Patent application number | Description | Published |
20110087883 | SELF-SIGNED IMPLICIT CERTIFICATES - There are disclosed systems and methods for creating a self-signed implicit certificate. In one embodiment, the self-signed implicit certificate is generated and operated upon using transformations of a nature similar to the transformations used in the ECQV protocol. In such a system, a root CA or other computing device avoids having to generate an explicit self-signed certificate by instead generating a self-signed implicit certificate. | 04-14-2011 |
20110145585 | SYSTEM AND METHOD FOR PROVIDING CREDENTIALS - A method and system is operable to provide credentials by generating a first credential that conforms to a first specified format. A second credential conforming to a second specified format is included in the first credential so that the second credential may be distributed through the cryptosystem using the first specified format. The credential may be a digital certificate. | 06-16-2011 |
20120087493 | METHOD FOR SECURING CREDENTIALS IN A REMOTE REPOSITORY - A method of securing user credentials in a remote repository is provided. In accordance with one embodiment, there is provided a method comprising generating a first private key and a first public key pair from a registered password; generating a second private key and a second public key pair; generating a storage key from the second private key and the first public key; encrypting a set of credentials using the storage key; creating a encrypted credential signature from the encrypted set of credentials and the first private key; and storing the encrypted set of credentials, the encrypted credential signature, and the second public key in the remote repository. | 04-12-2012 |
20120089847 | METHOD OF OBTAINING AUTHORIZATION FOR ACCESSING A SERVICE - Methods and devices for obtaining authorization for a requestor to access a service are provided. In accordance with one embodiment, there is provided a method comprising receiving a requestor request for access to a service; sending an authorization request to one or more mobile devices associated with one or more authorizers on a first approval list; receiving an authorization response from the one or more mobile devices associated with the one or more authorizers on the first approval list; determining whether a predetermined level of authorization is received; and when the predetermined level of authorization is received, authorizing access to the service. | 04-12-2012 |
20120096273 | AUTHENTICATED ENCRYPTION FOR DIGITAL SIGNATURES WITH MESSAGE RECOVERY - A framework is proposed for authenticated encryption for digital signatures with message recovery whereby authentication is achieved without a redundancy requirement. The Elliptic Curve Pintsov-Vanstone Signature scheme is modified through the use of authenticated encryption, thereby enabling authentication using a message authentication code. The authenticated encryption may be performed within a single function or as two separate functions. The authenticated encryption may also be applied to associated data in the message to be signed. | 04-19-2012 |
20120096274 | AUTHENTICATED ENCRYPTION FOR DIGITAL SIGNATURES WITH MESSAGE RECOVERY - A framework is proposed for authenticated encryption for digital signatures with message recovery whereby authentication is achieved without a redundancy requirement. The Elliptic Curve Pintsov-Vanstone Signature scheme is modified through the use of authenticated encryption, thereby enabling authentication using a message authentication code. The authenticated encryption may be performed within a single function or as two separate functions. The authenticated encryption may also be applied to associated data in the message to be signed. | 04-19-2012 |
20120239777 | SECURE FINANCIAL TRANSACTIONS - A method of securely communicating a message for a financial transaction from a first correspondent to one or more recipients. The method comprises dividing the message into at least two portions. Each portion is intended for a recipient. Each portion intended for receipt by one of the recipients is encrypted with that recipient's public key. The message is signed and transmitted to one of the recipients to enable the recipient to verify the message and further transmit the message to a further recipient. | 09-20-2012 |
20120243680 | INCORPORATING DATA INTO AN ECDSA SIGNATURE COMPONENT - During generation of a signature on a message to create a signed message, a signer determines one of the signature components such that particular information can be extracted from the signature component. The particular information may be related to one or more of the signer and the message to be signed. After receiving a signed message purported to be signed by the signer, a verifier can extract the particular information from the signature component. | 09-27-2012 |
20120246465 | INCORPORATING DATA INTO CRYPTOGRAPHIC COMPONENTS OF AN ECQV CERTIFICATE - During generation of an implicit certificate for a requestor, a certificate authority incorporates information in the public-key reconstruction data, where the public-key reconstruction data is to be used to compute the public key of the requestor. The information may be related to one or more of the requestor, the certificate authority, and the implicit certificate. The certificate authority reversibly encodes the public-key reconstruction data in the implicit certificate and sends it to the requestor. After receiving the implicit certificate from the certificate authority, the requestor can extract the incorporated information from the public-key reconstruction data. The implicit certificate can be made available to a recipient, and the recipient can also extract the incorporated information. | 09-27-2012 |
20130046972 | Using A Single Certificate Request to Generate Credentials with Multiple ECQV Certificates - A method and apparatus are disclosed for using a single credential request (e.g., registered public key or ECQV certificate) to obtain a plurality of credentials in a secure digital communication system having a plurality of trusted certificate authority CA entities and one or more subscriber entities A. In this way, entity A can be provisioned onto multiple PKI networks by leveraging a single registered public key or implicit certificate as a credential request to one or more CA entities to obtain additional credentials, where each additional credential can be used to derive additional public key-private key pairs for the entity A. | 02-21-2013 |
20130078947 | Authentication Procedures for Managing Mobile Device Applications - Methods, systems, and computer programs for managing mobile device applications are described. In some aspects, a mobile device application is prevented from accessing resources of a wireless network. For example, a wireless network operator system can determine that one or more mobile device applications are disapproved for use in the wireless network. In some implementations, the wireless network operator denies the disapproved mobile device applications access to the wireless network resources. In some implementations, mobile devices disable access to the wireless network by the disapproved mobile device applications. | 03-28-2013 |
20130182840 | System and Method of Lawful Access to Secure Communications - The present disclosure relates to systems and methods for secure communications. In some aspects, a method of signalling an interception time period is described. At least one keying information used by a KMF to regenerate a key is stored. A start_interception message is signaled from an ADMF to a CSCF. A halt_message is signaled from the ADMF to the CSCF. | 07-18-2013 |
20130182841 | System and Method of Lawful Access to Secure Communications - The present disclosure relates to systems and methods for secure communications. In some aspects, an initiator KMS receives, from an initiator UE, one or more values used in generation of an encryption key, which includes obtaining at least one value associated with a RANDRi. The initiator KMS sends the at least one value associated with the RANDRi to a responder KMS. The responder KMS generates the encryption key using the one or more values. | 07-18-2013 |
20130182843 | System and Method of Lawful Access to Secure Communications - The present disclosure relates to systems and methods for secure communications. In some aspects, one or more values used to generate an encryption key used to encrypt a packet are stored in a header of the packet. The packet is transmitted with the encrypted data portion in a communication. In some aspects, one or more values used to generate an encryption key are received. The encryption key is regenerated using the one or more values. | 07-18-2013 |
20130227277 | SELF-SIGNED IMPLICIT CERTIFICATES - There are disclosed systems and methods for creating a self-signed implicit certificate. In one embodiment, the self-signed implicit certificate is generated and operated upon using transformations of a nature similar to the transformations used in the ECQV protocol. In such a system, a root CA or other computing device avoids having to generate an explicit self-signed certificate by instead generating a self-signed implicit certificate. | 08-29-2013 |
20130232554 | System and Method for Connecting Client Devices to a Network - A system and method are provided for enabling a client device to connect to a network. The method comprises: obtaining an authorization code via a communication channel different from the network, the authorization code corresponding to the client device; and after detecting initiation of a security negotiation protocol by the client device, using the authorization code in at least one security negotiation operation. | 09-05-2013 |
20130236019 | INTERCEPTING KEY SESSIONS - In some implementations, a method for providing a session key to a third party includes identifying a private key associated with a public key certificate in response to an event. A session key for a communication session is based, at least in part, on the private key, an associated seed for a random number generator, and public keys assigned to user equipment participating in the communication session. The private key associated with the public key certificate is automatically transmitted to an interception authority. The interception authorities are configured to grant a third party access to the private key and the associated seed to in response to a request from a third party authorized to access the communication session. | 09-12-2013 |
20130246785 | METHOD FOR SECURING MESSAGES - There is provided a method for secure communications. The method comprises obtaining a broadcast message, computing a signature for said broadcast message using a private key, and sending a transmission to a communication device. The private key is associated with a certificate and the transmission comprises the signature. | 09-19-2013 |
20130246798 | METHOD FOR SECURING MESSAGES - There is provided a method for secure communications. The method comprises receiving a transmission comprising a signature of a broadcast message at a communication device, and verifying the signature using a certificate. | 09-19-2013 |
20130343542 | METHODS AND DEVICES FOR ESTABLISHING TRUST ON FIRST USE FOR CLOSE PROXIMITY COMMUNICATIONS - Methods and devices for establishing trust on first use for close proximity communications are disclosed. An example method includes receiving a public key from a device via a close proximity communications connection, obtaining, via a user interface, an indication that the device is trusted, and storing at least one of the public key or an identifier for the device. | 12-26-2013 |
20140003604 | AUTHENTICATION OF A MOBILE DEVICE BY A NETWORK AND KEY GENERATION | 01-02-2014 |
20140004824 | KEY AGREEMENT FOR WIRELESS COMMUNICATION | 01-02-2014 |
20140006786 | KEY AGREEMENT USING A KEY DERIVATION KEY | 01-02-2014 |
20140059346 | METHOD OF LAWFUL INTERCEPTION FOR UMTS - A method of providing, to a user equipment, first information for generating a cipher key used for encryption, and for providing, to an authorized intercept device, second information for generating the cipher key, the method including determining a generator function that, based on an input state value, outputs a next cipher key and a next state value, determining an initial state value for the generator function, providing, to the authorized intercept device, the generator function and the initial state value as the second information, generating the cipher key and a state value based on the function generator and the input state value, generating a pseudo-random value based on the cipher key, and transmitting, to the user equipment, the pseudo-random value as the first information, wherein the user equipment generates the cipher key based on the pseudo-random value. | 02-27-2014 |
20140108825 | System and Method for Hardware Based Security - An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session. | 04-17-2014 |
20140137197 | DATA INTEGRITY FOR PROXIMITY-BASED COMMUNICATION - Methods, systems, and computer programs for trusted communication among mobile devices are described. In some aspects, an authentication value is generated at a first mobile device based on a message and a shared secret value stored on the first mobile device. In response to detecting proximity of a second mobile device, the message and the authentication value are wirelessly transmitted from the first mobile device to the second mobile device. In some implementations, the message and the authentication value can be wirelessly transmitted by a proximity-activated wireless interface, such as, for example, a Near Field Communication (NFC) interface. | 05-15-2014 |
20140141750 | DATA INTEGRITY FOR PROXIMITY-BASED COMMUNICATION - Methods, systems, and computer programs for trusted communication among mobile devices are described. In some aspects, information is wirelessly transmitted from a first mobile device to a second mobile device. The information permits the second mobile device to detect proximity of the first mobile device. In some implementations, the information can be wirelessly transmitted by a proximity-activated wireless interface, such as, for example, a Near Field Communication (NFC) interface. In response to the information, the first mobile device receives a message and a first authentication value wirelessly transmitted from the second mobile device to the first mobile device. A second authentication value is generated at the first mobile device based on the message and the shared secret value. Integrity of the message is verified based on comparing the first authentication value and the second authentication value. | 05-22-2014 |
20140201535 | INCORPORATING DATA INTO AN ECDSA SIGNATURE COMPONENT - During generation of a signature on a message to create a signed message, a signer determines one of the signature components such that particular information can be extracted from the signature component. The particular information may be related to one or more of the signer and the message to be signed. After receiving a signed message purported to be signed by the signer, a verifier can extract the particular information from the signature component. | 07-17-2014 |
20140211938 | MODIFIED ELLIPTIC CURVE SIGNATURE ALGORITHM FOR MESSAGE RECOVERY - A modified Chinese State Encryption Management Bureau's SM2 Elliptic Curve Signature Algorithm that offers partial message recovery and lowers the signature size for a given cryptographic strength. The modified SM2 Elliptic Curve Signature Algorithm includes a signature and verification algorithm that modifies a signature generation primitive to compute a key derived from the ephemeral signing key, and a multiple of the signer's public key. | 07-31-2014 |
20140215206 | SYSTEM AND METHOD FOR PROVIDING A TRUST FRAMEWORK USING A SECONDARY NETWORK - A system for providing security services to a mobile device where the mobile device is in communication with a public network through a first network path that is subject to interference by a third party. The system includes a security server and a private network. The security server is operative to communicate with the mobile device through the private network. The security server is also operative to communicate with the public network through a second network path that is less susceptible to the interference by the third party than is the first network path. The security server communicates with the public network through the second network path to provide security services to the mobile device that are delivered over the private network. | 07-31-2014 |
20140304517 | METHOD FOR SECURING CREDENTIALS IN A REMOTE REPOSITORY - A method of securing user credentials in a remote repository is provided. In accordance with one embodiment, there is provided a method comprising generating a first private key and a first public key pair from a registered password; generating a second private key and a second public key pair; generating a storage key from the second private key and the first public key; encrypting a set of credentials using the storage key; creating a encrypted credential signature from the encrypted set of credentials and the first private key; and storing the encrypted set of credentials, the encrypted credential signature, and the second public key in the remote repository. | 10-09-2014 |