Patents Examined by Eleni Shiferaw
  • Patent number: 11457014
    Abstract: A method, system and computer program product relating to an application server operable to manage a microservice-based application, i.e. app, on behalf of clients, the clients being available for use by system actors who may be, for example, end users, bots, developers or other apps. A permissions validator is used to compute effective permissions in response to client requests. The requests are granted or denied conditional on the effective permissions being at least a subset of the permissions required to be given by any of the app's microservices that are needed for the resource being requested. The effective permissions are computed from an intersection of a set of actor permissions, a set of client permissions and a set of resource permissions.
    Type: Grant
    Filed: October 26, 2017
    Date of Patent: September 27, 2022
    Assignee: International Business Machines Corporation
    Inventors: Vincent Burckhardt, Andre Fischer, Olgierd Pieczul, J├╝rgen Schmidt, Xiao F. Yu
  • Patent number: 11431480
    Abstract: A method, apparatus, and system for assigning the execution of a cryptography and/or compression operation on a data segment to either a central processing unit (CPU) or a hardware cryptography/compression accelerator is disclosed. In particular, a data segment on which a cryptography and/or compression operation is to be executed is received. Status information relating to a CPU and a hardware cryptography/compression accelerator is determined. Whether the operation is to be executed on the CPU or on the hardware accelerator is determined based at least in part on the status information. In response to determining that the operation is to be executed on the CPU, the data segment is forwarded to the CPU for execution of the operation. On the other hand, in response to determining that the operation is to be executed on the hardware accelerator, the data segment is forwarded to the hardware accelerator for execution of the operation.
    Type: Grant
    Filed: July 11, 2019
    Date of Patent: August 30, 2022
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Bing Liu, Tao Chen, Wei Lin, Yong Zou
  • Patent number: 11423156
    Abstract: The disclosure relates to detecting vulnerabilities in managed client devices. A system determines whether a vulnerability scan of a computing device is required to be performed. The system installs a vulnerability detection component in the computing device in response to determining that the vulnerability scan is required to be performed. The system requests the vulnerability detection component to perform the vulnerability scan of the computing device. The system transmits a result of the vulnerability scan to a remote management service for the computing device.
    Type: Grant
    Filed: October 14, 2019
    Date of Patent: August 23, 2022
    Assignee: AirWatch LLC
    Inventors: Scott Harlow Kelley, Adarsh Subhash Chandra Jain, Stephen Turner
  • Patent number: 11425016
    Abstract: A system related to black hole filtering is provided. The system can allow a dynamic routing protocol on a network device to determine whether a route learned by the dynamic routing protocol is a black hole route. The route may be learned through another source. In response to a determination that the route is the black hole route, the dynamic routing protocol may generate a routing update that indicates the route as the black hole route. The dynamic routing protocol may then advertise the routing update to each neighbor network device.
    Type: Grant
    Filed: July 30, 2018
    Date of Patent: August 23, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Anil Raj, Anoop Govindan Nair, Srijith Ponnappan
  • Patent number: 11418349
    Abstract: The present invention relates to a block chain-based method of generating data block shared between a plurality of nodes. According to an example, the method for generating the data block may comprise a step for obtaining at least one binding data having public or private characteristics; a step for determining a binding key having a decoding permission level for each binding data; a step for encoding the binding data using the binding key; and a step for generating a data block including the encoded binding data, and at least a portion of the binding key.
    Type: Grant
    Filed: February 12, 2019
    Date of Patent: August 16, 2022
    Inventor: Park Sung Bae
  • Patent number: 11405223
    Abstract: In accordance with an embodiment, a physically unclonable function device includes a set of transistor pairs, transistors of the set of transistor pairs having a randomly distributed effective threshold voltage belonging to a common random distribution; a differential read circuit configured to measure a threshold difference between the effective threshold voltages of transistors of transistor pairs of the set of transistor pairs, and to identify a transistor pair in which the measured threshold difference is smaller than a margin value as being an unreliable transistor pair; and a write circuit configured to shift the effective threshold voltage of a transistor of the unreliable transistor pair to be inside the common random distribution.
    Type: Grant
    Filed: February 6, 2020
    Date of Patent: August 2, 2022
    Assignees: STMICROELECTRONICS (ROUSSET) SAS, STMICROELECTRONICS (CROLLES 2) SAS
    Inventors: Francesco La Rosa, Marc Mantelli, Stephan Niel, Arnaud Regnier
  • Patent number: 11379612
    Abstract: A method of optimizing performance of and securing cloud storage and databases including analyzing data comprised by a data request by an agent application on a computerized device, the data request being generated by a client application and inserting a tag into the data request responsive to the analysis of the data comprised by the data request, the tag indicating storage requirements for at least one of security, access speed, or fault tolerance.
    Type: Grant
    Filed: October 17, 2019
    Date of Patent: July 5, 2022
    Inventor: Vijay Madisetti
  • Patent number: 11366895
    Abstract: Embodiments include side channel defender circuitry to protect shared code pages in executable only memory (XOM) from side-channel exploits. The side channel defender circuitry receives system calls and determines whether code pages include executable code, whether the code pages include writeable code, and whether the code pages include instructions capable of altering or modifying one or more protection keys associated with code pages stored in XOM. If the code pages contain executable code that is writeable or executable code that includes instructions capable of altering or modifying one or more protection keys associated with code pages stored in XOM the side channel defender circuitry, the side channel defender circuitry aborts the system call.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: June 21, 2022
    Assignee: Intel Corporation
    Inventors: Ravi Sahita, Mingwei Zhang
  • Patent number: 11343672
    Abstract: A system and method for secure communications between a master and a plurality of devices in a wireless communications network are provided. The method includes encrypting, on said master, downlink plaintext for multicast transmission to a plurality of devices over a wireless communications link utilizing a symmetric key encryption algorithm in accordance with a first counter value and a shared symmetric session key; and decrypting, on one of said devices, multicast downlink cyphertext received from said master over said wireless communications link utilizing a symmetric key decryption algorithm in accordance with a second counter value and said shared symmetric session key.
    Type: Grant
    Filed: February 19, 2020
    Date of Patent: May 24, 2022
    Assignee: Coretigo Ltd.
    Inventors: Nir Efraim Joseph Tal, Dan Wolberg, Alex Regev
  • Patent number: 11336434
    Abstract: An Internet of Things (IoT) networking authentication system and a method thereof are provided. The IoT networking authentication system includes an idle IoT apparatus and a networked IoT apparatus. The idle IoT apparatus encrypts a connection request according to a key to generate a connection request ciphertext and sends the connection request ciphertext. The networked IoT apparatus receives the connection request ciphertext and decrypts, according to the key, the connection request ciphertext to obtain the connection request. The networked IoT apparatus authenticates the idle IoT apparatus according to the connection request to generate an authentication result. The networked IoT apparatus determines, according to the authentication result and a networking condition, whether to allow the idle IoT apparatus to join an IoT network, so as to generate a connection response. The networked IoT apparatus outputs the connection response to the idle IoT apparatus.
    Type: Grant
    Filed: July 7, 2020
    Date of Patent: May 17, 2022
    Assignee: REALTEK SEMICONDUCTOR CORP.
    Inventors: Zuo-Hui Peng, Zhao-Ming Li, Guo-Feng Zhang, Cui Ding, Jing-Jun Wu
  • Patent number: 11336442
    Abstract: Traditional key generation methods in a noisy network often assume trusted devices and are thus vulnerable to many attacks including covert channels. The present invention differs from previous key generation schemes in that it presents a mechanism which allows secure key generation with untrusted devices in a noisy network with a prescribed access structure.
    Type: Grant
    Filed: November 8, 2018
    Date of Patent: May 17, 2022
    Assignee: UNIVERSIDAD DE VIGO
    Inventors: Marcos Curty Alonso, Lo Hoi-Kwong
  • Patent number: 11296875
    Abstract: A method for cryptographic key provisioning includes, via a main authentication server (MAS), generating a first secret key and registering a client by performing a first portion of a first instance of a distributed threshold oblivious pseudo-random function. The first instance of the function results in the client obtaining a root secret key and the MAS obtaining a corresponding root public key. The method includes authenticating the client to the MAS by performing a first portion of a second instance of the distributed threshold oblivious pseudo-random function. The second instance of the function results in the client obtaining the root secret key. Information stored by the client, the first secret key, and a second secret key generated by a support authentication server are inputs to at least one of the first and second instances of the distributed threshold oblivious pseudo-random function.
    Type: Grant
    Filed: March 27, 2020
    Date of Patent: April 5, 2022
    Assignees: NEC LABORATORIES EUROPE GMBH, IMDEA SOFTWARE INSTITUTE
    Inventors: Claudio Soriente, Antonio Faonio, Maria Isabel Gonzalez Vasco, Angel Perez del Pozo
  • Patent number: 11258616
    Abstract: A decentralized key management system according to an embodiment of the present disclosure includes a bootstrap for generating a key and obtaining a certificate corresponding to the generated key, a memory for receiving the key and the certificate from the bootstrap and storing the key and the certificate, a container, in response to a mount command of the bootstrap, for reading the key and the certificate from the memory and being mounted with the key and the certificate, and a controller for generating the bootstrap, and deleting the bootstrap after the container mounts the key and the certificate.
    Type: Grant
    Filed: May 28, 2020
    Date of Patent: February 22, 2022
    Assignee: SAMSUNG SDS CO., LTD.
    Inventors: Hyo Jung Lee, Chang Suk Yoon, Jung Woo Cho, Young Woon Kwon, Kwang Cheol Lee
  • Patent number: 11251581
    Abstract: A device that is capable of eliminating a power trace that can be analyzed in a power analysis attack and serves as a highly effective countermeasure against power analysis attacks. The device comprising an optical source providing optical energy to an integrated circuit. An optical detector optically linked to the optical source and converts the optical energy from the optical source into electrical energy to power a secure circuit.
    Type: Grant
    Filed: June 30, 2020
    Date of Patent: February 15, 2022
    Inventors: Jennifer Lynn Dworak, Ping Gui, Scott McWilliams, Gary Alan Evans
  • Patent number: 11251937
    Abstract: Provided herein are exemplary systems and methods for creating a secure self-validating network of blockchain/distributed ledger participants. Some exemplary mechanisms support self-validation, mutual-validation, external-validation and privacy controls. Such mechanisms enable the deployment and continued operation of large scale blockchain and distributed ledger systems with a self-certifying security system. They create the ability for rules to be codified to control the rights, privileges and access of nodes depending on their self-certification and external-certification. Also provided is an audit trail of these certifications which can be used for liability claims, insurance, security analytics and forensics.
    Type: Grant
    Filed: January 18, 2019
    Date of Patent: February 15, 2022
    Assignee: CipherTrace, Inc.
    Inventor: David Jevans
  • Patent number: 11245690
    Abstract: A system and method provide streamlined restricted access to a secure server through a communications network. A client identifier parameter value is established and uniquely associated with a user registering with an authentication server, and is stored in at least first and second predetermined storage forms within a data storage system, the first form readable exclusively by a client device of the user and the second form readable by the authentication server. The client device then authenticates by retrieving the client identifier parameter value from the data storage system and providing it to the authentication server, which independently retrieves the client identifier parameter value from the data storage system for comparison, and initiates an interactive communication session between the client device and the secure server responsive to the comparison. Between comparisons, the client identifier parameter values are stored exclusively on the data storage system and deleted from all other devices.
    Type: Grant
    Filed: February 5, 2020
    Date of Patent: February 8, 2022
    Assignee: DG Ventures, LLC
    Inventor: Jung Yoon
  • Patent number: 11240011
    Abstract: An object sharing system and an object sharing method are provided. The system includes a plurality of shared objects and a plurality of data servers. The shared objects are respectively provided by a plurality of object suppliers. The data servers are respectively provided by the object suppliers and connected to form a distributed data redundancy network so as to store a plurality of sub-secret data separated from shared secret information in a decentralized way. The data server of each of the object suppliers is connected to the shared objects provided by the object supplier, and collects a required quantity of sub-secret data for reconstructing the shared secret information via the distributed data redundancy network so as to reconstruct the shared secret information configured to verify an access right to the shared object for a user device when receiving an access request for the shared object from the user device.
    Type: Grant
    Filed: August 26, 2019
    Date of Patent: February 1, 2022
    Assignee: Industrial Technology Research Institute
    Inventor: Po-Ling Sun
  • Patent number: 11232718
    Abstract: A method performed by a device for protecting data is provided. The method comprises inputting, to a Physically Unclonable Function, PUF, of the device, a challenge; obtaining, from the PUF, a response; and protecting the data by using the response. A device, a method in an encryption unit, computer program and computer program product are also provided.
    Type: Grant
    Filed: February 1, 2017
    Date of Patent: January 25, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Karl Norrman, Elena Dubrova
  • Patent number: 11197157
    Abstract: A method, an apparatus, and a system for performing authentication on a terminal in a wireless local area network are provided. The method uses a feature code as a part of an authentication credential. The feature code is a function of capability parameters of a terminal. The feature code can identify the terminal, so that the authentication server determines the authentication result based on a MAC address and the feature code of the terminal.
    Type: Grant
    Filed: April 25, 2019
    Date of Patent: December 7, 2021
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Qian Wang, Dexiang Song, Daoli Yu
  • Patent number: 11184169
    Abstract: The disclosed computer-implemented method for crowd-storing encryption keys may include (i) sending, from a client computing device and to a server, a recovery request, (ii) creating a first public-private key pair, (iii) receiving a plurality of encrypted shares of an encryption key from the server in response to the recovery request, where the encrypted shares are encrypted with a first public key of the first public-private key pair, and (iv) performing a security action including (A) decrypting the plurality of encrypted shares of the encryption key with a first private key of the first public-private key pair and (B) recovering the encryption key from the decrypted plurality of shares of the encryption key. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 24, 2018
    Date of Patent: November 23, 2021
    Assignee: NortonLifeLock Inc.
    Inventors: Ilya Sokolov, Lei Gu, Daniel Kats