Patents Examined by Peiliang Pan
-
Patent number: 11068606Abstract: Secure shared access to encrypted data in a data store is facilitated by using a data control server (DCS) to maintain a data storage reference table (DSRT) for shared data units present in a shared data pool hosted by least one data storage device, and accessible to a plurality of computing entities. The DSRT specifies for each shared data unit identifier information, location information for accessing the shared data unit in the shared data pool, and a hash value which has been computed for the shared data unit. The DCS selectively facilitates a decryption operation by providing hash values which serves as a basis for deriving a decryption key for decrypting shared data units which have been identified.Type: GrantFiled: September 20, 2017Date of Patent: July 20, 2021Assignee: CITRIX SYSTEMS, INC.Inventors: John Baboval, Thomas Goetz, Simon P. Graham
-
Patent number: 11048784Abstract: The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.Type: GrantFiled: December 30, 2019Date of Patent: June 29, 2021Assignees: Licentia Group Limited, MyPinPad LimitedInventor: Justin Pike
-
Patent number: 11048783Abstract: The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.Type: GrantFiled: December 17, 2019Date of Patent: June 29, 2021Assignees: Licentia Group Limited, MyPinPad LimitedInventor: Justin Pike
-
Patent number: 11038915Abstract: Described herein are systems and methods for enhancing an interface for an information technology (IT) environment. In one implementation, an incident service causes display of a first version of a course of action and obtains input indicative of a request for a new action in the course of action. The incident service further determines suggested actions based at least one the input and causes display of the suggested actions. Once displayed, the incident service obtains input indicative of a selection of at least one action from the suggested actions, and causes display input indicative of a selection of at least one action from the suggested actions.Type: GrantFiled: July 31, 2018Date of Patent: June 15, 2021Assignee: Splunk Inc.Inventors: Oliver Friedrichs, Atif Mahadik, Govind Salinas, Sourabh Satish
-
Patent number: 11017109Abstract: Embodiments described herein provide techniques to limit programmatic access to privacy related user data and system resources for applications that execute outside of a sandbox or other restricted operating environment while enabling a user to grant additional access to those applications via prompts presented to the user via a graphical interface. In a further embodiment, techniques are applied to limit the frequency in which a user is prompted by learning the types of files or resources to which a user is likely to permit or deny access.Type: GrantFiled: May 6, 2019Date of Patent: May 25, 2021Assignee: Apple Inc.Inventors: Kelly B. Yancey, Richard J. Cooper, Richard L. Hagy, Pierre-Olivier Martel, David P. Remahl, Jonathan A. Zdziarski
-
Patent number: 10963556Abstract: A system connected to an existing computer includes a unit for monitoring the screen and provides input, a storage unit that stores data that pairs screen buffer regions with authentication details, wherein the system learns new pairs via user training and presents stored authentication details when the screen buffer regions match a related stored region which is paired with a region of the screen, and a unit that determines which of stored passwords need to be presented to the system by a pattern matching of regions of screen pixels.Type: GrantFiled: June 14, 2019Date of Patent: March 30, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Adrian David Dick, James Stuart Taylor
-
Patent number: 10951403Abstract: A method is provided for generating a new instance of an N-bit cryptographic key for storage in a non-volatile memory (NVM) in which unprogrammed cells have a particular binary value. The method includes generating a random N-bit updating sequence, and generating the new instance of the N-bit cryptographic key by negating each bit in a current instance of the N-bit cryptographic key that has the particular binary value and differs from a correspondingly-positioned bit in the random N-bit updating sequence, without negating any bits in the current instance of the N-bit cryptographic key that do not have the particular binary value. Other embodiments are also described.Type: GrantFiled: December 3, 2018Date of Patent: March 16, 2021Assignee: WINBOND ELECTRONICS CORPORATIONInventors: Uri Kaluzhny, Mark Luko
-
Patent number: 10943027Abstract: The present disclosure involves systems, software, and computer implemented methods for determining and visualizing effective mask expressions. One example method includes identifying a request for an object in a software application. The request is associated with a particular user. An object hierarchy associated with the requested object is identified. At least one column in the object hierarchy is associated with a mask expression. A current dependent object in the identified object hierarchy is determined. Masking status data for the current dependent object is determined that identifies whether masking is to be applied to the current dependent object when fulfilling the request. The generated masking status data is used to determine which masking expressions are to be applied to which columns in the object hierarchy when responding to the request.Type: GrantFiled: March 28, 2018Date of Patent: March 9, 2021Assignee: SAP SEInventors: Hong-Hai Do, Yeonwoon Jung
-
Patent number: 10929565Abstract: A memory region on an IC card has a hierarchical structure. Each application allocated on the memory region is registered in a directory, and the memory region is managed in directory units. A personal identification code is set for each application and directory, and the access right is controlled in application units or directory units. If a mobile terminal is lost, the right to access each application in the IC card automatically disappears. Therefore, the right to access each application allocated to the memory region on the IC card is efficiently controlled.Type: GrantFiled: June 10, 2016Date of Patent: February 23, 2021Assignee: Sony CorporationInventors: Akihiko Yamagata, Masachika Sasaki, Masahiro Sueyoshi, Fumio Kubono, Akira Fukada
-
Patent number: 10922117Abstract: The present application discloses a virtual trusted platform module (vTPM)-based virtual machine security protection method and system. The method, executed by a physical host, includes: receiving a primary seed acquisition request sent by a virtual machine, where the primary seed acquisition request carries a UUID; sending the UUID to a KMC, so that the KMC generates a primary seed according to the UUID; and receiving the primary seed fed back by the KMC, and sending the primary seed to the virtual machine, so that the virtual machine creates a root key of a vTPM according to the primary seed, where the root key is used by the vTPM to create a key for the virtual machine to protect security of the virtual machine. As such, the same root key can be created by using the primary seed.Type: GrantFiled: February 9, 2018Date of Patent: February 16, 2021Assignee: Huawei Technologies Co., Ltd.Inventors: Xun Shi, Juan Wang, Bo Zhao
-
Patent number: 10911246Abstract: Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.Type: GrantFiled: December 21, 2017Date of Patent: February 2, 2021Assignee: DigiCert, Inc.Inventors: Hari Veladanda, Hoa Ly, Ning Chai
-
Patent number: 10885169Abstract: A method and an apparatus for invoking a fingerprint identification device are provided. The method includes the following. When a request of a current application to invoke a fingerprint identification device is detected, whether the fingerprint identification device is occupied by a historical application is determined. When the fingerprint identification device is occupied by the historical application, whether the current application meets a preset invoking condition is determined, and then the fingerprint identification device is controlled to process the request of the current application according to the determination result.Type: GrantFiled: February 13, 2018Date of Patent: January 5, 2021Assignee: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP., LTD.Inventors: Qiang Zhang, Lizhong Wang, Haitao Zhou, Kui Jiang, Wei He
-
Patent number: 10880304Abstract: The present disclosure provides a solution to this problem by enabling the communications network to verify the relationship of the first UE and the second UE based on stored pairing information that is used to verify that the first UE is allowed to make a connection to the communications network. The apparatus transmits a pairing request from a first UE to a second UE. In an aspect, the pairing request is intended for a communication network. Further, the apparatus receives a pairing acknowledgement. In an aspect, the pairing acknowledgement verifies the pairing of the first UE and the second UE. In addition, the apparatus connects to the communication network via the second UE once the first UE pairs with the second UE.Type: GrantFiled: March 2, 2017Date of Patent: December 29, 2020Assignee: QUALCOMM IncorporatedInventors: Hong Cheng, Kapil Gulati, Sudhir Kumar Baghel, Zhibin Wu, Shailesh Patil, Hua Chen
-
Patent number: 10868815Abstract: A method according to one embodiment includes determining whether a guest associated with a guest device is authorized to control an access control device based on an access control list, generating a caveated cryptographic bearer token in response to determining the guest is authorized to control the access control device, the caveated cryptographic bearer token including a time-based caveat defining a time limit for control of the access control device, transmitting the caveated cryptographic bearer token to the guest device in response to generating the caveated cryptographic bearer token, transmitting, in response to receiving the caveated cryptographic bearer token, a request including the caveated cryptographic bearer token to control the access control device to the access control device, and authenticating the request based on the received caveated cryptographic bearer token, a base cryptographic bearer token stored on the access control device, and a real-time clock of the access control device.Type: GrantFiled: December 10, 2019Date of Patent: December 15, 2020Assignee: Schlage Lock Company LLCInventors: Devin A. Love, John Goodrich, Robert Martens
-
Patent number: 10853474Abstract: A controller of an information handling system (IHS) prevents unauthorized access to an information handling system (IHS). The controller determines whether a lock data structure in a persistent memory device indicates one or more resources of the IHS are in a locked state. If in locked state, the controller: (i) disables a processor subsystem of the IHS from performing a start-up procedure until a unique password is received from a user interface coupled to the IHS; (ii) receives an input; (iii) determines whether the input matches a unique password contained in an externally unreadable portion of memory of the IHS; (iv) in response to the input matching the unique password, permanently changes the lock data structure to an unlocked state and enables the processor subsystem to perform the start-up procedure.Type: GrantFiled: July 31, 2017Date of Patent: December 1, 2020Assignee: Dell Products, L.P.Inventors: Mukund P. Khatri, Alaric J. N. Silveira
-
Patent number: 10848520Abstract: In some implementations, a method of managing access to resources in a single device including receiving, from a first resource assigned to a first perimeter, a request to access a second resource assigned to a second perimeter different from the first perimeter. The single device includes the first perimeter and the second perimeter. Whether access to the second resource is prohibited is determined based on a management policy for the first perimeter. The management policy defining one or more rules for accessing resources assigned to the second perimeter including the second resource.Type: GrantFiled: April 4, 2017Date of Patent: November 24, 2020Assignee: BlackBerry LimitedInventors: Geordon Thomas Ferguson, Christopher Lyle Bender, Alberto Daniel Zubiri, Kenneth Cyril Schneider, Oliver Whitehouse, Christopher William Lewis Hobbs
-
Patent number: 10826767Abstract: Systems and methods for configuration vulnerability checking and remediation are provided. The systems provided herein map vulnerability data with compliance data, such that automated compliance indication may be facilitated.Type: GrantFiled: November 16, 2017Date of Patent: November 3, 2020Assignee: ServiceNow, Inc.Inventors: David Barkovic, Cresta Kirkwood, Lal Narayanasamy, Anushree Randad, Clifford Huntington, Richard Reybok, Harold Byun
-
Patent number: 10791099Abstract: A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.Type: GrantFiled: October 12, 2018Date of Patent: September 29, 2020Assignee: CLOUDFLARE, INC.Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Albertus Strasheim
-
Patent number: 10785198Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.Type: GrantFiled: November 12, 2018Date of Patent: September 22, 2020Assignee: CLOUDFLARE, INC.Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Albertus Strasheim
-
Patent number: 10764040Abstract: A method of dynamically generating a domain based public group key and private member keys using a domain key agent, a domain key service of a domain key broker, and a domain key distribution center. The method includes: sending to the domain key service of a domain key broker a request for a private member key for the domain, wherein the request includes proof of possession of a vehicle private key associated with a vehicle certificate and a vehicle public key; receiving from the domain key service a private member key and a public group key; sending a message digitally signed using the member private key; verifying the digital signature on the received message using the public group key; and dynamically renewing the public group key and private member key based on the domain.Type: GrantFiled: February 15, 2019Date of Patent: September 1, 2020Assignee: MOCANA CORPORATIONInventors: Srinivas Kumar, Atul Gupta, Pramod Malibiradar, Shreya Uchil