Patents by Inventor Terence Spies

Terence Spies has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190074969
    Abstract: Examples discussed herein disclose, among other things, an encrypting device. The encrypting device may include a key engine to obtain a first key associated with a first access level, and a second key associated with a second access level. The encrypting device may also include a multi-key encryption engine to encrypt a first portion of the plaintext with the first key, and encrypt a second portion of the plaintext with the second key, where the first portion may include more detailed information than the second portion, and where the first access level may be higher than the second access level.
    Type: Application
    Filed: March 18, 2016
    Publication date: March 7, 2019
    Inventors: Terence Spies, Karl Reiner Kappenberger
  • Publication number: 20190068358
    Abstract: A technique includes performing element-by-element encryption of a segment of the plaintext string to provide a segment of an encrypted string. Performing the element-by-element encryption includes, for a given string element of the segment of the plaintext string, encrypting the given string element to provide a given string element of the segment of the encrypted string; and tweaking the encryption of the given string element based on a selector that includes multiple string elements of the encrypted string. The technique may include searching an encrypted database based on the encrypted string.
    Type: Application
    Filed: August 31, 2017
    Publication date: February 28, 2019
    Inventors: Leslie C. Gutschow, Richard Minner, Terence Spies
  • Publication number: 20190036938
    Abstract: Examples disclosed herein relate to generating communities on a security information sharing platform. Some examples may enable identifying a set of community attributes to be used to generate a community on the security information sharing platform that enables sharing of security information among a plurality of communities. Some examples may enable authorizing a first user to access community-based security information of the community where the first user is associated a set of user attributes that satisfy the set of community attributes. A security indicator may be obtained from the first user of the community. Information related to the security indicator may be obtained from a second user of the community. Some examples may enable including the security indicator and the information related to the security indicator in the community-based security information of the community.
    Type: Application
    Filed: January 29, 2016
    Publication date: January 31, 2019
    Inventors: Tomas Sander, Terence Spies, Susan K. Langford
  • Publication number: 20190036686
    Abstract: Examples disclosed herein relate to encryption of community-based security information. Some examples may enable authorizing a user of a community to access an encrypted data item (e.g., at least an encrypted portion of community-based security information of that community) using a decryption key. The community may be generated on a security information sharing platform based on a set of community attributes. The decryption key may comprise a private key corresponding to each user attribute of a set of user attributes that are associated with the authorized user where the set of user attributes satisfy the set of community attributes.
    Type: Application
    Filed: January 29, 2016
    Publication date: January 31, 2019
    Inventors: Terence Spies, Tomas Sander, Susan K. Langford
  • Publication number: 20180343258
    Abstract: In some examples, a system receives, from a sender, an access control value generated based on information of a plurality of recipients. The system sends, to the sender, a signed version of the access control value for sending by the sender to the plurality of recipients with an encrypted message. The system receives, from a first recipient a request for a key to decrypt the encrypted message, a signed access control value and recipient information for deriving the access control value. The system determines whether the first recipient is one of the plurality of recipients using the signed access control value and the recipient information.
    Type: Application
    Filed: May 24, 2017
    Publication date: November 29, 2018
    Inventors: Terence Spies, Saurabh Sashte
  • Publication number: 20180337768
    Abstract: Techniques for using padding in format preserving encryption are provided. In one aspect, it may be determined if padding of a plaintext undergoing format preserving encryption is needed. A pseudo random padding length may be calculated when it is determined that padding is needed. The calculated length of padding may be added to the plaintext when it is determined that padding is needed. The plaintext and added padding may be encrypted using format preserving encryption to create a cipher text.
    Type: Application
    Filed: May 22, 2017
    Publication date: November 22, 2018
    Inventors: Richard Minner, Terence Spies
  • Publication number: 20180218159
    Abstract: A computing device includes a processor and a machine-readable storage medium storing instructions. The instructions are executable by the processor to: initiate a transition mode in a database comprising a plurality of data elements; and responsive to a first query for a first data element during the transition mode, determine whether the first data element is already encrypted in the database. The instructions are further executable to, responsive to a determination that the first data element is already encrypted in the database: decrypt the first data element, and return the decrypted first data element to the first query. The instructions are further executable to, responsive to a determination that the first data element is not already encrypted in the database: return the first data element to the first query without decryption, and encrypt the first data element in the database.
    Type: Application
    Filed: January 31, 2017
    Publication date: August 2, 2018
    Inventors: Philip Smith, III, Terence Spies
  • Publication number: 20180124054
    Abstract: Example implementations relate to a security information sharing platform that enables sharing of security information among a plurality of members. For example, in an implementation, a system may determine that a first member of a community of a security information sharing platform is entitled access to a first set of encrypted information shared by a second member of the community. The system may also receive a request, from the first member, to access the first set of encrypted information, the request including a masked parameter. The system may also determine that the masked parameter matches an access parameter for accessing the first set of encrypted information and provide the first member access to the first set of encrypted information in response to determining that the masked parameter matches the access parameter.
    Type: Application
    Filed: October 28, 2016
    Publication date: May 3, 2018
    Inventors: Terence Spies, Tomas Sander, Susan K. Langford
  • Publication number: 20170353487
    Abstract: Examples disclosed herein relate to controlling data access on a security information sharing platform. Some examples may enable receiving, from a first member of a first community of the security information sharing platform that enables sharing of security information among a plurality of users, a request to share a first set of information. Some examples may enable determining, based on a set of parameters associated with the request to share the first set of information, an encryption mechanism to use to encrypt the first set of information. Some examples may enable encrypting the first set of information using the determined encryption mechanism. Some examples may enable sharing the encrypted first set of information.
    Type: Application
    Filed: June 1, 2016
    Publication date: December 7, 2017
    Inventors: Terence Spies, Tomas Sander, Susan K. LANGFORD
  • Publication number: 20170330177
    Abstract: Examples relate to transaction authentication. In one example, a computing device may: receive, from a payment terminal: transaction data for a transaction, a terminal identifier of the payment terminal, and a first message authentication code (MAC) for the transaction; obtain, from an authentication cache and using the terminal identifier, a terminal secret for the payment terminal; combine the transaction data and the terminal identifier to create a message; generate a second message authentication code (MAC) using the message as input and the terminal secret as a key; and determine, using the first MAC and second MAC, whether the transaction data is authentic.
    Type: Application
    Filed: May 16, 2016
    Publication date: November 16, 2017
    Inventors: Branislav Meandzija, Terence Spies
  • Patent number: 9811831
    Abstract: A system may include a point-of-sale system that gathers payment card track data from a payment card and a payment card gateway that processes the track data to authorize purchase transactions. The point-of-sale system may remove sensitive data such as a portion of a primary account number from the track data and may compress the removed data. The compressed version of the data may be appended to a discretionary field in the track data. The discretionary field may be encrypted following insertion of the compressed data. Track data that has been modified in this way may be conveyed to the payment gateway for processing.
    Type: Grant
    Filed: February 21, 2014
    Date of Patent: November 7, 2017
    Assignee: ENTIT SOFTWARE LLC
    Inventors: Terence Spies, Matthew J. Pauker, Jacob Green, Michael S. Leong, Richard T. Minner
  • Patent number: 9773243
    Abstract: A system may include a point-of-sale system that gathers payment card track data from a payment card and a payment gateway that processes the track data to authorize purchase transactions. Discretionary data in a discretionary field of the track data may be compressed to create space that may be used to accommodate additional security data. The sensitive information may be moved to the discretionary field. The compressed discretionary data and the sensitive information may be encrypted using a structure preserving encryption algorithm and a managed encryption key. The managed encryption key or other additional security data may be added the discretionary field. Track data that has been modified in this way may be conveyed to the payment gateway for processing. The payment gateway may extract the key management data, decrypt the encrypted data, and reconstruct the original track data by decompressing the discretionary data and replacing the sensitive track data.
    Type: Grant
    Filed: February 15, 2012
    Date of Patent: September 26, 2017
    Assignee: Voltage Security, Inc.
    Inventor: Terence Spies
  • Patent number: 9704159
    Abstract: Systems and methods are provided for securing payment card information. A user may present a payment card such as a credit card to point-of-sale equipment. The point-of-sale equipment may use a symmetric key to encrypt payment card information associated with the payment card. The symmetric key may be encrypted at the point-of-sale equipment using the identity-based-encryption (IBE) public key of a purchase transaction processor to produce a key transfer block. The key transfer block and the encrypted payment card information may be conveyed from the point-of-sale equipment to the purchase transaction processor over a communications network. At the purchase transaction processor, an IBE private key may be used to recover the symmetric key from the key transfer block. The symmetric key can be used to decrypt the encrypted payment card information for processing and re-encryption using a key associated with the purchase transaction processor.
    Type: Grant
    Filed: May 15, 2009
    Date of Patent: July 11, 2017
    Assignee: ENTIT Software LLC
    Inventors: Matthew J. Pauker, Terence Spies
  • Publication number: 20170149565
    Abstract: Format-preserving encryption and decryption processes are provided. The encryption and decryption processes may use a block cipher. A string that is to be encrypted or decrypted may be converted to a unique binary value. The block cipher may operate on the binary value. If the output of the block cipher that is produced is not representative of a string that is in the same format as the original string, the block cipher may be applied again. The block cipher may be repeatedly applied in this way during format-preserving encryption operations and during format-preserving decryption operations until a format-compliant output is produced. Selective access may be provided to portions of a string that have been encrypted using format-preserving encryption.
    Type: Application
    Filed: June 13, 2012
    Publication date: May 25, 2017
    Inventors: Matthew J. Pauker, Terence Spies
  • Patent number: 9489521
    Abstract: Format preserving encryption (FPE) cryptographic engines are provided for performing encryption and decryption on strings. A plaintext string may be converted to ciphertext by repeated application of a format preserving encryption cryptographic algorithm. Following each application of the format preserving cryptographic algorithm, the resulting version of the string may be analyzed to determine whether desired string constraints have been satisfied. If the string constraints have not been satisfied, further applications of the format preserving cryptographic algorithm may be performed. If the string constraints have been satisfied, the current version of the string may be used as an output for the cryptographic engine.
    Type: Grant
    Filed: January 16, 2015
    Date of Patent: November 8, 2016
    Assignee: Voltage Security, Inc.
    Inventors: Luther W. Martin, Terence Spies, Matthew J. Pauker
  • Publication number: 20160247150
    Abstract: Key requests in a data processing system may include identifiers such as user names, policy names, and application names. The identifiers may also include validity period information indicating when corresponding keys are valid. When fulfilling a key request, a key server may use identifier information from the key request in determining which key access policies to apply and may use the identifier in determining whether an applicable policy has been satisfied. When a key request is authorized, the key server may generate a key by applying a one-way function to a root secret and the identifier. Validity period information for use by a decryption engine may be embedded in data items that include redundant information. Application testing can be facilitated by populating a test database with data that has been encrypted using a format-preserving encryption algorithm. Parts of a data string may be selectively encrypted based on their sensitivity.
    Type: Application
    Filed: January 11, 2016
    Publication date: August 25, 2016
    Inventors: Terence Spies, Matthew J. Pauker
  • Patent number: 9355389
    Abstract: Online ordering systems allow a user to submit sensitive information such as payment card information to a merchant in encrypted form. A payment card processor server may be used to provide the user's web browser with code for an encryption function, a cryptographic key, and a key identifier. The web browser may encrypt the payment card information by executing the encryption function and using the key. The encrypted payment card information may be supplied to the merchant over the internet. A key identifier that identifies which cryptographic key was used in encrypting the payment card information may be provided to the merchant without providing the merchant with access to the key. The merchant can forward the encrypted payment card information to the credit card processor server with the key identifier. The processor server can use the key identifier to obtain the key and decrypt the payment card information for authorization.
    Type: Grant
    Filed: November 17, 2011
    Date of Patent: May 31, 2016
    Assignee: Voltage Security, Inc.
    Inventors: Matthew J. Pauker, Terence Spies
  • Patent number: 9208491
    Abstract: Key requests in a data processing system may include identifiers such as user names, policy names, and application names. The identifiers may also include validity period information indicating when corresponding keys are valid. When fulfilling a key request, a key server may use identifier information from the key request in determining which key access policies to apply and may use the identifier in determining whether an applicable policy has been satisfied. When a key request is authorized, the key server may generate a key by applying a one-way function to a root secret and the identifier. Validity period information for use by a decryption engine may be embedded in data items that include redundant information. Application testing can be facilitated by populating a test database with data that has been encrypted using a format-preserving encryption algorithm. Parts of a data string may be selectively encrypted based on their sensitivity.
    Type: Grant
    Filed: December 2, 2013
    Date of Patent: December 8, 2015
    Assignee: Voltage Security, Inc.
    Inventors: Terence Spies, Matthew J. Pauker
  • Publication number: 20150143133
    Abstract: A data processing system is provided that includes applications, databases, encryption engines, and decryption engines. Encryption and decryption engines may be used to perform format-preserving encryption on data strings stored in a database. Applications may be used to embed information in data strings. Information may be embedded by using a character set that is larger than a character set being used by a data string. A data string may be converted into a larger character set, analogous to converting a number from a lower base to higher base. Such a conversion may shorten a data string, allowing information to be embedded as appended characters.
    Type: Application
    Filed: January 29, 2015
    Publication date: May 21, 2015
    Inventors: Steven D. Burnett, Terence Spies, Luther W. Martin, Robert K. Vaterlaus, Matthew J. Pauker
  • Publication number: 20150134972
    Abstract: Format preserving encryption (FPE) cryptographic engines are provided for performing encryption and decryption on strings. A plaintext string may be converted to ciphertext by repeated application of a format preserving encryption cryptographic algorithm. Following each application of the format preserving cryptographic algorithm, the resulting version of the string may be analyzed to determine whether desired string constraints have been satisfied. If the string constraints have not been satisfied, further applications of the format preserving cryptographic algorithm may be performed. If the string constraints have been satisfied, the current version of the string may be used as an output for the cryptographic engine.
    Type: Application
    Filed: January 16, 2015
    Publication date: May 14, 2015
    Inventors: Luther W. Martin, Terence Spies, Matthew J. Pauker