US 6,233,341 B1 - System and method for installing and using a temporary certificate at a remote site

	Alert Frequency
	Daily (M-F)
	Weekly

8 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A system installs and enables the use of a temporary certificate at a remote site. The system comprises a global server site, a temporary client site and a web site. The global server site includes a security module that identifies and authenticates the user at the temporary client site, and a web server engine that downloads a key generation downloadable and a certificate request engine downloadable upon user authentication to the client site. The client site includes a web engine that executes the key generation downloadable to generate a public key and a private key, and executes the certificate request engine downloadable to send the a temporary certificate request (including the public key) to the global server site. A temporary certificate generator at the global server site generates a temporary certificate having the public key and a validity period. The web server on the global server site sends the temporary certificate and a certificate installation downloadable to the web engine on the client site, which executes the downloadable thereby installing the temporary certificate. The web server on the global server site can also send a certificate maintenance downloadable and a certificate de-installation downloadable to the client site. The web server engine maintains a revocation list that contains information identifying revoked temporary certificates, so that a revoked but thusfar unexpired certificate cannot be improperly used. The web site reviews the temporary certificate for authenticity and contacts the global server site to review the revocation list and determine whether the temporary certificate has been revoked.

622 Citations

582 Forward Citations

40 References Cited

Rollback attack prevention system and method
Patent # US 7,907,729 B2 Filed 04/30/2004	Current Assignee Sg Gaming Inc.	Original Assignee Bally Gaming Incorporated

MAINTAINING AN IP CONNECTION IN A MOBILE NETWORK
Patent # US 20110051610A1 Filed 08/09/2010	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

Apparatus and method for generating keys in a network computing environment
Patent # US 7,890,758 B2 Filed 03/27/2003	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Network-initiated data transfer in a mobile network
Patent # US 7,904,101 B2 Filed 06/21/2006	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

REMOTE CERTIFICATE MANAGEMENT
Patent # US 20110066848A1 Filed 09/17/2010	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

Virtual smart card system and method
Patent # US 7,890,767 B2 Filed 02/03/2009	Current Assignee SafeNet Data Security Israel Ltd.	Original Assignee Aladdin Knowledge Systems Limited

NETWORK-INITIATED DATA TRANSFER IN A MOBILE NETWORK
Patent # US 20110047232A1 Filed 08/20/2010	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Simultaneous real-time access to financial information
Patent # US 20110047057A1 Filed 02/02/2010	Current Assignee DST Systems Incorporated	Original Assignee DST Systems Incorporated

METHOD AND APPARATUS FOR ORDERING GOODS, SERVICES AND CONTENT OVER AN INTERNETWORK USING A VIRTUAL PAYMENT ACCOUNT
Patent # US 20110137801A1 Filed 02/15/2011	Current Assignee Cria Inc.	Original Assignee eCharge Corporation

TOKEN RENEWAL
Patent # US 20110126002A1 Filed 11/24/2009	Current Assignee Red Hat Inc.	Original Assignee Red Hat Inc.

Simultaneous real-time access to financial information
Patent # US 7,962,517 B2 Filed 02/02/2010	Current Assignee DST Systems Incorporated	Original Assignee DST Systems Incorporated

Multiple level public key hierarchy for performance and high security
Patent # US 7,929,701 B1 Filed 01/28/2000	Current Assignee Google Technology Holdings LLC	Original Assignee General Instrument Corporation

System and method for pushing information from a host system to a mobile data communication device
Patent # US 7,953,802 B2 Filed 12/14/2005	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Method and apparatus for automated personal information management data transfer for a wireless enabled handheld
Patent # US 8,001,177 B2 Filed 02/28/2007	Current Assignee Qualcomm Inc.	Original Assignee Hewlett-Packard Development Company L.P.

USE AND GENERATION OF A SESSION KEY IN A SECURE SOCKET LAYER CONNECTION
Patent # US 20110231650A1 Filed 05/27/2011	Current Assignee Onespan North America Incorporated	Original Assignee Frank Coulier

AUTOMATICALLY GENERATING A CERTIFICATE OPERATION REQUEST
Patent # US 20110213966A1 Filed 02/26/2010	Current Assignee Red Hat Inc.	Original Assignee Red Hat Inc.

IDENTITY MANAGEMENT CERTIFICATE OPERATIONS
Patent # US 20110213965A1 Filed 02/26/2010	Current Assignee Red Hat Inc.	Original Assignee Red Hat Inc.

AUTOMATED CERTIFICATE MANAGEMENT
Patent # US 20110219227A1 Filed 03/08/2010	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

WIRELESS ROUTER SYSTEM AND METHOD
Patent # US 20110225630A1 Filed 05/19/2011	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Use and generation of a session key in a secure socket layer connection
Patent # US 7,975,139 B2 Filed 04/30/2002	Current Assignee Onespan North America Incorporated	Original Assignee Vasco Data Security Incorporated

Flexible billing architecture
Patent # US 8,010,082 B2 Filed 10/19/2005	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Detecting duplicative user data on computing device
Patent # US 8,015,163 B2 Filed 06/29/2009	Current Assignee Qualcomm Inc.	Original Assignee Hewlett-Packard Development Company L.P.

CERTIFICATE REMOTING AND RECOVERY
Patent # US 20110202759A1 Filed 02/12/2010	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

Managing user-to-user contact with inferred presence information
Patent # US 8,069,166 B2 Filed 02/27/2006	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

Fast authentication and access control system for mobile networking
Patent # US 8,065,518 B1 Filed 02/01/2005	Current Assignee ATT Intellectual Property II LP	Original Assignee ATT Intellectual Property I LP

Wireless router system and method
Patent # US 8,050,684 B2 Filed 01/22/2009	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Multiple data store authentication
Patent # US 8,064,583 B1 Filed 09/21/2006	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

System and method for pushing information from a host system to a mobile data communication device
Patent # US 8,060,564 B2 Filed 07/16/2004	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

METHOD AND APPARATUS FOR ORDERING GOODS, SERVICES, AND CONTENT OVER AN INTERNETWORK USING A VIRTUAL PAYMENT ACCOUNT
Patent # US 20110276494A1 Filed 07/19/2011	Current Assignee SertintyONE Corp.	Original Assignee eCharge Corporation

METHOD AND APPARATUS FOR ORDERING GOODS, SERVICES AND CONTENT OVER AN INTERNETWORK USING A VIRTUAL PAYMENT ACCOUNT
Patent # US 20100274683A1 Filed 07/09/2010	Current Assignee Cria Inc.	Original Assignee eCharge Corporation

METHOD AND SYSTEM FOR MANAGING NETWORK IDENTITY
Patent # US 20100031030A1 Filed 10/20/2008	Current Assignee Industrial Technology Research Institute	Original Assignee Industrial Technology Research Institute

Maintaining an IP connection in a mobile network
Patent # US 7,774,007 B2 Filed 06/21/2006	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

Local Agent for Remote File Access System
Patent # US 20100049721A1 Filed 10/30/2009	Current Assignee Citrix Systems Inc.	Original Assignee Benhov GmbH LLC

Chain of trust processing
Patent # US 7,747,852 B2 Filed 05/24/2007	Current Assignee Northrop Grumman Systems Corp.	Original Assignee Northrop Grumman Corporation

METHOD AND APPARATUS FOR ORDERING GOODS, SERVICES AND CONTENT OVER AN INTERNETWORK USING A VIRTUAL PAYMENT ACCOUNT
Patent # US 20100306081A1 Filed 06/07/2010	Current Assignee Cria Inc.	Original Assignee eCharge Corporation

METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING
Patent # US 20100268650A1 Filed 06/25/2010	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Remote certificate management
Patent # US 7,809,940 B2 Filed 06/29/2005	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

Connectivity function for forwarding e-mail
Patent # US 7,769,400 B2 Filed 08/11/2008	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

METHOD AND APPARATUS FOR ORDERING GOODS, SERVICES AND CONTENT OVER AN INTERNETWORK USING A VIRTUAL PAYMENT ACCOUNT
Patent # US 20100312708A1 Filed 07/09/2010	Current Assignee eCharge Corporation	Original Assignee eCharge Corporation

Secure transport for mobile communication network
Patent # US 7,827,597 B2 Filed 10/19/2007	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Method and apparatus for intercepting events in a communication system
Patent # US 7,680,281 B2 Filed 09/16/2008	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING
Patent # US 20100325439A1 Filed 06/28/2010	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Systems and methods for simplified provisioning
Patent # US 7,796,742 B1 Filed 04/21/2005	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

Data security in a mobile e-mail service
Patent # US 7,706,781 B2 Filed 11/21/2005	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

SYSTEM AND METHOD OF MANAGING INFORMATION DISTRIBUTION TO MOBILE STATIONS
Patent # US 20100030887A1 Filed 02/15/2008	Current Assignee Blackberry Limited	Original Assignee Gary Mousseau, Barry J. Gilhuly

Simultaneous real-time presentation of financial information
Patent # US 7,686,208 B2 Filed 06/26/2007	Current Assignee DST Systems Incorporated	Original Assignee DST Systems Incorporated

DIGITAL RIGHTS MANAGEMENT SYSTEM AND METHOD
Patent # US 20100077217A1 Filed 12/02/2009	Current Assignee Rockwell Automation Technologies Incorporated	Original Assignee Rockwell Automation Technologies Incorporated

Digital Content Rights Management Method and System
Patent # US 20100086130A1 Filed 12/11/2007	Current Assignee Beijing Founder Apabi Technology Limited	Original Assignee Peking University Founder Group Company Limited, Peking University, Beijing Founder Apabi Technology Limited

Method and apparatus for broadcast signaling in a wireless communication system
Patent # US 7,693,508 B2 Filed 08/20/2001	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

OVER THE AIR SERVICES FOR MOBILE DEVICES
Patent # US 20100122324A1 Filed 09/24/2009	Current Assignee Qualcomm Inc.	Original Assignee Palm Inc.

Systems and methods for automated configuration of secure web site publishing
Patent # US 7,788,495 B2 Filed 06/03/2003	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

Hallmarking verification process and system and corresponding method of and system for communication
Patent # US 7,831,824 B2 Filed 03/20/2001	Current Assignee Comodo Research Lab Limited	Original Assignee Comodo Research Lab Limited

METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING
Patent # US 20100332397A1 Filed 06/28/2010	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING
Patent # US 20100332839A1 Filed 06/25/2010	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING
Patent # US 20100325437A1 Filed 06/28/2010	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

METHOD AND APPARATUS FOR INTERCEPTING EVENTS IN A COMMUNICATION SYSTEM
Patent # US 20090016526A1 Filed 09/16/2008	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Virtual smart card system and method
Patent # US 7,487,357 B2 Filed 06/21/2006	Current Assignee SafeNet Data Security Israel Ltd.	Original Assignee Aladdin Knowledge Systems

Privacy and identification in a data communications network
Patent # US 7,496,751 B2 Filed 10/29/2001	Current Assignee Oracle America Inc.	Original Assignee Sun Microsystems Incorporated

AUTHENTICATION FACTORS WITH PUBLIC-KEY INFRASTRUCTURE
Patent # US 20090037729A1 Filed 08/03/2007	Current Assignee SafeNet Data Security Israel Ltd.	Original Assignee SafeNet Data Security Israel Ltd.

Transparent on-demand certificate provisioning for secure email
Patent # US 7,502,924 B2 Filed 01/25/2005	Current Assignee Dropbox Inc.	Original Assignee International Business Machines Corporation

System and method for redirecting message attachments between a host system and a mobile data communication device
Patent # US 7,509,376 B2 Filed 05/20/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

SESSION CONTROL SERVER, COMMUNICATION DEVICE, COMMUNICATION SYSTEM AND COMMUNICATION METHOD, AND PROGRAM AND RECORDING MEDIUM FOR THE SAME
Patent # US 20090094692A1 Filed 10/03/2008	Current Assignee Nippon Telegraph and Telephone Corporation	Original Assignee Nippon Telegraph and Telephone Corporation

Public key certification providing apparatus
Patent # US 7,529,926 B2 Filed 04/16/2003	Current Assignee Canon Kabushiki Kaisha	Original Assignee Canon Kabushiki Kaisha

Wireless router system and method
Patent # US 7,529,230 B2 Filed 08/24/2005	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Revocation of a certificate and exclusion of other principals in a digital rights management (DRM) system based on a revocation list from a delegated revocation authority
Patent # US 7,543,140 B2 Filed 02/26/2003	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

Security Mechanism within a Local Area Network
Patent # US 20090187760A1 Filed 01/23/2008	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

IMX session control and authentication
Patent # US 7,581,244 B2 Filed 01/25/2006	Current Assignee Seiko Epson Corporation	Original Assignee Seiko Epson Corporation

Device-side data de-duping
Patent # US 7,574,444 B2 Filed 11/15/2006	Current Assignee Qualcomm Inc.	Original Assignee Palm Inc.

Personal website for electronic commerce on a smart Java card with multiple security check points
Patent # US 7,571,461 B2 Filed 09/29/2004	Current Assignee eBay Inc.	Original Assignee International Business Machines Corporation

Method and apparatus for updating web certificates
Patent # US 7,594,107 B1 Filed 12/20/1999	Current Assignee Entrust Technologies Limited	Original Assignee Entrust Incorporated

System and method for configuring a valid duration period for a digital certificate
Patent # US 20090228703A1 Filed 03/10/2008	Current Assignee SecureAuth Incorporated	Original Assignee SecureAuth Incorporated

Over-the-air device kill pill and lock
Patent # US 7,603,435 B2 Filed 11/15/2006	Current Assignee Qualcomm Inc.	Original Assignee Palm Inc.

System and method for redirecting data to a wireless device over a plurality of communication paths
Patent # US 7,606,936 B2 Filed 08/09/2001	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

SYSTEM AND METHOD FOR SECURED NETWORK ACCESS UTILIZING A CLIENT .NET SOFTWARE COMPONENT
Patent # US 20090307486A1 Filed 06/09/2008	Current Assignee MultiFactor Corporation	Original Assignee MultiFactor Corporation

DEVICE-SIDE DATA DE-DUPING
Patent # US 20090313264A1 Filed 06/29/2009	Current Assignee Qualcomm Inc.	Original Assignee Palm Inc.

Presenter view control system and method
Patent # US 7,634,540 B2 Filed 10/12/2006	Current Assignee Seiko Epson Corporation	Original Assignee Seiko Epson Corporation

System and method for secure remote access
Patent # US 7,321,971 B2 Filed 01/07/2004	Current Assignee Hulu LLC	Original Assignee International Business Machines Corporation

Simultaneous real-time presentation of financial information
Patent # US 20080005006A1 Filed 06/26/2007	Current Assignee DST Systems Incorporated	Original Assignee Scott Hawkins, Todd Glasgow, Bradley Glascock, Robert Tritt, Kyle Mallot

UNIFIED MESSAGE SYSTEM AND METHOD
Patent # US 20080008163A1 Filed 09/19/2007	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Large Scale Real-Time Presentation of a Network Conference Having a Plurality of Conference Participants
Patent # US 20080016156A1 Filed 07/13/2006	Current Assignee Seiko Epson Corporation	Original Assignee Seiko Epson Corporation

Secure method for roaming keys and certificates
Patent # US 7,320,073 B2 Filed 04/07/2003	Current Assignee Google LLC	Original Assignee AOL LLC

System and Method for Secure Remote Access
Patent # US 20080016354A1 Filed 09/26/2007	Current Assignee Hulu LLC	Original Assignee International Business Machines Corporation

METHOD AND APPARATUS FOR ORDERING GOODS, SERVICES, AND CONTENT OVER AN INTERNETWORK USING A VIRTUAL PAYMENT ACCOUNT
Patent # US 20080016003A1 Filed 07/10/2007	Current Assignee Cria Inc.	Original Assignee eCharge Corporation

System and Method for Enterprise Security Including Symmetric Key Protection
Patent # US 20080008316A1 Filed 07/05/2006	Current Assignee Oracle International Corporation	Original Assignee BEA Systems Incorporated

System and method for controlling configuration settings for mobile communication devices and services
Patent # US 7,317,699 B2 Filed 10/28/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

SECURE TRANSPORT FOR MOBILE COMMUNICATION NETWORK
Patent # US 20080037787A1 Filed 10/19/2007	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords
Patent # US 20080034216A1 Filed 08/03/2006	Current Assignee Boncle Inc.	Original Assignee Boncle Inc.

Authorization infrastructure based on public key cryptography
Patent # US 7,340,600 B1 Filed 01/14/2000	Current Assignee Hewlett Packard Enterprise Development LP	Original Assignee Hewlett-Packard Development Company L.P.

Multi-level congestion control for large scale video conferences
Patent # US 20080091838A1 Filed 10/12/2006	Current Assignee Seiko Epson Corporation	Original Assignee Seiko Epson Corporation

Presenter view control system and method
Patent # US 20080091778A1 Filed 10/12/2006	Current Assignee Seiko Epson Corporation	Original Assignee Seiko Epson Corporation

SYSTEM AND METHOD FOR CONTROLLING CONFIGURATION SETTINGS FOR MOBILE COMMUNICATION DEVICES AND SERVICES
Patent # US 20080089302A1 Filed 11/20/2007	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Downloadable security and protection methods and apparatus
Patent # US 20080098212A1 Filed 10/20/2006	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

System and method of managing information distribution to mobile stations
Patent # US 7,356,591 B2 Filed 08/04/2006	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

SYSTEM AND METHOD FOR SECURE RECORD PROTOCOL USING SHARED KNOWLEDGE OF MOBILE USER CREDENTIALS
Patent # US 20080118059A1 Filed 11/22/2006	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

OVER-THE-AIR DEVICE KILL PILL AND LOCK
Patent # US 20080115226A1 Filed 11/15/2006	Current Assignee Qualcomm Inc.	Original Assignee Palm Inc.

DYNAMIC RESOURCE MANAGEMENT
Patent # US 20080115141A1 Filed 11/15/2006	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

SERVER-CONTROLLED HEARTBEATS
Patent # US 20080115152A1 Filed 11/15/2006	Current Assignee Hewlett-Packard Development Company L.P.	Original Assignee Hewlett-Packard Development Company L.P.

DEVICE-SIDE DATA DE-DUPING
Patent # US 20080114771A1 Filed 11/15/2006	Current Assignee Qualcomm Inc.	Original Assignee Palm Inc.

OVER-THE-AIR DEVICE SERVICES AND MANAGEMENT
Patent # US 20080114855A1 Filed 11/15/2006	Current Assignee Qualcomm Inc.	Original Assignee Hewlett-Packard Development Company L.P.

System and method for pushing information from a host system to a mobile data communication device
Patent # US 7,386,588 B2 Filed 04/10/2001	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Revocation information updating method, revocation information updating apparatus and storage medium
Patent # US 7,392,225 B2 Filed 12/13/2004	Current Assignee Matsushita Electric Industrial Company Limited, Toshiba Corporation	Original Assignee Matsushita Electric Industrial Company Limited, Toshiba Corporation

Method, Apparatus and Computer Program Product for Providing Intelligent Synchronization
Patent # US 20080133775A1 Filed 11/30/2006	Current Assignee Intellisync Corporation	Original Assignee Intellisync Corporation

Control and/or monitoring apparatus and method
Patent # US 7,397,363 B2 Filed 09/16/2002	Current Assignee Joao Control and Monitoring Systems LLC	Original Assignee Joao Control and Monitoring Systems LLC

Method For Authentication On A Subscriber Terminal
Patent # US 20080201749A1 Filed 07/21/2005	Current Assignee Huawei Technologies Co. Ltd.	Original Assignee Huawei Technologies Co. Ltd.

Wireless E-Mail System and Method for Using Same
Patent # US 20080215684A1 Filed 01/24/2006	Current Assignee Synchronica PLC	Original Assignee OZ Communications Incorporated

Method and apparatus for intercepting events in a communication system
Patent # US 7,441,271 B2 Filed 10/20/2005	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

Public key certification issuing apparatus
Patent # US 7,461,251 B2 Filed 04/22/2003	Current Assignee Canon Kabushiki Kaisha	Original Assignee Canon Kabushiki Kaisha

Remote certificate management
Patent # US 20070005956A1 Filed 06/29/2005	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

Network-initiated data transfer in a mobile network
Patent # US 20070019611A1 Filed 06/21/2006	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

Data update system, data update device and external storage medium
Patent # US 20070005879A1 Filed 09/08/2004	Current Assignee Matsushita Electric Industrial Company Limited	Original Assignee Matsushita Electric Industrial Company Limited

Method and apparatus for security in a data processing system
Patent # US 7,185,362 B2 Filed 08/28/2002	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

Fast authentication and access control method for mobile networking
Patent # US 7,174,456 B1 Filed 05/14/2002	Current Assignee ATT Inc.	Original Assignee ATT Inc.

Email access control scheme for communication network using identification concealment mechanism
Patent # US 7,188,358 B1 Filed 03/26/1999	Current Assignee Nippon Telegraph and Telephone Corporation	Original Assignee Nippon Telegraph and Telephone Corporation

System and method for synchronizing information between a host system and a mobile data communication device
Patent # US 7,209,949 B2 Filed 04/06/2001	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Notification system and method for a mobile data communication device
Patent # US 7,209,955 B1 Filed 04/10/2000	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Mobile communication terminal for wireless Internet access and a wireless Internet access method
Patent # US 20070113093A1 Filed 11/15/2006	Current Assignee LG Nortel Company Limited	Original Assignee LG Nortel Company Limited

Single one-time password token with single PIN for access to multiple providers
Patent # US 20070130463A1 Filed 03/15/2006	Current Assignee Boncle Inc.	Original Assignee Boncle Inc.

Microcomputer, method for writing program to microcomputer, and writing system
Patent # US 20070150755A1 Filed 12/27/2006	Current Assignee Renesas Electronics Corporation	Original Assignee NEC Electronics Corporation

Asynchronous encryption for secured electronic communications
Patent # US 20070130462A1 Filed 03/15/2006	Current Assignee Boncle Inc.	Original Assignee Boncle Inc.

Electronic wallet management
Patent # US 20070125838A1 Filed 03/15/2006	Current Assignee Boncle Inc.	Original Assignee Boncle Inc.

EXTENDED ELECTRONIC WALLET MANAGEMENT
Patent # US 20070125840A1 Filed 07/05/2006	Current Assignee Boncle Inc.	Original Assignee Boncle Inc.

Location based security modification system and method
Patent # US 20070157319A1 Filed 12/05/2006	Current Assignee Hewlett-Packard Development Company L.P.	Original Assignee Palm Inc.

IMX session control and authentication
Patent # US 20070180503A1 Filed 01/25/2006	Current Assignee Seiko Epson Corporation	Original Assignee Seiko Epson Corporation

Lightweight public key infrastructure employing unsigned certificates
Patent # US 7,269,726 B1 Filed 01/14/2000	Current Assignee Hewlett Packard Enterprise Development LP	Original Assignee Hewlett-Packard Development Company L.P.

Method and apparatus for automated personality transfer for a wireless enabled handheld
Patent # US 20070214231A1 Filed 02/28/2007	Current Assignee Qualcomm Inc.	Original Assignee Palm Inc.

Simultaneous real-time access to financial information
Patent # US 7,275,046 B1 Filed 12/30/1999	Current Assignee DST Systems Incorporated	Original Assignee DST Systems Incorporated

System and method for delayed transmission of bundled command messages
Patent # US 7,266,365 B2 Filed 10/20/2004	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Online creation and delivery of cryptographically verifiable one-time password tokens
Patent # US 20070220271A1 Filed 03/15/2006	Current Assignee Boncle Inc.	Original Assignee Boncle Inc.

Chain of trust processing
Patent # US 7,275,155 B1 Filed 11/01/2000	Current Assignee Northrop Grumman Systems Corp.	Original Assignee Northrop Grumman Corporation

Enhanced privacy protection in identification in a data communications network
Patent # US 7,275,260 B2 Filed 10/29/2001	Current Assignee Oracle America Inc.	Original Assignee Sun Microsystems Incorporated

Mutual authentication between two parties using two consecutive one-time passwords
Patent # US 20070220253A1 Filed 03/15/2006	Current Assignee Boncle Inc.	Original Assignee Boncle Inc.

Chain of Trust Processing
Patent # US 20070234039A1 Filed 05/24/2007	Current Assignee Northrop Grumman Systems Corp.	Original Assignee Northrop Grumman Systems Corp.

System, method and mobile device for remote control of a voice mail system
Patent # US 7,283,808 B2 Filed 01/18/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Monitoring apparatus and method
Patent # US 7,277,010 B2 Filed 10/03/2002	Current Assignee Joao Control and Monitoring Systems LLC	Original Assignee Raymond Anthony Joao

Advanced voice and data operations in a mobile data communication device
Patent # US 7,295,836 B2 Filed 03/11/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

RELAY OF ENTERPRISE MESSAGING SYSTEM EVENTS AMONG CLIENT DEVICES AND ONE OR MORE ENTERPRISE MESSAGING SYSTEMS
Patent # US 20070299972A1 Filed 05/01/2006	Current Assignee CONSILIENT TECHNOLOGIES CORPORATION	Original Assignee CONSILIENT TECHNOLOGIES CORPORATION

Managing changes in aircraft maintenance data
Patent # US 20070294278A1 Filed 06/20/2006	Current Assignee The Boeing Co.	Original Assignee The Boeing Co.

Videoconference System Clustering
Patent # US 20070285501A1 Filed 06/09/2006	Current Assignee Seiko Epson Corporation	Original Assignee Seiko Epson Corporation

Secure transport for mobile communication network
Patent # US 7,305,700 B2 Filed 01/08/2003	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

System and method for pushing information from a host system to a mobile data communication device
Patent # US 6,779,019 B1 Filed 04/10/2000	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

System and method of managing information distribution to mobile stations
Patent # US 7,107,341 B2 Filed 12/06/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Server monitoring
Patent # US 6,912,572 B1 Filed 07/12/2000	Current Assignee Dynatrace LLC	Original Assignee SYSCONTROL AG

Wireless router system and method
Patent # US 7,010,303 B2 Filed 12/21/2001	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

System and method for pushing information from a host system to a mobile data communication device
Patent # US 6,701,378 B1 Filed 09/23/1999	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Connection architecture for a mobile network
Patent # US 7,139,565 B2 Filed 01/08/2003	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

System and method providing configuration services for communications devices
Patent # US 7,114,021 B2 Filed 01/24/2002	Current Assignee Symbol Technologies LLC	Original Assignee Symbol Technologies Inc.

System and method for administrating a wireless communication network
Patent # US 7,103,656 B2 Filed 02/20/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Sender driven certification enrollment system
Patent # US 6,651,166 B1 Filed 04/09/1998	Current Assignee Axway Incorporated	Original Assignee Tumbleweed Software Corporation

System and method for updating information via a network
Patent # US 7,062,765 B1 Filed 05/25/1999	Current Assignee Intel Corporation	Original Assignee RealNetworks Inc.

Technique for securely communicating and storing programming material in a trusted domain
Patent # US 20060020786A1 Filed 07/20/2004	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Content processing system and content protecting method
Patent # US 6,993,135 B2 Filed 03/12/2001	Current Assignee Toshiba Corporation	Original Assignee Toshiba Corporation

Wireless router system and method
Patent # US 20060018283A1 Filed 08/24/2005	Current Assignee Blackberry Limited	Original Assignee Mihal Lazaridis, Gary Mousseau, Barry J. Gilhuly, Anthony G. Burns, Allan D. Lewis, Ian M. Patterson, Adrian Rogobete, Vi Thuan Banh

Method and apparatus for storing and updating information in a multi-cast system
Patent # US 7,007,040 B1 Filed 12/04/2001	Current Assignee General Dynamics C4 Systems Incorporated	Original Assignee General Dynamics C4 Systems Incorporated

Public key validation service
Patent # US 7,010,683 B2 Filed 01/13/2001	Current Assignee Hewlett-Packard Development Company L.P.	Original Assignee HOWLETT-PACKARD DEVELOPMENT COMPANY L.P.

System and method for pushing encrypted information between a host system and a mobile data communication device
Patent # US 20060069737A1 Filed 11/01/2005	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Continuing public key infrastructure operation while regenerating a new certification authority keypair and certificate
Patent # US 20060047951A1 Filed 08/27/2004	Current Assignee Cisco Technology Incorporated	Original Assignee Cisco Technology Incorporated

Session control server, communication system
Patent # US 20060047960A1 Filed 06/18/2004	Current Assignee Nippon Telegraph and Telephone Corporation	Original Assignee Nippon Telegraph and Telephone Corporation

Technique for securely communicating programming content
Patent # US 20060047957A1 Filed 12/07/2004	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

System and method for pushing information from a host system to a mobile data communication device
Patent # US 20060095525A1 Filed 12/14/2005	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Method and apparatus for intercepting events in a communication system
Patent # US 20060093135A1 Filed 10/20/2005	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Secure transaction protocol
Patent # US 20060168663A1 Filed 02/27/2002	Current Assignee SertintyONE Corp.	Original Assignee SertintyONE Corp.

Database synchronization
Patent # US 20060149794A1 Filed 12/08/2005	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

Virtual smart card system and method
Patent # US 7,085,931 B1 Filed 09/03/1999	Current Assignee SafeNet Data Security Israel Ltd.	Original Assignee Secure Computing Corporation

System and method for installing trust anchors in an endpoint
Patent # US 20060174124A1 Filed 01/25/2005	Current Assignee Cisco Technology Incorporated	Original Assignee Cisco Technology Incorporated

Managing private keys in a free seating environment
Patent # US 7,095,859 B2 Filed 03/18/2002	Current Assignee Lenovo PC International Limited	Original Assignee Lenovo Singapore Pte Limited

System and method for obtaining a digital certificate for an endpoint
Patent # US 20060174106A1 Filed 01/25/2005	Current Assignee Cisco Technology Incorporated	Original Assignee Cisco Technology Incorporated

Database synchronization via a mobile network
Patent # US 20060184591A1 Filed 12/28/2005	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

Data security in a mobile e-mail service
Patent # US 20060240804A1 Filed 11/21/2005	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

Using authentication certificates for authorization
Patent # US 7,130,999 B2 Filed 03/27/2002	Current Assignee Intel Corporation	Original Assignee Intel Corporation

System and method of managing information distribution to mobile stations
Patent # US 20060271679A1 Filed 08/04/2006	Current Assignee Blackberry Limited	Original Assignee Gary Mousseau, Barry J. Gilhuly

VIRTUAL SMART CARD SYSTEM AND METHOD
Patent # US 20060248347A1 Filed 06/21/2006	Current Assignee SafeNet Data Security Israel Ltd.	Original Assignee Secure Computing Corporation

Provisioning of e-mail settings for a mobile terminal
Patent # US 20060277265A1 Filed 11/30/2005	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

Rollback attack prevention system and method
Patent # US 20050044401A1 Filed 04/30/2004	Current Assignee Sg Gaming Inc.	Original Assignee Bally Gaming Incorporated

System and method for a web based trust model governing delivery of services and programs
Patent # US 6,854,016 B1 Filed 06/19/2000	Current Assignee Trend Micro America Inc.	Original Assignee International Business Machines Corporation

Revocation information updating method, revocation informaton updating apparatus and storage medium
Patent # US 6,850,914 B1 Filed 11/08/1999	Current Assignee Matsushita Electric Industrial Company Limited, Toshiba Corporation	Original Assignee Matsushita Electric Industrial Company Limited, Toshiba Corporation

Personal website for electronic commerce on a smart Java card with multiple security check points
Patent # US 20050050366A1 Filed 09/29/2004	Current Assignee eBay Inc.	Original Assignee International Business Machines Corporation

System and method for secure remote access
Patent # US 20050050329A1 Filed 01/07/2004	Current Assignee Hulu LLC	Original Assignee International Business Machines Corporation

System and method of managing encryption key management system for mobile terminals
Patent # US 20050144439A1 Filed 09/13/2004	Current Assignee Electronics and Telecommunications Research Institute	Original Assignee Electronics and Telecommunications Research Institute

Digital certificate proxy
Patent # US 20050138364A1 Filed 02/07/2005	Current Assignee Facebook Inc.	Original Assignee Terry N. Hayes, James Anthony Roskind, Robert Lord

System and method for bundling information
Patent # US 20050148356A1 Filed 10/20/2004	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Revocation information updating method, revocation information updating apparatus and storage medium
Patent # US 20050154880A1 Filed 12/13/2004	Current Assignee Masayuki Kozuka, Makoto Tatebayashi, Shunji Harada, Teruto Hirota, Masafumi Tamura, Toru Kamibayashi	Original Assignee Masayuki Kozuka, Makoto Tatebayashi, Shunji Harada, Teruto Hirota, Masafumi Tamura, Toru Kamibayashi

Information processing apparatus
Patent # US 20050273610A1 Filed 06/07/2005	Current Assignee Canon Kabushiki Kaisha	Original Assignee Canon Kabushiki Kaisha

Method and system for conditional installation and execution of services in a secure computing environment
Patent # US 20040015958A1 Filed 05/15/2001	Current Assignee Wave Systems Corporation	Original Assignee Wave Systems Corporation

System and method for providing secure communications between clients and service providers
Patent # US 20040030887A1 Filed 08/07/2002	Current Assignee Sun Microsystems Incorporated	Original Assignee Sun Microsystems Incorporated

System and method for pushing information from a host system to a mobile data communication device
Patent # US 20040073619A1 Filed 09/25/2003	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Hallmarking verification process and system and corresponding method of and system for communication
Patent # US 20040078564A1 Filed 02/20/2003	Current Assignee Comodo Research Lab Limited	Original Assignee Comodo Research Lab Limited

Dynamic credential refresh in a distributed system
Patent # US 6,769,068 B1 Filed 09/02/1999	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Composite material for biological or biochemical analysis microfluidic system
Patent # US 20040126779A1 Filed 10/20/2003	Current Assignee Commissariat a LEnergie Atomique	Original Assignee Commissariat a LEnergie Atomique

Revocation of a certificate and exclusion of other principals in a digital rights management (DRM) system based on a revocation list from a delegated revocation authority
Patent # US 20040168056A1 Filed 02/26/2003	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

Apparatus and method for generating keys in a network computing environment
Patent # US 20040190724A1 Filed 03/27/2003	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Digital signature system
Patent # US 6,807,633 B1 Filed 05/25/2000	Current Assignee JP Morgan Chase Bank N.A.	Original Assignee XIGN Incorporated

Secure method for roaming keys and certificates
Patent # US 20040199774A1 Filed 04/07/2003	Current Assignee Google LLC	Original Assignee AOL LLC

Image forming apparatus and function key assignment method
Patent # US 20040239973A1 Filed 03/12/2004	Current Assignee Ricoh Company Limited	Original Assignee Ricoh Company Limited

System and method for pushing information from a host system to a mobile data communication device
Patent # US 20040252727A1 Filed 07/16/2004	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Secure distribution of private keys to multiple clients
Patent # US 6,834,112 B1 Filed 04/21/2000	Current Assignee Intel Corporation	Original Assignee Intel Corporation

System and method providing configuration services for communications devices
Patent # US 20040267971A1 Filed 01/24/2002	Current Assignee Symbol Technologies LLC	Original Assignee Symbol Technologies Inc.

Systems and methods for automated configuration of secure web site publishing
Patent # US 20040250075A1 Filed 06/03/2003	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

System and method for pushing information from a host system to a mobile data communication device
Patent # US 20030005066A1 Filed 07/29/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Authentication for computer networks
Patent # US 20030023848A1 Filed 07/24/2002	Current Assignee Hewlett-Packard Development Company L.P.	Original Assignee Hewlett-Packard Development Company L.P.

Method, apparatus, and program for identifying, restricting, and monitoring data sent from client computers
Patent # US 20030037138A1 Filed 08/16/2001	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Centralized certificate management system for two-way interactive communication devices in data networks
Patent # US 6,516,316 B1 Filed 10/25/2000	Current Assignee Unwired Planet LLC	Original Assignee Openwave Systems Incorporated

Method and apparatus for security in a data processing system
Patent # US 20030039361A1 Filed 08/28/2002	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

System and method for pushing information from a host system to a mobile data communication device
Patent # US 20030050987A1 Filed 10/22/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Method and apparatus for server based handheld application and database management
Patent # US 6,553,375 B1 Filed 11/25/1998	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Identification and privacy in the World Wide Web
Patent # US 20030084172A1 Filed 10/29/2001	Current Assignee Sun Microsystems Incorporated	Original Assignee Sun Microsystems Incorporated

Systems and protocols for remote file access
Patent # US 20030084045A1 Filed 01/17/2002	Current Assignee Citrix Systems Inc.	Original Assignee Flying Wireless Incorporated

User access control to distributed resources on a data communications network
Patent # US 20030084171A1 Filed 10/29/2001	Current Assignee Sun Microsystems Incorporated	Original Assignee Sun Microsystems Incorporated

Local agent for remote file access system
Patent # US 20030084128A1 Filed 01/17/2002	Current Assignee Citrix Systems Inc.	Original Assignee Flying Wireless Incorporated

System and method for controlling configuration settings for mobile communication devices and services
Patent # US 20030081621A1 Filed 10/28/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Portability and privacy with data communications network browsing
Patent # US 20030084302A1 Filed 10/29/2001	Current Assignee Sun Microsystems Incorporated	Original Assignee Sun Microsystems Incorporated

Privacy and identification in a data
Patent # US 20030084288A1 Filed 10/29/2001	Current Assignee Oracle America Inc.	Original Assignee Sun Microsystems Incorporated

System and method of managing information distribution to mobile stations
Patent # US 20030109272A1 Filed 12/06/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Revocation information updating method, revocation information updating apparatus and storage medium
Patent # US 6,581,160 B1 Filed 10/20/2000	Current Assignee Panasonic Corporation	Original Assignee Matsushita Electric Industrial Company Limited

Method and system for parsing navigation information
Patent # US 20030131081A1 Filed 12/16/2002	Current Assignee Revenue Science	Original Assignee Revenue Science

Method and system for parsing navigation information
Patent # US 20030126111A1 Filed 12/16/2002	Current Assignee Revenue Science	Original Assignee Revenue Science

Connection architecture for a mobile network
Patent # US 20030157947A1 Filed 01/08/2003	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Public key certification providing apparatus
Patent # US 20030200437A1 Filed 04/16/2003	Current Assignee Canon Kabushiki Kaisha	Original Assignee Canon Kabushiki Kaisha

Using authentication certificates for authorization
Patent # US 20030188156A1 Filed 03/27/2002	Current Assignee Intel Corporation	Original Assignee Intel Corporation

System and method for configuring network access devices
Patent # US 20030204574A1 Filed 03/30/2001	Current Assignee Nokia Networks	Original Assignee Nokia Networks

Secure transport for mobile communication network
Patent # US 20030235308A1 Filed 01/08/2003	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

System and method for redirecting data to a wireless device over a plurality of communication paths
Patent # US 20020029258A1 Filed 08/09/2001	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

System and method for pushing encrypted information between a host system and a mobile data communication device
Patent # US 20020049818A1 Filed 08/13/2001	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Method and apparatus for cryptographic key rollover during operation
Patent # US 20020071563A1 Filed 12/12/2000	Current Assignee Hewlett-Packard Development Company L.P.	Original Assignee Hewlett-Packard Development Company L.P.

Securely sharing log-in credentials among trusted browser-based applications
Patent # US 6,438,600 B1 Filed 01/29/1999	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Scalable and secure messaging system for a wireless network
Patent # US 20020132609A1 Filed 03/14/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Advanced voice and data operations in a mobile data communication device
Patent # US 20020128036A1 Filed 03/11/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Public cryptographic control unit and system therefor
Patent # US 6,449,720 B1 Filed 05/17/1999	Current Assignee ESW Holdings Inc.	Original Assignee Wave Systems Corporation

Method and apparatus for broadcast signaling in a wireless communication system
Patent # US 20020142757A1 Filed 08/20/2001	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

System and method for administrating a wireless communication network
Patent # US 20020143866A1 Filed 02/20/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Use and generation of a session key in a secure socket layer connection
Patent # US 20020166048A1 Filed 04/30/2002	Current Assignee Onespan North America Incorporated	Original Assignee Frank Coulier

System and method for redirecting message attachments between a host system and a mobile data communication device
Patent # US 20020194285A1 Filed 05/20/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Common security protocol structure and mechanism and system and method for using
Patent # US 20020196935A1 Filed 07/25/2001	Current Assignee StoryMail Inc.	Original Assignee StoryMail Inc.

Content processing system and content protecting method
Patent # US 20010021255A1 Filed 03/12/2001	Current Assignee Toshiba Corporation	Original Assignee Toshiba Corporation

Public key validation service
Patent # US 20010032310A1 Filed 01/13/2001	Current Assignee Hewlett-Packard Development Company L.P.	Original Assignee Hewlett-Packard Development Company L.P.

Secure end-to-end transport through intermediary nodes
Patent # US 8,127,342 B2 Filed 09/23/2010	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Method and apparatus for providing protocol options in a wireless communication system
Patent # US 8,077,679 B2 Filed 10/24/2001	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

Over the air services for mobile devices
Patent # US 8,086,695 B2 Filed 09/24/2009	Current Assignee Qualcomm Inc.	Original Assignee Hewlett-Packard Development Company L.P.

TRANSACTIONAL SERVICES
Patent # US 20120011058A1 Filed 06/23/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee C-SAM Incorporated

TRANSACTIONAL SERVICES
Patent # US 20120005089A1 Filed 06/24/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee C-SAM Incorporated

Identifying and locating lost or stolen personal digital assistant devices via a landline- or wireless-connected web server
Patent # US RE43,070 E1 Filed 10/10/2006	Current Assignee Qualcomm Inc.	Original Assignee Hewlett-Packard Development Company L.P.

Provisioning applications for a mobile device
Patent # US 8,078,158 B2 Filed 06/26/2008	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Secure registration for a multicast-broadcast-multimedia system (MBMS)
Patent # US 8,098,818 B2 Filed 07/07/2003	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

Provisioning of e-mail settings for a mobile terminal
Patent # US 8,116,214 B2 Filed 11/30/2005	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Mobile virtual network operator
Patent # US 8,107,921 B2 Filed 01/11/2008	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Method and apparatus for security in a data processing system
Patent # US 8,121,296 B2 Filed 08/20/2001	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

Over-the-air device services and management
Patent # US 8,135,798 B2 Filed 11/15/2006	Current Assignee Qualcomm Inc.	Original Assignee Hewlett-Packard Development Company L.P.

System and method for controlling configuration settings for mobile communication devices and services
Patent # US 8,134,954 B2 Filed 11/20/2007	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Wireless router system and method
Patent # US 8,165,575 B2 Filed 05/19/2011	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Application and network-based long poll request detection and cacheability assessment therefor
Patent # US 8,166,164 B1 Filed 10/14/2011	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

System and method for enterprise security including symmetric key protection
Patent # US 8,175,269 B2 Filed 07/05/2006	Current Assignee Oracle International Corporation	Original Assignee Oracle International Corporation

System and method of managing information distribution to mobile stations
Patent # US 8,180,900 B2 Filed 02/15/2008	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Cache defeat detection and caching of content addressed by identifiers intended to defeat cache
Patent # US 8,190,701 B2 Filed 11/01/2011	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

System and method for pushing information between a host system and a mobile data communication device
Patent # US 8,230,026 B2 Filed 10/27/2007	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

System and method for controlling configuration settings for mobile communication devices and services
Patent # US 8,259,611 B2 Filed 02/03/2012	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Technique for securely communicating and storing programming material in a trusted domain
Patent # US 8,266,429 B2 Filed 07/20/2004	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Inc.

CENTRAL AND IMPLICIT CERTIFICATE MANAGEMENT
Patent # US 20120246475A1 Filed 03/22/2011	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

Maintaining an IP connection in a mobile network
Patent # US 8,285,200 B2 Filed 08/09/2010	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

Application and network-based long poll request detection and cacheability assessment therefor
Patent # US 8,291,076 B2 Filed 03/05/2012	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

System and method for configuring a valid duration period for a digital certificate
Patent # US 8,301,877 B2 Filed 03/10/2008	Current Assignee SecureAuth Incorporated	Original Assignee SecureAuth Incorporated

Technique for securely communicating programming content
Patent # US 8,312,267 B2 Filed 12/07/2004	Current Assignee Time Warner Cable Inc.	Original Assignee Time Warner Cable Inc.

System and method for installing trust anchors in an endpoint
Patent # US 8,312,263 B2 Filed 01/25/2005	Current Assignee Cisco Technology Incorporated	Original Assignee Cisco Technology Incorporated

Social caching for device resource sharing and management
Patent # US 8,316,098 B2 Filed 04/19/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Distributed management of keep-alive message signaling for mobile network resource conservation and optimization
Patent # US 8,326,985 B2 Filed 11/01/2011	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING
Patent # US 20130007444A1 Filed 09/12/2012	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING
Patent # US 20130007460A1 Filed 09/12/2012	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Managing changes in aircraft maintenance data
Patent # US 8,356,244 B2 Filed 06/20/2006	Current Assignee The Boeing Co.	Original Assignee The Boeing Co.

System and method for a mobile device to use physical storage of another device for caching
Patent # US 8,356,080 B2 Filed 07/20/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Electronic-mail filtering for mobile devices
Patent # US 8,364,181 B2 Filed 12/10/2007	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Method for providing wireless application privilege management
Patent # US 8,365,240 B2 Filed 07/26/2005	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

System and method for pushing information from a mobile computer to another device
Patent # US 8,407,305 B2 Filed 11/21/2011	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Context aware data presentation
Patent # US 8,412,675 B2 Filed 02/24/2006	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

PROXY SYSTEM FOR SECURITY PROCESSING WITHOUT ENTRUSTING CERTIFIED SECRET INFORMATION TO A PROXY
Patent # US 20130086378A1 Filed 09/28/2012	Current Assignee OKI Electric Industry Company Limited	Original Assignee OKI Electric Industry Company Limited

Aligning data transfer to optimize connections established for transmission over a wireless network
Patent # US 8,417,823 B2 Filed 11/18/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

Flexible real-time inbox access
Patent # US 8,438,633 B1 Filed 12/18/2006	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Configuring a valid duration period for a digital certificate
Patent # US 8,468,340 B2 Filed 10/29/2012	Current Assignee SecureAuth Incorporated	Original Assignee SecureAuth Incorporated

Publishing data in an information community
Patent # US 8,468,126 B2 Filed 12/14/2005	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Wireless router system and method
Patent # US 8,483,694 B2 Filed 09/09/2011	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Distributed caching in a wireless network of content delivered for a mobile application over a long-held request
Patent # US 8,484,314 B2 Filed 10/14/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Provisioning applications for a mobile device
Patent # US 8,494,510 B2 Filed 12/06/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Method and system for the supply of data, transactions and electronic voting
Patent # US 8,495,723 B2 Filed 06/25/2010	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

System, method and mobile device for remote control of a voice mail system
Patent # US 8,498,289 B2 Filed 09/19/2007	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

System and method for pushing information from a host system to a mobile data communication device in a wireless data network
Patent # US 8,516,055 B2 Filed 08/29/2001	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Downloadable security and protection methods and apparatus
Patent # US 8,520,850 B2 Filed 10/20/2006	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Mobile network background traffic data management with optimized polling intervals
Patent # US 8,539,040 B2 Filed 02/28/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Secure end-to-end transport through intermediary nodes
Patent # US 8,549,587 B2 Filed 02/14/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

System and method for executing commands that are non-native to the native environment of a mobile device
Patent # US 8,561,086 B2 Filed 05/17/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Database synchronization via a mobile network
Patent # US 8,620,858 B2 Filed 12/28/2005	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

Detecting and preserving state for satisfying application requests in a distributed proxy and cache system
Patent # US 8,621,075 B2 Filed 04/27/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

Certificate remoting and recovery
Patent # US 8,621,205 B2 Filed 02/12/2010	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

Cache state management on a mobile device to preserve user experience
Patent # US 8,635,339 B2 Filed 08/22/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Method and system for the supply of data, transactions and electronic voting
Patent # US 8,655,784 B2 Filed 06/28/2010	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Method and system for the supply of data, transactions and electronic voting
Patent # US 8,660,958 B2 Filed 06/28/2010	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Hardware-Based Credential Distribution
Patent # US 20140059664A1 Filed 10/25/2013	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

Token renewal
Patent # US 8,683,196 B2 Filed 11/24/2009	Current Assignee Red Hat Inc.	Original Assignee Red Hat Inc.

Polling
Patent # US 8,693,494 B2 Filed 03/31/2008	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Wireless router system and method
Patent # US 8,693,996 B2 Filed 02/16/2012	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

System and method of managing information distribution to mobile stations
Patent # US 8,694,650 B2 Filed 01/20/2012	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Method and system for managing network identity
Patent # US 8,694,772 B2 Filed 10/20/2008	Current Assignee Industrial Technology Research Institute	Original Assignee Industrial Technology Research Institute

Cache defeat detection and caching of content addressed by identifiers intended to defeat cache
Patent # US 8,700,728 B2 Filed 05/17/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Cross-platform event engine
Patent # US 8,209,709 B2 Filed 07/05/2010	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Distributed system for cache defeat detection and caching of content addressed by identifiers intended to defeat cache
Patent # US 8,204,953 B2 Filed 11/01/2011	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

Method and system for reduction of decoding complexity in a communication system
Patent # US 8,713,400 B2 Filed 01/06/2010	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

Controlling access to resources on a network
Patent # US 8,713,646 B2 Filed 12/09/2011	Current Assignee AirWatch LLC	Original Assignee Erich Stuntebeck

Apparatus and method for a secure broadcast system
Patent # US 8,718,279 B2 Filed 06/16/2004	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

Method and apparatus for providing authenticated challenges for broadcast-multicast communications in a communication system
Patent # US 8,724,803 B2 Filed 09/01/2004	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

Method and system for reduction of decoding complexity in a communication system
Patent # US 8,730,999 B2 Filed 06/18/2010	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

Dynamic adjustment of keep-alive message intervals in a mobile network
Patent # US 8,731,542 B2 Filed 03/08/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

Methods and apparatus for premises content distribution
Patent # US 8,732,854 B2 Filed 11/01/2006	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Electronic-mail filtering for mobile devices
Patent # US 8,738,050 B2 Filed 01/07/2013	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING
Patent # US 20140156990A1 Filed 02/06/2014	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Mobile device equipped with mobile network congestion recognition to make intelligent decisions regarding connecting to an operator network
Patent # US 8,750,123 B1 Filed 07/31/2013	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

Functionality watermarking and management
Patent # US 8,756,426 B2 Filed 07/03/2013	Current Assignee AirWatch LLC	Original Assignee Sky Socket Llc

Maintaining an IP connection in a mobile network
Patent # US 8,761,756 B2 Filed 09/13/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks International Oy

Integrated messaging
Patent # US 8,774,844 B2 Filed 04/08/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Enterprise-specific functionality watermarking and management
Patent # US 8,775,815 B2 Filed 07/03/2013	Current Assignee AirWatch LLC	Original Assignee Sky Socket Llc

Dynamic bandwidth adjustment for browsing or streaming activity in a wireless network based on prediction of user behavior when interacting with mobile applications
Patent # US 8,775,631 B2 Filed 02/25/2013	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Aggregating a user's transactions across a plurality of service institutions
Patent # US 8,781,923 B2 Filed 11/09/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee C-SAM Incorporated

Timing of keep-alive messages used in a system for mobile network resource conservation and optimization
Patent # US 8,782,222 B2 Filed 09/05/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING
Patent # US 20140201519A1 Filed 02/06/2014	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Application discovery on mobile devices
Patent # US 8,787,947 B2 Filed 06/18/2008	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

Content delivery to a mobile device from a content service
Patent # US 8,793,305 B2 Filed 12/13/2007	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

System and method of a relay server for managing communications and notification between a mobile device and a web access server
Patent # US 8,799,410 B2 Filed 04/13/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Functionality watermarking and management
Patent # US 8,806,217 B2 Filed 08/06/2013	Current Assignee AirWatch LLC	Original Assignee Sky Socket Llc

Maintaining mobile terminal information for secure communications
Patent # US 8,805,334 B2 Filed 09/05/2008	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Integrated messaging
Patent # US 8,805,425 B2 Filed 01/28/2009	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Mobile device power management in data synchronization over a mobile network with or without a trigger notification
Patent # US 8,811,952 B2 Filed 05/05/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Configuring a valid duration period for a digital certificate
Patent # US 8,812,838 B2 Filed 06/17/2013	Current Assignee SecureAuth Incorporated	Original Assignee SecureAuth Incorporated

Method and system for management of a virtual network connection without heartbeat messages
Patent # US 8,812,695 B2 Filed 04/03/2013	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

Systems and methods for controlling email access
Patent # US 8,826,432 B2 Filed 12/21/2012	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

System and method for tracking billing events in a mobile wireless network for a network operator
Patent # US 8,831,561 B2 Filed 04/28/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

System and method for making requests on behalf of a mobile device based on atomic processes for mobile network traffic relief
Patent # US 8,832,228 B2 Filed 04/26/2012	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

Systems and methods for controlling email access
Patent # US 8,832,785 B2 Filed 01/14/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Remote certificate management
Patent # US 8,832,430 B2 Filed 09/17/2010	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

Distributed caching for resource and mobile network traffic management
Patent # US 8,838,783 B2 Filed 07/05/2011	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

Flexible real-time inbox access
Patent # US 8,839,412 B1 Filed 09/13/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Web-based access to data objects
Patent # US 8,838,744 B2 Filed 01/28/2009	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Mobile traffic categorization and policy for network use optimization while preserving user experience
Patent # US 8,843,153 B2 Filed 11/01/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

System for providing policy based content service in a mobile network
Patent # US 8,849,902 B2 Filed 06/24/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Renewal processing of digital certificates in an asynchronous messaging environment
Patent # US 8,856,514 B2 Filed 03/12/2012	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Hierarchies and categories for management and deployment of policies for distributed wireless traffic optimization
Patent # US 8,861,354 B2 Filed 12/14/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Policy based content service
Patent # US 8,862,657 B2 Filed 01/25/2008	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Systems and methods for controlling email access
Patent # US 8,862,868 B2 Filed 12/06/2012	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

SECURING A COMMAND PATH BETWEEN A VEHICLE AND PERSONAL WIRELESS DEVICE
Patent # US 20140270172A1 Filed 03/14/2013	Current Assignee General Motors LLC	Original Assignee General Motors LLC

System of redundantly clustered machines to provide failover mechanisms for mobile traffic management and network resource conservation
Patent # US 8,868,753 B2 Filed 12/06/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Provisioning of e-mail settings for a mobile terminal
Patent # US 8,873,411 B2 Filed 01/12/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Signaling optimization in a wireless network for traffic utilizing proprietary and non-proprietary protocols
Patent # US 8,874,761 B2 Filed 03/15/2013	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Mobile application traffic optimization
Patent # US 8,886,176 B2 Filed 07/22/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Digital content rights management method and system
Patent # US 8,887,299 B2 Filed 12/11/2007	Current Assignee Beijing Founder Apabi Technology Limited	Original Assignee Peking University Founder Group Company Limited, Peking University, Beijing Founder Apabi Technology Limited

Automatically generating a certificate operation request
Patent # US 8,898,457 B2 Filed 02/26/2010	Current Assignee Red Hat Inc.	Original Assignee Red Hat Inc.

Over the air services for mobile devices
Patent # US 8,903,945 B2 Filed 12/12/2011	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

System and method for secure remote access
Patent # US 8,904,178 B2 Filed 09/26/2007	Current Assignee Hulu LLC	Original Assignee International Business Machines Corporation

Optimization of resource polling intervals to satisfy mobile device requests
Patent # US 8,903,954 B2 Filed 11/22/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Mobile virtual network operator
Patent # US 8,909,192 B2 Filed 08/11/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Bandwidth measurement
Patent # US 8,909,759 B2 Filed 10/12/2009	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Detection and management of user interactions with foreground applications on a mobile device in distributed caching
Patent # US 8,909,202 B2 Filed 01/07/2013	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Device management macros
Patent # US 8,914,013 B2 Filed 04/25/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

System and method for providing a network service in a distributed fashion to a mobile device
Patent # US 8,914,002 B2 Filed 08/11/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

SERVER APPARATUS, COMMUNICATION SYSTEM, AND DATA ISSUING METHOD
Patent # US 20140373118A1 Filed 06/11/2014	Current Assignee Toshiba Corporation	Original Assignee Toshiba Corporation

Optimization of mobile traffic directed to private networks and operator configurability thereof
Patent # US 8,918,503 B2 Filed 08/28/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Peripheral device management
Patent # US 8,924,608 B2 Filed 06/25/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Method and apparatus for intercepting events in a communication system
Patent # US RE45,348 E1 Filed 03/16/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

System and method for obtaining a digital certificate for an endpoint
Patent # US 8,943,310 B2 Filed 01/25/2005	Current Assignee Cisco Technology Incorporated	Original Assignee Cisco Technology Incorporated

CONFIGURING A VALID DURATION PERIOD FOR A DIGITAL CERTIFICATE
Patent # US 20150033022A1 Filed 08/13/2014	Current Assignee SecureAuth Incorporated	Original Assignee SecureAuth Incorporated

Application and network-based long poll request detection and cacheability assessment therefor
Patent # US 8,966,066 B2 Filed 10/12/2012	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

Method and apparatus for broadcast services in a communication system
Patent # US 8,971,790 B2 Filed 08/28/2009	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

DIGITAL CONTENT RIGHTS MANAGEMENT METHOD AND SYSTEM
Patent # US 20150067887A1 Filed 11/06/2014	Current Assignee Beijing Founder Apabi Technology Limited	Original Assignee Peking University Founder Group Company Limited, Peking University, Beijing Founder Apabi Technology Limited

Mobile device and method to utilize the failover mechanism for fault tolerance provided for mobile traffic management and network/device resource conservation
Patent # US 8,977,755 B2 Filed 12/06/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Systems and methods for controlling email access
Patent # US 8,978,110 B2 Filed 12/06/2012	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Monitoring mobile application activities for malicious traffic on a mobile device
Patent # US 8,984,581 B2 Filed 07/11/2012	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

Method and apparatus for security in a data processing system
Patent # US 8,983,065 B2 Filed 02/28/2008	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

Connection architecture for a mobile network
Patent # US 8,989,728 B2 Filed 09/07/2006	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Delegating authorization to applications on a client device in a networked environment
Patent # US 8,997,187 B2 Filed 03/15/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Network-initiated data transfer in a mobile network
Patent # US 9,001,746 B2 Filed 08/20/2010	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Predictive content delivery
Patent # US 9,002,828 B2 Filed 01/02/2009	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Flexible and dynamic integration schemas of a traffic management system with various network operators for network traffic alleviation
Patent # US 9,009,250 B2 Filed 12/07/2012	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

Mobile network reporting and usage analytics system and method aggregated using a distributed traffic optimization system
Patent # US 9,021,021 B2 Filed 12/10/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Systems and methods for controlling email access
Patent # US 9,021,037 B2 Filed 01/25/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Intelligent migration between devices having different hardware or software configuration
Patent # US 9,037,685 B2 Filed 03/02/2007	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

3D mobile user interface with configurable workspace management
Patent # US 9,043,731 B2 Filed 03/30/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Mobile network traffic coordination across multiple applications
Patent # US 9,043,433 B2 Filed 05/25/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Intelligent rendering of information in a limited display environment
Patent # US 9,047,142 B2 Filed 12/16/2010	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Mobile network traffic coordination across multiple applications
Patent # US 9,049,179 B2 Filed 01/20/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

System and method for controlling configuration settings for mobile communication devices and services
Patent # US 9,049,071 B2 Filed 08/01/2012	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Location-based operations and messaging
Patent # US 9,055,102 B2 Filed 08/02/2010	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Rights management services integration with mobile device management
Patent # US 9,058,495 B2 Filed 05/16/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Method for providing wireless application privilege management
Patent # US 9,059,891 B2 Filed 12/19/2012	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Selective data compression by a distributed traffic management system to reduce mobile data traffic and signaling traffic
Patent # US 9,060,032 B2 Filed 05/09/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Multi-panel user interface
Patent # US 9,064,281 B2 Filed 02/25/2013	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Proxy server associated with a mobile carrier for enhancing mobile traffic management in a mobile network
Patent # US 9,065,765 B2 Filed 10/08/2013	Current Assignee Seven Networks LLC	Original Assignee Seven Networks Inc

Administering a plurality of accounts for a client
Patent # US 9,070,127 B2 Filed 11/09/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Vehicle operator and/or occupant information apparatus and method
Patent # US 9,075,136 B1 Filed 03/01/1999	Current Assignee NavBlazer LLC	Original Assignee GTJ Ventures LLC

Distributed implementation of dynamic wireless traffic policy
Patent # US 9,077,630 B2 Filed 07/08/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Device resources sharing for network resource conservation
Patent # US 9,084,105 B2 Filed 04/19/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Technique for securely communicating and storing programming material in a trusted domain
Patent # US 9,083,513 B2 Filed 09/10/2012	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Mobile network background traffic data management
Patent # US 9,100,873 B2 Filed 09/14/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Method and apparatus for transmission framing in a wireless communication system
Patent # US 9,100,457 B2 Filed 08/20/2001	Current Assignee Qualcomm Inc.	Original Assignee Qualcomm Inc.

Attendance tracking via device presence
Patent # US 9,123,031 B2 Filed 04/26/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Configuring a valid duration period for a digital certificate
Patent # US 9,124,576 B2 Filed 08/13/2014	Current Assignee SecureAuth Incorporated	Original Assignee SecureAuth Incorporated

Managing cache to prevent overloading of a wireless network due to user activity
Patent # US 9,131,397 B2 Filed 06/06/2013	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Digital rights management system and method
Patent # US 9,135,430 B2 Filed 12/02/2009	Current Assignee Rockwell Automation Technologies Incorporated	Original Assignee Rockwell Automation Technologies Incorporated

Controlling physical access to secure areas via client devices in a networked environment
Patent # US 9,148,416 B2 Filed 03/15/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Optimized and selective management of policy deployment to mobile clients in a congested network to prevent further aggravation of network congestion
Patent # US 9,161,258 B2 Filed 03/15/2013	Current Assignee Seven Networks LLC	Original Assignee Seven Networks LLC

Radio-awareness of mobile device for sending server-side control signals using a wireless network optimized transport protocol
Patent # US 9,173,128 B2 Filed 03/06/2013	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

Establishing direct, secure transaction channels between a device and a plurality of service providers
Patent # US 9,177,315 B2 Filed 06/24/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Functionality watermarking and management
Patent # US 9,195,811 B2 Filed 12/27/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Automated certificate management
Patent # US 9,197,630 B2 Filed 03/08/2010	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Technology Licensing LLC

Enterprise-specific functionality watermarking and management
Patent # US 9,202,025 B2 Filed 02/17/2014	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Application program as key for authorizing access to resources
Patent # US 9,203,820 B2 Filed 03/15/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Dynamic categorization of applications for network access in a mobile network
Patent # US 9,203,864 B2 Filed 02/04/2013	Current Assignee Seven Networks LLC	Original Assignee Seven Networks LLC

Mobile device having content caching mechanisms integrated with a network operator for traffic alleviation in a wireless network and methods therefor
Patent # US 9,208,123 B2 Filed 12/07/2012	Current Assignee Seven Networks LLC	Original Assignee Seven Networks LLC

Facilitating establishing trust for a conducting direct secure electronic transactions between a user and a financial service providers
Patent # US 9,208,490 B2 Filed 06/23/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Time-based configuration policy toggling
Patent # US 9,219,741 B2 Filed 05/02/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Identity management certificate operations
Patent # US 9,225,525 B2 Filed 02/26/2010	Current Assignee Red Hat Inc.	Original Assignee Red Hat Inc.

Mobile device with application or context aware fast dormancy
Patent # US 9,241,314 B2 Filed 03/15/2013	Current Assignee Seven Networks LLC	Original Assignee Seven Networks LLC

Automatic generation and distribution of policy information regarding malicious mobile traffic in a wireless network
Patent # US 9,239,800 B2 Filed 07/11/2012	Current Assignee Seven Networks LLC	Original Assignee Seven Networks LLC

Secure application leveraging of web filter proxy services
Patent # US 9,246,918 B2 Filed 05/10/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Systems and methods for controlling network access
Patent # US 9,247,432 B2 Filed 10/19/2012	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Extending user relationships
Patent # US 9,251,193 B2 Filed 10/28/2007	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

Advanced authentication techniques
Patent # US 9,258,301 B2 Filed 12/02/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Wireless router system and method
Patent # US 9,258,372 B2 Filed 04/06/2012	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Social media and data sharing controls for data security purposes
Patent # US 9,270,777 B2 Filed 06/06/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Application or context aware fast dormancy
Patent # US 9,271,238 B2 Filed 03/15/2013	Current Assignee Seven Networks LLC	Original Assignee Seven Networks LLC

Request and response characteristics based adaptation of distributed caching in a mobile network
Patent # US 9,275,163 B2 Filed 10/17/2011	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

Data access sharing
Patent # US 9,275,245 B2 Filed 03/15/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Radio-awareness of mobile device for sending server-side control signals using a wireless network optimized transport protocol
Patent # US 9,277,443 B2 Filed 12/07/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

Securing a command path between a vehicle and personal wireless device
Patent # US 9,276,737 B2 Filed 03/14/2013	Current Assignee General Motors LLC	Original Assignee General Motors LLC

Security mechanism within a local area network
Patent # US 9,281,947 B2 Filed 01/23/2008	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Technology Licensing LLC

Media bridge apparatus and methods
Patent # US 9,300,919 B2 Filed 07/27/2010	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Database synchronization
Patent # US 9,298,792 B2 Filed 12/08/2005	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

System and method for pushing information from a host system to a mobile data communication device
Patent # US 9,298,793 B2 Filed 03/09/2011	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

System and method for a mobile device to use physical storage of another device for caching
Patent # US 9,300,719 B2 Filed 01/14/2013	Current Assignee Seven Networks Inc	Original Assignee Seven Networks Inc

Systems and methods for application management of mobile device radio state promotion and demotion
Patent # US 9,307,493 B2 Filed 03/15/2013	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

Technique for securely communicating programming content
Patent # US 9,313,530 B2 Filed 11/12/2012	Current Assignee Time Warner Cable Inc.	Original Assignee Time Warner Cable Enterprises LLC, Comcast Cable Holdings LLC

Downloadable security and protection methods and apparatus
Patent # US 9,313,458 B2 Filed 08/26/2013	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Using confidential information to prepare a request and to suggest offers without revealing confidential information
Patent # US 9,317,849 B2 Filed 11/09/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

System and method for reduction of mobile network traffic used for domain name system (DNS) queries
Patent # US 9,325,662 B2 Filed 01/09/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

Local agent for remote file access system
Patent # US 9,325,774 B2 Filed 10/30/2009	Current Assignee Citrix Systems Inc.	Original Assignee Benhov GmbH LLC

User as an end point for profiling and optimizing the delivery of content and data in a wireless network
Patent # US 9,326,189 B2 Filed 02/04/2013	Current Assignee Seven Networks LLC	Original Assignee Seven Networks LLC

Systems and methods for controlling email access
Patent # US 9,325,713 B2 Filed 05/07/2014	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Local agent for remote file access system
Patent # US 9,332,058 B2 Filed 01/17/2002	Current Assignee Citrix Systems Inc.	Original Assignee Benhov GmbH LLC

Facilitating establishing trust for conducting direct secure electronic transactions between users and service providers via a mobile wallet
Patent # US 9,330,389 B2 Filed 06/24/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Facilitating establishing trust for conducting direct secure electronic transactions between a user and airtime service providers
Patent # US 9,330,388 B2 Filed 06/24/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Wireless traffic management system cache optimization using http headers
Patent # US 9,330,196 B2 Filed 06/14/2012	Current Assignee Seven Networks LLC	Original Assignee Seven Networks LLC

Securing a driver license service electronic transaction via a three-dimensional electronic transaction authentication protocol
Patent # US 9,330,390 B2 Filed 06/24/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Local agent for remote file access system
Patent # US 9,344,482 B2 Filed 08/18/2006	Current Assignee Citrix Systems Inc.	Original Assignee Benhov GmbH LLC

System and method for pushing information from a host system to a mobile communication device
Patent # US 9,344,839 B2 Filed 07/29/2002	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Central and implicit certificate management
Patent # US 9,344,282 B2 Filed 03/22/2011	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Technology Licensing LLC

System and method of managing information distribution to mobile stations
Patent # US 9,369,531 B2 Filed 03/25/2014	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

System and method for using trigger events and a redirector flag to redirect messages
Patent # US 9,374,435 B2 Filed 10/29/2007	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Facial capture managing access to resources by a device
Patent # US 9,378,350 B2 Filed 03/15/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Systems and methods for controlling email access
Patent # US 9,391,960 B2 Filed 05/07/2014	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Secondary device as key for authorizing access to resources
Patent # US 9,401,915 B2 Filed 11/19/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Transferring account information or cash value between an electronic transaction device and a service provider based on establishing trust with a transaction service provider
Patent # US 9,400,980 B2 Filed 06/24/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Mobile application traffic optimization
Patent # US 9,407,713 B2 Filed 01/16/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

Authenticator device facilitating file security
Patent # US 9,413,754 B2 Filed 12/23/2014	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Location-based configuration policy toggling
Patent # US 9,426,162 B2 Filed 05/02/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Systems and methods for controlling email access
Patent # US 9,426,129 B2 Filed 07/22/2014	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Controlling physical access to secure areas via client devices in a network environment
Patent # US 9,438,635 B2 Filed 09/14/2015	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Systems and methods for controlling email access
Patent # US 9,450,921 B2 Filed 12/22/2014	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Configuring a plurality of security isolated wallet containers on a single mobile device
Patent # US 9,454,758 B2 Filed 01/14/2014	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Secure mobile framework
Patent # US 9,467,475 B2 Filed 05/01/2014	Current Assignee Synchronoss Technologies Incorporated	Original Assignee SNCR LLC

Method and system for the supply of data, transactions and electronic voting
Patent # US 9,473,470 B2 Filed 02/06/2014	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Controlling resources used by computing devices
Patent # US 9,473,417 B2 Filed 03/14/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Facilitating a secure transaction over a direct secure transaction channel
Patent # US 9,471,914 B2 Filed 06/24/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Secure mobile framework
Patent # US 9,473,533 B2 Filed 05/01/2014	Current Assignee Synchronoss Technologies Incorporated	Original Assignee SNCR LLC

Shareable widget interface to mobile wallet functions
Patent # US 9,508,073 B2 Filed 01/14/2014	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Peripheral device management
Patent # US 9,514,078 B2 Filed 12/24/2014	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Individual-specific content management
Patent # US 9,516,005 B2 Filed 08/20/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Rights management services integration with mobile device management
Patent # US 9,516,066 B2 Filed 06/04/2015	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Method for providing wireless application privilege management
Patent # US 9,537,896 B2 Filed 04/28/2015	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Autonomous device interaction
Patent # US 9,535,857 B2 Filed 07/16/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Attempted security breach remediation
Patent # US 9,544,306 B2 Filed 10/29/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Functionality watermarking and management
Patent # US 9,552,463 B2 Filed 05/05/2014	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Hardware-based credential distribution
Patent # US 9,553,858 B2 Filed 10/25/2013	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Technology Licensing LLC

Secure mobile framework
Patent # US 9,565,212 B2 Filed 04/01/2013	Current Assignee Synchronoss Technologies Incorporated	Original Assignee SNCR LLC

Apparatus and methods for content transfer protection
Patent # US 9,565,472 B2 Filed 12/10/2012	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Enforcement of proximity based policies
Patent # US 9,584,964 B2 Filed 12/22/2014	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Resource watermarking and management
Patent # US 9,584,437 B2 Filed 06/02/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

System and method for controlling configuration settings for mobile communication devices and services
Patent # US 9,584,366 B2 Filed 06/01/2015	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Media bridge apparatus and methods
Patent # US 9,602,864 B2 Filed 06/08/2009	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Updating a widget that was deployed to a secure wallet container on a mobile device
Patent # US 9,626,675 B2 Filed 01/14/2014	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Incorporated

METHOD FOR PROVIDING WIRELESS APPLICATION PRIVILEGE MANAGEMENT
Patent # US 20170111400A1 Filed 12/30/2016	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Watermarking detection and management
Patent # US 9,665,723 B2 Filed 08/15/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Apparatus and methods for provisioning in a download-enabled system
Patent # US 9,674,224 B2 Filed 12/30/2013	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Controlling distribution of resources in a network
Patent # US 9,680,763 B2 Filed 02/14/2012	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Delegating authorization to applications on a client device in a networked environment
Patent # US 9,686,287 B2 Filed 03/19/2015	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Facilitating a secure transaction over a direct secure transaction portal
Patent # US 9,697,512 B2 Filed 06/24/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Enterprise-specific functionality watermarking and management
Patent # US 9,699,193 B2 Filed 11/19/2015	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Time-based configuration profile toggling
Patent # US 9,703,949 B2 Filed 12/17/2015	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Controlling distribution of resources on a network
Patent # US 9,705,813 B2 Filed 09/20/2012	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Mobile device configured for communicating with another mobile device associated with an associated user
Patent # US 9,712,986 B2 Filed 03/22/2012	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

Proxy system for security processing without entrusting certified secret information to a proxy
Patent # US 9,729,311 B2 Filed 09/28/2012	Current Assignee OKI Electric Industry Company Limited	Original Assignee OKI Electric Industry Company Limited

Methods and apparatus for premises content distribution
Patent # US 9,742,768 B2 Filed 05/19/2014	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Media bridge apparatus and methods
Patent # US 9,749,677 B2 Filed 03/28/2016	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

On-demand security policy activation
Patent # US 9,787,686 B2 Filed 04/12/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Method and system for the supply of data, transactions and electronic voting
Patent # US 9,794,236 B2 Filed 06/25/2010	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Authenticator device facilitating file security
Patent # US 9,813,247 B2 Filed 07/20/2016	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Data consolidation expert system for facilitating user control over information use
Patent # US 9,811,820 B2 Filed 11/09/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Systems and methods for controlling email access
Patent # US 9,813,390 B2 Filed 08/22/2016	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Certificate based profile confirmation
Patent # US 9,819,682 B2 Filed 03/15/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Rights management services integration with mobile device management
Patent # US 9,825,996 B2 Filed 11/01/2016	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Operation modes for mobile traffic optimization and concurrent management of optimized and non-optimized traffic
Patent # US 9,832,095 B2 Filed 12/14/2012	Current Assignee Seven Networks LLC	Original Assignee Seven Networks LLC

Application program as key for authorizing access to resources
Patent # US 9,847,986 B2 Filed 11/17/2015	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Systems and methods for controlling email access
Patent # US 9,853,928 B2 Filed 12/30/2014	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Method and apparatus for ordering goods, services, and content over an internetwork using a virtual payment account
Patent # US 9,864,989 B2 Filed 07/10/2007	Current Assignee Cria Inc.	Original Assignee Cria Inc.

Method and apparatus for ordering goods, services and content over an internetwork using a virtual payment account
Patent # US 9,864,990 B2 Filed 02/15/2011	Current Assignee Cria Inc.	Original Assignee Cria Inc.

Establishing direct, secure transaction channels between a device and a plurality of service providers via personalized tokens
Patent # US 9,870,559 B2 Filed 06/24/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Systems and methods for controlling email access
Patent # US 9,882,850 B2 Filed 04/15/2015	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Deploying an issuer-specific widget to a secure wallet container on a client device
Patent # US 9,886,691 B2 Filed 12/11/2013	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Shared resource watermarking and management
Patent # US 9,900,261 B2 Filed 06/02/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Anonymized application scanning for mobile devices
Patent # US 9,916,446 B2 Filed 04/14/2016	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Integrated application scanning and mobile enterprise computing management system
Patent # US 9,917,862 B2 Filed 04/14/2016	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Apparatus and method for wireless network services in moving vehicles
Patent # US 9,918,345 B2 Filed 01/20/2016	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Downloadable security and protection methods and apparatus
Patent # US 9,923,883 B2 Filed 04/11/2016	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Method and apparatus for ordering goods, services and content over an internetwork using a virtual payment account
Patent # US 9,928,509 B2 Filed 06/07/2010	Current Assignee Cria Inc.	Original Assignee Cria Inc.

Methods and apparatus for determining an optimized wireless interface installation configuration
Patent # US 9,935,833 B2 Filed 11/05/2014	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Technique for securely communicating programming content
Patent # US 9,973,798 B2 Filed 04/11/2016	Current Assignee Time Warner Cable Inc.	Original Assignee Time Warner Cable Enterprises LLC, Comcast Cable Communications LLC

Method and system for the supply of data, transactions and electronic voting
Patent # US 9,985,936 B2 Filed 02/06/2014	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Apparatus and methods for selective data network access
Patent # US 9,986,578 B2 Filed 12/04/2015	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Establishing trust for conducting direct secure electronic transactions between a user and service providers
Patent # US 9,990,625 B2 Filed 12/30/2015	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Method and system for the supply of data, transactions and electronic voting
Patent # US 10,003,583 B2 Filed 09/12/2012	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Control, monitoring and/or security apparatus and method
Patent # US 10,011,247 B2 Filed 04/23/2003	Current Assignee GTJ Ventures LLC	Original Assignee GTJ Ventures LLC

Method and system for the supply of data, transactions and electronic voting
Patent # US 10,015,149 B2 Filed 09/12/2012	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Method and system for the supply of data, transactions and electronic voting
Patent # US 10,021,076 B2 Filed 06/28/2010	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Selecting ecosystem features for inclusion in operational tiers of a multi-domain ecosystem platform for secure personalized transactions
Patent # US 10,026,079 B2 Filed 12/04/2013	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Digital rights management system and method
Patent # US 10,027,489 B2 Filed 08/27/2015	Current Assignee Rockwell Automation Technologies Incorporated	Original Assignee Rockwell Automation Technologies Incorporated

Isolating distinct service provider widgets within a wallet container
Patent # US 10,032,160 B2 Filed 12/04/2013	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Apparatus and methods for content transfer protection
Patent # US 10,050,945 B2 Filed 02/06/2017	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Server apparatus, communication system, and data issuing method
Patent # US 10,069,815 B2 Filed 06/11/2014	Current Assignee Toshiba Corporation	Original Assignee Toshiba Corporation

Methods and apparatus for premises content distribution
Patent # US 10,069,836 B2 Filed 08/21/2017	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Database synchronization via a mobile network
Patent # US 10,089,376 B2 Filed 08/30/2016	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

Expert engine tier for adapting transaction-specific user requirements and transaction record handling
Patent # US 10,096,025 B2 Filed 01/14/2014	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Data access sharing
Patent # US 10,108,808 B2 Filed 01/11/2016	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

On-demand security policy activation
Patent # US 10,116,662 B2 Filed 09/25/2017	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Controlling resources used by computing devices
Patent # US 10,116,583 B2 Filed 10/05/2016	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Direct user to ticketing service provider secure transaction channel
Patent # US 10,121,139 B2 Filed 12/30/2015	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Controlling physical access to secure areas via client devices in a networked environment
Patent # US 10,127,751 B2 Filed 07/21/2016	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Multi-persona devices and management
Patent # US 10,129,242 B2 Filed 11/07/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Method and system for the supply of data, transactions and electronic voting
Patent # US 10,135,797 B2 Filed 08/16/2017	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Direct personal mobile device user to service provider secure transaction channel
Patent # US 10,140,606 B2 Filed 12/30/2015	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Apparatus and methods for recording, accessing, and delivering packetized content
Patent # US 10,148,992 B2 Filed 04/10/2017	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Control, monitoring, and/or security apparatus and method
Patent # US 10,152,876 B2 Filed 07/13/2005	Current Assignee GTJ Ventures LLC	Original Assignee GTJ Ventures LLC

Apparatus and methods for monitoring and diagnosing a wireless network
Patent # US 10,164,858 B2 Filed 06/15/2016	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Secure ecosystem infrastructure enabling multiple types of electronic wallets in an ecosystem of issuers, service providers, and acquires of instruments
Patent # US 10,176,476 B2 Filed 06/04/2013	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Technique for securely communicating and storing programming material in a trusted domain
Patent # US 10,178,072 B2 Filed 07/02/2015	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Enforcement of proximity based policies
Patent # US 10,194,266 B2 Filed 02/07/2017	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Issuing an account to an electronic transaction device
Patent # US 10,217,102 B2 Filed 11/09/2011	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Systems and methods for controlling email access
Patent # US 10,243,932 B2 Filed 07/31/2017	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Distribution of variably secure resources in a networked environment
Patent # US 10,257,194 B2 Filed 03/14/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Enhanced customer service for mobile carriers using real-time and historical mobile application and traffic or optimization data associated with mobile devices in a mobile network
Patent # US 10,263,899 B2 Filed 04/10/2013	Current Assignee Seven Networks Inc	Original Assignee Seven Networks LLC

Location based configuration profile toggling
Patent # US 10,303,872 B2 Filed 06/08/2016	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Downloadable security and protection methods and apparatus
Patent # US 10,362,018 B2 Filed 03/19/2018	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Methods and apparatus for client-based dynamic control of connections to co-existing radio access networks
Patent # US 10,368,255 B2 Filed 07/25/2017	Current Assignee Charter Communications Operating LLC	Original Assignee Time Warner Cable Enterprises LLC

Attendance tracking via device presence
Patent # US 10,402,789 B2 Filed 08/28/2015	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Controlling distribution of resources on a network
Patent # US 10,404,615 B2 Filed 06/13/2017	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Apparatus and methods for provisioning in a download-enabled system
Patent # US 10,404,752 B2 Filed 06/05/2017	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Facial capture managing access to resources by a device
Patent # US 10,412,081 B2 Filed 06/14/2016	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Method for providing wireless application privilege management
Patent # US 10,462,189 B2 Filed 12/30/2016	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

System and method for controlling configuration settings for mobile communication devices and services
Patent # US 10,476,865 B2 Filed 01/31/2017	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Apparatus and methods for dynamic open-access networks
Patent # US 10,492,034 B2 Filed 03/07/2016	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Ensuring secure access by a service provider to one of a plurality of mobile electronic wallets
Patent # US 10,510,055 B2 Filed 07/02/2015	Current Assignee Mastercard Mobile Transactions Solutions Inc.	Original Assignee Mastercard Mobile Transactions Solutions Inc.

Item delivery optimization
Patent # US 10,515,334 B2 Filed 01/06/2017	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Control, monitoring, and/or security, apparatus and method for premises, vehicles, and/or articles
Patent # US 10,546,441 B2 Filed 05/20/2014	Current Assignee Raymond Anthony Joao	Original Assignee Raymond Anthony Joao

Apparatus and methods for selective data network access
Patent # US 10,560,772 B2 Filed 05/25/2018	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Certificate based profile confirmation
Patent # US 10,560,453 B2 Filed 11/01/2017	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Control, monitoring and/or security apparatus and method
Patent # US 10,562,492 B2 Filed 04/23/2003	Current Assignee GTJ Ventures LLC	Original Assignee GTJ Ventures LLC

Methods and apparatus for dynamic control of connections to co-existing radio access networks
Patent # US 10,638,361 B2 Filed 06/06/2017	Current Assignee Charter Communications Operating LLC	Original Assignee Charter Communications Operating LLC

Apparatus and methods for providing wireless service in a venue
Patent # US 10,645,547 B2 Filed 06/02/2017	Current Assignee Charter Communications Operating LLC	Original Assignee Charter Communications Operating LLC

Incremental compliance remediation
Patent # US 10,652,242 B2 Filed 03/15/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Media bridge apparatus and methods
Patent # US 10,652,607 B2 Filed 08/28/2017	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Systems and methods for controlling email access
Patent # US 10,666,591 B2 Filed 01/19/2018	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Systems and methods for controlling email access
Patent # US 10,681,017 B2 Filed 02/19/2019	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Method for providing wireless application privilege management
Patent # US 10,686,842 B2 Filed 11/22/2018	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Apparatus and method for wireless network services in moving vehicles
Patent # US 10,687,371 B2 Filed 03/12/2018	Current Assignee Time Warner Cable Enterprises LLC	Original Assignee Time Warner Cable Enterprises LLC

Time-based functionality restrictions
Patent # US 10,754,966 B2 Filed 04/13/2013	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

On-demand security policy activation
Patent # US 10,785,228 B2 Filed 10/11/2018	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Apparatus and method for providing shipment information
Patent # US 10,796,268 B2 Filed 01/05/2019	Current Assignee Transcend Shipping Systems LLC	Original Assignee GTJ Ventures LLC

Identity-based certificate authority system architecture
Patent # US 10,819,526 B2 Filed 02/19/2018	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Technology Licensing LLC

Social media and data sharing controls
Patent # US 10,824,757 B2 Filed 02/04/2016	Current Assignee AirWatch LLC	Original Assignee AirWatch LLC

Technique for securely communicating programming content
Patent # US 10,848,806 B2 Filed 05/14/2018	Current Assignee Time Warner Cable Enterprises LLC, Comcast Cable Communications LLC	Original Assignee Time Warner Cable Enterprises LLC

Method and system for reduced V2X receiver processing load using certificates
Patent # US 10,868,677 B2 Filed 06/06/2018	Current Assignee Blackberry Limited	Original Assignee Blackberry Limited

Data processing device, encryption communication method, key generation method, and computer program
Patent # US RE48,381 E1 Filed 09/06/2013	Current Assignee Canon Ayutthaya Limited, Canon Kabushiki Kaisha	Original Assignee Canon Ayutthaya Limited

View All

System and method for policy-based inter-realm authentication within a distributed processing system
Patent # US 5,544,322 A Filed 05/09/1994	Current Assignee Cisco Technology Incorporated	Original Assignee International Business Machines Corporation

Synchronization of mailboxes of different types
Patent # US 5,647,002 A Filed 09/01/1995	Current Assignee Avaya Incorporated	Original Assignee Lucent Technologies Inc.

Distributing database differences corresponding to database change events made to a database table located on a server computer
Patent # US 5,999,947 A Filed 05/27/1997	Current Assignee Pure Data Systems LLC	Original Assignee Arkona LLC

Dependable data element synchronization mechanism
Patent # US 5,951,652 A Filed 10/06/1997	Current Assignee NCR Corporation	Original Assignee NCR Corporation

Transaction system security method and apparatus
Patent # US 5,048,085 A Filed 10/06/1989	Current Assignee Cisco Technology Incorporated	Original Assignee International Business Machines Corporation

System for and method of authenticating a client
Patent # US 5,784,464 A Filed 01/31/1996	Current Assignee Fujitsu Limited	Original Assignee Fujitsu Limited

Apparatus and method for establishing a cryptographic link between elements of a system
Patent # US 5,787,172 A Filed 02/24/1994	Current Assignee Comcast Cable Communications LLC	Original Assignee The Merdan Group Inc.

Internet-enabled portfolio manager system and method
Patent # US 5,706,502 A Filed 03/26/1996	Current Assignee Oracle America Inc.	Original Assignee Sun Microsystems Incorporated

System and method for using cached data at a local node after re-opening a file at a remote node in a distributed networking environment
Patent # US 4,897,781 A Filed 02/13/1987	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Method and apparatus for creating a secure connection between a java applet and a web server
Patent # US 5,870,544 A Filed 10/20/1997	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Certification process
Patent # US 5,982,898 A Filed 03/07/1997	Current Assignee ATT Inc.	Original Assignee ATT Inc.

Authentication method for networks
Patent # US 5,706,427 A Filed 06/27/1996	Current Assignee Identity Verification Solutions LLC	Original Assignee CADIX Inc.

System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar
Patent # US 5,715,403 A Filed 11/23/1994	Current Assignee ContentGuard Holdings Inc.	Original Assignee Xerox Corporation

Apparatus and methods for verifying the identity of a party
Patent # US 5,721,779 A Filed 08/28/1995	Current Assignee Juniper Networks Incorporated	Original Assignee Funk Software Inc.

Method and apparatus for authenticating the location of remote users of networked computing systems
Patent # US 5,757,916 A Filed 10/06/1995	Current Assignee Google Inc.	Original Assignee International Series Research Incorporated

System and methods for appointment reconcilation
Patent # US 5,778,346 A Filed 05/17/1996	Current Assignee Intellisync Corporation	Original Assignee Starfish Software Inc.

Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method
Patent # US 5,784,463 A Filed 12/04/1996	Current Assignee SSL Services LLC	Original Assignee V-ONE Corp.

Enhanced cryptographic system and method with key escrow feature
Patent # US 5,799,086 A Filed 02/19/1997	Current Assignee Certco	Original Assignee Certco

Server for starting client application on client if client is network terminal and initiating client application on server if client is non network terminal
Patent # US 5,828,840 A Filed 08/06/1996	Current Assignee Hewlett Packard Enterprise Development LP	Original Assignee Verifone Inc.

Tokenless identification system for authorization of electronic transactions and electronic transmissions
Patent # US 5,613,012 A Filed 05/17/1995	Current Assignee YT Acquisition Corp.	Original Assignee Smarttouch Incorporated

Apparatus and method for providing a secure gateway for communication and data exchanges between networks
Patent # US 5,623,601 A Filed 11/21/1994	Current Assignee RPX Corporation	Original Assignee MILKWAY NETWORKS CORPORATION

Automatic networked facsimile queuing system
Patent # US 5,627,658 A Filed 12/14/1994	Current Assignee Xerox Corporation	Original Assignee Xerox Corporation

Interactive video system
Patent # US 5,644,354 A Filed 10/09/1992	Current Assignee Rovi Guides Inc.	Original Assignee PREVUE INTERACTIVE INC.

Secure socket layer application program apparatus and method
Patent # US 5,657,390 A Filed 08/25/1995	Current Assignee Facebook Inc.	Original Assignee Netscape Communications Corporation

System for automatic synchronization of common file between portable computer and host computer via communication channel selected from a plurality of usable channels there between
Patent # US 5,666,530 A Filed 12/02/1992	Current Assignee Qualcomm Inc.	Original Assignee Compaq Computer Corporation

Method for mapping, translating, and dynamically reconciling data between disparate computer platforms
Patent # US 5,666,553 A Filed 07/22/1994	Current Assignee Intellisync Corporation	Original Assignee Puma Technology Inc.

Method and apparatus for supporting multiple, simultaneous services over multiple, simultaneous connections between a client and network server
Patent # US 5,682,478 A Filed 01/19/1995	Current Assignee Microsoft Technology Licensing LLC	Original Assignee Microsoft Corporation

Databank system with methods for efficiently storing non-uniform data records
Patent # US 5,682,524 A Filed 05/26/1995	Current Assignee Intellisync Corporation	Original Assignee Starfish Software Inc.

Synchronization of disparate databases
Patent # US 5,684,990 A Filed 01/11/1995	Current Assignee Intellisync Corporation	Original Assignee Puma Technology Inc.

Method for mapping, translating, and dynamically reconciling data between disparate computer platforms
Patent # US 5,701,423 A Filed 04/07/1994	Current Assignee Intellisync Corporation	Original Assignee Puma Technology Inc.

System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens
Patent # US 5,491,752 A Filed 09/02/1994	Current Assignee Hewlett-Packard Development Company L.P.	Original Assignee DIGITAL EQUIPMENT CORPORATION PATENT LAW GROUP

Personal key archive
Patent # US 5,495,533 A Filed 04/29/1994	Current Assignee Google LLC	Original Assignee International Business Machines Corporation

Web browser with dynamic display of information objects during linking
Patent # US 5,572,643 A Filed 10/19/1995	Current Assignee AOL Inc.	Original Assignee David H. Judson

System and method for maintaining codes among distributed databases using a global database
Patent # US 5,581,749 A Filed 12/21/1992	Current Assignee The Dow Chemical Company	Original Assignee THEDOW CHEMICAL COMPANY

Method for certifying public keys in a digital signature scheme
Patent # US 5,420,927 A Filed 02/01/1994	Current Assignee Assa Abloy AB	Original Assignee Silvio Micali

Method for providing mutual authentication of a user and a server on a network
Patent # US 5,434,918 A Filed 12/14/1993	Current Assignee Hughes Electronics Corporation	Original Assignee Hughes Aircraft Company

Access control in a distributed computer system
Patent # US 5,220,603 A Filed 02/25/1992	Current Assignee International Computers Limited	Original Assignee International Computers Limited

Method and system for providing user access control within a distributed data processing system by the exchange of access control profiles
Patent # US 5,263,157 A Filed 02/15/1990	Current Assignee International Business Machines Corporation	Original Assignee International Business Machines Corporation

Database access machine for factory automation network
Patent # US 4,831,582 A Filed 11/07/1986	Current Assignee Allen-Bradley Company	Original Assignee Allen-Bradley Company

Method and system for providing system security in a remote terminal environment
Patent # US 4,652,698 A Filed 08/13/1984	Current Assignee NCR Corporation	Original Assignee NCR Corporation

View All

44 Claims

1. A computer-based method for installing a temporary certificate on a client site, comprising the steps of:
- receiving a public key from a client site;
  
  generating a temporary certificate containing the public key and a validity period; and
  
  delivering the temporary certificate and a certificate installation downloadable to the client site, thereby enabling installing of the certificate on the client site without requiring network transfer of a client private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the client site is unconfigured.
  - 3. The method of claim 1, wherein the certificate installation downloadable includes code for causing the client site to install the temporary certificate in a web engine.
  - 4. The method of claim 3, wherein the certificate installation downloadable includes an application program interface for communicating with the web engine.
  - 5. The method of claim 1, further comprising the step of identifying and authenticating the user at the client site before generating the temporary certificate.
  - 6. The method of claim 1, further comprising the step of establishing a secure channel with the client site before downloading the temporary certificate.
  - 7. The method of claim 1, further comprising the step of forwarding to the client site a key generation downloadable for causing the client site to generate the public key and an associated private key.
  - 8. The method of claim 7, further comprising the step of receiving a validity period duration request.
  - 9. The method of claim 8, wherein the temporary certificate is a self-certified limited certificate.
  - 10. The method of claim 8, further comprising the step of digitally signing the temporary certificate.
  - 11. The method of claim 1, further comprising the step of forwarding to the client a certificate maintenance downloadable for causing the client site to monitor the validity period of the temporary certificate.
  - 12. The method of claim 11, wherein the certificate maintenance downloadable further enables the client site to update the temporary certificate before expiration.
  - 13. The method of claim 1, further comprising the step of downloading a certificate de-installation downloadable for causing the client site to de-install the temporary certificate from the client site.
  - 14. The method of claim 13, wherein the de-installation downloadable stores information identifying an unexpired temporary certificate in a revocation list.

15. A system for installing a temporary certificate in a client site, comprising:
- a server for receiving a public key from a client site;
  
  a temporary certificate generator coupled to the server for generating a temporary certificate containing the public key and a validity period; and
  
  a certificate installation downloadable coupled to the server for causing the client site to install the temporary certificate, thereby enabling installing of the certificate in the client site without requiring network transfer of a client private key.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The system of claim 15, wherein the client site is unconfigured.
  - 17. The system of claim 15, wherein the certificate installation downloadable enables the client site to install the temporary certificate in a web engine.
  - 18. The system of claim 17, wherein the certificate installation downloadable includes an application program interface for communicating with the web engine.
  - 19. The system of claim 15, further comprising a security module coupled to the server for identifying and authenticating the user at the client site.
  - 20. The system of claim 15, wherein the server generates a secure communications channel with the client site.
  - 21. The system of claim 15, further comprising a key generation downloadable for causing the client site to generate the public key and a private key.
  - 22. The system of claim 21, wherein the temporary certificate generator receives a validity period duration request from the client site and uses the duration request to determine the validity period.
  - 23. The system of claim 22, wherein the temporary certificate generator digitally signs the temporary certificate.
  - 24. The system of claim 23, wherein the server includes a server private key, and the temporary certificate generator uses the server private key to digitally sign the temporary certificate.
  - 25. The system of claim 15, further comprising a certificate maintenance downloadable coupled to the server for causing the client site to monitor the validity window of the temporary certificate.
  - 26. The system of claim 25, wherein the certificate maintenance downloadable coupled to the server further enables the client site to update the temporary certificate before expiration.
  - 27. The system of claim 15, further comprising a certificate de-installation downloadable coupled to the server for causing the client site to de-install the temporary certificate from the client site.
  - 28. The system of claim 27, wherein the de-installation downloadable stores information identifying an unexpired temporary certificate in a revocation list.

29. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
- receiving a public key from a client site;
  
  generating a temporary certificate containing the public key and a validity period; and
  
  delivering the temporary certificate and a certificate installation downloadable to the client site, thereby enabling installation of the certificate at the client site without requiring network transfer of a client site private key.

30. A method for installing a temporary certificate in a web engine, comprising the steps of:
- generating a public key and a private key;
  
  sending the public key to a certificate authority;
  
  providing identification and authentication information to the certificate authority;
  
  if identified and authenticated, receiving a certificate installation downloadable and a temporary certificate having a short validity period from the certificate authority; and
  
  using the certificate installation downloadable to install the temporary certificate and the private key in the web engine, thereby enabling installing of the certificate at a client site corresponding to the web engine without requiring network transfer of the private key.
- View Dependent Claims (31, 32, 33)
- - 31. The method of claim 30, wherein the web engine is currently unconfigured.
  - 32. The method of claim 30, further comprising the step of sending a temporary certificate duration request to the certificate authority.
  - 33. The method of claim 32, wherein the validity period is based on the temporary certificate duration request.

34. A system for installing a temporary certificate on an unconfigured web engine, comprising:
- a key generation module for generating a public and private key pair;
  
  a certificate request module for transmitting the pubic key to a certificate authority;
  
  a certificate installation module for installing a temporary certificate having a short validity period and the private key in an unconfigured web engine, thereby creating a temporarily configured web engine; and
  
  a certificate maintenance module for monitoring the short validity period to determine if the temporary certificate has expired, thereby enabling installing of the certificate at a client site corresponding to the web engine without requiring network transfer of the private key.
- View Dependent Claims (35, 36, 37, 38, 39, 40)
- - 35. The system of claim 34, wherein one of the modules is part of the web engine.
  - 36. The system of claim 34, wherein one of the modules was downloaded from a remote computer.
  - 37. The system of claim 34, wherein one of the modules is a stand-alone application program.
  - 38. The system of claim 34, further comprising a certificate de-installation module for de-installing the temporary certificate upon expiration.
  - 39. The system of claim 34, wherein the certificate maintenance module enables re-issuing the temporary certificate with a new short validity period.
  - 40. The system of claim 34, wherein the certificate request module sends a request which includes the public key and identification and authentication information to the certificate authority.

41. A method of generating a self-certified temporary certificate, comprising the steps of:
- receiving a temporary public key and user-identification information from a remote client;
  
  retrieving a long-term public key certificate and a long-term private key from memory;
  
  packaging the temporary public key, the user-identification information, a validity period and the long-term public certificate into a package; and
  
  using the long-term private key to sign the package, thereby generating a self-certified temporary certificate without requiring network transfer of the long-term private key.

42. A method of examining a self-certified temporary certificate, comprising the steps of:
- receiving a self-certified temporary certificate, which includes a signature, a validity period, a temporary public key, and a long-term public certificate containing a long-term public key and signed by a certificate authority private key associated with a certificate authority;
  
  using a well-known public key associated with the certificate authority private key to verify the certificate authority signing the long-term certificate;
  
  using the long-term public key to verify the signature of the temporary certificate, and thus to verify the client; and
  
  enabling access to services during the validity period if the certificate authority and the temporary certificate have been verified, thereby enabling examining of the certificate of the client without requiring network transfer of a client private key.

43. A method of installing a temporary certificate, comprising the steps of:
- generating a public and private key pair;
  
  receiving a user-selected certificate duration request;
  
  packaging the public key and the user-selected certificate duration request into a certificate generation request;
  
  sending the certificate generation request to a certificate authority;
  
  receiving a temporary certificate containing the public key and a limited validity period based on the user-selected temporary certificate duration request;
  
  installing the temporary certificate and the private key in a web engine, thereby enabling installing of the certificate at the client without requiring network transfer of the client private key.

44. A method of generating a temporary certificate, comprising the steps of:
- receiving a certificate generation request containing a public key and a user-selected certificate duration request from a remote client;
  
  packaging the public key and a certificate validity period based on the user-selected certificate duration request into a package;
  
  signing the package, thereby generating a temporary certificate; and
  
  transmitting the temporary certificate to the remote client, thereby enabling generating of the certificate of the remote client without requiring network transfer of a remote client private key.

1 Specification

PRIORITY REFERENCE(S) TO PRIOR APPLICATION(S)

This application claims priority of and hereby incorporates by reference U.S. patent application Ser. No. 08/766,307, entitled “System and Method for Globally Accessing Computer Services,” filed on Dec. 13, 1996, by inventors Mark D. Riggins, et al; U.S. patent application Ser. No. 08/841,950, entitled “System and Method for Enabling Secure Access to Services in a Computer Network”, filed on Apr. 8, 1997, by inventor Mark D. Riggins; U.S. patent application Ser. No. 08/865,075, entitled “System and Method for Using a Global Translator to Synchronize Workspace Elements Across a Network,” filed on May 29, 1997, by inventors Daniel J. Mendez, et al.; U.S. patent application Ser. No. 08/835,997, entitled “System and Method for Securely Synchronizing Multiple Copies of a Workspace Element in a Network,” filed on Apr. 11, 1997, by inventors Daniel J. Mendez, et al.; U.S. patent application Ser. No. 08/897,888, entitled “System and Method for Synchronizing Electronic Mail Across a Network,” filed on Jul. 22, 1997, by inventors Daniel J. Mendez, et al.; U.S. patent application Ser. No. 08/899,277, entitled “System and Method for Using an Authentication Applet to Identify and Authenticate a User in a Computer Network,” filed on Jul. 23, 1997, by inventor Mark D. Riggins; and U.S. patent application Ser. No. 8/903,118, entitled “System and Method for Globally and Securely Accessing Unified Information in a Computer Network,” filed on Jul. 30, 1997, by inventors Daniel J. Mendez, et al.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates generally to computer networks, and more particularly provides a system and method for installing a temporary certificate at a remote site.

2. Description of the Background Art

The Internet has become one of the most popular tools used by businesses and individuals for obtaining services and needed information. When a web client, e.g., a user operating a network browser, communicates via the Internet with a web server (i.e., a web site), the web server recognizes the web client based on information received in a certificate that was installed on the web client and that was downloaded to the web server. The conventional certificate identifies the user, provides information needed to establish secure network communications between the client and the server, and includes a signature from a certifying authority such as VeriSign, Inc. of Mountain View, Calif. that provides certificate integrity, authenticity and origin.

More particularly, a user typically requests a certificate from a certifying authority, i.e., a third party mutually trusted by the user and the web server. The user operates pre-installed software for generating a public/private key pair, and sends a certificate request including the public key to the certifying authority. The certifying authority verifies the identity and any other information needed about the user, packages the user'"'"'s name, the public key, a validity period and an assigned serial number together, and digitally signs the package, thereby creating a signed certificate. The certifying authority then sends the signed certificate to the user, who installs the signed certificate and the private key associated with the packaged public key in one or more web clients.

For completeness, a brief review of public/private key cryptography is provided. Mathematically, a public and private key pair are generated to encrypt and decrypt messages. That is, either key can be used to encrypt a message, but only the other key of the key pair can be used to decrypt the message. The owner keeps the private key private, but allows everyone to know the public key. Accordingly, anyone can encrypt a message using the public key, but only the owner can decrypt the message, because the owner is the only one who knows the private key. Similarly, the owner can encrypt a message using the private key, and thus everyone can use the public key to decrypt the message. A user that uses a public key to decrypt an encrypted message can be sure that the message was encrypted by someone who has the corresponding private key. So long as the private key is kept private, the user can be assured that the owner of the private key sent the message. If both parties to a communication have public/private key pairs, then each party can communicate privately with the other by encrypting messages with the recipient'"'"'s public key.

However, how can the sender be confident that they are using the correct public key for the recipient? Exchanging keys personally may be too inconvenient. Instead, both parties present their public keys, other identifying information and proof of their identity to a mutually trusted certificate authority. The certificate authority verifies the user'"'"'s identity and issues a public key certificate containing the user'"'"'s public key and distinguished name. If both parties wish to communicate privately via web clients, then they may install their private keys and public key certificates in their respective web clients. The certificate authority may also issue certificates to identify web servers, showing that a given server name such as “www.briefcase.com” was issued to Visto Corporation of Mountain View, Calif.

When a web client connects to a web server, the web client and web server identify and authenticate each other and negotiate a secure communications channel. For identification, both parties exchange public key certificates. Accordingly, each party uses the public key of the certificate authority to verify the signature of the other party'"'"'s certificate. As stated above, the public key certificate binds a public key to a subject name (i.e., distinguished name) such as the client'"'"'s name or server'"'"'s name. The parties recognize each other by the subject name included in the certificate. To authenticate this identity, each party proves to the other that they possess the private key associated with the public key included in the certificate. One method of authenticating, employed by Secure Sockets Layer (SSL) technology, includes the steps of choosing a random number and encrypting it using the other party'"'"'s public key. The encrypted number is sent to the other party who decrypts it and returns the decrypted value, thereby proving that they possess the private key.

After authenticating each other'"'"'s identity, both parties exchange one or more symmetric keys used to encrypt the bulk of their communications. “The SSL Protocol, Version 3.0” by Netscape Communications Corporation., attached hereto and incorporated herein, describe additional details of a session-oriented protocol, such as how parties agree upon cryptographic algorithm and what key length to use. S/MIME by RSA Data Security and PEM encryption techniques illustrate example systems for sending individual messages encrypted under symmetric keys communicated with public key encryption and public key certificates.

Conventional certificates do not solve all problems and concerns for the roaming user. For example, transporting a private key to and installing the private key at every temporary terminal used by the roaming user is unsafe because the private key may be stolen or hacked from the temporary terminal. Still further, sending an owner'"'"'s private key over the Internet or reading it from a floppy disk or other storage media also pose substantial security risks. SmartCards such as those made Litronic Inc. can be used to transport private keys safely but are not widely deployed and are subject to physical loss. Further, SmartCard readers are not available at most kiosks.

Therefore, a system and method for facilitating the use of public key certificates by the roaming user are needed.

SUMMARY OF THE INVENTION

The present invention provides a system for installing and enabling the use of a temporary certificate at a remote site. Temporary certificates can safely be installed because they expire quickly and can be revoked when the user leaves the remote site. The system comprises a global server site, a temporary client site and a web site. The global server site includes a security module that identifies and authenticates the user at the client site, and a web server engine that upon user authentication downloads a key generation downloadable and a certificate request engine downloadable to the client site. It will be appreciated that the global server site may include its own certificate authority or may interact with a third party certificate authority to establish client trust and generate temporary certificates.

The temporary client site includes a web engine that executes the key generation downloadable to generate a public and private key pair, and that executes the certificate request engine downloadable to send a temporary certificate request (including the public key) to the global server site. The global server site further includes a temporary certificate generator for generating a signed temporary certificate having the public key, a short term validity period (e.g., expiration date and time), a subject name (e.g., user identity) and other information. The temporary certificate'"'"'s validity period is set to limit the usefulness of the temporary certificate to a desired lifetime. This can be made arbitrarily short if additional temporary certificates are generated and installed with extensions as needed.

Upon request by the temporary client site, the web server on the global server site sends the temporary certificate and a certificate installation downloadable to the web engine on the client site, which executes the downloadable, thereby installing the temporary certificate. The web server on the global server site can also send a certificate maintenance downloadable and a certificate de-installation downloadable to the client site. The global server site (operating as the certifying authority) may maintain a revocation list that contains information identifying revoked temporary certificates, so that revoked but thus far unexpired certificates cannot be used improperly. Since they are no longer valid, expired temporary certificates may be removed from the revocation list.

Once the temporary certificate has been installed, the client site can communicate with any web site that recognizes the certificate authority, e.g., on the global server site. As an alternative, the global server site may contact a third party certificate authority such as VeriSign, Inc. of Mountain View, Calif. to sign the temporary certificate on behalf of the global server site. As a second alternative, the third party certifying authority can vouch for the global server site, so that the global server site will be recognized as a certificate authority. This is conventionally referred to as “certificate chaining.”

As a third alternative, the global server can generate a self-certified limited certificate for the user, for installation on the temporary client. A self-certified limited certificate is a certificate derived from a traditional public key certificate and from its private key. The self-certified limited certificate has the same subject name (e.g., user identity), a different public key and a validity period shorter than the traditional validity period (e.g., between five and thirty minutes). A self-certified limited certificate is signed by the private key associated with the traditional public key certificate. When using this alternative, the user'"'"'s private key and traditional certificate are stored on the global server. The client generates a temporary public/private key pair and request for a temporary certificate as before. When the client connects to the web site, both the traditional certificate and the temporary certificate are used. The certificate authority'"'"'s well-known public key is used to verify the signature of the traditional certificate. The public key in the traditional certificate is used to verify the signature of the temporary certificate. Thus, a web site can accept the self-certified limited certificate in lieu of the long-term traditional certificate.

Whether the temporary certificate is issued (i.e., signed) by the global server, the third party certificate authority or the individual certificate holder, the user can install the temporary certificate in the client site and can contact any web site that recognizes the certifying authority of the certificate. The web site reviews the temporary certificate for authenticity and contacts the certificate authority, which in this instance is the global server site, to determine whether the temporary certificate has been revoked.

A claimed system comprises a server for receiving a request for installation of a temporary certificate from a temporary client site, a temporary certificate generator coupled to the server for generating a temporary certificate with an expiration date and time, and a certificate installation downloadable coupled to the server for causing the client site to install the temporary certificate.

A claimed method for installing and enabling use of a temporary certificate at a remote site comprises the steps of receiving from a temporary client site a request for installation of a temporary certificate, generating a temporary certificate with an expiration date and time, and delivering the temporary certificate and a certificate installation downloadable to the client site.

The system and method of the present invention advantageously enable a roaming user to securely install a temporary certificate on a remote site, without transmitting a private key across the computer network. A user need not maintain and port certificates for installation at the remote sites. The system and method may enable any web site that recognizes the certificate authority issuing the temporary certificate to identify and authenticate the user. The system and method enable logging of temporary certificate usage. The system and method monitor for expired temporary certificates. The system and method provide a simple technique enabling a web site to authenticate a temporary certificate and to determine whether a still current temporary certificate has been revoked. Further, the permanent private key has not been compromised.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating a computer network in accordance with the present invention;

FIG. 2 is a block diagram illustrating details of a computer of FIG. 1;

FIG. 3 is a block diagram illustrating details of a temporary certificate server of FIG. 1;

FIG. 4A is a block diagram illustrating details of a temporary certificate;

FIG. 4B is a block diagram illustrating details of a request for a temporary certificate;

FIG. 5 is a flowchart illustrating a client method of installing and using a temporary certificate in accordance with the present invention;

FIG. 6 is a flowchart illustrating a global server method of installing a temporary certificate in accordance with the present invention;

FIG. 7 is a flowchart illustrating a method of generating a temporary certificate;

FIG. 8 is a flowchart illustrating a method of managing the temporary certificate of the present invention;

FIG. 9 is a flowchart illustrating a method of examining a temporary certificate before performing a client request, in accordance with the present invention;

FIG. 10 is a flowchart illustrating a method of reissuing a temporary certificate; and

FIG. 11 is a flowchart illustrating a method of installing a self-certified limited certificate;

FIG. 12 is a flowchart illustrating a method of using the self-certified limited certificate of FIG. 11; and

FIG. 13 is a block diagram illustrating a self-certified limited certificate.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

FIG. 1 is a block diagram illustrating a computer network 100, in accordance with the present invention. The computer network 100 includes a global server site 110 coupled via a computer network 155 (e.g., a local area network or the wide area network commonly referred to as the Internet) to a persistent client site 120, to a temporary client site 125, to a web site 130 and to a third party certificate authority 175.

The web site 130 represents an arbitrary server on the computer network 155 that provides data and/or services to a client site, only after identifying and authenticating the client (e.g. a user) and/or the client site based on a public key certificate and a private key installed on a client site. As illustrated, the web site 130 provides data and/or services to the persistent client site 120 and to the temporary client site 125. The web site 130 includes a secure communications engine 147 for using public/private key cryptography to identify and authenticate a client and to establish a secure communications channel with a client site 120 or 125. The web site 130 further includes a web site engine 153 for delivering web page data 150 to the connecting client site so that the client site 125 can present a web page (not shown) and access the services of the web site 130. Web page data 150 may include text, images, program services, applets, hypertext, etc. Upon generation of a secure communications channel with a client site 120 or 125, the web site engine 153 delivers web page data 150 via the secure communications channel to the connecting client site 120 or 125. Details of authentication protocols using public key certificates are discussed in an article entitled “The SSL Protocol, Version 3.0” published by the Netscape Communications Corporation on Nov. 18. 1996, which is hereby incorporated by reference.

The persistent client site 120 includes a configured web engine 135 for communicating with the web site 130, and includes a secure communications engine 180 for using public/private key cryptography to establish a secure communications channel with other sites, such as with the global server site 110 and/or with the web site 130, on the computer network 155. The client 120 is referred to as “persistent” because the user repeatedly uses it, and thus considers it a more permanent tool. The web engine 135 is referred to as “configured” because a long-term certificate 160 and long-term private key 165 (typically valid for a year term) have already been installed in the web engine 135 on the persistent client site 120. It will be appreciated that the long-term certificate 160 and long-term private key 165 have been installed in the web engine 135 because the client is a persistent client site 120. A configured web engine 135 is typically found on a user'"'"'s desktop work computer, a user'"'"'s desktop home computer, a user'"'"'s laptop computer, a user'"'"'s personal information manager such as a PalmPilot™ developed by U.S. Robotics, Inc., etc.

Since the persistent client site 120 is configured, other sites such as the web site 130 can identify the user of the persistent client site 120, and both the web site 130 (via the secure communications engine 147) and the persistent client site 120 (via the secure communications engine 180) can communicate securely without intervention by the global server site 110. Upon generation of the secure communications channel, the web site engine 153 will download web page data 150 via the secure communications channel to the configured web engine 135, which accordingly presents a web page (not shown).

The temporary client site 125, such as a computer terminal at a conventional kiosk, includes an unconfigured web engine 140 and a secure communications engine 185. The web engine 140 is referred to as “unconfigured” until a user'"'"'s certificate and private key are installed in the web engine 140 on the temporary client site 125. The temporary client site 125 is referred to as “temporary” because the device is used infrequently or for a singe time and later used by others. Without a certificate or public key, other sites such as the web site 130 cannot identify the user by the aforementioned techniques described with respect to persistent clients 120. The web site 130 may prohibit the temporary client site 125 from obtaining its data 150 (including services) until the temporary client site 125 is configured.

Before the temporary client site 125 is configured, the secure communications engine 185 on the temporary client site 125 uses SSL or PCT technology to establish a private communications channel with the secure communications engine 190 on the global server site 110. SSL authenticates the server using its public key certificate. However, the identity of the user must be proven by some other means because no certificate and private key have been installed on the temporary client site. After the temporary client site 125 is configured, the secure communications engine 185 on the temporary client site 125 uses public/private key cryptography to establish a secure communications channel with other sites on the computer network 155, such as with the web site 130 identifying the user by the installed temporary certificate and private key.

The global server site 110 includes a temporary certificate server 115 for enabling the installation of a temporary certificate (400, illustrated and described in greater detail with reference to FIG. 4A) in the unconfigured web engine 140 on the temporary client site 125. The temporary certificate server 115 receives a temporary certificate installation request from the temporary client site 125, identifies and authenticates the user at the temporary client site 125, and accordingly delivers temporary certificate software (which is described in greater detail with reference to FIG. 3) to the temporary client site 125. The temporary client site 125 executes the temporary certificate software, which initiates the generation of a public/private key pair and a temporary certificate 400 and causes a temporary configuration of the unconfigured web engine 140. Generation of a temporary certificate 400 is described in greater detail with reference to FIG. 7. Installation of the temporary certificate 400 is described in greater detail with reference to FIG. 5.

It will be appreciated that the global server site 110 includes a private key 119 for digitally signing messages, including the temporary certificate 400, and includes a global server certificate 117 associating the global server site 110 with its well known public key. Although the global server site 110 is being described as a certificate authority, one skilled in the art will recognize that a third party certificate authority 175 such as VeriSign, Inc. of Mountain View, Calif. may sign the temporary certificate 400 on behalf of the global server site 110 (via a request from the global server site 110). As a second alternative, the third party certifying authority 175 can vouch for the global server site 110, so that the global server site 110 will be recognized as an approved certificate authority, which is conventionally referred to as “certificate chaining.”

As a third alternative, the global server site 110 can generate a self-certified limited certificate for the user, for installation on the temporary client site 125. A self-certified limited certificate is a certificate derived from a traditional public key certificate (such as certificate 160) and from its associated private key (such as private key 165). The self-certified limited certificate has the same identity (i.e., subject name), a different public key and a shorter validity period. A self-certified limited certificate is signed by the private key associated with the traditional public key certificate. An example self-certified limited certificate is illustrated in FIG. 13. When using this alternative, the user'"'"'s private key and traditional certificate are stored on the global server site 110. The certificate authority'"'"'s well-known public key is used to verify the certifying authority of the traditional certificate. The public key in the traditional certificate is used to verify the signature on the temporary certificate 400. Limited certificate generation is described in greater detail with reference to FIG. 11. A web site 130 can accept the self-certified limited certificate in lieu of the individual certificate. Use of a limited certificate is described in greater detail with reference to FIG. 12.

Whether the temporary certificate 400 is issued (i.e., signed) by the global server site 110, the third party certificate authority 175 or the individual certificate holder, the user can install the temporary certificate 400 in the client site and can contact any web site that recognizes the certifying authority of the temporary certificate 400.

FIG. 2 is a block diagram illustrating a computer system 200 which exemplifies the global server site 110, the persistent client site 120, the temporary client site 125, the third party certificate authority 175 and the web site 130. The computer system 200 includes a processor 205, such as an Intel Pentium® microprocessor or a Motorola Power PC® microprocessor, coupled to a communications channel 210. The computer system 200 further includes an input device 215 such as a keyboard and mouse, an output device 220 such as a Cathode Ray Tube (CRT) display, a communications interface 225, data storage 230 such as a magnetic disk, and internal storage 235 such as Random-Access Memory (RAM), each coupled to the communications channel 210.

The data storage 125 stores data 240 and stored programs 245. The internal storage 235 stores executing programs 235. With reference to the web site 130 (FIG. 1), an example of data 240 includes web page data 150, and examples of stored programs 245 or executing programs 250 include client identification engine 145 and secure communications engine 147. An operating system 255 controls processing by processor 205, and is typically stored in data storage 230 as a stored program 245 and loaded into internal storage 235 as an executing program 250 for execution by processor 205. Although the data 240, stored programs 245 and executing programs 250 are being described as wholly stored at a single location, one skilled in the art will recognize that different portions of the data 240, stored programs 245 and executing programs 250 may be stored at different sites.

One skilled in the art will recognize that the computer system 200 may also include additional information, such as network connections, additional memory, additional processors, LANs, input/output lines for transferring information across a hardware channel, the Internet or an intranet, etc. One skilled in the art will also recognize that the programs and data may be received by and stored in the system in alternative ways. For example, a computer-readable storage medium (CRSM) reader 260 such as a magnetic disk drive, hard disk drive, magneto-optical reader, CPU, etc. may be coupled to the communications channel 210 for reading from a computer-readable storage medium (CRSM) 265 such as a magnetic disk, a hard disk, a magneto-optical disk, RAM, etc. Accordingly, the computer system 200 may receive programs and data via the CRSM reader 260.

FIG. 3 is a block diagram illustrating details of the temporary certificate server 115. The temporary certificate server 115 includes a web server engine 303, a security module 305, a database of users 310, a key generation downloadable 315, a certificate request engine downloadable 320, a temporary certificate generator 325, a certificate installation downloadable 330, a revocation list 335, a certificate maintenance Downloadable 340 and a certificate de-installation Downloadable 345. A Downloadable is any program code that is downloaded from a remote site that can be executed or interpreted on a local site. Examples of Downloadables include applets for use in the Java™ distributed environment developed by Sun Microsystems, Inc., ActiveX™ control for use in the ActiveX™ distributed environment developed by the Microsoft Corporation, plugins, etc.

The web server engine 303 receives and responds to requests from connecting clients, acting as the application program interface with the clients. Operation of the web server engine 303 will be described in greater detail with reference to the modules below.

After the secure communications engine 185 on the temporary client site 125 establishes a private channel with the secure communications engine 190 on the global server site 110, the temporary client site 125 sends a request for temporary configuration to the web server engine 303. The global server site 110 receives the request. Accordingly, the security module 305 examines security information such as a login and password, a response to a challenge, a time-synchronous currently displayed key on an authentication token such as a secure ID card by Security Dynamics, etc. to confirm the privileges of the connecting temporary client site 125 to access the contents and functionality of the global server site 110, and more particularly to access the contents and functionality of the temporary certificate server 115. The security information, including identification and authentication information, distinguished name and usage log for each privileged user, is contained in the database of users 310. For the third alternative, the traditional certificate and private key may also be stored in the database of users 310.

Upon confirming user privileges, the web server engine 303 responds to a request for temporary configuration. An example request 450 is illustrated in FIG. 4B. Upon request from the temporary client site 125, the web server engine 303 downloads global server web page data including the key generation downloadable 315, the certificate request engine Downloadable 320, the certificate installation downloadable 330, the certificate maintenance downloadable 340 and the certificate de-installation downloadable 345 to the temporary client site 125. Requesting and downloading Downloadables are described in greater detail with reference to FIG. 6. The Downloadables are described in greater detail below.

The key generation downloadable 315 includes code for causing a web engine, e.g., the unconfigured web engine 140, to generate a public/private key pair. The key generation downloadable 315 may include an applet for use in the Java™ distributed environment developed by Sun Microsystems, Inc., an Active™ control for use in the ActiveX™ distributed environment developed by the Microsoft Corporation, a plugin, etc. Considerable processing time is needed to generate public and private key pairs. It will be appreciated that, since the key pair is useful only for the life of the temporary certificate 400, a shorter key length may be used in comparison to certificates that must be valid for longer time spans. The unconfigured web engine 140 on the temporary client site 125 executes the key generation Downloadable 315. Accordingly, the key generation downloadable 315 generates temporary public and private keys for the temporary client site 125. It will be appreciated that, since the system 100 transmits only a key generation downloadable 315 and not a private key across the computer network 155, the system 100 does not compromise the private key by network transfer. Although key generation is preferably performed on the temporary client site 125, key generation may be performed on the global server site 110 and downloaded to the temporary client site 125 protected by some security means such as a password or SSL session.

The certificate request engine downloadable 320 includes code for causing a web client, e.g., web engine 140, to request the global server site 110 to generate a temporary certificate 400. The unconfigured web client 140 on the temporary client site 125 executes the certificate request engine Downloadable 320. The certificate request engine Downloadable 320 packages all information needed including the public key generated by the key generation downloadable 315 and a requested duration into the certificate request, and forwards the request to the temporary certificate generator 325 for temporary certificate generation. FIG. 4B is a block diagram illustrating a certificate request 450. The request 450 includes a temporary public key 405, a requested duration 460 and a signature 465. The signature 465 proves that the requester has the temporary private key associated with the temporary public key in the request 450.

The temporary certificate generator 325 packages the public key, the subject name such as the distinguished name of the client stored in the database of users, a validity period (e.g., a start and end time), issuer name and other information into an envelope. The validity period will be restricted to begin no earlier than a universal current time on the global server site 110 and to have a maximum duration possibly set by the user. The maximum duration should be short, for example, 24 hours, one week, two weeks, etc. but should not exceed the traditional validity term of one year.

The temporary certificate generator 325 digitally signs the envelope, thereby generating the signed temporary certificate 400. FIG. 4A is a block diagram illustrating an example temporary certificate 400, which includes a public key 405, a subject name 410, a validity period 415, a serial number 420 and a global server signature 425. Although not shown, the certificate 400 may include other information such as that used by certificates complying with the X.500 Version 3.0 in CCITT, Recommendation X.509: “The Directory—Authentication Framework” 1988 by J. Postel and J. Reynolds cited on page 57 of the incorporated reference entitled “The SSL Protocol, Version 3.0. Referring again to FIG. 3, it will be appreciated that the temporary certificate generator 325 may use the global server'"'"'s private key 119 to digitally sign the envelope. It will be further appreciated that the temporary certificate generator 325 may use a Public Key Certificate Standard (PKCS), such as PKCS-7, and may use the Abstract Syntax Notation (ASN) distinguished coding practices. The temporary certificate generator 325 forwards the signed temporary certificate 400 to the requesting client.

The certificate installation downloadable 330 includes code for causing a web client, such as web engine 140, to install the temporary certificate 400 so that the web engine 140 will provide a temporary certificate 400 to all confirmed requesting parties. The certificate installation downloadable 330 includes an Application Program Interface (API) for communicating with the particular web engine 140. For example, if the web engine 140 includes the Netscape Navigator™ web browser developed by the Netscape Corporation, then an API for communicating with the Netscape Navigator™ web browser is needed. If the client supports a SmartCard reader, the API may install a virtual SmartCard driver and may install the certificate virtually on the driver. Now the temporary client site 125 is temporarily configured and can operate without further interaction with the global server site 110 for the duration of the temporary certificate 400.

The certificate maintenance downloadable 340 includes code for causing the temporary client site to monitor the validity period of the temporary certificate 400 for expiration. Monitoring current time may include communicating with an atomic clock on the global server site 110 or may include adjusting for time variations between the temporary client site 125 and the global server site 110. Just prior to expiration of the temporary certificate 400, the certificate maintenance downloadable 340 re-requests identification and authentication information from the user. Upon confirmation of user identification and authentication, the temporary certificate generator 325 reissues a new temporary certificate 400 which may require re-generation of a new public/private key pair, etc. or just updating the start/end time 415 to extend the validity period. It will be appreciated that to maintain a temporary certificate, the user may be requested to hit a “Continue?” pop-up button and input of identification and authentication information. The certificate installation downloadable 330 installs the reissued temporary certificate 400 in the web engine 140.

The certificate de-installation downloadable 345 includes code for causing a the web engine 140 to de-install a temporary certificate 400 after the user has finished with the temporary client site 125. The certificate de-installation downloadable 345 removes the temporary certificate 400 and the private key from the web engine 140, and sends the certificate 400 or at least the serial number 420 of the certificate 400 to the certificate authority maintaining the revocation list 335, which contains information identifying all unexpired temporary certificates 400 to be considered no longer valid. In this embodiment, the certifying authority is the global server site 110, and thus the information is sent to the web server engine 303. The web server engine 303 stores the certificate 400 or serial number 420 in the revocation list 335. If the certifying authority is a third party certificate authority 175, revocation of a temporary certificate 400 is communicated to the third party certificate authority 175 (possibly via the global server site 110) so that a proper revocation list 335 can be maintained at that third party certificate authority 175. If the temporary certificate is a self-certified limited certificate (see FIGS. 10-13), then the revocation list may be managed by the certificate authority issuing the long-term certificate.

A web site 130 that was contacted by a client 125 using a temporary certificate 400 asks the web server engine 303 to download the certificate revocation list 335. By reviewing the revocation list 335, the web site 130 can determine if the temporary certificate 400 being used has already been revoked. For efficiency, the web site 130 may only download a revocation list 335 if the revocation list 335 on the global server site 110 has been updated since the last download. After a temporary certificate 400 expires, the web server engine 303 may remove it from the revocation list 335. Because the temporary certificates 400 quickly expire (e.g., between five minutes and 24 hours) and are removed from the revocation list 335 upon expiration, the revocation lists 335 will not become very long.

FIG. 5 is a flowchart illustrating a client method 500 for generating, installing and using a temporary certificate 400 at the temporary client site 125. Method 500 begins by the temporary client site 125 in step 505 creating a private channel with the global server site 110. Creating a private channel may include using SSL or PCT technology. In response to a request by the security module 305 of the global server site 110, the unconfigured web engine 140 in step 510 delivers identification and authentication information to the global server site 110, possibly, by requesting login and password information from a user or by requesting a response to a challenge from a user having a hand-held authentication token such as AuthentiCard™ authentication token developed by Vasco Corporation of Lombard, Ill. or by entering the number currently displayed on time-synchronized identification and authentication system such as SecureID from Security Dynamics, and forwarding the information or response to the security module 305. It will be appreciated that because of the global server certificate 117 on the global server site 110, the temporary client site 125 can strongly identify the global server site 110. However, the global server site 110 cannot yet identify the currently unconfigured temporary client site 125.

Upon identification and authentication, the unconfigured web engine 140 in step 515 downloads and in step 520 executes a key generation downloadable 315 from the global server site 110. The key generation downloadable 315 in step 523 generates a public/private key pair. The unconfigured web engine in step 525 downloads and in step 530 executes a certificate request engine downloadable 320 from the global server site 110. The certificate request engine downloadable 320 in step 535 sends a certificate request 450 having the public key generated by the key generation downloadable 315 to the temporary certificate generator 325 of the global server site 110. An example certificate request 450 is shown in FIG. 4B.

The unconfigured web engine 140 in step 540 downloads from the global server site 110 a certificate installation downloadable 330 and a temporary certificate 400 generated by the temporary certificate generator 325. The unconfigured web engine 140 in step 545 executes the certificate installation downloadable 330, which in step 550 installs the temporary certificate 400 and the previously generated private key in the unconfigured web engine 140, thereby creating a temporarily configured web engine 140. The web engine 140 in step 553 downloads the certificate maintenance downloadable 340 and the certificate de-installation Downloadable 345. It will be appreciated that all these separate downloadables may be combined into a single downloaded program module. The secure communications engine 185 on the temporary client site 125 in step 555 sends a request to close the secure channel with the secure communications engine 190 on the global server site 110.

Accordingly, the temporarily configured web engine 140 in step 560 executes the certificate maintenance Downloadable 340 and uses the temporary certificate and private key to communicate with web sites 130. Either after expiration of the temporary certificate or upon receipt of a user'"'"'s asynchronous logout request, the web engine 140 in step 565 executes the certificate de-installation Downloadable thereby de-installing the temporary certificate. It will be appreciated that expiration of the temporary certificate and receipt of a user logout request will be recognized by the certificate maintenance Downloadable being executed by the temporarily configured web engine 140. Method 500 then ends.

FIG. 6 is a global server method 600 for installing a temporary certificate 400 in an unconfigured web engine 140 in accordance with the present invention. Method 600 begins with the secure communications engine 310 in step 605 accepting a secure channel request from the connecting client, e.g., the secure communications engine 185 of the temporary client site 125. The security module 305 in step 610 identifies and authenticates the client at the temporary client site 125, possibly by requesting login and password information or by requesting a response to a challenge.

Upon identification and authentication, the web server engine 303 in step 615 accepts a request from the unconfigured web engine 140 on the temporary client site 125. In step 620, the web server engine 303 determines if the request includes a request for a Downloadable. If so, then the web server engine 303 in step 625 retrieves the requested item and downloads it to the unconfigured web engine 140. Method 600 then returns to step 615. The Downloadable may include the key generation downloadable 315, the certificate request engine Downloadable 320, the certificate installation Downloadable 330, the certificate maintenance Downloadable 340, the certificate de-installation Downloadable 345, or combinations of the above.

If the request received is not a request for a Downloadable, then the web server engine 303 in step 630 determines whether the request included a request for temporary certificate generation. If so, then the temporary certificate generator 325 in step 635 generates a temporary certificate 400 by packaging the necessary information from the request 450 and from the database of users 310 into a container and signing the container, as described in greater detail above with reference to FIG. 4A and below with reference to FIG. 7. The web server engine 303 in step 640 downloads the temporary certificate 400 to the unconfigured web engine 140, and returns to step 615.

If the request was not a request for temporary certificate generation, then the web server engine 303 in step 645 determines if the request includes a request to close the secure channel. If so, then the secure communications engine 190 in step 650 closes the channel, and method 600 then ends. Otherwise, the web server engine 303 in step 647 determines if the request includes some other recognizable request. If recognized, then the web server engine 303 in step 648 performs the request and returns to step 615. If unrecognized, the web server engine 303 in step 649 rejects the request and returns to step 615.

FIG. 7 is a flowchart illustrating details of a method 635 for generating a temporary certificate 400, as illustrated in FIG. 4A. Method 635 begins with the temporary certificate generator 325 in step 705 retrieving the public key 405 from the temporary certificate generation request 450. The temporary certificate generator 325 in step 710 appends the subject name 410, retrieved from the database of users 310, to the public key 405. The temporary certificate generator 325 in step 715 assigns and appends a start time 415 based on the current time, and in step 720 assigns and appends an end time 415 based on the user-selected duration 460 and on previously configured validity period limits (not shown). The temporary certificate generator 325 in step 725 assigns and appends a serial number 420 to the public key 405. The temporary certificate generator 325 in step 730 appends the signature 425 certifying the authenticity of the above items. It will be appreciated that appending the certifying signature 425 may include using the global server private key 119 to sign the package. One skilled in the art will recognize that the temporary certificate 400 may contain other data items, and may comply with the X.500 standard. Method 635 then ends.

FIG. 8 is a flowchart illustrating a client method 800 for managing a temporary certificate 400 in accordance with the present invention. Method 800 begins with the certificate maintenance Downloadable 340 operating on the client 125 in step 810 examining the temporary certificate 400. The certificate maintenance Downloadable 340 in step 815 monitors the start/end time 415, i.e., the validity period, of the temporary certificate 400 to determine whether it has almost expired. For example, a temporary certificate 400 has almost expired when it is within a predetermined time period (e.g., 30 seconds) from the end time 415.

If the certificate maintenance Downloadable has determined that the temporary certificate 400 has almost expired, the certificate maintenance downloadable 340 in step 825 determines whether the user is done with the session, preferably, by asking the user. If the user is done, then the certificate maintenance Downloadable 345 in step 855 de-installs the temporary certificate 400 and method 800 ends. If the user is not done, then the certificate maintenance Downloadable 340 in step 835 requests a new or re-issued temporary certificate 400 from the global server site 110. Requesting a re-issued temporary certificate is similar to requesting an original temporary certificate 400. However, the Downloadables need not be downloaded again. That is, a request will look like request 450 (FIG. 4B), and step 835 may include creating a secure channel with the global server 110 (step 505, FIG. 5), transmitting identification and authentication information to the global server 110 (step 510, FIG. 5), executing the certificate request engine Downloadable 320 (step 530, FIG. 5), and sending the certificate request to the global server 110 (step 535, FIG. 5). For housekeeping and other purposes, the certificate request engine Downloadable 320 may also send the original temporary certificate 400 to the global server 110. Generating a re-issued certificate is discussed in greater detail with reference to FIG. 10. If the global server site 110 in step 837 grants the request, the certificate maintenance Downloadable 340 in step 840 installs the new or re-issued temporary certificate 400, and method 800 then returns to step 815. Step 840 may include executing the certificate installation Downloadable 330 (step 540, FIG. 5), installing the certificate (step 550, FIG. 5), and closing the secure channel (step 555, FIG. 5). If the certificate re-issue request is not granted, the method 800 jumps to step 855.

If the temporary certificate 400 has not almost expired, then the certificate maintenance Downloadable in step 820 waits. The certificate maintenance Downloadable 340 in step 845 determines if the user is done with the session. If not, then the method 800 returns to step 815. Otherwise, the certificate maintenance Downloadable 340 in step 850 adds the temporary certificate 400 to the revocation list 335 and proceeds to step 855.

FIG. 9 is a flowchart illustrating a web site method 900 for examining a temporary certificate 400 before authorizing performance of a client request, in accordance with the present invention. Method 900 begins with the secure communications engine 147 on the web site 130 in step 905 receiving a temporary certificate 400. The secure communications engine 147 in step 915 verifies the validity of the certificate 400. Verifying the validity of a temporary certificate is illustrated in FIG. 13. If the secure communications engine 147 in step 915 determines that the temporary certificate 400 is invalid, then the secure communications engine 147 in step 917 informs the user of the failure. Method 900 then ends.

If the secure communications engine 147 in step 915 determines that the certificate 400 is valid, then the secure communications engine 147 in step 920 identifies and authenticates the client. If the secure communications engine 147 in step 925 does not authenticate the client, then the method jumps to step 917. Otherwise, the web site engine 153 in step 930 accepts requests from the client site 125.

The web site engine 153 in step 935 determines whether, based on the valid certificate 400, the client on the client site 125 is authorized to have the request performed. If the client is not authorized, then the web site engine 153 in step 940 informs the client of the failure and method 900 returns to step 930. If the client is authorized, then the web site engine 153 in step 945 performs the request, e.g., provides the necessary web page data 150 or results to the client site 125. The secure communications engine 147 determines whether to end the session. Determining whether to end the session is similar to method 800 described with reference to FIG. 8. That is, the secure communications engine 147 determines if the temporary certificate 400 has expired or whether the user has logged out. Monitoring the current time to determine if the temporary certificate 400 has expired may include communicating with an atomic clock on the global server site 110. If ending the session, method 900 ends. Otherwise, method 900 then returns to step 930.

FIG. 10 is a flowchart illustrating a method 1000 of re-issuing a temporary certificate 400. Method 1000 begins with the temporary certificate server 115 in step 1010 receiving a request for extension. The temporary certificate server 115 in step 1020 re-identifies and re-authenticates the client, and in step 1030 determines whether to accept the request. Determining whether to accept the certificate re-issue request may include determining whether the user has configured the temporary certificate server 115 to allow updates, determining whether the frequency of updates is within user-selected or predetermined limits, determining whether the duration requested is within user-selected or predetermined limits, etc.

If the request is denied, the temporary certificate server 115 in step 1040 informs the client, and method 1000 ends. If the request is accepted, then the temporary certificate server 115 in step 1050 generates a re-issued temporary certificate (same subject name, same public key, same serial number, different validity period, different global server signature) and in step 1060 downloads the re-issued certificate to the client site 125 for installation. It will be appreciated that, if re-issuing a temporary certificate is not available, then re-generating a temporary certificate would be necessary (which may include regenerating a new pubic and private key pair, etc.). Method 1000 then ends.

FIG. 11 is a flowchart illustrating a method 1100 of installing a self-certified limited certificate, as illustrated in FIG. 13. Method 1100 begins with the temporary certificate server 115 in step 1105 accepting a request to generate a temporary certificate 400. The temporary certificate server 115 in step 1110 appends the short-term public key 405 received in the request 450 and client identifying items (e.g., subject name 410) retrieved from the database of users 310 into a package. The temporary certificate server 115 in step 1115 appends validity period information (e.g., start/end time 415) based on the duration 460 in the request 450, the validity period of the long-term certificate and predetermined limits into the package. For identification purposes, the temporary certificate server 115 in step 1120 assigns a serial number 420 and appends it into the package. The temporary certificate server 115 in step 1125 retrieves the long-term public certificate (such as certificate 160) associated with the requesting user from the database of users 310, and appends the long-term certificate into the package. The temporary certificate server 115 in step 1130 retrieves the long-term private key (such as private key 165) associated with the long-term certificate from the database of users 310, and uses the private key to generate a signature for the items appended the package. The temporary certificate server 115 in step 1135 appends the signature to the package, and method 1100 ends.

FIG. 12 is a flowchart illustrating a method for verifying the authenticity, integrity and origin of a temporary certificate 400, including a self-certified limited certificate. Method 915 begins with the secure communications engine 147 on the web site 130 in step 1205 determining whether the temporary certificate 400 (FIG. 4A) or 1300 (FIG. 13) is a self-certified limited certificate 1300. If so, then the secure communications engine 147 in step 1210 determines whether it recognizes the certificate authority signing the appended long-term certificate 1315. If unrecognized, then the secure communications engine 147 in step 1215 determines that the temporary certificate 1300 is invalid, and method 915 proceeds to step 917 (FIG. 9).

If the certificate authority is recognized, then the secure communications engine 147 in step 1220 uses the certificate authority'"'"'s well-known public key to verify the signature of the appended long-term certificate 1315. The secure communications engine 147 in step 1225 determines whether the signature of the long-term certificate 1315 has been verified. If not, then method 915 returns to step 1215. Otherwise, the secure communications engine 147 in step 1230 determines whether the long-term certificate 1315 has expired. If not, then method 915 returns to step 1215. Otherwise, the secure communications engine 147 in step 1235 determines whether the long-term certificate 1315 has been revoked. Determining long-term certificate revocation typically includes downloading a long-term certificate revocation list (not shown) from the certificate authority signing the long-term certificate 1315. If revoked, then method 915 returns to step 1215.

If verified, unexpired and unrevoked, then the secure communications engine 147 in step 1240 uses the long-term public key in the long-term certificate 1315 to verify the signature of the temporary certificate 1300. If in step 1243 the secure communications engine 147 determines that the signature does not verify, then method 915 returns to step 1215. Otherwise, the secure communications engine 147 in step 1245 determines whether the validity period 1310 of the selfcertified limited certificate 1300 is within the validity period (not shown) of the long-term certificate 1315. If not, then method 915 returns to step 1215. If so, then the secure communications engine 147 in step 1250 determines whether the self-certified certificate 1300 and long-term certificate have the same subject. If not, then the method 915 returns to step 1215. Otherwise, the secure communications engine in step 1255 authenticates the certificate 1300, and proceeds to step 920 (FIG. 9).

If the secure communications engine 147 in step 1205 determines that the received temporary certificate 400 or 1300 is not a limited certificate 1300, then the secure communications engine 147 in step 1260 performs conventional certificate verification techniques, and in step 1265 determines whether the certificate 400 has been authenticated. If so, then method 915 proceeds to step 920 (FIG. 9). If not, then method 915 proceeds to step 917 (FIG. 9).

The foregoing description of the preferred embodiments of the present invention is by way of example only, and other variations and modifications of the above-described embodiments and methods are possible in light of the foregoing teaching. Although the network sites are being described as separate and distinct sites, one skilled in the art will recognize that these sites may be a part of an integral site, may each include portions of multiple sites, or may include combinations of single and multiple sites. Although the certificate installation, maintenance, etc. software have been described as Downloadables, one skilled in the art will be aware that these modules may be a part of a web engine on the temporary client. Further, components of this invention may be implemented using a programmed general purpose digital computer, using application specific integrated circuits, or using a network of interconnected conventional components and circuits. Connections may be wired, wireless, modem, etc. Although the system of the present invention is being described with reference to an atomic clock on the global server site 110, any atomic clock such as the U.S. Navy Master Clock may alternatively be accessed. The invention will still operate without an atomic clock while using larger validity periods and depending more on revocation lists. Although we have described the present invention for SSL, PCT and other session-oriented protocols, the techniques can be easily adapted to non-session protocols such as S/MIME and S/PAY which use public key certificates. The embodiments described herein are not intended to be exhaustive or limiting. The present invention is limited only by the following claims.

View All

System and method for installing and using a temporary certificate at a remote site

First Claim

8 Assignments

Litigations

0 Petitions

Accused Products

Abstract

622 Citations

44 Claims

1 Specification

1 Family Member

System and method for installing and using a temporary certificate at a remote site

First Claim

8 Assignments

Litigations

0 Petitions

Accused Products

Abstract

622 Citations

44 Claims

1 Specification

1 Family Member

Thank you for your feedback