Patents by Inventor Alexander Truskovsky
Alexander Truskovsky has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220294609Abstract: In some aspects, a cryptography method includes executing, by operation of a first computing device associated with a first entity, a first handshake process with a second entity according to a first handshake protocol to establish a first symmetric encryption key for a first encryption protocol; executing, by operation of the first computing device, a second handshake process with the second entity to establish a second symmetric encryption key for a second encryption protocol. Executing the second handshake process includes: generating second handshake data according to a second handshake protocol; encrypting the second handshake data using the first symmetric encryption key with the first encryption protocol; and sending the encrypted second handshake data to a second computing device associated with the second entity; and using the second symmetric encryption key and the second encryption protocol for single-encrypted communication over a communication channel between the first and second entities.Type: ApplicationFiled: March 9, 2022Publication date: September 15, 2022Applicant: ISARA CorporationInventors: Robert Williams, Alexander Truskovsky
-
Patent number: 11444753Abstract: In some aspects, a cryptography method includes executing, by operation of a first computing device associated with a first entity, a first handshake process with a second entity according to a first handshake protocol to establish a first symmetric encryption key for a first encryption protocol; executing, by operation of the first computing device, a second handshake process with the second entity to establish a second symmetric encryption key for a second encryption protocol. Executing the second handshake process includes: generating second handshake data according to a second handshake protocol; encrypting the second handshake data using the first symmetric encryption key with the first encryption protocol; and sending the encrypted second handshake data to a second computing device associated with the second entity; and using the second symmetric encryption key and the second encryption protocol for single-encrypted communication over a communication channel between the first and second entities.Type: GrantFiled: March 9, 2022Date of Patent: September 13, 2022Assignee: ISARA CorporationInventors: Robert Williams, Alexander Truskovsky
-
Patent number: 11265159Abstract: In a general aspect, upgradability scores are determined, and remedial security measures are identified in a computing environment. The computing environment is analyzed to identify computing resources that are eligible to receive a cryptographic security upgrade. Attributes of the computing resources are identified based on communicating with the computing resources. A set of rules, that define upgradability scores as a function of computing resource attributes, is obtained. Sets of intermediate output values are generated for the respective computing resources by applying the set of rules to the identified attributes of the respective computing resources. Upgradability scores are generated for the respective computing resources from the set of intermediate output values for the respective computing resource. Remedial security measures are identified for respective subsets of the computing resources based on the upgradability scores for the respective subsets.Type: GrantFiled: January 11, 2021Date of Patent: March 1, 2022Assignee: ISARA CorporationInventors: Alexander Truskovsky, Robert Williams, Alan Panezic, Martin Laforest
-
Patent number: 10841295Abstract: In a general aspect, a digital certificate can be used with multiple cryptography systems (“cryptosystems”). In some cases, the digital certificate includes a public key field, which contains a first public key of an entity associated with a first cryptosystem. The digital certificate includes a signature value field, which contains a first digital signature of a certificate authority associated with the first cryptosystem. The digital certificate includes an extension. The extension contains a second public key of the entity, a second digital signature of the certificate authority, or both, associated with a second cryptosystem. The extension contains a policy field that includes instructions for processing the fields associated with the second cryptosystem.Type: GrantFiled: April 17, 2019Date of Patent: November 17, 2020Assignee: ISARA CorporationInventors: Mark Pecen, Michael Kenneth Brown, Alexander Truskovsky
-
Patent number: 10425401Abstract: In a general aspect, a digital certificate can be used with multiple cryptography systems (“cryptosystems”). In some cases, the digital certificate includes a public key field, which contains a first public key of an entity associated with a first cryptosystem. The digital certificate includes a signature value field, which contains a first digital signature of a certificate authority associated with the first cryptosystem. The digital certificate includes an extension. The extension contains a second public key of the entity, a second digital signature of the certificate authority, or both, associated with a second cryptosystem. The extension contains a policy field that includes instructions for processing the fields associated with the second cryptosystem.Type: GrantFiled: October 31, 2018Date of Patent: September 24, 2019Assignee: ISARA CorporationInventors: Mark Pecen, Michael Kenneth Brown, Alexander Truskovsky
-
Patent number: 10075438Abstract: Methods and systems for enabling activation of a wireless communication device to operate with a server on a wireless communication network. An activation request to establish a wireless communication service relationship between the device and the server is pushed from the server to the device. After the device verifies the server, a mutually authenticated communication session is established between the device and the server for activation of the device on the server.Type: GrantFiled: June 6, 2016Date of Patent: September 11, 2018Assignee: BlackBerry LimitedInventors: Alexander Truskovsky, Daryl Joseph Martin
-
Patent number: 9794249Abstract: In a general aspect, a digital certificate can be used with multiple cryptography systems (“cryptosystems”). In some cases, the digital certificate includes a public key field, which contains a first public key of an entity. The first public key of the entity is associated with a first cryptosystem. The digital certificate includes a signature value field, which contains a first digital signature of a certificate authority. The first digital signature is associated with the first cryptosystem. The digital certificate includes an extension. The extension contains a second public key of the entity, a second digital signature of the certificate authority or both. The second public key is associated with a second cryptosystem, and the second digital signature is associated with the second cryptosystem.Type: GrantFiled: April 6, 2017Date of Patent: October 17, 2017Assignee: ISARA CorporationInventors: Alexander Truskovsky, Atsushi Yamada, Michael Kenneth Brown, Gustav Michael Gutoski
-
Patent number: 9660978Abstract: In a general aspect, a digital certificate can be used with multiple cryptography systems (“cryptosystems”). In some cases, the digital certificate includes a public key field, which contains a first public key of an entity. The first public key of the entity is associated with a first cryptosystem. The digital certificate includes a signature value field, which contains a first digital signature of a certificate authority. The first digital signature is associated with the first cryptosystem. The digital certificate includes an extension. The extension contains a second public key of the entity, a second digital signature of the certificate authority or both. The second public key is associated with a second cryptosystem, and the second digital signature is associated with the second cryptosystem.Type: GrantFiled: August 8, 2016Date of Patent: May 23, 2017Assignee: ISARA CorporationInventors: Alexander Truskovsky, Atsushi Yamada, Michael Kenneth Brown, Gustav Michael Gutoski
-
Patent number: 9473309Abstract: A system for providing security services to a mobile device where the mobile device is in communication with a public network through a first network path that is subject to interference by a third party. The system includes a security server and a private network. The security server is operative to communicate with the mobile device through the private network. The security server is also operative to communicate with the public network through a second network path that is less susceptible to the interference by the third party than is the first network path. The security server communicates with the public network through the second network path to provide security services to the mobile device that are delivered over the private network.Type: GrantFiled: March 11, 2013Date of Patent: October 18, 2016Assignees: BlackBerry Limited, Certicom Corp.Inventors: Sean Alexander Courtney, Matthew John Campagna, George Ross Staikos, Alexander Truskovsky
-
Publication number: 20160285869Abstract: Methods and systems for enabling activation of a wireless communication device to operate with a server on a wireless communication network. An activation request to establish a wireless communication service relationship between the device and the server is pushed from the server to the device. After the device verifies the server, a mutually authenticated communication session is established between the device and the server for activation of the device on the server.Type: ApplicationFiled: June 6, 2016Publication date: September 29, 2016Applicant: BlackBerry LimitedInventors: Alexander Truskovsky, Daryl Joseph Martin
-
Patent number: 9384342Abstract: Methods and devices for providing a warning associated with credentials to be stored in a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises receiving a request to store, in the credential store, at least one credential for a specified service, determining whether a secure connection between the computing device and the specified service is available, associating the specified service with a level of security based on at least one of an availability of the secure connection or one or more properties of the secure connection, and providing a warning in response to determining that at least one credential stored in the credential store corresponds to the at least one credential for the specified service and is for a service that is associated with a level of security different from the level of security with which the specified service is associated.Type: GrantFiled: May 10, 2013Date of Patent: July 5, 2016Assignee: BLACKBERRY LIMITEDInventors: Jeremy L. Kominar, Neil Patrick Adams, Alexander Truskovsky, Christopher Lyle Bender, Daryl Joseph Martin
-
Patent number: 9384341Abstract: A system and method for controlling access to a secure resource in a device are disclosed. In some embodiments, the device may include a processor capable of receiving a first request from a first application of a plurality of applications executable by the processor, where the first request requests access to the secure resource, and the first request identifies the plurality of applications. In response to the first request, the processor is capable of generating a ticket associated with the secure resource and with each of the plurality of applications, and then storing the ticket in a memory. After receiving a second request from a second application requesting access to the secure resource, the processor is capable of granting the second application access to the secure resource, if the ticket associated with the secure resource exists and if the ticket is associated with the second application.Type: GrantFiled: September 15, 2014Date of Patent: July 5, 2016Assignee: BLACKBERRY LIMITEDInventors: Alexander Truskovsky, Neil Patrick Adams, Alexander Sherkin
-
Patent number: 9363669Abstract: Methods and systems for enabling activation of a wireless communication device to operate with a server on a wireless communication network. An activation request is pushed from the server to the device, the activation request being authenticated with a signature signed with a server certificate. After the device verifies the activation request using server certificate and signature, a mutually authenticated communication session is established between the device and the server for activation of the device on the server.Type: GrantFiled: April 12, 2013Date of Patent: June 7, 2016Assignee: BlackBerry LimitedInventors: Alexander Truskovsky, Daryl Joseph Martin
-
Patent number: 9292314Abstract: Methods and devices for controlling system settings of a computing device are described herein. One example embodiment comprises: determining configuration data associated with a software application, wherein the configuration data identifies one or more new system settings to be temporarily enforced on the computing device during an execution of the software application, and wherein the configuration data is digitally signed; and in response to an initiation of the execution of the software application, reconfiguring system settings on the computing device; wherein the reconfiguring comprises verifying at least one digital signature associated with the digitally signed configuration data; wherein if the at least one digital signature associated with the digitally signed configuration data successfully verifies, then the reconfiguring further comprises temporarily enforcing new system settings for the duration of the execution of the software application.Type: GrantFiled: July 24, 2014Date of Patent: March 22, 2016Assignee: BLACKBERRY LIMITEDInventors: Neil Patrick Adams, Sean Alexander Courtney, Alexander Truskovsky
-
Patent number: 9264235Abstract: A device and method are provided for a device that authenticates a server over a network. The device and method are operable to contact the server to initiate a handshaking operation. The device receives certificate information and handshaking information from the server. The device completes the handshaking operations to establish the connection with the server. The device downloads the content from the server through the connection before authenticating the server to establish a secure connection. In some aspects, the device may display a portion of the downloaded content before the server is authenticated.Type: GrantFiled: November 16, 2010Date of Patent: February 16, 2016Assignee: BlackBerry LimitedInventors: Alexander Truskovsky, Neil Patrick Adams, Eli Omen Jackson
-
Patent number: 9088556Abstract: Methods and devices for detecting unauthorized access to credentials of a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises monitoring a plurality of credentials of the credential store accessed within a period associated with a first setting, and responsive to determining that a number of credentials accessed within the period exceeds a threshold associated with a second setting, outputting, in a user interface, an indication of potential unauthorized access to the credential store. In at least one embodiment, each of the credentials accessed within the period is associated with a different user account.Type: GrantFiled: May 10, 2013Date of Patent: July 21, 2015Assignee: BlackBerry LimitedInventors: Alexander Truskovsky, Christopher Lyle Bender, Daryl Joseph Martin
-
Patent number: 8996855Abstract: A client application, when executed by a processor, is operative to create a HyperText Transfer Protocol (HTTP) request containing a target header that includes a confidential value. The HTTP request is to be sent over a Secure Sockets Layer (SSL) 3.0 connection or a Transport Layer Security (TLS) 1.0 connection to a web server. The client application implements at its HTTP layer a countermeasure to a blockwise chosen-boundary attack. The client application generates an additional header having a header name that is not recognizable by the web server and inserts the additional header into the HTTP request ahead of the target header, thus creating a modified HTTP request. The modified HTTP request is to be sent, instead of the unmodified HTTP request, over the SSL 3.0 connection or the TLS 1.0 connection to the web server.Type: GrantFiled: November 14, 2012Date of Patent: March 31, 2015Assignees: BlackBerry Limited, Certicom Corp.Inventors: Alexander Sherkin, Gregory Marc Zaverucha, Alexander Truskovsky, Michael Matovsky, Osman Zohaib Arfeen
-
Publication number: 20150019857Abstract: Methods and devices for controlling system settings of a computing device are described herein. One example embodiment comprises: determining configuration data associated with a software application, wherein the configuration data identifies one or more new system settings to be temporarily enforced on the computing device during an execution of the software application, and wherein the configuration data is digitally signed; and in response to an initiation of the execution of the software application, reconfiguring system settings on the computing device; wherein the reconfiguring comprises verifying at least one digital signature associated with the digitally signed configuration data; wherein if the at least one digital signature associated with the digitally signed configuration data successfully verifies, then the reconfiguring further comprises temporarily enforcing new system settings for the duration of the execution of the software application.Type: ApplicationFiled: July 24, 2014Publication date: January 15, 2015Inventors: Neil Patrick Adams, Sean Alexander Courtney, Alexander Truskovsky
-
Publication number: 20150012305Abstract: A method, performed by a mobile device, for managing electronic tickets, the method comprising receiving an electronic ticket, identifying private information and public information on the ticket, and displaying the ticket on a display of the mobile device to show only the public information of the ticket. A related method entails displaying an electronic ticket, receiving input to provide payment credentials in relation to the electronic ticket, and transmitting the payment credentials via a short-range transceiver on the mobile device.Type: ApplicationFiled: July 3, 2013Publication date: January 8, 2015Inventors: Alexander TRUSKOVSKY, Daryl Joseph MARTIN, Michael MATOVSKY
-
Publication number: 20150007310Abstract: A system and method for controlling access to a secure resource in a device are disclosed. In some embodiments, the device may include a processor capable of receiving a first request from a first application of a plurality of applications executable by the processor, where the first request requests access to the secure resource, and the first request identifies the plurality of applications. In response to the first request, the processor is capable of generating a ticket associated with the secure resource and with each of the plurality of applications, and then storing the ticket in a memory. After receiving a second request from a second application requesting access to the secure resource, the processor is capable of granting the second application access to the secure resource, if the ticket associated with the secure resource exists and if the ticket is associated with the second application.Type: ApplicationFiled: September 15, 2014Publication date: January 1, 2015Inventors: Alexander Truskovsky, Neil Patrick Adams, Alexander Sherkin