Abstract: The present disclosure relates to implementations of physically unclonable functions (PUFs) for cryptographic and authentication purposes. Specifically, the disclosure describes implementations of machine learning engines (MLEs) in conjunction with PUFs generating outputs having multiple states.
Type:
Grant
Filed:
November 10, 2016
Date of Patent:
February 25, 2020
Assignee:
Arizona Board of Regents on Behalf of Northern Arizona University
Inventors:
Fatemeh Afghah, Bertrand Francis Cambou
Abstract: Periodically re-encrypting user data stored on a storage device, including: detecting that a data encryption key should be decommissioned; and for user data stored on the storage device that is encrypted with the data encryption key: reading the user data that is encrypted with the data encryption key from the storage device; re-encrypting the user data utilizing a current data encryption key; and writing the user data that is encrypted utilizing the current data encryption key to the storage device.
Abstract: A virtual card downloading method, and a terminal, and an intermediate device for virtual card downloading. A virtual card downloading method includes determining, by a terminal, a preset scenario condition, and reporting terminal information to a server when the preset scenario condition is satisfied, wherein the terminal information in configured to enable the server to create an account for the terminal and to associate the account with virtual card data. The method further includes accessing the server by the terminal and by using the account, and downloading, by the terminal from the server, the virtual card data associated with the account. The scenario condition is that the terminal establishes a communication connection to the server.
Abstract: Methods and systems described herein provide for protecting user information in an overlay service. Protecting user information may include redacting personally identifiable information (PII) from information that may be exposed to third parties. Additionally, protecting user information may include opening a second account on behalf of the user using a plurality of unique identifiers in lieu of information identifying the user. This protects users' identities and privacy as their assets are transferred between various institutions.
Abstract: Described herein are various technologies pertaining to generating an activity feed for an entity hosted at a file hosting server. The activity feed includes a plurality of entries that are representative of activities undertaken with respect to the entity over time.
Abstract: An electronic device is provided. The electronic device includes a memory configured to store an application and first unique information of the application, and at least one processor operatively connected with the memory. The at least one processor is configured to divide code of the application into a plurality of segments, select at least one segment among the plurality of segments, create second unique information in relation to the at least one segment, compare the first unique information and the second unique information, and determine whether the code of the application has been tampered with, based on a result of the comparison of the first unique information and the second unique information.
Abstract: Methods and systems are provided for validating a signature in a multi-tenant environment. A server or other computing device that is part of a distributed network may request a certificate collection from an identified tenant store. The requested certificate collection may be loaded in a virtual store that is accessible by the server or other computing device. The sever or other computing device may then access one or more certificates from the virtual store to validate a signature.
Abstract: A system and method are provided for the destruction of electronically stored information and/or components that incorporated sensitive technology or that contain sensitive information upon the occurrence of one or more predetermined events. The system and method of the present invention is particularly suited for the safeguarding of electronically stored information and/or classified technology in systems deployed in an operational environment. The system and method of the present invention be incorporated into drones, full size aircraft, any type of vehicle, mines, missiles, torpedos, bombs, phones, cameras, robots, satellites or other spacecraft, computers, hard drives, thumb drives, switches, routers, bugs, brief cases, safes, and generally any device that utilizes components on which sensitive data is stored or components that utilize technology that should only be accessed by authorized personnel.
Abstract: A hybrid computer network environment can include a first type of hosts and a second type of hosts. An apparatus adapted to receive requests for access to hosts obtains authenticators for accessing the hosts. The apparatus can further determine the type of the hosts and process the requests for access using a first type of authenticator for access to the first type of hosts and a second type of authenticators for access to the second type of hosts.
Abstract: In an aspect, an apparatus that includes a first security domain and at least a second security domain obtains, at a virtual machine of the first security domain, a stream identifier associated with the second security domain. The apparatus generates, at the virtual machine of the first security domain, a command to map the stream identifier associated with the second security domain to a first address translation context. The apparatus maps, at a hypervisor device, the first address translation context to a second address translation context that is associated with the second security domain of the stream identifier. The apparatus processes a stream of memory access transactions that includes the stream identifier based on at least the first address translation context or the second address translation context.
Type:
Grant
Filed:
November 17, 2016
Date of Patent:
December 24, 2019
Assignee:
QUALCOMM Incorporated
Inventors:
Samar Asbe, Qazi Bashir, Vipul Gandhi, Chris Henroid, Mitchel Allen Humpherys, Olav Haugan, Daren Hall, Adam Openshaw, Priyesh Sanghvi, Brijen Raval
Abstract: A method of processing data includes at least one processor accessing a data storage unit, the data storage unit providing at least one input data object and at least one transmutation command to be performed on the at least one input data object. The at least one transmutation command operates in a forward mode on the at least one input data object to produce at least one output data object to be stored in a data storage unit.
Abstract: A method for verifying information of a first data item in a plurality of different data items stored on a server includes a) generating a hash tree, b) computing an authentication path for the first data item based on a recomputation of the hash tree, wherein an authentication path includes all siblings of tree nodes from the first data item to a root of the hash tree, c) recomputing the root-hash based on the first data item and a computed authentication path of the first data item and comparing the recomputed root-hash with the root-hash of the hash-tree of step a), d) determining a side element in leaves or a tree level above of the hash tree and its authentication path, and e) verifying the authentication path of the side element.
Type:
Grant
Filed:
February 16, 2015
Date of Patent:
December 3, 2019
Assignee:
NEC CORPORATION
Inventors:
Jens-Matthias Bohli, Ghassan Karame, Frederik Armknecht
Abstract: A method for encrypting data when a device is offline is disclosed. In the method, a determination is made as to whether a successful connection with a remote server computer can or cannot be made. If a connection cannot be made, then data can be encrypted with an ephemeral public key. Later, then a connection is available, the encrypted data can be transmitted to the remote server computer for processing.
Type:
Grant
Filed:
November 15, 2017
Date of Patent:
December 3, 2019
Assignee:
Visa International Service Association
Inventors:
Rhidian John, Bartlomiej Piotr Prokop, Michael Palmer
Abstract: Periodically re-encrypting user data stored on a storage device, including: reading user data stored on the storage device, wherein the user data is associated with a user-visible identifier; determining, from metadata associated with the user data, whether the user data is encrypted utilizing an expiring data encryption key; responsive to determining that the user data is encrypted utilizing the expiring data encryption key, re-encrypting the user data utilizing a current data encryption key; and writing the user data that is encrypted with the current data encryption key to the storage device, wherein the user data remains associated with the user-visible identifier.
Abstract: A system and machine-implemented method of wireless network access are provided. First network credentials for a first wireless network hosted by a wireless-enabled device are received from a server. A first network connection with the wireless-enabled device in the first wireless network is established based on the first network credentials. Second network credentials for a second wireless network are provided to the wireless-enabled device via the first network connection. A second network connection with the wireless-enabled device in the second wireless network is established based on the second network credentials.
Type:
Grant
Filed:
April 22, 2019
Date of Patent:
November 26, 2019
Assignee:
Google LLC
Inventors:
Kevin Tien Chen, Stephen Uhler, Rapheal Kaplan, Ian Loic McKellar, Olga Irzak
Abstract: A span of responsibility access control system for use in plant process management and similar applications. The system leverages span-of-responsibility enabled user accounts and corresponding resource properties to assign, verify, and control access to assets and other resources in the plant process management system on a per user basis. Aspects of the system include configuration of properties for each monitored or controlled asset and association of a span of responsibility based on asset properties, such as asset type and location, with a user account. An access control module compares asset properties to the span of responsibility associated with the user account to determine whether the user is entitled to access any given asset, independent of determining permissions to act on such asset.
Type:
Grant
Filed:
August 17, 2016
Date of Patent:
November 19, 2019
Assignee:
Computational Systems, Inc.
Inventors:
Christopher G. Hilemon, Anthony J. Hayzen, Trevor D. Schleiss, Manikandan Janardhanan
Abstract: A service proxy services as an application programming interface proxy to a service, which may involve data storage. When a request to store data is received by the service proxy, the service proxy encrypts the data and stores the data in encrypted form at the service. Similarly, when a request to retrieve data is received by the service proxy, the service proxy obtains encrypted data from the service and decrypts the data. The data may be encrypted using a key that is kept inaccessible to the service.
Type:
Grant
Filed:
September 21, 2017
Date of Patent:
November 12, 2019
Assignee:
Amazon Technologies, Inc.
Inventors:
Gregory Branchek Roth, Eric Jason Brandwine, Matthew James Wren
Abstract: The present disclosure relates to implementations of physically unclonable functions (PUFs) for cryptographic and authentication purposes. Specifically, the disclosure describes implementations of machine learning engines (MLEs) in conjunction with PUFs generating outputs having multiple states.
Type:
Grant
Filed:
May 17, 2019
Date of Patent:
November 5, 2019
Assignee:
Arizona Board of Regents on Behalf of Northern Arizona University
Inventors:
Fatemeh Afghah, Bertrand Francis Cambou
Abstract: A device may receive a packet from a first endpoint that is destined for a second endpoint. The first endpoint may be hosted on the device. The device may determine whether a secure session exists between the first endpoint and the second endpoint. The secure session may permit encrypted traffic to be exchanged between the first endpoint and the second endpoint. The device may process the packet using a set of rules after determining whether the secure session exists between the first endpoint and the second endpoint. The device may encrypt the packet using security information associated with the secure session after determining that the secure session exists, or establishing the secure session when the secure session does not exist. The device may provide the packet toward the second endpoint after encrypting the packet.
Abstract: A non-transitory processor-readable medium storing code representing instructions to cause a processor to perform a process includes code to cause the processor to receive a set of indications of allowed behavior associated with an application. The processor is also caused to initiate an instance of the application within a sandbox environment. The processor is further caused to receive, from a monitor module associated with the sandbox environment, a set of indications of actual behavior of the instance of the application in response to initiating the instance of the application within the sandbox environment. The processor is also caused to send an indication associated with an anomalous behavior if at least one indication from the set of indications of actual behavior does not correspond to an indication from the set of indications of allowed behavior.
Type:
Grant
Filed:
June 26, 2018
Date of Patent:
November 5, 2019
Assignee:
Invincea, Inc.
Inventors:
Anup Ghosh, Scott Cosby, Alan Keister, Benjamin Bryant, Stephen Taylor