| Targeted Patent: Patent: US7657531B2 Filed: 2001-04-19 Issued: 2010-02-02 Patent Holder: (Original Assignee) Teigel Processing AB LLC (Current Assignee) Alto Dynamics LLC Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell Title: Systems and methods for state-less authentication | Cross Reference / Shared Meaning between the Lines |
Charted Against: Patent: US6202151B1 Filed: 1997-05-09 Issued: 2001-03-13 Patent Holder: (Original Assignee) GTE Service Corp (Current Assignee) Verizon Patent and Licensing Inc Inventor(s): Clyde Musgrave, Robert S. Dulude Title: System and method for authenticating electronic transactions using biometric certificates |
| [TRANSITIVE ID: 1] enabling, receiving, verifying, extracting | processing, validating, monitoring, identifying, obtaining, inspecting, detecting | [TRANSITIVE ID: 1] authenticating |
| [FEATURE ID: 2] access, security, expiration time, organization identifier, authentication certificate, user location, user position, other access, verifying | authorization, identification, authentication, application, authority, entity, algorithm | [FEATURE ID: 2] electronic transaction |
| [FEATURE ID: 3] resource, user, sub-organization identifier, key, user role, new symmetric key | server, device, profile, location, biometric, host, computer | [FEATURE ID: 3] system, user, transaction input device, biometric input device, physical condition, biometric certificate management system, classifier, biometric database, geometry, hand |
| [FEATURE ID: 4] application server, validity | computer, processor, server, signature, signing, system, sender | [FEATURE ID: 4] hash function, registration authority, network, receiver |
| [FEATURE ID: 5] processing system | device, server, computer | [FEATURE ID: 5] biometric certificate generator |
| [FEATURE ID: 6] client application | agent, entity, initiator, operator | [FEATURE ID: 6] electronic transaction generator |
| [TRANSITIVE ID: 7] possessing, comprising | by, including, having, of, and, to, utilizing | [TRANSITIVE ID: 7] involving, comprising, using |
| [FEATURE ID: 8] context | token, code, key | [FEATURE ID: 8] biometric digital signature |
| [TRANSITIVE ID: 9] appended, authorization | information, identity, integrity, attributes, access, identification, authenticity | [TRANSITIVE ID: 9] pre-registered biometric data |
| [TRANSITIVE ID: 10] protected | subsequent, associated, corresponding | [TRANSITIVE ID: 10] relating |
| [FEATURE ID: 11] context renewal request, authorization information, security context, request | message, credential, signature, transaction, token, code, value | [FEATURE ID: 11] transaction data, biometric certificate, public key, hash value signal, private key, transaction signal |
| [TRANSITIVE ID: 12] provided | sent, issued, communicated, initiated, made, delivered, output | [TRANSITIVE ID: 12] transmitted |
| [FEATURE ID: 13] access authorization component | identifier, image, input, output, interface, eyeball, authentication | [FEATURE ID: 13] generate, authentication decision signal, iris reader, iris |
| [FEATURE ID: 14] content | characteristics, parameters, metadata, information, values | [FEATURE ID: 14] biometric data |
| [FEATURE ID: 15] identity, authority, services | information, data, processing, authentication, credentials, access, registration | [FEATURE ID: 15] electronic transactions, comparison |
| [FEATURE ID: 16] user identifier | fingerprint, signature, profile | [FEATURE ID: 16] visual image |
| [FEATURE ID: 17] claim | preceding claim, embodiment, statement, the claim, clause, item, paragraph | [FEATURE ID: 17] claim |
| [FEATURE ID: 18] least | lea, most, last, lease, lest, at least, any | [FEATURE ID: 18] least |
| 1 . A method of enabling [TRANSITIVE ID: 1] access [FEATURE ID: 2] to a resource [FEATURE ID: 3] of a distributed application server [FEATURE ID: 4] or processing system [FEATURE ID: 5] by a user [FEATURE ID: 3] / client application [FEATURE ID: 6] possessing [TRANSITIVE ID: 7] a valid security - context [FEATURE ID: 8] , comprising [TRANSITIVE ID: 7] the steps of : receiving [TRANSITIVE ID: 1] the security [FEATURE ID: 2] - context and an appended [TRANSITIVE ID: 9] protected [TRANSITIVE ID: 10] security - context renewal request [FEATURE ID: 11] provided [TRANSITIVE ID: 12] by the user to an access authorization component [FEATURE ID: 13] of the application server or processing system ; verifying [TRANSITIVE ID: 1] the validity [FEATURE ID: 4] of the security - context and the security - context renewal request ; extracting [TRANSITIVE ID: 1] content [FEATURE ID: 14] of both the security - context and the security - context renewal request ; comparing current time to an expiration time [FEATURE ID: 2] identifying time of expiration of the security - context ; if the expiration time is less than the current time , comparing the security - context renewal request with stored identity [FEATURE ID: 15] and authorization information [FEATURE ID: 11] comprising at least one of a user identifier [FEATURE ID: 16] , an organization identifier [FEATURE ID: 2] , a sub-organization identifier [FEATURE ID: 3] , a key [FEATURE ID: 3] , an authentication certificate [FEATURE ID: 2] , an user location [FEATURE ID: 2] , a user role [FEATURE ID: 3] , and an user position [FEATURE ID: 2] identifying the user to the access authorization component and generating a new symmetric key [FEATURE ID: 3] , and other access [FEATURE ID: 2] and authorization information ; generating an updated security - context based on the verifying [FEATURE ID: 2] of the user ' s identity and authorization [FEATURE ID: 9] and based on the user having requested authority [FEATURE ID: 15] for access to the resource and services [FEATURE ID: 15] ; providing the updated security context [FEATURE ID: 11] to the user ; and sending the updated security - context and a request [FEATURE ID: 11] for access to the resource and services by the user to the application server or processing system . 2 . The method of claim [FEATURE ID: 17] 1 , wherein a resource identified in the security - context renewal request is at least [FEATURE ID: 18] |
1 . A system [FEATURE ID: 3] for authenticating [TRANSITIVE ID: 1] electronic transactions [FEATURE ID: 15] involving [TRANSITIVE ID: 7] a user [FEATURE ID: 3] , comprising [TRANSITIVE ID: 7] : a transaction input device [FEATURE ID: 3] configured to receive transaction data [FEATURE ID: 11] relating [TRANSITIVE ID: 10] to an electronic transaction [FEATURE ID: 2] ; a biometric input device [FEATURE ID: 3] configured to generate [TRANSITIVE ID: 13] biometric data [FEATURE ID: 14] corresponding to a physical condition [FEATURE ID: 3] of the user ; a biometric certificate generator [FEATURE ID: 5] configured to generate a biometric certificate [FEATURE ID: 11] from the transaction data , the biometric data , and a public key [FEATURE ID: 11] corresponding to the user ; a hash function generator configured to generate a hash value signal [FEATURE ID: 11] from the biometric certificate using [TRANSITIVE ID: 7] a hash function [FEATURE ID: 4] ; a registration authority [FEATURE ID: 4] configured to generate a biometric digital signature [FEATURE ID: 8] from the hash value signal and a private key [FEATURE ID: 11] corresponding to the user ; an electronic transaction generator [FEATURE ID: 6] configured to generate a transaction signal [FEATURE ID: 11] , corresponding to the electronic transaction to be transmitted [TRANSITIVE ID: 12] over a network [FEATURE ID: 4] , from the biometric digital signature and the transaction data ; a receiver [FEATURE ID: 4] configured to receive the transaction signal from the network and process the received transaction signal to extract the biometric certificate ; and a biometric certificate management system [FEATURE ID: 3] configured to certify the electronic transaction as being from the user , including : a biometric data extractor configured to isolate the biometric data from the extracted biometric certificate , and a classifier [FEATURE ID: 3] configured to retrieve pre-registered biometric data [FEATURE ID: 9] corresponding to the user from a biometric database [FEATURE ID: 3] , compare the biometric data to the pre-registered biometric data , generate an authentication decision signal [FEATURE ID: 13] based on the comparison [FEATURE ID: 15] , and provide the authentication decision signal to the receiver to permit the receiver to determine whether the electronic transaction involves the user . 2 . The system of claim [FEATURE ID: 17] 1 , wherein the biometric input device includes at least [FEATURE ID: 18] one of : an iris reader [FEATURE ID: 13] configured to obtain a visual image [FEATURE ID: 16] of an iris [FEATURE ID: 13] of the user , a hand geometry reader configured to obtain a visual image of a geometry [FEATURE ID: 3] of a hand [FEATURE ID: 3] |
| Targeted Patent: Patent: US7657531B2 Filed: 2001-04-19 Issued: 2010-02-02 Patent Holder: (Original Assignee) Teigel Processing AB LLC (Current Assignee) Alto Dynamics LLC Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell Title: Systems and methods for state-less authentication | Cross Reference / Shared Meaning between the Lines |
Charted Against: Patent: US6192361B1 Filed: 1997-12-23 Issued: 2001-02-20 Patent Holder: (Original Assignee) Alcatel USA Sourcing Inc (Current Assignee) Alcatel USA Sourcing Inc Inventor(s): Peter Sung-An Huang Title: Full group privileges access system providing user access security protection for a telecommunications switching system |
| [FEATURE ID: 1] method, processing system, user role | network, server, computer, subsystem, protocol, process, platform | [FEATURE ID: 1] full group privileges access mechanism |
| [TRANSITIVE ID: 2] enabling, verifying | controlling, obtaining, establishing, managing, ensuring, determining, requesting | [TRANSITIVE ID: 2] providing, having |
| [FEATURE ID: 3] access, appended, access authorization component, content, identity, authorization information, organization identifier, authentication certificate, user location, user position, new symmetric key, other access, verifying, authorization, services, security context, request | information, authentication, credential, application, identification, account, security | [FEATURE ID: 3] security protection, application program, access, request, communications, user identification, communication, authority, ability |
| [FEATURE ID: 4] resource, user identifier, sub-organization identifier, key | device, network, user, database, client, processor, firewall | [FEATURE ID: 4] system, computer, server, computer operable, first communication link, server operable, computer user, system security manager client building block, system security manager server building block, runtime library, function, computer users |
| [TRANSITIVE ID: 5] distributed | network, computer, remote, system, first, call | [TRANSITIVE ID: 5] telecommunications, authorized, second communication link |
| [FEATURE ID: 6] application server, security | system, computer, storage, control, communication, management, software | [FEATURE ID: 6] switching, storage files, system manager building block, part, user |
| [FEATURE ID: 7] user | use, host, process | [FEATURE ID: 7] execute |
| [FEATURE ID: 8] client application | individual, subscriber, member, user, employee, agent, initiator | [FEATURE ID: 8] users, authorized user |
| [TRANSITIVE ID: 9] possessing, comprising | having, including, by, and, with, of, providing | [TRANSITIVE ID: 9] using, comprising |
| [FEATURE ID: 10] valid security | user, key, control | [FEATURE ID: 10] command |
| [FEATURE ID: 11] steps, current time | tasks, data, keys, controls, information, codes, calls | [FEATURE ID: 11] functions, commands |
| [FEATURE ID: 12] context renewal request | query, update, request | [FEATURE ID: 12] access |
| [FEATURE ID: 13] authority | data, information, instructions | [FEATURE ID: 13] second information |
| [FEATURE ID: 14] claim | clause, patent, claimed, invention, requirement, clair, figure | [FEATURE ID: 14] claim |
| 1 . A method [FEATURE ID: 1] of enabling [TRANSITIVE ID: 2] access [FEATURE ID: 3] to a resource [FEATURE ID: 4] of a distributed [TRANSITIVE ID: 5] application server [FEATURE ID: 6] or processing system [FEATURE ID: 1] by a user [FEATURE ID: 7] / client application [FEATURE ID: 8] possessing [TRANSITIVE ID: 9] a valid security [FEATURE ID: 10] - context , comprising [TRANSITIVE ID: 9] the steps [FEATURE ID: 11] of : receiving the security [FEATURE ID: 6] - context and an appended [TRANSITIVE ID: 3] protected security - context renewal request [FEATURE ID: 12] provided by the user to an access authorization component [FEATURE ID: 3] of the application server or processing system ; verifying [TRANSITIVE ID: 2] the validity of the security - context and the security - context renewal request ; extracting content [FEATURE ID: 3] of both the security - context and the security - context renewal request ; comparing current time [FEATURE ID: 11] to an expiration time identifying time of expiration of the security - context ; if the expiration time is less than the current time , comparing the security - context renewal request with stored identity [FEATURE ID: 3] and authorization information [FEATURE ID: 3] comprising at least one of a user identifier [FEATURE ID: 4] , an organization identifier [FEATURE ID: 3] , a sub-organization identifier [FEATURE ID: 4] , a key [FEATURE ID: 4] , an authentication certificate [FEATURE ID: 3] , an user location [FEATURE ID: 3] , a user role [FEATURE ID: 1] , and an user position [FEATURE ID: 3] identifying the user to the access authorization component and generating a new symmetric key [FEATURE ID: 3] , and other access [FEATURE ID: 3] and authorization information ; generating an updated security - context based on the verifying [FEATURE ID: 3] of the user ' s identity and authorization [FEATURE ID: 3] and based on the user having requested authority [FEATURE ID: 13] for access to the resource and services [FEATURE ID: 3] ; providing the updated security context [FEATURE ID: 3] to the user ; and sending the updated security - context and a request [FEATURE ID: 3] for access to the resource and services by the user to the application server or processing system . 2 . The method of claim [FEATURE ID: 14] |
1 . A full group privileges access mechanism [FEATURE ID: 1] for providing [TRANSITIVE ID: 2] security protection [FEATURE ID: 3] for a telecommunications [FEATURE ID: 5] switching [TRANSITIVE ID: 6] system [FEATURE ID: 4] which is accessible by authorized [TRANSITIVE ID: 5] users [FEATURE ID: 8] using [TRANSITIVE ID: 9] a computer [FEATURE ID: 4] , comprising [TRANSITIVE ID: 9] : a server [FEATURE ID: 4] having [TRANSITIVE ID: 2] an application program [FEATURE ID: 3] to access [TRANSITIVE ID: 3] the telecommunications switching system ; a computer operable [FEATURE ID: 4] to communicate with the server over a first communication link [FEATURE ID: 4] , the server operable [FEATURE ID: 4] to provide the application program to the computer upon request [FEATURE ID: 3] , the computer operable to execute [TRANSITIVE ID: 7] the application program , the computer operable to establish communications [FEATURE ID: 3] with the telecommunications switching system over a second communication link [FEATURE ID: 5] according to the application program ; storage files [FEATURE ID: 6] in the telecommunications switching system containing first information and second information [FEATURE ID: 13] associated with authorized user identification [FEATURE ID: 3] ; a system manager building block [FEATURE ID: 6] in the telecommunications switching system in communication [FEATURE ID: 3] with said computer , said system manager building block also being in communication with said storage files in order to access [FEATURE ID: 12] said first information for determining if a computer user [FEATURE ID: 4] is an authorized user [FEATURE ID: 8] , and in order to modify said first information ; a system security manager client building block [FEATURE ID: 4] in the telecommunications switching system in communication with said system manager building block ; and a system security manager server building block [FEATURE ID: 4] in the telecommunications switching system in communication with said system security manager client building block , said system security manager client building block and said system security manager server building block being jointly in communication with said storage files in order to access said second information , and in order to modify said second information , wherein said system manager building block provides communication between said computer and said system security manager client building block , and wherein said system security manager client building block provides communication between said system manager building block and said system security manager server building block . 2 . The full group privileges access mechanism of claim [FEATURE ID: 14] 1 , wherein said storage files containing said first and second information are configured to be maintained at least in part [FEATURE ID: 6] in a runtime library [FEATURE ID: 4] . 3 . The full group privileges access mechanism of claim 2 , wherein said system manager building block further comprises said runtime library . 4 . The full group privileges access mechanism of claim 1 , wherein the telecommunications switching system provides functions [FEATURE ID: 11] which can be accessed by said authorized users and commands [FEATURE ID: 11] which can be executed by said authorized users , and wherein said second information represents authority [FEATURE ID: 3] of an associated authorized user [FEATURE ID: 6] to access each said function [FEATURE ID: 4] and execute each said command [FEATURE ID: 10] , and controls the ability [FEATURE ID: 3] of the computer users [FEATURE ID: 4] |
| Targeted Patent: Patent: US7657531B2 Filed: 2001-04-19 Issued: 2010-02-02 Patent Holder: (Original Assignee) Teigel Processing AB LLC (Current Assignee) Alto Dynamics LLC Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell Title: Systems and methods for state-less authentication | Cross Reference / Shared Meaning between the Lines |
Charted Against: Patent: US6185685B1 Filed: 1997-12-11 Issued: 2001-02-06 Patent Holder: (Original Assignee) International Business Machines Corp (Current Assignee) International Business Machines Corp Inventor(s): Stephen P. Morgan, Lance W. Russell, Benjamin Clay Reed Title: Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same |
| [FEATURE ID: 1] method, steps, content, services | process, methods, features, procedure, step, elements, tasks | [FEATURE ID: 1] login method, method, steps |
| [TRANSITIVE ID: 2] enabling, verifying, extracting | obtaining, determining, identifying, establishing, validating, storing, processing | [TRANSITIVE ID: 2] receiving, computing |
| [FEATURE ID: 3] access, valid security, security, protected, validity, other access | user, trust, control, protection, authentication, integrity, privacy | [FEATURE ID: 3] security, key |
| [FEATURE ID: 4] resource, client application, user identifier, sub-organization identifier, key, user role, new symmetric key, security context | user, device, server, client, system, workstation, machine | [FEATURE ID: 4] network computer system, server computer, client computer, persistent storage device, control program, first client computer, hash value H |
| [TRANSITIVE ID: 5] distributed | network, web, first, client, computer | [TRANSITIVE ID: 5] communication network, first server computer |
| [FEATURE ID: 6] application server | operating, distributed, network, communication | [FEATURE ID: 6] coupled |
| [FEATURE ID: 7] processing system | computer, program, server | [FEATURE ID: 7] user |
| [FEATURE ID: 8] user | client, remote, users | [FEATURE ID: 8] client computers |
| [TRANSITIVE ID: 9] possessing, comprising | by, and, using, containing, involving, providing, from | [TRANSITIVE ID: 9] having, access, comprising, transmitting, including |
| [FEATURE ID: 10] context, request | token, message, code, key, signature, data, call | [FEATURE ID: 10] login ID, password PW |
| [TRANSITIVE ID: 11] receiving | examining, checking, processing, verifying, identifying, analyzing, reading | [TRANSITIVE ID: 11] decrypting |
| [TRANSITIVE ID: 12] appended, access authorization component, expiration time, organization identifier, user location, user position | identifier, attribute, application, authorization, address, algorithm, input | [TRANSITIVE ID: 12] encryption key |
| [FEATURE ID: 13] context renewal request | session, message, information | [FEATURE ID: 13] further transmissions |
| [FEATURE ID: 14] current time | data, information, itself | [FEATURE ID: 14] KEK |
| [FEATURE ID: 15] identity, authorization information, authentication certificate, authority | access, authentication, authorization, security, encryption, registration, information | [FEATURE ID: 15] login |
| 1 . A method [FEATURE ID: 1] of enabling [TRANSITIVE ID: 2] access [FEATURE ID: 3] to a resource [FEATURE ID: 4] of a distributed [TRANSITIVE ID: 5] application server [FEATURE ID: 6] or processing system [FEATURE ID: 7] by a user [FEATURE ID: 8] / client application [FEATURE ID: 4] possessing [TRANSITIVE ID: 9] a valid security [FEATURE ID: 3] - context [FEATURE ID: 10] , comprising [TRANSITIVE ID: 9] the steps [FEATURE ID: 1] of : receiving [TRANSITIVE ID: 11] the security [FEATURE ID: 3] - context and an appended [TRANSITIVE ID: 12] protected [TRANSITIVE ID: 3] security - context renewal request [FEATURE ID: 13] provided by the user to an access authorization component [FEATURE ID: 12] of the application server or processing system ; verifying [TRANSITIVE ID: 2] the validity [FEATURE ID: 3] of the security - context and the security - context renewal request ; extracting [TRANSITIVE ID: 2] content [FEATURE ID: 1] of both the security - context and the security - context renewal request ; comparing current time [FEATURE ID: 14] to an expiration time [FEATURE ID: 12] identifying time of expiration of the security - context ; if the expiration time is less than the current time , comparing the security - context renewal request with stored identity [FEATURE ID: 15] and authorization information [FEATURE ID: 15] comprising at least one of a user identifier [FEATURE ID: 4] , an organization identifier [FEATURE ID: 12] , a sub-organization identifier [FEATURE ID: 4] , a key [FEATURE ID: 4] , an authentication certificate [FEATURE ID: 15] , an user location [FEATURE ID: 12] , a user role [FEATURE ID: 4] , and an user position [FEATURE ID: 12] identifying the user to the access authorization component and generating a new symmetric key [FEATURE ID: 4] , and other access [FEATURE ID: 3] and authorization information ; generating an updated security - context based on the verifying of the user ' s identity and authorization and based on the user having requested authority [FEATURE ID: 15] for access to the resource and services [FEATURE ID: 1] ; providing the updated security context [FEATURE ID: 4] to the user ; and sending the updated security - context and a request [FEATURE ID: 10] |
1 . A login method [FEATURE ID: 1] to enhance security [FEATURE ID: 3] in a network computer system [FEATURE ID: 4] having [TRANSITIVE ID: 9] at least one server computer [FEATURE ID: 4] coupled [TRANSITIVE ID: 6] over a communication network [FEATURE ID: 5] to a plurality of client computers [FEATURE ID: 8] , wherein each client computer [FEATURE ID: 4] is coupled to directly access [TRANSITIVE ID: 9] a persistent storage device [FEATURE ID: 4] and wherein each client computer is operated by a control program [FEATURE ID: 4] after login [FEATURE ID: 15] , the method [FEATURE ID: 1] comprising [TRANSITIVE ID: 9] the steps [FEATURE ID: 1] of : receiving [TRANSITIVE ID: 2] a login ID [FEATURE ID: 10] and password PW [FEATURE ID: 10] from a user [FEATURE ID: 7] at a first one of said client computers ; computing [FEATURE ID: 2] , at said first client computer [FEATURE ID: 4] , a hash value H [FEATURE ID: 4] 1 PW of the password PW ; transmitting [TRANSITIVE ID: 9] a first - stage login request including [TRANSITIVE ID: 9] ID from said first client computer to a first one of said server computers ; receiving said first - stage login request at said first server computer [FEATURE ID: 5] ; providing , at said first server computer , a key [FEATURE ID: 3] - exchange key KEK ; encrypting KEK [FEATURE ID: 14] at said first server computer ; transmitting a first - stage login response , including the encrypted KEK , from said first server computer to said first client computer ; receiving said first - stage login response at said first client computer ; decrypting [FEATURE ID: 11] , at said first client computer , the encrypted KEK , to yield KEK ; providing , at said first client computer , a first split key SK 1 ; encrypting , at said first client computer , key SK 1 , using KEK as an encryption key [FEATURE ID: 12] , to yield ESK 1 ; transmitting a second - stage login request , including ESK 1 , from said first client computer to said first server computer ; receiving said second - stage login request at said first server computer ; decrypting , at said first server computer , ESK 1 , using KEK as a decryption key , to yield SK 1 ; providing , at said first server computer , a second split key SK 2 ; combining , at said first server computer , the first and second split keys SK 1 an SK 2 , to yield session key SK ; encrypting , at said first server computer , the second split key SK 2 , using KEK as an encryption key , to yield ESK 2 ; transmitting a second - stage login response , including ESK 2 , from said first server computer to said first client computer ; receiving the second - stage login response at said first client computer ; decrypting , at said first client computer , ESK 2 received with the second - stage login response , using KEK as a decryption key , to yield SK 2 ; combining , at said first client computer , the first and second split keys SK 1 and SK 2 , to yield sessions key SK ; encrypting further transmissions [FEATURE ID: 13] |
| Targeted Patent: Patent: US7657531B2 Filed: 2001-04-19 Issued: 2010-02-02 Patent Holder: (Original Assignee) Teigel Processing AB LLC (Current Assignee) Alto Dynamics LLC Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell Title: Systems and methods for state-less authentication | Cross Reference / Shared Meaning between the Lines |
Charted Against: Patent: US6185683B1 Filed: 1995-02-13 Issued: 2001-02-06 Patent Holder: (Original Assignee) Intertrust Technologies Corp (Current Assignee) Intertrust Technologies Corp Inventor(s): Karl L. Ginter, Victor H. Shear, Francis J. Spahn, David M. Van Wie, Robert P. Weber Title: Trusted and secure techniques, systems and methods for item delivery and execution |
| [TRANSITIVE ID: 1] enabling, receiving | processing, controlling, requesting, presenting, sending, providing, capturing | [TRANSITIVE ID: 1] governing, receiving |
| [FEATURE ID: 2] access, authorization information | authentication, authorization, entitlement, control, administration, protection, authority | [FEATURE ID: 2] access |
| [FEATURE ID: 3] resource, distributed, processing system, user, client application, user role | network, device, computer, server, client, terminal, first | [FEATURE ID: 3] system, first apparatus, processor, second apparatus, third apparatus different |
| [FEATURE ID: 4] application server | processor, network, device, database, system, computer, platform | [FEATURE ID: 4] communications port, memory, hardware, processing environment, user |
| [TRANSITIVE ID: 5] possessing, comprising | and, having, with, of, using, providing, for | [TRANSITIVE ID: 5] including, storing, containing |
| [FEATURE ID: 6] context, user identifier, new symmetric key, other access, request | key, credential, token, signature, user, code, license | [FEATURE ID: 6] secure container rule, second secure container rule |
| [FEATURE ID: 7] steps, expiration time, authentication certificate, user location, user position | action, entity, application, attribute, algorithm, object, operator | [FEATURE ID: 7] aspect |
| [FEATURE ID: 8] security, identity, key, security context | user, policy, authentication, control, token, verification, login | [FEATURE ID: 8] first secure container rule |
| [TRANSITIVE ID: 9] protected | signed, electronic, secure, authenticated | [TRANSITIVE ID: 9] encrypted |
| [FEATURE ID: 10] context renewal request | document, code, message, token, key, password, payload | [FEATURE ID: 10] digital certificate, digital signature |
| [FEATURE ID: 11] access authorization component, organization identifier | attribute, account, interface, application, entry, authenticator, agent | [FEATURE ID: 11] electronic seal |
| [FEATURE ID: 12] content, services | information, contents, software, keys, features, metadata, policies | [FEATURE ID: 12] audit information |
| [FEATURE ID: 13] expiration | release, usage, consumption, storage | [FEATURE ID: 13] use |
| [FEATURE ID: 14] sub-organization identifier | license, code, date, policy | [FEATURE ID: 14] rule |
| [FEATURE ID: 15] authority | processing, the, data, instructions | [FEATURE ID: 15] information |
| [FEATURE ID: 16] claim | item, the claim, claimed, requirement, statement, figure, embodiment | [FEATURE ID: 16] claim |
| [FEATURE ID: 17] least | lea, most, last, lease, lest, at least | [FEATURE ID: 17] least |
| 1 . A method of enabling [TRANSITIVE ID: 1] access [FEATURE ID: 2] to a resource [FEATURE ID: 3] of a distributed [TRANSITIVE ID: 3] application server [FEATURE ID: 4] or processing system [FEATURE ID: 3] by a user [FEATURE ID: 3] / client application [FEATURE ID: 3] possessing [TRANSITIVE ID: 5] a valid security - context [FEATURE ID: 6] , comprising [TRANSITIVE ID: 5] the steps [FEATURE ID: 7] of : receiving [TRANSITIVE ID: 1] the security [FEATURE ID: 8] - context and an appended protected [TRANSITIVE ID: 9] security - context renewal request [FEATURE ID: 10] provided by the user to an access authorization component [FEATURE ID: 11] of the application server or processing system ; verifying the validity of the security - context and the security - context renewal request ; extracting content [FEATURE ID: 12] of both the security - context and the security - context renewal request ; comparing current time to an expiration time [FEATURE ID: 7] identifying time of expiration [FEATURE ID: 13] of the security - context ; if the expiration time is less than the current time , comparing the security - context renewal request with stored identity [FEATURE ID: 8] and authorization information [FEATURE ID: 2] comprising at least one of a user identifier [FEATURE ID: 6] , an organization identifier [FEATURE ID: 11] , a sub-organization identifier [FEATURE ID: 14] , a key [FEATURE ID: 8] , an authentication certificate [FEATURE ID: 7] , an user location [FEATURE ID: 7] , a user role [FEATURE ID: 3] , and an user position [FEATURE ID: 7] identifying the user to the access authorization component and generating a new symmetric key [FEATURE ID: 6] , and other access [FEATURE ID: 6] and authorization information ; generating an updated security - context based on the verifying of the user ' s identity and authorization and based on the user having requested authority [FEATURE ID: 15] for access to the resource and services [FEATURE ID: 12] ; providing the updated security context [FEATURE ID: 8] to the user ; and sending the updated security - context and a request [FEATURE ID: 6] for access to the resource and services by the user to the application server or processing system . 2 . The method of claim [FEATURE ID: 16] 1 , wherein a resource identified in the security - context renewal request is at least [FEATURE ID: 17] |
1 . A system [FEATURE ID: 3] including [TRANSITIVE ID: 5] : a first apparatus [FEATURE ID: 3] including , user controls , a communications port [FEATURE ID: 4] , a processor [FEATURE ID: 3] , a memory [FEATURE ID: 4] storing [TRANSITIVE ID: 5] : a first secure container containing [TRANSITIVE ID: 5] a governed item , the first secure container governed item being at least in part encrypted [TRANSITIVE ID: 9] ; a first secure container rule [FEATURE ID: 8] at least [FEATURE ID: 17] in part governing [TRANSITIVE ID: 1] an aspect [FEATURE ID: 7] of access [FEATURE ID: 2] to or use [FEATURE ID: 13] of said first secure container governed item ; and a second secure container , the second secure container containing audit information [FEATURE ID: 12] ; and hardware [FEATURE ID: 4] or software used for receiving [TRANSITIVE ID: 1] and opening secure containers , said secure containers each including the capacity to contain a governed item , a secure container rule [FEATURE ID: 6] being associated with each of said secure containers ; a protected processing environment [FEATURE ID: 4] at least in part protecting information [FEATURE ID: 15] contained in said protected processing environment from tampering by a user [FEATURE ID: 4] of said first apparatus , said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule [FEATURE ID: 6] in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container ; and hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses . 2 . A system including : a first apparatus including , user controls , a communications port , a processor , a memory storing : a first secure container containing a governed item , the first secure container governed item being at least in part encrypted ; the first secure container having been received from a second apparatus [FEATURE ID: 3] ; a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item , the first secure container rule , the first secure container rule having been received from a third apparatus different [FEATURE ID: 3] from said second apparatus ; and hardware or software used for receiving and opening secure containers , said secure containers each including the capacity to contain a governed item , a secure container rule being associated with each of said secure containers ; a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus , said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container ; and hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses . 3 . A system including : a first apparatus including , user controls , a communications port , a processor , a memory storing : a first secure container containing a governed item , the first secure container governed item being at least in part encrypted ; a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item ; and a second secure container containing a digital certificate [FEATURE ID: 10] ; hardware or software used for receiving and opening secure containers , said secure containers each including the capacity to contain a governed item , a secure container rule being associated with each of said secure containers ; a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus , said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container ; and hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses . 4 . A system as in claim [FEATURE ID: 16] 3 , said memory storing a rule [FEATURE ID: 14] associated with said second secure container , said rule associated with said second secure container at least in part governing at least one aspect of access to or use of said digital certificate . 5 . A system including : a first apparatus including , user controls , a communications port , a processor , a memory storing , a first secure container containing a governed item , the first secure container governed item being at least in part encrypted ; a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item ; and a second secure container containing a digital signature [FEATURE ID: 10] , the second secure container being different from said first secure container ; hardware or software used for receiving and opening secure containers , said secure containers each including the capacity to contain a governed item , a secure container rule being associated with each of said secure containers ; a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus , said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container ; and hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses . 6 . A system as in claim 5 , said memory storing a rule at least in part governing an aspect of access to or use of said digital signature . 7 . A system including : a first apparatus including , user controls , a communications port , a processor , a memory storing : a first secure container containing a governed item , the first secure econainer governed item being at least in part encrypted ; a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item ; and an electronic seal [FEATURE ID: 11] |
| Targeted Patent: Patent: US7657531B2 Filed: 2001-04-19 Issued: 2010-02-02 Patent Holder: (Original Assignee) Teigel Processing AB LLC (Current Assignee) Alto Dynamics LLC Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell Title: Systems and methods for state-less authentication | Cross Reference / Shared Meaning between the Lines |
Charted Against: Patent: US6185681B1 Filed: 1998-05-07 Issued: 2001-02-06 Patent Holder: (Original Assignee) MAZ TECHNOLOGIES Inc; MAZ TECHNOLOGIES Inc A CALIFORNIA Corp (Current Assignee) RPX Corp Inventor(s): Stephen Zizzi Title: Method of transparent encryption and decryption for an electronic document management system |
| [FEATURE ID: 1] method | software method, system, digital method, system method, dynamic method, cryptographic method, computer method | [FEATURE ID: 1] method |
| [TRANSITIVE ID: 2] enabling, verifying, extracting | determining, creating, storing, identifying, processing, providing, establishing | [TRANSITIVE ID: 2] encrypting, issuing, trapping, obtaining |
| [FEATURE ID: 3] access, valid security, context, security, current time, authorization information, user identifier, key, user role, other access, verifying, authorization, authority | identity, information, user, permission, credential, location, entry | [FEATURE ID: 3] encryption key value, encryption key name, access module, user authentication, encryption key values, authentication |
| [FEATURE ID: 4] resource, distributed | computer, memory, user, browser, network, device, client | [FEATURE ID: 4] general purpose computer, display, user input device, processor, document, SQL database, SQL database server, SQL database client, data reader device, portable data storage device, biometric recognition system, database |
| [FEATURE ID: 5] application server, processing system, validity, request | application, network, program, communication, computer, environment, authorization | [FEATURE ID: 5] application program, crypto module, control |
| [FEATURE ID: 6] user | consumer, client, computer, subscriber, customer, process | [FEATURE ID: 6] user |
| [FEATURE ID: 7] client application, access authorization component, expiration time, identity, organization identifier, authentication certificate, user location, user position | entity, application, agent, account, authority, operator, attribute | [FEATURE ID: 7] electronic document, electronic document management system |
| [TRANSITIVE ID: 8] possessing, comprising | by, having, of, providing, includes, with, utilizing | [TRANSITIVE ID: 8] including, comprising, using |
| [FEATURE ID: 9] steps | step, process, acts, following, activity | [FEATURE ID: 9] steps |
| [TRANSITIVE ID: 10] receiving | interpreting, passing, transferring, processing | [TRANSITIVE ID: 10] translating |
| [TRANSITIVE ID: 11] appended | input, attribute, address, information, element, image, alert | [TRANSITIVE ID: 11] event, characteristic, indicator |
| [FEATURE ID: 12] context renewal request, new symmetric key, security context | key, message, request, password, session, service, token | [FEATURE ID: 12] command, smart card |
| [TRANSITIVE ID: 13] provided | generated, specified, written, created | [TRANSITIVE ID: 13] open |
| [FEATURE ID: 14] content, services | parameters, attributes, metadata, features, credentials, details, signatures | [FEATURE ID: 14] user identification, information, unique information |
| [FEATURE ID: 15] sub-organization identifier | password, device, user | [FEATURE ID: 15] smart card reader |
| [FEATURE ID: 16] claim | step, paragraph, previous claim, preceding claim, statement, clause, item | [FEATURE ID: 16] claim |
| 1 . A method [FEATURE ID: 1] of enabling [TRANSITIVE ID: 2] access [FEATURE ID: 3] to a resource [FEATURE ID: 4] of a distributed [TRANSITIVE ID: 4] application server [FEATURE ID: 5] or processing system [FEATURE ID: 5] by a user [FEATURE ID: 6] / client application [FEATURE ID: 7] possessing [TRANSITIVE ID: 8] a valid security [FEATURE ID: 3] - context [FEATURE ID: 3] , comprising [TRANSITIVE ID: 8] the steps [FEATURE ID: 9] of : receiving [TRANSITIVE ID: 10] the security [FEATURE ID: 3] - context and an appended [TRANSITIVE ID: 11] protected security - context renewal request [FEATURE ID: 12] provided [TRANSITIVE ID: 13] by the user to an access authorization component [FEATURE ID: 7] of the application server or processing system ; verifying [TRANSITIVE ID: 2] the validity [FEATURE ID: 5] of the security - context and the security - context renewal request ; extracting [TRANSITIVE ID: 2] content [FEATURE ID: 14] of both the security - context and the security - context renewal request ; comparing current time [FEATURE ID: 3] to an expiration time [FEATURE ID: 7] identifying time of expiration of the security - context ; if the expiration time is less than the current time , comparing the security - context renewal request with stored identity [FEATURE ID: 7] and authorization information [FEATURE ID: 3] comprising at least one of a user identifier [FEATURE ID: 3] , an organization identifier [FEATURE ID: 7] , a sub-organization identifier [FEATURE ID: 15] , a key [FEATURE ID: 3] , an authentication certificate [FEATURE ID: 7] , an user location [FEATURE ID: 7] , a user role [FEATURE ID: 3] , and an user position [FEATURE ID: 7] identifying the user to the access authorization component and generating a new symmetric key [FEATURE ID: 12] , and other access [FEATURE ID: 3] and authorization information ; generating an updated security - context based on the verifying [FEATURE ID: 3] of the user ' s identity and authorization [FEATURE ID: 3] and based on the user having requested authority [FEATURE ID: 3] for access to the resource and services [FEATURE ID: 14] ; providing the updated security context [FEATURE ID: 12] to the user ; and sending the updated security - context and a request [FEATURE ID: 5] for access to the resource and services by the user to the application server or processing system . 2 . The method of claim [FEATURE ID: 16] |
1 . A method [FEATURE ID: 1] of encrypting [TRANSITIVE ID: 2] an electronic document [FEATURE ID: 7] which is open [FEATURE ID: 13] in an application program [FEATURE ID: 5] running in a general purpose computer [FEATURE ID: 4] , the general purpose computer including [TRANSITIVE ID: 8] a display [FEATURE ID: 4] , a user input device [FEATURE ID: 4] , a crypto module [FEATURE ID: 5] and a processor [FEATURE ID: 4] , the method comprising [TRANSITIVE ID: 8] : ( a ) from within the application program running in the general purpose computer , a user [FEATURE ID: 6] issuing [TRANSITIVE ID: 2] one of a “ close , ” “ save ” or “ save as ” command [FEATURE ID: 12] for the document [FEATURE ID: 4] using [TRANSITIVE ID: 8] the user input device ; ( b ) automatically translating [TRANSITIVE ID: 10] the command into an event [FEATURE ID: 11] ; ( c ) the crypto module automatically trapping [TRANSITIVE ID: 2] the event ; ( d ) the crypto module automatically obtaining [TRANSITIVE ID: 2] an encryption key value [FEATURE ID: 3] ; ( e ) the crypto module automatically encrypting the document using the encryption key value ; ( f ) the crypto module automatically passing control [FEATURE ID: 5] to an electronic document management system [FEATURE ID: 7] ; and ( g ) the electronic document management system executing the issued “ close , ” “ save ” or “ save as ” command ; whereby the electronic document is automatically encrypted . 2 . A method of encrypting a document as set forth in claim [FEATURE ID: 16] 1 wherein the electronic document management system comprises a SQL database [FEATURE ID: 4] , a SQL database server [FEATURE ID: 4] and a SQL database client [FEATURE ID: 4] , the SQL database client being disposed in the general purpose computer . 3 . A method of encrypting a document as set forth in claim 1 where step ( d ) comprises the steps [FEATURE ID: 9] of the crypto module determining if the document should be encrypted , and if not , then skipping step ( e ) , and if so , then : the crypto module retrieving an encryption key name [FEATURE ID: 3] associated with the document ; and the crypto module retrieving the encryption key value associated with the encryption key name . 4 . A method of encrypting a document as set forth in claim 3 , wherein there are plural encryption key values and at least one encryption key value is associated with the user , the method further comprising the steps of : the user submitting to an access module [FEATURE ID: 3] for user authentication [FEATURE ID: 3] ; if the access module does not authenticate the user , then always skipping steps ( d ) and ( e ) ; else in step ( d ) , the crypto module retrieving the encryption key value associated with the encryption key name and the user . 5 . A method of encrypting a document as set forth in claim 4 , the general purpose computer further comprising a data reader device [FEATURE ID: 4] for reading user identification [FEATURE ID: 14] and encryption key values [FEATURE ID: 3] from a portable data storage device [FEATURE ID: 4] , the method further comprising the user presenting the portable data storage device to the data reader device , wherein the access module utilizes information [FEATURE ID: 14] stored in the portable data storage device to authenticate the user , and the encryption key value associated with the user is stored in the portable data storage device . 6 . A method of encrypting a document as set forth in claim 5 , wherein the data reader device comprises a smart card reader [FEATURE ID: 15] and the portable data storage device comprises a smart card [FEATURE ID: 12] . 7 . A method of encrypting a document as set forth in claim 5 , wherein the data reader device comprises a biometric recognition system [FEATURE ID: 4] and the portable data storage device comprises the user , wherein the access module utilizes unique information [FEATURE ID: 14] about the user for authentication [FEATURE ID: 3] , and the encryption key value is derived from at least one characteristic [FEATURE ID: 11] of the user . 8 . A method of encrypting a document as set forth in claim 1 wherein the electronic document management system comprises a database [FEATURE ID: 4] , the database including an indicator [FEATURE ID: 11] |
| Targeted Patent: Patent: US7657531B2 Filed: 2001-04-19 Issued: 2010-02-02 Patent Holder: (Original Assignee) Teigel Processing AB LLC (Current Assignee) Alto Dynamics LLC Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell Title: Systems and methods for state-less authentication | Cross Reference / Shared Meaning between the Lines |
Charted Against: Patent: US6178511B1 Filed: 1998-04-30 Issued: 2001-01-23 Patent Holder: (Original Assignee) International Business Machines Corp (Current Assignee) International Business Machines Corp Inventor(s): Richard Jay Cohen, Richard Allen Forsberg, Paul A. Kallfelz, Jr., John Robert Meckstroth, Christopher James Pascoe, Andrea Lynn Snow-Weaver Title: Coordinating user target logons in a single sign-on (SSO) environment |
| [FEATURE ID: 1] method, user, access authorization component, authorization information, user identifier, organization identifier, sub-organization identifier, key, authentication certificate, user location, user role, user position, new symmetric key, authorization, request | credential, password, process, application, procedure, policy, authority | [FEATURE ID: 1] method, logon process, steps, logon attempt, step, subsequent session, operation, computer enterprise |
| [TRANSITIVE ID: 2] enabling, receiving, verifying, extracting | determining, obtaining, processing, validating, establishing, analyzing, reading | [TRANSITIVE ID: 2] storing, identifying |
| [FEATURE ID: 3] access, verifying | information, authentication, login, credentials, privileges, data, identity | [FEATURE ID: 3] different logon processes, methods, user, specific information, respect, user information, access |
| [FEATURE ID: 4] resource, distributed, processing system, client application, valid security, context renewal request, validity, expiration | client, process, user, service, component, task, configuration | [FEATURE ID: 4] computer enterprise environment, particular application, target application, configuration directive, user id, change password operation, provider, application, session |
| [FEATURE ID: 5] application server, appended, authority, security context | information, data, resource, access, application, security, services | [FEATURE ID: 5] multiple target resources, target resource |
| [TRANSITIVE ID: 6] possessing, comprising | using, including, and, employing, containing, providing, with | [TRANSITIVE ID: 6] comprising, having |
| [FEATURE ID: 7] context | key, token, cookie, ticket, license, certificate, signature | [FEATURE ID: 7] password, particular configuration directive |
| [FEATURE ID: 8] steps, current time | information, data, procedures, functions, actions, contents, processes | [FEATURE ID: 8] applications, associated methods |
| [FEATURE ID: 9] security | control, service, user | [FEATURE ID: 9] access |
| [FEATURE ID: 10] content | details, characteristics, properties, parameters, attributes, information, associations | [FEATURE ID: 10] configuration directives, state information |
| [FEATURE ID: 11] identity | access, credentials, authorisation, entitlement | [FEATURE ID: 11] authority |
| [FEATURE ID: 12] other access | identification, information, personal | [FEATURE ID: 12] specific |
| [FEATURE ID: 13] services | sessions, accounts, clients, customers, devices, applications, processes | [FEATURE ID: 13] target resources, users |
| [FEATURE ID: 14] claim | step, claimed, requirement, figure, embodiment, paragraph, item | [FEATURE ID: 14] claim |
| 1 . A method [FEATURE ID: 1] of enabling [TRANSITIVE ID: 2] access [FEATURE ID: 3] to a resource [FEATURE ID: 4] of a distributed [TRANSITIVE ID: 4] application server [FEATURE ID: 5] or processing system [FEATURE ID: 4] by a user [FEATURE ID: 1] / client application [FEATURE ID: 4] possessing [TRANSITIVE ID: 6] a valid security [FEATURE ID: 4] - context [FEATURE ID: 7] , comprising [TRANSITIVE ID: 6] the steps [FEATURE ID: 8] of : receiving [TRANSITIVE ID: 2] the security [FEATURE ID: 9] - context and an appended [TRANSITIVE ID: 5] protected security - context renewal request [FEATURE ID: 4] provided by the user to an access authorization component [FEATURE ID: 1] of the application server or processing system ; verifying [TRANSITIVE ID: 2] the validity [FEATURE ID: 4] of the security - context and the security - context renewal request ; extracting [TRANSITIVE ID: 2] content [FEATURE ID: 10] of both the security - context and the security - context renewal request ; comparing current time [FEATURE ID: 8] to an expiration time identifying time of expiration [FEATURE ID: 4] of the security - context ; if the expiration time is less than the current time , comparing the security - context renewal request with stored identity [FEATURE ID: 11] and authorization information [FEATURE ID: 1] comprising at least one of a user identifier [FEATURE ID: 1] , an organization identifier [FEATURE ID: 1] , a sub-organization identifier [FEATURE ID: 1] , a key [FEATURE ID: 1] , an authentication certificate [FEATURE ID: 1] , an user location [FEATURE ID: 1] , a user role [FEATURE ID: 1] , and an user position [FEATURE ID: 1] identifying the user to the access authorization component and generating a new symmetric key [FEATURE ID: 1] , and other access [FEATURE ID: 12] and authorization information ; generating an updated security - context based on the verifying [FEATURE ID: 3] of the user ' s identity and authorization [FEATURE ID: 1] and based on the user having requested authority [FEATURE ID: 5] for access to the resource and services [FEATURE ID: 13] ; providing the updated security context [FEATURE ID: 5] to the user ; and sending the updated security - context and a request [FEATURE ID: 1] for access to the resource and services by the user to the application server or processing system . 2 . The method of claim [FEATURE ID: 14] |
1 . A method [FEATURE ID: 1] of single sign - on to multiple target resources [FEATURE ID: 5] in a computer enterprise environment [FEATURE ID: 4] , wherein at least some target resources [FEATURE ID: 13] normally require a given logon process [FEATURE ID: 1] to access [TRANSITIVE ID: 9] applications [FEATURE ID: 8] on the target resource [FEATURE ID: 5] , comprising [TRANSITIVE ID: 6] the steps [FEATURE ID: 1] of : for each of a set of target resources having [TRANSITIVE ID: 6] different logon processes [FEATURE ID: 3] , storing [TRANSITIVE ID: 2] configuration directives [FEATURE ID: 10] identifying [TRANSITIVE ID: 2] the given logon process and methods [FEATURE ID: 3] required to access a particular application [FEATURE ID: 4] on the target resource ; for each of a set of users [FEATURE ID: 13] , storing user [FEATURE ID: 3] - specific information [FEATURE ID: 3] that enables the user to access and logon to one or more of the target resources ; and during a logon attempt [FEATURE ID: 1] by a given user with respect [FEATURE ID: 3] to a target application [FEATURE ID: 4] on one of the set of target resources , coordinating given user information [FEATURE ID: 3] with at least one given configuration directive [FEATURE ID: 4] to enable the given user to logon to the target application without specifying the given logon process . 2 . The method as described in claim [FEATURE ID: 14] 1 further including the step [FEATURE ID: 1] of validating a user id [FEATURE ID: 4] / password [FEATURE ID: 7] of the given user during the logon attempt . 3 . The method as described in claim 1 further including the step of storing state information [FEATURE ID: 10] associating the given user with the given target application . 4 . The method as described in claim 3 further including the step of using the state information stored to facilitate access [FEATURE ID: 3] to the target application in a subsequent session [FEATURE ID: 1] . 5 . The method as described in claim 3 further including the step of using the state information to determine whether the given user has authority [FEATURE ID: 11] to perform a given operation [FEATURE ID: 1] . 6 . The method as described in claim 5 wherein the given operation is a change password operation [FEATURE ID: 4] . 7 . The method as described in claim 6 further including the step of performing the given operation . 8 . The method as described in claim 1 wherein a particular configuration directive [FEATURE ID: 7] is generated by a provider [FEATURE ID: 4] of a given target application . 9 . A method of enabling single sign - on access to a target application on a target resource in a distributed computer enterprise [FEATURE ID: 1] , comprising the steps of : generating a configuration directive identifying a given logon process and any associated methods [FEATURE ID: 8] required to access the target application on the target resource ; for each of a set of users , storing user - specific [FEATURE ID: 12] and application [FEATURE ID: 4] - specific information that enables the user to access and logon to one or more target resources ; and during a session [FEATURE ID: 4] |
| Targeted Patent: Patent: US7657531B2 Filed: 2001-04-19 Issued: 2010-02-02 Patent Holder: (Original Assignee) Teigel Processing AB LLC (Current Assignee) Alto Dynamics LLC Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell Title: Systems and methods for state-less authentication | Cross Reference / Shared Meaning between the Lines |
Charted Against: Patent: EP0565314B1 Filed: 1992-04-06 Issued: 2001-01-17 Patent Holder: (Original Assignee) Addison M. Fischer Inventor(s): Addison M. Fischer Title: Method for signing travelling programs |
| [FEATURE ID: 1] method | process, operation, procedure, technique, system, computer method, means | [FEATURE ID: 1] Method, method, steps, digital signature verification operation, step, format |
| [TRANSITIVE ID: 2] enabling, receiving, verifying, extracting | obtaining, determining, checking, identifying, inspecting, reading, storing | [TRANSITIVE ID: 2] processing, executing, processing |
| [FEATURE ID: 3] access, identity, request | control, communication, requests, login, management, signal, instructions | [FEATURE ID: 3] messages, direction |
| [FEATURE ID: 4] resource, distributed, processing system, user, expiration time, sub-organization identifier, key, user role, user position, new symmetric key | network, computer, location, server, terminal, device, domain | [FEATURE ID: 4] channel, part, digital communications system, first computer, next destination, digital signature, user |
| [FEATURE ID: 5] application server, authentication certificate, user location | application, algorithm, environment, message, data, processor, system | [FEATURE ID: 5] accompanying data, standard, program variable |
| [FEATURE ID: 6] client application, user identifier | group, string, code, person, system, number, process | [FEATURE ID: 6] sequence |
| [TRANSITIVE ID: 7] possessing, comprising | having, and, providing, containing, using, defining, with | [TRANSITIVE ID: 7] said, consisting, being, comprising, including |
| [FEATURE ID: 8] context, security, other access | key, validity, code, trust, integrity, service, access | [FEATURE ID: 8] digital certificate, predefined data structure |
| [FEATURE ID: 9] steps | action, operation, instructions | [FEATURE ID: 9] control |
| [TRANSITIVE ID: 10] protected | optional, associated, corresponding, electronic | [TRANSITIVE ID: 10] accompanying |
| [FEATURE ID: 11] context renewal request, authorization information, authority, security context | information, message, instructions, code, authentication, security, policy | [FEATURE ID: 11] digital instructions, data |
| [FEATURE ID: 12] access authorization component | interface, object, input | [FEATURE ID: 12] Electronic Data Interchange |
| [FEATURE ID: 13] content | characteristics, fields, parameters, attributes, information, values | [FEATURE ID: 13] instructions |
| [FEATURE ID: 14] current time | each, data, information, itself, same, this, that | [FEATURE ID: 14] such information |
| [FEATURE ID: 15] services | users, systems, data, devices, applications | [FEATURE ID: 15] computers |
| [FEATURE ID: 16] claim | step, paragraph, preceding claim, clause, item, requirement, clair | [FEATURE ID: 16] Claim, claim |
| [FEATURE ID: 17] least | lea, most, last, lease, lest, lea east | [FEATURE ID: 17] least |
| 1 . A method [FEATURE ID: 1] of enabling [TRANSITIVE ID: 2] access [FEATURE ID: 3] to a resource [FEATURE ID: 4] of a distributed [TRANSITIVE ID: 4] application server [FEATURE ID: 5] or processing system [FEATURE ID: 4] by a user [FEATURE ID: 4] / client application [FEATURE ID: 6] possessing [TRANSITIVE ID: 7] a valid security - context [FEATURE ID: 8] , comprising [TRANSITIVE ID: 7] the steps [FEATURE ID: 9] of : receiving [TRANSITIVE ID: 2] the security [FEATURE ID: 8] - context and an appended protected [TRANSITIVE ID: 10] security - context renewal request [FEATURE ID: 11] provided by the user to an access authorization component [FEATURE ID: 12] of the application server or processing system ; verifying [TRANSITIVE ID: 2] the validity of the security - context and the security - context renewal request ; extracting [TRANSITIVE ID: 2] content [FEATURE ID: 13] of both the security - context and the security - context renewal request ; comparing current time [FEATURE ID: 14] to an expiration time [FEATURE ID: 4] identifying time of expiration of the security - context ; if the expiration time is less than the current time , comparing the security - context renewal request with stored identity [FEATURE ID: 3] and authorization information [FEATURE ID: 11] comprising at least one of a user identifier [FEATURE ID: 6] , an organization identifier , a sub-organization identifier [FEATURE ID: 4] , a key [FEATURE ID: 4] , an authentication certificate [FEATURE ID: 5] , an user location [FEATURE ID: 5] , a user role [FEATURE ID: 4] , and an user position [FEATURE ID: 4] identifying the user to the access authorization component and generating a new symmetric key [FEATURE ID: 4] , and other access [FEATURE ID: 8] and authorization information ; generating an updated security - context based on the verifying of the user ' s identity and authorization and based on the user having requested authority [FEATURE ID: 11] for access to the resource and services [FEATURE ID: 15] ; providing the updated security context [FEATURE ID: 11] to the user ; and sending the updated security - context and a request [FEATURE ID: 3] for access to the resource and services by the user to the application server or processing system . 2 . The method of claim [FEATURE ID: 16] 1 , wherein a resource identified in the security - context renewal request is at least [FEATURE ID: 17] |
1 Method [FEATURE ID: 1] for processing [TRANSITIVE ID: 2] information , said [TRANSITIVE ID: 7] information consisting [TRANSITIVE ID: 7] of digital instructions [FEATURE ID: 11] and accompanying [TRANSITIVE ID: 10] data [FEATURE ID: 11] , among a plurality of computers [FEATURE ID: 15] ( Terminals A , B ... N ) coupled to a channel [FEATURE ID: 4] ( 12 ) , over which computers exchange messages [FEATURE ID: 3] , said computers being [TRANSITIVE ID: 7] part [FEATURE ID: 4] of a digital communications system [FEATURE ID: 4] , said method [FEATURE ID: 1] comprising [TRANSITIVE ID: 7] the steps [FEATURE ID: 1] of : executing [TRANSITIVE ID: 2] on a first computer [FEATURE ID: 4] a sequence [FEATURE ID: 6] of digital instructions ( Fig. 2 , block 22 ) including [TRANSITIVE ID: 7] instructions [FEATURE ID: 13] which determine at least one next destination [FEATURE ID: 4] that receives the sequence of digital instructions together with the accompanying data ; and transmitting said sequence of digital instructions together with the accompanying data to said next destination ; characterized in that said accompanying data [FEATURE ID: 5] includes at least [FEATURE ID: 17] one digital signature [FEATURE ID: 4] ( 432 ) which is selectively applied to said information ; and in that , under the control [FEATURE ID: 9] of said sequence of digital instructions , a digital signature verification operation [FEATURE ID: 1] based upon said information is performed . 2 A method according to Claim [FEATURE ID: 16] 1 , wherein said digital signature is represented as data subject to being logically processed by said sequence of digital instructions . 3 A method according to Claim 1 or Claim 2 , further including the step [FEATURE ID: 1] of associating of a digital certificate [FEATURE ID: 8] with said digital signature and wherein said digital certificate is represented as data subject to being logically processed by said sequence of digital instructions . 4 A method according to any preceding claim [FEATURE ID: 16] , further including the step of acquiring data from a user [FEATURE ID: 4] at at least one of said plurality of computers , and translating the acquired data by said sequence of digital instructions into a predefined data structure [FEATURE ID: 8] conforming to a recognized standard [FEATURE ID: 5] . 5 A method according to Claim 4 , including the step of processing [FEATURE ID: 2] and verifying the digital signature and the data to which it is applied . 6 A method according to any preceding claim , further including the step of translating data under direction [FEATURE ID: 3] of said sequence of digital instructions into an Electronic Data Interchange [FEATURE ID: 12] ( EDI ) format [FEATURE ID: 1] . 7 A method according to any preceding claim , including the step of logically constructing the information to which the digital signature can be selectively applied , wherein such information [FEATURE ID: 14] is treated as a program variable [FEATURE ID: 5] |
| Targeted Patent: Patent: US7657531B2 Filed: 2001-04-19 Issued: 2010-02-02 Patent Holder: (Original Assignee) Teigel Processing AB LLC (Current Assignee) Alto Dynamics LLC Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell Title: Systems and methods for state-less authentication | Cross Reference / Shared Meaning between the Lines |
Charted Against: Patent: US6175717B1 Filed: 1993-04-16 Issued: 2001-01-16 Patent Holder: (Original Assignee) Trans Video Electronics Inc (Current Assignee) TRANSVIDEO ELECTRONICS Ltd ; Trans Video Electronics ; Trans Video Electronics Inc Inventor(s): Mihailo V. Rebec, Mohammed S. Rebec Title: Global mobile video communications system |
| [TRANSITIVE ID: 1] enabling | controlling, handling, processing | [TRANSITIVE ID: 1] demodulating |
| [FEATURE ID: 2] resource, user role | server, receiver, network, user, terminal, antenna, vehicle | [FEATURE ID: 2] satellite first local microwave signals, satellite, system, satellite communications system, microwave satellite receiver |
| [TRANSITIVE ID: 3] distributed | physical, first, secure, remote | [TRANSITIVE ID: 3] satellite communications |
| [FEATURE ID: 4] application server | communication, system, device, platform, network, computer | [FEATURE ID: 4] mobile microwave system |
| [FEATURE ID: 5] processing system | workstation, server, subsystem | [FEATURE ID: 5] high speed digital station |
| [FEATURE ID: 6] user | distributed, mobile, remote | [FEATURE ID: 6] portable |
| [FEATURE ID: 7] client application | system, client, terminal | [FEATURE ID: 7] display unit |
| [TRANSITIVE ID: 8] possessing, comprising | including, providing, containing, having, and, by, of | [TRANSITIVE ID: 8] comprising, comprises, representing, housing |
| [FEATURE ID: 9] steps | action, operation, activity | [FEATURE ID: 9] motion |
| [TRANSITIVE ID: 10] receiving, verifying, extracting | processing, analyzing, storing, detecting, obtaining, monitoring, transferring | [TRANSITIVE ID: 10] transmitting, receiving, transforming, compressing |
| [FEATURE ID: 11] access authorization component | interface, element, interrogator, input, antenna, output, engine | [FEATURE ID: 11] antenna assembly, antenna terminal |
| [FEATURE ID: 12] content | metadata, text, payload | [FEATURE ID: 12] first local digital data |
| [FEATURE ID: 13] current time, services | data, information, contents, therefrom, value, signals, same | [FEATURE ID: 13] first remote microwave signals, remote digital data |
| [FEATURE ID: 14] authority | the, information, data | [FEATURE ID: 14] first remote digital data |
| [FEATURE ID: 15] security context | content, data, information | [FEATURE ID: 15] remote video signals |
| [FEATURE ID: 16] claim | step, embodiment, statement, clause, item, paragraph, the claim | [FEATURE ID: 16] claim |
| 1 . A method of enabling [TRANSITIVE ID: 1] access to a resource [FEATURE ID: 2] of a distributed [TRANSITIVE ID: 3] application server [FEATURE ID: 4] or processing system [FEATURE ID: 5] by a user [FEATURE ID: 6] / client application [FEATURE ID: 7] possessing [TRANSITIVE ID: 8] a valid security - context , comprising [TRANSITIVE ID: 8] the steps [FEATURE ID: 9] of : receiving [TRANSITIVE ID: 10] the security - context and an appended protected security - context renewal request provided by the user to an access authorization component [FEATURE ID: 11] of the application server or processing system ; verifying [TRANSITIVE ID: 10] the validity of the security - context and the security - context renewal request ; extracting [TRANSITIVE ID: 10] content [FEATURE ID: 12] of both the security - context and the security - context renewal request ; comparing current time [FEATURE ID: 13] to an expiration time identifying time of expiration of the security - context ; if the expiration time is less than the current time , comparing the security - context renewal request with stored identity and authorization information comprising at least one of a user identifier , an organization identifier , a sub-organization identifier , a key , an authentication certificate , an user location , a user role [FEATURE ID: 2] , and an user position identifying the user to the access authorization component and generating a new symmetric key , and other access and authorization information ; generating an updated security - context based on the verifying of the user ' s identity and authorization and based on the user having requested authority [FEATURE ID: 14] for access to the resource and services [FEATURE ID: 13] ; providing the updated security context [FEATURE ID: 15] to the user ; and sending the updated security - context and a request for access to the resource and services by the user to the application server or processing system . 2 . The method of claim [FEATURE ID: 16] |
1 . A mobile microwave system [FEATURE ID: 4] , comprising [TRANSITIVE ID: 8] : a microwave subsystem for transmitting [TRANSITIVE ID: 10] directly to a satellite first local microwave signals [FEATURE ID: 2] modulated with first local digital data [FEATURE ID: 12] while in motion [FEATURE ID: 9] with respect to earth and for receiving [TRANSITIVE ID: 10] first remote microwave signals [FEATURE ID: 13] modulated with first remote digital data [FEATURE ID: 14] while in motion with respect to earth , wherein said microwave subsystem comprises [TRANSITIVE ID: 8] an antenna assembly [FEATURE ID: 11] for transmitting said first local microwave signals and for receiving said first remote microwave signals capable of representing [TRANSITIVE ID: 8] remote video signals [FEATURE ID: 15] ; a high speed digital station [FEATURE ID: 5] coupled to said microwave subsystem , for receiving a video signal and for transforming [TRANSITIVE ID: 10] and compressing [TRANSITIVE ID: 10] said video signal into said first local digital data and for transforming and decompressing said first remote digital data into a first decompressed remote digital data [FEATURE ID: 13] ; and a land vehicle for housing [FEATURE ID: 8] said microwave subsystem and said high speed digital station , said vehicle having a lower portion and a roof , wherein said first local microwave signals transmitted by said antenna assembly pass through said roof , wherein said microwave subsystem is adjustable in pitch and yaw relative to the land vehicle moving with respect to the earth on any terrain to establish a satellite communications [FEATURE ID: 3] link to the satellite [FEATURE ID: 2] using the first local microwave signals and the first remote microwave signals . 2 . The mobile microwave system as claimed in claim [FEATURE ID: 16] 1 , wherein said microwave subsystem further comprises : an antenna terminal [FEATURE ID: 11] coupled to said antenna assembly and said high speed digital station for demodulating [FEATURE ID: 1] said first microwave signals . 3 . The mobile microwave system of claim 1 , further comprising a power generator , wherein the microwave subsystem and the high speed digital station are coupled to the power generator . 4 . The mobile microwave system as claimed in claim 1 , further comprising a display unit [FEATURE ID: 7] coupled to said high speed digital station and said power generator , for displaying said first decompressed remote digital data . 5 . A portable [FEATURE ID: 6] integrated receiving system [FEATURE ID: 2] for use with a satellite communications system [FEATURE ID: 2] to establish a satellite communications down - link , comprising : a microwave satellite receiver [FEATURE ID: 2] |
| Targeted Patent: Patent: US7657531B2 Filed: 2001-04-19 Issued: 2010-02-02 Patent Holder: (Original Assignee) Teigel Processing AB LLC (Current Assignee) Alto Dynamics LLC Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell Title: Systems and methods for state-less authentication | Cross Reference / Shared Meaning between the Lines |
Charted Against: Patent: EP1062560A1 Filed: 1998-03-11 Issued: 2000-12-27 Patent Holder: (Original Assignee) Cha! Technologies Inc (Current Assignee) Cha! Technologies Inc Inventor(s): Yoav A. Leitersdorf, Timothy Sixtus Title: Automatically invoked intermediation process for network purchases |
| [FEATURE ID: 1] method, steps | procedure, step, process, methods, initial steps, blocks, features | [FEATURE ID: 1] intermediation process, steps |
| [TRANSITIVE ID: 2] enabling, extracting | processing, updating, obtaining, storing, protecting, verifying, managing | [TRANSITIVE ID: 2] establishing |
| [FEATURE ID: 3] access, appended, access authorization component, current time, expiration time, expiration, identity, organization identifier, authentication certificate, user location, user position, other access, verifying, authorization, security context | information, application, account, authentication, authority, attribute, identification | [FEATURE ID: 3] content, access fee schedule, access, override information, purchaser site authentication credentials, network communication activity information |
| [FEATURE ID: 4] resource, client application, security, user role, new symmetric key | server, user, transaction, system, website, computer, host | [FEATURE ID: 4] database, subscriber, central transaction processing site, merchant site, network, network site, resource rules database, resource, target network resource, browser program |
| [TRANSITIVE ID: 5] distributed, application server, processing system | network, computer, platform, computing, security, software, processing | [TRANSITIVE ID: 5] digital communications network |
| [FEATURE ID: 6] user | network, subscriber, consumer, local | [FEATURE ID: 6] subscribing, purchaser |
| [TRANSITIVE ID: 7] possessing, comprising, receiving, verifying | providing, having, using, utilizing, containing, presenting, obtaining | [TRANSITIVE ID: 7] purchasing, comprising, including, encoding, identifying, accessing |
| [FEATURE ID: 8] context, context renewal request, user identifier, sub-organization identifier, key, request | token, code, certificate, license, device, pin, location | [FEATURE ID: 8] restriction, purchaser account balance |
| [FEATURE ID: 9] content, authorization information | details, metadata, attributes, parameters, values, indicia, characteristics | [FEATURE ID: 9] information, resource locator data, data identification criteria |
| [FEATURE ID: 10] authority | information, payment, customers, data, funds, credentials, merchant | [FEATURE ID: 10] merchant accounts, purchaser accounts database, respect |
| [FEATURE ID: 11] services | information, accounts, users | [FEATURE ID: 11] purchaser accounts |
| 1 . A method [FEATURE ID: 1] of enabling [TRANSITIVE ID: 2] access [FEATURE ID: 3] to a resource [FEATURE ID: 4] of a distributed [TRANSITIVE ID: 5] application server [FEATURE ID: 5] or processing system [FEATURE ID: 5] by a user [FEATURE ID: 6] / client application [FEATURE ID: 4] possessing [TRANSITIVE ID: 7] a valid security - context [FEATURE ID: 8] , comprising [TRANSITIVE ID: 7] the steps [FEATURE ID: 1] of : receiving [TRANSITIVE ID: 7] the security [FEATURE ID: 4] - context and an appended [TRANSITIVE ID: 3] protected security - context renewal request [FEATURE ID: 8] provided by the user to an access authorization component [FEATURE ID: 3] of the application server or processing system ; verifying [TRANSITIVE ID: 7] the validity of the security - context and the security - context renewal request ; extracting [TRANSITIVE ID: 2] content [FEATURE ID: 9] of both the security - context and the security - context renewal request ; comparing current time [FEATURE ID: 3] to an expiration time [FEATURE ID: 3] identifying time of expiration [FEATURE ID: 3] of the security - context ; if the expiration time is less than the current time , comparing the security - context renewal request with stored identity [FEATURE ID: 3] and authorization information [FEATURE ID: 9] comprising at least one of a user identifier [FEATURE ID: 8] , an organization identifier [FEATURE ID: 3] , a sub-organization identifier [FEATURE ID: 8] , a key [FEATURE ID: 8] , an authentication certificate [FEATURE ID: 3] , an user location [FEATURE ID: 3] , a user role [FEATURE ID: 4] , and an user position [FEATURE ID: 3] identifying the user to the access authorization component and generating a new symmetric key [FEATURE ID: 4] , and other access [FEATURE ID: 3] and authorization information ; generating an updated security - context based on the verifying [FEATURE ID: 3] of the user ' s identity and authorization [FEATURE ID: 3] and based on the user having requested authority [FEATURE ID: 10] for access to the resource and services [FEATURE ID: 11] ; providing the updated security context [FEATURE ID: 3] to the user ; and sending the updated security - context and a request [FEATURE ID: 8] |
1 . An automatically invoked intermediation process [FEATURE ID: 1] for purchasing [TRANSITIVE ID: 7] content [FEATURE ID: 3] over a digital communications network [FEATURE ID: 5] by subscribing [TRANSITIVE ID: 6] purchasers from subscribing merchants , the intermediation process comprising [TRANSITIVE ID: 7] the steps [FEATURE ID: 1] of : ( a ) establishing [TRANSITIVE ID: 2] a database [FEATURE ID: 4] of subscriber [FEATURE ID: 4] - purchaser accounts [FEATURE ID: 11] and a database of subscriber - merchant accounts [FEATURE ID: 10] at a central transaction processing site [FEATURE ID: 4] on the digital communications network , the subscriber - merchant accounts database including [TRANSITIVE ID: 7] information [FEATURE ID: 9] encoding [TRANSITIVE ID: 7] resource locator data [FEATURE ID: 9] identifying [TRANSITIVE ID: 7] at least one restricted - access port at each subscribing merchant site [FEATURE ID: 4] on the network [FEATURE ID: 4] and , for each such restricted - access port , information encoding an access fee schedule [FEATURE ID: 3] for accessing [TRANSITIVE ID: 7] content by way of the restricted - access port and access [FEATURE ID: 3] - restriction [FEATURE ID: 8] - override information [FEATURE ID: 3] for enabling access to content by way of the restricted - access port , and the subscriber - purchaser accounts database [FEATURE ID: 10] including information encoding purchaser site authentication credentials [FEATURE ID: 3] and a purchaser account balance [FEATURE ID: 8] for each subscribing purchaser [FEATURE ID: 6] ; ( b ) at the network site [FEATURE ID: 4] of each subscribing purchaser , establishing a resource rules database [FEATURE ID: 4] including information encoding resource [FEATURE ID: 4] - locator - data identification criteria [FEATURE ID: 9] corresponding to each of at least a subset of the restricted - access ports at subscribing merchant sites identified in the subscriber - merchant accounts database and the access fee schedule for accessing content by way of the corresponding restricted - access port ; ( c ) at the network site of each subscribing purchaser , locally monitoring network communication activity information [FEATURE ID: 3] with respect [FEATURE ID: 10] to access to a target network resource [FEATURE ID: 4] generated by a browser program [FEATURE ID: 4] |
| Targeted Patent: Patent: US7657531B2 Filed: 2001-04-19 Issued: 2010-02-02 Patent Holder: (Original Assignee) Teigel Processing AB LLC (Current Assignee) Alto Dynamics LLC Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell Title: Systems and methods for state-less authentication | Cross Reference / Shared Meaning between the Lines |
Charted Against: Patent: EP0800312A4 Filed: 1995-10-09 Issued: 2000-12-27 Patent Holder: (Original Assignee) Matsushita Electric Industrial Co Ltd (Current Assignee) Panasonic Holdings Corp Inventor(s): Kazuhiko Yamauchi, Hiroshi Ueda, Masayuki Kozuka, Yoshihisa Fukushima, Makoto Tatebayashi, Syunji Harada, Koichiro Endo Title: Data transmitter, data transmitting method, data receiver, information processor, and information recording medium |
| 1 |
| Targeted Patent: Patent: US7657531B2 Filed: 2001-04-19 Issued: 2010-02-02 Patent Holder: (Original Assignee) Teigel Processing AB LLC (Current Assignee) Alto Dynamics LLC Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell Title: Systems and methods for state-less authentication | Cross Reference / Shared Meaning between the Lines |
Charted Against: Patent: US6157721A Filed: 1996-08-12 Issued: 2000-12-05 Patent Holder: (Original Assignee) Intertrust Technologies Corp (Current Assignee) Intertrust Technologies Corp Inventor(s): Victor H. Shear, W. Olin Sibert, David M. Van Wie Title: Systems and methods using cryptography to protect secure computing environments |
| [FEATURE ID: 1] method, user location | system, process, technique, software method, cryptographic method, methods, management method | [FEATURE ID: 1] security method, method, first public key |
| [TRANSITIVE ID: 2] enabling, receiving, verifying, extracting | validating, processing, obtaining, identifying, detecting, examining, inspecting | [TRANSITIVE ID: 2] signing, distributing, using |
| [FEATURE ID: 3] access | protection, security, authentication, safety, secure, confidentiality | [FEATURE ID: 3] security level different, security level |
| [FEATURE ID: 4] resource, distributed, user | computer, device, client, network, first, software, remote | [FEATURE ID: 4] second device class, first electronic appliance, second electronic appliance different, load module |
| [FEATURE ID: 5] application server, processing system, client application, valid security, access authorization component, expiration, identity | application, security, control, communication, storage, system, environment | [FEATURE ID: 5] use, software, first decryption algorithm, user |
| [TRANSITIVE ID: 6] possessing, comprising | using, and, by, with, of, involving, containing | [TRANSITIVE ID: 6] comprising, designating, having, including |
| [FEATURE ID: 7] context, authentication certificate, other access, request | credential, key, token, certificate, authorization, message, access | [FEATURE ID: 7] second digital signature different |
| [FEATURE ID: 8] steps | capabilities, features, methods, instructions, acts, procedures | [FEATURE ID: 8] functions |
| [FEATURE ID: 9] security, appended, validity, verifying, authorization | integrity, identity, status, authentication, access, authenticity, information | [FEATURE ID: 9] results, first public key key |
| [FEATURE ID: 10] context renewal request, sub-organization identifier, key, new symmetric key, security context | token, message, certificate, password, policy, document, request | [FEATURE ID: 10] first digital signature, digital certificate |
| [FEATURE ID: 11] content | properties, values, characteristics | [FEATURE ID: 11] resistances |
| [FEATURE ID: 12] authorization information, authority | security, privileges, certificates, permission, authentication, instructions, information | [FEATURE ID: 12] security levels |
| [FEATURE ID: 13] user identifier | signature, device, key | [FEATURE ID: 13] resistant barrier |
| [FEATURE ID: 14] user role | type, state, location | [FEATURE ID: 14] same portion |
| [FEATURE ID: 15] user position | instruction, application, identification, indication | [FEATURE ID: 15] specification |
| [FEATURE ID: 16] services | users, systems, applications | [FEATURE ID: 16] second device classes |
| [FEATURE ID: 17] claim | step, claimed, clair, figure, embodiment, paragraph, item | [FEATURE ID: 17] claim |
| 1 . A method [FEATURE ID: 1] of enabling [TRANSITIVE ID: 2] access [FEATURE ID: 3] to a resource [FEATURE ID: 4] of a distributed [TRANSITIVE ID: 4] application server [FEATURE ID: 5] or processing system [FEATURE ID: 5] by a user [FEATURE ID: 4] / client application [FEATURE ID: 5] possessing [TRANSITIVE ID: 6] a valid security [FEATURE ID: 5] - context [FEATURE ID: 7] , comprising [TRANSITIVE ID: 6] the steps [FEATURE ID: 8] of : receiving [TRANSITIVE ID: 2] the security [FEATURE ID: 9] - context and an appended [TRANSITIVE ID: 9] protected security - context renewal request [FEATURE ID: 10] provided by the user to an access authorization component [FEATURE ID: 5] of the application server or processing system ; verifying [TRANSITIVE ID: 2] the validity [FEATURE ID: 9] of the security - context and the security - context renewal request ; extracting [TRANSITIVE ID: 2] content [FEATURE ID: 11] of both the security - context and the security - context renewal request ; comparing current time to an expiration time identifying time of expiration [FEATURE ID: 5] of the security - context ; if the expiration time is less than the current time , comparing the security - context renewal request with stored identity [FEATURE ID: 5] and authorization information [FEATURE ID: 12] comprising at least one of a user identifier [FEATURE ID: 13] , an organization identifier , a sub-organization identifier [FEATURE ID: 10] , a key [FEATURE ID: 10] , an authentication certificate [FEATURE ID: 7] , an user location [FEATURE ID: 1] , a user role [FEATURE ID: 14] , and an user position [FEATURE ID: 15] identifying the user to the access authorization component and generating a new symmetric key [FEATURE ID: 10] , and other access [FEATURE ID: 7] and authorization information ; generating an updated security - context based on the verifying [FEATURE ID: 9] of the user ' s identity and authorization [FEATURE ID: 9] and based on the user having requested authority [FEATURE ID: 12] for access to the resource and services [FEATURE ID: 16] ; providing the updated security context [FEATURE ID: 10] to the user ; and sending the updated security - context and a request [FEATURE ID: 7] for access to the resource and services by the user to the application server or processing system . 2 . The method of claim [FEATURE ID: 17] |
1 . A security method [FEATURE ID: 1] comprising [TRANSITIVE ID: 6] : ( a ) digitally signing [TRANSITIVE ID: 2] a first load module with a first digital signature [FEATURE ID: 10] designating [TRANSITIVE ID: 6] the first load module for use [FEATURE ID: 5] by a first device class ; ( b ) digitally signing a second load module with a second digital signature different [FEATURE ID: 7] from the first digital signature , the second digital signature designating the second load module for use by a second device class [FEATURE ID: 4] having [TRANSITIVE ID: 6] at least one of tamper resistance and security level different [FEATURE ID: 3] from the at least one of tamper resistance and security level [FEATURE ID: 3] of the first device class ; ( c ) distributing [TRANSITIVE ID: 2] the first load module for use by at least one device in the first device class ; and ( d ) distributing the second load module for use by at least one device in the second device class . 2 . A method [FEATURE ID: 1] as in claim [FEATURE ID: 17] 1 further including [TRANSITIVE ID: 6] the step of using [TRANSITIVE ID: 2] the first and second digital signatures to prevent the tamper resistances [FEATURE ID: 11] or security levels [FEATURE ID: 12] of the first and second device classes [FEATURE ID: 16] from becoming equal . 3 . A method as in claim 1 further including the step of conditionally executing , based at least in part on authenticating the first digital signature , the first load module with a first electronic appliance [FEATURE ID: 4] within the first device class . 4 . A method as in claim 3 further including the step of conditionally executing , based at least in part on authenticating the second digital signature , the second load module with a second electronic appliance different [FEATURE ID: 4] from the first electronic appliance , the second electronic appliance being within the second device class . 5 . A software [FEATURE ID: 5] verifying method comprising : ( a ) testing a load module [FEATURE ID: 4] having at least one specification [FEATURE ID: 15] associated therewith , the specification describing one or more functions [FEATURE ID: 8] performed by the load module ; ( b ) verifying that the load module satisfies the specification ; and ( c ) issuing at least one digital certificate [FEATURE ID: 10] attesting to the results [FEATURE ID: 9] of the verifying step . 6 . A method of authenticating a load module comprising : ( a ) authenticating a first digital signature associated with some or all of the load module , including the step of employing a first one - way hash algorithm , a first decryption algorithm [FEATURE ID: 5] , and a first public key key [FEATURE ID: 9] , the first public key [FEATURE ID: 1] secured behind a tamper resistant barrier [FEATURE ID: 13] and therefore hidden from the user [FEATURE ID: 5] ; and ( b ) authenticating a second digital signature associated with the same portion [FEATURE ID: 14] |
| Targeted Patent: Patent: US7657531B2 Filed: 2001-04-19 Issued: 2010-02-02 Patent Holder: (Original Assignee) Teigel Processing AB LLC (Current Assignee) Alto Dynamics LLC Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell Title: Systems and methods for state-less authentication | Cross Reference / Shared Meaning between the Lines |
Charted Against: Patent: US6151703A Filed: 1996-05-20 Issued: 2000-11-21 Patent Holder: (Original Assignee) Borland Software Corp (Current Assignee) Borland Software Corp Inventor(s): Regis Crelier Title: Development system with methods for just-in-time compilation of programs |
| [FEATURE ID: 1] method, processing system, client application, context renewal request, user role, new symmetric key, security context, request | message, process, code, system, service, credential, call | [FEATURE ID: 1] computer system, program, method, particular method, machine code call instruction |
| [TRANSITIVE ID: 2] enabling, comprising, verifying | managing, controlling, implementing, handling, generating, processing, identifying | [TRANSITIVE ID: 2] executing, improving, creating, storing, initializing, interpreting |
| [FEATURE ID: 3] access | entry, use, accessibility | [FEATURE ID: 3] subsequent invocation |
| [FEATURE ID: 4] resource | memory, destination, process, device, task, target, location | [FEATURE ID: 4] memory address, target microprocessor |
| [FEATURE ID: 5] application server, validity, time | execution, hardware, the, data, software, microcode, machine | [FEATURE ID: 5] bytecode, runtime, runtime interpreter, runtime execution, memory, native machine code, microprocessor |
| [FEATURE ID: 6] user | host, process, program | [FEATURE ID: 6] handler |
| [TRANSITIVE ID: 7] possessing | using, utilizing, of, by, and, providing, from | [TRANSITIVE ID: 7] comprising |
| [FEATURE ID: 8] steps, authority | instructions, tasks, procedures, method steps, routines, resources, components | [FEATURE ID: 8] methods, substeps |
| [TRANSITIVE ID: 9] receiving | processing, interpreting, reading, performance, implementation, handling, translation | [TRANSITIVE ID: 9] interpretation, execution |
| [TRANSITIVE ID: 10] extracting | the, decoding, processing | [TRANSITIVE ID: 10] compilation |
| [FEATURE ID: 11] current time | this, each, that | [FEATURE ID: 11] said |
| [FEATURE ID: 12] expiration time, user position | index, integer, entry, algorithm, entity, offset, instruction | [FEATURE ID: 12] bit function pointer |
| [FEATURE ID: 13] identity | request, calling, communication, reference, invocation, return, function | [FEATURE ID: 13] first invocation, call, method call |
| [FEATURE ID: 14] user identifier | number, location, key | [FEATURE ID: 14] pointer |
| [FEATURE ID: 15] user ' | user, user of, caller of, process of | [FEATURE ID: 15] particular method ' |
| [FEATURE ID: 16] services | functions, functionality, software | [FEATURE ID: 16] machine instructions |
| [FEATURE ID: 17] claim | step, figure, preceding claim, the claim, clause, paragraph, item | [FEATURE ID: 17] claim |
| 1 . A method [FEATURE ID: 1] of enabling [TRANSITIVE ID: 2] access [FEATURE ID: 3] to a resource [FEATURE ID: 4] of a distributed application server [FEATURE ID: 5] or processing system [FEATURE ID: 1] by a user [FEATURE ID: 6] / client application [FEATURE ID: 1] possessing [TRANSITIVE ID: 7] a valid security - context , comprising [TRANSITIVE ID: 2] the steps [FEATURE ID: 8] of : receiving [TRANSITIVE ID: 9] the security - context and an appended protected security - context renewal request [FEATURE ID: 1] provided by the user to an access authorization component of the application server or processing system ; verifying [TRANSITIVE ID: 2] the validity [FEATURE ID: 5] of the security - context and the security - context renewal request ; extracting [TRANSITIVE ID: 10] content of both the security - context and the security - context renewal request ; comparing current time [FEATURE ID: 11] to an expiration time [FEATURE ID: 12] identifying time [FEATURE ID: 5] of expiration of the security - context ; if the expiration time is less than the current time , comparing the security - context renewal request with stored identity [FEATURE ID: 13] and authorization information comprising at least one of a user identifier [FEATURE ID: 14] , an organization identifier , a sub-organization identifier , a key , an authentication certificate , an user location , a user role [FEATURE ID: 1] , and an user position [FEATURE ID: 12] identifying the user to the access authorization component and generating a new symmetric key [FEATURE ID: 1] , and other access and authorization information ; generating an updated security - context based on the verifying of the user ' [FEATURE ID: 15] s identity and authorization and based on the user having requested authority [FEATURE ID: 8] for access to the resource and services [FEATURE ID: 16] ; providing the updated security context [FEATURE ID: 1] to the user ; and sending the updated security - context and a request [FEATURE ID: 1] for access to the resource and services by the user to the application server or processing system . 2 . The method of claim [FEATURE ID: 17] |
1 . In a computer system [FEATURE ID: 1] for executing [TRANSITIVE ID: 2] a program [FEATURE ID: 1] comprising [TRANSITIVE ID: 7] a plurality of methods [FEATURE ID: 8] compiled into bytecode [FEATURE ID: 5] for interpretation [FEATURE ID: 9] at runtime [FEATURE ID: 5] by a runtime interpreter [FEATURE ID: 5] , a method [FEATURE ID: 1] for improving [TRANSITIVE ID: 2] runtime execution [FEATURE ID: 5] of said [TRANSITIVE ID: 11] program comprising : creating [TRANSITIVE ID: 2] a compiled code slot in memory [FEATURE ID: 5] which is associated with a particular method [FEATURE ID: 1] , said compiled code slot for storing [TRANSITIVE ID: 2] a pointer [FEATURE ID: 14] to a memory address [FEATURE ID: 4] ; initializing [TRANSITIVE ID: 2] the compiled code slot to store a pointer to a handler [FEATURE ID: 6] , said handler for invoking compilation [FEATURE ID: 10] of said particular method ; upon first invocation [FEATURE ID: 13] of the particular method , invoking said handler for performing substeps [FEATURE ID: 8] comprising : ( i ) compiling said particular method into a compiled method comprising native machine code [FEATURE ID: 5] for a target microprocessor [FEATURE ID: 4] , including mapping bytecode for a method being called into native machine code for execution [FEATURE ID: 9] by a target microprocessor , ( ii ) storing in the compiled code slot a pointer to said compiled method , including generating a machine code call instruction [FEATURE ID: 1] for transferring execution of the program to said compiled method that is located at a memory address pointed to by the pointer stored in said compiled code slot , so that the particular method can be accessed by a method which is itself compiled into native machine code for the target microprocessor , and ( iii ) executing said particular method by executing the compiled method comprising native machine code for the target microprocessor ; and upon subsequent invocation [FEATURE ID: 3] of the particular method by a method which is itself compiled into native machine code for the target microprocessor , executing said particular method by executing the compiled method which is pointed to by the pointer stored in the compiled code slot for said particular method . 2 . The method of claim [FEATURE ID: 17] 1 , wherein said program comprises a program initially pseudo-compiled into Java bytecode format . 3 . The method of claim 1 , wherein said compiled code slot stores a 32 - bit function pointer [FEATURE ID: 12] . 4 . The method of claim 1 , wherein said handler functions to invoke a just - in - time compiler for compiling said particular method upon said particular method ' [FEATURE ID: 15] s initial invocation . 5 . The method of claim 1 , wherein said target microprocessor comprises an Intel - compatible 80 × 86 microprocessor [FEATURE ID: 5] . 6 . The method of claim 5 , wherein said native machine code comprises machine instructions [FEATURE ID: 16] for an Intel - compatible 80 × 86 microprocessor . 7 . The method of claim 1 , wherein said methods of said program are only compiled into native machine code when each method is first invoked . 8 . The method of claim 1 , wherein a call [FEATURE ID: 13] from said another method to said particular method comprises a method call [FEATURE ID: 13] through the pointer stored by the compiled code slot . 9 . The method of claim 1 , wherein said handler invokes said runtime interpreter for interpreting [FEATURE ID: 2] |