGY INFORMATION - A method is provided for authenticating characteristics of electrical energy. The method comprises acquiring a key, acquiring an amount of electrical energy, and generating a digital signature based on the amount and the key. The method further comprises generating a certificate comprising the signature and the amount. | 01-03-2013 |
| 20130007459 | SYSTEM AND METHOD FOR COMPRESSING SECURE E-MAIL FOR EXCHANGE WITH A MOBILE DATA COMMUNICATION DEVICE - A system and method are provided for pre-processing encrypted and/or signed messages at a host system before the message is transmitted to a wireless mobile communication device. The message is received at the host system from a message sender. There is a determination as to whether any of the message receivers has a corresponding wireless mobile communication device. For each message receiver that has a corresponding wireless mobile communication device: the message is processed so as to modify the message with respect to encryption and/or authentication aspect. The processed message is transmitted to a wireless mobile communication device that corresponds to the first message receiver. The system and method may include post-processing messages sent from a wireless mobile communications device to a remote system. Authentication and/or encryption message processing is performed upon the message. The processed message may then be sent through the remote system to one or more receivers. | 01-03-2013 |
| 20130007460 | METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING - A method for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided. | 01-03-2013 |
| 20130007461 | NON-TRANSFERABLE ANONYMOUS DIGITAL RECEIPTS - A system and method for verifying ownership of an electronic receipt in a communication system providing a public key infrastructure, the verification arising out of a series of messages being sent and received between a first party and a verifying party, the method comprising the steps of receiving a proof message from the first party, the proof message being derived from at least a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party and an electronic receipt that has been issued by electronically signing a request message with a second public key, determining whether or not the proof message was derived from the second public key. | 01-03-2013 |
| 20130024695 | MECHANISM AND METHOD FOR MANAGING CREDENTIALS ON IOS BASED OPERATING SYSTEM - A mechanism and method for managing credentials on an electronic device configured with an iOS based operating system. The iOS based device includes a “keychain” configured in device memory. According to an embodiment, the electronic device comprises an application configured to generate a public certificate object in the keychain and a password object in the keychain. The public certificate object is configured to store a public certificate, and the password object is configured to store a private key. The password object further includes a label or thumbprint for associating the private key with the corresponding public certificate. According to an embodiment, the application stores the private key in an encrypted container in the password object to provide an additional layer of security. The application is configured to unlock the encrypted container utilizing a password provided the user. According to a further aspect, the user password is not stored in memory on the device. According to an embodiment, the private key is generated and provided by a credential management system operatively coupled to the electronic device for digitally signing an email message. | 01-24-2013 |
| 20130042114 | INFORMATION PROCESSING DEVICE AND INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing system including a medium where a content to be played is stored; and a playing apparatus for playing a content stored in the medium; with the playing apparatus being configured to selectively activate a playing program according to a content type to be played, to obtain a device certificate correlated with the playing program from storage by executing the playing program, and to transmit the obtained device certificate to the medium; with the device certificate being a device certificate for content types in which content type information where the device certificate is available is recorded; and with the medium determining whether or not an encryption key with reading being requested from the playing apparatus is an encryption key for decrypting an encrypted content matching an available content type recorded in the device certificate, and permitting readout of the encryption key only in the case of matching. | 02-14-2013 |
| 20130046988 | SYSTEMS AND METHODS FOR PROVIDING A CRYPTOGRAPHIC KEY MANAGER FOR AN APPLICATION SERVER - Embodiments relate to systems and methods for maintaining cryptographic keys for application servers. In particular, applications and/or services of the application servers can desire to encrypt and/or decrypt data during operation of the applications. A key management tool can receive requests, and associated digital certificates from applications of the application servers for associated keys for use by the applications to encrypt and/or decrypt the data. The key management tool can generate a new key for the applications, or locate and retrieve an existing key for the applications. Further, the key management tool can provide a copy of the key to the applications. | 02-21-2013 |
| 20130067231 | Load Balanced and Prioritized Data Connections - In embodiments of load balanced and prioritized data connections, a first connection is established to communicate first data from a first server to a second server over a public network, where the first data is communicated from a private network to a first device or subnet that is connected to the second server. A second connection is established to communicate second data from the first server to the second server over the public network, where the second data is communicated from the private network to a second device or subnet that is connected to the second server. The second server can distinguish the first data from the second data according to an authentication certificate field that identifies one of a first communication interface of the first connection or a second communication interface of the second connection. | 03-14-2013 |
| 20130080784 | METHODS AND DEVICES FOR MONITORING THE INTEGRITY OF AN ARTICLE DURING TRANSPORTING SAID ARTICLE - The method for obtaining information relating to the integrity of an article ( | 03-28-2013 |
| 20130086384 | METHOD AND SYSTEM FOR POWER MANAGEMENT USING ICMPv6 OPTIONS - A method and system that facilitates power management over an IPv6 network connection is described. A first host having an application creates a power management option for managing power management settings of one or more second hosts, which is in network communication with the first host. A neighbor solicitation request is sent with the power management option to the one or more second hosts, wherein the power management option requests the power management settings of the one or more second hosts. A table of the power management settings for each of the one or more second hosts is generated from the responses received from the neighbor solicitation request, and the power management settings are applied to the one or more second hosts. | 04-04-2013 |
| 20130097425 | Providing Consistent Cryptographic Operations Across Several Applications - Providing consistent cryptographic operations across several applications using secure structured data objects includes a security middleware component, using an application programming interface, receiving a data input from an originating application operating in application space. Both the application and the middleware component execute in the data processing system. A security schema object is retrieved by the security middleware component from an object store, the security schema object describing a sequence of cryptographic operations and includes several components describing aspects of the cryptographic operations. The data input is transformed from a first format to a second format where one of the formats is a secure structured data object formed using the sequence of cryptographic operations. A property of the secure structured data object contains data about the security schema object. The data input is transmitted in the second format to a consumer application operating in application space. | 04-18-2013 |
| 20130132726 | DIGITAL CERTIFICATION METHOD AND APPARATUS - A method for recording a document with authenticity certification information. The method includes receiving an indication from a user regarding their intention to accept and/or receive a proposed set of documentary content elements and presenting a visual display of the documentary content elements. The method further includes presenting and detecting an actuatable acknowledgment mechanism and receiving and transmitting account information to an account provider. The method also includes generating a digital certificate and key pairs from one or more items associated the account information. | 05-23-2013 |
| 20130138962 | CONTROL METHOD, PROGRAM AND SYSTEM FOR LINK ACCESS - A plurality of users is assumed in which user A is the owner of content providing the source of a link, user B is the owner of the content providing the destination of the link, and user C is a viewer. Each user has a private key and a public key, and the public keys are shared by the users. User B selects user C in advance as a viewer. User B creates data including a value in which an encryption key with a proxy signature generated on the basis of the public key of user C and its own private key is encrypted using the public key of user A, and distributes the data to user A, which is the owner of the content providing the source of the link. User A decrypts the received data including the value using its own private key. This makes a function available based on encryption with the proxy signature. User A converts the link information using this function, signs the information using its own private key, and sends it to user C. User C verifies the signature by checking the received information using the public key of user A and the public key of user B, extracts the link information generated by user A using the function, decrypts it using its own private key, and obtains the link information. | 05-30-2013 |
| 20130198521 | Secure File Drawer and Safe - An online file storage system having secure file drawer and safe is disclosed for securely storing and sharing confidential files. The system comprises a web-based user interface, tools for setting up server-side encryption method and client-side encryption method, tools for synchronizing encryption between different computers, tools for uploading files, tools for tracking files, tools for granting the right of access to files to the owner of other safes, and tools for generating authenticity certificate for proving the upload time and the substance of the files in a future time. | 08-01-2013 |
| 20130219181 | METHOD FOR READING AN ATTRIBUTE FROM AN ID TOKEN - The invention relates to a method for reading at least one attribute stored in an ID token ( | 08-22-2013 |
| 20130275760 | Method for configuring an internal entity of a remote station with a certificate - Disclosed is a method for configuring an internal entity of a WiFi-enabled remote station with a certificate. In the method, the remote station receives the certificate in at least one message from a registrar acting as a certificate authority. The remote station provides the certificate to the internal entity. The internal entity securely communicates with an external entity based on the certificate. | 10-17-2013 |
| 20130305050 | METHOD AND SYSTEM FOR ESTABLISHING TRUST BETWEEN A SERVICE PROVIDER AND A CLIENT OF THE SERVICE PROVIDER - Trust is established between a service provider ( | 11-14-2013 |
| 20130305051 | METHODS AND SYSTEMS FOR SERVER-SIDE KEY GENERATION - Systems and methods for generating credentials are described. A subject private key that has been encrypted with a session key and a subject public key are received. A storage session key is generated and the subject private key is encrypted with the storage session key. A storage private key is retrieved and the storage session key is encrypted with the storage private key. The subject private key encrypted with the storage session key and the encrypted storage session key are stored in a memory. | 11-14-2013 |
| 20130311779 | ASSISTED CERTIFICATE ENROLLMENT - A certificate enrolment assistant module may be provided to inject a challenge password into a certificate signing request to be sent, to a Certificate Authority, from a computing device. The certificate enrolment assistant module, thereby, acts as a trusted proxy to assist the computing device in building a valid certificate signing request without the computing device having access to the challenge password. | 11-21-2013 |
| 20130318353 | Method for Creating and Installing a Digital Certificate - The invention comprises a method of creating a certificate based on the contents of another certificate. The certificate is then automatically installed and configured on the server where it will be used. A further enhancement automatically requests and installs the certificate prior to an existing certificate's expiration. | 11-28-2013 |
| 20130318354 | METHOD FOR GENERATING A CERTIFICATE - The invention relates to a method for generating a certificate for signing electronic documents by means of an ID token ( | 11-28-2013 |
| 20130318355 | METHOD FOR MANAGING CONTENT ON A SECURE ELEMENT CONNECTED TO AN EQUIPMENT - The invention concerns a method for managing content on a secure element connected to an equipment, this content being managed on the secure element from a distant administrative platform. According to the invention, the method consists in: establishing, at the level of the administrative platform a secure channel between the equipment and the administrative platform, thanks to session keys generated by the secure element and transmitted to the equipment; transmitting to the administrative platform a request to manage content of the secure element; and verifying at the level of the administrative platform that this request originates from the same secure element that has generated the session keys and, if positive, authorizing the management and, if negative, forbid this management. | 11-28-2013 |
| 20130332740 | Visualization of Trust in an Address Bar - Described are a system and method for presenting security information about a current site or communications session. Briefly stated, a browsing software is configured to receive a certificate during a negotiation of a secure session between a local device and a remote device. The certificate includes security information about a site maintained at the remote device. The security information is displayed to a user of the browsing software in a meaningful fashion to allow the user to make a trust determination about the site. Displaying the security information may include presenting a certificate summary that includes the most relevant information about the certificate, such as the name of the owner of the site and the name of the certificating authority of the certificate. | 12-12-2013 |
| 20130339740 | MULTI-FACTOR CERTIFICATE AUTHORITY - Disclosed herein is a certificate authority server configured to provide multi-factor digital certificates. A processor readable medium may include a plurality of instructions configured to enable a certificate authority server of a certificate authority, in response to execution of the instructions by a processor, to receive a request to provide a multi-factor digital security certificate by digitally signing a certificate request having a plurality of factors and a cryptographic key, wherein a first of the plurality of factors is an identifier of a device and a second of the plurality of factors is an identifier of a user of the device. The instructions are also configured to enable the certificate authority server to associate the cryptographic key with the plurality of factors and issue the digital security certificate based on the certificate request. Also disclosed is a method of using a multi-factor digital certificate as part of the authorization process to implicitly bind the plurality of factors. Other embodiments may be described and claimed. | 12-19-2013 |
| 20130346754 | CLOUD COMPUTING SYSTEM FOR REAL-TIME STREAMING OF WELL LOGGING DATA WITH SELF-ALIGNING SATELLITES - A cloud computing system for real-time streaming of drilling data from a drilling rig using satellites, wherein the system includes client devices for transmitting the drilling data. Radio boxes disposed around the drilling rig to form a local area network for connecting with the client devices. A router and switch connected to the local area network for receiving and transmitting the drilling data. A processor and data storage configured to receive the drilling data and form well logging data for transmission to the router and switch. A modem in communication with the router and switch used to send the drilling data to satellite dishes. A server positioned apart from the drilling rig used to receive drilling data and from well logs and executive dashboards. The server can stream the drilling data, well logs, and executive dashboard in real-time to remote client devices. | 12-26-2013 |
| 20140006788 | SECURE KEY STORAGE SYSTEMS, METHODS AND APPARATUSES | 01-02-2014 |
| 20140013118 | INFORMATION PROCESSING APPARATUS, TERMINAL DEVICE, INFORMATION PROCESSING SYSTEM, METHOD FOR INFORMATION PROCESSING, AND STORAGE MEDIUM - There is provided an information processing apparatus, including a data generation section generating a specified data stream, and also generating a plurality of segment data sets by segmenting the generated specified data stream and by adding authentication data to each of the segmented data streams, and a data transmission section transmitting the plurality of segment data sets generated by the data generation section to respective apparatuses. | 01-09-2014 |
| 20140019760 | METHOD FOR PERSONALIZING A SECURE ELEMENT COMPRISED IN A TERMINAL - The invention proposes a method for personalizing a first secure element comprised in a first terminal, said method consisting in:
| 01-16-2014 |
| 20140052993 | INFORMATION OPERATING DEVICE, INFORMATION OUTPUT DEVICE, AND INFORMATION PROCESSING METHOD - An information operating device has a first connection unit, a second connection unit, a machine operating command for operating the information output device and a usage certificate certifying that the machine operating web application, a domain name attacher to attach a domain name of the first communication device, when the connection is established by the second connection unit to transmit the machine operating command for operating the information output device using the connection, an application executing unit to execute the PIN code input web application acquired from the first communication device through the first connection unit, an encryption information generator to generate encryption information and transmit it to the information output device, and a client processing unit to transmit the usage certificate and the encryption information to the information output device through the second connection unit. | 02-20-2014 |
| 20140075196 | SECURELY FILTERING TRUST SERVICES RECORDS - Embodiments are directed to securely filtering trust services records. In one scenario, a client computer system receives at least one of the following trust services records: a trust services certificate, a principal certificate, a group certificate and a trust services policy. The client computer system performs a time validity check to validate the trust services record's timestamp, performs an integrity check to validate the integrity of the trust services record and performs a signature validity check to ensure that the entity claiming to have created the trust services record is the actual creator of the trust services record. The client computer system then, based on the time validity check, the integrity check and the signature validity check, determines that the trust services record is valid and allows a client computer system user to perform a specified task using the validated trust services record. | 03-13-2014 |
| 20140082365 | GROUP MANAGEMENT OF AUTHENTICATED ENTITIES - Exemplary embodiments provide various techniques for managing groups of authenticated entities. In one exemplary computer-implemented method, an entity accesses a group roster that includes a first group identifier identifying a first group, a first group digital certificate associated with the first group, and a first entity identifier identifying the entity being a member of the first group. The entity also receives a request to update the group roster. Here, the request includes a second group identifier identifying a second group and a second group digital certificate associated with the second group. In response to the request, the entity replaces the first group identifier in the group roster with the second group identifier. Additionally, in response to the request, the entity replaces the first group digital certificate with the second group digital certificate. The replacements change a membership of the entity from the first group to the second group. | 03-20-2014 |
| 20140136848 | DISTRIBUTING KEYPAIRS BETWEEN NETWORK APPLIANCES, SERVERS, AND OTHER NETWORK ASSETS - A method and apparatus for providing an automated key distribution to enable communication between two networked devices. A monitoring device receives a request from a network device to send a certificate using a second secure connection prior to an expiration of a timeout period, wherein the second secure connection was created using a known port in response to determining that a request to create a first secure connection was rejected. The monitoring device sends the certificate to the network device using the second secure connection, and establishes the first secure connection with the network device in response to the network device receiving the public key of the monitoring device from a server system by using the certificate. | 05-15-2014 |
| 20140136849 | METHOD FOR OPERATING A MOBILE DEVICE BY MEANS OF A MOTOR VEHICLE - A method for operating a mobile device, not assigned to a motor vehicle, via an electronic device with a display and operator control device of the motor vehicle is made available. The program has program parts for a user interface and for operator control sequences which are assigned a digital certificate. The user interface comprises fixed areas for displaying variable contents. The program parts are transmitted together with the digital certificate to the electronic device of the motor vehicle and are carried out when the certificate is successfully checked. The transmission of data without protection by a digital certificate is restricted to the variable contents for display in the fixed areas of the user interface. | 05-15-2014 |
| 20140143549 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing apparatus includes: a storage unit that stores a tree structure formed by nodes, each of which is stores identification information identifying a document; and a registration unit that registers documents in the storage unit. The registration unit receives a document including identification information identifying the document and a word set and a key, registers the identification information in a leaf node in the tree structure, and calculates a secure index corresponding to identification information registered in each node from a root node to the leaf node in the tree structure based on the word set and the key. In addition, the registration unit generates a value calculated by adding the calculated secure index as a search index for the document and stores a value calculated by adding a search index generated for each of a plurality of received documents as a search index for the plurality of documents in the storage unit. | 05-22-2014 |
| 20140156996 | Promoting Learned Discourse In Online Media - In one example, a method for promoting learned discourse in online forums includes posting forum content on a forum server and providing access to users to the content through an I/O module. The method further includes receiving a comment from a user and analyzing the comment from the user to produce an a priori score for the comment. A portable certificate of status is accepted from the user and used to produce a posteriori score for the comment. A system for promoting learned discourse in online forms is also disclosed. | 06-05-2014 |
| 20140164778 | Method for producing and storage of digital certificates - The proposed method relates to methods for obtaining, storage, and exchange of digital information, including replication and distribution of software, more specifically, to methods for producing and storage of digital certificates and replication of software therefor. The proposed method will find useful application for safe storage and transmitting various data, e.g. personal data, electronic funds, and, also for replication and distribution of software. Comparing with all known related art methods, the present method is characterized with an essentially increased level of protection of storage and transmission of digital information and replication of software due to affirmation of the digital certificate in authorized entities, due to the employment of consolidated certificates, as well as due to the enhancement of authenticity of information transmission with the use of electronic digital signatures. | 06-12-2014 |
| 20140181525 | DIGITAL RIGHTS MANAGEMENT OF STREAMING CONTENTS AND SERVICES - Managing digital rights of contents and services streamed to a client device, including: receiving and validating a certificate from the client device; enabling the client device to log into and communicate with a server using a secure protocol to establish a private relationship between the client device and the server; and transmitting a resource identifier to the client device using the secure protocol when the private relationship is established. | 06-26-2014 |
| 20140281554 | GENERATING KEYS USING SECURE HARDWARE - A client device that is coupled to a host device sends a parent public key and an associated certificate to the host device. The parent public key, the certificate and a corresponding parent private key are stored in secure persistent storage included in a secure device associated with the client device. The client device receives instructions from the host device for generating a child private and public key pair. In response to receiving the instructions, the client device generates a child private key based on a first random number produced within the secure device, and a child public key associated with the child private key. The client device computes a first signature on the child public key using the parent private key. The client device sends the child public key and the first signature to the host device. | 09-18-2014 |
| 20140317412 | METHOD FOR SECURELY SEARCHING, FINDING, REPRODUCING, RECOVERING, AND/OR EXPORTING OF ELECTRONIC DATA - A method for securely searching, finding, reproducing, recovering, and/or exporting electronic data from at least two systems which can be found in a network and which are organized in a functionally identical and decentralized manner. The individual systems include a system certificate and a corresponding serial number by the manufacturer and can carry out an authentication process using said system certificate and serial number. Information is provided on user authorizations between the systems using configuration tables which are stored on each of the systems. A maximum level of security is ensured by combining cryptographic methods and the mutual authentication of the involved systems. A user interface is provided for the user, wherein the user receives a pre-selection of the requested electronic data in the user interface and can then mark the pre-selection for further processing. | 10-23-2014 |
| 20140325232 | REQUESTING AND STORING CERTIFICATES FOR SECURE CONNECTION VALIDATION - A client system may be configured to request a certificate from a server system and store the certificate locally. The stored certificate may be used to later authenticate a secure connection between the client system and the server system. The secure connection validated by the stored certificate may be, for example, a secure sockets layer/transport layer security (SSL/TLS) connection. | 10-30-2014 |
| 20140331053 | TRANSMISSION METHOD AND SYSTEM FOR TERMINAL UNIQUE INFORMATION - A terminal unique information transmission method including: receiving, by a server, from a terminal, a terminal unique information acquisition request including a terminal unique public key certificate of the terminal; generating an encrypted terminal unique public key certificate by encrypting the terminal unique public key certificate of the terminal; checking, by the server, whether the generated encrypted terminal unique public key certificate is described in a discarded terminal information table; and transmitting, by the server, when the generated encrypted terminal unique public key certificate is not described in the discarded terminal information table, a terminal unique information of the terminal to the terminal. | 11-06-2014 |
| 20140365778 | METHOD AND SYSTEM FOR ROAMING WEBSITE ACCOUNT AND PASSWORD - A method and system for roaming website accounts and passwords are provided. The method is operational on a first client and includes: authenticating website accounts and passwords that have been stored; obtaining the stored website addresses, accounts and passwords according to a success verification; encrypting the stored website addresses, accounts and passwords for generating encrypted information, and generating a first QR code to be obtained by a second client according to the encrypted information. The website accounts and passwords are roamed and synchronized to be shared. The synchronization process verifies the accounts and passwords, and would not need a third-party server. Risk of data lost in case that the third-party server is attacked would be eliminated, and the safety for the accounts and passwords is improved. | 12-11-2014 |
| 20150026476 | METHOD FOR READING AN ATTRIBUTE FROM AN ID TOKEN - A method for reading at least one attribute stored in an ID token using first, second and third computer systems, wherein the third computer system comprises a browser and a client, and wherein a service certificate is assigned to the second computer system, wherein the service certificate comprises an identifier which is used to identify the second computer system, wherein the ID token is assigned to a user,: a first cryptographically protected connection (TLS1) is set up between the browser of the third computer system and the second computer system, wherein the third computer system receives a first certificate, the first certificate is stored by the third computer system, the third computer system receives a signed attribute specification via the first connection, a second cryptographically protected connection (TLS2) is set up between the browser of the third computer system and the first computer system, wherein the third computer system receives a second certificate, the signed attribute specification is forwarded from the third computer system to the first computer system via the second connection, the first computer system accesses an authorization certificate, wherein the authorization certificate comprises the identifier, a third cryptographically protected connection (TLS3) is set up between the first computer system and the client of the third computer system, wherein the third computer system receives the authorization certificate containing the identifier via the third connection, the client of the third computer system checks whether the first certificate comprises the identifier as proof of the fact that the first certificate matches the service certificate, the user is authenticated with respect to the ID token, the first computer system is authenticated with respect to the ID token, a fourth cryptographically protected connection with end-to-end encryption is set up between the ID token and the first computer system, after the user and the first computer system have been successfully authenticated with respect to the ID token, the first computer system has read access to the at least one attribute stored in the ID token via the fourth connection in order to read the one or more attributes specified in the attribute specification from the ID token,—the first computer system transmits the at least one attribute to the second computer system after said attribute has been signed. | 01-22-2015 |
| 20150033022 | CONFIGURING A VALID DURATION PERIOD FOR A DIGITAL CERTIFICATE - A valid duration period for a digital certificate is established by a process that includes assigning numeric values to certificate term. The numeric value assigned to each certificate term is representative of the valid duration period. The method continues by identifying one certificate term, which may include requesting a user to select a certificate term. The method may include transmitting the requested certificate term to a server. The certificate term requested is sent via a certificate request. The server is configured to convert the numeric value associated with the requested certificate term into a duration counter value. The method may also include a certificate server receiving from the server, the certificate request including the duration counter value. The method may conclude with transmitting the signed certificate request to a client device capable of generating the digital certificate with the requested certificate term. | 01-29-2015 |
| 20150052362 | COMPUTERIZED SYSTEM AND METHOD FOR DEPLOYMENT OF MANAGEMENT TUNNELS - Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, network devices, including a peer managed devices, a management device and a trusted peer managed device are deployed within a network. The network devices are pre-configured to form a web of trust by storing within each network device (i) a digital certificate signed by a manufacturer or a distributor and (ii) a unique identifier. The peer managed device establishes a management tunnel with the management device based on an address received from an external source. Prior to allowing the management device to use the management tunnel to perform management functionality, the peer managed device verifies credentials of the managed device by causing its unique identifier to be confirmed with reference to a pre-configured identifier of an authorized management device stored within the peer managed device. | 02-19-2015 |
| 20150058633 | SELF-AUTHENTICATED TAG GENERATION METHOD AND INTERPRETATION METHOD USED IN THE SELF-AUTHENTICATED KEY SYSTEM - The present invention relates to a self-authenticated tag generation method and interpretation method used in the self-authenticated key system, which comprises the following steps: inputting data by the publisher; generating tag via a self-authenticated tag device by the publisher; transmitting generated tag to the receiver; interpreting tag via the self-authenticated tag device by the receiver; and displaying data. The present invention is easy and safe, the generated self-authenticated tag can be transmitted by various carriers, can distinguish the object and upload abundant information without easily tampered. Moreover, the acquisition of the public key is not achieved by the third party, which decreases wasting the network resources, and avoids the unsecure factors brought by the third party. | 02-26-2015 |
| 20150058634 | AUTOMATICALLY AUTHENTICATING A HOST KEY VIA A DYNAMICALLY GENERATED CERTIFICATE USING AN EMBEDDED CRYPTOGRAPHIC PROCESSOR - A network device initiates a transmission control protocol (TCP) connection to establish a TCP session with a management device, and performs, via the TCP session, a secure protocol client/server role reversal for the management device. The network device receives, from the management device, initiation of a secure connection over the TCP session in accordance with a secure protocol, and provides, to the management device, a trusted certificate with an embedded host key that is dynamically generated using a cryptographic processor of the network device, based on the initiation of the secure connection. The network device also establishes the secure connection with the management device based on an authentication of the host key by the management device via the trusted certificate. | 02-26-2015 |
| 20150058635 | GENERATING AND PROCESSING AN AUTHENTICATION CERTIFICATE - A method and system for generating and processing an authenticity certificate. A request for a step certificate is received from a requester entity. The step certificate authenticates an involvement of the requester entity about an object. The request includes an object identifier, a requester entity type of the requester entity, and a requester identity certificate of the requester entity. The object identifier is hashed. A signature is created and includes the hashed object identifier, the requester entity type, a certifier identity certificate, and the requester identity certificate. A hashing result is generated by hashing a concatenation of the object identifier, the requester entity type, the certifier entity certificate, the requester identity certificate, and the signature. The step certificate is generated and includes the hashing result. The step certificate is encrypted. The encrypted step certificate is sent to the requester entity for subsequently storing the step certificate on a media. | 02-26-2015 |
| 20150067340 | CRYPTOGRAPHIC GROUP SIGNATURE METHODS AND DEVICES - To generate a group signature on a message, a processor generates a two-level signature on an identity of the group member at the first level and the message at the second level; generates a commitment to the identity of the group member, commitments to each group element and a proof that the identity and the group elements satisfy a predetermined equation; encodes the identity of the group member in the group signature in a bit-wise manner using an identity-based encryption scheme where the message serves as the identity of the identity-based encryption scheme to produce a ciphertext; generates a first proof that the ciphertext encrypts the identity of the group member; generates a second proof that the encoded identity is an identity of a group member in a certificate signed by a group manager and that the certificate was used to generate the signature on the message at the second level; and outputs the group signature comprising the two-level signature, the commitments, the encoded identity of the group member and the proofs | 03-05-2015 |
| 20150082043 | TERMINAL, SERVER AND DIGITAL CONTENT AUTHORIZATION METHOD - The present application provides a terminal, a server and a digital content authorization method. The terminal comprises: an extracting unit, configured to extract identification information of the terminal when the terminal requests an authorization for a designated layer of content of digital contents from a server; a transceiver unit, configured to transmit the identification information of the terminal to the server and receive an authorization certificate and the designated layer of content of the digital contents from the server; and a decryption unit, configured to decrypt the designated layer of content of the digital contents based on the identification information and the authorization certificate. Embodiments of the present invention may support the copyright protection by using layered encryption technique. The digital content cannot be read only by copying so as to enhance the protection of the digital contents. | 03-19-2015 |
| 20150089232 | DYNAMIC OBJECT CREATION AND CERTIFICATE MANAGEMENT - Systems and methods that facilitate dynamic directory service object creation and certificate management are discussed. One such method can include discovering a device deployed on a network, creating and deploying a corresponding directory services object, automatically creating and deploying a certificate to the device and updating attributes associated with the device. The disclosed system and method reduce the time involved in deploying and configuring directory services and public key infrastructure (PKI), increase efficiency, improve network availability and lessen the chances for errors associated with manual configuration. | 03-26-2015 |
| 20150095650 | PUBLIC KEY INFRASTRUCTURE FOR SYSTEM-ON-CHIP - The present disclosure is generally related to embedding public key infrastructure information to a system-on-chip (SOC). The method includes generating a key pair including a public key and a private key. The method includes creating a digital certificate corresponding to the public key. The method includes signing the digital certificate with a unique signature. The method includes extracting the public key and the unique signature into a key file, wherein the key file is to be stored in a plurality of silicon fuses on the SOC. | 04-02-2015 |
| 20150121078 | APPARATUS, SYSTEMS AND METHODS FOR AGILE ENABLEMENT OF SECURE COMMUNICATIONS FOR CLOUD BASED APPLICATIONS - Embodiments disclosed facilitate secure communication for cloud-based and/or distributed computing applications. In some embodiments, a method may comprise: instantiating a first Virtual Machine (VM) on a cloud infrastructure, wherein the at least one first VM is dynamically configured with a private key and a wildcard security certificate comprising a public key corresponding to the private key, and registering, with a domain name server, a domain name derived from an Internet Protocol (IP) address associated with the first VM and a Common Name associated with the wildcard security certificate. | 04-30-2015 |
| 20150121079 | SHARED INFORMATION DISTRIBUTING DEVICE, HOLDING DEVICE, CERTIFICATE AUTHORITY DEVICE, AND SYSTEM - A distributing device for generating private information correctly even if shared information is destroyed or tampered with. A shared information distributing device for use in a system for managing private information by a secret sharing method, including: segmenting unit that segments private information into a first through an n | 04-30-2015 |
| 20150134967 | Trusted Communication Session And Content Delivery - Methods and systems for configuring a network are disclosed. An example method can comprise receiving a first token and an encryption key from a first device. A second token can be received from a second device. A determination can be made as to whether the first token matches the second token. Configuration information can be provided to the second device if the second token matches the first token. The configuration information can comprise information for connecting to a proxy configured on the first device. A request for content can be received from the proxy on behalf of the second device. The request for content can comprise the encryption key. | 05-14-2015 |
| 20150134968 | Access Control System and Method for Use by an Access Device - Systems and methods are provided to allow a smart phone or any terminal to activate a door lock using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes a processor and a communication module. The process has control of a door lock and is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the door lock when a current reservation certificate has been presented. | 05-14-2015 |
| 20150143127 | SECURELY FILTERING TRUST SERVICES RECORDS - Embodiments include method, systems, and computer program products for filtering trust services records. Embodiments include receiving a trust services record that includes a plurality of security components and that is usable to secure data that is stored in an untrusted location. It is determined whether the trust services record has been tampered with, including verifying each of the plurality of security components of the trust services record. The trust services record is filtered based on the determination of whether the trust services record has been tampered with. The filtering includes, when the trust services record is determined to have not been tampered with, allowing performance of at least one task with respect to the secured data; and, when the trust services record is determined to have been tampered with, disallowing performance of any task with respect to the secured data. | 05-21-2015 |
| 20150149783 | Method and Apparatus for Secure Distribution of Embedded Firmware - A method and apparatus to securely distribute embedded firmware to a module in an industrial control system is disclosed. A security certificate corresponding to the firmware is generated utilizing a proprietary algorithm. The certificate includes an identifier corresponding to the module on which the firmware is to be loaded and an identifier corresponding to a removable medium on which the firmware is distributed. The removable medium is inserted into the module in the industrial control system on which the firmware is to be loaded. The module reads the security certificate and verifies that the firmware is intended for the module and verifies that the security certificate includes the identifier for the removable medium which was inserted into the module. If the firmware is intended for the module and the security certificate includes the identifier for the removable medium, the module loads the firmware from the removable medium. | 05-28-2015 |
| 20150312041 | AUTHENTICATION IN UBIQUITOUS ENVIRONMENT - In some embodiments, encrypted biometric data are stored in advance in a device that is possessed or carried by a user (for example, a smartcard, a communication terminal, or the like) based on a public key certificate, and a user authentication (first user authentication) is performed by a biometric matching in the device. A public key certificate matching the encrypted biometric data is used to perform a user authentication (second user authentication) for a transaction authorization in a service providing server. According to some embodiments, one time password, keystroke, dynamic signature, location information, and the like are employed as additional authentication factors to tighten the security of the first and second user authentications. According to some embodiments, an authentication mechanism including the first user authentication and the second user authentication is applied to control an access to the IoT device. | 10-29-2015 |
| 20150312228 | REMOTE STATION FOR DERIVING A DERIVATIVE KEY IN A SYSTEM-ON-A-CHIP DEVICE - An integrated circuit may comprise a processor configured to: receive a delegate certificate, wherein the delegate certificate includes a first public key; validate a digital signature of the delegate certificate using a second public key; and generate a derivative key using a secret key securely stored in the integrated circuit and using the first public key as inputs to a key derivation function. | 10-29-2015 |
| 20150324587 | METHODS FOR FIRMWARE SIGNATURE - A method for installing embedded firmware is provided. The method includes generating one or more firmware file instances and generating one or more digital certificate instances that are separate instances from the firmware file instances. The method includes associating the one or more digital certificate instances with the one or more firmware file instances to facilitate updating signature-unaware modules with signature-aware firmware or to facilitate updating signature-aware modules with signature-unaware firmware. | 11-12-2015 |
| 20150326576 | SECURE ASSET MANAGEMENT SYSTEM - A user can acquire a request code, submit the request code with/as a request for an access code, be granted the access code, enter the access code, and be granted access to an asset, room, or other secured item or space with which the security arrangement is used to restrict access. A user interface can include a display and a data entry device to allow the user to acquire and enter the codes. The access code can be encrypted into the request code, or the request code can trigger generation of the access code according to a predefined process. | 11-12-2015 |
| 20150333915 | METHOD AND APPARATUS FOR EMBEDDING SECRET INFORMATION IN DIGITAL CERTIFICATES - A method and system is provided for embedding cryptographically modified versions of secret in digital certificates for use in authenticating devices and in providing services subject to conditional access conditions. | 11-19-2015 |
| 20150341353 | PROCESSING AND VERIFYING DIGITAL CERTIFICATE - A digital certificate of a user is collected. A digest computation of a collecting result of the digital certificate is performed to generate a digital certificate digest of the user. The digital certificate digest is cached. In response to an operation of the user, a service request containing the cached digital certificate digest is transmitted to a service server such that when a service corresponding to the service request is a service for which the digital certificate needs to be verified, the service server executes the service when the verification passes through verification of the digital certificate digest. The techniques of the present disclosure execute the verification operation of the digital certificate along with specific service operations, which reduce the number of certificate verifications and the number of requests for executing the specific service. | 11-26-2015 |
| 20150349963 | COMBINED DIGITAL CERTIFICATE - A system can comprise a memory to store computer readable instructions and a processing unit to access the memory and to execute the computer readable instructions. The computer readable instructions can comprise a certificate manager configured to request generation of N number of random values, where N is an integer greater than or equal to one. The certificate manager can also be configured to request a digital certificate from at least one certificate authority of at least two different certificate authorities. The request can include a given one of the N number of random values. The certificate manager can also be configured to generate a private key of a public-private key pair, wherein the private key is generated based on a private key of each of the least two certificate authorities. | 12-03-2015 |
| 20150358168 | SYSTEMS AND METHODS FOR CERTIFYING DEVICES TO COMMUNICATE SECURELY - A virtual private network (VPN) over a telecommunications network is created by sending a request from a first VPN device to a second VPN device for establishing a VPN between the first and second VPN devices. The request includes a first signed certificate having a verified VPN parameter for the first VPN device. A reply is received at the first VPN device from the second VPN device that includes a second signed certificate having a verified VPN parameter for the second VPN device. The VPN is established between the first and second VPN devices based on each verified VPN parameter for each of the first and second VPN devices. | 12-10-2015 |
| 20150358169 | SECURING A COMPUTING DEVICE ACCESSORY - Various embodiments are disclosed that relate to security of a computer accessory device. For example, one non-limiting embodiment provides a host computing device configured to conduct an initial portion of a mutual authentication session with an accessory device, and send information regarding the host computing device and the accessory device to a remote pairing service via a computer network. The host computing device is further configured to, in response, receive a pairing certificate from the remote pairing service, the pairing certificate being encrypted via a private key of the remote pairing service, and complete the mutual authentication with the accessory device using the pairing certificate from the remote pairing service. | 12-10-2015 |
| 20150381607 | SYSTEMS AND METHODS FOR MANAGING SECURE SHARING OF ONLINE ADVERTISING DATA - Systems and methods are disclosed for managing online advertising data secure sharing. One method includes receiving, at a server, a request for proprietary data from a data consumer, the request including a data consumer identifier; retrieving, from a database of proprietary data, proprietary data based on the request; determining, by the server, whether the retrieved proprietary data is at least one of: designated to be processed and designated to have privileges set; processing, by the server, the proprietary data when the server determines the proprietary data is designated to be processed; setting one or more privileges to the proprietary data using the certificate associated with the data consumer identifier when the server determines the proprietary data is designated to have privileges set; encrypting the proprietary data using the certificate associated with the data consumer identifier; and transmitting the encrypted proprietary data to the data consumer. | 12-31-2015 |
| 20160006723 | DECOUPLING IDENTITY FROM DEVICES IN THE INTERNET OF THINGS - This invention provides for data generated by intelligent devices exchanging information about their operation and performance over the so-called “Internet of Things” to be unidentified. Where particulars about an individual associated with a networked device are relevant to the operation and performance of the device, this invention provides for said particulars to be made available in digital certificates bound to the device. Data records generated by the device when operating with a certain individual are digitally signed at the time and later verified using said certificates, thus reliably conveying those particulars with the data. The identity of the individual is decoupled from the device and the data generated by the device. | 01-07-2016 |
| 20160020909 | A METHOD, A SYSTEM, A COMPUTER SYSTEM AND A COMPUTER PROGRAM PRODUCT FOR CERTIFYING A PROCEDURE OF SIGNATURE OF AN ELECTRONIC FILE RELATING TO AN AGREEMENT BETWEEN AT LEAST TWO PARTIES - The invention relates to a method of certifying a procedure of signature of an electronic file relating to an agreement between at least two parties, the method comprising providing an electronic file relating to an agreement between at least two parties; and when acceptance data of the agreement is received from at least one party the method further comprises digitally signing the agreement electronic file by generating an electronic fingerprint of said agreement electronic file; creating a certification file comprising at least the agreement electronic file and the generated electronic fingerprint of said agreement electronic file; processing at least the certification file. | 01-21-2016 |
| 20160028721 | Document Verification With Distributed Calendar Infrastructure - A client system is configured to obtain signatures for digital input records. An application program interface reformats each digital record, and this is used as an argument to a cryptographic hash function, from which a signature request is formed. The signature request is then submitted to a keyless, distributed hash tree infrastructure system, which returns a signature that includes recomputation values enabling recomputation from the result of the cryptographic hash function upward through the hash tree infrastructure to a root hash value at a calendar period corresponding to a time during which the signature request was originally submitted. An arbitrary subsequent test digital record is considered authenticated if, applying the cryptographic hash function to it, along with any other parameters included in the original computation, and recomputing an uppermost value using the recomputation values, the same composite calendar value is attained as when it was originally computed. | 01-28-2016 |
| 20160044000 | SYSTEM AND METHOD TO COMMUNICATE SENSITIVE INFORMATION VIA ONE OR MORE UNTRUSTED INTERMEDIATE NODES WITH RESILIENCE TO DISCONNECTED NETWORK TOPOLOGY - A system and method to communicate secure information between a plurality of computing machines using an untrusted intermediate with resilience to disconnected network topology. The system and method utilize agnostic endpoints that are generalized to be interoperable among various systems, with their functionality based on their location in a network. The system and method enable horizontal scaling on the network. One or more clusters may be set up in a location within a network or series of networks in electronic communication, e.g., in a cloud or a sub-network, residing between a secure area of the network(s) and an unsecure area such as of an external network or portion of a network. The horizontal scaling allows the system to take advantage of a capacity of a local network. As long as an agent has connectivity to at least one locale of the network, the agent is advantageously operable to move data across the system. | 02-11-2016 |
| 20160056965 | MANAGEMENT OF DIGITAL CERTIFICATES - Various embodiments are directed to a computer-implemented method for displaying a map of certificate relationships. A method can include retrieving certificate information for two or more servers and storing the retrieved certificate information in a memory. In addition, the method can include receiving a command to generate a map of certificate relationships. The command includes a command scope that identifies at least a first server of the two or more servers. Further, the method can include generating the map from the retrieved certificate information and rendering the map on a display device. The map includes the first server and a device having a certificate relationship with the first server. | 02-25-2016 |
| 20160057121 | SECURED NETWORK ARCHITECTURE - A secure storage for an X.509v3 digital certificate is provided ( | 02-25-2016 |
| 20160065377 | AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD - Upon receiving a new CRL, a device with a large storage capacity in an authentication system detects another device connected to a controller to which this device is connecting, and determines whether or not to transmit the new CRL depending on the magnitude of the storage capacity of the device that has been detected. | 03-03-2016 |
| 20160065567 | ENABLING DIGITAL SIGNATURES IN MOBILE APPS - A computer implemented method and apparatus for provisioning certificates for use in applying digital signatures to electronic content are described. A method for provisioning a certificate to a user for use in applying a digital signature to electronically stored content includes receiving a request for the certificate. Each certificate is unique to a particular user and is usable, by an application executable by a processor of a computer device, to apply a digital signature to electronically stored content. The method further includes embedding the certificate in a wrapper formatted according to a file format compatible with the application. The wrapper includes at least one attribute facilitating enforcement of one or more digital rights management rule(s), and the method further includes sending the wrapped certificate containing the embedded certificate to the computer device. | 03-03-2016 |
| 20160094348 | BIOMETRIC SIGNATURE SYSTEM, SIGNATURE VERIFICATION METHOD, REGISTRATION TERMINAL, SIGNATURE GENERATION TERMINAL, AND SIGNATURE VERIFICATION DEVICE - A biometric signature system generates a digital signature for electronic documents using biometric information as a secret key. Registration commitment information is generated by performing expansion conversion on a predetermined secret key and embedding the resulting secret key in feature data of biometric information of a user, and a set with a corresponding public key. A pair of one-time secret and public keys is generated for digital signature feature data of the biometric information of the user, and a digital signature for a message is generated using the one-time secret key. A digital signature commitment is generated and a set of the one-time public key and the digital signature is output as the biometric digital signature. The digital signature is verified using the one-time public key. A differential secret key is calculated and a correspondence of the differential secret key, the one-time public key and the public key is verified. | 03-31-2016 |
| 20160094535 | PRIVATE SIMULTANEOUS AUTHENTICATION OF EQUALS - A passphrase is assigned to an end user device for use in authenticating the end user device for a network using SAE. An identification of the end user device is determined during an authentication process. The passphrase assigned to the end user device is determined at a network side using the identification of the end user device. A shared secret is generated using the passphrase. Whether the end user device has generated the shared secret is determined. The end user device is authenticated for the network, if it is determined that the end user device has generated the shared secret. | 03-31-2016 |
| 20160099813 | Systems And Methods Of Dynamically Adapting Security Certificate-Key Pair Generation - Embodiments include systems and methods of certificate-key pair generation. A processor of a network element may anticipate a demand for certificate-key pairs, and the processor may generate certificate-key pairs at a key length in accordance with the anticipated demand. The processor may monitor whether the generation of the certificate-key pairs at the key length meets an observed demand for the certificate-key pairs. The processor may adjust the key length when the generation of the certificate-key pairs at the key length does not satisfy the observed demand for the certificate-key pairs. | 04-07-2016 |
| 20160099935 | SECURE ACCESS TO INDIVIDUAL INFORMATION - A facility for accessing information relating to a person is described. In a reader device, the facility accesses first credentials stored in a first storage device, second credentials stored in a second storage device, and third credentials stored in the reader device. In the reader device, the facility uses a combination of the first credentials, second credentials, and third credentials to decrypt information relating to the person stored in the first storage device. | 04-07-2016 |
| 20160099940 | Hostless mDNS-SD Responder with Authenticated Host Wake Service - Conventional wireless interface (WiFi) controllers cannot resolve authentication for trusted client devices without calculation from a host processor. Leaving the host processor on or awaking it from a sleep state each time a non-authenticated trusted client device attempts to connect wastes power. A hostless authenticated wake service allows a host controller to enter a sleep state while the WiFi controller responds to multicast domain name service-service discovery (mDNS-SD) queries from trusted client devices. Once a client device is authenticated, the WiFi controller may respond to a trusted client request to awake the host processor for further command processing and service provision. Not only does this approach reduce power consumption by allowing the host processor to remain in the sleep state, it allows trusted client devices to discover its presence while ensuring security. | 04-07-2016 |
| 20160105289 | CERTIFICATES FOR LOW-POWER OR LOW-MEMORY DEVICES - Methods and systems for generating or validating compact certificates include receiving a first format of the certificate. Moreover, obtain a signature for the certificate in the first format. For each field of the certificate decode the field to obtain a value for the field from the first format and encoding the value for the field into a second format. Decoding and encoding for each field is done incrementally in the same order of the fields as the first format. In other words, a next field is not decoded from the first format until the field is encoded in the second format. Furthermore, a security envelope is encoded using the signature in the first format and the fields. | 04-14-2016 |
| 20160112207 | REMOTE VERIFICATION OF ATTRIBUTES IN A COMMUNICATION NETWORK - It is provided an apparatus, comprising property checking means configured to check whether a claimant property information received from a claimant device corresponds to a predefined claimant attribute; obtaining means configured to obtain a result, which is positive only if the claimant property information corresponds to the predefined claimant attribute as checked by the property checking means; key generation means configured to generate a first claimant intermediate key from a predefined claimant permanent key stored in the apparatus; supplying means configured to supply, to the claimant device, the first claimant intermediate key using a secured protocol, wherein at least one of the key generation means and the supplying means is configured to generate and to supply, respectively, the first claimant intermediate key only if the result is positive. | 04-21-2016 |
| 20160119374 | Intercepting, decrypting and inspecting traffic over an encrypted channel - A network-based appliance includes a mechanism to intercept, decrypt and inspect secure network traffic flowing over SSL/TLS between a client and a server. The mechanism responds to detection of a session initiation request message from the client, the message being received following establishment of a TCP connection between the client and server. The mechanism responds by holding the session initiation request message, preferably by creating a fake socket to a local process, and then diverting the request message over that socket. The TCP connection is then terminated, and the mechanism initiates a new session in initiation request message, all while the original session initiation request message continues to be held. The server responds with its server certificate, which is then used by the mechanism to generate a new server certificate. The new server certificate is then returned to the requesting client as the response to the session initiation request message. | 04-28-2016 |
| 20160134426 | PUSH NOTIFICATION SERVICE - Gateway devices maintain presence information for various mobile devices. Each gateway is associated with a zone and manages presence information only for mobile devices associated with that zone. Courier devices back-propagate presence information for the mobile devices to respective gateways based at least on the respective zone associated with each mobile device. The gateways and couriers are dynamically configured such that messages can be pushed from a provider application to a mobile device via any gateway and any courier. | 05-12-2016 |
| 20160142211 | METHOD AND APPARATUS FOR DERIVING A CERTIFICATE FOR A PRIMARY DEVICE - In a method, a secured link is established between a primary device and a secondary device, both of which are assigned to a user. The secondary device receives, on the secured link, a request for a derived certificate for the primary device and a public key generated by the primary device. The secondary device generates the derived certificate for the primary device based on an original certificate issued to the secondary device and transmits, on the secured link, the derived certificate to the primary device. | 05-19-2016 |
| 20160142213 | AUTHENTICATION SERVICE AND CERTIFICATE EXCHANGE PROTOCOL IN WIRELESS AD HOC NETWORKS - A method for protecting data transmission in an ad hoc network including nodes, each node including a private key, a public key and a certificate of the public key signed by a certification authority, the method including transmitting by the first node to the second node: a first message signed with the private key of the first node; a third message containing a first set of initialization data including: a first certificate including the public key of the first node, signed by the certification authority; a second data set including the IP address of the first node; and the first certificate associated with the IP address of the first node, wherein the second data set is signed with the private key of the first node. | 05-19-2016 |
| 20160142214 | Device to Device Communication Security - An apparatus comprising: a requester configured to request a certificate comprising at least one identifier associated with the apparatus from at least one network node; a first receiver configured to receive the certificate from the at least one network node; and a forwarder configured to forward the certificate to at least one further apparatus; a second receiver configured to receive a further certificate from the further apparatus, the further certificate comprising at least one further identifier associated with the further apparatus; and an authenticated configured to authenticate the further apparatus based on the further certificate. | 05-19-2016 |
| 20160149710 | PROVIDING DIGITAL CERTIFICATES - Systems, methods and devices for providing digital certificates are disclosed. In a method conducted at a remotely accessible server, a request, including an identifier, for a digital certificate is received. A communication address of a mobile device, having a certificate store module in communication therewith, associated with the identifier is then obtained. A request for a digital certificate is transmitted to the certificate store module via the mobile device and the certificate store module is configured to prompt a user thereof, via the mobile device, for a passcode before releasing the certificate. The digital certificate is received from the certificate store module via the mobile device in response to entry of a passcode into the certificate store module which corresponds to an offset stored in the certificate store module. The digital certificate is then transmitted to a communication device for use in digitally signing or encrypting a data message. | 05-26-2016 |
| 20160156621 | Utilizing a Trusted Platform Module (TPM) of a Host Device | 06-02-2016 |
| 20160164685 | SECURE CONNECTION CERTIFICATE VERIFICATION - One or more computer processors identify a first certificate that is used to establish a secure Internet connection. One or more computer processors identify a stored second certificate that shares at least one attribute with the first certificate. One or more computer processors determine a policy action based, at least in part, on a result of a comparison between an attribute of the first certificate and an attribute of the second certificate. | 06-09-2016 |
| 20160164686 | MANAGEMENT OF CERTIFICATES FOR MOBILE DEVICES - One embodiment of the present disclosure provides a method that includes accessing, by a mobile device management system, a profile for a mobile device. The method also includes negotiating, by the mobile device management system, with a certificate authority to obtain a certificate for the mobile device. The negotiating with the certificate authority includes imitating the mobile device based on the profile. The negotiating with the certificate authority also includes, based at least on the imitation, transmitting one or more certificate enrollment messages to the certificate authority. The negotiating with the certificate authority further includes, based on the one or more messages, receiving, at the mobile device management system, the certificate for the mobile device. The method further includes transmitting the certificate to a control agent hosted on the mobile device for installation. | 06-09-2016 |
| 20160173285 | GENERATING AND PROCESSING AN AUTHENTICATION CERTIFICATE | 06-16-2016 |
| 20160173486 | METHOD AND SYSTEM FOR AUTOMATING SUBMISSION OF ISSUE REPORTS | 06-16-2016 |
| 20160179628 | METHOD AND SYSTEM FOR PACKET REDUNDANCY REMOVAL | 06-23-2016 |
| 20160182239 | METHOD FOR CERTIFYING AND AUTHENTIFYING SECURITY DOCUMENTS BASED ON A MEASURE OF THE RELATIVE VARIATIONS OF THE DIFFERENT PROCESSES INVOLVED IN ITS MANUFACTURE | 06-23-2016 |
| 20160204947 | INFORMATION PROCESSING APPARATUS CAPABLE OF PERFORMING SSL COMMUNICATION, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM | 07-14-2016 |
| 20160254916 | Communication Device | 09-01-2016 |
| 20160380776 | SECURED NEIGHBOR DISCOVERY REGISTRATION UPON DEVICE MOVEMENT - In one embodiment, a device in a network receives a request from a neighbor of the device to add the neighbor as a child of the device in the network. The request includes a signed address registration certificate that certifies that a network address of the neighbor is registered in the network. The device determines whether the signed address registration certificate is valid. The device adds the neighbor as a child of the device in the network based on a determination that the signed address registration certificate is valid. | 12-29-2016 |
| 20190149604 | REPOSITORY-BASED SHIPMENT CHANNEL FOR CLOUD AND ON-PREMISE SOFTWARE | 05-16-2019 |
