Dominique L Fedronic

8522014, Aug 27, 2013

Mar 15, 2007

12/282782

Dominique Fedronic - Belmont CA, US
Eric Le Saint - Sunnyvale CA, US
John Babbidge - Alameda CA, US
Hong Liu - Singapore, SG

Actividentity - Fremont CA

H04L 29/06
H04L 9/32
H04L 9/08
G06K 5/00

713164, 713176, 713168, 380278, 380282, 380285, 235380

A system obtains assurance by a content provider that a content control key is securely stored in a remote security module for further secure communications between the content provider and the security module. A security module manufacturer, which has a pre-established trustful relation with the security module, imports a symmetric transport key into the security module. The symmetric transport key is unique to the security module. The content provider shares the symmetric transport key with the security module manufacturer. The content provider exchanging messages with the security module through a security module communication manager in order to get the proof that the security module stores the content control key. At least a portion of the messages exchanged between the content provider and the security module are protected using the symmetric transport key. The symmetric transport key is independent of said content control key.

8628019, Jan 14, 2014

Jan 3, 2008

11/969129

Yves Louis Gabriel Audebert - Los Gatos CA, US
Eric Fernand Le Saint - Cupertino CA, US
Jason Hart - Fremont CA, US
Dominique Fedronic - Belmont CA, US

ActivIdentity, Inc. - Fremont CA

G06F 17/00
G06K 19/00
G06K 19/06
G05B 19/00

235492, 235375, 235382, 235487, 340 52, 340 57, 340 58, 3405721

A portable authentication system includes a security module, that may be a smart card, SIM (Subscriber Identity Module), USB controller with a secure chip, or similar module capable of storing one or more credentials, and an interface module such as a digital badge holder that is able to communicate with the security module, for instance by providing a smart card communication interface. The portable authentication system may be either a single integrated system or a dual system where the security module can be removed or disconnected from the interface system.

20040034783, Feb 19, 2004

Aug 15, 2002

10/218640

Dominique Fedronic - Belmont CA, US
Eric Le Saint - Fremont CA, US

H04L009/32

713/186000

This invention provides for progressive processing of biometric samples to facilitate verification of an authorized user. The initial processing is performed by a security token. Due to storage space and processing power limitations, excessive false rejections may occur. To overcome this shortfall, the biometric sample is routed to a stateless server, which has significantly greater processing power and data enhancement capabilities. The stateless server receives, processes and returns the biometric sample to the security token for another attempt at verification using the enhanced biometric sample. In a second embodiment of the invention, a second failure of the security token to verify the enhanced biometric sample sends either the enhanced or raw biometric sample to a stateful server. The stateful server again processes the biometric sample and performs a one to many search of a biometric database. The biometric database contains the master set of enrolled biometric templates associated with all authorized users. Signals generated by the stateful server are used by the security token to allow or deny access to a resource or function. In both embodiments of the invention, the heuristics remain with the security token.

20040034784, Feb 19, 2004

Aug 15, 2002

10/218665

Dominique Fedronic - Belmont CA, US
Eric Le Saint - Fremont CA, US

H04L009/32

713/186000, 713/202000

This invention provides a mechanism, which allows a user's personal identification number (PIN) to operate independently from a biometric authentication system. This improvement reduces the administrative burden of having to keep a user's PIN synchronized with the PIN used to access the user's smart card following successful biometric authentication. The first embodiment of the invention incorporates a cryptographic interface, which bypasses the PIN entry and allows the biometric authentication system to directly access card resources. The second embodiment of the invention provides a second system PIN having greater bit strength than the cardholder PIN. Both embodiments of the invention retrieve secrets (either a cryptographic key or system PIN) from a biometric database by comparing a processed biometric sample with known biometric templates. The biometric authentication system incorporates a client-server architecture, which facilitates multiple biometric authentications.

20050136964, Jun 23, 2005

Dec 22, 2003

10/740497

Eric Le Saint - Los Altos CA, US
Dominique Fedronic - Belmont CA, US

H04B007/00

455522000, 713155000

An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction.

20050138380, Jun 23, 2005

Dec 22, 2003

10/740518

Dominique Fedronic - Belmont CA, US
Wu Wen - Sunnyvale CA, US

H04L009/00

713172000

An integrated security system which seamlessly assimilates with current generation logical security systems. The integrated security system incorporates a security controller having standard network interface capabilities including EEE 802.x and takes advantage of the convenience and security offered by smart cards and related devices for both physical and logical security purposes. The invention is based on standard remote authentication dial-in service (RADIUS) protocols or TCP/IP using SSL, TLS, PCT or IPsec and stores a shared secret required by the secure communication protocols in a secure access module coupled to the security controller. The security controller is intended to be a networked client or embedded intelligent device controlled remotely by to an authentication server. In another embodiment of the invention one or more life cycle management transactions are performed with the secure access module. These transactions allow for the updating, replacement, deletion and creation of critical security parameters, cryptographic keys, user data and applications used by the secure access module and/or security token. In another embodiment of the invention a security access module associated with the security controller locally performs local authentication transactions which are recorded in a local access list used to update a master access list maintained by the authentication server.

20050138421, Jun 23, 2005

Dec 23, 2003

10/743323

Dominique Fedronic - Belmont CA, US
Eric Le Saint - Los Altos CA, US

H04L009/00

713201000

A method, system and computer program product for accessing one or more security token resources using an authentication server as an intermediary before access is permitted to the security token resources. The server intermediary performs an initial authentication based on a user supplied critical security parameter. To ensure confidentiality of transported critical security parameters, a secure messaging session is established which provides end-to-end security between the authentication server and the security token. A second critical security parameter is then sent to the security token. The security token authenticates the second critical security parameter and allows access token resources. Alternate secure communications mechanisms and an invalid entry counter reset capability are also described.

20050229005, Oct 13, 2005

Apr 7, 2004

10/819131

Eric Le Saint - Los Altos CA, US
Dominique Fedronic - Belmont CA, US

ACTIVCARD Inc. - Fremont CA

G06F007/00

713185000, 726009000

A method and computer program product which comprises storing at least one data file inside a portable device such as security token or flash memory drive associated with a security badge. The data file includes sufficient information to allow a third party to verify the identity of an assignee of the security badge. The identity of the assignee is based at least in part on the information included in the data file by the third party without having to rely on a presentation affixed to one or more exterior surfaces of the security badge. Other embodiments of the invention comprises operatively coupling the security token to a security system, authenticating the assignee to the security token, generating a digital signature of the data file using a private key, and sending the digital signature, the data file and a digital certificate associated with the private key to said security system. The sufficient information comprises a digital photograph of the assignee, the assignee's name, the assignee's employer name, a logo of the employer or a security badge number and instructions for reading the data file when provided in a proprietary format. Final verification of the assignee's identity is performed by a security officer.