Patents Examined by Eleni Shiferaw
-
Patent number: 11558183Abstract: A system is provided for exchanging symmetric cryptographic keys using computer network port knocking. The system may receive, from a networked computing device, a first series of packets on a first series of ports which may signify a request to open a secure network connection. Once the secure network connection has been opened, the system may receive a second series of packets on a second series of ports which may be used as seed values to generate a symmetric cryptographic key. Finally, the system may then receive a third series of packets on a third series of ports which may signify the end of the second series of packets (e.g., the seed values). In this way, the system may exchange symmetric key values with the networked computing device which may then be used to open secure communication channels between the system and the computing device.Type: GrantFiled: May 15, 2020Date of Patent: January 17, 2023Assignee: BANK OF AMERICA CORPORATIONInventor: Brandon Sloane
-
Patent number: 11457014Abstract: A method, system and computer program product relating to an application server operable to manage a microservice-based application, i.e. app, on behalf of clients, the clients being available for use by system actors who may be, for example, end users, bots, developers or other apps. A permissions validator is used to compute effective permissions in response to client requests. The requests are granted or denied conditional on the effective permissions being at least a subset of the permissions required to be given by any of the app's microservices that are needed for the resource being requested. The effective permissions are computed from an intersection of a set of actor permissions, a set of client permissions and a set of resource permissions.Type: GrantFiled: October 26, 2017Date of Patent: September 27, 2022Assignee: International Business Machines CorporationInventors: Vincent Burckhardt, Andre Fischer, Olgierd Pieczul, Jürgen Schmidt, Xiao F. Yu
-
Patent number: 11431480Abstract: A method, apparatus, and system for assigning the execution of a cryptography and/or compression operation on a data segment to either a central processing unit (CPU) or a hardware cryptography/compression accelerator is disclosed. In particular, a data segment on which a cryptography and/or compression operation is to be executed is received. Status information relating to a CPU and a hardware cryptography/compression accelerator is determined. Whether the operation is to be executed on the CPU or on the hardware accelerator is determined based at least in part on the status information. In response to determining that the operation is to be executed on the CPU, the data segment is forwarded to the CPU for execution of the operation. On the other hand, in response to determining that the operation is to be executed on the hardware accelerator, the data segment is forwarded to the hardware accelerator for execution of the operation.Type: GrantFiled: July 11, 2019Date of Patent: August 30, 2022Assignee: EMC IP HOLDING COMPANY LLCInventors: Bing Liu, Tao Chen, Wei Lin, Yong Zou
-
Patent number: 11425016Abstract: A system related to black hole filtering is provided. The system can allow a dynamic routing protocol on a network device to determine whether a route learned by the dynamic routing protocol is a black hole route. The route may be learned through another source. In response to a determination that the route is the black hole route, the dynamic routing protocol may generate a routing update that indicates the route as the black hole route. The dynamic routing protocol may then advertise the routing update to each neighbor network device.Type: GrantFiled: July 30, 2018Date of Patent: August 23, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Anil Raj, Anoop Govindan Nair, Srijith Ponnappan
-
Patent number: 11423156Abstract: The disclosure relates to detecting vulnerabilities in managed client devices. A system determines whether a vulnerability scan of a computing device is required to be performed. The system installs a vulnerability detection component in the computing device in response to determining that the vulnerability scan is required to be performed. The system requests the vulnerability detection component to perform the vulnerability scan of the computing device. The system transmits a result of the vulnerability scan to a remote management service for the computing device.Type: GrantFiled: October 14, 2019Date of Patent: August 23, 2022Assignee: AirWatch LLCInventors: Scott Harlow Kelley, Adarsh Subhash Chandra Jain, Stephen Turner
-
Patent number: 11418349Abstract: The present invention relates to a block chain-based method of generating data block shared between a plurality of nodes. According to an example, the method for generating the data block may comprise a step for obtaining at least one binding data having public or private characteristics; a step for determining a binding key having a decoding permission level for each binding data; a step for encoding the binding data using the binding key; and a step for generating a data block including the encoded binding data, and at least a portion of the binding key.Type: GrantFiled: February 12, 2019Date of Patent: August 16, 2022Inventor: Park Sung Bae
-
Patent number: 11405223Abstract: In accordance with an embodiment, a physically unclonable function device includes a set of transistor pairs, transistors of the set of transistor pairs having a randomly distributed effective threshold voltage belonging to a common random distribution; a differential read circuit configured to measure a threshold difference between the effective threshold voltages of transistors of transistor pairs of the set of transistor pairs, and to identify a transistor pair in which the measured threshold difference is smaller than a margin value as being an unreliable transistor pair; and a write circuit configured to shift the effective threshold voltage of a transistor of the unreliable transistor pair to be inside the common random distribution.Type: GrantFiled: February 6, 2020Date of Patent: August 2, 2022Assignees: STMICROELECTRONICS (ROUSSET) SAS, STMICROELECTRONICS (CROLLES 2) SASInventors: Francesco La Rosa, Marc Mantelli, Stephan Niel, Arnaud Regnier
-
Patent number: 11379612Abstract: A method of optimizing performance of and securing cloud storage and databases including analyzing data comprised by a data request by an agent application on a computerized device, the data request being generated by a client application and inserting a tag into the data request responsive to the analysis of the data comprised by the data request, the tag indicating storage requirements for at least one of security, access speed, or fault tolerance.Type: GrantFiled: October 17, 2019Date of Patent: July 5, 2022Inventor: Vijay Madisetti
-
Patent number: 11366895Abstract: Embodiments include side channel defender circuitry to protect shared code pages in executable only memory (XOM) from side-channel exploits. The side channel defender circuitry receives system calls and determines whether code pages include executable code, whether the code pages include writeable code, and whether the code pages include instructions capable of altering or modifying one or more protection keys associated with code pages stored in XOM. If the code pages contain executable code that is writeable or executable code that includes instructions capable of altering or modifying one or more protection keys associated with code pages stored in XOM the side channel defender circuitry, the side channel defender circuitry aborts the system call.Type: GrantFiled: September 28, 2018Date of Patent: June 21, 2022Assignee: Intel CorporationInventors: Ravi Sahita, Mingwei Zhang
-
Patent number: 11343672Abstract: A system and method for secure communications between a master and a plurality of devices in a wireless communications network are provided. The method includes encrypting, on said master, downlink plaintext for multicast transmission to a plurality of devices over a wireless communications link utilizing a symmetric key encryption algorithm in accordance with a first counter value and a shared symmetric session key; and decrypting, on one of said devices, multicast downlink cyphertext received from said master over said wireless communications link utilizing a symmetric key decryption algorithm in accordance with a second counter value and said shared symmetric session key.Type: GrantFiled: February 19, 2020Date of Patent: May 24, 2022Assignee: Coretigo Ltd.Inventors: Nir Efraim Joseph Tal, Dan Wolberg, Alex Regev
-
Patent number: 11336434Abstract: An Internet of Things (IoT) networking authentication system and a method thereof are provided. The IoT networking authentication system includes an idle IoT apparatus and a networked IoT apparatus. The idle IoT apparatus encrypts a connection request according to a key to generate a connection request ciphertext and sends the connection request ciphertext. The networked IoT apparatus receives the connection request ciphertext and decrypts, according to the key, the connection request ciphertext to obtain the connection request. The networked IoT apparatus authenticates the idle IoT apparatus according to the connection request to generate an authentication result. The networked IoT apparatus determines, according to the authentication result and a networking condition, whether to allow the idle IoT apparatus to join an IoT network, so as to generate a connection response. The networked IoT apparatus outputs the connection response to the idle IoT apparatus.Type: GrantFiled: July 7, 2020Date of Patent: May 17, 2022Assignee: REALTEK SEMICONDUCTOR CORP.Inventors: Zuo-Hui Peng, Zhao-Ming Li, Guo-Feng Zhang, Cui Ding, Jing-Jun Wu
-
Patent number: 11336442Abstract: Traditional key generation methods in a noisy network often assume trusted devices and are thus vulnerable to many attacks including covert channels. The present invention differs from previous key generation schemes in that it presents a mechanism which allows secure key generation with untrusted devices in a noisy network with a prescribed access structure.Type: GrantFiled: November 8, 2018Date of Patent: May 17, 2022Assignee: UNIVERSIDAD DE VIGOInventors: Marcos Curty Alonso, Lo Hoi-Kwong
-
Patent number: 11296875Abstract: A method for cryptographic key provisioning includes, via a main authentication server (MAS), generating a first secret key and registering a client by performing a first portion of a first instance of a distributed threshold oblivious pseudo-random function. The first instance of the function results in the client obtaining a root secret key and the MAS obtaining a corresponding root public key. The method includes authenticating the client to the MAS by performing a first portion of a second instance of the distributed threshold oblivious pseudo-random function. The second instance of the function results in the client obtaining the root secret key. Information stored by the client, the first secret key, and a second secret key generated by a support authentication server are inputs to at least one of the first and second instances of the distributed threshold oblivious pseudo-random function.Type: GrantFiled: March 27, 2020Date of Patent: April 5, 2022Assignees: NEC LABORATORIES EUROPE GMBH, IMDEA SOFTWARE INSTITUTEInventors: Claudio Soriente, Antonio Faonio, Maria Isabel Gonzalez Vasco, Angel Perez del Pozo
-
Patent number: 11258616Abstract: A decentralized key management system according to an embodiment of the present disclosure includes a bootstrap for generating a key and obtaining a certificate corresponding to the generated key, a memory for receiving the key and the certificate from the bootstrap and storing the key and the certificate, a container, in response to a mount command of the bootstrap, for reading the key and the certificate from the memory and being mounted with the key and the certificate, and a controller for generating the bootstrap, and deleting the bootstrap after the container mounts the key and the certificate.Type: GrantFiled: May 28, 2020Date of Patent: February 22, 2022Assignee: SAMSUNG SDS CO., LTD.Inventors: Hyo Jung Lee, Chang Suk Yoon, Jung Woo Cho, Young Woon Kwon, Kwang Cheol Lee
-
Patent number: 11251937Abstract: Provided herein are exemplary systems and methods for creating a secure self-validating network of blockchain/distributed ledger participants. Some exemplary mechanisms support self-validation, mutual-validation, external-validation and privacy controls. Such mechanisms enable the deployment and continued operation of large scale blockchain and distributed ledger systems with a self-certifying security system. They create the ability for rules to be codified to control the rights, privileges and access of nodes depending on their self-certification and external-certification. Also provided is an audit trail of these certifications which can be used for liability claims, insurance, security analytics and forensics.Type: GrantFiled: January 18, 2019Date of Patent: February 15, 2022Assignee: CipherTrace, Inc.Inventor: David Jevans
-
Patent number: 11251581Abstract: A device that is capable of eliminating a power trace that can be analyzed in a power analysis attack and serves as a highly effective countermeasure against power analysis attacks. The device comprising an optical source providing optical energy to an integrated circuit. An optical detector optically linked to the optical source and converts the optical energy from the optical source into electrical energy to power a secure circuit.Type: GrantFiled: June 30, 2020Date of Patent: February 15, 2022Inventors: Jennifer Lynn Dworak, Ping Gui, Scott McWilliams, Gary Alan Evans
-
Patent number: 11245690Abstract: A system and method provide streamlined restricted access to a secure server through a communications network. A client identifier parameter value is established and uniquely associated with a user registering with an authentication server, and is stored in at least first and second predetermined storage forms within a data storage system, the first form readable exclusively by a client device of the user and the second form readable by the authentication server. The client device then authenticates by retrieving the client identifier parameter value from the data storage system and providing it to the authentication server, which independently retrieves the client identifier parameter value from the data storage system for comparison, and initiates an interactive communication session between the client device and the secure server responsive to the comparison. Between comparisons, the client identifier parameter values are stored exclusively on the data storage system and deleted from all other devices.Type: GrantFiled: February 5, 2020Date of Patent: February 8, 2022Assignee: DG Ventures, LLCInventor: Jung Yoon
-
Patent number: 11240011Abstract: An object sharing system and an object sharing method are provided. The system includes a plurality of shared objects and a plurality of data servers. The shared objects are respectively provided by a plurality of object suppliers. The data servers are respectively provided by the object suppliers and connected to form a distributed data redundancy network so as to store a plurality of sub-secret data separated from shared secret information in a decentralized way. The data server of each of the object suppliers is connected to the shared objects provided by the object supplier, and collects a required quantity of sub-secret data for reconstructing the shared secret information via the distributed data redundancy network so as to reconstruct the shared secret information configured to verify an access right to the shared object for a user device when receiving an access request for the shared object from the user device.Type: GrantFiled: August 26, 2019Date of Patent: February 1, 2022Assignee: Industrial Technology Research InstituteInventor: Po-Ling Sun
-
Patent number: 11232718Abstract: A method performed by a device for protecting data is provided. The method comprises inputting, to a Physically Unclonable Function, PUF, of the device, a challenge; obtaining, from the PUF, a response; and protecting the data by using the response. A device, a method in an encryption unit, computer program and computer program product are also provided.Type: GrantFiled: February 1, 2017Date of Patent: January 25, 2022Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Karl Norrman, Elena Dubrova
-
Patent number: 11197157Abstract: A method, an apparatus, and a system for performing authentication on a terminal in a wireless local area network are provided. The method uses a feature code as a part of an authentication credential. The feature code is a function of capability parameters of a terminal. The feature code can identify the terminal, so that the authentication server determines the authentication result based on a MAC address and the feature code of the terminal.Type: GrantFiled: April 25, 2019Date of Patent: December 7, 2021Assignee: Huawei Technologies Co., Ltd.Inventors: Qian Wang, Dexiang Song, Daoli Yu