Abstract: Technologies for sharing secure content include a source computing device to determine a content use policy for content of the source computing device. The content use policy defines at least one location at which a destination computing device is permitted to access the content. The source computing device encrypts the content with an encryption key to generate encrypted content, generates a secure content package, and transmits the secure content package to the destination computing device. The secure content package includes the encrypted content and the content use policy.
Abstract: Electronic devices are adapted to generate cryptographic keys from one or more biometrics. According to one examples, an electronic device can obtain a non-encoded bit string associated with biometric information for an individual. The non-encoded bit string can be treated as if it were encoded and a decoding operation may be applied to the bit string, resulting in a modified bit string. One or more cryptographic keys can then be generated based at least in part on the modified bit string. Other aspects, embodiments, and features are also included.
Type:
Grant
Filed:
July 2, 2015
Date of Patent:
September 4, 2018
Assignee:
QUALCOMM Incorporated
Inventors:
Michael William Paddon, Miriam Wiggers De Vries, Philip Michael Hawkes, Craig Brown, Guilherme Luiz Karnas Hoefel, Craig William Northway
Abstract: An example method for processing a batch job that includes a plurality of sequentially ordered tasks includes obtaining a message that includes inputs of a plurality of tasks included in a batch job. The plurality of tasks includes a first task that is sequentially ordered before a second task. The method also includes assigning tasks of the plurality of tasks to different computing nodes. The first task is assigned to a first computing node associated with a first public key, and the second task is assigned to a second computing node associated with a second public key.
Abstract: Methods and systems for communicating information are disclosed. An example method can comprise receiving information at a first device based on a first protocol. The information can be translated, at the first device, for communication to a second device based on a second protocol. A determination can be made as to whether the information matches a criterion associated with a transportation device. The information can be provided to the second device based on the second protocol and a determination that the information matches the criterion.
Type:
Grant
Filed:
June 25, 2014
Date of Patent:
September 4, 2018
Assignee:
FEDEX CORPORATION
Inventors:
Mark D. Yerger, Ted McFann, Joseph W. Slavinsky, Joshua Beckman Kendrick, Scot A. Struminger
Abstract: An information processing method, a trusted server, and a cloud server. The method includes acquiring user data of a user terminal, extracting summary information of the user data, where the summary information includes privacy information and non-privacy information of a user, generating a unique identifier (UID) for the privacy information, and transmitting the non-privacy information and the UID to a cloud server, so that the cloud server saves a correspondence between the non-privacy information and the UID.
Abstract: In one embodiment, a device in a network receives an output of an anomaly detection model. The device receives state information surrounding the output of the anomaly detection model. The device determines whether the state information supports the output of the anomaly detection model. The device causes the anomaly detection model to be adjusted based on a determination that the state information does not support the output of the anomaly detection model.
Abstract: Systems and methods for independently secured storage are described. In one embodiment, a storage device includes a network adapter to discover a remote storage device and a virtual private network (VPN) client to establish a secure connection between the storage device and the remote storage device. In some cases, the secure connection includes a point-to-point connection between the storage device and the remote storage device.
Abstract: A cloud computing system identifies opportunities for users to collaborate on a file. Collaboration opportunities are identified based on similarity of separate files that different users are associated with, and on relationships or similarities between the different users. If users associated with the separate files agree to collaborate, the users may be placed in a single editing session regarding a file having content from at least one of the separate files.
Type:
Grant
Filed:
July 22, 2016
Date of Patent:
August 28, 2018
Assignee:
GOOGLE LLC
Inventors:
Robert Brett Rose, Michael Jeffrey Procopio
Abstract: A system and method for operating, at a near location, a safety-critical device located at a far location. The system includes a first operating input device to be operated at the near location, providing a first barrier control signal; and a second operating input device to be operated at the near location, providing a second barrier control signal. The first barrier control signal is communicatively connected to a near end of a first secure communication tunnel through the non-secure communication network, and the second barrier control signal is communicatively connected to a near end of a second secure communication tunnel through the non-secure communication network. A far end of the first secure communication tunnel is communicatively connected to an activating input of a first barrier circuit, and a far end of the second secure communication tunnel is communicatively connected to an activating input of a second barrier circuit.
Type:
Grant
Filed:
January 24, 2014
Date of Patent:
August 28, 2018
Assignee:
KONGSBERG DEFENCE & AEROSPACE AS
Inventors:
Pal Longva Hellum, Per Erik Moldskred Nilssen, Oddgeir Austad
Abstract: System and method of a single machine or cluster of machines acting as a single machine that simplifies and consolidates the hosting of appliances using virtualization, containers, and or any type of sandboxing to host virtual appliances, however, interconnecting these appliance nodes in a manner of having one centralized node acting as the security center, firewall appliance, and information distributer for not only the local virtual network(s), machines, appliances, but physical and foreign virtual networks which includes but is not limited to wireless connectivity and or whatever the current ubiquitous connectivity, as well as multiple sub-networks via single or multiple networking adapters; using these methods allows for a completely secure customized network environment with all the needed appliances for the intended use case.
Abstract: Systems and methods for malware detection techniques, which detect malware by identifying the C&C communication between the malware and the remote host. In particular, the disclosed techniques distinguish between request-response transactions that carry C&C communication and request-response transactions of innocent traffic. Individual request-response transactions may be analyzed rather than entire flows, and fine-granularity features examined within the transactions. As such, these methods and systems are highly effective in distinguishing between malware C&C communication and innocent traffic, i.e., in detecting malware with high detection probability and few false alarms.
Abstract: A system may be configured to allow for network-based authentication of a user device, which may reduce or eliminate the need for a user to provide credentials. The authentication may be performed when the user device attempts to access content provided by a third party content provider. The network-based authentication may be performed by, or in conjunction with, a device that (a) is associated with the same telecommunications network as the user device, and (b) can authenticate the identity of the user device.
Abstract: There is provided a method for authentication in device to device discovery. A method performed by a Discoverer device, comprises broadcasting a direct discovery request, receiving a direct discovery response from a Discoveree device, the direct discovery response comprising a first token, and obtaining a determination of whether the first token was generated for the Discoveree device or not.
Type:
Grant
Filed:
March 5, 2015
Date of Patent:
August 28, 2018
Assignee:
TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
Inventors:
Vesa Lehtovirta, Karl Norrman, Monica Wifvesson
Abstract: Devices and methods are described to enable devices to be paired in a convenient and secure way based on proximity with the use of a single radio transmission protocol. Using devices configurable to perform the processes described, users are able to pair Bluetooth enabled devices or other radio communication protocols simply by putting the devices briefly in contact, or within close proximity, usually few centimeters. When the two devices touch or are in close proximity, the encryption key is shared across the two devices without further interaction required by the user. The encryption key is not made visible, so one potential source of security breach is eliminated. After first setup, proximity is not required and the device can communicate securely based on the previously exchanged security tokens (and encryption keys) without the requirement of proximity.
Abstract: Apparatus and methods to support location specific control to allow and/or disallow access to services through untrusted wireless networks by a wireless communication device are disclosed. One or more network elements obtain a location of the wireless communication device and selectively allow and/or disallow access to one or more cellular network services and/or one or more access point names (APNs) based on the location of the wireless communication device when connecting through an untrusted wireless network.
Type:
Grant
Filed:
December 18, 2015
Date of Patent:
August 21, 2018
Assignee:
Apple Inc.
Inventors:
Vikram Bhaskara Yerrabommanahalli, Ajoy K. Singh, Krisztian Kiss, Rohan C. Malthankar, Thomas F. Pauly
Abstract: A biometric signature system generates a digital signature for electronic documents using biometric information as a secret key. Registration commitment information is generated by performing expansion conversion on a predetermined secret key and embedding the resulting secret key in feature data of biometric information of a user, and a set with a corresponding public key. A pair of one-time secret and public keys is generated for digital signature feature data of the biometric information of the user, and a digital signature for a message is generated using the one-time secret key. A digital signature commitment is generated and a set of the one-time public key and the digital signature is output as the biometric digital signature. The digital signature is verified using the one-time public key. A differential secret key is calculated and a correspondence of the differential secret key, the one-time public key and the public key is verified.
Abstract: Disclosed are systems and processing methods that may be performed by first, second, and third processor units to give access to an item of sensitive text data from a secure electronic document. In various implementations, the systems and methods may perform operations that include obtaining the secure electronic document; triggering the display of the secure document on a first terminal; selecting at least one marker contained in the secure document; determining secure data; and on the basis of said secure data, determining the item of sensitive text data. In various implementations, the third unit may trigger the display of the item of sensitive text data, and the second and third processor units may be distinct from the first unit and may execute an operating system that is independent of the operating system of the first processor unit.
Abstract: A method of the present disclosure includes a host system authenticating a user of the user device to access secure host information associated with the user in a database. A request may be transmitted to a third-party system to access secure third-party information stored by the third party based on third-party authentication information. The host system may receive the secure third-party information and store the secure third-party information in a memory location of the database that is associated with a different memory location including the secure host information. The memory location and the different memory location may be associated in the database based on a common information type. The host system may generate a graphical user interface that positions the secure host information and the secure third-party information in the graphical user interface based on their respective location in the database.
Abstract: Techniques and solutions are provided for assessing the semantic difference between networking access control lists (ACLs). For example, a semantic difference can be determined between an ACL that is currently deployed on a network device and an ACL that is a candidate for deployment. The semantic difference can be presented to a user to better understand what changes would be made to network traffic flow if the candidate ACL is deployed. The semantic difference can also be used in an automated manner to perform automatic deployment of the candidate ACL.
Type:
Grant
Filed:
November 11, 2015
Date of Patent:
August 21, 2018
Assignee:
Amazon Technologies, Inc.
Inventors:
John Mark Glotzer, Apisak Darakananda, Xiongwei Xie
Abstract: A method relates to receiving, by an authentication server, an authentication request from a client device via a public network, selecting a first private key of the authentication server from a first range of numbers and a second private key of the authentication server from a second range of numbers, receiving, from the client device, a first public key of the client device and a second public key of the client device, calculating a third private key of the authentication server in view of the second private key of the authentication server and a numerical value of the password, receiving a third public key of the client device, calculating a session key of the authentication server in view of the second public key of the client device, the third public key of the client device, and the third private key of the authentication server, and validating the session key.