Patents by Inventor Claudio Soriente

Claudio Soriente has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11296875
    Abstract: A method for cryptographic key provisioning includes, via a main authentication server (MAS), generating a first secret key and registering a client by performing a first portion of a first instance of a distributed threshold oblivious pseudo-random function. The first instance of the function results in the client obtaining a root secret key and the MAS obtaining a corresponding root public key. The method includes authenticating the client to the MAS by performing a first portion of a second instance of the distributed threshold oblivious pseudo-random function. The second instance of the function results in the client obtaining the root secret key. Information stored by the client, the first secret key, and a second secret key generated by a support authentication server are inputs to at least one of the first and second instances of the distributed threshold oblivious pseudo-random function.
    Type: Grant
    Filed: March 27, 2020
    Date of Patent: April 5, 2022
    Assignees: NEC LABORATORIES EUROPE GMBH, IMDEA SOFTWARE INSTITUTE
    Inventors: Claudio Soriente, Antonio Faonio, Maria Isabel Gonzalez Vasco, Angel Perez del Pozo
  • Publication number: 20220067150
    Abstract: A method for providing a trusted service to a trusted execution environment running on a remote host machine includes receiving a message from the trusted execution environment and incrementing a counter of the trusted service. A response message is sent to the trusted execution environment using a value of the incremented counter.
    Type: Application
    Filed: September 2, 2020
    Publication date: March 3, 2022
    Inventors: Ghassan Karame, Claudio Soriente
  • Publication number: 20210377224
    Abstract: A method for secure proxying using trusted execution environment (TEE) technology includes performing, using a TEE running on a proxy, an attestation with a TEE running on a client. The TEE running on the proxy receives from the TEE running on the client a request to fetch data from a remote server. The TEE running on the proxy fetches the data specified in the request from the remote server. The TEE running on the proxy forwards to the TEE running on the client the data fetched from the remote server.
    Type: Application
    Filed: May 27, 2020
    Publication date: December 2, 2021
    Inventors: Claudio Soriente, Hien Truong
  • Patent number: 11157598
    Abstract: A method for executing a trusted execution environment (TEE) based application in a cloud includes receiving, by a proxy, a request from a client, requesting, by the proxy from an attestation service, attestation, and sending, by the proxy to the client, a result of the attestation.
    Type: Grant
    Filed: February 7, 2019
    Date of Patent: October 26, 2021
    Assignee: NEC CORPORATION
    Inventors: Claudio Soriente, Ghassan Karame, Wenting Li
  • Patent number: 11126699
    Abstract: A method for executing a trusted execution environment (TEE) based application in a cloud computing system. The method includes executing a proxied attestation procedure with a client to enable the client to attest that an enclave management layer (EML) application provided by the cloud computing system runs on a TEE-enabled platform. The method also includes receiving, by the cloud computing system from the client, application code corresponding to the TEE-based application and receiving, by the EML application from the client, application parameters corresponding to the TEE-based application. In addition, the method includes writing, by the EML, application to a secure storage layer, the application parameters corresponding to the TEE-based application and creating, by the cloud computing system, an enclave configured to execute the TEE-based application.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: September 21, 2021
    Assignee: NEC CORPORATION
    Inventors: Claudio Soriente, Ghassan Karame, Wenting Li
  • Patent number: 11070366
    Abstract: A method for anonymous authentication and key establishment based on passwords (APAKE), includes instantiating, by the server, an OPRF scheme and a symmetric encryption scheme; engaging in, by the client and the server, an OPRFEvaluate protocol so that the client learns a decryption key associated with its password while the server learns nothing; securely transferring, by the server, a nonce and a symmetric encryption key to the client if the client holds a valid password; sending, by the client, its nonce encrypted under the symmetric encryption key; using, by the server, the symmetric encryption key to decipher ciphertext received by virtue of the sending, by the client, its nonce encrypted under the symmetric encryption key and to recover the client's nonce; and computing, by the server and the client, a compute key based on the client's nonce and the server's nonce.
    Type: Grant
    Filed: January 4, 2019
    Date of Patent: July 20, 2021
    Assignee: NEC CORPORATION
    Inventors: Claudio Soriente, Maria Isabel Gonzalez Vasco, Angel Luis Perez del Pozo
  • Publication number: 20210192045
    Abstract: A method for detecting a cache-based side-channel attack includes utilizing a timer thread that continuously increments a variable in code of an application. The code has been instrumented such that the instrumented code uses the variable incremented by the timer thread to infer an amount of time taken for running a part of the code. A number of cache misses during execution of the part of the code is determined based on the amount of time. It is determined whether the application is experiencing the cache-based side-channel attack using a classifier which uses as input the number of cache misses.
    Type: Application
    Filed: March 23, 2020
    Publication date: June 24, 2021
    Inventors: Jianyu Jiang, Ghassan Karame, Claudio Soriente
  • Publication number: 20210167958
    Abstract: A method for cryptographic key provisioning includes, via a main authentication server (MAS), generating a first secret key and registering a client by performing a first portion of a first instance of a distributed threshold oblivious pseudo-random function. The first instance of the function results in the client obtaining a root secret key and the MAS obtaining a corresponding root public key. The method includes authenticating the client to the MAS by performing a first portion of a second instance of the distributed threshold oblivious pseudo-random function. The second instance of the function results in the client obtaining the root secret key. Information stored by the client, the first secret key, and a second secret key generated by a support authentication server are inputs to at least one of the first and second instances of the distributed threshold oblivious pseudo-random function.
    Type: Application
    Filed: March 27, 2020
    Publication date: June 3, 2021
    Inventors: Claudio Soriente, Antonio Faonio, Maria Isabel Gonzalez Vasco, Angel Perez del Pozo
  • Publication number: 20210067318
    Abstract: A method for secure user authentication using a blockchain includes computing a cryptographic puzzle and a solution to the cryptographic puzzle. The solution is sent to a user to be authenticated and the cryptographic puzzle is sent to the blockchain. Thereby, the user is authenticatable by a relaying party having read access to the blockchain to fetch the cryptographic puzzle from the blockchain and determine whether the solution as presented to the relaying party by the user is a valid solution to the cryptographic puzzle.
    Type: Application
    Filed: November 21, 2019
    Publication date: March 4, 2021
    Inventors: Ghassan Karame, Claudio Soriente
  • Patent number: 10885466
    Abstract: A method for determining an identity of a URL visited by a user from a vantage point in a network in which network traffic is encrypted includes determining a host to model, generating a list of URLs hosted by the host to model, repeatedly retrieving web resources referenced by the list of URLs hosted by the host to model and generating a network traffic signature upon each retrieval, generating a data feature for each of the generated network traffic signatures, and training, using the generated data features, a classifier corresponding to the host to model, wherein the classifier is configured to determine an identity of the visited URL from a signature of network traffic produced by the retrieval of a resource referenced by the visited URL.
    Type: Grant
    Filed: April 13, 2017
    Date of Patent: January 5, 2021
    Assignees: NEC CORPORATION, TELEFONICA I+D
    Inventors: Roberto Gonzalez Sanchez, Claudio Soriente, Nikolaos Laoutaris
  • Publication number: 20200412529
    Abstract: A method for storing a data file (DF) on a storage entity (SE) includes receiving, by a proxy (PE) and from a computing entity (CE), a plurality of hash values corresponding to a plurality of blocks of the DF. The PE may check whether the plurality of blocks of the DF are stored in the SE based on the plurality of hash values. Based on determining that at least a subset of the plurality of blocks of the DF are not being stored in the SE, the PE may compute a secret associated with an encryption key. The PE may transmit, to the CE, the secret. The PE may receive, from the CE, information including storage locations of the subset of the plurality of blocks within the SE and one or more hash values, of the plurality of hash values, associated with the subset of the plurality of blocks.
    Type: Application
    Filed: September 14, 2020
    Publication date: December 31, 2020
    Inventors: Ghassan Karame, Claudio Soriente, Hubert Ritzdorf, Srdjan Capkun
  • Patent number: 10819506
    Abstract: A method for storing a data file, ‘DF’ on a storage entity, ‘SE’ includes a computing entity, ‘CE’, chunking the DF into a number of blocks using a one-way-function and a chunking key. The CE may compute a hash value for each of the blocks. One or more proxies, ‘PE’, may check whether the blocks are already stored, resulting in a first number of already stored blocks and a second number of blocks not being stored. The CE may encrypt the blocks not being stored using an encryption key, transmit the encrypted blocks to the SE for storing, and inform the PE about the hash value of each of the transmitted blocks and corresponding storage location information of the transmitted blocks.
    Type: Grant
    Filed: October 7, 2015
    Date of Patent: October 27, 2020
    Assignee: NEC CORPORATION
    Inventors: Ghassan Karame, Claudio Soriente, Hubert Ritzdorf, Srdjan Capkun
  • Publication number: 20200336292
    Abstract: In a system having a plurality of servers, a method is executed to perform an encryption scheme. The method includes a server of the plurality of servers receiving a request token to compute a function on a data point, the data point being encrypted as a ciphertext and the request token being based on the ciphertext and the function. The server grants the request to compute the function on the datapoint by sending a function evaluation key, and participates in a distributed decryption protocol for determining a result of computing the function on the data point by sending a master secret key.
    Type: Application
    Filed: September 25, 2019
    Publication date: October 22, 2020
    Inventors: Claudio Soriente, Miguel Ambrona, Dario Fiore
  • Patent number: 10649847
    Abstract: A communication apparatus comprising: a plurality of communication processes, each performing communication process on a flow associated thereto; a plurality of network interfaces, each of the network interfaces adapted to be connected to a network; a dispatcher that receives a packet from the network interface and dispatches the packet to an associated communication process, based on a dispatch rule that defines association of a flow to a communication process to which the flow is dispatched; and a control unit that performs control to roll back each of the communication processes using saved image thereof.
    Type: Grant
    Filed: May 11, 2015
    Date of Patent: May 12, 2020
    Assignee: NEC Corporation
    Inventors: Takayuki Sasaki, Adrian Perrig, Srdjan Capkun, Claudio Soriente, Ramya Jayaram Masti, Jason Lee
  • Publication number: 20200097648
    Abstract: A computer-implemented method includes receiving an original message from a trusted execution environment. The original message includes an original digital signature authored by the trusted execution environment. The method includes computing a proof of knowledge for the original digital signature and modifying the original message by replacing the original digital signature with the proof of knowledge.
    Type: Application
    Filed: August 13, 2019
    Publication date: March 26, 2020
    Inventors: Claudio Soriente, Antonio Faonio, Dario Fiore, Luca Nizzardo
  • Patent number: 10601632
    Abstract: A communication apparatus comprising a plurality of communication processes, each of the communication processes configured to be executed in an environment allocated thereto and isolated from each of one or more environments arranged for remaining one or more processes, each of the communication processes performing communication processing on a flow associated thereto, a network interface connected to a network; a dispatcher that dispatches a packet to the communication process based on a dispatch rule that defines association of a flow with a communication process.
    Type: Grant
    Filed: May 11, 2015
    Date of Patent: March 24, 2020
    Assignee: NEC Corporation
    Inventors: Takayuki Sasaki, Adrian Perrig, Srdjan Capkun, Claudio Soriente, Ramya Jayaram Masti, Jason Lee
  • Publication number: 20200014546
    Abstract: A method secures a system that includes an application owner, a master application, and a plurality secure platforms. The master application receives from the application owner an application and an input. The application computes a function to calculate an output from the input. The master application deploys replicas of the application on a number of the secure platforms. The master application establishes a secure channel with each of the replicas, and sends at least a portion of the input to the replicas. The master application receives a result calculated by each of the replicas. The result is determined according to the function and the at least the portion of input. The master application determines the output based on the result received from each of the replicas; and sends to the application owner, the output.
    Type: Application
    Filed: June 27, 2019
    Publication date: January 9, 2020
    Inventors: Ghassan Karame, Claudio Soriente
  • Publication number: 20190243950
    Abstract: A method for executing a trusted execution environment (TEE) based application in a cloud includes receiving, by a proxy, a request from a client, requesting, by the proxy from an attestation service, attestation, and sending, by the proxy to the client, a result of the attestation.
    Type: Application
    Filed: February 7, 2019
    Publication date: August 8, 2019
    Inventors: Claudio Soriente, Ghassan Karame, Wenting Li
  • Publication number: 20190243963
    Abstract: A method for executing a trusted execution environment (TEE) based application in a cloud computing system. The method includes executing a proxied attestation procedure with a client to enable the client to attest that an enclave management layer (EML) application provided by the cloud computing system runs on a TEE-enabled platform. The method also includes receiving, by the cloud computing system from the client, application code corresponding to the TEE-based application and receiving, by the EML application from the client, application parameters corresponding to the TEE-based application. In addition, the method includes writing, by the EML, application to a secure storage layer, the application parameters corresponding to the TEE-based application and creating, by the cloud computing system, an enclave configured to execute the TEE-based application.
    Type: Application
    Filed: December 21, 2018
    Publication date: August 8, 2019
    Inventors: Claudio Soriente, Ghassan Karame, Wenting Li
  • Publication number: 20190164201
    Abstract: A method for checking legitimacy of a customer review includes receiving, via a service provider device, a verification key and receiving, via a customer device, a customer review, a redacted message, and a redacted signature. The method further includes at least one of: (a) publishing the verification key and the redacted signature on a review website with the customer review such that the legitimacy of the redacted signature is checkable by a user device; or (b) checking, using the verification key, whether the redacted signature is legitimate and, based on the redacted signature being legitimate, marking the customer review as being legitimate.
    Type: Application
    Filed: November 27, 2017
    Publication date: May 30, 2019
    Inventor: Claudio Soriente