Patents by Inventor John A. Nix

John A. Nix has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12088706
    Abstract: A network and a device can support secure sessions with both (i) a post-quantum cryptography (PQC) key encapsulation mechanism (KEM) and (ii) forward secrecy. The device can generate (i) an ephemeral public key (ePK.device) and private key (eSK.device) and (ii) send ePK.device with first KEM parameters to the network. The network can (i) conduct a first KEM with ePK.device to derive a first asymmetric ciphertext and first shared secret, and (ii) generate a first symmetric ciphertext for PK.server and second KEM parameters using the first shared secret. The network can send the first asymmetric ciphertext and the first symmetric ciphertext to the device. The network can receive (i) a second symmetric ciphertext comprising “double encrypted” second asymmetric ciphertext for a second KEM with SK.server, and (ii) a third symmetric ciphertext. The network can decrypt the third symmetric ciphertext using the second asymmetric ciphertext.
    Type: Grant
    Filed: August 4, 2023
    Date of Patent: September 10, 2024
    Inventor: John A. Nix
  • Patent number: 12069123
    Abstract: A storage radio unit (SRU) for a device can include a radio, embedded universal integrated circuit card (eUICC), a processor, an antenna, and nonvolatile memory. The SRU can support standards for removable storage form factors and record a file system for a device. The device can be associated with a service provider and the SRU can be associated with a network provider. The radio can support Narrowband Internet of Things (NB-IoT) standards. The SRU can operate a file system interface (FSI) for the radio, where the device records application data in a file of the FSI. The SRU can attach to a wireless NB-IoT network using credentials recorded in the eUICC. The SRU can read the file of the FSI, and compress, encrypt, and transmit the application data to a network provider via the radio. The network provider can transmit the application data via TLS to the service provider.
    Type: Grant
    Filed: July 22, 2022
    Date of Patent: August 20, 2024
    Assignee: IOT AND M2M TECHNOLOGIES, LLC
    Inventor: John A. Nix
  • Publication number: 20240276214
    Abstract: A wireless device with transducers can support remote monitoring and include an 802.11 compatible radio and a set of device default credentials. The device can be installed at a physical location with service from a fixed access point operating with a different set of owner credentials. A mobile phone can (i) scan a tag for the device and download a set of configuration parameters for the device, and (ii) authenticate with a configuration system. The mobile phone can receive the set of device default credentials from the configuration system. The mobile phone can activate a mobile access point using the set of device default credentials. The device can connect with the mobile phone's access point and receive a ciphertext with the owner credentials and a configuration package. The device can apply the configuration package and load the owner credentials in order to connect with the fixed access point.
    Type: Application
    Filed: February 16, 2024
    Publication date: August 15, 2024
    Applicant: IoT and M2M Technologies, LLC
    Inventor: John A. Nix
  • Publication number: 20240267206
    Abstract: A server can receive a device public key and forward the device public key to a key server. The key server can perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using the device public key and a network private key to derive a secret X1. The key server can send the secret X1 to the server. The server can derive an ECC PKI key pair and send to the device the server public key. The server can conduct a second ECDH key exchange using the derived server secret key and the device public key to derive a secret X2. The server can perform an ECC point addition using the secret X1 and secret X2 to derive a secret X3. The device can derive the secret X3 using (i) the server public key, a network public key, and the device private key and (ii) a third ECDH key exchange.
    Type: Application
    Filed: March 12, 2024
    Publication date: August 8, 2024
    Applicant: IoT and M2M Technologies, LLC
    Inventor: John A. Nix
  • Patent number: 12050692
    Abstract: A device can operate a processor, a primary platform, and a nonvolatile memory that includes a first boot firmware for the processor. The nonvolatile memory can comprise a (i) read-only memory for the processor and (ii) a read and write memory for the primary platform. Upon power up, the processor can load the first boot firmware with a first certificate and first set of cryptographic algorithms to verify a digital signature for a second boot firmware, where the second boot firmware is loaded by the processor after the first boot firmware. The primary platform can securely download a secondary platform bundle (SPB) with a boot update image and a second certificate and second set of cryptographic algorithms. The SPB can replace the first boot firmware with the updated first boot firmware. The processor verifies the second boot firmware with the second certificate and the second set of cryptographic algorithms.
    Type: Grant
    Filed: October 30, 2020
    Date of Patent: July 30, 2024
    Inventor: John A. Nix
  • Publication number: 20240250938
    Abstract: A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone.
    Type: Application
    Filed: January 18, 2024
    Publication date: July 25, 2024
    Inventor: John A. Nix
  • Patent number: 12047516
    Abstract: A server can record (i) a first digital signature algorithm with a first certificate, and a corresponding first private key, and (ii) a second digital signature algorithm with a second certificate, and a corresponding second private key. The server can select first data to sign for the first algorithm and the first private key in order to generate a first digital signature. The server can select second data to sign, wherein the second data to sign includes at least the first digital signature. The server can generate a second digital signature for the second data to sign using the second algorithm and the second private key. The server can transmit a message comprising (i) the first and second certificates, and (ii) the first and second digital signatures to a client device. Systems and methods can concurrently support the use of both post-quantum and classical cryptography to enhance security.
    Type: Grant
    Filed: February 2, 2023
    Date of Patent: July 23, 2024
    Inventor: John A. Nix
  • Patent number: 12024947
    Abstract: A window shade mounting system comprising: a mounting bracket having a first slot for receiving a portion of a hanger band; a roller shade bracket attached to the hanger band; a roller window shade assembly attached to the roller shade bracket; a defined cavity defined by the support band, hanger band or both; and, wherein the support band and the hanger band have the same cross section.
    Type: Grant
    Filed: August 18, 2021
    Date of Patent: July 2, 2024
    Assignee: Geigtech East Bay, LLC
    Inventors: James Geiger, John Nix, Charles Lovely
  • Patent number: 12022287
    Abstract: A device, mobile operator, network, and a device provider can exchange messages for EAP-TLS authentication. The network can include an authentication server function (AUSF). A device and a device provider can record both a device certificate and a device provider certificate. The network can receive an encrypted identity for the device and forward the identity to the device provider. The device provider can send the device certificate and the device provider certificate to the network. The network can (i) receive a “client hello”, (ii) select a network public key and private key, and (iii) send a certificate signing request to the device provider with the network public key, and (iv) receive a network certificate verified by the device provider certificate. The network can receive the device certificate from the device in a TLS handshake and mutually authenticate with the device using the received network certificate and the device certificate.
    Type: Grant
    Filed: July 7, 2020
    Date of Patent: June 25, 2024
    Inventor: John A. Nix
  • Publication number: 20240195792
    Abstract: A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone.
    Type: Application
    Filed: February 26, 2024
    Publication date: June 13, 2024
    Inventor: John A. Nix
  • Publication number: 20240187392
    Abstract: A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone.
    Type: Application
    Filed: February 6, 2024
    Publication date: June 6, 2024
    Inventor: John A. Nix
  • Patent number: 12003629
    Abstract: A network and a device can support a secure session with both (i) multiple post-quantum cryptography (PQC) key encapsulation mechanisms (KEM) and (ii) forward secrecy. The network can operate (i) a first server for conducting KEM with the device and (ii) a second server for generating a digital signature which can be verified by the device with a server certificate. The first server can receive a device ephemeral public key (ePK.device) and generate (i) a server ephemeral public key (ePK.server) and private key. The first server can send, to the second server, data comprising ciphertext for the ePK.device, ePK.server and the server certificate. The second server can (i) generate the digital signature over the data, and (ii) send the digital signature to the first server. The first server can conduct a KEM with ePK.device and the ciphertext in order to encrypt at least ePK.server and the digital signature.
    Type: Grant
    Filed: December 29, 2021
    Date of Patent: June 4, 2024
    Inventor: John A. Nix
  • Publication number: 20240178996
    Abstract: A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.
    Type: Application
    Filed: February 6, 2024
    Publication date: May 30, 2024
    Inventor: John A. Nix
  • Publication number: 20240179138
    Abstract: A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone.
    Type: Application
    Filed: February 7, 2024
    Publication date: May 30, 2024
    Inventor: John A. Nix
  • Patent number: 11979508
    Abstract: A tamper resistant element (TRE) in a device can operate a primary platform and support a “Smart Secure Platform”. The TRE may not keep time when electrical power is removed from the TRE. The device can receive (i) a certificate for an image delivery server (IDS) with a first timestamp and (ii) a signed second timestamp from a certificate authority, comprising a signature according to the Online Certificate Status Protocol (OCSP) with stapling. The device can forward the certificate and second timestamp to the TRE. The device can receive a ciphertext and an encrypted image from the IDS, where the ciphertext includes a third timestamp from a Time Stamp Authority (TSA), and forward the data to the TRE. The TRE can conduct a key exchange to decrypt the ciphertext. The TRE can compare the second and third timestamps to verify the certificate has not been revoked.
    Type: Grant
    Filed: December 13, 2019
    Date of Patent: May 7, 2024
    Assignee: IOT AND M2M TECHNOLOGIES, LLC
    Inventor: John A. Nix
  • Patent number: 11973864
    Abstract: Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.
    Type: Grant
    Filed: February 20, 2023
    Date of Patent: April 30, 2024
    Assignee: Network-1 Technologies, Inc.
    Inventor: John A. Nix
  • Patent number: 11973863
    Abstract: A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.
    Type: Grant
    Filed: February 24, 2021
    Date of Patent: April 30, 2024
    Assignee: Network-1 Technologies, Inc.
    Inventor: John A. Nix
  • Publication number: 20240121108
    Abstract: A server can record (i) a first digital signature algorithm with a first certificate, and a corresponding first private key, and (ii) a second digital signature algorithm with a second certificate, and a corresponding second private key. The server can select first data to sign for the first algorithm and the first private key in order to generate a first digital signature. The server can select second data to sign, wherein the second data to sign includes at least the first digital signature. The server can generate a second digital signature for the second data to sign using the second algorithm and the second private key. The server can transmit a message comprising (i) the first and second certificates, and (ii) the first and second digital signatures to a client device. Systems and methods can concurrently support the use of both post-quantum and classical cryptography to enhance security.
    Type: Application
    Filed: February 2, 2023
    Publication date: April 11, 2024
    Inventor: John A. Nix
  • Publication number: 20240113878
    Abstract: A device and a network can authenticate using a subscription concealed identifier (SUCI). The device can store (i) a plaintext subscription permanent identifier (SUPI) for the device, (ii) a network static public key, and (iii) a key encapsulation mechanism (KEM) for encryption using the network static public key. The network can store (i) a device database with the SUPI, (ii) a network static private key, and (iii) the KEM for decryption using the network static private key. The device can (i) combine a random number with the SUPI as input into the KEM to generate a ciphertext as the SUCI, and (ii) transmit the ciphertext/SUCI to the network. The network can (i) decrypt the ciphertext using the KEM to read the SUPI, (iii) select a key K from the device database using the SUPI, and (iv) conduct an Authentication and Key Agreement (AKA) with the selected key K.
    Type: Application
    Filed: December 4, 2023
    Publication date: April 4, 2024
    Inventor: John A. Nix
  • Patent number: 11949798
    Abstract: A primary platform (PP) can (i) support a first set of cryptographic parameters and (ii) securely download an unconfigured secondary platform bundle (SPB) that includes a configuration package (SPB CP). The SPB CP can establish a secure session with a configuration server (CS). The CS can select operating cryptographic parameters supported by the first set. The SPB CP can derive an SPB private and public key. The PP can use the selected operating cryptographic parameters to securely authenticate and sign the SPB public key. The CS can (i) verify the PP signature for the SPB public key and (ii) generate an SPB identity and certificate for the SPB and (iii) send the certificate and SPB configuration data to the SPB CP. The SPB CP can complete configuration of the SPB using the SPB identity, certificate, and configuration data. The configured SPB can authenticate with a network using the certificate.
    Type: Grant
    Filed: April 17, 2023
    Date of Patent: April 2, 2024
    Inventor: John A. Nix