Patents Examined by Saleh Najjar
-
Patent number: 11863657Abstract: Aspects of the present disclosure involves receiving an input message, generating a first random value that is used to blind the input message to prevent a side-channel analysis (SCA) attack, computing a second random value using the first random value and a factor used to compute the Montgomery form of a blinded input message without performing an explicit Montgomery conversion of the input message, and computing a signature using Montgomery multiplication, of the first random value and the second random value, wherein the signature is resistant to the SCA attack.Type: GrantFiled: December 5, 2022Date of Patent: January 2, 2024Assignee: CRYPTOGRAPHY RESEARCH, INC.Inventor: Michael Tunstall
-
Patent number: 11861049Abstract: A system and method for defense against cache timing channel attacks using cache management hardware is provided. Sensitive information leakage is a growing security concern exacerbated by shared hardware structures in computer processors. Recent studies have shown how adversaries can exploit cache timing channel attacks to exfiltrate secret information. To effectively guard computing systems against such attacks, embodiments disclosed herein provide practical defense techniques that are readily deployable and introduce only minimal performance overhead. In this regard, a new protection framework against cache timing channel attacks is provided herein by leveraging commercial off-the-shelf (COTS) hardware support in processor caches, including last level caches (LLC), for cache monitoring and partitioning. This framework applies signal processing techniques on per-domain cache occupancy data to identify suspicious application contexts.Type: GrantFiled: January 28, 2020Date of Patent: January 2, 2024Assignee: The George Washington UniversityInventors: Guru Prasadh V. Venkataramani, Milos Doroslovacki, Fan Yao, Hongyu Fang
-
Patent number: 11861019Abstract: A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.Type: GrantFiled: April 15, 2020Date of Patent: January 2, 2024Assignee: CrowdStrike, Inc.Inventors: David F. Diehl, Nikita Kalashnikov
-
Patent number: 11849043Abstract: An electronic device generates a first key pair associated with the electronic device. A first secret key of the first key pair is generated based on device properties including identification information of the electronic device. The electronic device transmits a communication request to a verifier device. The electronic device generates zero-knowledge information which is based on the generated first secret key. A first public key of the first key pair is stored in the verifier device. The electronic device transmits the zero-knowledge information to the verifier device for a verification of the transmitted communication request. The verification of the communication request is based on the first public key. The electronic device receives verification information from the verifier device based on the transmitted zero-knowledge information and a successful verification of the verification of the transmitted communication request.Type: GrantFiled: November 13, 2020Date of Patent: December 19, 2023Assignee: SONY GROUP CORPORATIONInventors: Priyanka Savitkumar Vedeshwar, Vittal K Biradar
-
Patent number: 11836616Abstract: Disclosed is a method for constructing an auditable and privacy-preserving collaborative deep learning platform based on a blockchain-empowered incentive mechanism, which allows trainers of multiple similar models to cooperate for training deep learning models while protecting confidentiality and auditing correctness of shared parameters. The invention has the following technical effects. Firstly, the encryption method used by model trainers protects the confidentiality of sharing parameters; furthermore, the updated parameters are decrypted through the cooperation of all participants, which reduces the possible disclosure of parameters. Secondly, the encrypted parameters are stored in the blockchain, and are only available to participants and authorized miners who are responsible to update parameters.Type: GrantFiled: December 4, 2019Date of Patent: December 5, 2023Assignee: Jinan UniversityInventors: Jian Weng, Jiasi Weng, Ming Li, Yue Zhang, Jilian Zhang, Weiqi Luo
-
Patent number: 11838417Abstract: A device and a network can authenticate using a subscription concealed identifier (SUCI). The device can store (i) a plaintext subscription permanent identifier (SUPI) for the device, (ii) a network static public key, and (iii) a key encapsulation mechanism (KEM) for encryption using the network static public key. The network can store (i) a device database with the SUPI, (ii) a network static private key, and (iii) the KEM for decryption using the network static private key. The device can (i) combine a random number with the SUPI as input into the KEM to generate a ciphertext as the SUCI, and (ii) transmit the ciphertext/SUCI to the network. The network can (i) decrypt the ciphertext using the KEM to read the SUPI, (iii) select a key K from the device database using the SUPI, and (iv) conduct an Authentication and Key Agreement (AKA) with the selected key K.Type: GrantFiled: June 28, 2021Date of Patent: December 5, 2023Inventor: John A Nix
-
Patent number: 11824642Abstract: Systems and methods are provided for use in provisioning a biometric image template to a card device. One example portable communication device includes a processor, a wireless communication interface coupled to the processor, and an input device coupled to the processor. The processor is configured to transmit to a card device, via the wireless communication interface, a certificate associated with the portable communication device, whereby the portable communication device is authenticated by the card device, receive from the card device, via the wireless communication interface, a certificate associated with the card device, and authenticate the card device based on the received certificate. After the card device is authenticated, the processor is configured to capture, via the at least one input device, a biometric image of the user and provision, via the wireless communication interface, the captured biometric image to the card device.Type: GrantFiled: January 31, 2022Date of Patent: November 21, 2023Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Ashfaq Kamal, Sumeet Bhatt, Robert D. Reany
-
Patent number: 11824986Abstract: There is provided a device for protecting the execution of a cryptographic operation from attacks, the cryptographic operation being implemented by a cryptographic algorithm, the cryptographic operation comprising at least one modular operation between a main base (m) representing a data block and at least one scalar (d) in at least one finite starting group. The device is configured to determine at least one intermediary group (E?) different from the at least one starting group (E), the number of intermediary groups being equal to the number of starting groups E. The device is further configured to determine at least one final group (E?) from the at least one starting group E and the at least one intermediary group E?. The base m being mapped to an auxiliary element (x) in the at least one intermediary group and to an auxiliary base (m?) in the at least one final group E?.Type: GrantFiled: December 18, 2018Date of Patent: November 21, 2023Assignee: SECURE-IC SASInventors: Sylvain Guilley, Cédric Murdica
-
Patent number: 11812272Abstract: The disclosed computer-implemented method for utilizing user identity notifications to protect against potential privacy attacks on mobile devices may include (i) monitoring a mobile computing device to detect one or more user interactions by a current user, (ii) identifying the current user of the mobile computing device, (iii) determining that the current user is a potentially malicious user associated with one or more privacy-invasive applications installed on the mobile computing device, and (iv) performing a security action that protects a benign user of the mobile computing device against an attack initiated by the potentially malicious user associated with the privacy-invasive applications. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: March 19, 2021Date of Patent: November 7, 2023Assignee: GEN DIGITAL INC.Inventors: Kevin Roundy, Acar Tamersoy, Yufei Han, Anil Sharma, Arif Shaikh
-
Patent number: 11811906Abstract: Cryptographic circuitry, in operation, conditionally swaps a first operand and a second operand of a cryptographic operation based on a control value. The conditional swapping includes setting a first mask of a number of bits and a second mask of the number of bits based on the control value, the first mask and the second mask being complementary and having a same Hamming weight. A result of a bitwise XOR operation on the first operand and the second operand is stored as a temporary value. A combination of bitwise logical operations are performed to conditionally swap the first operand and the second operand.Type: GrantFiled: March 16, 2021Date of Patent: November 7, 2023Assignee: STMICROELECTRONICS S.r.l.Inventor: Matteo Bocchi
-
Patent number: 11809603Abstract: Techniques and systems for protecting data input to a web-based application are provided herein. A method may include executing, within a web browser being executed by a computer system, a web-based application. Execution of the web-based application may include tagging one or more data fields as sensitive and fetching a public key from a remote server system. The method may include identifying, by the web-based application, a keystroke entry being input into the one or more data fields tagged as sensitive within the web-based application. Prior to storing the keystroke entry in memory mapped to the web browser, the method may include encrypting by the web-based application, the keystroke entry using the fetched public key to generate an encrypted entry. The web browser may store the encrypted entry to memory. Importantly, the keystroke entry may never be stored to the memory of the web browser in an unencrypted form.Type: GrantFiled: September 23, 2020Date of Patent: November 7, 2023Assignee: The Western Union CompanyInventors: Anthony Scillieri, Soumi Sarkar, Dmitriy Borinshteyn, Vikram Bhagat, Manjeet Kishan Kola
-
Patent number: 11800362Abstract: Certain aspects of the present disclosure provide techniques for estimating performance of a radio link in a wireless communication systems using historical information. Disclosed methods generally includes determining receipt of historical information from a network, and estimating the performance of a radio link based on at least one selected from the group consisting of determining historical information was not received, and comparing received historical information to information available at the UE.Type: GrantFiled: November 12, 2020Date of Patent: October 24, 2023Assignee: QUALCOMM IncorporatedInventors: Ravi Agarwal, Gavin Bernard Horn, Soo Bum Lee
-
Patent number: 11797693Abstract: A method synchronizes frame counters for protecting data transmissions between a first end-device and a second end-device. The data, in particular data frames, are transferred between the first end-device and the second end-device. The data frames are provided with frame counters to protect the data transfer between the first end-device and the second end-device. The second end-device sends a first data frame to the first end-device. The first data frame contains a marker in its payload data. The first end-device sends back a second data frame as an answer to the second end-device. The second data frame contains a frame counter in the header data, and the second data frame contains the frame counter and the marker in its payload data.Type: GrantFiled: March 10, 2021Date of Patent: October 24, 2023Assignee: Diehl Metering Systems GmbHInventors: Benjamin Meyer, Christian Jambor
-
Patent number: 11775635Abstract: A method for detecting a cache-based side-channel attack includes utilizing a timer thread that continuously increments a variable in code of an application. The code has been instrumented such that the instrumented code uses the variable incremented by the timer thread to infer an amount of time taken for running a part of the code. A number of cache misses during execution of the part of the code is determined based on the amount of time. It is determined whether the application is experiencing the cache-based side-channel attack using a classifier which uses as input the number of cache misses.Type: GrantFiled: March 23, 2020Date of Patent: October 3, 2023Assignee: NEC CORPORATIONInventors: Jianyu Jiang, Ghassan Karame, Claudio Soriente
-
Patent number: 11764956Abstract: Provided is a system that includes at least one processor programmed or configured to provision a client device for access to an online source of information, transmit a private encryption key of a public/private encryption key pair to a software agent of the client device, receive a first hash value from the software agent, wherein the first hash value is generated using the private encryption key, receive a second hash value from the software agent, determine whether to allow access to the online source of information by the software agent based on the first hash value and the second hash value received from the software agent, process a request to access the online source of information involving the software agent, and store a data record associated with a data transaction involving the online source of information in a data structure. Methods and computer program products are also provided.Type: GrantFiled: September 16, 2020Date of Patent: September 19, 2023Assignee: Visa International Service AssociationInventor: Ravi Krishnan Muthukrishnan
-
Patent number: 11755785Abstract: A processing system including processors, peripheral slots, hardware resources, and gateway circuitry. Each processor is assigned a corresponding identifier. The peripheral slots are located within an addressable peripheral space. Each hardware resource is placed into a corresponding peripheral slot, including at least one direct memory access (DMA) device supporting at least one DMA channel and at least one general-purpose input/output (GPIO) pin. Memory protection and gateway circuitry is programmed to control access of the hardware resources only by a processor that provides a matching identifier. The memories along with hardware resources are protected against unauthorized accesses to isolate applications executed on each processor within a multicore system and hence support freedom of interference.Type: GrantFiled: August 3, 2020Date of Patent: September 12, 2023Assignee: NXP USA, Inc.Inventors: Martin Mienkina, Carl Culshaw, Larry Alan Woodrum, David Eromosele
-
Patent number: 11741235Abstract: A system and method is provided for providing distributed computing platform on untrusted hardware. An exemplary method includes launching a hypervisor on an untrusted computing node and receiving a request generated to provide a computing function using hardware of the untrusted computing node. Upon receiving the request, an enclave in memory of the untrusted computing node is created and a virtual machine is launched in the memory enclave. Moreover, a guest operating system of the virtual machine verifies the security of the untrusted computing node. Finally, the guest operating system performs the computing function using the hardware of the untrusted computing node upon the guest operating system verifying the security of the untrusted computing node and the hypervisor.Type: GrantFiled: September 7, 2021Date of Patent: August 29, 2023Assignee: Virtuozzo International GmbHInventors: Pavel Emelyanov, Alexander G. Tormasov, Alexey Kobets
-
Patent number: 11741132Abstract: Disclosed herein are methods, systems, and processes to detect valid clusters and eliminate spurious clusters in cybersecurity-based computing environments. A cluster detection and elimination model is trained by accessing a dataset with raw data that includes data points associated with computing devices in a network and applying two or more different clustering methodologies independently to the dataset. The resulting cluster detection and elimination model is used to compare two or more clusters to determine whether a cluster from one clustering methodology matches another cluster from another clustering methodology based on centroid locations and shared data points.Type: GrantFiled: August 24, 2021Date of Patent: August 29, 2023Assignee: Rapid7, Inc.Inventors: Vasudha Shivamoggi, Roy Hodgman, Wah-Kwan Lin
-
Patent number: 11743039Abstract: A computerized system and method for symmetric encryption and decryption using two machines, the method including obtaining a message and an initialization vector on a first machine, sending the initialization vector to a second machine, where said second machine stores an encryption key for a Key Derivation Function (KDF), generating a derived key on the second machine by applying the KDF receiving as input both the encryption key and the initialization vector, sending the derived key from the second machine to the first machine, and encrypting the message using the derived key on the first machine.Type: GrantFiled: April 20, 2021Date of Patent: August 29, 2023Assignee: Coinbase IL RD Ltd.Inventors: Guy Pe'Er, Nir Steinherz
-
Patent number: 11729003Abstract: A method including transmitting, by an infrastructure device to a distributor device, an invitation link to enable the distributor device to distribute network services; activating, by the distributor device, the invitation link; transmitting, by the infrastructure device to the distributor device, seed information based on verifying that the invitation link was activated by the distributor device; determining, by the distributor device, a distributor key pair including a distributor public key and a distributor private key based on utilizing the seed information; transmitting, by the distributor device to the infrastructure device, an action request related to an action to be performed regarding the network services, a portion of the action request being signed based on utilizing the distributor private key; and validating, by the infrastructure device, the action request based on utilizing the distributor public key to enable performance of the action regarding the network services is disclosed.Type: GrantFiled: June 4, 2022Date of Patent: August 15, 2023Assignee: UAB 360 ITInventors: Dovydas Bespalovas, Mindaugas Valkaitis