Patents by Inventor Joud Khoury
Joud Khoury has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11804949Abstract: Techniques for subscriber revocation in a publish-subscribe network using attribute-based encryption (ABE) are disclosed, including: generating a tree data structure including leaf nodes representing subscribers, subtrees of the tree data structure representing subsets of subscribers having different likelihoods of ABE key revocation; generating ABE keys associated with edges in the tree data structure; assigning ABE keys to the leaf nodes, each leaf node being assigned a subset of the ABE keys associated with edges that form a path from a root node to the leaf node; based at least on a revocation record that indicates one or more revoked subscribers, determining a minimal subset of ABE keys that covers all non-revoked subscribers; and encrypting a payload using an encryption policy requiring at least one ABE key in the minimal subset of the ABE keys, to obtain a ciphertext that is not accessible to the one or more revoked subscribers.Type: GrantFiled: March 19, 2021Date of Patent: October 31, 2023Assignee: Raytheon BBN Technologies Corp.Inventors: Joud Khoury, Samuel Cunningham Nelson, William Timothy Strayer
-
Publication number: 20230261873Abstract: Techniques for verifiable computation for cross-domain information sharing are disclosed. An untrusted node in a distributed cross-domain solution (CDS) system is configured to: receive a first data item and a first cryptographic proof associated with the first data item; perform a computation on the first data item including one or more of filtering, sanitizing, or validating the first data item, to obtain a second data item; generate, using a proof-carrying data (PCD) computation, a second cryptographic proof that indicates (a) validity of the first cryptographic proof and (b) integrity of the first computation on the first data item; and transmits the second data item and the second cryptographic proof to a recipient node in the distributed CDS system. Alternatively or additionally, the untrusted node may be configured to transmit a cryptographic proof to a trusted aggregator in the CDS system.Type: ApplicationFiled: April 24, 2023Publication date: August 17, 2023Inventors: Joud Khoury, Michael Hassan Atighetchi, Zachary Ratliff
-
Patent number: 11637702Abstract: Techniques for verifiable computation for cross-domain information sharing are disclosed. An untrusted node in a distributed cross-domain solution (CDS) system is configured to: receive a first data item and a first cryptographic proof associated with the first data item; perform a computation on the first data item including one or more of filtering, sanitizing, or validating the first data item, to obtain a second data item; generate, using a proof-carrying data (PCD) computation, a second cryptographic proof that indicates (a) validity of the first cryptographic proof and (b) integrity of the first computation on the first data item; and transmits the second data item and the second cryptographic proof to a recipient node in the distributed CDS system. Alternatively or additionally, the untrusted node may be configured to transmit a cryptographic proof to a trusted aggregator in the CDS system.Type: GrantFiled: February 10, 2021Date of Patent: April 25, 2023Assignee: Raytheon BBN Technologies Corp.Inventors: Joud Khoury, Michael Hassan Atighetchi, Zachary Ratliff
-
Patent number: 11595410Abstract: Techniques for cross-domain routing using a fractionated cross-domain solution (F-CDS) are disclosed. A first intermediate node operating in a first physical device in an assured pipeline of the F-CDS receives a data item originating at a source node in a first security domain. The first intermediate node applies a first data filter to determine that the data item complies with a data security requirement of the F-CDS. The first intermediate node transmits the data item to a second intermediate node operating in a second physical device in the assured pipeline of the F-CDS. The second intermediate node applies a second data filter to redundantly determine that first data item complies with the data security requirement of the F-CDS. The second intermediate node transmits the data item to a recipient node in a second security domain via the assured pipeline.Type: GrantFiled: March 4, 2020Date of Patent: February 28, 2023Assignee: Raytheon BBN Technologies Corp.Inventors: Michael Hassan Atighetchi, Joud Khoury
-
Patent number: 11558185Abstract: Techniques for stream-based key management are disclosed. A system obtains a first payload to be published to a first set of one or more subscribers, encrypts the first payload using a symmetric key, to obtain a first payload ciphertext, encrypts the symmetric key using an attribute-based encryption (ABE) policy associated with the first payload, to obtain a key ciphertext, and publishes the first payload ciphertext and the key ciphertext. The system obtains a second payload to be published to a second set of one or more subscribers. Responsive at least to determining that each subscriber in the second set of one more subscribers is in the first set of one or more subscribers and the ABE policy is associated with the second payload, the system encrypts the second payload using the symmetric key, to obtain a second payload ciphertext, and publishes the second payload ciphertext without republishing the key ciphertext.Type: GrantFiled: March 19, 2021Date of Patent: January 17, 2023Assignee: Raytheon BBN Technologies Corp.Inventors: Joud Khoury, Samuel Cunningham Nelson, William Timothy Strayer
-
Publication number: 20220303115Abstract: Techniques for subscriber revocation in a publish-subscribe network using attribute-based encryption (ABE) are disclosed, including: generating a tree data structure including leaf nodes representing subscribers, subtrees of the tree data structure representing subsets of subscribers having different likelihoods of ABE key revocation; generating ABE keys associated with edges in the tree data structure; assigning ABE keys to the leaf nodes, each leaf node being assigned a subset of the ABE keys associated with edges that form a path from a root node to the leaf node; based at least on a revocation record that indicates one or more revoked subscribers, determining a minimal subset of ABE keys that covers all non-revoked subscribers; and encrypting a payload using an encryption policy requiring at least one ABE key in the minimal subset of the ABE keys, to obtain a ciphertext that is not accessible to the one or more revoked subscribers.Type: ApplicationFiled: March 19, 2021Publication date: September 22, 2022Inventors: Joud Khoury, Samuel Cunningham Nelson, William Timothy Strayer
-
Publication number: 20220303127Abstract: Techniques for stream-based key management are disclosed. A system obtains a first payload to be published to a first set of one or more subscribers, encrypts the first payload using a symmetric key, to obtain a first payload ciphertext, encrypts the symmetric key using an attribute-based encryption (ABE) policy associated with the first payload, to obtain a key ciphertext, and publishes the first payload ciphertext and the key ciphertext. The system obtains a second payload to be published to a second set of one or more subscribers. Responsive at least to determining that each subscriber in the second set of one more subscribers is in the first set of one or more subscribers and the ABE policy is associated with the second payload, the system encrypts the second payload using the symmetric key, to obtain a second payload ciphertext, and publishes the second payload ciphertext without republishing the key ciphertext.Type: ApplicationFiled: March 19, 2021Publication date: September 22, 2022Inventors: Joud Khoury, Samuel Cunningham Nelson, William Timothy Strayer
-
Publication number: 20220037035Abstract: Techniques for geospatial-temporal pathogen tracing include: obtaining, from multiple mobile devices in association with a first time, first contact tracing data including at least first geospatial traffic data and first values of a set of attributes associated with a pathogen; obtaining, from the multiple mobile devices in association with a second time, second contact tracing data including at least second geospatial traffic data and second values of the set of attributes associated with the pathogen; and applying at least the first contact tracing data and the second contact tracing data to a machine learning model, to obtain actionable intelligence associated with the pathogen.Type: ApplicationFiled: June 30, 2021Publication date: February 3, 2022Inventors: Daniel Alan Gregory, Prithwish Basu, Zachary Ratliff, Siddharth Pal, Kimberly Gavin, Benjamin Montgomery, Joud Khoury
-
Publication number: 20220006635Abstract: Techniques for geospatial-temporal pathogen tracing in zero knowledge include: generating, by a first user device, a first proximity token for contact tracing; receiving, by the first user device, a second proximity token from a second user device; generating, by the first user device, a hash based on the first proximity token and the second proximity token; generating, by the first user device using a prover function of a preprocessing zero knowledge succinct non-interactive argument of knowledge (pp-zk-SNARK), a cryptographic proof attesting that an individual associated with the first user device tested positive for a pathogen; transmitting, by the first user device, first publicly verifiable exposure data including at least the cryptographic proof and the hash to a public registry; and applying at least the first publicly verifiable exposure data and second publicly verifiable exposure data to a machine learning model, to obtain actionable intelligence associated with the pathogen.Type: ApplicationFiled: June 30, 2021Publication date: January 6, 2022Inventors: Daniel Alan Gregory, Prithwish Basu, Zachary Ratliff, Siddharth Pal, Kimberly Gavin, Benjamin Montgomery, Joud Khoury
-
Publication number: 20210365585Abstract: Techniques for privacy-preserving contact tracing are disclosed, including: generating, by a first user device, a first proximity token for contact tracing; receiving, by the first user device, a second proximity token from a second user device; generating, by the first user device, a hash based on the first proximity token and the second proximity token; generating, by the first user device using a prover function of a preprocessing zero knowledge succinct non-interactive argument of knowledge (pp-zk-SNARK), a cryptographic proof attesting that an individual associated with the first user device tested positive for a pathogen; and transmitting, by the first user device, publicly verifiable exposure data including at least the cryptographic proof and the hash to a public registry.Type: ApplicationFiled: May 21, 2021Publication date: November 25, 2021Inventors: Zachary Ratliff, Joud Khoury
-
Publication number: 20210281581Abstract: Techniques for cross-domain routing using a fractionated cross-domain solution (F-CDS) are disclosed. A first intermediate node operating in a first physical device in an assured pipeline of the F-CDS receives a data item originating at a source node in a first security domain. The first intermediate node applies a first data filter to determine that the data item complies with a data security requirement of the F-CDS. The first intermediate node transmits the data item to a second intermediate node operating in a second physical device in the assured pipeline of the F-CDS. The second intermediate node applies a second data filter to redundantly determine that first data item complies with the data security requirement of the F-CDS. The second intermediate node transmits the data item to a recipient node in a second security domain via the assured pipeline.Type: ApplicationFiled: March 4, 2020Publication date: September 9, 2021Inventors: Michael Hassan Atighetchi, Joud Khoury
-
Publication number: 20210281412Abstract: Techniques for verifiable computation for cross-domain information sharing are disclosed. An untrusted node in a distributed cross-domain solution (CDS) system is configured to: receive a first data item and a first cryptographic proof associated with the first data item; perform a computation on the first data item including one or more of filtering, sanitizing, or validating the first data item, to obtain a second data item; generate, using a proof-carrying data (PCD) computation, a second cryptographic proof that indicates (a) validity of the first cryptographic proof and (b) integrity of the first computation on the first data item; and transmits the second data item and the second cryptographic proof to a recipient node in the distributed CDS system. Alternatively or additionally, the untrusted node may be configured to transmit a cryptographic proof to a trusted aggregator in the CDS system.Type: ApplicationFiled: February 10, 2021Publication date: September 9, 2021Inventors: Joud Khoury, Michael Hassan Atighetchi, Zachary Ratliff
-
Patent number: 10924382Abstract: Discussed herein is technology for verifiable network configuration repair. A method can include adding a routing adjacency or route redistribution edge to a router of an aETG to generate an enhanced aETG (eaETG), adding, for each dETG of dETGs, static route edges to a destination of the dETG to generate an enhanced dETG (edETG), determining, for each of the edETGs, all simple paths from all sources to the destination of the edETG, determining a set of paths (pathtset) over the determined simple paths that satisfies the policies, and translating the edge additions and/or removals in the eaETG and in the edETGs to an addition and/or removal of one or more of a routing adjacency, routing filter, or static route based on the determined pathset.Type: GrantFiled: July 22, 2019Date of Patent: February 16, 2021Assignee: Raytheon BBN Technologies Corp.Inventors: Joud Khoury, Michael Brandon Kremer
-
Publication number: 20210029015Abstract: Discussed herein is technology for verifiable network configuration repair. A method can include adding a routing adjacency or route redistribution edge to a router of an aETG to generate an enhanced aETG (eaETG), adding, for each dETG of dETGs, static route edges to a destination of the dETG to generate an enhanced dETG (edETG), determining, for each of the edETGs, all simple paths from all sources to the destination of the edETG, determining a set of paths (pathset) over the determined simple paths that satisfies the policies, and translating the edge additions and/or removals in the eaETG and in the edETGs to an addition and/or removal of one or more of a routing adjacency, routing filter, or static route based on the determined pathset.Type: ApplicationFiled: July 22, 2019Publication date: January 28, 2021Inventors: Joud Khoury, Michael Brandon Kremer
-
Patent number: 10491133Abstract: Generally discussed herein are systems, devices, and methods for generating multi-function waveforms. A device can include input circuitry to receive parameters indicating respective frequencies and codes for the multi-function waveforms, one or more memories to store the respective frequencies and codes, waveform management circuitry configured to produce a series of values based on the frequencies and codes, respectively, and refine the series of values by reducing a cost associated with a waveform produced using the series of values, and a transceiver to generate the waveform.Type: GrantFiled: May 16, 2019Date of Patent: November 26, 2019Assignee: Raytheon CompanyInventors: Jeffery Jay Logan, Charles Hansen, Michael Brandon Kremer, Christopher Paul Vander Valk, Joud Khoury
-
Publication number: 20190280608Abstract: Generally discussed herein are systems, devices, and methods for generating multi-function waveforms. A device can include input circuitry to receive parameters indicating respective frequencies and codes for the multi-function waveforms, one or more memories to store the respective frequencies and codes, waveform management circuitry configured to produce a series of values based on the frequencies and codes, respectively, and refine the series of values by reducing a cost associated with a waveform produced using the series of values, and a transceiver to generate the waveform.Type: ApplicationFiled: May 16, 2019Publication date: September 12, 2019Inventors: Jeffery Jay Logan, Charles Hansen, Michael Brandon Kremer, Christopher Paul Vander Valk, Joud Khoury
-
Patent number: 10333421Abstract: Generally discussed herein are systems, devices, and methods for generating multi-function waveforms. A device can include input circuitry to receive parameters indicating respective frequencies and codes for the multi-function waveforms, one or more memories to store the respective frequencies and codes, waveform management circuitry configured to produce a series of values based on the frequencies and codes, respectively, and refine the series of values by reducing a cost associated with a waveform produced using the series of values, and a transceiver to generate the waveform.Type: GrantFiled: March 30, 2017Date of Patent: June 25, 2019Assignee: Raytheon CompanyInventors: Jeffery Jay Logan, Charles Hansen, Michael Brandon Kremer, Christopher Paul Vander Valk, Joud Khoury
-
Patent number: 10285190Abstract: Generally discussed herein are systems, devices, and methods for scheduling node performance of communication and/or function. A method can include receiving, from a plurality of nodes, parameters indicating a trajectory and position of each of the plurality of nodes, creating a directed communication graph, creating a communications conflict graph, creating a function conflict graph indicating which function performed by one node of the plurality of nodes interferes with at least one of a function and communication performed by another node of the plurality of nodes, creating a universal conflict graph based on the communications conflict graph and the function conflict graph, creating a schedule for communication and function performance for each of the nodes based on the universal conflict graph, and providing data indicative of the schedule to nodes of the plurality of nodes.Type: GrantFiled: December 20, 2016Date of Patent: May 7, 2019Assignees: Raytheon BBN Technologies Corp., Raytheon CompanyInventors: Joud Khoury, Christopher Paul Vander Valk, Michael Brandon Kremer, Subramanian Ramanathan, Jeffery Jay Logan, Charles Hansen
-
Publication number: 20180287505Abstract: Generally discussed herein are systems, devices, and methods for generating multi-function waveforms. A device can include input circuitry to receive parameters indicating respective frequencies and codes for the multi-function waveforms, one or more memories to store the respective frequencies and codes, waveform management circuitry configured to produce a series of values based on the frequencies and codes, respectively, and refine the series of values by reducing a cost associated with a waveform produced using the series of values, and a transceiver to generate the waveform.Type: ApplicationFiled: March 30, 2017Publication date: October 4, 2018Inventors: Jeffery Jay Logan, Charles Hansen, Michael Brandon Kremer, Christopher Paul Vander Valk, Joud Khoury
-
Publication number: 20180234996Abstract: Generally discussed herein are systems, devices, and methods for scheduling node performance of communication and/or function. A method can include receiving, from a plurality of nodes, parameters indicating a trajectory and position of each of the plurality of nodes, creating a directed communication graph, creating a communications conflict graph, creating a function conflict graph indicating which function performed by one node of the plurality of nodes interferes with at least one of a function and communication performed by another node of the plurality of nodes, creating a universal conflict graph based on the communications conflict graph and the function conflict graph, creating a schedule for communication and function performance for each of the nodes based on the universal conflict graph, and providing data indicative of the schedule to nodes of the plurality of nodes.Type: ApplicationFiled: December 20, 2016Publication date: August 16, 2018Inventors: Joud Khoury, Christopher Paul Vander Valk, Michael Brandon Kremer, Subramanian Ramanathan, Jeffery Jay Logan, Charles Hansen