Patents by Inventor Eric Murray
Eric Murray has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10461924Abstract: A format-preserving cipher including an encryption and a decryption scheme supporting non-linear access to input data by allowing the selection of portions of data from a potentially larger dataset to be encrypted, thus avoiding a necessarily sequential access into the input plaintext data. The cipher first defines a forward mapping from the allowable ciphertext values to an integer set of the number of such allowable ciphertext values, and a corresponding reverse mapping. It also supports exclusion of a certain set of characters from the ciphering process. An encryption algorithm is provided that encrypts the input plaintext data while preserving its original format and length, and a corresponding decryption algorithm is provided. The cipher advantageously embodies the encryption and decryption of multi-byte values, composite datasets, and credit card numbers, thus fitting a variety of industrial needs.Type: GrantFiled: April 19, 2018Date of Patent: October 29, 2019Assignee: ZETTASET, INC.Inventor: Eric A. Murray
-
Publication number: 20190230072Abstract: A computer system and methods for securing files in a file system with storage resources accessible to an authenticable user using an untrusted client device in a semi-trusted client threat model. Each file is secured in the file system in one or more ciphertext blocks along with the file metadata. Each file is assigned a unique file key FK to encrypt the file. A wrapping key WK assigned to the file is used for encrypting the file key FK to produce a wrapped file key WFK. A key manager is in charge of generating and storing keys. The file is encrypted block by block to produce corresponding ciphertext blocks and corresponding authentication tags. The authentication tags are stored in the file metadata, along with an ID of the wrapping key WK, wrapped file key WFK, last key rotation time, an Access Control List (ACL), etc. The integrity of ciphertext blocks is ensured by authentication tags and the integrity of the metadata is ensured by a message authentication code (MAC).Type: ApplicationFiled: April 2, 2019Publication date: July 25, 2019Inventor: Eric A. Murray
-
Publication number: 20190223234Abstract: A cellular telecommunications network architecture is described where certain UEs are configured to assist the network to improve coverage in regions of poor radio conditions. In certain embodiments, appropriate UEs are selected to act as a dynamic, out-of-band coverage extensions. Network performance can thereby be improved when serving users at the cell edge(or in other poor radio condition regions of a cell). Data from UEs connected to those assisting UEs is encrypted to allow secure transit of data without requiring modification to the RAN or Core Network.Type: ApplicationFiled: January 24, 2019Publication date: July 18, 2019Inventors: Eric MURRAY, Peter COSIMINI, Marco Angelo Pietro DEL BO, Javier MONEDERO, Tarek ELBASYOUNY, Maria VAZQUEZ
-
Patent number: 10298555Abstract: A computer system and methods for securing files in a file system with storage resources accessible to an authenticable user using an untrusted client device in a semi-trusted client threat model. Each file is secured in the file system in one or more ciphertext blocks along with the file metadata. Each file is assigned a unique file key FK to encrypt the file. A wrapping key WK assigned to the file is used for encrypting the file key FK to produce a wrapped file key WFK. The file is encrypted block by block to produce corresponding ciphertext blocks and corresponding authentication tags. The authentication tags are stored in the file metadata, along with an ID of the wrapping key WK, wrapped file key WFK, last key rotation time, an Access Control List (ACL), etc. The integrity of ciphertext blocks is ensured by authentication tags and the integrity of the metadata is ensured by a message authentication code (MAC).Type: GrantFiled: May 31, 2016Date of Patent: May 21, 2019Assignee: ZETTASET, INC.Inventor: Eric A. Murray
-
Patent number: 10244568Abstract: A cellular telecommunications network architecture is described where certain UEs are configured to assist the network to improve coverage in regions of poor radio conditions. In certain embodiments, appropriate UEs are selected to act as a dynamic, out-of-band coverage extensions. Network performance can thereby be improved when serving users at the cell edge (or in other poor radio condition regions of a cell). Data from UEs connected to those assisting UEs is encrypted to allow secure transit of data without requiring modification to the RAN or Core Network.Type: GrantFiled: October 13, 2015Date of Patent: March 26, 2019Assignee: VODAFONE IP LICENSING LIMITEDInventors: Eric Murray, Peter Cosimini, Marco Angelo Pietro Del Bo, Javier Monedero, Tarek Elbasyouny, Maria Vazquez
-
Publication number: 20190013936Abstract: Techniques are disclosed for securing data in a cloud storage. Plaintext files are stored as secured, encrypted files in the cloud. The ciphering scheme employs per-block authenticated encryption and decryption. A unique file-key is used to encrypt each file. The file-key is wrapped by authenticated encryption in a wrapping-key that may be shared between files. A centralized security policy contains policy definitions which determine which files will share the wrapping-key. Wrapping-keys are stored in a KMIP compliant key manager which may be backed by a hardware security module (HSM). File metadata is protected by a keyed-hash message authentication code (HMAC). A policy engine along with administrative tools enforce the security policy which also remains encrypted in the system. Various embodiments support blocks of fixed as well as variable sizes read/written from/to the cloud storage.Type: ApplicationFiled: July 3, 2018Publication date: January 10, 2019Inventors: Eric A. Murray, Maksim Yankovsky
-
Publication number: 20180241545Abstract: A format-preserving cipher including an encryption and a decryption scheme supporting non-linear access to input data by allowing the selection of portions of data from a potentially larger dataset to be encrypted, thus avoiding a necessarily sequential access into the input plaintext data. The cipher first defines a forward mapping from the allowable ciphertext values to an integer set of the number of such allowable ciphertext values, and a corresponding reverse mapping. It also supports exclusion of a certain set of characters from the ciphering process. An encryption algorithm is provided that encrypts the input plaintext data while preserving its original format and length, and a corresponding decryption algorithm is provided. The cipher advantageously embodies the encryption and decryption of multi-byte values, composite datasets, and credit card numbers, thus fitting a variety of industrial needs.Type: ApplicationFiled: April 19, 2018Publication date: August 23, 2018Inventor: Eric A. Murray
-
Patent number: 10043029Abstract: Techniques are disclosed for securing data in a cloud storage. Plaintext files are stored as secured, encrypted files in the cloud. The ciphering scheme employs per-block authenticated encryption and decryption. A unique file-key is used to encrypt each file. The file-key is wrapped by authenticated encryption in a wrapping-key that may be shared between files. A centralized security policy contains policy definitions which determine which files will share the wrapping-key. Wrapping-keys are stored in a KMIP compliant key manager which may be backed by a hardware security module (HSM). File metadata is further protected by a keyed-hash message authentication code (HMAC). A policy engine along with administrative tools enforce the security policy which also remains encrypted in the system.Type: GrantFiled: November 15, 2017Date of Patent: August 7, 2018Assignee: ZETTASET, INC.Inventor: Eric A. Murray
-
Patent number: 10009169Abstract: A format-preserving cipher including encryption and decryption schemes supporting non-linear access to input data by allowing the selection of portions of data from a potentially larger dataset to be encrypted. The cipher first defines a forward mapping from the allowable ciphertext values to an integer set of the number of such allowable ciphertext values, and a corresponding reverse mapping. It also supports exclusion of a certain set of characters from the ciphering process. An encryption algorithm is provided that encrypts the input plaintext data while preserving its original format and length, and a corresponding decryption algorithm is provided. The cipher advantageously embodies the encryption and decryption of multi-byte values, composite datasets, credit card numbers and discontinuous datasets, thus fitting a variety of industrial needs.Type: GrantFiled: July 1, 2016Date of Patent: June 26, 2018Assignee: ZETTASET, INC.Inventor: Eric A. Murray
-
Patent number: 9979537Abstract: A format-preserving cipher including an encryption and a decryption scheme supporting non-linear access to input data by allowing the selection of portions of data from a potentially larger dataset to be encrypted, thus avoiding a necessarily sequential access into the input plaintext data. The cipher first defines a forward mapping from the allowable ciphertext values to an integer set of the number of such allowable ciphertext values, and a corresponding reverse mapping. It also supports exclusion of a certain set of characters from the ciphering process. An encryption algorithm is provided that encrypts the input plaintext data while preserving its original format and length, and a corresponding decryption algorithm is provided. The cipher advantageously embodies the encryption and decryption of multi-byte values, composite datasets, and credit card numbers, thus fitting a variety of industrial needs.Type: GrantFiled: April 4, 2016Date of Patent: May 22, 2018Assignee: ZETTASET, INC.Inventor: Eric A. Murray
-
Publication number: 20180082076Abstract: Techniques are disclosed for securing data in a cloud storage. Plaintext files are stored as secured, encrypted files in the cloud. The ciphering scheme employs per-block authenticated encryption and decryption. A unique file-key is used to encrypt each file. The file-key is wrapped by authenticated encryption in a wrapping-key that may be shared between files. A centralized security policy contains policy definitions which determine which files will share the wrapping-key. Wrapping-keys are stored in a KMIP compliant key manager which may be backed by a hardware security module (HSM). File metadata is further protected by a keyed-hash message authentication code (HMAC). A policy engine along with administrative tools enforce the security policy which also remains encrypted in the system.Type: ApplicationFiled: November 15, 2017Publication date: March 22, 2018Inventor: Eric A. Murray
-
Patent number: 9912473Abstract: Shared file systems and methods ensuring high availability of cryptographic keys. The keys are encrypted with at least one shareable master key to generate corresponding encrypted cryptographic keys, which are stored in a key database in the shared file system. A master key manager with access to the key database is elected from among master key manager candidates and is assigned a common virtual address. All master key manager candidates have the shareable master key such that during a failover event the availability of the encrypted cryptographic keys is not interrupted as a new master key manager takes over the common virtual address from the previous master key manager. Additionally, a message authentication code (MAC) is deployed for testing the integrity of keys during their retrieval.Type: GrantFiled: September 10, 2015Date of Patent: March 6, 2018Assignee: Zettaset, Inc.Inventor: Eric A. Murray
-
Publication number: 20170245311Abstract: A cellular telecommunications network architecture is described where certain UEs are configured to assist the network to improve coverage in regions of poor radio conditions. In certain embodiments, appropriate UEs are selected to act as a dynamic, out-of-band coverage extensions. Network performance can thereby be improved when serving users at the cell edge(or in other poor radio condition regions of a cell). Data from UEs connected to those assisting UEs is encrypted to allow secure transit of data without requiring modification to the RAN or Core Network.Type: ApplicationFiled: October 13, 2015Publication date: August 24, 2017Inventors: Eric MURRAY, Peter COSIMINI, Marco DEL BO, Javier MONEDERO, Tarek ELBASYOUNY, Maria VAZQUEZ
-
Patent number: 9607133Abstract: A method and apparatus for inserting a watermark into a compiled computer program. A location process specifies an insertion point in the compiled program and a watermark generating process inserts a watermark, based on data to be encoded, into the program at the insertion point. The location process is also utilized to specify the location of watermark data to be decoded.Type: GrantFiled: November 9, 2007Date of Patent: March 28, 2017Assignee: NVIDIA CorporationInventors: Robert Rubin, Eric Murray
-
Publication number: 20170048059Abstract: A format-preserving cipher including encryption and decryption schemes supporting non-linear access to input data by allowing the selection of portions of data from a potentially larger dataset to be encrypted. The cipher first defines a forward mapping from the allowable ciphertext values to an integer set of the number of such allowable ciphertext values, and a corresponding reverse mapping. It also supports exclusion of a certain set of characters from the ciphering process. An encryption algorithm is provided that encrypts the input plaintext data while preserving its original format and length, and a corresponding decryption algorithm is provided. The cipher advantageously embodies the encryption and decryption of multi-byte values, composite datasets, credit card numbers and discontinuous datasets, thus fitting a variety of industrial needs.Type: ApplicationFiled: July 1, 2016Publication date: February 16, 2017Inventor: Eric A. Murray
-
Publication number: 20160277373Abstract: A computer system and methods for securing files in a file system with storage resources accessible to an authenticable user using an untrusted client device in a semi-trusted client threat model. Each file is secured in the file system in one or more ciphertext blocks along with the file metadata. Each file is assigned a unique file key FK to encrypt the file. A wrapping key WK assigned to the file is used for encrypting the file key FK to produce a wrapped file key WFK. The file is encrypted block by block to produce corresponding ciphertext blocks and corresponding authentication tags. The authentication tags are stored in the file metadata, along with an ID of the wrapping key WK, wrapped file key WFK, last key rotation time, an Access Control List (ACL), etc. The integrity of ciphertext blocks is ensured by authentication tags and the integrity of the metadata is ensured by a message authentication code (MAC).Type: ApplicationFiled: May 31, 2016Publication date: September 22, 2016Inventor: Eric A. Murray
-
Publication number: 20160269964Abstract: A cellular communications network comprises a plurality of geographically distributed access nodes arranged for communication with a mobile terminal. Where the mobile terminal comprises a plurality of jointly-operated communications systems, the mobile terminal and/or an access node or nodes are configured for communication with each other using a respective wireless link, so as to control an aggregate data rate across the plurality of wireless links. If a single access node services a first and second communications system, a location for the communications systems at a predetermined time is determined and respective transmission parameters for the first and second wireless links are jointly determined and assigned on the basis of the combined data rate over the first and second wireless links and the predicted location.Type: ApplicationFiled: October 24, 2014Publication date: September 15, 2016Inventor: Eric MURRAY
-
Publication number: 20160249233Abstract: A cellular radio network system and method for communicating with at least one vehicle-based mobile gateway terminal is provided. The at least one mobile gateway terminal is configured to communicate a network service for one or more user mobile terminals on-board the vehicle. A plurality of network cells provide cellular radio network coverage along a route of the vehicle. Each network cell is dedicated for communication with the at least one vehicle-based mobile gateway terminal so as to allow communication between the at least one vehicle-based mobile gateway terminal and a core network of the cellular radio network.Type: ApplicationFiled: October 24, 2014Publication date: August 25, 2016Inventors: Eric MURRAY, Robert BANKS, Ian NEWTON, Peter LONGDEN, Philip WHITE, Ralf IRMER
-
Publication number: 20160218860Abstract: A format-preserving cipher including an encryption and a decryption scheme supporting non-linear access to input data by allowing the selection of portions of data from a potentially larger dataset to be encrypted, thus avoiding a necessarily sequential access into the input plaintext data. The cipher first defines a forward mapping from the allowable ciphertext values to an integer set of the number of such allowable ciphertext values, and a corresponding reverse mapping. It also supports exclusion of a certain set of characters from the ciphering process. An encryption algorithm is provided that encrypts the input plaintext data while preserving its original format and length, and a corresponding decryption algorithm is provided. The cipher advantageously embodies the encryption and decryption of multi-byte values, composite datasets, and credit card numbers, thus fitting a variety of industrial needs.Type: ApplicationFiled: April 4, 2016Publication date: July 28, 2016Inventor: Eric A. Murray
-
Publication number: 20160191239Abstract: Shared file systems and methods ensuring high availability of cryptographic keys. The keys are encrypted with at least one shareable master key to generate corresponding encrypted cryptographic keys, which are stored in a key database in the shared file system. A master key manager with access to the key database is elected from among master key manager candidates and is assigned a common virtual address. All master key manager candidates have the shareable master key such that during a failover event the availability of the encrypted cryptographic keys is not interrupted as a new master key manager takes over the common virtual address from the previous master key manager. Additionally, a message authentication code (MAC) is deployed for testing the integrity of keys during their retrieval.Type: ApplicationFiled: September 10, 2015Publication date: June 30, 2016Inventor: Eric A. Murray