| Patent Number |
Title Of Patent |
Date Issued |
| RE38070 |
Cryptography system and method for providing cryptographic services for a computer application |
April 8, 2003 |
| A cryptography system architecture provides cryptographic functionality to support an application requiring encryption. decryption, signing, and verification of electronic messages. The cryptography system has a cryptographic application program interface (CAPI) which interfaces with |
| 7617322 |
Secure peer-to-peer cache sharing |
November 10, 2009 |
| A system, apparatus, method, and computer-readable medium are provided for secure P2P caching. In one method, a requesting peer obtains a hash of requested data from a server. The requesting peer then transmits a request for the data to other peers. The request proves that the reques |
| 7577840 |
Transferring application secrets in a trusted operating system environment |
August 18, 2009 |
| Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination |
| 7577839 |
Transferring application secrets in a trusted operating system environment |
August 18, 2009 |
| Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination |
| 7574603 |
Method of negotiating security parameters and authenticating users interconnected to a network |
August 11, 2009 |
| A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices est |
| 7549170 |
System and method of inkblot authentication |
June 16, 2009 |
| A system and method that uses authentication inkblots to help computer system users first select and later recall authentication information from high entropy information spaces. An inkblot authentication module generates authentication inkblots from authentication inkblot seeds. On |
| 7549048 |
Efficient and secure authentication of computing systems |
June 16, 2009 |
| The principles of the present invention relate to systems, methods, and computer program products for more efficiently and securely authenticating computing systems. In some embodiments, a limited use credential is used to provision more permanent credentials. A client receives a lim |
| 7529933 |
TLS tunneling |
May 5, 2009 |
| An authentication protocol can be used to establish a secure method of communication between two devices on a network. Once established, the secure communication can be used to authenticate a client through various authentication methods, providing security in environments where inte |
| 7489645 |
Mesh networks with end device recognition |
February 10, 2009 |
| An exemplary router performs actions including: receiving at least one certificate from an end device, the at least one certificate issued by another router; ascertaining if the other router is a member of a predetermined neighborhood; determining if the at least one certificate is v |
| 7464265 |
Methods for iteratively deriving security keys for communications sessions |
December 9, 2008 |
| Disclosed are methods for a client, having established one set of security keys, to establish a new set without having to communicate with an authentication server. When the client joins a group, master session security keys are derived and made known to the client and to the group's |
| 7370196 |
Controlled-content recoverable blinded certificates |
May 6, 2008 |
| In a cryptographic system, a certificate is used to provide information regarding a client device. The certificate is blindly signed by a certifying authority to preserve the anonymity of the client device. However, information is encoded into the signature so that a content server c |
| 7305553 |
Manifest-based trusted agent management in a trusted operating system environment |
December 4, 2007 |
| Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plu |
| 7299352 |
Controlled-content recoverable blinded certificates |
November 20, 2007 |
| In a cryptographic system, a certificate is used to provide information regarding a client device. The certificate is blindly signed by a certifying authority to preserve the anonymity of the client device. However, information is encoded into the signature so that a content server c |
| 7299349 |
Secure end-to-end notification |
November 20, 2007 |
| Providing secure end-to-end notifications from a notification source to a notification sink despite the notification mechanism including one or more message transit points between the notification source and the notification sink. Initially, security information (e.g., the master sec |
| 7284271 |
Authorizing a requesting entity to operate upon data structures |
October 16, 2007 |
| Authorizing a requesting entity to have a service perform a particular action in a manner that is at least partially independent of the underlying target data structure. An authorization station maintains a number of role templates that each define basic access permissions with respe |
| 7257707 |
Manifest-based trusted agent management in a trusted operating system environment |
August 14, 2007 |
| Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plu |
| 7246374 |
Enhancing computer system security via multiple user desktops |
July 17, 2007 |
| Users can create multiple different desktops for themselves and easily switch between these desktops. These multiple desktops are "walled off" from one another, limiting the ability of processes and other subjects in one desktop from accessing objects, such as data files or other pro |
| 7243230 |
Transferring application secrets in a trusted operating system environment |
July 10, 2007 |
| Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination |
| 7200599 |
Automated generator of input-validation filters |
April 3, 2007 |
| An implementation of a technology, described herein, for facilitating the automated generation of input-validation software filters. The implementation of the invention provides an easy graphical user interface (GUI). With this GUI, a user (such as a system administrator) is able to |
| 7159240 |
Operating system upgrades in a trusted operating system environment |
January 2, 2007 |
| Operating system upgrades in a trusted operating system environment allow a current trusted core of an operating system installed on a computing device to be upgraded to a new trusted core. The new trusted core is allowed to access application data previously securely stored by the c |
| 7137004 |
Manifest-based trusted agent management in a trusted operating system environment |
November 14, 2006 |
| Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plu |
| 7136859 |
Accessing heterogeneous data in a standardized manner |
November 14, 2006 |
| Directly operating on data structures in a generic manner regardless of the type of data structure being operated upon and without requiring dedicated executable code for manipulating data structures of the particular data type. A common set of commands (e.g., insert, delete, replace |
| 7107463 |
Manifest-based trusted agent management in a trusted operating system environment |
September 12, 2006 |
| Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plu |
| 7096200 |
System and method for evaluating and enhancing source anonymity for encrypted web traffic |
August 22, 2006 |
| A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic |
| 6986036 |
System and method for protecting privacy and anonymity of parties of network communications |
January 10, 2006 |
| A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client. For a session between the client and the target server, a routing control server sets up a routing chain using |
| 6985958 |
Messaging infrastructure for identity-centric data access |
January 10, 2006 |
| A messaging data structure for accessing data in an identity-centric manner. An identity may be a user, a group of users, or an organization. Instead of data being maintained on an application-by-application basis, the data associated with a particular identity is stored by one or more |
| 6907522 |
Use of hashing in a secure boot loader |
June 14, 2005 |
| Machine instructions comprising a bootstrap code are buried within a critical component of an electronic game console where they cannot readily be accessed or modified. A preloader portion in a read only memory (ROM) is hashed by the bootstrap code and the result is compared to an expect |
| 6871276 |
Controlled-content recoverable blinded certificates |
March 22, 2005 |
| In a cryptographic system, a certificate is used to provide information regarding a client device. The certificate is blindly signed by a certifying authority to preserve the anonymity of the client device. However, information is encoded into the signature so that a content server c |
| 6496928 |
System for transmitting subscription information and content to a mobile device |
December 17, 2002 |
| A system controls access to broadcast messages received by a plurality of mobile devices. Selected mobile devices are provided with a broadcast encryption key (BEK). The broadcast messages are encrypted using the BEK prior to broadcasting so that the selected mobile devices containing th |
| 6065008 |
System and method for secure font subset distribution |
May 16, 2000 |
| This invention concerns a system and method for securely distributing subsetted fonts from a distributor to a client. The system includes a signing module to construct an authentication tree having leaves formed of glyphs, one or more intermediate levels of nodes computed as one-way |
| 6061792 |
System and method for fair exchange of time-independent information goods over a network |
May 9, 2000 |
| A system and method facilitates a fair exchange of time-independent information goods between a first party's computer and a second party's computer over a network, such as the Internet. The first party's computer creates a digital contract proposal concerning the exchange of information |
| 6055314 |
System and method for secure purchase and delivery of video content programs |
April 25, 2000 |
| A system and method for secure purchase and delivery of video content programs over various distribution media, including distribution networks and digital video disks, includes an integrated circuit card (e.g., a smart card, PCMCIA card) which is configured to store decryption capab |
| 6000832 |
Electronic online commerce card with customer generated transaction proxy number for online tran |
December 14, 1999 |
| An online commerce system facilitates online commerce over a public network using an online commerce card. The "card" does not exist in physical form, but instead exists in digital form. It is assigned a customer account number that includes digits for a prefix number for bank-handling |
| 5778069 |
Non-biased pseudo random number generator |
July 7, 1998 |
| A computer-implemented pseudo random number generator includes an input device to assemble multiple classes of bits from multiple sources into an input bit string. The multiple classes of bits include an internal class of bits from at least one source internal to the random number genera |
| 5768385 |
Untraceable electronic cash |
June 16, 1998 |
| An electronic cash protocol including the steps of using a one-way function f.sub.1 (x) to generate an image f.sub.1 (x.sub.1) from a preimage x.sub.1 ; sending the image f.sub.1 (x.sub.1) in an unblinded form to a second party; and receiving from the second party a note including a digi |
| 5721781 |
Authentication system and method for smart card transactions |
February 24, 1998 |
| An authentication system includes a portable information device, such as a smart card, that is configured to store and process multiple different applications. The smart card is assigned its own digital certificate which contains a digital signature from a trusted certifying authority an |
| 5689565 |
Cryptography system and method for providing cryptographic services for a computer application |
November 18, 1997 |
| A cryptography system architecture provides cryptographic functionality to support an application requiring encryption, decryption, signing, and verification of electronic messages. The cryptography system has a cryptographic application program interface (CAPI) which interfaces with |
