Patents Examined by Shewaye Gelagay
  • Patent number: 10735394
    Abstract: A system provides cloud-based identity and access management. The system receives a request from a client for a resource, authenticates the request, and accesses a microservice based on the request. The system determines, by the microservice, whether the resource is cached in a near cache or in a remote cache, retrieves the resource from the near cache or from the remote cache when the resource is cached, and calls an administration microservice to obtain the resource when the resource is not cached. The system then provides the resource to the client.
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: August 4, 2020
    Assignee: Oracle International Corporation
    Inventors: Lokesh Gupta, Ashutosh Pitre
  • Patent number: 10728244
    Abstract: A security system comprises an access control node broadcasting a beacon including a time stamp and user devices generating replies to the beacon that are based on credential information for the user of the user device and the time stamp. The system relies on the users' wireless-capable mobile computing devices such as smartphones, tablets, or wireless fobs. A credential management system proves a system for the authentication of users and then issues security tokens as credential information to the users' mobile computing devices. These tokens are presented wirelessly by the devices to the security system's access control nodes, for example, where the access control nodes then decide whether to grant or deny access.
    Type: Grant
    Filed: February 17, 2016
    Date of Patent: July 28, 2020
    Assignee: Sensormatic Electronics, LLC
    Inventors: James Trani, Walter A. Martin
  • Patent number: 10728038
    Abstract: Methods are described for constructing a secret key by multiple participants such that any quorum combination of participants can generate a fixed number of key components that can be combined by a recipient to generate the secret key. The methods permit an identical secret key to be generated by a different sized quorum from different participants if required. The keys may be used as private keys for encryption, decryption, digital signatures or authentication tokens and each key is generated from a key index. The circuits used by a quorum of participants for the generation of keys feature nested non-linear devices connected in series with outputs multiplied by stored secret values. Example applications are described including blinded cipher text generation, a multi-signature cryptocurrency system and an encrypted cloud storage system.
    Type: Grant
    Filed: March 23, 2017
    Date of Patent: July 28, 2020
    Assignee: PQ Solutions Limited
    Inventors: Martin Tomlinson, Cen Jung Tjhai
  • Patent number: 10728027
    Abstract: Protecting the security of an entity by using passcodes is disclosed. A user's passcode device generates a passcode, where sometimes the device is called Alice. In an embodiment, the passcode is generated in response to receipt of user information. The passcode is received by another system (called Bob or the second party), which authenticates the passcode by at least generating a passcode from a passcode generator or nonce, and comparing the generated passcode with the received passcode. The passcode is temporary. At a later use a different passcode is generated from a different passcode generator. In these embodiments, there are asymmetric secrets stored on the passcode device (Alice's device) and by the administrator (Bob's device). This adds more security so that if the backend servers are breached, the adversary cannot generate valid passcodes. In some embodiments, the passcode depends on a nonce or the rounded time.
    Type: Grant
    Filed: January 10, 2016
    Date of Patent: July 28, 2020
    Assignee: Biogy, Inc.
    Inventor: Michael Stephen Fiske
  • Patent number: 10719615
    Abstract: To provide an information processing apparatus, a reading control method, and a computer readable storage medium that can improve the secrecy of information written in a secret area compared with the case of controlling access only by authentication, the information processing apparatus includes a nonvolatile memory that has a secret area where secret information is stored, an authentication controller that authenticates access to the nonvolatile memory, a flag information storage unit that stores flag information, and a memory controller that controls access to the nonvolatile memory by using the flag information stored in the flag information storage unit. The memory controller allows reading of the secret information from the secret area when a value of the flag information is a specified value and validity of access is authenticated by the authentication controller.
    Type: Grant
    Filed: May 1, 2017
    Date of Patent: July 21, 2020
    Assignee: RENESAS ELECTRONICS CORPORATION
    Inventors: Yoshihiko Asai, Takashi Kurafuji, Yoko Kimura
  • Patent number: 10715494
    Abstract: Aspects of the present disclosure provide systems and methods for directly transferring tenant data hosted on a source domain to a target domain, wherein the source and target domains are associated with different server farms. Additionally, where the source domain is managed by a source management layer and the target domain is managed by target management layer, which source and target management layers are not in a trust relationship. Aspects describe establishing a secure, direct communication bus between the source and target management layers in order to accomplish a plurality of steps involved in transferring the tenant, wherein tenant data transferred thereon is encrypted. In example aspects, the direct communication bus terminates upon completion of the tenant data transfer.
    Type: Grant
    Filed: May 15, 2017
    Date of Patent: July 14, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Patrick J. Simek, Prashant Gaurav, Kalyan K. Kona, Ilker Celikyilmaz
  • Patent number: 10706136
    Abstract: A portable device is provided. The portable device may include a display; an input device; a camera; a processor coupled to the display, the input device, and the camera; and a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, to implement a method comprising: receiving authentication data from the input device, determining whether the received authentication data matches authentication data associated with an authorized user, and displaying, on the display, a credential, an item, and data associated with the item.
    Type: Grant
    Filed: July 19, 2018
    Date of Patent: July 7, 2020
    Assignee: Visa International Service Association
    Inventor: Duane Cash
  • Patent number: 10708234
    Abstract: A third party intermediary and a data protection method, system, and non-transitory computer readable medium, include a content request receiving circuit configured to receive a service request from a user, to communicate the service request to a provider, and to receive pre-approved versions of content from the provider, a content matching circuit configured to match a pre-approved version of content of the pre-approved versions of content to the user based on a condition of the user, a user data receiving circuit configured to receive user data to complete the pre-approved version of the content, and a zero-knowledge verifiable computing circuit configured to execute a program using zero-knowledge verifiable computing to remove private content from the pre-approved version of the content to ensure privacy of the condition of the user from the provider.
    Type: Grant
    Filed: March 24, 2016
    Date of Patent: July 7, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Samuel Scott Adams, Susann Marie Keohane, James R. Kraemer, Jeb R. Linton
  • Patent number: 10691618
    Abstract: Various embodiments are generally directed to techniques to load and run secure enclaves for use by kernel mode applications. An apparatus to provide kernel mode access to a secure enclave includes a kernel mode secure enclave driver to provide user mode support for a kernel mode application and to initialize a secure enclave on behalf of the kernel mode application and a user mode secure enclave manager to process an instruction from the kernel mode application to the secure enclave.
    Type: Grant
    Filed: December 17, 2013
    Date of Patent: June 23, 2020
    Assignee: INTEL CORPORATION
    Inventors: Bin Cedric Xing, Reshma Lal
  • Patent number: 10691817
    Abstract: Provided is a process of securing data in a distributed storage and processing application, the process including: obtaining a cluster of computing nodes, wherein: the cluster stores a plurality of ciphertexts; accessing a transformation key with a first computing node; transforming the ciphertext with the first computing node based on the transformation key into a transformed ciphertext configured to be decrypted with a temporary access key; decrypting the transformed ciphertext with the second computing node based on the temporary access key to obtain plaintext data.
    Type: Grant
    Filed: May 6, 2017
    Date of Patent: June 23, 2020
    Assignee: ZeroDB, Inc.
    Inventors: Mikhail Egorov, MacLane Scott Wilkison, David Nu{grave over (n)}ez, Isaac Agudo
  • Patent number: 10673820
    Abstract: Method and system for routing communications traffic between a machine to machine, M2M, device connected to a telecommunications network and having an International Mobile Subscriber Identity, IMSI, and a server, the method comprising assigning an access point name, APN, from a plurality of APNs based on the IMSI of the M2M device. Routing, via the assigned APN, communications traffic between the M2M device and the server, wherein the server is determined based on one or more of: the IMSI, the APN and a characteristic of a communication traffic between the M2M device and the server.
    Type: Grant
    Filed: September 12, 2014
    Date of Patent: June 2, 2020
    Assignee: VODAFONE IP LICENSING LIMITED
    Inventors: Nick Bone, Tim Snape
  • Patent number: 10673857
    Abstract: A system, method and computer program product obtains user data relating to a plurality of system users, who have previously been granted access to a resource in a context without complying with a ruleset defining criteria for automatically accessing the resource in the context. A combination of two or more user data properties having common values in user data of a subset of two or more of the plurality of system users is identified. A determination of whether the number of system users in the subset exceeds a predetermined threshold is made. If the number of system users in the subset exceeds the predetermined threshold, the ruleset is updated to include criteria based on the identified combination of two or more user data properties.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: June 2, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Alan Byrne, Paul Connolly, Bryan D. Osenbach
  • Patent number: 10665137
    Abstract: An inconsistency in shares is detected with a small volume of communications traffic. n inconsistency detecting devices generate random numbers si and make the random numbers si public. The n inconsistency detecting devices generate a common random number s which is the sum total of the random numbers s0, . . . , sn?1. The n inconsistency detecting devices calculate shares [c]i. The n inconsistency detecting devices generate shares [r]i, each of which would become a random number r by reconstruction. The n inconsistency detecting devices calculate shares [d]i, each of which would become a judgment value d by reconstruction. One inconsistency detecting device receives shares [d]1, . . . , [d]n?1 from n?1 inconsistency detecting devices. The one inconsistency detecting device restores n?k shares [d]?k, . . . , [d]?n?1 from k shares [d]0, . . . , [d]k?1. The one inconsistency detecting device judges, for j=k, . . . , n?1, whether or not a share [d]j and a share [d]?j coincide with each other.
    Type: Grant
    Filed: February 1, 2016
    Date of Patent: May 26, 2020
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Dai Ikarashi, Ryo Kikuchi, Koki Hamada, Koji Chida
  • Patent number: 10630464
    Abstract: A communication device to allocate shared keys to plural channels includes a storage, a receiver, a storage controller, an allocator, and an encryption processor. The storage includes a predetermined number of storage areas to store one or more shared keys shared with a destination device. The receiver is configured to receive a shared key. The storage controller controls storing the received shared key in any of the storage areas every time the shared key is received. The allocator can allocate the storage areas to communication channels used for communicating encrypted data between the communication device and the communication destination device, based on a ratio predetermined for each communication channel. The encryption processor can, according to a cryptosystem determined for the each communication channel, encrypt data and decrypt the encrypted data by using the shared key acquired from the storage area allocated to each communication channel.
    Type: Grant
    Filed: February 21, 2017
    Date of Patent: April 21, 2020
    Assignee: Kabushiki Kaisha Toshiba
    Inventor: Yoshimichi Tanizawa
  • Patent number: 10630662
    Abstract: A material set, such as an asymmetric keypair, is processed using an associated workflow to prepare the material set for activation and/or use. In one embodiment, a material set is generated and information about the material set is communicated to a workflow manager. Based at least on the information, the workflow manager generates a workflow that when accomplished will allow the material set to be activated and/or used. In another embodiment, a service provider provides a key manager, workflow manager and destination for the key, such as a load balancer that terminates SSL connections. A key can be generated by the key manager, sent through the workflow manager for processing (potentially communicated to third parties such as a certificate authority, if needed) and installed at a destination.
    Type: Grant
    Filed: February 24, 2016
    Date of Patent: April 21, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Graeme D. Baer, David M. Hulme, Benjamin E. Seidenberg
  • Patent number: 10613993
    Abstract: Program code intended to be copied into the cache memory of a microprocessor is transferred encrypted between the random-access memory and the processor, and the decryption is carried out at the level of the cache memory. A checksum may be inserted into the cache lines in order to allow integrity verification, and this checksum is then replaced with a specific instruction before delivery of an instruction word to the central unit of the microprocessor.
    Type: Grant
    Filed: January 30, 2015
    Date of Patent: April 7, 2020
    Assignee: STMICROELECTRONICS SA
    Inventor: Bruno Fel
  • Patent number: 10609012
    Abstract: There is provided a method of operating a security token, said security token comprising a secure element and a microcontroller unit being coupled to said secure element, wherein: the secure element receives an authentication command from a host device while the microcontroller unit is in a first sleep state; the secure element decodes the authentication command, sends a corresponding authentication request to the microcontroller unit and subsequently enters into a second sleep state; the microcontroller unit wakes up upon receiving the authentication request and subsequently determines an amount of available power; the microcontroller unit processes the authentication request only if the amount of available power exceeds a threshold. Furthermore, a corresponding computer program product and a corresponding security token are provided.
    Type: Grant
    Filed: October 29, 2014
    Date of Patent: March 31, 2020
    Assignee: NXP B.V.
    Inventors: Thomas Suwald, Arne Burghardt
  • Patent number: 10581888
    Abstract: A method includes generating a tokenized representation of a given software script, the tokenized representation comprising two or more tokens representing two or more commands in the given software script. The method also includes mapping the tokens of the tokenized representation to a vector space providing contextual representation of the tokens utilizing an embedding layer of a deep learning network, detecting sequences of the mapped tokens representing sequences of commands associated with designated types of script behavior utilizing at least one hidden layer of the deep learning network, and classifying the given software script based on the detected sequences of the mapped tokens utilizing one or more classification layers of the deep learning network. The method further includes modifying access by a given client device to the given software script responsive to classifying the given software script as a given software script type.
    Type: Grant
    Filed: July 31, 2017
    Date of Patent: March 3, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Arie Agranonik, Zohar Duchin
  • Patent number: 10581603
    Abstract: Provided is a process including: encrypting each of a plurality of data encryption keys with a first public cryptographic key to form encrypted data encryption keys; obtaining a second public cryptographic key; generating a transformation key based on the first public-private cryptographic key pair and the second public cryptographic key; and transforming the encrypted data encryption keys with proxy re-encryption based on the transformation key; and obtaining the second private cryptographic key and the transformed encrypted data encryption keys.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: March 3, 2020
    Assignee: ZeroDB, Inc.
    Inventors: Mikhail Egorov, MacLane Scott Wilkison, David Nu{grave over (n)}ez, Isaac Agudo
  • Patent number: 10574440
    Abstract: Provided is a computer system and method that enables delegated access to encrypted information for distributed messaging and queuing frameworks, or in general, to publish/subscribe architectures. In said frameworks and architectures, data is published by data producers and organized in channels or queues, which consumer applications can subscribe to, and that are managed by one or multiple broker entities.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: February 25, 2020
    Assignee: ZeroDB, Inc.
    Inventors: Mikhail Egorov, MacLane Scott Wilkison, David Nu{grave over (n)}ez, Isaac Agudo