Patents Examined by Brandon S Hoffman
  • Patent number: 11361085
    Abstract: The present technology relates to a signal processing device, and a signal processing method for enabling reduction of a processing load while ensuring safety. The signal processing device includes a control unit that acquires designation information indicating a designated portion to be encrypted in output data and an encryption processing unit that encrypts the designated portion indicated by the designation information in the output data using a key. Furthermore, the designated portion indicated by the designation information is changed with time. The present technology can be applied to an in-vehicle camera.
    Type: Grant
    Filed: June 1, 2018
    Date of Patent: June 14, 2022
    Assignee: SONY SEMICONDUCTOR SOLUTIONS CORPORATION
    Inventors: Tatsuya Kaneko, Motohashi Yuichi
  • Patent number: 11337066
    Abstract: A system (100) for providing a user device (102) access to a resource or data is disclosed. The system (100) comprises: the user device (102) comprising: a light detector (104) configured to detect light (130) emitted by a light source (122), which light (130) comprises an embedded code comprising a light source identifier of the light source (122), a communication unit (108) configured to communicate with a network device (112), a processor (106) configured to retrieve the light source identifier from the light (130), and to communicate the light source identifier to the network device (112).
    Type: Grant
    Filed: July 5, 2018
    Date of Patent: May 17, 2022
    Assignee: SIGNIFY HOLDING B.V.
    Inventors: Dirk Valentinus René Engelen, Bartel Marinus Van De Sluis, Dzmitry Viktorovich Aliakseyeu, Mustafa Tolga Eren
  • Patent number: 11328049
    Abstract: Disclosed embodiments relate to systems and methods for securely and seamlessly provisioning credentials for use by personal computing devices. Techniques include obtaining a session identifier; making available an encoded representation to a personal computing device, the encoded representation encoding the session identifier; wherein the personal computing device is configured to: decode the encoded representation, access an identity credential stored on the personal computing device, encrypt the identity credential using a first cryptographic key, and send, to a mediator resource, the session identifier and the encrypted identity credential; receiving, from the mediator resource, the session identifier and the encrypted identity credential; and storing the encrypted identity credential.
    Type: Grant
    Filed: April 13, 2020
    Date of Patent: May 10, 2022
    Assignee: CyberArk Software Lid.
    Inventors: Arthur Bendersky, Nir Popik, Tal Zigman
  • Patent number: 11328070
    Abstract: The present technology relates to a signal processing device, and a signal processing method for enabling reduction of a processing load while ensuring safety. The signal processing device includes a control unit that acquires designation information indicating a designated portion to be encrypted in output data and an encryption processing unit that encrypts the designated portion indicated by the designation information in the output data using a key. Furthermore, the designated portion indicated by the designation information is changed with time. The present technology can be applied to an in-vehicle camera.
    Type: Grant
    Filed: June 1, 2018
    Date of Patent: May 10, 2022
    Assignee: SONY SEMICONDUCTOR SOLUTIONS CORPORATION
    Inventors: Tatsuya Kaneko, Motohashi Yuichi
  • Patent number: 11328075
    Abstract: According to one embodiment, a system establishes a secure connection between a host system and a data processing (DP) accelerator over a bus, the secure connection including one or more data channels. The system transmits a first instruction from the host system to the DP accelerator over a command channel, the first instruction requesting the DP accelerator to perform a data preparation operation. The system receives a first request to read a first data from a first memory location of the host system from the DP accelerator over one data channel. In response to the request, the system transmits the first data to the DP accelerator over the data channel, where the first data is utilized for a computation or a configuration operation. The system transmits a second instruction from the host system to the DP accelerator over the command channel to perform the computation or the configuration operation.
    Type: Grant
    Filed: January 4, 2019
    Date of Patent: May 10, 2022
    Assignees: BAIDU USA LLC, BAIDU.COM TIMES TECHNOLOGY (BEIJING) CO., LTD.
    Inventors: Yong Liu, Yueqiang Cheng, Jian Ouyang, Tao Wei
  • Patent number: 11329801
    Abstract: Apparatuses, systems, and methods for generating and utilizing improved initialization vectors (IVs) when performing encryption and authentication in wireless communications. In some scenarios, a wireless communication device may generate one or more pseudorandom multi-bit values, e.g., using a respective plurality of key derivation functions (KDFs). A first portion of each value may be used as a respective key for encryption or authentication of traffic on the user plane or the control plane. A second portion of each value may be used as a nonce value in a respective IV for use with a respective key for encryption or authentication of traffic on the user plane or the control plane. In some scenarios, the nonce values may instead be generated as part of an additional pseudorandom value (e.g., by executing an additional KDF), from which all of the IVs may be drawn.
    Type: Grant
    Filed: January 3, 2020
    Date of Patent: May 10, 2022
    Assignee: Apple Inc.
    Inventors: Dawei Zhang, Fangli Xu, Haijing Hu, Huarui Liang, Lijia Zhang, Robert K. Kitchens, Samuel D. Post, Shu Guo, Xiangying Yang, Yannick L. Sierra, Yuqin Chen
  • Patent number: 11321436
    Abstract: A computing device includes a system that authenticates a user of the computing device. A first sensor obtains a first representation of a physical characteristic of the user that is compared to a registered representation of the physical characteristic of the user. A first level of access to the computing device is enabled based on the first representation of the physical characteristic matching the second representation of the physical characteristic. A second sensor obtains a first representation of a liveness characteristic of the user that indicates that the user is alive. The first representation of the liveness characteristic is compared to a registered representation of the liveness characteristic of the user. A second level of access to the computing device is enabled based on the first representation of the liveness characteristic of the user matching the second representation of the liveness characteristic of the user.
    Type: Grant
    Filed: July 23, 2019
    Date of Patent: May 3, 2022
    Inventors: Kwang Oh Kim, Yibing Michelle Wang, Kamil Bojanczyk
  • Patent number: 11323464
    Abstract: An apparatus comprises at least one processing device comprising a processor coupled to a memory. The processing device is configured to identify artifacts in a plurality of messages of an account of a user, and to replace the identified artifacts in the messages with respective modified artifacts while also maintaining in access-controlled storage at least information related to the identified artifacts. The processing device receives from a requestor a request for a given one of the identified artifacts that has been replaced with a corresponding modified artifact, determines a profile of the requestor based at least in part on the request, makes a security determination based at least in part on the determined profile, and takes at least one automated action based at least in part on the security determination.
    Type: Grant
    Filed: August 2, 2019
    Date of Patent: May 3, 2022
    Assignee: RightQuestion, LLC
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 11323488
    Abstract: Systems and methods are disclosed herein that relate to secure monitoring or interception of traffic in a wireless communications system. In some embodiments, a method of operation of a network node comprises receiving a list of one or more obfuscated target identifiers from a monitoring node, where each obfuscated target identifier is a user identifier of a target user that is encrypted using a first encryption key that is unknown to the network node. The method further comprises receiving an encrypted packet from another network node and determining whether an encrypted user identifier of the encrypted packet matches one of the obfuscated target identifiers. The method further comprises, if the encrypted user identifier matches one of the obfuscated target identifiers, further encrypting the encrypted packet using a second encryption key negotiated between the network node and the monitoring node and transmitting the further encrypted packet to the monitoring node.
    Type: Grant
    Filed: June 7, 2017
    Date of Patent: May 3, 2022
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Catherine Truchan, Suresh Krishnan, Daniel Migault, Stere Preda
  • Patent number: 11316852
    Abstract: A secure mechanism for adding network devices uses an unsecure guest network and a secure network both coupled to a secure hub. When an unknown device is introduced, it is initially connected to the guest network and can only communicate with the hub and with a wide area network (WAN). The unknown device is prohibited from communicating with the secure network and any device connected to the secure network. The unknown device provides credentials to the hub, which are verified with a secure database, such as a blockchain ledger, that provides manufacturer device information and certification. Upon authentication, the hub permits the identified device to connect to the secure network. The hub may also configure the now identified device for security and operational parameters. The hub may also retrieve network traffic pattern information from the secure database and use such information to monitor normal expected activity from the identified device.
    Type: Grant
    Filed: October 4, 2019
    Date of Patent: April 26, 2022
    Assignee: ioXt, LLC
    Inventors: Bradley Richard Ree, Gary Bernard Jabara
  • Patent number: 11310229
    Abstract: Systems and methods of biometrically authenticating a user of a device. A biometric sample of a user can be analyzed to generate a user-specific biometric signature that is substantially unique to the specific user. To authenticate a user, a biometric sample can be obtained and analyzed to determine if the biometric signature is present in the sample. If so, the user can be biometrically authenticated to use the device. The device can provide a network with an indication of the authentication of the user to authenticate the device to the network. In response to the authentication, the network can provide the device access to the network, its resources, or portion(s) thereof.
    Type: Grant
    Filed: June 26, 2019
    Date of Patent: April 19, 2022
    Assignee: T-MOBILE USA, INC.
    Inventor: Bhagwan Singh Khanka
  • Patent number: 11303625
    Abstract: An industrial automation device with a token to be used as authentication information in information exchange between a first cloud service and the industrial automation device, a mobile device is connected to the industrial automation device and to a cloud service that is the first cloud service or a second cloud service. After authenticating the user of the mobile device to the cloud service, a token is generated by the cloud service to the first cloud service, and forwarded via the mobile device to the industrial automation device. If the cloud service that generated the token is the second cloud service, the token is forwarded via the mobile device, after the mobile has been authenticated in the first cloud service, the first cloud service. Thereafter the industrial automation device and the first cloud service may communicate directly with each other using the token for authentication.
    Type: Grant
    Filed: January 10, 2019
    Date of Patent: April 12, 2022
    Assignee: ABB Schweiz AG
    Inventors: Zhongliang Hu, Toni Kuikka, Mikko Kohvakka
  • Patent number: 11301568
    Abstract: The disclosed computer-implemented method for computing a risk score for stored information may include (1) extracting factor-specific information from metadata describing characteristics of files stored on multiple storage devices, (2) assigning at least one respective factor score to at least one respective factor based at least in part on the factor-specific information, and (3) calculating the risk score from the at least one factor score. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 29, 2018
    Date of Patent: April 12, 2022
    Assignee: Veritas Technologies LLC
    Inventors: Shailesh Dargude, Satish Grandhi, Anand Athavale, Rohit Nath
  • Patent number: 11290268
    Abstract: This application describes various embodiments to manage multiple security certificates in a wireless device, including switching between different security certificates to support different functions, including supporting connectivity for multiple industry sectors that use different certificate authorities, and/or supporting different operational modes that require different security certificates for performing administrative functions. The wireless device includes a smart secure platform (SSP) or an embedded Universal Integrated Circuit Card (eUICC) that stores multiple security certificates to use for different industry sectors and/or for different operational modes.
    Type: Grant
    Filed: September 10, 2019
    Date of Patent: March 29, 2022
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Li Li
  • Patent number: 11290283
    Abstract: Certain aspects and features provide an automated process for a server switching from a self-signed digital certificate to a digital certificate signed by a trusted certificate authority (CA). During initiation of an encrypted communication session, for example, during a transport layer security (TLS) handshake, upon receiving a client hello message, the server determines if it is using a self-signed digital certificate. If so, the server automatically creates and sends a certificate signing request, receives a CA-signed digital certificate, and replaces the self-signed digital certificate in its key store with the CA-signed digital certificate. The server then includes the new, CA-signed digital certificate in the server hello message sent back to the client to establish the encrypted communication session.
    Type: Grant
    Filed: October 10, 2019
    Date of Patent: March 29, 2022
    Assignee: Red Hat, Inc.
    Inventors: Farah Juma, Darran Andrew Lofthouse
  • Patent number: 11290885
    Abstract: The present invention relates to a communication system is provided, wherein the communication system comprising: a first communication unit, comprising a first communication processor for providing communication via a first channel, at least one second communication unit separate to the first communication unit, comprising a second communication processor for providing communication via a second channel, a coupling unit for coupling the first communication unit with the at least one second communication unit, wherein the first communication unit further comprises: a communication control unit coupled to the second communication unit via the coupling unit, wherein the communication control unit is configured to enable the mutual utilization of electronic resources between the first and second communication unit, and an encryption unit for providing encrypted communication via as well the first communication channel and the second communication channel.
    Type: Grant
    Filed: November 5, 2019
    Date of Patent: March 29, 2022
    Assignee: ROHDE & SCHWARZ GMBH & CO. KG
    Inventor: Thomas Bögl
  • Patent number: 11283629
    Abstract: Certain aspects and features provide an automated process for a server switching from existing digital certificate that is expired or about to expire to a new digital certificate signed by a trusted certificate authority (CA). During initiation of an encrypted communication session, for example, during a transport layer security (TLS) handshake, upon receiving a client hello message, the server determines whether it is using a renewable digital certificate. If so, the server automatically creates and sends a certificate signing request; receives a new, CA-signed digital certificate; and replaces the existing digital certificate in its key store with the new digital certificate. The server then includes the new digital certificate in the server hello message sent back to the client to establish the encrypted communication session.
    Type: Grant
    Filed: October 10, 2019
    Date of Patent: March 22, 2022
    Assignee: Red Hat, Inc.
    Inventors: Farah Juma, Darren Andrew Lofthouse
  • Patent number: 11277435
    Abstract: Techniques described herein improve database security by reducing network attack surface area in conjunction with deep input validation. In an embodiment, a database session receives one or more network packets sent via a network, the database session including a database session state that specifies one or more database privileges. The database session reads said one or more network packets into one or more request-packet-buffers, wherein said one or more request-packet-buffers include an RPC op code for a database operation. Based on the one or more database privileges associated with the user associated with the database session, the database session determines whether the RPC op code may be executed. In response to determining that the RPC op code may be executed by said database session, the RPC op code is executed. In response to determining that the op code may not be executed by said database session, the execution of the RPC op code is prevented.
    Type: Grant
    Filed: September 14, 2017
    Date of Patent: March 15, 2022
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Krishna Mohan Itikarlapalli, Santanu Datta, Srinath Krishnaswamy, Lakshminarayanan Chidambaran, Rajesh Kumar, Sumit Sahu, Rajendra Pingte
  • Patent number: 11277740
    Abstract: A method, including, associating a wireless tracker with an asset, tracking a location of the asset via the wireless tracker, determining a recipient mobile device authorized to accept receipt of the asset, determining a recipient mobile device holder is authorized to accept receipt of the asset, determining if the location of the asset is within a defined delivery location, determining if the authorized recipient mobile device is within the defined delivery location, sending a passcode to the authorized recipient mobile device if the authorized recipient mobile device location and the location of the asset are within the defined delivery location, receiving an authenticated passcode from the authorized recipient mobile device within the defined delivery location and notifying a delivery agent that delivery of the asset is approved.
    Type: Grant
    Filed: February 2, 2019
    Date of Patent: March 15, 2022
    Assignee: ROAMBEE Corporation
    Inventors: Vidya Subramanian, Sanjay Sharma
  • Patent number: 11277396
    Abstract: The present invention relates to a method for authorization management in a community (106) of connected objects (103, 104, 105), a master object being determined in said community, the method comprising: receipt, by the master object (102), of a request (110, 123, 130) to carry out an action concerning: the community (106) of connected objects (103, 104, 105) or an internal object of the community (106), the internal object being distinct from the master object (102); receipt (119, 124, 137) of a list of attributes (101), by an authentication server (107) that is distinct from the master object (102); after the list of attributes is verified by the authentication server (107) and a capability of the requesting object (101) is determined based on said list of attributes, receipt (201, 211, 221) by the master object (102) of an authentication token comprising said capability; transfer (202, 212, 222) of said authentication token to said requesting object (101).
    Type: Grant
    Filed: November 9, 2017
    Date of Patent: March 15, 2022
    Assignee: ORANGE
    Inventors: Dina Hussein, Emmanuel Bertin