Eric Le

7574734, Aug 11, 2009

Aug 15, 2002

10/218640

Dominique Louis Joseph Fedronic - Belmont CA, US
Eric F. Le Saint - Fremont CA, US

H04L 9/00
G06F 7/04
G06K 9/00

726 9, 726 5, 726 18, 713159, 713170, 713172, 713185, 713186, 382115, 382116, 382124

This invention provides for progressive processing of biometric samples to facilitate verification of an authorized user. The initial processing is performed by a security token. Due to storage space and processing power limitations, excessive false rejections may occur. To overcome this shortfall, the biometric sample is routed to a stateless server, which has significantly greater processing power and data enhancement capabilities. The stateless server receives, processes and returns the biometric sample to the security token for another attempt at verification using the enhanced biometric sample. In a second embodiment of the invention, a second failure of the security token to verify the enhanced biometric sample sends either the enhanced or raw biometric sample to a stateful server. The stateful server again processes the biometric sample and performs a one to many search of a biometric database. The biometric database contains the master set of enrolled biometric templates associated with all authorized users.

7770212, Aug 3, 2010

Aug 15, 2002

10/218642

Eric F. Le Saint - Fremont CA, US

Activcard - Suresnes Cedex

H04L 29/06

726 5, 713193, 726 28

This invention provides a privilege delegation mechanism, which allows a privilege and associated control attributes to be delegated from a security token to another security token or an intelligent device such as a computer system. The privilege may be in the form of an attribute certificate, a key component of a cryptographic key, a complete cryptographic key, digital certificate, digital right, license or loyalty credits. The purpose of the delegation is to allow another security token or computer system to act as a surrogate for the security token or to access a resource which requires components from both units before access is permitted. Attributes associated with the delegated privilege control the scope and use of the privilege. The delegation may allow the surrogate to perform authentications, access data or resources included on another security token or computer system. Authentications are performed prior to transferring of the delegable privileges.

7787661, Aug 31, 2010

Mar 29, 2006

11/391473

Eric Fernand Le Saint - Fremont CA, US
Dominique Louis Fedronic - Belmont CA, US
John Jules Alexander Boyer - Ottawa, CA
Hong Liu - Singapore, SG

ActivIdentity, Inc. - Fremont CA

G06K 9/00
G06F 21/00
G06F 7/04
H04L 9/32

382115, 382124, 340 552, 340 56, 713186

A system is used for authorizing access to a Personal Security Device. This system comprises a Personal Security Device and another device which is in functional communication with said Personal Security Device. Said Personal Security Device comprises identification information retrieval data and a biometric authentication application which transfers said identification information retrieval data to said other device in response to an identified match between biometric data sent by said other device and a predetermined biometric reference. Said other device comprises a security executive application for retrieving an Identification Information with at least said identification information retrieval data, thus generating a retrieved Identification Information, and transferring said retrieved Identification Information to said Personal Security Device. Said Personal Security Device comprises a security executive application for authorizing access in response to an identified match between said transferred retrieved Identification Information and a predetermined Identification Information stored in said Personal Security Device.

7802293, Sep 21, 2010

Apr 5, 2006

11/397710

John Jules Alexander Boyer - Ottawa, CA
Eric Fernand Le Saint - Cupertino CA, US

ActivIdentity, Inc. - Fremont CA

G06F 17/30

726 6, 726 4, 726 5

A secure and transparent digital credential sharing arrangement which utilizes one or more cryptographic levels of indirection to obfuscate a sharing entity's credentials from those entities authorized to share the credentials. A security policy table is provided which allows the sharing entity to selectively authorize or revoke digital credential sharing among a plurality of entities. Various embodiments of the invention provide for secure storage and retrieval of digital credentials from security tokens such as smart cards. The secure sharing arrangement may be implemented in hierarchical or non-hierarchical embodiments as desired.

7907935, Mar 15, 2011

Dec 22, 2003

10/740497

Eric F. Le Saint - Los Altos CA, US
Dominique Louis Joseph Fedronic - Belmont CA, US

Activcard Ireland, Limited - Dublin

H04M 1/66

455411, 713152

An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction.

8014570, Sep 6, 2011

Nov 10, 2005

11/270831

Eric F. Le Saint - Los Altos CA, US
Wu Wen - Sunnyvale CA, US
Laurence Hamid - Ottawa CA, US

ActivCard, Inc. - Fremont CA

G06K 9/00

382115, 382124, 340 582, 340 583

A method, system and computer program product for improving error discrimination in biometric authentication systems. The error discrimination is set to a predetermined security policy. A plurality of biometric samples are provided and authenticated by a computer system in conjunction with a security token. An alternate embodiment allows inputting of the plurality of biometric samples in a predetermined sequence. The predetermined input sequence is maintained as an authentication secret which may be used to further reduce the authentication transaction error rate. A user may input one or more biometric samples, where a portion of the biometric samples are inputted in a predetermined sequence, selecting from among a plurality of available processing units, a set of processing units which will generate intermediate results from the processing of the biometric samples, processing at least a portion of the biometric samples by the selected set of processing units to provide intermediate results, verifying the predetermined sequence, and arbitrating the intermediate results to generate a final result which at least meets a predetermined security policy. Various embodiments provide for a security token to perform at least a portion of the processing or the arbitration function.

8141141, Mar 20, 2012

Jun 30, 2009

12/495778

Dominique Louis Joseph Fedronic - Belmont CA, US
Eric F. Le Saint - Fremont CA, US

ActivIdentity, Inc. - Freemont CA

G06F 21/00

726 9, 713186

This invention provides for progressive processing of biometric samples to facilitate verification of an authorized user. The initial processing is performed by a security token. Due to storage space and processing power limitations, excessive false rejections may occur. To overcome this shortfall, the biometric sample is routed to a stateless server, which has significantly greater processing power and data enhancement capabilities. The stateless server receives, processes and returns the biometric sample to the security token for another attempt at verification using the enhanced biometric sample. In a second embodiment of the invention, a second failure of the security token to verify the enhanced biometric sample sends either the enhanced or raw biometric sample to a stateful server. The stateful server again processes the biometric sample and performs a one to many search of a biometric database. The biometric database contains the master set of enrolled biometric templates associated with all authorized users.

H002270, Jun 5, 2012

Jul 9, 2010

12/803968

Eric F. Le Saint - Los Altos CA, US
Dominique Louis Joseph Fedronic - Belmont CA, US

Actividentity, Inc. - Fremont CA

H04L 9/30

713168

A suite of efficient authentication and key establishment protocols for securing contact or contactless interfaces between communicating systems. The protocols may be used in secure physical access, logical access and/or transportation applications, among other implementations. The system authenticates a mobile device such as a smart card and/or mobile phone equipped with a secure element presented to one or more host terminals and establishes shared secure messaging keys to protect communications between the device and terminal. Secure messaging provides an end-to-end protected path of digital documents or transactions through the interface. The protocols provide that the device does not reveal identification information to entities different from a trusted host. The terminal may be a contactless reader at a door for controlling physical access, a desktop, laptop or kiosk for controlling logical access, and/or an access point for obtaining an encrypted digital ticket from an authenticated mobile device used for transit applications.