Patents by Inventor John A. Nix

John A. Nix has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12047516
    Abstract: A server can record (i) a first digital signature algorithm with a first certificate, and a corresponding first private key, and (ii) a second digital signature algorithm with a second certificate, and a corresponding second private key. The server can select first data to sign for the first algorithm and the first private key in order to generate a first digital signature. The server can select second data to sign, wherein the second data to sign includes at least the first digital signature. The server can generate a second digital signature for the second data to sign using the second algorithm and the second private key. The server can transmit a message comprising (i) the first and second certificates, and (ii) the first and second digital signatures to a client device. Systems and methods can concurrently support the use of both post-quantum and classical cryptography to enhance security.
    Type: Grant
    Filed: February 2, 2023
    Date of Patent: July 23, 2024
    Inventor: John A. Nix
  • Patent number: 12022287
    Abstract: A device, mobile operator, network, and a device provider can exchange messages for EAP-TLS authentication. The network can include an authentication server function (AUSF). A device and a device provider can record both a device certificate and a device provider certificate. The network can receive an encrypted identity for the device and forward the identity to the device provider. The device provider can send the device certificate and the device provider certificate to the network. The network can (i) receive a “client hello”, (ii) select a network public key and private key, and (iii) send a certificate signing request to the device provider with the network public key, and (iv) receive a network certificate verified by the device provider certificate. The network can receive the device certificate from the device in a TLS handshake and mutually authenticate with the device using the received network certificate and the device certificate.
    Type: Grant
    Filed: July 7, 2020
    Date of Patent: June 25, 2024
    Inventor: John A. Nix
  • Publication number: 20240195792
    Abstract: A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone.
    Type: Application
    Filed: February 26, 2024
    Publication date: June 13, 2024
    Inventor: John A. Nix
  • Publication number: 20240187392
    Abstract: A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone.
    Type: Application
    Filed: February 6, 2024
    Publication date: June 6, 2024
    Inventor: John A. Nix
  • Patent number: 12003629
    Abstract: A network and a device can support a secure session with both (i) multiple post-quantum cryptography (PQC) key encapsulation mechanisms (KEM) and (ii) forward secrecy. The network can operate (i) a first server for conducting KEM with the device and (ii) a second server for generating a digital signature which can be verified by the device with a server certificate. The first server can receive a device ephemeral public key (ePK.device) and generate (i) a server ephemeral public key (ePK.server) and private key. The first server can send, to the second server, data comprising ciphertext for the ePK.device, ePK.server and the server certificate. The second server can (i) generate the digital signature over the data, and (ii) send the digital signature to the first server. The first server can conduct a KEM with ePK.device and the ciphertext in order to encrypt at least ePK.server and the digital signature.
    Type: Grant
    Filed: December 29, 2021
    Date of Patent: June 4, 2024
    Inventor: John A. Nix
  • Publication number: 20240178996
    Abstract: A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.
    Type: Application
    Filed: February 6, 2024
    Publication date: May 30, 2024
    Inventor: John A. Nix
  • Publication number: 20240179138
    Abstract: A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone.
    Type: Application
    Filed: February 7, 2024
    Publication date: May 30, 2024
    Inventor: John A. Nix
  • Patent number: 11979508
    Abstract: A tamper resistant element (TRE) in a device can operate a primary platform and support a “Smart Secure Platform”. The TRE may not keep time when electrical power is removed from the TRE. The device can receive (i) a certificate for an image delivery server (IDS) with a first timestamp and (ii) a signed second timestamp from a certificate authority, comprising a signature according to the Online Certificate Status Protocol (OCSP) with stapling. The device can forward the certificate and second timestamp to the TRE. The device can receive a ciphertext and an encrypted image from the IDS, where the ciphertext includes a third timestamp from a Time Stamp Authority (TSA), and forward the data to the TRE. The TRE can conduct a key exchange to decrypt the ciphertext. The TRE can compare the second and third timestamps to verify the certificate has not been revoked.
    Type: Grant
    Filed: December 13, 2019
    Date of Patent: May 7, 2024
    Assignee: IOT AND M2M TECHNOLOGIES, LLC
    Inventor: John A. Nix
  • Patent number: 11973863
    Abstract: A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.
    Type: Grant
    Filed: February 24, 2021
    Date of Patent: April 30, 2024
    Assignee: Network-1 Technologies, Inc.
    Inventor: John A. Nix
  • Patent number: 11973864
    Abstract: Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.
    Type: Grant
    Filed: February 20, 2023
    Date of Patent: April 30, 2024
    Assignee: Network-1 Technologies, Inc.
    Inventor: John A. Nix
  • Publication number: 20240121108
    Abstract: A server can record (i) a first digital signature algorithm with a first certificate, and a corresponding first private key, and (ii) a second digital signature algorithm with a second certificate, and a corresponding second private key. The server can select first data to sign for the first algorithm and the first private key in order to generate a first digital signature. The server can select second data to sign, wherein the second data to sign includes at least the first digital signature. The server can generate a second digital signature for the second data to sign using the second algorithm and the second private key. The server can transmit a message comprising (i) the first and second certificates, and (ii) the first and second digital signatures to a client device. Systems and methods can concurrently support the use of both post-quantum and classical cryptography to enhance security.
    Type: Application
    Filed: February 2, 2023
    Publication date: April 11, 2024
    Inventor: John A. Nix
  • Publication number: 20240113878
    Abstract: A device and a network can authenticate using a subscription concealed identifier (SUCI). The device can store (i) a plaintext subscription permanent identifier (SUPI) for the device, (ii) a network static public key, and (iii) a key encapsulation mechanism (KEM) for encryption using the network static public key. The network can store (i) a device database with the SUPI, (ii) a network static private key, and (iii) the KEM for decryption using the network static private key. The device can (i) combine a random number with the SUPI as input into the KEM to generate a ciphertext as the SUCI, and (ii) transmit the ciphertext/SUCI to the network. The network can (i) decrypt the ciphertext using the KEM to read the SUPI, (iii) select a key K from the device database using the SUPI, and (iv) conduct an Authentication and Key Agreement (AKA) with the selected key K.
    Type: Application
    Filed: December 4, 2023
    Publication date: April 4, 2024
    Inventor: John A. Nix
  • Patent number: 11949798
    Abstract: A primary platform (PP) can (i) support a first set of cryptographic parameters and (ii) securely download an unconfigured secondary platform bundle (SPB) that includes a configuration package (SPB CP). The SPB CP can establish a secure session with a configuration server (CS). The CS can select operating cryptographic parameters supported by the first set. The SPB CP can derive an SPB private and public key. The PP can use the selected operating cryptographic parameters to securely authenticate and sign the SPB public key. The CS can (i) verify the PP signature for the SPB public key and (ii) generate an SPB identity and certificate for the SPB and (iii) send the certificate and SPB configuration data to the SPB CP. The SPB CP can complete configuration of the SPB using the SPB identity, certificate, and configuration data. The configured SPB can authenticate with a network using the certificate.
    Type: Grant
    Filed: April 17, 2023
    Date of Patent: April 2, 2024
    Inventor: John A. Nix
  • Publication number: 20240106660
    Abstract: A device can (i) store public keys Ss and Sn for a network and (ii) record private key sd. A network can record a corresponding private keys ss and sn. The device can (i) generate a device ephemeral PKI key pair (Ed, ed) and (ii) send public key Ed to the network. The device can receive an ephemeral public key Es from the network. The device can calculate values for A: an elliptic curve point addition over Ss, Sn, and Es, and B: (sd+ed) mod n. The device can input values for X and Y into an elliptic curve Diffie Hellman key exchange (ECDH) in order to determine a mutually derived shared secret X5, where the network can also derive shared secret X5. The device can (i) use X5 to derive a key K2 and (ii) decrypt a ciphertext from the network using key K2.
    Type: Application
    Filed: December 12, 2023
    Publication date: March 28, 2024
    Applicant: IoT and M2M Technologies, LLC
    Inventor: John A. Nix
  • Publication number: 20240106636
    Abstract: A server and a device can conduct mutually authenticated post-quantum cryptography (PQC) key encapsulation mechanisms (KEM) that also support forward secrecy. The device can store a trusted server public key (PK.server) and the server can store a trusted device public key (PK. device). The device can generate (i) a first KEM ciphertext and (ii) a first key with PK.server and encrypt an ephemeral public key (ePK. device) using the first key. The server can generate (i) a second KEM ciphertext and (ii) a second key with ePK. device. The server can generate (i) a third KEM ciphertext and (ii) a third key with PK.device. The server can encrypt an ephemeral public key (ePK. server) using the first, second, and third keys. The device can generate (i) a fourth KEM ciphertext and (ii) a fourth key with ePK. server. The device can encrypt application data using at least the first, second, third, and fourth keys.
    Type: Application
    Filed: November 23, 2021
    Publication date: March 28, 2024
    Inventor: John A. Nix
  • Patent number: 11943343
    Abstract: A server can receive a device public key and forward the device public key to a key server. The key server can perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using the device public key and a network private key to derive a secret X1. The key server can send the secret X1 to the server. The server can derive an ECC PKI key pair and send to the device the server public key. The server can conduct a second ECDH key exchange using the derived server secret key and the device public key to derive a secret X2. The server can perform an ECC point addition using the secret X1 and secret X2 to derive a secret X3. The device can derive the secret X3 using (i) the server public key, a network public key, and the device private key and (ii) a third ECDH key exchange.
    Type: Grant
    Filed: June 16, 2023
    Date of Patent: March 26, 2024
    Assignee: IoT and M2M Technologies, LLC
    Inventor: John A. Nix
  • Publication number: 20240097891
    Abstract: A network and a device can support secure sessions with both (i) a post-quantum cryptography (PQC) key encapsulation mechanism (KEM) and (ii) forward secrecy. The device can generate (i) an ephemeral public key (ePK.device) and private key (eSK.device) and (ii) send ePK.device with first KEM parameters to the network. The network can (i) conduct a first KEM with ePK.device to derive a first asymmetric ciphertext and first shared secret, and (ii) generate a first symmetric ciphertext for PK.server and second KEM parameters using the first shared secret. The network can send the first asymmetric ciphertext and the first symmetric ciphertext to the device. The network can receive (i) a second symmetric ciphertext comprising “double encrypted” second asymmetric ciphertext for a second KEM with SK.server, and (ii) a third symmetric ciphertext. The network can decrypt the third symmetric ciphertext using the second asymmetric ciphertext.
    Type: Application
    Filed: August 4, 2023
    Publication date: March 21, 2024
    Inventor: John A. Nix
  • Patent number: 11916893
    Abstract: A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone.
    Type: Grant
    Filed: December 10, 2021
    Date of Patent: February 27, 2024
    Assignee: Network-1 Technologies, Inc.
    Inventor: John A. Nix
  • Patent number: 11909870
    Abstract: A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.
    Type: Grant
    Filed: March 24, 2023
    Date of Patent: February 20, 2024
    Assignee: IoT and M2M Technologies, LLC
    Inventor: John A. Nix
  • Publication number: 20240031137
    Abstract: Elliptic Curve Cryptography (ECC) can provide security against quantum computers that could feasibly determine private keys from public keys. A server communicating with a device can store and use PM keys comprising server private key ss, device public key Sd, and device ephemeral public key Ed. The device can store and use the corresponding PM keys, such as server public key Ss. The key use can support all of (i) mutual authentication, (ii) forward secrecy, and (iii) shared secret key exchange. The server and the device can conduct an ECDHE key exchange with the PM keys to mutually derive a symmetric ciphering key K1. The device can encrypt a device public key PK.Device with K1 and send to the server as a first ciphertext. The server can encrypt a server public key PK.Network with at least K1 and send to the device as a second ciphertext.
    Type: Application
    Filed: October 1, 2023
    Publication date: January 25, 2024
    Applicant: IoT and M2M Technologies, LLC
    Inventor: John A Nix