Revocation Or Expiration Patents (Class 713/158)
  • Patent number: 11917082
    Abstract: Systems and methods are disclosed herein for real-time digital authentication. According to some embodiments, a certification authentication method includes receiving a list of third party root certificates from a remote server, the list of third party root certificates including at least one association between a program configured to run on the computing apparatus and a public key for authenticating communication between the program and an associated server of the program. The method may also include authenticating the list of third party root certificates. The method may also include initiating a communication between the computing apparatus and the associated server and authenticating the communication with the associated server using the public key. Furthermore, the method may also include loading the program onto the one or more memories during a bootstrapping process in response to determining that the communication with the associated server is authentic.
    Type: Grant
    Filed: August 12, 2021
    Date of Patent: February 27, 2024
    Assignee: Capital One Services, LLC
    Inventor: Srinivasan Rangaraj
  • Patent number: 11916924
    Abstract: Aspects of the present disclosure address systems, methods, and devices for enabling secure communication between electronic control units (ECUs) in a vehicle. The system may include a first and second ECU from a plurality of ECUs in the vehicle. The first ECU is to enable secure communication between the plurality of ECUs by performing operations that include provisioning the second ECU with authentication data for authenticating messages exchanged with a third ECU and provisioning the third ECU with a set of security keys to enable the third ECU to securely exchange messages with the second ECU. The second ECU receives, from the third ECU, a secure message that is cryptographically signed using a security key from the set of security keys provisioned to the third ECU, and the second ECU authenticates the secure message by comparing the authentication data with an authentication signal.
    Type: Grant
    Filed: October 13, 2021
    Date of Patent: February 27, 2024
    Assignee: NAGRAVISION S.A.
    Inventors: Christophe Buffard, Sanjeev Sehgal
  • Patent number: 11888997
    Abstract: A computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by public and/or private certificate authorities. In an embodiment, customers may use the certificate management service to generate private certificate authority which can issue signed certificates to network entities within the customer enterprise. In an embodiment, the private certificate authority is hosted by the computing resource service provider, and the certificate management service automates the renewal and management of active certificates. In an embodiment, the certificate management service allows customer applications to create, renew, and revoke certificates issued by both private and public certificate authorities via an application programming interface.
    Type: Grant
    Filed: June 25, 2018
    Date of Patent: January 30, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Peter Zachary Bowen, Todd Lawrence Cignetti, Preston Anthony Elder, III, Brandonn Gorman, Ronald Andrew Hoskinson, Jonathan Kozolchyk, Kenneth Lawler, Marcel Andrew Levy, Kyle Benjamin Schultheiss, Sandeep Shantharaj, Param Sharma, Jose Maria Silveira Neto
  • Patent number: 11876914
    Abstract: Systems and methods for securely exchanging cryptographically signed records are disclosed. In one aspect, after receiving a content request, a sender device can send a record to a receiver device (e.g., an agent device) making the request. The record can be sent via a short range link in a decentralized (e.g., peer-to-peer) manner while the devices may not be in communication with a centralized processing platform. The record can comprise a sender signature created using the sender device's private key. The receiver device can verify the authenticity of the sender signature using the sender device's public key. After adding a cryptography-based receiver signature, the receiver device can redeem the record with the platform. Upon successful verification of the record, the platform can perform as instructed by a content of the record (e.g., modifying or updating a user account).
    Type: Grant
    Filed: May 19, 2021
    Date of Patent: January 16, 2024
    Assignee: Magic Leap, Inc.
    Inventor: Adrian Kaehler
  • Patent number: 11812265
    Abstract: Disclosed are various embodiments for certificate-based authentication in radio-based networks. In one embodiment, a request for service from a radio-based network is received from a client device. The request for service includes a secure certificate. The radio-based network includes a radio access network and an associated core network. The authenticity of the secure certificate is validated based at least in part on a certificate signature in the secure certificate signed by a certificate authority. It is determined that an entity identified in the secure certificate is permitted to access the radio-based network. Radio-based network access is provided to the client device in response to determining that the entity is permitted to access the radio-based network.
    Type: Grant
    Filed: November 15, 2021
    Date of Patent: November 7, 2023
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Diwakar Gupta, Kaixiang Hu, Benjamin Wojtowicz, Upendra Bhalchandra Shevade, Shane Ashley Hall
  • Patent number: 11804949
    Abstract: Techniques for subscriber revocation in a publish-subscribe network using attribute-based encryption (ABE) are disclosed, including: generating a tree data structure including leaf nodes representing subscribers, subtrees of the tree data structure representing subsets of subscribers having different likelihoods of ABE key revocation; generating ABE keys associated with edges in the tree data structure; assigning ABE keys to the leaf nodes, each leaf node being assigned a subset of the ABE keys associated with edges that form a path from a root node to the leaf node; based at least on a revocation record that indicates one or more revoked subscribers, determining a minimal subset of ABE keys that covers all non-revoked subscribers; and encrypting a payload using an encryption policy requiring at least one ABE key in the minimal subset of the ABE keys, to obtain a ciphertext that is not accessible to the one or more revoked subscribers.
    Type: Grant
    Filed: March 19, 2021
    Date of Patent: October 31, 2023
    Assignee: Raytheon BBN Technologies Corp.
    Inventors: Joud Khoury, Samuel Cunningham Nelson, William Timothy Strayer
  • Patent number: 11750404
    Abstract: A decentralized group signature method for an issuer-anonymized credential system includes (a) an initial system setup operation of defining elements of a group signature method and information that is generated and shared by each group member, (b) an initial group member setup operation, (c) a group member participation operation of adding a new group member to a group, (d) a group signature operation of putting a group signature on a specific message, (e) an operation of verifying the group signature, (f) an operation of removing anonymity from a group signature for a specific group member with agreement of group members, and (g) an operation of revoking a specific group member with agreement of the group members. Exclusive authority of a group manager is distributed to the group members.
    Type: Grant
    Filed: November 4, 2020
    Date of Patent: September 5, 2023
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Hwan Jo Heo, Hyun Jin Lee
  • Patent number: 11743733
    Abstract: Methods and devices enable connecting devices to cellular networks using the devices' hardware identifiers. Subscriber records include a hardware identifier assigned when the devices are manufactured. A target hardware identifier included in an attachment request is associated with an International Mobile Subscriber Identity, IMSI, available to the cellular network if, according to subscriber records, the device is registered.
    Type: Grant
    Filed: September 27, 2021
    Date of Patent: August 29, 2023
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Athanasios Karapantelakis, Ioannis Fikouras, Rafia Inam, Qiang Li, Leonid Mokrushin, Maxim Teslenko, Konstantinos Vandikas, Aneta Vulgarakis Feljan
  • Patent number: 11734460
    Abstract: Connectionless trusted computing base recovery is described. An example of a system includes one or more processors to process data; hardware including a hardware RoT (root of trust); and firmware including a firmware TCB (trusted computing base), the firmware including the credentials including one or more certificates and one or more keys, wherein the one or more processors are to determine that the firmware TCB is compromised and that the hardware RoT is intact; issue new credentials by the hardware RoT to mutable firmware based on a version number or security version number (SVN) of the firmware; and revoke old versions of the credentials for the firmware.
    Type: Grant
    Filed: June 23, 2021
    Date of Patent: August 22, 2023
    Assignee: INTEL CORPORATION
    Inventors: Xiaoyu Ruan, Tsippy Mendelson, Yanai Moyal, Daniel Nemiroff
  • Patent number: 11683188
    Abstract: A method for representing certificate expiration includes obtaining, from a root certificate authority, a root digital certificate and generating a chain of intermediate certificate authorities. Each intermediate certificate authority includes a respective intermediate certificate digitally signed by the intermediate certificate authority that is immediately higher in the chain and a respective validation time period indicating a range of times when the intermediate certificate authority is permitted to digitally sign certificates. The respective validation time period includes the validation time period of each intermediate certificate authority that is lower in the chain. The method includes generating a certificate revocation list and generating, from the lowest intermediate certificate authority in the chain, a plurality of end entity certificates.
    Type: Grant
    Filed: October 13, 2020
    Date of Patent: June 20, 2023
    Assignee: Google LLC
    Inventors: Matthew Robert Jones, Benjamin Jackson Benoy, John David Thayer Wood
  • Patent number: 11641285
    Abstract: Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.
    Type: Grant
    Filed: January 11, 2021
    Date of Patent: May 2, 2023
    Assignee: DigiCert, Inc.
    Inventors: Hari Veladanda, Hoa Ly, Ning Chai
  • Patent number: 11640149
    Abstract: A method of providing a plurality of controller certificates for a plurality of controllers within a Building Management System (BMS) includes downloading project information defining the BMS and using the downloaded project information to solicit a Certificate Signing Request (CSR) from each of the plurality of controllers of the BMS. The received CSRs are uploaded to a remote server so that the remote server can generate a corresponding controller certificate for each of the plurality of controllers of the BMS. The generated controller certificates are then downloaded to the corresponding one of the plurality of controllers of the BMS.
    Type: Grant
    Filed: December 22, 2021
    Date of Patent: May 2, 2023
    Assignee: HONEYWELL INTERNATIONAL INC.
    Inventors: Nagasree Poluri, Manish Gupta, Nagesh Narayanappa, Ankith Makam
  • Patent number: 11632247
    Abstract: Provided are methods and systems for invalidating user security tokens. An example method may include providing, by one or more nodes in a cluster, a list of revoked security tokens. The method may include receiving, by the one or more nodes, an indication of invalidating a user security token associated with a user device. The indication may include a request from the user to invalidate the user security token. The method may further include, in response to the receiving, adding, by the one or more nodes, the user security token to the list of revoked security tokens. The user security token can be added to the list of revoked security tokens prior to the expiration time of the user security token. The method may further include replicating, by the one or more nodes, the list of revoked security tokens between further nodes of the cluster.
    Type: Grant
    Filed: April 19, 2021
    Date of Patent: April 18, 2023
    Assignee: ELASTICSEARCH B.V.
    Inventor: Jayesh Modi
  • Patent number: 11625476
    Abstract: A method, system and apparatus for requesting a plurality of credentials from a trusted entity. A local validation device (LVD) receives a credential request or an identifier from each of a plurality of user devices. The LVD generates or compiles a bundle of credential requests corresponding to the plurality of user devices. The LVD transmits the bundle of credentials requests to the MVD. The MVD receives the bundle of request and performs a validation for each request in the bundle and then communicates the credentials and/or the results of the validations to the LVD. The LVD communicates credentials to each of the plurality of user devices. In some cases, the LVD performs the validation for each credential request. For instance, the LVD can receive a local enforcement policy from the MVD, which can provide instructions or guidance to the LVD as to how to perform the validations.
    Type: Grant
    Filed: November 10, 2020
    Date of Patent: April 11, 2023
    Assignee: DigiCert, Inc.
    Inventors: Wade Johnathon Choules, Darin Scott Andrew, Ricky Eldon Roos, Jason Allen Sabin, Daniel Robert Timpson
  • Patent number: 11627127
    Abstract: The authentication and authorization system includes an application execution unit, a user information storage unit, a token acquisition unit configured to acquire, using the user information acquired from the user information storage unit, an access token from an authorization server that authorizes the application to use the external service when a valid access token is presented via the cooperation unit, and a token storage unit configured to store the acquired access token. The token acquisition unit acquires the access token from the authorization server at a predetermined cycle, and stores it in the token storage unit. When the application uses the external service, the application execution unit requests a cooperation unit to make the application cooperate with the external service using the access token acquired from the token storage unit.
    Type: Grant
    Filed: September 11, 2020
    Date of Patent: April 11, 2023
    Assignee: HITACHI, LTD.
    Inventors: Toshio Nishida, Keisuke Hatasaki
  • Patent number: 11593775
    Abstract: Disclosed herein are system, method, and computer program product embodiments for authenticating a mobile user via an authentication method determined based on a token level associated with the action being completed. An authentication token is created corresponding to the token level and the authentication token is sent to the mobile device. This authentication token may be used to authenticate subsequent actions and engage various services to complete the actions using application programming interfaces. The authentication token stored on the mobile device obviates the need for a user to authenticate multiple times to complete actions requiring a similar token level. The system may authenticate the identity of the mobile user using various authentication methods.
    Type: Grant
    Filed: May 18, 2021
    Date of Patent: February 28, 2023
    Assignee: Capital One Services, LLC
    Inventors: Jeremy J. Phillips, Mitchell Miller, Saleem Ahmed Sangi
  • Patent number: 11570167
    Abstract: Apparatus and methods pertaining to a Certified Approval Service (CAS) are disclosed and enabled. The apparatus may include a Personal Computing Device (PCD) implementing a CAS Device to interact with an end user and a server implementing a CAS provider. The various embodiments operate without the end user and the CAS provider to engage in an authenticated login session between themselves.
    Type: Grant
    Filed: October 28, 2021
    Date of Patent: January 31, 2023
    Assignee: CHIPIWORKS COMPANY
    Inventors: Kobi Eshun, Karim Tahawi
  • Patent number: 11563587
    Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action.
    Type: Grant
    Filed: July 27, 2022
    Date of Patent: January 24, 2023
    Assignee: ;Anchor Labs, Inc.
    Inventors: Diogo Monica, Nathan P. McCauley, Riyaz D. Faizullabhoy, Boaz Avital
  • Patent number: 11556856
    Abstract: A method for training an analytics engine hosted by an edge server device is provided. The method includes determining a classification for data in an analytics engine hosted by an edge server and computing a confidence level for the classification. The confidence level is compared to a threshold. The data is sent to a cloud server if the confidence level is less than the threshold. A reclassification is received from the cloud server and the analytics engine is trained based, at least in part, on the data and the reclassification.
    Type: Grant
    Filed: December 24, 2020
    Date of Patent: January 17, 2023
    Assignee: Intel Corporation
    Inventor: Yen Hsiang Chew
  • Patent number: 11550894
    Abstract: A trusted application (TA) operates on a trusted execution environment (TEE) and generates a screen. Further, the TA transmits certification information for certifying validity of the TA to a verification device. The verification device verifies whether the TA is valid on the basis of the certification information. Further, the verification device authenticates a display device when the validity of the TA is certified and when the verification device is capable of confirming the facts that a picture is being output and that a device outputting the picture is the display device. Further, the verification device outputs a random number code when the display device is authenticated. Further, the verification device transmits the random number code to the display device when the display device is authenticated. Further, the display device receives the random number code from the verification device and displays the same.
    Type: Grant
    Filed: June 17, 2019
    Date of Patent: January 10, 2023
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Kenichiro Muto, Takeshi Nagayoshi, Kimihiro Yamakoshi
  • Patent number: 11528604
    Abstract: The invention concerns a method for transmitting to a physical or virtual element of a telecommunications network, an encrypted subscription identifier stored in a security element, or an encrypted identifier of the security element or an encrypted identifier of a terminal cooperating with the security element. The method includes pre-calculating proactively, at the occurrence of an event, the encrypted identifier using a key and storing it in a file or memory of the security element with a parameter enabling the key to be calculated by the element of the telecommunications network, in order to be able to transmit to the element of the telecommunications network the encrypted identifier and the parameter, without having to compute the encrypted identifier when the terminal is asking for it.
    Type: Grant
    Filed: October 2, 2018
    Date of Patent: December 13, 2022
    Assignee: THALES DIS FRANCE SAS
    Inventors: Paul Bradley, Mireille Pauliac
  • Patent number: 11523278
    Abstract: A secured communication method for a V2X communication device is disclosed. The secured communication method for a V2X communication device comprises the steps of; receiving at least one message on the basis of V2X communication; extracting adaptive certificate pre-distribution (ACPD) target information when the at least one message includes the ACPD target information; pre-authenticating at least one short-term certificate acquired from the ACPD target information; collecting at least one pre-authenticated short-term certificate to be broadcasted at a specific predicted time at a specific predicted location; and broadcasting an ACPD group (ACPDG) message including the collected at least one pre-authenticated short-term certificate at the specific predicted location at the specific predicted time.
    Type: Grant
    Filed: December 21, 2017
    Date of Patent: December 6, 2022
    Assignee: LG ELECTRONICS INC.
    Inventors: Soyoung Kim, Jaeho Hwang
  • Patent number: 11516023
    Abstract: A proxy revocation service provides a reliable service for performing revocation checks. The proxy revocation service queries public certificate authorities for the revocation status of a set of digital certificates and maintains a database of the revocation statuses. The proxy revocation service provides a singular endpoint that is Application Protocol Interface (API) accessible to web clients. Web clients communicate with the proxy revocation service through use of API message to perform revocation checks, rather than communicating with the public certificate authorities using an online certificate status protocol (OCSP). Use of the proxy revocation service provides both a reliable service for performing revocation checks as well as shifts the complexity away from the web clients.
    Type: Grant
    Filed: November 5, 2021
    Date of Patent: November 29, 2022
    Assignee: Snowflake Inc.
    Inventors: Harsh Chaturvedi, Harsha S. Kapre, Srinath Shankar
  • Patent number: 11509484
    Abstract: Systems and methods relating to settlement of securities without revealing ownership including the end owner are described. In some implementations, ownership or control of a security may be managed by using group membership technology to revoke the signing rights of the seller and adding signing rights to the buyer. Group membership with group signatures allow for one group public key and a plurality of private keys, where each private key is associated with a group member. Signatures create by different group members are indistinguishable to verifiers but a group manager is able to determine which member has signed, link member signatures, implement controls and/or limits, and revoke and add signatory capability when needed. In some implementations, revocation of signatory capability is done with the cooperation of a Digital Certificate Authority.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: November 22, 2022
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Phillip H. Griffin
  • Patent number: 11483162
    Abstract: Systems and methods relating to settlement of securities without revealing ownership including the end owner are described. In some implementations, ownership or control of a security may be managed by using group membership technology to revoke the signing rights of the seller and adding signing rights to the buyer. Group membership with group signatures allow for one group public key and a plurality of private keys, where each private key is associated with a group member. Signatures create by different group members are indistinguishable to verifiers but a group manager is able to determine which member has signed, link member signatures, implement controls and/or limits, and revoke and add signatory capability when needed. In some implementations, revocation of signatory capability is done with the cooperation of a Digital Certificate Authority.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: October 25, 2022
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Phillip H. Griffin
  • Patent number: 11444780
    Abstract: A processing device receives, from a host system, a key manifest and a digital signature generated based on the key manifest using a private key corresponding to a public/private key pair. The key manifest comprises one or more verification keys. The digital signature is verified using the public key and the processing device stores the key manifest in a persistent storage component in response to successful verification of the digital signature. The one or more verification keys are utilized in one or more verification operations based on the key manifest being stored in the persistent memory component.
    Type: Grant
    Filed: November 25, 2019
    Date of Patent: September 13, 2022
    Assignee: Micron Technology, Inc.
    Inventors: Robert W. Strong, James Ruane
  • Patent number: 11438174
    Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action.
    Type: Grant
    Filed: January 31, 2022
    Date of Patent: September 6, 2022
    Assignee: Anchor Labs, Inc.
    Inventors: Diogo Monica, Nathan P. McCauley, Riyaz D. Faizullabhoy, Boaz Avital
  • Patent number: 11431510
    Abstract: A system and method for efficiently managing an executable environment involving multiple code-sign certificate chains. The system and method include receiving, by one or more processors and from a client device, a request for information to verify an authorization of a code bundle, the code bundle associated with a first signed code segment and a second signed code segment. The system and method include generating, by one or more processors, a list of certificates associated with the code bundle. The system and method include transmitting, by the one or more processors and to the client device, a message comprising the list of certificates, the message causing the client device to verify the code bundle based on the list of certificates.
    Type: Grant
    Filed: April 30, 2020
    Date of Patent: August 30, 2022
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Jeff J. Stapleton
  • Patent number: 11424940
    Abstract: A computer-implemented method for using a standalone tool for certificate management is provided. The standalone tool for certificate management is provided between a plurality of computing nodes and a management node. The standalone tool determines a certificate status for each of the plurality of computing nodes in the computing system. The standalone tool also determines any certificate operations for each of the plurality of computing nodes in the computing system. The certificate status and any of the certificate operations are presented in a consolidated view.
    Type: Grant
    Filed: July 16, 2019
    Date of Patent: August 23, 2022
    Assignee: VMware, Inc.
    Inventors: Krzysztof K Pierscieniak, Samdeep Nayak, Ranganathan Srinivasan
  • Patent number: 11423129
    Abstract: A host device, a storage device, and a method employ a vendor unique command (VUC) authentication system. The storage device includes a memory and a memory controller which includes a VUC authentication module and controls the memory. The VUC authentication module transmits first memory information about the memory to the host device, receives from the host device a one-time password generated by the first memory information, verifies the one-time password, and receives a vendor unique command from the host device when the one-time password is correct.
    Type: Grant
    Filed: July 10, 2019
    Date of Patent: August 23, 2022
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Bo Hyung Kim, Jang Hwan Kim, Moon Wook Oh, Da Woon Jung
  • Patent number: 11388598
    Abstract: Systems, apparatus, methods, and techniques for reporting an attack or intrusion into an in-vehicle network are provided. The attack can be broadcast to connected vehicles over a vehicle-to-vehicle network. The broadcast can include an indication of a sub-system involved in the attack and can include a request for assistance in recovering from the attack. Connected vehicles can broadcast responses over the vehicle-to-vehicle network. The responses can include indications of data related to the compromised sub-system. The vehicle can receive the responses and can use the responses to recover from the attack, such as, estimate data.
    Type: Grant
    Filed: December 19, 2019
    Date of Patent: July 12, 2022
    Assignee: INTEL CORPORATION
    Inventors: Liuyang Yang, Xiruo Liu, Manoj Sastry, Marcio Juliato, Shabbir Ahmed, Christopher Gutierrez
  • Patent number: 11368297
    Abstract: Embodiments of the present disclosure disclose a method and apparatus for updating a digital certificate. A specific embodiment of the method includes: receiving digital certificate data, the digital certificate data including a number of times of forwarding and a first forwarding moment; determining whether the following conditions are satisfied: the number of times of the forwarding being less than a preset threshold, or a time length between a current moment and the first forwarding moment being less than a preset time length; and increasing, in response to determining at least one of the conditions being satisfied, the number of times of the forwarding by a preset number, and forwarding the digital certificate data to another proxy server.
    Type: Grant
    Filed: September 9, 2019
    Date of Patent: June 21, 2022
    Assignee: Beijing Baidu Netcom Science and Technology Co., Ltd.
    Inventors: Huangjun Shi, Liguo Duan
  • Patent number: 11366788
    Abstract: Techniques delete snapshot data. In accordance with certain techniques, a first sub-process of a snapshot deletion process on a first data block of the snapshot data is performed with a first thread. The snapshot deletion process includes at least the first sub-process and a second sub-process, the first and second sub-processes being performed sequentially. In response to an end of the first sub-process performed with the first thread, the second sub-process on the first data block is performed with the first thread. In parallel with performing, with the first thread, the second sub-process on the first data block, the first sub-process on a second data block of the snapshot data is performed with a second thread different from the first thread, the second data block being different from the first data block. Such techniques improve IO lock contention, system resource utilization rate and parallelism, response time and system overhead.
    Type: Grant
    Filed: March 18, 2019
    Date of Patent: June 21, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Shuo Lv, Ming Zhang
  • Patent number: 11349673
    Abstract: A system for monitoring the status of digital certificates is provided. The system includes a responder computer device. The responder computer device is programmed to store, in a database, a plurality of statuses associated with a plurality of digital certificates. The responder computer device is further programmed to receive, from a first computer device, a request message including an identifier of a target certificate. The responder computer device is further programmed to query the database to retrieve status information about the target certificate, generate a response message based on the retrieved status information, and transmit the response message to the first computer device.
    Type: Grant
    Filed: January 22, 2019
    Date of Patent: May 31, 2022
    Assignee: Cable Television Laboratories, Inc.
    Inventor: Massimiliano Pala
  • Patent number: 11329964
    Abstract: A method of managing messages in a messaging system, the method including: identifying a policy associated with the messaging system, the policy including directives associated with the privacy and integrity of messages; applying the policy to a message, the policy including configuration data that determines when the message should be expired; sending the message to the messaging system; using the configuration data to calculate the expiry of the message and passing the calculated expiry of the message to the messaging system; determining whether the expiry has been reached; responsive to the expiry being reached, sending a report message to the message producer; and responsive to the expiry not being reached, attempting to deliver the message to the message consumer.
    Type: Grant
    Filed: April 6, 2020
    Date of Patent: May 10, 2022
    Assignee: International Business Machines Corporation
    Inventor: Jonathan L. Rumsey
  • Patent number: 11271753
    Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action.
    Type: Grant
    Filed: June 23, 2021
    Date of Patent: March 8, 2022
    Assignee: Anchor Labs, Inc.
    Inventors: Diogo Monica, Nathan P. McCauley, Riyaz D. Faizullabhoy, Boaz Avital
  • Patent number: 11256540
    Abstract: For each server under consideration for container migration, whether the server has a value for a first parameter that precludes the server from being migrated to a container is determined. Each server having a value that precludes the serve from being migrated to a container is removed from further consideration. For each server remaining under consideration, a value of the server for each second parameter of a number of second parameters is determined, and the values of the server for the second parameters are weighted to yield a weight for the server. The servers remaining under consideration for migration are ranked based at least on the weights for the servers, yielding an order in which the servers are to migrated.
    Type: Grant
    Filed: October 2, 2019
    Date of Patent: February 22, 2022
    Assignee: MICRO FOCUS LLC
    Inventors: Rajashekar Dasari, Harish Kum Somisetty, Stefan Bergstein
  • Patent number: 11237534
    Abstract: A method of providing a plurality of controller certificates for a plurality of controllers within a Building Management System (BMS) includes downloading project information defining the BMS and using the downloaded project information to solicit a Certificate Signing Request (CSR) from each of the plurality of controllers of the BMS. The received CSRs are uploaded to a remote server so that the remote server can generate a corresponding controller certificate for each of the plurality of controllers of the BMS. The generated controller certificates are then downloaded to the corresponding one of the plurality of controllers of the BMS.
    Type: Grant
    Filed: February 11, 2020
    Date of Patent: February 1, 2022
    Assignee: Honeywell International Inc.
    Inventors: Nagasree Poluri, Manish Gupta, Nagesh Narayanappa, Ankith Makam
  • Patent number: 11212274
    Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.
    Type: Grant
    Filed: August 29, 2019
    Date of Patent: December 28, 2021
    Assignee: DigiCert, Inc.
    Inventors: Richard F. Andrews, Quentin Liu
  • Patent number: 11184178
    Abstract: A method at a computing device within an Intelligent Transportation System (ITS), the method including: receiving a first message, the first message including at least tailoring information for a first ITS endpoint and intended journey details for the first ITS endpoint; storing all or a subset of data from the first message; obtaining a full certificate revocation list; creating a tailored certificate revocation list based on data in the first message and the full certificate revocation list, the tailored certificate revocation list containing certificates or identifiers of certificates for ITS endpoints that may be encountered by the first ITS endpoint when navigating a route provided in the intended journey details; and providing the tailored certificate revocation list to the first ITS endpoint.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: November 23, 2021
    Assignee: BlackBerry Limited
    Inventors: Nicholas James Russell, Jonathon Brookfield, Stephen John Barrett
  • Patent number: 11182491
    Abstract: A method of limiting data usage for certified purposes by using functional encryption, comprising: receiving from a software publisher an application code and declared privacy information, the declared privacy information specifies at least one declared usage for at least one data type; analyzing the application's usage of data collected by the application, to identify an actual usage of the at least one data type by a function; identifying when the actual usage is compliant with the at least one declared usage according to the analysis; in response to the identification, creating a pair of a public key and a master private key; creating a function private key for the function using the master private key; and sending the function private key to the software publisher to be used for operating the function on data which is encrypted using the public key.
    Type: Grant
    Filed: February 4, 2020
    Date of Patent: November 23, 2021
    Assignee: International Business Machines Corporation
    Inventors: Abigail Goldsteen, Ron Shmelkin, Gilad Ezov, Muhammad Barham
  • Patent number: 11184180
    Abstract: To revoke a digital certificate (160p), activation of the digital certificate is blocked by withholding an activation code from the certificate user (110). The certificates are generated by a plurality of entities (210, 220, 838) in a robust process that preserves user privacy (e.g. anonymity) even in case of collusion of some of the entities. The process is suitable for connected vehicles, e.g. as an improvement for Security Credential Management System (SCMS).
    Type: Grant
    Filed: February 5, 2019
    Date of Patent: November 23, 2021
    Assignees: LG ELECTRONICS, INC., UNIVERSITY OF SAO PAULO
    Inventors: Marcos A. Simplicio, Jr., Eduardo Lopes Cominetti, Harsh Kupwade Patil, Jefferson E. Ricardini, Marcos Vinicius M. Silva
  • Patent number: 11178146
    Abstract: Systems and methods are disclosed for online authentication of online attributes. One method includes receiving an authentication request from a rely party, the authentication request including identity information to be authenticated and credential information to be authenticated; determining whether a user account is associated with the received identity information by accessing an internal database; accessing user data of the user account determined to be associated with received identity information; determining authentication data to obtained from a user associated with the user account based on the user data of the user account and the credential information to be authenticated; transmitting a request for authentication data; receiving authentication data associated with the user; transmitting authentication data associated with the user; and receiving an authentication result from the verification data source server for the user associated with authentication data.
    Type: Grant
    Filed: November 21, 2018
    Date of Patent: November 16, 2021
    Assignee: ID.me, Inc.
    Inventors: Blake Hall, Tanel Suurhans
  • Patent number: 11166135
    Abstract: Implementations of the subject technology provide for receiving a registration request for registering and associating phone numbers for at least one service on a particular device, where the registration request includes information related to a phone authentication certificate (PAC) that was generated for the particular device. The PAC authenticates that each of the phone numbers is associated with the particular device. The subject system performs an authentication of user identifiers associated with the particular device based at least on the PAC. The subject system performs a registration of at least one service for the particular device using the authenticated user identifiers, in which the registration includes at least one respective handle for accessing the at least one service via each respective user identifier. The subject system transmits to the particular device, information related to the at least one respective handle for accessing the service via each respective user identifier.
    Type: Grant
    Filed: May 29, 2020
    Date of Patent: November 2, 2021
    Assignee: Apple Inc.
    Inventors: Nelson M. Leduc, Xudong Liu
  • Patent number: 11158309
    Abstract: Techniques are described for automatically distributing validated user safety alerts from a networked computing device. The networked computing device may be configured to operate as an autonomous agent to perform actions on behalf of a user without receiving direct instructions from the user. For example, the autonomous agent computing device may be configured to make certain purchases, send alerts or reminders, or perform other functions in accordance with preprogrammed rules. According to the disclosed techniques, the autonomous agent computing device is configured to automatically generate and send an alert to one or more computing devices associated with the user upon detecting a safety concern for the user. The autonomous agent also uses a signing key associated with its digital certificate, which verifies the identity of the autonomous agent, to sign the alert such that a third-party server may validate the alert prior to distribution to the destination computing devices.
    Type: Grant
    Filed: August 16, 2019
    Date of Patent: October 26, 2021
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Rita M. Homewood, Christopher M. Ruiz, Scott Christopher Hall, Michael J. Foster, Michelle E. Masters, Lawrence R. Belton, Jr.
  • Patent number: 11153298
    Abstract: Apparatus and methods pertaining to a Certified Approval Service (CAS) are disclosed and enabled. The apparatus may include a Personal Computing Device (PCD) implementing a CAS Device to interact with an end user and a server implementing a CAS provider. The various embodiments operate without the end user and the CAS provider to engage in an authenticated login session between themselves.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: October 19, 2021
    Assignee: Chipiworks Company
    Inventors: Kobi Eshun, Karim Tahawi
  • Patent number: 11153101
    Abstract: An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority. It may also include one or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers to perform operations comprising distributing at least one request to the one or more compute engines.
    Type: Grant
    Filed: March 2, 2020
    Date of Patent: October 19, 2021
    Assignee: INTEGRITY SECURITY SERVICES LLC
    Inventors: Alan T. Meyer, Gregory A. Powell
  • Patent number: 11139990
    Abstract: Systems, apparatuses and methods may provide for infrastructure node technology that conducts a mutual authentication with a vehicle and verifies, if the mutual authentication is successful, location information received from the vehicle. The infrastructure node technology may also send a token to the vehicle if the location information is verified, wherein the token includes an attestation that the vehicle was present in a location associated with the location information at a specified moment in time. Additionally, vehicle technology may conduct a mutual authentication with an infrastructure node and send, if the mutual authentication is successful, location information to the infrastructure node. The vehicle technology may also receive a token from the infrastructure node.
    Type: Grant
    Filed: December 29, 2018
    Date of Patent: October 5, 2021
    Assignee: Intel Corporation
    Inventors: Moreno Ambrosin, Kathiravetpillai Sivanesan, Rafael Misoczki, Sridhar Sharma, Ignacio Alvarez
  • Patent number: 11115558
    Abstract: Systems and methods for maintaining chain of custody for assets offloaded from a portable electronic device. One exemplary system includes an electronic processor configured to receive, from the portable electronic device, an asset manifest including an asset identifier, a fixed-length unique identifier associated with the asset identifier, and a manifest digital signature. The electronic processor is further configured to transmit to the portable electronic device a storage message based on the asset manifest; receive, from the portable electronic device, an upload completion message; retrieve, from a data warehouse an asset file; and determine, for the asset file, an asset file fixed-length unique identifier.
    Type: Grant
    Filed: May 20, 2016
    Date of Patent: September 7, 2021
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: David B. Flowerday, Remigiusz Orlowski, Steven D. Tine, Lechoslaw Radwanski
  • Patent number: 11082235
    Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action.
    Type: Grant
    Filed: February 14, 2019
    Date of Patent: August 3, 2021
    Assignee: Anchor Labs, Inc.
    Inventors: Diogo Monica, Nathan P. McCauley, Riyaz D. Faizullabhoy, Boaz Avital