Abstract: Systems, computer program products, and methods are described herein for enhanced data security using versioned encryption. The present invention is configured to electronically receive, from a computing device of a user, a confidential data entry at a first server; encrypt the confidential data entry using a public key at the first server to generate an encrypted confidential data entry; transmit the encrypted confidential data entry to a second server, wherein the encrypted confidential data entry comprises a hash value, wherein the hash value indicates a numbered version of the public key used to encrypt the confidential data entry; and store the encrypted confidential data entry in a database associated with the second server.
Abstract: Systems and methods described herein provide for assigning classifications to signals and corresponding messages for prioritization and transmission across a vehicle CAN bus. The assigned classifications are used to select authentication keys specific to each classification of message. Nodes of the CAN bus can include different sets of keys based on the classifications of messages handled at the nodes. Keys are distributed and localized to reduce any potential impact on critical functions of the vehicle system that may result from compromise of an authentication key.
Type:
Grant
Filed:
September 17, 2020
Date of Patent:
December 27, 2022
Assignee:
Ford Global Technologies, LLC
Inventors:
Xin Ye, Venkata Kishore Kajuluri, Lisa Therese Boran, Bradley Smith
Abstract: Method, device and computer program product for managing a plurality of encryption keys using a keystore seed that defines a seed bit set. A key management process defines a key mapping between the seed bit set and the plurality of encryption keys. The key management process enables each encryption key to be generated from the seed bit set using a corresponding keying material value and the key mapping. The key mapping specifies that an encryption key is generated by partitioning the seed bit set into a plurality of seed bit partitions, determining a keying value from the keying material value, determining a key sequence using the plurality of seed bit partitions and the keying value, and determining the encryption key from the key sequence. Management of a large number of encryption keys can be simplified through indirect management via the keystore seed and the key management process.
Abstract: A decryption-enabling device for decrypting a disk image of a computer device, comprising a processor, memory and a hardware connector for connecting to the hardware interface connection of the computer device. The decryption-enabling device is arranged to create using the processor a copy of the random-access memory of the computer device, analyse using the processor the copy of the random-access memory to extract one or more potential decryption keys, and store the one or more potential decryption keys in the memory.
Abstract: The present invention relates to a weight management method and system for neural network processing. The method includes two stages, i.e., off-chip encryption stage and on-chip decryption stage: encrypting trained neural network weight data in advance, inputting the encrypted weight into a neural network processor chip, and decrypting the weight in real time by a decryption unit inside the neural network processor chip to perform related neural network calculation. The method and system realizes the protection of weight data without affecting the normal operation of a neural network processor.
Type:
Grant
Filed:
March 22, 2018
Date of Patent:
December 6, 2022
Assignee:
Institute of Computing Technology, Chinese Academy of Sciences
Abstract: An information processing system includes a first authentication terminal for authenticating a first user, a second authentication terminal for authenticating a second user, a device for authenticating the device, and an authentication server that performs authentication using a registered authentication function. The authentication server registers an authentication function of the first authentication terminal based on an operation of the first user. When authentication using the first authentication terminal is requested through the device, the authentication server authenticates the first user and registers an authentication function of the device. When registration of an authentication function of the second authentication terminal is requested through the device, the authentication server registers the authentication function when the authentication function of the device has been registered.
Abstract: An identity information processing method, a device, and a system, the method including obtaining, by a first network element, a first parameter, where the first parameter is associated with a domain to which a network slice belongs, and determining, by the first network element, according to the first parameter, whether the network slice is managed by an operator.
Abstract: Determining whether to allow access to a message is disclosed. A message is received from a sender. The message is associated with a first time-to-live (TTL) value. A determination is made that the first time-to-live value has not been exceeded. The determination is made at least in part by obtaining an external master clock time. In response to the determination, access is allowed to the message.
Type:
Grant
Filed:
May 3, 2021
Date of Patent:
November 22, 2022
Assignee:
Amazon Technologies, Inc.
Inventors:
Robert Statica, Christopher A. Howell, Kara Lynn Coppa
Abstract: A secure method and/or system allowing a user to import, export, recover and use their private keys based in part on the user's location information, to allow for reliable, consistent, and easy management of user identity and private keys across all of a user's devices and eliminate of traditional username/password authentication schemes.
Abstract: A communication system includes a mediation apparatus communicating with a device via a local network and an information processing apparatus communicating with the mediation apparatus through firewall. The information processing apparatus including a first control device. The mediation apparatus includes a second control device transmitting to the information processing apparatus through the firewall a first request for requesting transmission of a first command for the device, and a second request for requesting transmission of a second command for the mediation apparatus. In response to receiving the first command, the second controller transmits to the device via the local network a device command. In response to receiving the second command, the second controller performs a second-command dependent instruction. In response to receiving the first request and the second request, the first control device transmits respectively the first command and the second command to the mediation apparatus.
Abstract: Natural language processing is enhanced by linguistically extracting intelligence about a user. A history of user queries is analyzed by a natural language classifier to determine various user intents, and these intents are combined to form a user intent profile. The profile includes elements of sentiment, emotion and tone. The profile can be used in various ways including restricting access to documents in a collection, or refining a cognitive analysis of a query. For access restriction, a determination is made that the user intent is inconsistent with a document, and the user is denied access to the document. This determination involves a user intent score which is compared to a score of the document. For cognitive analysis, searching of reference documents is filtered by excluding documents based on the user intent. The searching includes a comparison of meta-data tags of the documents to the user intent.
Type:
Grant
Filed:
March 5, 2018
Date of Patent:
November 15, 2022
Assignees:
HYUNDAI MOTOR COMPANY, KIA CORPORATION
Inventors:
William G. Dubyak, Vijai Gandikota, Palani Sakthi
Abstract: Techniques are provided for automated key management for accessing remote devices using single sign-on techniques. One method comprises maintaining a data record identifying target user devices that a given source user device is authorized to access; and initiating storage of a public key of the given source user device in a file of at least one target user device, wherein the given source user device accesses the at least one target user device using a secure remote connection protocol based on the public key of the given source user device stored in the file of the at least one target user device. The data record may further comprise a fingerprint of a key of the at least one target user device, and the method may further comprise comparing a fingerprint of the key returned by the at least one target user device to the fingerprint of the key obtained from the data record.
Type:
Grant
Filed:
May 29, 2020
Date of Patent:
November 1, 2022
Assignee:
EMC IP Holding Company LLC
Inventors:
Alex John Robbins, Seth Jacob Rothschild
Abstract: A computer program product, a computer-implemented method, and a computer system include a processor(s) that obtains side channel emanations from a device. The processor(s) analyzes the side channel emanations to identify distinct emanation patterns and timing characteristics, wherein the timing characteristics are associated with transitions between the distinct emanation patterns. The processor(s) generates a non-deterministic finite automaton (NFA) by correlating the distinct emanation patterns with states of the device, where the NFA captures states and state transitions of the device. The processor(s) identifies an anomaly in the device, based on deviation in emanations from the device.
Type:
Grant
Filed:
November 23, 2020
Date of Patent:
November 1, 2022
Assignee:
Peraton Labs Inc.
Inventors:
Scott Alexander, Josephine Micallef, Joshua Morman, Euthimios Panagos, Marc Pucci, Simon Tsang
Abstract: A method executed by a dynamic session key acquisition (DSKA) engine residing in a virtual environment includes receiving session decryption information extraction instructions that configure the DSKA engine to obtain session decryption information for at least one communication session involving a virtual machine and obtaining the session decryption information from the virtual machine in accordance with the session decryption information extraction instructions. The session decryption information includes cryptographic keys utilized by an application server instance in the virtual machine to establish the at least one communication session. The session decryption information obtained from the virtual machine is stored and provided to a network traffic monitoring (NTM) agent. The NTM agent utilizes the session decryption information to decrypt copies of encrypted network traffic flows belonging to the at least one communication session involving the virtual machine.
Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.
Abstract: A method for protected communication is provided. The method comprises defining master keys for different service domains within the scope of influence of a vehicle manufacturer generating a master key reference for the vehicle within the range of influence of the vehicle manufacturer, securely introducing one or more of the cryptographic keys derived from at least one of the defined master keys and the associated master key reference into the vehicle, and transmitting to an external server a message signed with one of the derived cryptographic keys, which is additionally provided with the master key reference and the current status of the vehicle. The method further comprises deriving the at least one cryptographic key in the external server from the master key identified by the master key reference depending on the key status of the vehicle, and checking the authenticity of the signed message with the derived cryptographic key.
Abstract: The disclosure provides a method, a device and a system for encrypting interactive data. In an aspect, the method includes: receiving a request for accessing a network from a terminal device, the request includes a device identifier of the terminal device; generating a random encryption code according to the device identifier; and feeding back the random encryption code to the terminal device so that the terminal device encrypts interactive data using the random encryption code after accessing the network. In another aspect, the method includes: transmitting a request for accessing a network to a gateway device, the request includes a device identifier of a terminal device; receiving a random encryption code fed back by the gateway device, the random encryption code is information for encrypting interactive data during the terminal device accessing the network; and encrypting interactive data with the random encryption code.
Type:
Grant
Filed:
March 20, 2020
Date of Patent:
October 18, 2022
Assignee:
BEIJING BOE TECHNOLOGY DEVELOPMENT CO., LTD.
Inventors:
Kai Zhao, Lingfeng Xu, Hongyan Pei, Pan Ni
Abstract: A digital computing device controlling the access to encrypted digital information includes a control unit, peripheral devices connected to the control unit, a hard disk connected to the control unit storing the digital data, and a data encryption key configured for encrypting the digital data. The control unit is configured to detect the peripheral devices, read identification information from the peripheral devices that denotes the respective peripheral device, generate for the peripheral devices a respective key encryption key on the basis of the read identification information, initially store at least one encrypted data encryption key that is generated by encrypting the data encryption key using the respective key encryption key, in a memory area of the hard disk, and after the initial storage determine the data encryption key by decrypting the encrypted data encryption key using the respective key encryption key derived from the respective identification information.
Type:
Grant
Filed:
September 11, 2020
Date of Patent:
October 11, 2022
Assignee:
Wincor Nixdorf International GmbH
Inventors:
Carsten Von Der Lippe, Steffen Priesterjahn, Julian Fetting, Ulrich Mennewisch
Abstract: A system and method that utilize an encryption engine endpoint to encrypt data in a data storage system are disclosed. In the system and method, the client controls the encryption keys utilized to encrypt and decrypt data such that the encryption keys are not stored together with the encrypted data. Therefore, once data is encrypted, neither the host of the data storage system, nor the encryption engine endpoint have access to the encryption keys required to decrypt the data, which increases the security of the encrypted data in the event of, for example, the data storage system being accessed by an unauthorized party.