Targeted Patent:

Patent: US8051098B2
Filed: 2001-04-19
Issued: 2011-11-01
Patent Holder: (Original Assignee) Teigel Processing AB LLC     (Current Assignee) Alto Dynamics LLC ; Callahan Cellular LLC
Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell

Title: Systems and methods for state-less authentication

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6202151B1
Filed: 1997-05-09
Issued: 2001-03-13
Patent Holder: (Original Assignee) GTE Service Corp     (Current Assignee) Verizon Patent and Licensing Inc
Inventor(s): Clyde Musgrave, Robert S. Dulude

Title: System and method for authenticating electronic transactions using biometric certificates
[TRANSITIVE ID: 1] accessing, establishing, verifyingidentifying, securing, monitoring, managing, enabling, processing, administering[TRANSITIVE ID: 1] authenticating
[FEATURE ID: 2] resources, secured transactionsusers, applications, contexts, data, credentials, information, documents[FEATURE ID: 2] electronic transactions
[FEATURE ID: 3] common processing platform, time stamp, logon identifiersecret, token, nonce, credential, database, processor, pseudonym[FEATURE ID: 3] transaction input device, public key, hash function, biometric digital signature, private key, network, biometric certificate management system, biometric database
[TRANSITIVE ID: 4] comprisingof, including, by, having, utilizing, at, via[TRANSITIVE ID: 4] involving, comprising, using
[FEATURE ID: 5] user, resourceusers, client, method, system, server, source, party[FEATURE ID: 5] user
[FEATURE ID: 6] logon component, user computing device, computing environment componentcomputer, component, controller, server, processor, module, network[FEATURE ID: 6] system, biometric input device, registration authority, receiver, classifier
[FEATURE ID: 7] interactive information exchangeauthentication, identity, identifier, account[FEATURE ID: 7] iris
[FEATURE ID: 8] logon information, access limitations specific, resources suchinformation, parameters, credentials, indicia, characteristics, metadata, details[FEATURE ID: 8] transaction data, biometric data, pre-registered biometric data
[TRANSITIVE ID: 9] providedpublished, communicated, made, issued, delivered, transferred, passed[TRANSITIVE ID: 9] transmitted
[FEATURE ID: 10] security context, stateless security contextsignature, fingerprint, message, key, response, password, parameter[FEATURE ID: 10] physical condition, biometric certificate, hash value signal, transaction signal
[FEATURE ID: 11] necessary, operableused, operative, arranged, adapted, effective, usable, sufficient[FEATURE ID: 11] configured
[FEATURE ID: 12] authorization communicationsinteraction, operation, authentication, activity[FEATURE ID: 12] electronic transaction
[FEATURE ID: 13] claimfigure, the claim, claimed, embodiment, item, clause, clair[FEATURE ID: 13] claim
[FEATURE ID: 14] informationinput, identifier, authorization, authentication, identification[FEATURE ID: 14] authentication decision signal
[FEATURE ID: 15] unique identifiertemplate, record, fingerprint, signature[FEATURE ID: 15] visual image
[FEATURE ID: 16] apparatusengine, entity, accelerator, authenticator, interface, agent[FEATURE ID: 16] electronic transaction generator
1 . A method of accessing [TRANSITIVE ID: 1]

any of a plurality of resources [FEATURE ID: 2]

wherein at least some of the resources do not share a common processing platform [FEATURE ID: 3]

, the method comprising [TRANSITIVE ID: 4]

: establishing [TRANSITIVE ID: 1]

a secure communication session between a user [FEATURE ID: 5]

computing device and a logon component [FEATURE ID: 6]

, wherein the secure communication session comprises a temporary , interactive information exchange [FEATURE ID: 7]

that is set up and then torn down ; verifying [TRANSITIVE ID: 1]

logon information [FEATURE ID: 8]

provided [TRANSITIVE ID: 9]

by the user computing device to the logon component using the secure communication session and responsively generating a security context [FEATURE ID: 10]

to be employed by the user computing device that is : unique to a user of the user computing device ; necessary [FEATURE ID: 11]

to access any of the plurality of resources without requiring any follow - on authorization communications [FEATURE ID: 12]

between the accessed resource [FEATURE ID: 5]

and the logon component . 2 . The method of claim [FEATURE ID: 13]

1 wherein verifying the logon information comprises comparing the logon information to previously stored information [FEATURE ID: 14]

that identifies the user . 3 . The method of claim 1 wherein a security context that is unique to the user comprises , at least in part , a unique identifier [FEATURE ID: 15]

as corresponds to the user . 4 . The method of claim 1 wherein the security context comprises a stateless security context [FEATURE ID: 10]

. 5 . The method of claim 1 wherein generating a security context to be employed by the user computing device [FEATURE ID: 6]

comprises generating a security context that will support contemporaneously accessing at least two of the plurality of resources . 6 . The method of claim 1 wherein generating a security context comprises generating a security context that automatically preserves access limitations specific [FEATURE ID: 8]

to the user as corresponds to varying ones of the plurality of resources such [FEATURE ID: 8]

that the user ' s degree of access to a given accessed resource can vary notwithstanding a common use of the security context . 7 . The method of claim 1 wherein generating a security context comprises generating a time - limited security context . 8 . The method of claim 7 wherein generating a time - limited security context comprises including a time stamp [FEATURE ID: 3]

in the security context . 9 . An apparatus [FEATURE ID: 16]

comprising : at least one trusted computing environment component [FEATURE ID: 6]

configured to facilitate : establishing a secure communication session between a user computing device and a logon component , wherein the secure communication session comprises a temporary , interactive information exchange that is set up and then torn down ; verifying logon information provided by the user computing device to the logon component using the secure communication session and responsively generating a security context that is : unique to a user of the user computing device ; necessary to access any of the plurality of resources without requiring any follow - on authorization communications between the accessed resource and the logon component . 10 . The apparatus of claim 9 wherein the security context comprises , at least in part , a unique identifier as corresponds to the user . 11 . The apparatus of claim 9 wherein the security context comprises a stateless security context . 12 . The apparatus of claim 9 wherein the security context is operable [FEATURE ID: 11]

to support contemporaneously accessing at least two of the plurality of resources . 13 . The apparatus of claim 9 wherein the security context automatically preserves access limitations specific to the user as corresponds to varying ones of the plurality of resources such that the user ' s degree of access to a given accessed resource can permissibly vary notwithstanding a common use of the security context . 14 . The apparatus of claim 9 wherein the security context comprises a time - limited security context . 15 . The apparatus of claim 14 wherein the time - limited security context includes a time stamp . 16 . A method to facilitate accessing protected on - line resources via corresponding secured transactions [FEATURE ID: 2]

, comprising : at a user computing device : presenting , to other than the on - line resources , at least a logon identifier [FEATURE ID: 3]

1 . A system [FEATURE ID: 6]

for authenticating [TRANSITIVE ID: 1]

electronic transactions [FEATURE ID: 2]

involving [TRANSITIVE ID: 4]

a user [FEATURE ID: 5]

, comprising [TRANSITIVE ID: 4]

: a transaction input device [FEATURE ID: 3]

configured [TRANSITIVE ID: 11]

to receive transaction data [FEATURE ID: 8]

relating to an electronic transaction [FEATURE ID: 12]

; a biometric input device [FEATURE ID: 6]

configured to generate biometric data [FEATURE ID: 8]

corresponding to a physical condition [FEATURE ID: 10]

of the user ; a biometric certificate generator configured to generate a biometric certificate [FEATURE ID: 10]

from the transaction data , the biometric data , and a public key [FEATURE ID: 3]

corresponding to the user ; a hash function generator configured to generate a hash value signal [FEATURE ID: 10]

from the biometric certificate using [TRANSITIVE ID: 4]

a hash function [FEATURE ID: 3]

; a registration authority [FEATURE ID: 6]

configured to generate a biometric digital signature [FEATURE ID: 3]

from the hash value signal and a private key [FEATURE ID: 3]

corresponding to the user ; an electronic transaction generator [FEATURE ID: 16]

configured to generate a transaction signal [FEATURE ID: 10]

, corresponding to the electronic transaction to be transmitted [TRANSITIVE ID: 9]

over a network [FEATURE ID: 3]

, from the biometric digital signature and the transaction data ; a receiver [FEATURE ID: 6]

configured to receive the transaction signal from the network and process the received transaction signal to extract the biometric certificate ; and a biometric certificate management system [FEATURE ID: 3]

configured to certify the electronic transaction as being from the user , including : a biometric data extractor configured to isolate the biometric data from the extracted biometric certificate , and a classifier [FEATURE ID: 6]

configured to retrieve pre-registered biometric data [FEATURE ID: 8]

corresponding to the user from a biometric database [FEATURE ID: 3]

, compare the biometric data to the pre-registered biometric data , generate an authentication decision signal [FEATURE ID: 14]

based on the comparison , and provide the authentication decision signal to the receiver to permit the receiver to determine whether the electronic transaction involves the user . 2 . The system of claim [FEATURE ID: 13]

1 , wherein the biometric input device includes at least one of : an iris reader configured to obtain a visual image [FEATURE ID: 15]

of an iris [FEATURE ID: 7]







Targeted Patent:

Patent: US8051098B2
Filed: 2001-04-19
Issued: 2011-11-01
Patent Holder: (Original Assignee) Teigel Processing AB LLC     (Current Assignee) Alto Dynamics LLC ; Callahan Cellular LLC
Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell

Title: Systems and methods for state-less authentication

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6192361B1
Filed: 1997-12-23
Issued: 2001-02-20
Patent Holder: (Original Assignee) Alcatel USA Sourcing Inc     (Current Assignee) Alcatel USA Sourcing Inc
Inventor(s): Peter Sung-An Huang

Title: Full group privileges access system providing user access security protection for a telecommunications switching system
[TRANSITIVE ID: 1] accessing, establishingmanaging, implementing, maintaining, supporting, controlling, enabling, securing[TRANSITIVE ID: 1] providing, having
[FEATURE ID: 2] resourcesdata, entities, files, properties, information, users, applications[FEATURE ID: 2] user identification, functions
[TRANSITIVE ID: 3] sharemaintain, use, operate, utilize, provide, implement, support[TRANSITIVE ID: 3] access, execute, access
[FEATURE ID: 4] common processing platform, logon identifierdatabase, network, firewall, host, client, system, browser[FEATURE ID: 4] computer, server, first communication link, system security manager client building block, system security manager server building block, runtime library
[TRANSITIVE ID: 5] comprisingincluding, comprises, involving, includes, compromising, having, of[TRANSITIVE ID: 5] comprising
[FEATURE ID: 6] logon component, interactive information exchangecomputer, system, server, processor, network, controller, client[FEATURE ID: 6] authorized, computer operable, server operable, second communication link, computer user, computer users
[FEATURE ID: 7] logon informationinformation, communication, data, access, messages[FEATURE ID: 7] communications
[FEATURE ID: 8] security contextmessage, signal, key, request, code[FEATURE ID: 8] command
[FEATURE ID: 9] resourceusers, element, party, network, application, computer, server[FEATURE ID: 9] system, user
[FEATURE ID: 10] claimclaimed, embodiment, item, clause, clair, figure, paragraph[FEATURE ID: 10] claim
[FEATURE ID: 11] partpartial, use, portion thereof, parts, general, selected portions, its entirety[FEATURE ID: 11] part
[FEATURE ID: 12] unique identifiernumber, file, device, user, value[FEATURE ID: 12] function
[FEATURE ID: 13] user computing deviceprocess, apparatus, computer, machine, network, server, platform[FEATURE ID: 13] full group privileges access mechanism
[FEATURE ID: 14] access limitations specific, degree, access, secured transactionsauthentication, accessibility, permission, entitlement, credentials, privilege, use[FEATURE ID: 14] security protection, authority, ability
[FEATURE ID: 15] apparatusapplication, environment, interface, infrastructure, agent, arrangement[FEATURE ID: 15] application program
[FEATURE ID: 16] computing environment componentmodule, system, computer, processor, controller[FEATURE ID: 16] system manager building block
1 . A method of accessing [TRANSITIVE ID: 1]

any of a plurality of resources [FEATURE ID: 2]

wherein at least some of the resources do not share [TRANSITIVE ID: 3]

a common processing platform [FEATURE ID: 4]

, the method comprising [TRANSITIVE ID: 5]

: establishing [TRANSITIVE ID: 1]

a secure communication session between a user computing device and a logon component [FEATURE ID: 6]

, wherein the secure communication session comprises a temporary , interactive information exchange [FEATURE ID: 6]

that is set up and then torn down ; verifying logon information [FEATURE ID: 7]

provided by the user computing device to the logon component using the secure communication session and responsively generating a security context [FEATURE ID: 8]

to be employed by the user computing device that is : unique to a user of the user computing device ; necessary to access any of the plurality of resources without requiring any follow - on authorization communications between the accessed resource [FEATURE ID: 9]

and the logon component . 2 . The method of claim [FEATURE ID: 10]

1 wherein verifying the logon information comprises comparing the logon information to previously stored information that identifies the user . 3 . The method of claim 1 wherein a security context that is unique to the user comprises , at least in part [FEATURE ID: 11]

, a unique identifier [FEATURE ID: 12]

as corresponds to the user . 4 . The method of claim 1 wherein the security context comprises a stateless security context . 5 . The method of claim 1 wherein generating a security context to be employed by the user computing device [FEATURE ID: 13]

comprises generating a security context that will support contemporaneously accessing at least two of the plurality of resources . 6 . The method of claim 1 wherein generating a security context comprises generating a security context that automatically preserves access limitations specific [FEATURE ID: 14]

to the user as corresponds to varying ones of the plurality of resources such that the user ' s degree [FEATURE ID: 14]

of access [FEATURE ID: 14]

to a given accessed resource can vary notwithstanding a common use of the security context . 7 . The method of claim 1 wherein generating a security context comprises generating a time - limited security context . 8 . The method of claim 7 wherein generating a time - limited security context comprises including a time stamp in the security context . 9 . An apparatus [FEATURE ID: 15]

comprising : at least one trusted computing environment component [FEATURE ID: 16]

configured to facilitate : establishing a secure communication session between a user computing device and a logon component , wherein the secure communication session comprises a temporary , interactive information exchange that is set up and then torn down ; verifying logon information provided by the user computing device to the logon component using the secure communication session and responsively generating a security context that is : unique to a user of the user computing device ; necessary to access any of the plurality of resources without requiring any follow - on authorization communications between the accessed resource and the logon component . 10 . The apparatus of claim 9 wherein the security context comprises , at least in part , a unique identifier as corresponds to the user . 11 . The apparatus of claim 9 wherein the security context comprises a stateless security context . 12 . The apparatus of claim 9 wherein the security context is operable to support contemporaneously accessing at least two of the plurality of resources . 13 . The apparatus of claim 9 wherein the security context automatically preserves access limitations specific to the user as corresponds to varying ones of the plurality of resources such that the user ' s degree of access to a given accessed resource can permissibly vary notwithstanding a common use of the security context . 14 . The apparatus of claim 9 wherein the security context comprises a time - limited security context . 15 . The apparatus of claim 14 wherein the time - limited security context includes a time stamp . 16 . A method to facilitate accessing protected on - line resources via corresponding secured transactions [FEATURE ID: 14]

, comprising : at a user computing device : presenting , to other than the on - line resources , at least a logon identifier [FEATURE ID: 4]

1 . A full group privileges access mechanism [FEATURE ID: 13]

for providing [TRANSITIVE ID: 1]

security protection [FEATURE ID: 14]

for a telecommunications switching system [FEATURE ID: 9]

which is accessible by authorized [TRANSITIVE ID: 6]

users using a computer [FEATURE ID: 4]

, comprising [TRANSITIVE ID: 5]

: a server [FEATURE ID: 4]

having [TRANSITIVE ID: 1]

an application program [FEATURE ID: 15]

to access [TRANSITIVE ID: 3]

the telecommunications switching system ; a computer operable [FEATURE ID: 6]

to communicate with the server over a first communication link [FEATURE ID: 4]

, the server operable [FEATURE ID: 6]

to provide the application program to the computer upon request , the computer operable to execute [TRANSITIVE ID: 3]

the application program , the computer operable to establish communications [FEATURE ID: 7]

with the telecommunications switching system over a second communication link [FEATURE ID: 6]

according to the application program ; storage files in the telecommunications switching system containing first information and second information associated with authorized user identification [FEATURE ID: 2]

; a system manager building block [FEATURE ID: 16]

in the telecommunications switching system in communication with said computer , said system manager building block also being in communication with said storage files in order to access [FEATURE ID: 3]

said first information for determining if a computer user [FEATURE ID: 6]

is an authorized user , and in order to modify said first information ; a system security manager client building block [FEATURE ID: 4]

in the telecommunications switching system in communication with said system manager building block ; and a system security manager server building block [FEATURE ID: 4]

in the telecommunications switching system in communication with said system security manager client building block , said system security manager client building block and said system security manager server building block being jointly in communication with said storage files in order to access said second information , and in order to modify said second information , wherein said system manager building block provides communication between said computer and said system security manager client building block , and wherein said system security manager client building block provides communication between said system manager building block and said system security manager server building block . 2 . The full group privileges access mechanism of claim [FEATURE ID: 10]

1 , wherein said storage files containing said first and second information are configured to be maintained at least in part [FEATURE ID: 11]

in a runtime library [FEATURE ID: 4]

. 3 . The full group privileges access mechanism of claim 2 , wherein said system manager building block further comprises said runtime library . 4 . The full group privileges access mechanism of claim 1 , wherein the telecommunications switching system provides functions [FEATURE ID: 2]

which can be accessed by said authorized users and commands which can be executed by said authorized users , and wherein said second information represents authority [FEATURE ID: 14]

of an associated authorized user [FEATURE ID: 9]

to access each said function [FEATURE ID: 12]

and execute each said command [FEATURE ID: 8]

, and controls the ability [FEATURE ID: 14]

of the computer users [FEATURE ID: 6]







Targeted Patent:

Patent: US8051098B2
Filed: 2001-04-19
Issued: 2011-11-01
Patent Holder: (Original Assignee) Teigel Processing AB LLC     (Current Assignee) Alto Dynamics LLC ; Callahan Cellular LLC
Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell

Title: Systems and methods for state-less authentication

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6185685B1
Filed: 1997-12-11
Issued: 2001-02-06
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp
Inventor(s): Stephen P. Morgan, Lance W. Russell, Benjamin Clay Reed

Title: Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same
[FEATURE ID: 1] method, authorization communications, user computing device, onesprocess, system, procedure, methods, aspects, operation, password method[FEATURE ID: 1] login method, method, steps
[TRANSITIVE ID: 2] accessingusing, identifying, calculating, providing, maintaining, implementing, selecting[TRANSITIVE ID: 2] having, computing, decrypting
[FEATURE ID: 3] resources, secured transactionsdevices, users, networks, nodes, contexts, data, media[FEATURE ID: 3] client computers, further transmissions
[TRANSITIVE ID: 4] shareuse, include, provide, control, maintain, have, support[TRANSITIVE ID: 4] enhance, access
[FEATURE ID: 5] common processing platform, computing, device, logon component, logon information, security context, resource, information, unique identifier, time stamp, apparatus, computing environment component, logon identifieruser, system, client, computer, server, host, password[FEATURE ID: 5] network computer system, server computer, client computer, persistent storage device, control program, login ID, password PW, first client computer, key
[TRANSITIVE ID: 6] comprisinghaving, involving, by, implementing, comprises, includes, compromising[TRANSITIVE ID: 6] comprising, including
[TRANSITIVE ID: 7] establishing, verifyingrequesting, obtaining, providing, identifying, communicating, reading, storing[TRANSITIVE ID: 7] receiving, transmitting
[FEATURE ID: 8] secure communication sessionnetwork, channel, link[FEATURE ID: 8] communication network
[FEATURE ID: 9] usersource, subscriber, customer, users[FEATURE ID: 9] user
[FEATURE ID: 10] interactive information exchangeauthentication, password, identifier, secret, key[FEATURE ID: 10] encryption key
[TRANSITIVE ID: 11] setlocked, booted, started[TRANSITIVE ID: 11] operated
[FEATURE ID: 12] stateless security contextpassword, cipher, cryptogram, secret[FEATURE ID: 12] decryption key
[FEATURE ID: 13] access limitations specific, accessauthentication, confidentiality, privacy, trust, control, visibility, accessibility[FEATURE ID: 13] security
[FEATURE ID: 14] common usefunction, modification, value, portion[FEATURE ID: 14] hash value H
1 . A method [FEATURE ID: 1]

of accessing [TRANSITIVE ID: 2]

any of a plurality of resources [FEATURE ID: 3]

wherein at least some of the resources do not share [TRANSITIVE ID: 4]

a common processing platform [FEATURE ID: 5]

, the method comprising [TRANSITIVE ID: 6]

: establishing [TRANSITIVE ID: 7]

a secure communication session [FEATURE ID: 8]

between a user [FEATURE ID: 9]

computing [TRANSITIVE ID: 5]

device [FEATURE ID: 5]

and a logon component [FEATURE ID: 5]

, wherein the secure communication session comprises a temporary , interactive information exchange [FEATURE ID: 10]

that is set [TRANSITIVE ID: 11]

up and then torn down ; verifying [TRANSITIVE ID: 7]

logon information [FEATURE ID: 5]

provided by the user computing device to the logon component using the secure communication session and responsively generating a security context [FEATURE ID: 5]

to be employed by the user computing device that is : unique to a user of the user computing device ; necessary to access any of the plurality of resources without requiring any follow - on authorization communications [FEATURE ID: 1]

between the accessed resource [FEATURE ID: 5]

and the logon component . 2 . The method of claim 1 wherein verifying the logon information comprises comparing the logon information to previously stored information [FEATURE ID: 5]

that identifies the user . 3 . The method of claim 1 wherein a security context that is unique to the user comprises , at least in part , a unique identifier [FEATURE ID: 5]

as corresponds to the user . 4 . The method of claim 1 wherein the security context comprises a stateless security context [FEATURE ID: 12]

. 5 . The method of claim 1 wherein generating a security context to be employed by the user computing device [FEATURE ID: 1]

comprises generating a security context that will support contemporaneously accessing at least two of the plurality of resources . 6 . The method of claim 1 wherein generating a security context comprises generating a security context that automatically preserves access limitations specific [FEATURE ID: 13]

to the user as corresponds to varying ones [FEATURE ID: 1]

of the plurality of resources such that the user ' s degree of access [FEATURE ID: 13]

to a given accessed resource can vary notwithstanding a common use [FEATURE ID: 14]

of the security context . 7 . The method of claim 1 wherein generating a security context comprises generating a time - limited security context . 8 . The method of claim 7 wherein generating a time - limited security context comprises including a time stamp [FEATURE ID: 5]

in the security context . 9 . An apparatus [FEATURE ID: 5]

comprising : at least one trusted computing environment component [FEATURE ID: 5]

configured to facilitate : establishing a secure communication session between a user computing device and a logon component , wherein the secure communication session comprises a temporary , interactive information exchange that is set up and then torn down ; verifying logon information provided by the user computing device to the logon component using the secure communication session and responsively generating a security context that is : unique to a user of the user computing device ; necessary to access any of the plurality of resources without requiring any follow - on authorization communications between the accessed resource and the logon component . 10 . The apparatus of claim 9 wherein the security context comprises , at least in part , a unique identifier as corresponds to the user . 11 . The apparatus of claim 9 wherein the security context comprises a stateless security context . 12 . The apparatus of claim 9 wherein the security context is operable to support contemporaneously accessing at least two of the plurality of resources . 13 . The apparatus of claim 9 wherein the security context automatically preserves access limitations specific to the user as corresponds to varying ones of the plurality of resources such that the user ' s degree of access to a given accessed resource can permissibly vary notwithstanding a common use of the security context . 14 . The apparatus of claim 9 wherein the security context comprises a time - limited security context . 15 . The apparatus of claim 14 wherein the time - limited security context includes a time stamp . 16 . A method to facilitate accessing protected on - line resources via corresponding secured transactions [FEATURE ID: 3]

, comprising : at a user computing device : presenting , to other than the on - line resources , at least a logon identifier [FEATURE ID: 5]

1 . A login method [FEATURE ID: 1]

to enhance [TRANSITIVE ID: 4]

security [FEATURE ID: 13]

in a network computer system [FEATURE ID: 5]

having [TRANSITIVE ID: 2]

at least one server computer [FEATURE ID: 5]

coupled over a communication network [FEATURE ID: 8]

to a plurality of client computers [FEATURE ID: 3]

, wherein each client computer [FEATURE ID: 5]

is coupled to directly access [TRANSITIVE ID: 4]

a persistent storage device [FEATURE ID: 5]

and wherein each client computer is operated [TRANSITIVE ID: 11]

by a control program [FEATURE ID: 5]

after login , the method [FEATURE ID: 1]

comprising [TRANSITIVE ID: 6]

the steps [FEATURE ID: 1]

of : receiving [TRANSITIVE ID: 7]

a login ID [FEATURE ID: 5]

and password PW [FEATURE ID: 5]

from a user [FEATURE ID: 9]

at a first one of said client computers ; computing [FEATURE ID: 2]

, at said first client computer [FEATURE ID: 5]

, a hash value H [FEATURE ID: 14]

1 PW of the password PW ; transmitting [TRANSITIVE ID: 7]

a first - stage login request including [TRANSITIVE ID: 6]

ID from said first client computer to a first one of said server computers ; receiving said first - stage login request at said first server computer ; providing , at said first server computer , a key [FEATURE ID: 5]

- exchange key KEK ; encrypting KEK at said first server computer ; transmitting a first - stage login response , including the encrypted KEK , from said first server computer to said first client computer ; receiving said first - stage login response at said first client computer ; decrypting [FEATURE ID: 2]

, at said first client computer , the encrypted KEK , to yield KEK ; providing , at said first client computer , a first split key SK 1 ; encrypting , at said first client computer , key SK 1 , using KEK as an encryption key [FEATURE ID: 10]

, to yield ESK 1 ; transmitting a second - stage login request , including ESK 1 , from said first client computer to said first server computer ; receiving said second - stage login request at said first server computer ; decrypting , at said first server computer , ESK 1 , using KEK as a decryption key [FEATURE ID: 12]

, to yield SK 1 ; providing , at said first server computer , a second split key SK 2 ; combining , at said first server computer , the first and second split keys SK 1 an SK 2 , to yield session key SK ; encrypting , at said first server computer , the second split key SK 2 , using KEK as an encryption key , to yield ESK 2 ; transmitting a second - stage login response , including ESK 2 , from said first server computer to said first client computer ; receiving the second - stage login response at said first client computer ; decrypting , at said first client computer , ESK 2 received with the second - stage login response , using KEK as a decryption key , to yield SK 2 ; combining , at said first client computer , the first and second split keys SK 1 and SK 2 , to yield sessions key SK ; encrypting further transmissions [FEATURE ID: 3]







Targeted Patent:

Patent: US8051098B2
Filed: 2001-04-19
Issued: 2011-11-01
Patent Holder: (Original Assignee) Teigel Processing AB LLC     (Current Assignee) Alto Dynamics LLC ; Callahan Cellular LLC
Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell

Title: Systems and methods for state-less authentication

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6185683B1
Filed: 1995-02-13
Issued: 2001-02-06
Patent Holder: (Original Assignee) Intertrust Technologies Corp     (Current Assignee) Intertrust Technologies Corp
Inventor(s): Karl L. Ginter, Victor H. Shear, Francis J. Spahn, David M. Van Wie, Robert P. Weber

Title: Trusted and secure techniques, systems and methods for item delivery and execution
[TRANSITIVE ID: 1] accessing, verifyingmonitoring, using, processing, securing, recording, requesting, handling[TRANSITIVE ID: 1] governing, receiving
[FEATURE ID: 2] common processing platform, computing, device, interactive information exchange, unique identifier, stateless security context, time stamp, computing environment component, logon identifieruser, token, key, code, policy, password, license[FEATURE ID: 2] first apparatus, memory, first secure container rule, secure container rule, second secure container rule, second apparatus, third apparatus different, digital certificate, digital signature
[TRANSITIVE ID: 3] comprising, establishingproviding, having, of, executing, implementing, with, maintaining[TRANSITIVE ID: 3] including, storing
[FEATURE ID: 4] usermethod, using, subscriber, customer, users, single user[FEATURE ID: 4] user
[FEATURE ID: 5] logon componentnetwork, user, controller, platform, computer[FEATURE ID: 5] processor
[FEATURE ID: 6] logon informationdata, instructions, secure containers, the, indicia, messages, contents[FEATURE ID: 6] information, receipt information
[FEATURE ID: 7] security contextvalue, policy, message, parameter, condition, code[FEATURE ID: 7] rule
[FEATURE ID: 8] necessary, operableconfigured, adapted, required, and, provided, needed, utilized[FEATURE ID: 8] used
[FEATURE ID: 9] authorization communications, access limitations specific, accessauthentication, authority, entitlement, interaction, rights, permission, interest[FEATURE ID: 9] access
[FEATURE ID: 10] resourceelement, environment, content, object, asset, application, idea[FEATURE ID: 10] item, aspect
[FEATURE ID: 11] claimclaimed, embodiment, item, clause, clam, paragraph, figure[FEATURE ID: 11] claim
[FEATURE ID: 12] informationlogic, authorization, software, knowledge, metadata, code[FEATURE ID: 12] audit information
[FEATURE ID: 13] partpartial, some, parts, 10 part[FEATURE ID: 13] part
[FEATURE ID: 14] user computing devicedevice, network, apparatus, software, platform, method, machine[FEATURE ID: 14] system, hardware
[FEATURE ID: 15] apparatusauthenticator, element, interface, entity[FEATURE ID: 15] electronic seal
1 . A method of accessing [TRANSITIVE ID: 1]

any of a plurality of resources wherein at least some of the resources do not share a common processing platform [FEATURE ID: 2]

, the method comprising [TRANSITIVE ID: 3]

: establishing [TRANSITIVE ID: 3]

a secure communication session between a user [FEATURE ID: 4]

computing [TRANSITIVE ID: 2]

device [FEATURE ID: 2]

and a logon component [FEATURE ID: 5]

, wherein the secure communication session comprises a temporary , interactive information exchange [FEATURE ID: 2]

that is set up and then torn down ; verifying [TRANSITIVE ID: 1]

logon information [FEATURE ID: 6]

provided by the user computing device to the logon component using the secure communication session and responsively generating a security context [FEATURE ID: 7]

to be employed by the user computing device that is : unique to a user of the user computing device ; necessary [FEATURE ID: 8]

to access any of the plurality of resources without requiring any follow - on authorization communications [FEATURE ID: 9]

between the accessed resource [FEATURE ID: 10]

and the logon component . 2 . The method of claim [FEATURE ID: 11]

1 wherein verifying the logon information comprises comparing the logon information to previously stored information [FEATURE ID: 12]

that identifies the user . 3 . The method of claim 1 wherein a security context that is unique to the user comprises , at least in part [FEATURE ID: 13]

, a unique identifier [FEATURE ID: 2]

as corresponds to the user . 4 . The method of claim 1 wherein the security context comprises a stateless security context [FEATURE ID: 2]

. 5 . The method of claim 1 wherein generating a security context to be employed by the user computing device [FEATURE ID: 14]

comprises generating a security context that will support contemporaneously accessing at least two of the plurality of resources . 6 . The method of claim 1 wherein generating a security context comprises generating a security context that automatically preserves access limitations specific [FEATURE ID: 9]

to the user as corresponds to varying ones of the plurality of resources such that the user ' s degree of access [FEATURE ID: 9]

to a given accessed resource can vary notwithstanding a common use of the security context . 7 . The method of claim 1 wherein generating a security context comprises generating a time - limited security context . 8 . The method of claim 7 wherein generating a time - limited security context comprises including a time stamp [FEATURE ID: 2]

in the security context . 9 . An apparatus [FEATURE ID: 15]

comprising : at least one trusted computing environment component [FEATURE ID: 2]

configured to facilitate : establishing a secure communication session between a user computing device and a logon component , wherein the secure communication session comprises a temporary , interactive information exchange that is set up and then torn down ; verifying logon information provided by the user computing device to the logon component using the secure communication session and responsively generating a security context that is : unique to a user of the user computing device ; necessary to access any of the plurality of resources without requiring any follow - on authorization communications between the accessed resource and the logon component . 10 . The apparatus of claim 9 wherein the security context comprises , at least in part , a unique identifier as corresponds to the user . 11 . The apparatus of claim 9 wherein the security context comprises a stateless security context . 12 . The apparatus of claim 9 wherein the security context is operable [FEATURE ID: 8]

to support contemporaneously accessing at least two of the plurality of resources . 13 . The apparatus of claim 9 wherein the security context automatically preserves access limitations specific to the user as corresponds to varying ones of the plurality of resources such that the user ' s degree of access to a given accessed resource can permissibly vary notwithstanding a common use of the security context . 14 . The apparatus of claim 9 wherein the security context comprises a time - limited security context . 15 . The apparatus of claim 14 wherein the time - limited security context includes a time stamp . 16 . A method to facilitate accessing protected on - line resources via corresponding secured transactions , comprising : at a user computing device : presenting , to other than the on - line resources , at least a logon identifier [FEATURE ID: 2]

1 . A system [FEATURE ID: 14]

including [TRANSITIVE ID: 3]

: a first apparatus [FEATURE ID: 2]

including , user controls , a communications port , a processor [FEATURE ID: 5]

, a memory [FEATURE ID: 2]

storing [TRANSITIVE ID: 3]

: a first secure container containing a governed item [FEATURE ID: 10]

, the first secure container governed item being at least in part [FEATURE ID: 13]

encrypted ; a first secure container rule [FEATURE ID: 2]

at least in part governing [TRANSITIVE ID: 1]

an aspect [FEATURE ID: 10]

of access [FEATURE ID: 9]

to or use of said first secure container governed item ; and a second secure container , the second secure container containing audit information [FEATURE ID: 12]

; and hardware [FEATURE ID: 14]

or software used [TRANSITIVE ID: 8]

for receiving [TRANSITIVE ID: 1]

and opening secure containers , said secure containers each including the capacity to contain a governed item , a secure container rule [FEATURE ID: 2]

being associated with each of said secure containers ; a protected processing environment at least in part protecting information [FEATURE ID: 6]

contained in said protected processing environment from tampering by a user [FEATURE ID: 4]

of said first apparatus , said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule [FEATURE ID: 2]

in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container ; and hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses . 2 . A system including : a first apparatus including , user controls , a communications port , a processor , a memory storing : a first secure container containing a governed item , the first secure container governed item being at least in part encrypted ; the first secure container having been received from a second apparatus [FEATURE ID: 2]

; a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item , the first secure container rule , the first secure container rule having been received from a third apparatus different [FEATURE ID: 2]

from said second apparatus ; and hardware or software used for receiving and opening secure containers , said secure containers each including the capacity to contain a governed item , a secure container rule being associated with each of said secure containers ; a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus , said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container ; and hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses . 3 . A system including : a first apparatus including , user controls , a communications port , a processor , a memory storing : a first secure container containing a governed item , the first secure container governed item being at least in part encrypted ; a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item ; and a second secure container containing a digital certificate [FEATURE ID: 2]

; hardware or software used for receiving and opening secure containers , said secure containers each including the capacity to contain a governed item , a secure container rule being associated with each of said secure containers ; a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus , said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container ; and hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses . 4 . A system as in claim [FEATURE ID: 11]

3 , said memory storing a rule [FEATURE ID: 7]

associated with said second secure container , said rule associated with said second secure container at least in part governing at least one aspect of access to or use of said digital certificate . 5 . A system including : a first apparatus including , user controls , a communications port , a processor , a memory storing , a first secure container containing a governed item , the first secure container governed item being at least in part encrypted ; a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item ; and a second secure container containing a digital signature [FEATURE ID: 2]

, the second secure container being different from said first secure container ; hardware or software used for receiving and opening secure containers , said secure containers each including the capacity to contain a governed item , a secure container rule being associated with each of said secure containers ; a protected processing environment at least in part protecting information contained in said protected processing environment from tampering by a user of said first apparatus , said protected processing environment including hardware or software used for applying said first secure container rule and a second secure container rule in combination to at least in part govern at least one aspect of access to or use of a governed item contained in a secure container ; and hardware or software used for transmission of secure containers to other apparatuses or for the receipt of secure containers from other apparatuses . 6 . A system as in claim 5 , said memory storing a rule at least in part governing an aspect of access to or use of said digital signature . 7 . A system including : a first apparatus including , user controls , a communications port , a processor , a memory storing : a first secure container containing a governed item , the first secure econainer governed item being at least in part encrypted ; a first secure container rule at least in part governing an aspect of access to or use of said first secure container governed item ; and an electronic seal [FEATURE ID: 15]

including receipt information [FEATURE ID: 6]







Targeted Patent:

Patent: US8051098B2
Filed: 2001-04-19
Issued: 2011-11-01
Patent Holder: (Original Assignee) Teigel Processing AB LLC     (Current Assignee) Alto Dynamics LLC ; Callahan Cellular LLC
Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell

Title: Systems and methods for state-less authentication

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6185681B1
Filed: 1998-05-07
Issued: 2001-02-06
Patent Holder: (Original Assignee) MAZ TECHNOLOGIES Inc; MAZ TECHNOLOGIES Inc A CALIFORNIA Corp     (Current Assignee) RPX Corp
Inventor(s): Stephen Zizzi

Title: Method of transparent encryption and decryption for an electronic document management system
[FEATURE ID: 1] methoddynamic method, way, system method, wireless method, process, methods, system[FEATURE ID: 1] method
[TRANSITIVE ID: 2] accessing, establishing, verifyingidentifying, providing, activating, creating, generating, processing, receiving[TRANSITIVE ID: 2] encrypting, including, issuing, using, trapping, obtaining, authentication
[FEATURE ID: 3] resourcesusers, parameters, documents, files[FEATURE ID: 3] user identification
[FEATURE ID: 4] common processing platform, device, unique identifier, stateless security context, time stamp, logon identifieruser, computer, token, password, memory, browser, file[FEATURE ID: 4] general purpose computer, user input device, document, SQL database, SQL database server, SQL database client, encryption key values, portable data storage device, smart card, biometric recognition system, characteristic, database
[TRANSITIVE ID: 5] comprisingincluding, involves, providing, encompassing, of, by, having[TRANSITIVE ID: 5] comprising
[FEATURE ID: 6] usermethod, subscriber, customer, client[FEATURE ID: 6] user
[TRANSITIVE ID: 7] computingcomputer, device, user[TRANSITIVE ID: 7] smart card reader
[FEATURE ID: 8] logon componentscanner, memory, network, mouse, database, keyboard, cache[FEATURE ID: 8] display, crypto module, processor, data reader device
[FEATURE ID: 9] interactive information exchange, access limitations specific, access, secured transactionsauthentication, identity, authorization, permission, credentials, security, context[FEATURE ID: 9] encryption key value, control, access module, user authentication, information
[TRANSITIVE ID: 10] tornclosed, set, shut[TRANSITIVE ID: 10] close
[FEATURE ID: 11] logon informationinformation, indicia, identification, inputs, authorization, parameters, feedback[FEATURE ID: 11] encryption key name, unique information
[FEATURE ID: 12] security contextmessage, signal, key, request[FEATURE ID: 12] command
[FEATURE ID: 13] necessaryused, operable, executable[FEATURE ID: 13] running
[FEATURE ID: 14] resource, user computing device, apparatus, computing environment componentapplication, interface, object, element, environment, entity, agent[FEATURE ID: 14] electronic document, application program, event, electronic document management system
[FEATURE ID: 15] claimstep, clam, paragraph, the claim, of claim, figure, preceding claim[FEATURE ID: 15] claim
[FEATURE ID: 16] informationinput, identifier, identification[FEATURE ID: 16] indicator
[FEATURE ID: 17] ones, resources such, otherinstances, resources, one, numbers, characteristics, others, limitations[FEATURE ID: 17] plural encryption key values
[FEATURE ID: 18] operableemployed, specified, utilized, used, provided, generated[FEATURE ID: 18] open
1 . A method [FEATURE ID: 1]

of accessing [TRANSITIVE ID: 2]

any of a plurality of resources [FEATURE ID: 3]

wherein at least some of the resources do not share a common processing platform [FEATURE ID: 4]

, the method comprising [TRANSITIVE ID: 5]

: establishing [TRANSITIVE ID: 2]

a secure communication session between a user [FEATURE ID: 6]

computing [TRANSITIVE ID: 7]

device [FEATURE ID: 4]

and a logon component [FEATURE ID: 8]

, wherein the secure communication session comprises a temporary , interactive information exchange [FEATURE ID: 9]

that is set up and then torn [TRANSITIVE ID: 10]

down ; verifying [TRANSITIVE ID: 2]

logon information [FEATURE ID: 11]

provided by the user computing device to the logon component using the secure communication session and responsively generating a security context [FEATURE ID: 12]

to be employed by the user computing device that is : unique to a user of the user computing device ; necessary [FEATURE ID: 13]

to access any of the plurality of resources without requiring any follow - on authorization communications between the accessed resource [FEATURE ID: 14]

and the logon component . 2 . The method of claim [FEATURE ID: 15]

1 wherein verifying the logon information comprises comparing the logon information to previously stored information [FEATURE ID: 16]

that identifies the user . 3 . The method of claim 1 wherein a security context that is unique to the user comprises , at least in part , a unique identifier [FEATURE ID: 4]

as corresponds to the user . 4 . The method of claim 1 wherein the security context comprises a stateless security context [FEATURE ID: 4]

. 5 . The method of claim 1 wherein generating a security context to be employed by the user computing device [FEATURE ID: 14]

comprises generating a security context that will support contemporaneously accessing at least two of the plurality of resources . 6 . The method of claim 1 wherein generating a security context comprises generating a security context that automatically preserves access limitations specific [FEATURE ID: 9]

to the user as corresponds to varying ones [FEATURE ID: 17]

of the plurality of resources such [FEATURE ID: 17]

that the user ' s degree of access [FEATURE ID: 9]

to a given accessed resource can vary notwithstanding a common use of the security context . 7 . The method of claim 1 wherein generating a security context comprises generating a time - limited security context . 8 . The method of claim 7 wherein generating a time - limited security context comprises including a time stamp [FEATURE ID: 4]

in the security context . 9 . An apparatus [FEATURE ID: 14]

comprising : at least one trusted computing environment component [FEATURE ID: 14]

configured to facilitate : establishing a secure communication session between a user computing device and a logon component , wherein the secure communication session comprises a temporary , interactive information exchange that is set up and then torn down ; verifying logon information provided by the user computing device to the logon component using the secure communication session and responsively generating a security context that is : unique to a user of the user computing device ; necessary to access any of the plurality of resources without requiring any follow - on authorization communications between the accessed resource and the logon component . 10 . The apparatus of claim 9 wherein the security context comprises , at least in part , a unique identifier as corresponds to the user . 11 . The apparatus of claim 9 wherein the security context comprises a stateless security context . 12 . The apparatus of claim 9 wherein the security context is operable [FEATURE ID: 18]

to support contemporaneously accessing at least two of the plurality of resources . 13 . The apparatus of claim 9 wherein the security context automatically preserves access limitations specific to the user as corresponds to varying ones of the plurality of resources such that the user ' s degree of access to a given accessed resource can permissibly vary notwithstanding a common use of the security context . 14 . The apparatus of claim 9 wherein the security context comprises a time - limited security context . 15 . The apparatus of claim 14 wherein the time - limited security context includes a time stamp . 16 . A method to facilitate accessing protected on - line resources via corresponding secured transactions [FEATURE ID: 9]

, comprising : at a user computing device : presenting , to other [FEATURE ID: 17]

than the on - line resources , at least a logon identifier [FEATURE ID: 4]

1 . A method [FEATURE ID: 1]

of encrypting [TRANSITIVE ID: 2]

an electronic document [FEATURE ID: 14]

which is open [FEATURE ID: 18]

in an application program [FEATURE ID: 14]

running [TRANSITIVE ID: 13]

in a general purpose computer [FEATURE ID: 4]

, the general purpose computer including [TRANSITIVE ID: 2]

a display [FEATURE ID: 8]

, a user input device [FEATURE ID: 4]

, a crypto module [FEATURE ID: 8]

and a processor [FEATURE ID: 8]

, the method comprising [TRANSITIVE ID: 5]

: ( a ) from within the application program running in the general purpose computer , a user [FEATURE ID: 6]

issuing [TRANSITIVE ID: 2]

one of a “ close [FEATURE ID: 10]

, ” “ save ” or “ save as ” command [FEATURE ID: 12]

for the document [FEATURE ID: 4]

using [TRANSITIVE ID: 2]

the user input device ; ( b ) automatically translating the command into an event [FEATURE ID: 14]

; ( c ) the crypto module automatically trapping [TRANSITIVE ID: 2]

the event ; ( d ) the crypto module automatically obtaining [TRANSITIVE ID: 2]

an encryption key value [FEATURE ID: 9]

; ( e ) the crypto module automatically encrypting the document using the encryption key value ; ( f ) the crypto module automatically passing control [FEATURE ID: 9]

to an electronic document management system [FEATURE ID: 14]

; and ( g ) the electronic document management system executing the issued “ close , ” “ save ” or “ save as ” command ; whereby the electronic document is automatically encrypted . 2 . A method of encrypting a document as set forth in claim [FEATURE ID: 15]

1 wherein the electronic document management system comprises a SQL database [FEATURE ID: 4]

, a SQL database server [FEATURE ID: 4]

and a SQL database client [FEATURE ID: 4]

, the SQL database client being disposed in the general purpose computer . 3 . A method of encrypting a document as set forth in claim 1 where step ( d ) comprises the steps of the crypto module determining if the document should be encrypted , and if not , then skipping step ( e ) , and if so , then : the crypto module retrieving an encryption key name [FEATURE ID: 11]

associated with the document ; and the crypto module retrieving the encryption key value associated with the encryption key name . 4 . A method of encrypting a document as set forth in claim 3 , wherein there are plural encryption key values [FEATURE ID: 17]

and at least one encryption key value is associated with the user , the method further comprising the steps of : the user submitting to an access module [FEATURE ID: 9]

for user authentication [FEATURE ID: 9]

; if the access module does not authenticate the user , then always skipping steps ( d ) and ( e ) ; else in step ( d ) , the crypto module retrieving the encryption key value associated with the encryption key name and the user . 5 . A method of encrypting a document as set forth in claim 4 , the general purpose computer further comprising a data reader device [FEATURE ID: 8]

for reading user identification [FEATURE ID: 3]

and encryption key values [FEATURE ID: 4]

from a portable data storage device [FEATURE ID: 4]

, the method further comprising the user presenting the portable data storage device to the data reader device , wherein the access module utilizes information [FEATURE ID: 9]

stored in the portable data storage device to authenticate the user , and the encryption key value associated with the user is stored in the portable data storage device . 6 . A method of encrypting a document as set forth in claim 5 , wherein the data reader device comprises a smart card reader [FEATURE ID: 7]

and the portable data storage device comprises a smart card [FEATURE ID: 4]

. 7 . A method of encrypting a document as set forth in claim 5 , wherein the data reader device comprises a biometric recognition system [FEATURE ID: 4]

and the portable data storage device comprises the user , wherein the access module utilizes unique information [FEATURE ID: 11]

about the user for authentication [FEATURE ID: 2]

, and the encryption key value is derived from at least one characteristic [FEATURE ID: 4]

of the user . 8 . A method of encrypting a document as set forth in claim 1 wherein the electronic document management system comprises a database [FEATURE ID: 4]

, the database including an indicator [FEATURE ID: 16]







Targeted Patent:

Patent: US8051098B2
Filed: 2001-04-19
Issued: 2011-11-01
Patent Holder: (Original Assignee) Teigel Processing AB LLC     (Current Assignee) Alto Dynamics LLC ; Callahan Cellular LLC
Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell

Title: Systems and methods for state-less authentication

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6178511B1
Filed: 1998-04-30
Issued: 2001-01-23
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp
Inventor(s): Richard Jay Cohen, Richard Allen Forsberg, Paul A. Kallfelz, Jr., John Robert Meckstroth, Christopher James Pascoe, Andrea Lynn Snow-Weaver

Title: Coordinating user target logons in a single sign-on (SSO) environment
[FEATURE ID: 1] method, secure communication session, security context, information, accessprocess, procedure, session, manner, configuration, service, network[FEATURE ID: 1] method, logon process, steps, logon attempt, step, subsequent session, operation, computer enterprise
[TRANSITIVE ID: 2] accessing, comprising, establishing, verifyingimplementing, providing, using, involving, enabling, including, obtaining[TRANSITIVE ID: 2] comprising, having, storing, identifying
[FEATURE ID: 3] resources, resource, user computing device, ones, resources such, line resourcesdata, systems, information, users, properties, services, credentials[FEATURE ID: 3] multiple target resources, target resources, applications, target resource, different logon processes, configuration directives, methods, associated methods
[TRANSITIVE ID: 4] shareprovide, utilize, operate, define, access, support, implement[TRANSITIVE ID: 4] require
[FEATURE ID: 5] common processing platform, device, logon component, unique identifier, stateless security context, time stamp, apparatus, computing environment component, logon identifierservice, token, system, configuration, process, client, computer[FEATURE ID: 5] computer enterprise environment, access, particular application, user, target application, configuration directive, user id, password, change password operation, particular configuration directive, application, session
[FEATURE ID: 6] user, common usedefinition, source, configuration, customer, function, client[FEATURE ID: 6] provider
[TRANSITIVE ID: 7] computingcommunication, processing, user[TRANSITIVE ID: 7] user information
[TRANSITIVE ID: 8] comprisespermits, represents, requires, defines, specifies, facilitates, indicates[TRANSITIVE ID: 8] enables
[FEATURE ID: 9] interactive information exchangeidentity, identifier, authentication[FEATURE ID: 9] specific information
[FEATURE ID: 10] logon informationinformation, login, access, indicia, details, parameters, authorization[FEATURE ID: 10] logon, respect, state information
[FEATURE ID: 11] unique, limited security contextcorresponding, dedicated, particular, different, sensitive, defined, based[FEATURE ID: 11] given, specific
[FEATURE ID: 12] necessary, operableeffective, used, appropriate, configured, available, operative, sufficient[FEATURE ID: 12] required
[FEATURE ID: 13] followinstant, logged, signing, power[FEATURE ID: 13] single sign
[FEATURE ID: 14] authorization communicationssynchronization, authentication, communication[FEATURE ID: 14] access
[FEATURE ID: 15] claimstep, claimed, embodiment, item, clam, fig, figure[FEATURE ID: 15] claim
[FEATURE ID: 16] access limitations specificpermission, entitlement, credentials[FEATURE ID: 16] authority
[FEATURE ID: 17] secured transactionssessions, identities, devices, accounts[FEATURE ID: 17] users
1 . A method [FEATURE ID: 1]

of accessing [TRANSITIVE ID: 2]

any of a plurality of resources [FEATURE ID: 3]

wherein at least some of the resources do not share [TRANSITIVE ID: 4]

a common processing platform [FEATURE ID: 5]

, the method comprising [TRANSITIVE ID: 2]

: establishing [TRANSITIVE ID: 2]

a secure communication session [FEATURE ID: 1]

between a user [FEATURE ID: 6]

computing [TRANSITIVE ID: 7]

device [FEATURE ID: 5]

and a logon component [FEATURE ID: 5]

, wherein the secure communication session comprises [TRANSITIVE ID: 8]

a temporary , interactive information exchange [FEATURE ID: 9]

that is set up and then torn down ; verifying [TRANSITIVE ID: 2]

logon information [FEATURE ID: 10]

provided by the user computing device to the logon component using the secure communication session and responsively generating a security context [FEATURE ID: 1]

to be employed by the user computing device that is : unique [FEATURE ID: 11]

to a user of the user computing device ; necessary [FEATURE ID: 12]

to access any of the plurality of resources without requiring any follow [FEATURE ID: 13]

- on authorization communications [FEATURE ID: 14]

between the accessed resource [FEATURE ID: 3]

and the logon component . 2 . The method of claim [FEATURE ID: 15]

1 wherein verifying the logon information comprises comparing the logon information to previously stored information [FEATURE ID: 1]

that identifies the user . 3 . The method of claim 1 wherein a security context that is unique to the user comprises , at least in part , a unique identifier [FEATURE ID: 5]

as corresponds to the user . 4 . The method of claim 1 wherein the security context comprises a stateless security context [FEATURE ID: 5]

. 5 . The method of claim 1 wherein generating a security context to be employed by the user computing device [FEATURE ID: 3]

comprises generating a security context that will support contemporaneously accessing at least two of the plurality of resources . 6 . The method of claim 1 wherein generating a security context comprises generating a security context that automatically preserves access limitations specific [FEATURE ID: 16]

to the user as corresponds to varying ones [FEATURE ID: 3]

of the plurality of resources such [FEATURE ID: 3]

that the user ' s degree of access [FEATURE ID: 1]

to a given accessed resource can vary notwithstanding a common use [FEATURE ID: 6]

of the security context . 7 . The method of claim 1 wherein generating a security context comprises generating a time - limited security context [FEATURE ID: 11]

. 8 . The method of claim 7 wherein generating a time - limited security context comprises including a time stamp [FEATURE ID: 5]

in the security context . 9 . An apparatus [FEATURE ID: 5]

comprising : at least one trusted computing environment component [FEATURE ID: 5]

configured to facilitate : establishing a secure communication session between a user computing device and a logon component , wherein the secure communication session comprises a temporary , interactive information exchange that is set up and then torn down ; verifying logon information provided by the user computing device to the logon component using the secure communication session and responsively generating a security context that is : unique to a user of the user computing device ; necessary to access any of the plurality of resources without requiring any follow - on authorization communications between the accessed resource and the logon component . 10 . The apparatus of claim 9 wherein the security context comprises , at least in part , a unique identifier as corresponds to the user . 11 . The apparatus of claim 9 wherein the security context comprises a stateless security context . 12 . The apparatus of claim 9 wherein the security context is operable [FEATURE ID: 12]

to support contemporaneously accessing at least two of the plurality of resources . 13 . The apparatus of claim 9 wherein the security context automatically preserves access limitations specific to the user as corresponds to varying ones of the plurality of resources such that the user ' s degree of access to a given accessed resource can permissibly vary notwithstanding a common use of the security context . 14 . The apparatus of claim 9 wherein the security context comprises a time - limited security context . 15 . The apparatus of claim 14 wherein the time - limited security context includes a time stamp . 16 . A method to facilitate accessing protected on - line resources [FEATURE ID: 3]

via corresponding secured transactions [FEATURE ID: 17]

, comprising : at a user computing device : presenting , to other than the on - line resources , at least a logon identifier [FEATURE ID: 5]

1 . A method [FEATURE ID: 1]

of single sign [FEATURE ID: 13]

- on to multiple target resources [FEATURE ID: 3]

in a computer enterprise environment [FEATURE ID: 5]

, wherein at least some target resources [FEATURE ID: 3]

normally require [TRANSITIVE ID: 4]

a given [TRANSITIVE ID: 11]

logon process [FEATURE ID: 1]

to access [TRANSITIVE ID: 5]

applications [FEATURE ID: 3]

on the target resource [FEATURE ID: 3]

, comprising [TRANSITIVE ID: 2]

the steps [FEATURE ID: 1]

of : for each of a set of target resources having [TRANSITIVE ID: 2]

different logon processes [FEATURE ID: 3]

, storing [TRANSITIVE ID: 2]

configuration directives [FEATURE ID: 3]

identifying [TRANSITIVE ID: 2]

the given logon process and methods [FEATURE ID: 3]

required [TRANSITIVE ID: 12]

to access a particular application [FEATURE ID: 5]

on the target resource ; for each of a set of users [FEATURE ID: 17]

, storing user [FEATURE ID: 5]

- specific information [FEATURE ID: 9]

that enables [TRANSITIVE ID: 8]

the user to access and logon [TRANSITIVE ID: 10]

to one or more of the target resources ; and during a logon attempt [FEATURE ID: 1]

by a given user with respect [FEATURE ID: 10]

to a target application [FEATURE ID: 5]

on one of the set of target resources , coordinating given user information [FEATURE ID: 7]

with at least one given configuration directive [FEATURE ID: 5]

to enable the given user to logon to the target application without specifying the given logon process . 2 . The method as described in claim [FEATURE ID: 15]

1 further including the step [FEATURE ID: 1]

of validating a user id [FEATURE ID: 5]

/ password [FEATURE ID: 5]

of the given user during the logon attempt . 3 . The method as described in claim 1 further including the step of storing state information [FEATURE ID: 10]

associating the given user with the given target application . 4 . The method as described in claim 3 further including the step of using the state information stored to facilitate access [FEATURE ID: 14]

to the target application in a subsequent session [FEATURE ID: 1]

. 5 . The method as described in claim 3 further including the step of using the state information to determine whether the given user has authority [FEATURE ID: 16]

to perform a given operation [FEATURE ID: 1]

. 6 . The method as described in claim 5 wherein the given operation is a change password operation [FEATURE ID: 5]

. 7 . The method as described in claim 6 further including the step of performing the given operation . 8 . The method as described in claim 1 wherein a particular configuration directive [FEATURE ID: 5]

is generated by a provider [FEATURE ID: 6]

of a given target application . 9 . A method of enabling single sign - on access to a target application on a target resource in a distributed computer enterprise [FEATURE ID: 1]

, comprising the steps of : generating a configuration directive identifying a given logon process and any associated methods [FEATURE ID: 3]

required to access the target application on the target resource ; for each of a set of users , storing user - specific [FEATURE ID: 11]

and application [FEATURE ID: 5]

- specific information that enables the user to access and logon to one or more target resources ; and during a session [FEATURE ID: 5]







Targeted Patent:

Patent: US8051098B2
Filed: 2001-04-19
Issued: 2011-11-01
Patent Holder: (Original Assignee) Teigel Processing AB LLC     (Current Assignee) Alto Dynamics LLC ; Callahan Cellular LLC
Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell

Title: Systems and methods for state-less authentication

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: EP0565314B1
Filed: 1992-04-06
Issued: 2001-01-17
Patent Holder: (Original Assignee) Addison M. Fischer     
Inventor(s): Addison M. Fischer

Title: Method for signing travelling programs
[FEATURE ID: 1] methodprocess, technique, operation, procedure, system, program, means[FEATURE ID: 1] Method, method, steps, digital signature verification operation, step, format
[TRANSITIVE ID: 2] accessingsecuring, protecting, handling, managing, controlling, sharing, providing[TRANSITIVE ID: 2] processing
[FEATURE ID: 3] resources, authorization communications, resource, information, access limitations specific, resources such, secured transactionsusers, elements, devices, authentication, parameters, digital, documents[FEATURE ID: 3] digital instructions, data, computers, messages, part, instructions
[FEATURE ID: 4] common processing platform, secure communication session, device, logon component, apparatus, computing environment componentcomputer, database, processor, system, service, node, platform[FEATURE ID: 4] channel, digital communications system, next destination, digital certificate, user, standard, program variable
[TRANSITIVE ID: 5] comprisinghaving, providing, involving, includes, implementing, defining, and[TRANSITIVE ID: 5] being, comprising, including
[TRANSITIVE ID: 6] establishing, verifyingobtaining, identifying, determining, receiving, generating, storing, defining[TRANSITIVE ID: 6] executing, processing
[FEATURE ID: 7] usersource, first, client[FEATURE ID: 7] first computer
[TRANSITIVE ID: 8] computingcomputer, communication, processing[TRANSITIVE ID: 8] accompanying data
[FEATURE ID: 9] interactive information exchange, stateless security context, common use, time stamp, logon identifiertoken, key, certificate, password, secret, identifier, security[FEATURE ID: 9] digital signature
[FEATURE ID: 10] logon informationinformation, that, data[FEATURE ID: 10] such information
[FEATURE ID: 11] security contextvalue, document, signal, state, code[FEATURE ID: 11] predefined data structure
[FEATURE ID: 12] claimstep, figure, paragraph, item, clause, preceding claim, requirement[FEATURE ID: 12] Fig., Claim, claim
[FEATURE ID: 13] unique identifiernumber, string, code[FEATURE ID: 13] sequence
[FEATURE ID: 14] user computing deviceprocess, method, apparatus[FEATURE ID: 14] A method
[FEATURE ID: 15] degreethe, use, control[FEATURE ID: 15] direction
1 . A method [FEATURE ID: 1]

of accessing [TRANSITIVE ID: 2]

any of a plurality of resources [FEATURE ID: 3]

wherein at least some of the resources do not share a common processing platform [FEATURE ID: 4]

, the method comprising [TRANSITIVE ID: 5]

: establishing [TRANSITIVE ID: 6]

a secure communication session [FEATURE ID: 4]

between a user [FEATURE ID: 7]

computing [TRANSITIVE ID: 8]

device [FEATURE ID: 4]

and a logon component [FEATURE ID: 4]

, wherein the secure communication session comprises a temporary , interactive information exchange [FEATURE ID: 9]

that is set up and then torn down ; verifying [TRANSITIVE ID: 6]

logon information [FEATURE ID: 10]

provided by the user computing device to the logon component using the secure communication session and responsively generating a security context [FEATURE ID: 11]

to be employed by the user computing device that is : unique to a user of the user computing device ; necessary to access any of the plurality of resources without requiring any follow - on authorization communications [FEATURE ID: 3]

between the accessed resource [FEATURE ID: 3]

and the logon component . 2 . The method of claim [FEATURE ID: 12]

1 wherein verifying the logon information comprises comparing the logon information to previously stored information [FEATURE ID: 3]

that identifies the user . 3 . The method of claim 1 wherein a security context that is unique to the user comprises , at least in part , a unique identifier [FEATURE ID: 13]

as corresponds to the user . 4 . The method of claim 1 wherein the security context comprises a stateless security context [FEATURE ID: 9]

. 5 . The method of claim 1 wherein generating a security context to be employed by the user computing device [FEATURE ID: 14]

comprises generating a security context that will support contemporaneously accessing at least two of the plurality of resources . 6 . The method of claim 1 wherein generating a security context comprises generating a security context that automatically preserves access limitations specific [FEATURE ID: 3]

to the user as corresponds to varying ones of the plurality of resources such [FEATURE ID: 3]

that the user ' s degree [FEATURE ID: 15]

of access to a given accessed resource can vary notwithstanding a common use [FEATURE ID: 9]

of the security context . 7 . The method of claim 1 wherein generating a security context comprises generating a time - limited security context . 8 . The method of claim 7 wherein generating a time - limited security context comprises including a time stamp [FEATURE ID: 9]

in the security context . 9 . An apparatus [FEATURE ID: 4]

comprising : at least one trusted computing environment component [FEATURE ID: 4]

configured to facilitate : establishing a secure communication session between a user computing device and a logon component , wherein the secure communication session comprises a temporary , interactive information exchange that is set up and then torn down ; verifying logon information provided by the user computing device to the logon component using the secure communication session and responsively generating a security context that is : unique to a user of the user computing device ; necessary to access any of the plurality of resources without requiring any follow - on authorization communications between the accessed resource and the logon component . 10 . The apparatus of claim 9 wherein the security context comprises , at least in part , a unique identifier as corresponds to the user . 11 . The apparatus of claim 9 wherein the security context comprises a stateless security context . 12 . The apparatus of claim 9 wherein the security context is operable to support contemporaneously accessing at least two of the plurality of resources . 13 . The apparatus of claim 9 wherein the security context automatically preserves access limitations specific to the user as corresponds to varying ones of the plurality of resources such that the user ' s degree of access to a given accessed resource can permissibly vary notwithstanding a common use of the security context . 14 . The apparatus of claim 9 wherein the security context comprises a time - limited security context . 15 . The apparatus of claim 14 wherein the time - limited security context includes a time stamp . 16 . A method to facilitate accessing protected on - line resources via corresponding secured transactions [FEATURE ID: 3]

, comprising : at a user computing device : presenting , to other than the on - line resources , at least a logon identifier [FEATURE ID: 9]

1 Method [FEATURE ID: 1]

for processing [TRANSITIVE ID: 2]

information , said information consisting of digital instructions [FEATURE ID: 3]

and accompanying data [FEATURE ID: 3]

, among a plurality of computers [FEATURE ID: 3]

( Terminals A , B ... N ) coupled to a channel [FEATURE ID: 4]

( 12 ) , over which computers exchange messages [FEATURE ID: 3]

, said computers being [TRANSITIVE ID: 5]

part [FEATURE ID: 3]

of a digital communications system [FEATURE ID: 4]

, said method [FEATURE ID: 1]

comprising [TRANSITIVE ID: 5]

the steps [FEATURE ID: 1]

of : executing [TRANSITIVE ID: 6]

on a first computer [FEATURE ID: 7]

a sequence [FEATURE ID: 13]

of digital instructions ( Fig. [FEATURE ID: 12]

2 , block 22 ) including [TRANSITIVE ID: 5]

instructions [FEATURE ID: 3]

which determine at least one next destination [FEATURE ID: 4]

that receives the sequence of digital instructions together with the accompanying data ; and transmitting said sequence of digital instructions together with the accompanying data to said next destination ; characterized in that said accompanying data [FEATURE ID: 8]

includes at least one digital signature [FEATURE ID: 9]

( 432 ) which is selectively applied to said information ; and in that , under the control of said sequence of digital instructions , a digital signature verification operation [FEATURE ID: 1]

based upon said information is performed . 2 A method [FEATURE ID: 14]

according to Claim [FEATURE ID: 12]

1 , wherein said digital signature is represented as data subject to being logically processed by said sequence of digital instructions . 3 A method according to Claim 1 or Claim 2 , further including the step [FEATURE ID: 1]

of associating of a digital certificate [FEATURE ID: 4]

with said digital signature and wherein said digital certificate is represented as data subject to being logically processed by said sequence of digital instructions . 4 A method according to any preceding claim [FEATURE ID: 12]

, further including the step of acquiring data from a user [FEATURE ID: 4]

at at least one of said plurality of computers , and translating the acquired data by said sequence of digital instructions into a predefined data structure [FEATURE ID: 11]

conforming to a recognized standard [FEATURE ID: 4]

. 5 A method according to Claim 4 , including the step of processing [FEATURE ID: 6]

and verifying the digital signature and the data to which it is applied . 6 A method according to any preceding claim , further including the step of translating data under direction [FEATURE ID: 15]

of said sequence of digital instructions into an Electronic Data Interchange ( EDI ) format [FEATURE ID: 1]

. 7 A method according to any preceding claim , including the step of logically constructing the information to which the digital signature can be selectively applied , wherein such information [FEATURE ID: 10]

is treated as a program variable [FEATURE ID: 4]







Targeted Patent:

Patent: US8051098B2
Filed: 2001-04-19
Issued: 2011-11-01
Patent Holder: (Original Assignee) Teigel Processing AB LLC     (Current Assignee) Alto Dynamics LLC ; Callahan Cellular LLC
Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell

Title: Systems and methods for state-less authentication

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6175717B1
Filed: 1993-04-16
Issued: 2001-01-16
Patent Holder: (Original Assignee) Trans Video Electronics Inc     (Current Assignee) TRANSVIDEO ELECTRONICS Ltd ; Trans Video Electronics ; Trans Video Electronics Inc
Inventor(s): Mihailo V. Rebec, Mohammed S. Rebec

Title: Global mobile video communications system
[TRANSITIVE ID: 1] accessing, establishingproviding, transferring, communicating, generating, processing, securing, carrying[TRANSITIVE ID: 1] transmitting, receiving, representing, housing, demodulating
[FEATURE ID: 2] common processing platformcomputer, gateway, user, platform[FEATURE ID: 2] satellite communications system
[TRANSITIVE ID: 3] comprisingincluding, comprises, involving, includes, compromising, having, of[TRANSITIVE ID: 3] comprising
[TRANSITIVE ID: 4] computing, resource, computing environment componentcomputer, system, entity, platform, module, application, network[TRANSITIVE ID: 4] mobile microwave system
[FEATURE ID: 5] deviceterminal, system, unit, receiver, user, modem, antenna[FEATURE ID: 5] satellite, display unit, microwave satellite receiver
[FEATURE ID: 6] logon componentreceiver, gateway, microwave, vehicle, site, satellite, network[FEATURE ID: 6] satellite first local microwave signals, power generator, system
[TRANSITIVE ID: 7] comprisesuses, defines, utilizes, incorporates, implements, employs, provides[TRANSITIVE ID: 7] comprises
[TRANSITIVE ID: 8] verifyingstoring, receiving, analyzing, processing, mapping, recording, modifying[TRANSITIVE ID: 8] transforming, compressing
[FEATURE ID: 9] logon information, informationmessages, signals, data, content, television, intelligence, audio[FEATURE ID: 9] first local digital data, first remote microwave signals, first remote digital data, remote video signals
[FEATURE ID: 10] security context, unique identifier, common usevalue, code, term, state, message, token, password[FEATURE ID: 10] remote digital data
[FEATURE ID: 11] uniquecorresponding, assigned, dedicated[FEATURE ID: 11] coupled
[FEATURE ID: 12] necessaryoperable, configured, adaptable, adapted[FEATURE ID: 12] adjustable
[FEATURE ID: 13] claimstep, clam, paragraph, of claim, figure, the claim, clair[FEATURE ID: 13] claim
[FEATURE ID: 14] user computing devicehost, server, terminal[FEATURE ID: 14] high speed digital station
[FEATURE ID: 15] apparatusinterface, element, amplifier, interrogator, antenna, architecture, arrangement[FEATURE ID: 15] antenna assembly, antenna terminal
1 . A method of accessing [TRANSITIVE ID: 1]

any of a plurality of resources wherein at least some of the resources do not share a common processing platform [FEATURE ID: 2]

, the method comprising [TRANSITIVE ID: 3]

: establishing [TRANSITIVE ID: 1]

a secure communication session between a user computing [TRANSITIVE ID: 4]

device [FEATURE ID: 5]

and a logon component [FEATURE ID: 6]

, wherein the secure communication session comprises [TRANSITIVE ID: 7]

a temporary , interactive information exchange that is set up and then torn down ; verifying [TRANSITIVE ID: 8]

logon information [FEATURE ID: 9]

provided by the user computing device to the logon component using the secure communication session and responsively generating a security context [FEATURE ID: 10]

to be employed by the user computing device that is : unique [FEATURE ID: 11]

to a user of the user computing device ; necessary [FEATURE ID: 12]

to access any of the plurality of resources without requiring any follow - on authorization communications between the accessed resource [FEATURE ID: 4]

and the logon component . 2 . The method of claim [FEATURE ID: 13]

1 wherein verifying the logon information comprises comparing the logon information to previously stored information [FEATURE ID: 9]

that identifies the user . 3 . The method of claim 1 wherein a security context that is unique to the user comprises , at least in part , a unique identifier [FEATURE ID: 10]

as corresponds to the user . 4 . The method of claim 1 wherein the security context comprises a stateless security context . 5 . The method of claim 1 wherein generating a security context to be employed by the user computing device [FEATURE ID: 14]

comprises generating a security context that will support contemporaneously accessing at least two of the plurality of resources . 6 . The method of claim 1 wherein generating a security context comprises generating a security context that automatically preserves access limitations specific to the user as corresponds to varying ones of the plurality of resources such that the user ' s degree of access to a given accessed resource can vary notwithstanding a common use [FEATURE ID: 10]

of the security context . 7 . The method of claim 1 wherein generating a security context comprises generating a time - limited security context . 8 . The method of claim 7 wherein generating a time - limited security context comprises including a time stamp in the security context . 9 . An apparatus [FEATURE ID: 15]

comprising : at least one trusted computing environment component [FEATURE ID: 4]

1 . A mobile microwave system [FEATURE ID: 4]

, comprising [TRANSITIVE ID: 3]

: a microwave subsystem for transmitting [TRANSITIVE ID: 1]

directly to a satellite first local microwave signals [FEATURE ID: 6]

modulated with first local digital data [FEATURE ID: 9]

while in motion with respect to earth and for receiving [TRANSITIVE ID: 1]

first remote microwave signals [FEATURE ID: 9]

modulated with first remote digital data [FEATURE ID: 9]

while in motion with respect to earth , wherein said microwave subsystem comprises [TRANSITIVE ID: 7]

an antenna assembly [FEATURE ID: 15]

for transmitting said first local microwave signals and for receiving said first remote microwave signals capable of representing [TRANSITIVE ID: 1]

remote video signals [FEATURE ID: 9]

; a high speed digital station [FEATURE ID: 14]

coupled [TRANSITIVE ID: 11]

to said microwave subsystem , for receiving a video signal and for transforming [TRANSITIVE ID: 8]

and compressing [TRANSITIVE ID: 8]

said video signal into said first local digital data and for transforming and decompressing said first remote digital data into a first decompressed remote digital data [FEATURE ID: 10]

; and a land vehicle for housing [FEATURE ID: 1]

said microwave subsystem and said high speed digital station , said vehicle having a lower portion and a roof , wherein said first local microwave signals transmitted by said antenna assembly pass through said roof , wherein said microwave subsystem is adjustable [FEATURE ID: 12]

in pitch and yaw relative to the land vehicle moving with respect to the earth on any terrain to establish a satellite communications link to the satellite [FEATURE ID: 5]

using the first local microwave signals and the first remote microwave signals . 2 . The mobile microwave system as claimed in claim [FEATURE ID: 13]

1 , wherein said microwave subsystem further comprises : an antenna terminal [FEATURE ID: 15]

coupled to said antenna assembly and said high speed digital station for demodulating [FEATURE ID: 1]

said first microwave signals . 3 . The mobile microwave system of claim 1 , further comprising a power generator [FEATURE ID: 6]

, wherein the microwave subsystem and the high speed digital station are coupled to the power generator . 4 . The mobile microwave system as claimed in claim 1 , further comprising a display unit [FEATURE ID: 5]

coupled to said high speed digital station and said power generator , for displaying said first decompressed remote digital data . 5 . A portable integrated receiving system [FEATURE ID: 6]

for use with a satellite communications system [FEATURE ID: 2]

to establish a satellite communications down - link , comprising : a microwave satellite receiver [FEATURE ID: 5]







Targeted Patent:

Patent: US8051098B2
Filed: 2001-04-19
Issued: 2011-11-01
Patent Holder: (Original Assignee) Teigel Processing AB LLC     (Current Assignee) Alto Dynamics LLC ; Callahan Cellular LLC
Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell

Title: Systems and methods for state-less authentication

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: EP1062560A1
Filed: 1998-03-11
Issued: 2000-12-27
Patent Holder: (Original Assignee) Cha! Technologies Inc     (Current Assignee) Cha! Technologies Inc
Inventor(s): Yoav A. Leitersdorf, Timothy Sixtus

Title: Automatically invoked intermediation process for network purchases
[FEATURE ID: 1] method, security context, ones, computing environment componentprocedure, system, mechanism, service, process, protocol, interface[FEATURE ID: 1] intermediation process, steps
[TRANSITIVE ID: 2] accessing, establishing, computing, verifyingproviding, receiving, requesting, defining, enabling, implementing, selecting[TRANSITIVE ID: 2] purchasing, subscribing, comprising, establishing, including, identifying, accessing
[FEATURE ID: 3] resources, access limitations specific, line resourcesdata, users, transactions, entities, networks, customers, network resources[FEATURE ID: 3] content, merchants, merchant sites
[FEATURE ID: 4] common processing platform, secure communication session, user, device, information, unique identifier, stateless security context, user computing device, degree, time stamp, logon identifierserver, transaction, token, system, computer, website, platform[FEATURE ID: 4] digital communications network, database, subscriber, central transaction processing site, merchant site, network, access, restriction, purchaser account balance, network site, resource rules database, resource, locator, browser program
[TRANSITIVE ID: 5] comprisinghaving, including, providing, of[TRANSITIVE ID: 5] encoding
[FEATURE ID: 6] logon componentnetwork, website, source, host, provider, client, user[FEATURE ID: 6] purchaser, target network resource
[FEATURE ID: 7] temporary, unique, limited security contextlimited, dedicated, controlled, protected, sensitive, confined, secured[FEATURE ID: 7] restricted, such restricted, restricted
[FEATURE ID: 8] interactive information exchange, accessauthentication, authority, identifier, identity, security, entitlement[FEATURE ID: 8] access fee schedule
[FEATURE ID: 9] logon information, authorization communicationsindicia, data, details, content, transactions, attributes, credentials[FEATURE ID: 9] information, resource locator data, override information, purchaser site authentication credentials, data identification criteria, network communication activity information
[TRANSITIVE ID: 10] provided, necessary, operableoperative, configured, generated, adapted, appropriate, arranged, established[TRANSITIVE ID: 10] invoked
[FEATURE ID: 11] resourcedata, network, information[FEATURE ID: 11] purchaser accounts database
[FEATURE ID: 12] resources suchservices, credentials, users[FEATURE ID: 12] merchant accounts
[FEATURE ID: 13] secured transactionsaccess, information, accounts, portals, connections, users, sites[FEATURE ID: 13] purchaser accounts, access ports
1 . A method [FEATURE ID: 1]

of accessing [TRANSITIVE ID: 2]

any of a plurality of resources [FEATURE ID: 3]

wherein at least some of the resources do not share a common processing platform [FEATURE ID: 4]

, the method comprising [TRANSITIVE ID: 5]

: establishing [TRANSITIVE ID: 2]

a secure communication session [FEATURE ID: 4]

between a user [FEATURE ID: 4]

computing [TRANSITIVE ID: 2]

device [FEATURE ID: 4]

and a logon component [FEATURE ID: 6]

, wherein the secure communication session comprises a temporary [FEATURE ID: 7]

, interactive information exchange [FEATURE ID: 8]

that is set up and then torn down ; verifying [TRANSITIVE ID: 2]

logon information [FEATURE ID: 9]

provided [TRANSITIVE ID: 10]

by the user computing device to the logon component using the secure communication session and responsively generating a security context [FEATURE ID: 1]

to be employed by the user computing device that is : unique [FEATURE ID: 7]

to a user of the user computing device ; necessary [FEATURE ID: 10]

to access any of the plurality of resources without requiring any follow - on authorization communications [FEATURE ID: 9]

between the accessed resource [FEATURE ID: 11]

and the logon component . 2 . The method of claim 1 wherein verifying the logon information comprises comparing the logon information to previously stored information [FEATURE ID: 4]

that identifies the user . 3 . The method of claim 1 wherein a security context that is unique to the user comprises , at least in part , a unique identifier [FEATURE ID: 4]

as corresponds to the user . 4 . The method of claim 1 wherein the security context comprises a stateless security context [FEATURE ID: 4]

. 5 . The method of claim 1 wherein generating a security context to be employed by the user computing device [FEATURE ID: 4]

comprises generating a security context that will support contemporaneously accessing at least two of the plurality of resources . 6 . The method of claim 1 wherein generating a security context comprises generating a security context that automatically preserves access limitations specific [FEATURE ID: 3]

to the user as corresponds to varying ones [FEATURE ID: 1]

of the plurality of resources such [FEATURE ID: 12]

that the user ' s degree [FEATURE ID: 4]

of access [FEATURE ID: 8]

to a given accessed resource can vary notwithstanding a common use of the security context . 7 . The method of claim 1 wherein generating a security context comprises generating a time - limited security context [FEATURE ID: 7]

. 8 . The method of claim 7 wherein generating a time - limited security context comprises including a time stamp [FEATURE ID: 4]

in the security context . 9 . An apparatus comprising : at least one trusted computing environment component [FEATURE ID: 1]

configured to facilitate : establishing a secure communication session between a user computing device and a logon component , wherein the secure communication session comprises a temporary , interactive information exchange that is set up and then torn down ; verifying logon information provided by the user computing device to the logon component using the secure communication session and responsively generating a security context that is : unique to a user of the user computing device ; necessary to access any of the plurality of resources without requiring any follow - on authorization communications between the accessed resource and the logon component . 10 . The apparatus of claim 9 wherein the security context comprises , at least in part , a unique identifier as corresponds to the user . 11 . The apparatus of claim 9 wherein the security context comprises a stateless security context . 12 . The apparatus of claim 9 wherein the security context is operable [FEATURE ID: 10]

to support contemporaneously accessing at least two of the plurality of resources . 13 . The apparatus of claim 9 wherein the security context automatically preserves access limitations specific to the user as corresponds to varying ones of the plurality of resources such that the user ' s degree of access to a given accessed resource can permissibly vary notwithstanding a common use of the security context . 14 . The apparatus of claim 9 wherein the security context comprises a time - limited security context . 15 . The apparatus of claim 14 wherein the time - limited security context includes a time stamp . 16 . A method to facilitate accessing protected on - line resources [FEATURE ID: 3]

via corresponding secured transactions [FEATURE ID: 13]

, comprising : at a user computing device : presenting , to other than the on - line resources , at least a logon identifier [FEATURE ID: 4]

1 . An automatically invoked [TRANSITIVE ID: 10]

intermediation process [FEATURE ID: 1]

for purchasing [TRANSITIVE ID: 2]

content [FEATURE ID: 3]

over a digital communications network [FEATURE ID: 4]

by subscribing [TRANSITIVE ID: 2]

purchasers from subscribing merchants [FEATURE ID: 3]

, the intermediation process comprising [TRANSITIVE ID: 2]

the steps [FEATURE ID: 1]

of : ( a ) establishing [TRANSITIVE ID: 2]

a database [FEATURE ID: 4]

of subscriber [FEATURE ID: 4]

- purchaser accounts [FEATURE ID: 13]

and a database of subscriber - merchant accounts [FEATURE ID: 12]

at a central transaction processing site [FEATURE ID: 4]

on the digital communications network , the subscriber - merchant accounts database including [TRANSITIVE ID: 2]

information [FEATURE ID: 9]

encoding [TRANSITIVE ID: 5]

resource locator data [FEATURE ID: 9]

identifying [TRANSITIVE ID: 2]

at least one restricted [TRANSITIVE ID: 7]

- access port at each subscribing merchant site [FEATURE ID: 4]

on the network [FEATURE ID: 4]

and , for each such restricted [FEATURE ID: 7]

- access port , information encoding an access fee schedule [FEATURE ID: 8]

for accessing [TRANSITIVE ID: 2]

content by way of the restricted [FEATURE ID: 7]

- access port and access [FEATURE ID: 4]

- restriction [FEATURE ID: 4]

- override information [FEATURE ID: 9]

for enabling access to content by way of the restricted - access port , and the subscriber - purchaser accounts database [FEATURE ID: 11]

including information encoding purchaser site authentication credentials [FEATURE ID: 9]

and a purchaser account balance [FEATURE ID: 4]

for each subscribing purchaser [FEATURE ID: 6]

; ( b ) at the network site [FEATURE ID: 4]

of each subscribing purchaser , establishing a resource rules database [FEATURE ID: 4]

including information encoding resource [FEATURE ID: 4]

- locator [FEATURE ID: 4]

- data identification criteria [FEATURE ID: 9]

corresponding to each of at least a subset of the restricted - access ports [FEATURE ID: 13]

at subscribing merchant sites [FEATURE ID: 3]

identified in the subscriber - merchant accounts database and the access fee schedule for accessing content by way of the corresponding restricted - access port ; ( c ) at the network site of each subscribing purchaser , locally monitoring network communication activity information [FEATURE ID: 9]

with respect to access to a target network resource [FEATURE ID: 6]

generated by a browser program [FEATURE ID: 4]







Targeted Patent:

Patent: US8051098B2
Filed: 2001-04-19
Issued: 2011-11-01
Patent Holder: (Original Assignee) Teigel Processing AB LLC     (Current Assignee) Alto Dynamics LLC ; Callahan Cellular LLC
Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell

Title: Systems and methods for state-less authentication

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: EP0800312A4
Filed: 1995-10-09
Issued: 2000-12-27
Patent Holder: (Original Assignee) Matsushita Electric Industrial Co Ltd     (Current Assignee) Panasonic Holdings Corp
Inventor(s): Kazuhiko Yamauchi, Hiroshi Ueda, Masayuki Kozuka, Yoshihisa Fukushima, Makoto Tatebayashi, Syunji Harada, Koichiro Endo

Title: Data transmitter, data transmitting method, data receiver, information processor, and information recording medium
1






Targeted Patent:

Patent: US8051098B2
Filed: 2001-04-19
Issued: 2011-11-01
Patent Holder: (Original Assignee) Teigel Processing AB LLC     (Current Assignee) Alto Dynamics LLC ; Callahan Cellular LLC
Inventor(s): Stephen F. Bisbee, Jack J. Moskowitz, Keith F. Becker, Ellis K. Peterson, Gordon W. Twaddell

Title: Systems and methods for state-less authentication

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6157721A
Filed: 1996-08-12
Issued: 2000-12-05
Patent Holder: (Original Assignee) Intertrust Technologies Corp     (Current Assignee) Intertrust Technologies Corp
Inventor(s): Victor H. Shear, W. Olin Sibert, David M. Van Wie

Title: Systems and methods using cryptography to protect secure computing environments
[FEATURE ID: 1] method, access limitations specificprocess, system, step, procedure, technique, methodology, methods[FEATURE ID: 1] security method, method, first public key
[TRANSITIVE ID: 2] accessing, establishing, verifyingusing, providing, identifying, processing, securing, managing, handling[TRANSITIVE ID: 2] signing, use, having, distributing
[FEATURE ID: 3] resources, secured transactionsusers, systems, devices, applications, networks, objects, elements[FEATURE ID: 3] second device classes, user
[FEATURE ID: 4] common processing platform, interactive information exchange, informationsecret, database, credential, memory, key, token, code[FEATURE ID: 4] second digital signature different, load module, first decryption algorithm
[TRANSITIVE ID: 5] comprisingcomprises, involving, includes, having, by, containing, using[TRANSITIVE ID: 5] comprising, including
[FEATURE ID: 6] secure communication sessionsecurity, secure, trust[FEATURE ID: 6] software
[TRANSITIVE ID: 7] computing, logon component, resource, apparatus, computing environment componentcomputer, device, user, system, machine, client, first[TRANSITIVE ID: 7] first device class, second device class, first electronic appliance, second electronic appliance different
[FEATURE ID: 8] deviceuser, machine, apparatus, devise, deice, unit[FEATURE ID: 8] device
[FEATURE ID: 9] logon informationidentity, authenticity, verification[FEATURE ID: 9] results
[FEATURE ID: 10] security context, unique identifier, time stamp, logon identifiertoken, message, code, value, document, password, secret[FEATURE ID: 10] first digital signature, specification, digital certificate
[FEATURE ID: 11] uniquedifferent, predetermined, particular, corresponding[FEATURE ID: 11] second
[FEATURE ID: 12] authorization communicationsoperation, process, steps[FEATURE ID: 12] step
[FEATURE ID: 13] claimstep, claimed, embodiment, item, clair, clam, figure[FEATURE ID: 13] claim
[FEATURE ID: 14] stateless security contextkey, signature, seal[FEATURE ID: 14] resistant barrier
[FEATURE ID: 15] user computing devicedevice, appliance, apparatus[FEATURE ID: 15] second electronic appliance
[FEATURE ID: 16] onescharacteristics, properties, states, capabilities, features, levels[FEATURE ID: 16] resistances, functions
[FEATURE ID: 17] resources suchcredentials, requirements, settings, characteristics[FEATURE ID: 17] security levels
[FEATURE ID: 18] accessauthentication, confidentiality, security, protection, safety[FEATURE ID: 18] security level different, security level
[FEATURE ID: 19] common useconfiguration, function, state[FEATURE ID: 19] same portion
1 . A method [FEATURE ID: 1]

of accessing [TRANSITIVE ID: 2]

any of a plurality of resources [FEATURE ID: 3]

wherein at least some of the resources do not share a common processing platform [FEATURE ID: 4]

, the method comprising [TRANSITIVE ID: 5]

: establishing [TRANSITIVE ID: 2]

a secure communication session [FEATURE ID: 6]

between a user computing [TRANSITIVE ID: 7]

device [FEATURE ID: 8]

and a logon component [FEATURE ID: 7]

, wherein the secure communication session comprises a temporary , interactive information exchange [FEATURE ID: 4]

that is set up and then torn down ; verifying [TRANSITIVE ID: 2]

logon information [FEATURE ID: 9]

provided by the user computing device to the logon component using the secure communication session and responsively generating a security context [FEATURE ID: 10]

to be employed by the user computing device that is : unique [FEATURE ID: 11]

to a user of the user computing device ; necessary to access any of the plurality of resources without requiring any follow - on authorization communications [FEATURE ID: 12]

between the accessed resource [FEATURE ID: 7]

and the logon component . 2 . The method of claim [FEATURE ID: 13]

1 wherein verifying the logon information comprises comparing the logon information to previously stored information [FEATURE ID: 4]

that identifies the user . 3 . The method of claim 1 wherein a security context that is unique to the user comprises , at least in part , a unique identifier [FEATURE ID: 10]

as corresponds to the user . 4 . The method of claim 1 wherein the security context comprises a stateless security context [FEATURE ID: 14]

. 5 . The method of claim 1 wherein generating a security context to be employed by the user computing device [FEATURE ID: 15]

comprises generating a security context that will support contemporaneously accessing at least two of the plurality of resources . 6 . The method of claim 1 wherein generating a security context comprises generating a security context that automatically preserves access limitations specific [FEATURE ID: 1]

to the user as corresponds to varying ones [FEATURE ID: 16]

of the plurality of resources such [FEATURE ID: 17]

that the user ' s degree of access [FEATURE ID: 18]

to a given accessed resource can vary notwithstanding a common use [FEATURE ID: 19]

of the security context . 7 . The method of claim 1 wherein generating a security context comprises generating a time - limited security context . 8 . The method of claim 7 wherein generating a time - limited security context comprises including a time stamp [FEATURE ID: 10]

in the security context . 9 . An apparatus [FEATURE ID: 7]

comprising : at least one trusted computing environment component [FEATURE ID: 7]

configured to facilitate : establishing a secure communication session between a user computing device and a logon component , wherein the secure communication session comprises a temporary , interactive information exchange that is set up and then torn down ; verifying logon information provided by the user computing device to the logon component using the secure communication session and responsively generating a security context that is : unique to a user of the user computing device ; necessary to access any of the plurality of resources without requiring any follow - on authorization communications between the accessed resource and the logon component . 10 . The apparatus of claim 9 wherein the security context comprises , at least in part , a unique identifier as corresponds to the user . 11 . The apparatus of claim 9 wherein the security context comprises a stateless security context . 12 . The apparatus of claim 9 wherein the security context is operable to support contemporaneously accessing at least two of the plurality of resources . 13 . The apparatus of claim 9 wherein the security context automatically preserves access limitations specific to the user as corresponds to varying ones of the plurality of resources such that the user ' s degree of access to a given accessed resource can permissibly vary notwithstanding a common use of the security context . 14 . The apparatus of claim 9 wherein the security context comprises a time - limited security context . 15 . The apparatus of claim 14 wherein the time - limited security context includes a time stamp . 16 . A method to facilitate accessing protected on - line resources via corresponding secured transactions [FEATURE ID: 3]

, comprising : at a user computing device : presenting , to other than the on - line resources , at least a logon identifier [FEATURE ID: 10]

1 . A security method [FEATURE ID: 1]

comprising [TRANSITIVE ID: 5]

: ( a ) digitally signing [TRANSITIVE ID: 2]

a first load module with a first digital signature [FEATURE ID: 10]

designating the first load module for use [FEATURE ID: 2]

by a first device class [FEATURE ID: 7]

; ( b ) digitally signing a second load module with a second digital signature different [FEATURE ID: 4]

from the first digital signature , the second digital signature designating the second load module for use by a second device class [FEATURE ID: 7]

having [TRANSITIVE ID: 2]

at least one of tamper resistance and security level different [FEATURE ID: 18]

from the at least one of tamper resistance and security level [FEATURE ID: 18]

of the first device class ; ( c ) distributing [TRANSITIVE ID: 2]

the first load module for use by at least one device [FEATURE ID: 8]

in the first device class ; and ( d ) distributing the second load module for use by at least one device in the second device class . 2 . A method [FEATURE ID: 1]

as in claim [FEATURE ID: 13]

1 further including [TRANSITIVE ID: 5]

the step [FEATURE ID: 12]

of using the first and second digital signatures to prevent the tamper resistances [FEATURE ID: 16]

or security levels [FEATURE ID: 17]

of the first and second device classes [FEATURE ID: 3]

from becoming equal . 3 . A method as in claim 1 further including the step of conditionally executing , based at least in part on authenticating the first digital signature , the first load module with a first electronic appliance [FEATURE ID: 7]

within the first device class . 4 . A method as in claim 3 further including the step of conditionally executing , based at least in part on authenticating the second digital signature , the second load module with a second electronic appliance different [FEATURE ID: 7]

from the first electronic appliance , the second electronic appliance [FEATURE ID: 15]

being within the second device class . 5 . A software [FEATURE ID: 6]

verifying method comprising : ( a ) testing a load module [FEATURE ID: 4]

having at least one specification [FEATURE ID: 10]

associated therewith , the specification describing one or more functions [FEATURE ID: 16]

performed by the load module ; ( b ) verifying that the load module satisfies the specification ; and ( c ) issuing at least one digital certificate [FEATURE ID: 10]

attesting to the results [FEATURE ID: 9]

of the verifying step . 6 . A method of authenticating a load module comprising : ( a ) authenticating a first digital signature associated with some or all of the load module , including the step of employing a first one - way hash algorithm , a first decryption algorithm [FEATURE ID: 4]

, and a first public key key , the first public key [FEATURE ID: 1]

secured behind a tamper resistant barrier [FEATURE ID: 14]

and therefore hidden from the user [FEATURE ID: 3]

; and ( b ) authenticating a second digital signature associated with the same portion [FEATURE ID: 19]

of the load module as the first digital signature is associated with , including the step of employing at least one of : ( i ) a second [FEATURE ID: 11]