Patents Examined by Devin E Almeida
-
Patent number: 12682126Abstract: Systems, methods, and apparatuses relating to an instruction that allows a trusted execution environment to react to an asynchronous exit are described. In one embodiment, a hardware processor includes a register comprising a field, that when set, is to enable an architecturally protected execution environment for code in an architecturally protected enclave in memory, a decoder circuit to decode a single instruction comprising an opcode into a decoded instruction, the opcode to indicate an execution circuit is to invoke a handler to handle an asynchronous exit from execution of the code in the architecturally protected enclave and then resume execution of the code in the architecturally protected enclave from where the asynchronous exit occurred, and the execution circuit to respond to the decoded instruction as specified by the opcode.Type: GrantFiled: December 26, 2020Date of Patent: July 14, 2026Assignee: Intel CorporationInventors: Scott Constable, Mark Shanahan, Mona Vij, Bin Xing, Krystof Zmudzinski
-
Patent number: 12666255Abstract: Systems and methods for selective User Plane protection in a 5G virtual RAN are provided. A method performed by a gNB Central Unit (gNB-CU) for communicating with a gNB-Distributed Unit (gNB-DU) includes determining whether to selectively encrypt a PDU to be sent to the gNB-DU if the PDU is not otherwise encrypted. In response to determining to selectively encrypt, the method includes encrypting the PDU to be sent to the gNB-DU. In response to determining to not selectively encrypt, the method includes passing the PDU to be sent to the gNB-DU. In this way, additional security is provided while performance impact is minimized. In some embodiments, this provides a lower overhead on the gNB-CU-UP side compared to applying a generic protection of all PDUs. Additionally, the latency overhead is limited since a secure session establishment and handshake is confined to the gNB-CU-UP-SEG domain instead of gNB-CU-UP to gNB-DU.Type: GrantFiled: March 18, 2020Date of Patent: June 23, 2026Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Stere Preda, Daniel Migault, Amine Boukhtouta, Xiaowen Yue
-
Patent number: 12665744Abstract: A cryptographic computer processes a word of p bits in an electronic message as a set of k n-state elements with n an integer greater than 2 and 2{circumflex over (?)}p>n and k>1, with the p bits being characterized as a word of k n-state elements. The computer processes two words of k n-state elements as an radix-n operation that includes a 2 operand reversible n-state operation of which an output is a residue and a 2 operand n-state transition function of which an output is an n-state transition element. An output of the radix-n operation is a word of k n-state elements. The radix-n operation is preferably not reversible and is part of an operation that generates a cryptographic message. A standard cryptographic operation is modified by applying the radix-n operation. The cryptographic message is transmitted over a physical channel.Type: GrantFiled: October 7, 2024Date of Patent: June 23, 2026Inventor: Peter Lablans
-
Patent number: 12665769Abstract: Technology related to authentication using an intermediary is disclosed. In one example, a method for authentication can include intercepting a first authentication response destined for a server. The first authentication response identifies a server authentication service and is digitally signed by an identity service provider. The first authentication response can be authenticated using a cryptographic key of the identity service provider to validate an identity service provider signature included in the first authentication response. In response to validating the identity service provider signature, a second authentication response can be sent to the server that identifies the server authentication service.Type: GrantFiled: August 9, 2019Date of Patent: June 23, 2026Assignee: F5, Inc.Inventors: Michael James Coleman, II, Graham Rein Alderson, Charlie Wilson Lesley, III
-
Patent number: 12657349Abstract: Encrypting keystroke data in a multi-session-enabled computing device includes receiving a first control message requesting enabling of keystroke encryption for a protected application executing in a first desktop session. The first control message includes application identification information of the protected application. Keystroke encryption is enabled for keystrokes targeting the first desktop session based on receipt of the first control message. Keystroke data sent to the protected application is encrypted while the protected application maintains keyboard focus in the first desktop session. Unencrypted keystroke data is transmitted to another application of a second desktop session while keystroke encryption is enabled for the protected application in the first desktop session.Type: GrantFiled: September 15, 2023Date of Patent: June 16, 2026Assignee: Omnissa, LLCInventors: Xiaoyu Kong, YiQun Yun, ZhangLin Zhou, Yang Yu
-
Patent number: 12659152Abstract: A system includes a memory configured to store a set of private valid source data. The system includes processors operably coupled to the memory and configured to access the set of private valid source data, and to execute a dynamic data encryption engine configured to identify a sensitivity level of the set of private valid source data and to encrypt the set of private valid source data in accordance with a data encryption algorithm. The data encryption algorithm is selected based on the identified sensitivity level. The processors further execute a data ingestion and dynamic decryption engine configured to ingest the encrypted set of private valid source data into the hybrid cloud computing and storage system, and in response to receiving a request to retrieve the encrypted set of private valid source data from the hybrid cloud computing and storage system, decrypt the encrypted set of private valid source data.Type: GrantFiled: June 26, 2024Date of Patent: June 16, 2026Assignee: Bank of America CorporationInventors: Bikash Dash, Meera Lakshmi
-
Patent number: 12627511Abstract: Methods and systems for managing endpoint devices are disclosed. The endpoint devices may be managed by onboarding them. To onboarding the endpoint devices, ownership vouchers and proxy certificates may be used to cryptographically verify to which entities authority over the endpoint devices have been delegated. The proxy certificates may extend certificate and/or delegation chains in ownership vouchers to other devices. The extended chains may eliminate the need for proliferation of keys used to demonstrate authority over endpoint devices.Type: GrantFiled: March 26, 2024Date of Patent: May 12, 2026Assignee: Dell Products L.P.Inventors: Bradley K. Goodman, Joseph Caisse, Govind Pulikode Mukundan
-
Patent number: 12621148Abstract: A system for performing operations using linear integer programming for RSA factorization is provided, including an n/e extractor, a prime factorization calculator, a private key determiner, and a decryptor. The n/e extractor is configured to extract a modulus and a public key exponent from a public key. The prime factorization calculator is configured to: determine a semi-prime number of the modulus according to the modulus; use a tail digit and a head digit set of the semi-prime number of the modulus to perform decomposition and factorization with respect to the semi-prime number into two prime factors. The private key determiner is configured to determine a private key using the public key exponent and the two prime numbers. The decryptor is configured to decrypt an encrypted message using the private key so as to generate a decrypted message.Type: GrantFiled: February 8, 2024Date of Patent: May 5, 2026Assignee: City University of Hong KongInventors: Han-Lin Li, Way Kuo
-
Patent number: 12613960Abstract: Some embodiments include a method for detecting and interrupting a cache-based side-channel attack. The method includes: (1) at least calibrating one or more chiplets of a network by calculating a threshold; (2) determining one or more device heartbeat vectors of the one or more chiplets, the one or more device heartbeat vectors being derived at least part from one or more measurements of activity of one of more dedicated security processors associated with the one or more chiplets; (3) determining that a particular chiplet of the one or more chiplets is being attacked with a cache-based side-channel attack, the determining being based at least in part on a computed disparity exceeding the threshold; and (4) employing countermeasures against the cache-based side-channel attack of the particular chiplet, the countermeasures including revoking one or more access rights of the particular chiplet on the network.Type: GrantFiled: May 22, 2022Date of Patent: April 28, 2026Assignee: Ceremorphic, Inc.Inventors: Joydeep Kumar Devnath, Ananya Shrivastava, Arpan Manna, Chandrajit Pal, Mohammed Sumair, Suyash Kandele, Govardhan Mattela
-
Patent number: 12609928Abstract: An apparatus comprises at least one processing device including a processor and a memory. The at least one processing device is configured to implement an agent application for supporting an authentication process between a client device and a web server over at least one network, to register the agent application with an operating system of the client device, and in conjunction with initiation of the authentication process via a web browser of the client device, to obtain a uniform resource identifier (URI) from the web server, the URI corresponding to a particular endpoint of the web server, and to make the URI accessible to the agent application via the operating system. The at least one processing device is further configured to carry out one or more authentication operations of the authentication process at least in part through interaction between the agent application and the particular endpoint of the web server.Type: GrantFiled: December 22, 2022Date of Patent: April 21, 2026Assignee: Dell Products L.P.Inventor: Jacob R. Hutcheson
-
Patent number: 12580763Abstract: A computer-implemented method includes generating two tensile circles based on a common circle created by overlapping two tensile spheres. An angle is determined using a modulo function and a predefined value. The angle is applied to both tensile circles. Next, multiplicands are determined for both tensile circles based on the angle applied to both tensile circles. The method then encrypts and/or decrypts data using a symmetric cryptography technique and the multiplicands.Type: GrantFiled: May 12, 2023Date of Patent: March 17, 2026Assignee: International Business Machines CorporationInventors: Mauro Marzorati, Rosa M. Bolger, Yaser K. Doleh, Aaron K. Baughman
-
Patent number: 12562886Abstract: Evaluating polynomials for use under fully homomorphic encryption (FHE) is provided. An input polynomial of degree n is received, wherein n is equal to 2{circumflex over (?)}m. An input ciphertext containing an input value is also received. The input value is duplicated in n/2 slots. Two plaintext vectors each containing half of the roots in the polynomial are subtracted from the input ciphertext, obtaining second and third ciphertexts, which are multiplied elementwise to produce a result ciphertext comprising n/2 slots. The result ciphertext is rotated by 2{circumflex over (?)}i to generate a rotated ciphertext (i=iteration number) and multiplied by the rotated ciphertext to produce a new result ciphertext, for m?1 iterations. The final result ciphertext is multiplied with a leading coefficient of the polynomial, resulting in a final polynomial evaluation. An operation not supported under FHE is estimated according to the final evaluation.Type: GrantFiled: March 13, 2024Date of Patent: February 24, 2026Assignee: International Business Machines CorporationInventors: Allon Adir, Ramy Masalha, Ehud Aharoni, Nir Drucker
-
Patent number: 12556512Abstract: A method for automatic configuration and use of Category 1 message filtering rules includes, at a network function (NF), subscribing, with an NF repository function (NRF), to receive notification of NF profile changes. The method further includes receiving, from the NRF and as a result of the subscribing, notification of an NF profile change. The method further includes automatically configuring, based on the notification of the NF profile change, at least one Category 1 message filtering rule implemented. The method further includes using the at least one Category 1 message filtering rule to filter service based interface (SBI) messages.Type: GrantFiled: September 2, 2022Date of Patent: February 17, 2026Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Jay Rajput, Virendra Singh, John Nirmal Mohan Raj
-
Patent number: 12556393Abstract: Systems, methods, and computer-readable storage media to trace obfuscated data of an entity. One system includes a data processing system including memory and one or more processors configured to generate a data structure including a plurality of cryptographic outputs, wherein each of the plurality of cryptographic outputs obfuscates data of at least one identifier of the entity. The processors are further configured to broadcast the data structure to a distributed ledger and receive a proof request associated with a customer's cryptographic output. The processors are further configured to generate a cryptographic proof dataset for the customer's cryptographic output and provide the cryptographic proof dataset.Type: GrantFiled: June 7, 2023Date of Patent: February 17, 2026Assignee: Wells Fargo Bank, N.A.Inventors: Arushi Sood Joshi, George Bonano
-
Patent number: 12542682Abstract: Example implementations provide a computer program product for authenticating a number of grouped product-packaging pairs, in which each product-packaging pair comprises a respective message, associated with a respective product, and a respective signature associated with the message; the computer program product comprising machine executable instructions arranged, when processed, to: read the product messages and the signatures from the grouped product-packaging pairs; determine and store bilinear computation results associated with each of the messages, and each of the signatures; and determine, from the stored bilinear computation results, whether or not at least one product-packaging pair of the number of grouped product-packaging pairs is authentic.Type: GrantFiled: December 14, 2020Date of Patent: February 3, 2026Assignee: Hewlett-Packard Development Company, L.P.Inventors: Thalia May Laing, Christopher Ian Dalton, Gabriel Scott McDaniel, Paul L. Jeran
-
Patent number: 12532175Abstract: A communication system includes a first network device including a RADIUS server configured to determine whether to authenticate a network communication of a terminal, or a first RADIUS client corresponding to a RADIUS server and storing identification information identifying the RADIUS server and a secret key, and a second network device directly connected to the first network device in the same network segment as the first network device. The first network device includes a first processor and a first memory device configured to store a first program, the first program being executed by the first processor to cause the first processor to transmit the identification information and the secret key to the second network device in a first time period.Type: GrantFiled: November 8, 2022Date of Patent: January 20, 2026Assignee: Yamaha CorporationInventors: Shogo Fujita, Kosuke Onoyama, Koji Onda, Satoshi Miyagishima
-
Patent number: 12500768Abstract: An apparatus and method for facilitating zero-knowledge proofs is disclosed. The apparatus includes at least a processor and a memory communicatively connected to the at least a processor, the memory contains instructions configuring the at least a processor to identify a trace, divide the trace into a plurality of trace segment, identifying at least an operation of the trace and dividing the trace into the plurality of trace segments as a function of the at least an operation of the trace, recompile the plurality of trace segments for zero-knowledge proof generation and generate a zero-knowledge proof for each of the plurality of recompiled trace segments.Type: GrantFiled: October 5, 2023Date of Patent: December 16, 2025Assignee: Onai Inc.Inventors: Guha Jayachandran, Patrick Grinaway, Volkmar Frinken, Jayavanth Shenoy, Galana Gebisa, Shriphani Palakodety
-
Patent number: 12493532Abstract: Methods for database recovery for encrypted indexes are performed by systems and devices. A query with a decryption key is received from a client device, where the query modifies an encrypted index of a database using a secure enclave. When events requiring remedial actions for the database occur during the querying, some transactions of the query and later queries are deferred, and a remedial action is initiated that includes restarting the database. A determination of the remedial action being unsuccessful in recovering the encrypted index causes the action to be re-performed until another query having the decryption key is received whereupon the action is performed again to recover the encrypted index utilizing the decryption key. Deferred transactions are then performed with the decryption key. When a database restarts for access without secure enclaves, the encrypted index for the database is invalidated, and the remedial actions are otherwise completed or discarded.Type: GrantFiled: November 22, 2019Date of Patent: December 9, 2025Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Panagiotis Antonopoulos, Arvind Arasu, Nitish Gupta, Rajat Jain, Raghav Kaushik, Hanumantha R. Kodavalla, Nikolas Ogg, Ravishankar Ramamurthy, Kunal Deep Singh, Jakub Szymaszek, Jeffrey Michael Trimmer
-
Patent number: 12494912Abstract: An example system includes a one-time-use secret (OTUS) deployer engine to: provide an OTUS within a container-orchestrated environment (COE). The example system further includes: a non-OTUS provider engine to: provide a non-OTUS in exchange for the OTUS; and, invalidate the OTUS when the non-OTUS is provided. The example system further includes: a first container engine to: in response to bootstrapping, receive the OTUS from the OTUS deployer engine; and receive the non-OTUS from the non-OTUS provider engine in exchange for the OTUS. The example system further includes: a replica of the first container engine, to: in response to bootstrapping, after the first container engine, receive the OTUS from the OTUS deployer engine; attempt to receive the non-OTUS from the non-OTUS provider engine in exchange for the OTUS; receive an indication from the non-OTUS provider engine that the OTUS is invalid; and receive the non-OTUS from the first container engine.Type: GrantFiled: March 4, 2020Date of Patent: December 9, 2025Assignee: Hewlett-Packard Development Company, L.P.Inventors: Rafael da Fonte Lopes da Silva, Natalia Machado dos Santos, Mauricio Coutinho Moraes
-
Patent number: 12487280Abstract: Various examples relate to apparatuses, methods, and computer programs for executing an executable, and to a method for distributing software or firmware. An apparatus for executing an executable comprises interface circuitry, machine-readable instructions, and processing circuitry for executing the machine-readable instructions to identify, for the executable, a trigger to activate or deactivate a noise injection mode during execution of the executable, the noise injection mode being suitable for introducing noise during execution of the executable, and activate or deactivate the noise injection mode based on the identified trigger.Type: GrantFiled: April 26, 2023Date of Patent: December 2, 2025Assignee: Intel CorporationInventors: Mateusz Bronk, Arkadiusz Berent, Piotr Zmijewski, Krystian Matusiewicz