Patents by Inventor Thomas Eirich
Thomas Eirich has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11838751Abstract: A method for transmitting message frames, comprising: generating, by an end device comprising a processor, a first message frame portion comprising a first plain header; obtaining a device identifier (DevEUI) and a header blinding key (HdrBKey); generating a first header mask using the DevEUI and the HdrBKey; obtaining a first blinded header by applying the first header mask to the first plain header; obtaining a first updated message frame portion by updating the first message portion using the first blinded header; generating a first blinded message frame comprising the first updated message frame portion; and transmitting the first blinded message frame to a network gateway.Type: GrantFiled: October 11, 2017Date of Patent: December 5, 2023Assignee: Semtech (International) AGInventors: Joseph Alfonso Knapp, Thomas Eirich, Michael Peter Kuyper, Alexandru Mircea Caracas, Thorsten Kramp
-
Publication number: 20200068390Abstract: A method for transmitting message frames, comprising: generating, by an end device comprising a processor, a first message frame portion comprising a first plain header; obtaining a device identifier (DevEUI) and a header blinding key (HdrBKey); generating a first header mask using the DevEUI and the HdrBKey; obtaining a first blinded header by applying the first header mask to the first plain header; obtaining a first updated message frame portion by updating the first message portion using the first blinded header; generating a first blinded message frame comprising the first updated message frame portion; and transmitting the first blinded message frame to a network gateway.Type: ApplicationFiled: October 11, 2017Publication date: February 27, 2020Inventors: Joseph Alfonso KNAPP, Thomas EIRICH, Michael Peter KUYPER-HAMMOND, Mircea CARCAS, Thorsten KRAMP
-
Patent number: 10527710Abstract: A software-defined radio system has a plurality of fixed radio receivers each operable to receive radio signals in a receiving band, to sample a received radio signal to produce a sample stream, and to send the sample stream over a network. The radio system includes at least one fixed sync signal transmitter operable to transmit predetermined sync signals in said receiving band to receivers of the aforementioned plurality. The radio system further comprises a data processing system which is connected to the network for receiving sample streams from the receivers. The data processing system is operable to align samples of a data signal contained in sample streams from different receivers by: detecting a sync signal in those sample streams; determining a timing offset between samples of the sync signal in those sample streams in dependence on predetermined locations of the different receivers and the transmitter of that sync signal; and aligning the samples of the data signal in dependence on the timing offset.Type: GrantFiled: August 24, 2018Date of Patent: January 7, 2020Assignee: International Business Machines CorporationInventors: Anton Beitler, Alexandru Caracas, Thomas Eirich, Michael Kuyper, Marcus Oestreicher
-
Publication number: 20190011524Abstract: A software-defined radio system has a plurality of fixed radio receivers each operable to receive radio signals in a receiving band, to sample a received radio signal to produce a sample stream, and to send the sample stream over a network. The radio system includes at least one fixed sync signal transmitter operable to transmit predetermined sync signals in said receiving band to receivers of the aforementioned plurality. The radio system further comprises a data processing system which is connected to the network for receiving sample streams from the receivers. The data processing system is operable to align samples of a data signal contained in sample streams from different receivers by: detecting a sync signal in those sample streams; determining a timing offset between samples of the sync signal in those sample streams in dependence on predetermined locations of the different receivers and the transmitter of that sync signal; and aligning the samples of the data signal in dependence on the timing offset.Type: ApplicationFiled: August 24, 2018Publication date: January 10, 2019Inventors: Anton Beitler, Alexandru Caracas, Thomas Eirich, Michael Kuyper, Marcus Oestreicher
-
Patent number: 10067219Abstract: A software-defined radio system has a plurality of fixed radio receivers each operable to receive radio signals in a receiving band, to sample a received radio signal to produce a sample stream, and to send the sample stream over a network. The radio system includes at least one fixed sync signal transmitter operable to transmit predetermined sync signals in said receiving band to receivers of the aforementioned plurality. The radio system further comprises a data processing system which is connected to the network for receiving sample streams from the receivers. The data processing system is operable to align samples of a data signal contained in sample streams from different receivers by: detecting a sync signal in those sample streams; determining a timing offset between samples of the sync signal in those sample streams in dependence on predetermined locations of the different receivers and the transmitter of that sync signal; and aligning the samples of the data signal in dependence on the timing offset.Type: GrantFiled: March 21, 2016Date of Patent: September 4, 2018Assignee: International Business Machines CorporationInventors: Anton Beitler, Alexandru Caracas, Thomas Eirich, Michael Kuyper, Marcus Oestreicher
-
Publication number: 20170273054Abstract: A software-defined radio system has a plurality of fixed radio receivers each operable to receive radio signals in a receiving band, to sample a received radio signal to produce a sample stream, and to send the sample stream over a network. The radio system includes at least one fixed sync signal transmitter operable to transmit predetermined sync signals in said receiving band to receivers of the aforementioned plurality. The radio system further comprises a data processing system which is connected to the network for receiving sample streams from the receivers. The data processing system is operable to align samples of a data signal contained in sample streams from different receivers by: detecting a sync signal in those sample streams; determining a timing offset between samples of the sync signal in those sample streams in dependence on predetermined locations of the different receivers and the transmitter of that sync signal; and aligning the samples of the data signal in dependence on the timing offset.Type: ApplicationFiled: March 21, 2016Publication date: September 21, 2017Inventors: Anton Beitler, Alexandru Caracas, Thomas Eirich, Michael Kuyper, Marcus Oestreicher
-
Patent number: 9313201Abstract: A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received.Type: GrantFiled: November 27, 2013Date of Patent: April 12, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael Baentsch, Reto Hermann, Thorsten Kramp, Thomas D. Weigold, Peter Buhler, Thomas Eirich, Tamas Visegrady, Frank Hoering, Michael P. Kuyper-Hammond
-
Patent number: 9112680Abstract: The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user. The credential user is provided with a user device. A first channel and a second channel are provided for communication between the user device and the credential issuer. A shared key is distributed between the user device and the credential issuer by means of the second channel. A binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated. The binary representation of the set of credentials is encrypted by means of the shared key. The encrypted set of credentials is distributed via the first channel from the credential issuer to the user device. The encrypted set of credentials is decrypted by the user device by means of the shared key.Type: GrantFiled: May 17, 2012Date of Patent: August 18, 2015Assignee: International Business Machines CorporationInventors: Michael Baentsch, Peter Buhler, Thomas Eirich, Thorsten Kramp, Thomas Weigold
-
Patent number: 8990912Abstract: Methods and apparatus are provided for authenticating communications between a user computer and a server via a data communications network. A security device has memory containing security data, and security logic to use the security data to generate an authentication response to an authentication message received from the server in use. An interface device communicates with the security device. The interface device has a receiver for receiving from the user computer an authentication output containing the authentication message sent by the server to the user computer in use, and interface logic adapted to extract the authentication message from the authentication output and to send the authentication message to the security device. Includes a communications interface for connecting to the server via a communications channel bypassing the user computer. Either the security device or interface device sends the authentication response to the server via the communications channel bypassing the user computer.Type: GrantFiled: April 17, 2009Date of Patent: March 24, 2015Assignee: International Business Machines CorporationInventors: Michael Baentsch, Peter Buhler, Thomas Eirich, Thorsten Kramp, Michael Peter Kuyper-Hammond, Michael Charles Osborne, Tamas Visegrady
-
Patent number: 8938784Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.Type: GrantFiled: December 17, 2013Date of Patent: January 20, 2015Assignee: International Business Machines CorporationInventors: Michael Baentsch, Peter Buhler, Thomas Eirich, Reto J. Hermann, Frank Hoering, Thorsten Kramp, Michael P. Kuyper-Hammond, Thomas D. Weigold
-
Patent number: 8856919Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.Type: GrantFiled: July 25, 2012Date of Patent: October 7, 2014Assignee: International Business Machines CorporationInventors: Michael Baentsch, Peter Buhler, Thomas Eirich, Reto J. Hermann, Frank Hoering, Thorsten Kramp, Michael P. Kuyper-Hammond, Thomas D. Weigold
-
Patent number: 8799171Abstract: A secure online banking transaction apparatus to communicate with a server over a non-secure connection is provided and includes a selector configured to allow for a selection of a mode of the apparatus, a processing unit coupled to the selector and including a secure communication unit, which is configured to set up a secure connection, along which a secure transaction occurs, with the server via the non-secure connection in accordance with the mode, an input unit coupled to the processing unit and configured to allow for a input of data into the apparatus, which is at least partly related to the secure transaction, and an interface coupled to the processing unit and configured to convey at least a status of the secure transaction and the contents off the inputted data.Type: GrantFiled: April 1, 2008Date of Patent: August 5, 2014Assignee: International Business Machines CorporationInventors: Michael Baentsch, Peter Buhler, Thomas Eirich, Frank Hoering, Thorsten Kramp, Thomas Weigold
-
Publication number: 20140165145Abstract: A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received.Type: ApplicationFiled: November 27, 2013Publication date: June 12, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael Baentsch, Reto Hermann, Thorsten Kramp, Thomas D. Weigold, Peter Buhler, Thomas Eirich, Tamas Visegrady
-
Publication number: 20140109212Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.Type: ApplicationFiled: December 17, 2013Publication date: April 17, 2014Applicant: International Business Machines CorporationInventors: Michael Baentsch, Peter Buhler, Thomas Eirich, Reto J. Hermann, Frank Hoering, Thorsten Kramp, Michael P. Kuyper-Hammond, Thomas D. Weigold
-
Patent number: 8640255Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.Type: GrantFiled: September 17, 2009Date of Patent: January 28, 2014Assignee: International Business Machines CorporationInventors: Michael Baentsch, Peter Buhler, Thomas Eirich, Reto J. Hermann, Frank Hoering, Thorsten Kramp, Michael P. Kuyper-Hammond, Thomas D. Weigold
-
Patent number: 8601256Abstract: A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received.Type: GrantFiled: March 12, 2009Date of Patent: December 3, 2013Assignee: International Business Machines CorporationInventors: Michael Baentsch, Reto Hermann, Thorsten Kramp, Thomas D. Weigold, Peter Buhler, Thomas Eirich, Tamas Visegrady
-
Patent number: 8423783Abstract: A mechanism is provided for secure PIN management of a user trusted device. A user trusted device detects a memory card coupled to the user trusted device. The user trusted device receives user input of an external PIN (ext_PIN). The user trusted device identifies a key (K) associated with the external PIN, wherein the key is stored in the persistent memory. The user trusted device computes a card PIN (card_PIN) using a function (f) and the key as stored on the persistent memory, wherein the card PIN is computed using the following equation: card_PIN=f(K, ext_PIN). The user trusted device unlocks the memory card using the card PIN, thereby forming an unlocked memory card.Type: GrantFiled: May 19, 2010Date of Patent: April 16, 2013Assignee: International Business Machines CorporationInventors: Peter Buhler, Harold D. Dykeman, Thomas Eirich, Matthias Kaiserswerth, Thorsten Kramp
-
Publication number: 20120291105Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.Type: ApplicationFiled: July 25, 2012Publication date: November 15, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael Baentsch, Peter Buhler, Thomas Eirich, Reto J. Hermann, Frank Hoering, Thorsten Kramp, Michael P. Kuyper-Hammond, Thomas D. Weigold
-
Patent number: 8302173Abstract: A method for providing a user device with a set of access codes comprises, in the user device, storing an encryption key a an identification code, and sending a message containing the identification code to a server via a communications network. In the server, an encryption key is stored corresponding to the key stored in the user device, allocating the set of access codes on receipt of the identification code from the user device. A look up function is performed based on the identification code received in the message to retrieve the key from storage. The set of access codes is encrypted using the retrieved key to produce an encrypted set. A message containing the encrypted set is sent to the user device via the network. In the user device, the encrypted set received from the server is decrypted using the key in storage, and storing the decrypted set of access codes for use by a user of the user device.Type: GrantFiled: May 22, 2008Date of Patent: October 30, 2012Assignee: International Business Machines CorporationInventors: Michael Baentsch, Peter Buhler, Thomas Eirich, Frank Hoering, Thorsten Kramp, Marcus Oestreicher, Michael Osborne, Thomas D. Weigold
-
Publication number: 20120233465Abstract: The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user. The credential user is provided with a user device. A first channel and a second channel are provided for communication between the user device and the credential issuer. A shared key is distributed between the user device and the credential issuer by means of the second channel. A binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated. The binary representation of the set of credentials is encrypted by means of the shared key. The encrypted set of credentials is distributed via the first channel from the credential issuer to the user device. The encrypted set of credentials is decrypted by the user device by means of the shared key.Type: ApplicationFiled: May 17, 2012Publication date: September 13, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael Baentsch, Peter Buhler, Thomas Eirich, Thorsten Kramp, Thomas Weigold