Eric Le

US Patent:

7574734, Aug 11, 2009

Filed:

Aug 15, 2002

Appl. No.:

10/218640

Inventors:

Dominique Louis Joseph Fedronic - Belmont CA, US
Eric F. Le Saint - Fremont CA, US

International Classification:

H04L 9/00
G06F 7/04
G06K 9/00

US Classification:

726 9, 726 5, 726 18, 713159, 713170, 713172, 713185, 713186, 382115, 382116, 382124

Abstract:

This invention provides for progressive processing of biometric samples to facilitate verification of an authorized user. The initial processing is performed by a security token. Due to storage space and processing power limitations, excessive false rejections may occur. To overcome this shortfall, the biometric sample is routed to a stateless server, which has significantly greater processing power and data enhancement capabilities. The stateless server receives, processes and returns the biometric sample to the security token for another attempt at verification using the enhanced biometric sample. In a second embodiment of the invention, a second failure of the security token to verify the enhanced biometric sample sends either the enhanced or raw biometric sample to a stateful server. The stateful server again processes the biometric sample and performs a one to many search of a biometric database. The biometric database contains the master set of enrolled biometric templates associated with all authorized users.

US Patent:

7770212, Aug 3, 2010

Filed:

Aug 15, 2002

Appl. No.:

10/218642

Inventors:

Eric F. Le Saint - Fremont CA, US

Assignee:

Activcard - Suresnes Cedex

International Classification:

H04L 29/06

US Classification:

726 5, 713193, 726 28

Abstract:

This invention provides a privilege delegation mechanism, which allows a privilege and associated control attributes to be delegated from a security token to another security token or an intelligent device such as a computer system. The privilege may be in the form of an attribute certificate, a key component of a cryptographic key, a complete cryptographic key, digital certificate, digital right, license or loyalty credits. The purpose of the delegation is to allow another security token or computer system to act as a surrogate for the security token or to access a resource which requires components from both units before access is permitted. Attributes associated with the delegated privilege control the scope and use of the privilege. The delegation may allow the surrogate to perform authentications, access data or resources included on another security token or computer system. Authentications are performed prior to transferring of the delegable privileges.

US Patent:

7787661, Aug 31, 2010

Filed:

Mar 29, 2006

Appl. No.:

11/391473

Inventors:

Eric Fernand Le Saint - Fremont CA, US
Dominique Louis Fedronic - Belmont CA, US
John Jules Alexander Boyer - Ottawa, CA
Hong Liu - Singapore, SG

Assignee:

ActivIdentity, Inc. - Fremont CA

International Classification:

G06K 9/00
G06F 21/00
G06F 7/04
H04L 9/32

US Classification:

382115, 382124, 340 552, 340 56, 713186

Abstract:

A system is used for authorizing access to a Personal Security Device. This system comprises a Personal Security Device and another device which is in functional communication with said Personal Security Device. Said Personal Security Device comprises identification information retrieval data and a biometric authentication application which transfers said identification information retrieval data to said other device in response to an identified match between biometric data sent by said other device and a predetermined biometric reference. Said other device comprises a security executive application for retrieving an Identification Information with at least said identification information retrieval data, thus generating a retrieved Identification Information, and transferring said retrieved Identification Information to said Personal Security Device. Said Personal Security Device comprises a security executive application for authorizing access in response to an identified match between said transferred retrieved Identification Information and a predetermined Identification Information stored in said Personal Security Device.

US Patent:

7802293, Sep 21, 2010

Filed:

Apr 5, 2006

Appl. No.:

11/397710

Inventors:

John Jules Alexander Boyer - Ottawa, CA
Eric Fernand Le Saint - Cupertino CA, US

Assignee:

ActivIdentity, Inc. - Fremont CA

International Classification:

G06F 17/30

US Classification:

726 6, 726 4, 726 5

Abstract:

A secure and transparent digital credential sharing arrangement which utilizes one or more cryptographic levels of indirection to obfuscate a sharing entity's credentials from those entities authorized to share the credentials. A security policy table is provided which allows the sharing entity to selectively authorize or revoke digital credential sharing among a plurality of entities. Various embodiments of the invention provide for secure storage and retrieval of digital credentials from security tokens such as smart cards. The secure sharing arrangement may be implemented in hierarchical or non-hierarchical embodiments as desired.

US Patent:

7907935, Mar 15, 2011

Filed:

Dec 22, 2003

Appl. No.:

10/740497

Inventors:

Eric F. Le Saint - Los Altos CA, US
Dominique Louis Joseph Fedronic - Belmont CA, US

Assignee:

Activcard Ireland, Limited - Dublin

International Classification:

H04M 1/66

US Classification:

455411, 713152

Abstract:

An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction.

US Patent:

8014570, Sep 6, 2011

Filed:

Nov 10, 2005

Appl. No.:

11/270831

Inventors:

Eric F. Le Saint - Los Altos CA, US
Wu Wen - Sunnyvale CA, US
Laurence Hamid - Ottawa CA, US

Assignee:

ActivCard, Inc. - Fremont CA

International Classification:

G06K 9/00

US Classification:

382115, 382124, 340 582, 340 583

Abstract:

A method, system and computer program product for improving error discrimination in biometric authentication systems. The error discrimination is set to a predetermined security policy. A plurality of biometric samples are provided and authenticated by a computer system in conjunction with a security token. An alternate embodiment allows inputting of the plurality of biometric samples in a predetermined sequence. The predetermined input sequence is maintained as an authentication secret which may be used to further reduce the authentication transaction error rate. A user may input one or more biometric samples, where a portion of the biometric samples are inputted in a predetermined sequence, selecting from among a plurality of available processing units, a set of processing units which will generate intermediate results from the processing of the biometric samples, processing at least a portion of the biometric samples by the selected set of processing units to provide intermediate results, verifying the predetermined sequence, and arbitrating the intermediate results to generate a final result which at least meets a predetermined security policy. Various embodiments provide for a security token to perform at least a portion of the processing or the arbitration function.

US Patent:

8141141, Mar 20, 2012

Filed:

Jun 30, 2009

Appl. No.:

12/495778

Inventors:

Dominique Louis Joseph Fedronic - Belmont CA, US
Eric F. Le Saint - Fremont CA, US

Assignee:

ActivIdentity, Inc. - Freemont CA

International Classification:

G06F 21/00

US Classification:

726 9, 713186

Abstract:

This invention provides for progressive processing of biometric samples to facilitate verification of an authorized user. The initial processing is performed by a security token. Due to storage space and processing power limitations, excessive false rejections may occur. To overcome this shortfall, the biometric sample is routed to a stateless server, which has significantly greater processing power and data enhancement capabilities. The stateless server receives, processes and returns the biometric sample to the security token for another attempt at verification using the enhanced biometric sample. In a second embodiment of the invention, a second failure of the security token to verify the enhanced biometric sample sends either the enhanced or raw biometric sample to a stateful server. The stateful server again processes the biometric sample and performs a one to many search of a biometric database. The biometric database contains the master set of enrolled biometric templates associated with all authorized users.

US Patent:

H002270, Jun 5, 2012

Filed:

Jul 9, 2010

Appl. No.:

12/803968

Inventors:

Eric F. Le Saint - Los Altos CA, US
Dominique Louis Joseph Fedronic - Belmont CA, US

Assignee:

Actividentity, Inc. - Fremont CA

International Classification:

H04L 9/30

US Classification:

713168

Abstract:

A suite of efficient authentication and key establishment protocols for securing contact or contactless interfaces between communicating systems. The protocols may be used in secure physical access, logical access and/or transportation applications, among other implementations. The system authenticates a mobile device such as a smart card and/or mobile phone equipped with a secure element presented to one or more host terminals and establishes shared secure messaging keys to protect communications between the device and terminal. Secure messaging provides an end-to-end protected path of digital documents or transactions through the interface. The protocols provide that the device does not reveal identification information to entities different from a trusted host. The terminal may be a contactless reader at a door for controlling physical access, a desktop, laptop or kiosk for controlling logical access, and/or an access point for obtaining an encrypted digital ticket from an authenticated mobile device used for transit applications.