Communication System Using Cryptography Patents (Class 380/255)
  • Patent number: 11503119
    Abstract: Disclosed herein are embodiments of a cloud data synchronization system enabling an user operating a mobile client device to download mission-specific data sets from a fixed cloud-based server system to a database of the mobile client device, and then use the downloaded data sets independently on the mobile client device when the mobile client device is disconnected from a network connecting to the fixed cloud-based server system. When connectivity to the fixed cloud-based server system is re-established by the mobile client device in an intermittent and bandwidth-limited communication network environment, the fixed cloud-based server system may provide bi-directional data synchronization between records of the fixed cloud-based server system and the mobile client device to update the data sets on the fixed cloud-based server system and the mobile client device while operating in the intermittent and bandwidth-limited communication network environment.
    Type: Grant
    Filed: November 29, 2021
    Date of Patent: November 15, 2022
    Inventors: Benjamin L. Burnett, Ranga S. Ramanujan
  • Patent number: 11502845
    Abstract: A network interface device comprises an integrated circuit device comprises at least one processor. A network interface device comprises a memory. The integrated device is configured to execute a function with respect to at least a part of stored data in said memory.
    Type: Grant
    Filed: July 6, 2020
    Date of Patent: November 15, 2022
    Assignee: Xilinx, Inc.
    Inventors: Steven L. Pope, David J. Riddoch, Paul Fox
  • Patent number: 11502836
    Abstract: A scalar multiplication operation includes an iterative procedure performing a set of operations at each iteration on a bit or on a group of consecutive bits of a secret key. The multiplication operation includes multiplying values of projective format coordinates by a random value. The random value is a product of a random number generated over a range having as end value a first value, with a second value, which is larger than said first value. The first value is a power of two of a word size multiplied by a multiplier value, minus one. The second value is equal to a power of two of a number of bits of the coordinates divided by the first value. The multiplier value is an integer greater than or equal to one and smaller than a ratio of said number of bits to the word size.
    Type: Grant
    Filed: January 14, 2021
    Date of Patent: November 15, 2022
    Inventors: Ruggero Susella, Guido Marco Bertoni
  • Patent number: 11489541
    Abstract: In artificial neural networks, and other similar applications, there is typically a large amount of data involved that is considered sparse data. Due to the large size of the data involved in such applications, it is helpful to compress the data to save bandwidth resources when transmitting the data and save memory resources when storing the data. Introduced herein is a compression technique that selects elements with significant values from data and restructures them into a structured sparse format. By generating metadata that enforces the structured sparse format and organizing the data according to the metadata, the introduced technique not only reduces the size of the data but also consistently places the data in a particular format. As such, hardware can be simplified and optimized to process the data much faster and much more efficiently than the conventional compression techniques that rely on a non-structured sparsity format.
    Type: Grant
    Filed: May 30, 2019
    Date of Patent: November 1, 2022
    Assignee: NVIDIA Corporation
    Inventors: Jorge Albericio Latorre, Ming Y. Siu
  • Patent number: 11469888
    Abstract: A tamper detecting component for a quantum communication system is a trusted node, configurable as a first endpoint trusted node, a middle-trusted node and a second endpoint trusted node. The trusted node has a tamper detection module and a secure memory. The tamper detection module deletes critical system parameters responsive to detecting physical tampering. The trusted node, as the first endpoint trusted node, exchanges a quantum key, encrypts data and transmits encrypted data. The trusted node as the middle-trusted node exchanges a quantum key, exchanges another quantum key, decrypts and re-encrypts data and transmits encrypted data. The trusted node as the second endpoint trusted node exchanges a quantum key, and decrypts data.
    Type: Grant
    Filed: May 3, 2019
    Date of Patent: October 11, 2022
    Inventors: Todd McCandlish, Nino Walenta, Donald T. Hayford, Grant M. Hampel
  • Patent number: 11463423
    Abstract: A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files.
    Type: Grant
    Filed: February 10, 2020
    Date of Patent: October 4, 2022
    Assignee: T-CENTRAL, INC.
    Inventors: David W. Kravitz, Donald Houston Graham, III, Josselyn L. Boudett, Russell S. Dietz
  • Patent number: 11457020
    Abstract: There is provided a method comprising: generating and sharing an initial value of an integrity token between an endpoint node and a security backend computer, collecting data at the endpoint node, wherein dissimilar data types are aligned as input events, generating a new integrity token every time a new input event is written to a local repository of the endpoint node, wherein the new integrity token is generated based on the new input event and a prior integrity token that was generated prior to the new integrity token, removing the prior integrity token generated prior to the new integrity token from the endpoint node each time a new integrity token has been generated, and sending one or more input events with the new integrity token to the security backend computer for enabling the security backend computer checking integrity of the data received from the endpoint.
    Type: Grant
    Filed: May 19, 2020
    Date of Patent: September 27, 2022
    Inventors: Paolo Palumbo, Alexey Kirichenko, Valtteri Niemi, Sara Ramezanian, Tommi Meskanen
  • Patent number: 11451380
    Abstract: Message decryption dependent on third-party confirmation of a condition precedent is disclosed. A message is encrypted with a message encryption key to form an encrypted message. A message decryption key that is configured to decrypt the encrypted message is encrypted with a key of a first entity to which the message is to be disclosed upon occurrence of a condition precedent to form an encrypted message decryption key. The encrypted message decryption key is encrypted with a key of a second entity configured to confirm the occurrence of the condition precedent to form a double encrypted message decryption key. A condition identifier that identifies the condition precedent is generated. The encrypted message, the double encrypted message decryption key, and the condition identifier are sent to the first entity.
    Type: Grant
    Filed: July 12, 2019
    Date of Patent: September 20, 2022
    Assignee: Red Hat, Inc.
    Inventors: Michael H. M. Bursell, Nathaniel P. McCallum
  • Patent number: 11444760
    Abstract: The embodiments of the present disclosure relate generally to systems and methods for obfuscating the operation of a device, in particular, timing and power consumption information.
    Type: Grant
    Filed: May 18, 2018
    Date of Patent: September 13, 2022
    Assignee: Microchip Technology Incorporated
    Inventor: Huiming Chen
  • Patent number: 11441922
    Abstract: A surrounding information collection system requests a vehicle to transmit surrounding information, and stores the surrounding information transmitted from the vehicle in response to the request. The surrounding information collection system requests a vehicle to transmit surrounding information, the vehicle acquiring the surrounding information having accuracy greater than a threshold calculated based on accuracy of the stored surrounding information.
    Type: Grant
    Filed: April 2, 2020
    Date of Patent: September 13, 2022
    Inventors: Shintaro Iwaasa, Takashi Kojima, Naoki Yamamuro, Masato Endo, Daishi Terato, Masakazu Nomura, Shinichiro Fujii
  • Patent number: 11438144
    Abstract: The invention relates to secure determination of a solution (S) to a computational task by a dealer-free threshold signature group. Access to a resource or reward is offered in exchange for the solution. The method enables individuals in said group to work together in a trust-less, or dealer-free manner. To achieve this, individuals generate their own key pair and use their public key to establish with the group an initial shared public key that they can all use, in parallel, to find a solution to the task. Their own private keys remain secret and, therefore, the collaboration is trust¬less, and operates efficiently, because a verified shared public key is created using the initial shared public key that was used when a solution is found and verified. The resource or reward can be secured by the verified shared public key.
    Type: Grant
    Filed: December 4, 2018
    Date of Patent: September 6, 2022
    Assignee: nChain Licensing AG
    Inventor: Thomas Trevethan
  • Patent number: 11438178
    Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
    Type: Grant
    Filed: March 16, 2020
    Date of Patent: September 6, 2022
    Assignee: CLOUDFLARE, INC.
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
  • Patent number: 11429753
    Abstract: Techniques for encrypting keyboard data prior to its being received by an operating system of an endpoint device, reducing the possibility of unencrypted keyboard data being logged by a keylogger application running on the endpoint device. The techniques employ an encryption filter communicably coupled between a keyboard and the endpoint device. The encryption filter receives unencrypted keyboard data from the keyboard, encrypts the keyboard data, and provides the encrypted keyboard data to the operating system of the endpoint device. The techniques can be employed in association with a back-end data processing center of a security standard compliant organization, which can receive the encrypted keyboard data from the endpoint device, and decrypt the keyboard data for use on a host system. In this way, access and/or storage of unencrypted keyboard data at the endpoint device can be avoided.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: August 30, 2022
    Assignee: Citrix Systems, Inc.
    Inventors: Jacob Jared Summers, Joseph Nord
  • Patent number: 11429811
    Abstract: A method includes passing an original text document through distortion filter generators to generate a training dataset that includes distorted text documents. Each distortion filter generator is configured to distort words or letters of words in phrases of text of a facsimile image in a respective unique manner. A neural network model is trained to recognize each respective distortion and match each respective distortion with each respective distortion filter generator based on the training dataset and the original text document. Image data of one facsimile having at least one text distortion is received and inputted to the trained neural network model. The output of the trained neural network model is coupled to an input of an optical character recognition (OCR) engine. The trained neural network model and the OCR engine convert the received image data of the incoming facsimile corrected for the at least one text distortion to machine-encoded text.
    Type: Grant
    Filed: February 10, 2020
    Date of Patent: August 30, 2022
    Assignee: Capital One Services, LLC
    Inventors: Reza Farivar, Jeremy Goodsitt, Vincent Pham, Austin Walters, Fardin Abdi Taghi Abad, Anh Truong, Mark Watson
  • Patent number: 11431418
    Abstract: A quantum state measurement system includes a quantum state generator that generates an optical photon comprising a quantum state. A spectral converter modifies a spectrum of the optical photon and provides the optical photon comprising the quantum state with the modified spectrum. An optical switch switches the optical photon with the modified spectrum to one of a plurality of outputs. A measurement system determines a fidelity of the quantum state of the optical photon with the modified spectrum. A control system provides an electrical control signal to the quantum state generator in response to the determined fidelity of the quantum state that improves a fidelity of at least some subsequent generated optical photons comprising a quantum state that are generated by the quantum state generator after the optical photon.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: August 30, 2022
    Assignee: Notchway Solutions, LLC
    Inventors: Kristin A. Rauschenbach, Katherine L. Hall
  • Patent number: 11424932
    Abstract: A communication device is described including a receiver configured to receive a message including message data and a message authentication code, a first register for storing a received message authentication code and a second register for storing a computed message authentication code. The device also includes a first processor configured to extract the message authentication code from the message and to store the message authentication code in the first register, a second processor configured to compute a message authentication code based on the message data and to store the computed message authentication code in the second register, and a comparing circuit configured to compare the contents of the first register and the second register and to provide a comparison result.
    Type: Grant
    Filed: June 26, 2020
    Date of Patent: August 23, 2022
    Assignee: Infineon Technologies AG
    Inventors: Andreas Graefe, Laurent Heidt, Albrecht Mayer
  • Patent number: 11422890
    Abstract: Methods, systems and apparatus for correcting a stream of syndrome measurements produced by a quantum computer. A layered representation of error propagation through quantum error detection circuits is received. The layered representation includes a plurality of line circuit layers that each represent a probability of local detection events in a quantum computer associated with one or more potential error processes in the execution of a quantum algorithm. During execution of the quantum algorithm, one or more syndrome measurements are received from quantum error detection circuits. The syndrome measurements are converted into detection events and written to an array that represents quantum error correction circuits that are grouped together at a sequence of steps in the quantum algorithm. Errors in the execution of the quantum algorithm are determined from the detection events in dependence upon the stored line circuit layers. Based on the determined errors, the syndrome measurements are corrected.
    Type: Grant
    Filed: September 12, 2017
    Date of Patent: August 23, 2022
    Assignee: Google LLC
    Inventor: Austin Greig Fowler
  • Patent number: 11418329
    Abstract: Techniques for sharing secret key information in a system that includes a remote server that proxies cryptographic keys. In one technique, a proxy server receives, from a client device, a request for a cryptographic operation. The proxy server also receives, from the client device, secret key information that is associated with the request. Prior to the request, the proxy server did not have access to the secret key information. While storing the secret key information in memory of the proxy server, the proxy server sends the secret key information to a cryptographic device that stores one or more cryptographic key. The proxy server does not store the secret key information in any persistent storage. The cryptographic device performs the cryptographic operation based on the secret key information.
    Type: Grant
    Filed: May 28, 2021
    Date of Patent: August 16, 2022
    Assignee: Garantir LLC
    Inventor: Kieran Miller
  • Patent number: 11416855
    Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. The payment application is associated with a certificate and a corresponding hash. The hash is adapted to be generated on the basis of an application expiration date parameter, which is adapted to comprise data indicative of an expiration date of day level granularity associated with the certificate. During processing of the EMV transaction, the point-of-sale terminal verifies the hash, thereby establishing the authenticity of the application expiration date, and hence the validity of the certificate.
    Type: Grant
    Filed: October 4, 2013
    Date of Patent: August 16, 2022
    Inventor: Stuart Fiske
  • Patent number: 11410661
    Abstract: A system for analyzing audio content is disclosed. In general, the system includes a transcription module, a correlation module, and a database. The transcription module is configured to receive a plurality of audio (and video) files generated by a plurality of different sources, execute speech-to-text transcriptions in real-time based on portions of audio content included within the audio files, and generate written transcripts of such transcriptions. The correlation module is configured to receive metadata associated with each of such audio files, derive correlations between such written transcripts and metadata, and report such correlations to a user of the system (and/or conclusions and classifications based on such correlations). The database is configured to receive, record, and make accessible for searching and review the correlations generated by the correlation module.
    Type: Grant
    Filed: July 13, 2020
    Date of Patent: August 9, 2022
    Inventor: Walter Bachtiger
  • Patent number: 11411723
    Abstract: Free-Space key distribution method comprising exchanging information between an emitter (100) and a receiver (200) based on the physical layer wiretap channel model, comprising the steps of randomly preparing (710), at the emitter (100), one qubit encoded with one of two possible non-identical quantum states, sending (720) the encoded qubit to the receiver (200) through a physical layer quantum-enhanced wiretap channel (500), such that an eavesdropper (300) tapping said channel is provided with partial information about the said states only, detecting and measuring (730) the received quantum states, key sifting (740) between the emitter and the receiver through a classical channel, calculating (750, 760) an amount of information available to any eavesdropper (300) based on the detected and received quantum states.
    Type: Grant
    Filed: December 5, 2017
    Date of Patent: August 9, 2022
    Assignee: ID QUANTIQUE SA
    Inventors: Matthieu Legré, Bruno Huttner
  • Patent number: 11399015
    Abstract: An apparatus includes a memory and a hardware processor. The memory stores identification information of a user. The processor receives from a device a request for the identification information of the user and in response to the request, appends a data element to the identification information to produce a protected message. The processor also encrypts the protected message to produce an encrypted message and communicates the encrypted message to the device. The data element executes in response to the encrypted message being decrypted, and the data element encrypts the identification information when the data element executes.
    Type: Grant
    Filed: June 11, 2019
    Date of Patent: July 26, 2022
    Assignee: Bank of America Corporation
    Inventors: Jo-Ann Taylor, Manu Jacob Kurian, Michael Robert Young
  • Patent number: 11394545
    Abstract: The present invention provides a secure technique that allows two communication apparatus that perform encrypted communication to have a common initial solution. A large number of user apparatuses all have a function of generating the same solution under the same condition as far as the user apparatuses have the same initial solution, and can perform encrypted communication using solutions successively generated in synchronization from the same initial solution. All the user apparatuses and a server share the same initial solution and have a function of generating the same solution under the same condition and thus can generate synchronized solutions. The server generates synchronization information, which is information required to generate the initial solution but is not the initial solution itself (S2002), and transmits the synchronization information to at least one of two user apparatuses performing encrypted communication (S2003).
    Type: Grant
    Filed: December 6, 2017
    Date of Patent: July 19, 2022
    Assignee: NTI, INC.
    Inventor: Takatoshi Nakamura
  • Patent number: 11388568
    Abstract: A root key (K_iwf) is derived at a network and sent to MTC UE (10). The K_iwf is used for deriving subkeys for protecting communication between MTC UE (10) and MTC-IWF (20). In a case where HSS (30) derives the K_iwf, HSS (30) send to MTC-IWF (20) the K_iwf in a new message (Update Subscriber Information). In a case where MME (40) derives the K_iwf, MME (40) sends the K_iwf through HSS (30) or directly to MTC-IWF (20). MTC-IWF (20) can derive the K_iwf itself. The K_iwf is sent through MME (40) to MTC UE (10) by use of a NAS SMC or Attach Accept message, or sent from MTC-IWF (20) directly to MTC UE (10). In a case where the K_iwf is sent from MME (40), MME (40) receives the K_iwf from HSS (30) in an Authentication Data Response message, or from MTC-IWF (20) directly.
    Type: Grant
    Filed: July 8, 2019
    Date of Patent: July 12, 2022
    Inventors: Xiaowei Zhang, Anand Raghawa Prasad
  • Patent number: 11368306
    Abstract: Techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.
    Type: Grant
    Filed: August 14, 2020
    Date of Patent: June 21, 2022
    Assignee: Oracle International Corporation
    Inventors: Christopher S. Kasso, Peter Grant Gavares, Linda K. Schneider, Amy H. Kang, Joseph John Snyder
  • Patent number: 11368303
    Abstract: Disclosed are a system and method for calculating elliptic curve cryptography scalar multiplication using an FPGA (Field Programmable Gate Array), the system and method scheduling calculation, which is used in a Montgomery ladder Algorithm, and enabling efficient calculation through an improved modular arithmetic calculation method. The system for calculating elliptic curve cryptography (ECC) scalar multiplication using an FPGA includes: a scheduler implementing Montgomery ladder step calculation in a pipeline structure; a pipeline modular adder/subtractor implementing n-bit modular addition in a d-stage pipeline structure; and a modular multiplier implementing n-bit modular multiplication in a 10-stage pipeline structure up to maximum 256 bits.
    Type: Grant
    Filed: October 26, 2021
    Date of Patent: June 21, 2022
    Assignee: Pusan National University Industry-University Cooperation Foundation
    Inventors: Howon Kim, Asep Muhamad Awaludin, Youngyeo Yun
  • Patent number: 11362823
    Abstract: A device is provided comprising a first memory for storing a first key, a second memory for storing a second key, the device being capable of conducting a first cryptographic algorithm, wherein the first cryptographic algorithm uses the first key, the device being capable of conducting a second cryptographic algorithm, wherein the second cryptographic algorithm uses the second key, and a selection unit, which is programmable to use either the first cryptographic algorithm or the second cryptographic algorithm. Also, a method for operating such device is provided.
    Type: Grant
    Filed: August 13, 2020
    Date of Patent: June 14, 2022
    Assignee: Infineon Technologies AG
    Inventors: Viola Rieger, Alexander Zeh
  • Patent number: 11363068
    Abstract: A computer-implemented method and a system provide a complete traceability of changes incurred in a security policy corresponding to a resource. A policy tracing engine (PTE) monitors and determines events of interest occurring at the resource. The PTE determines administrator-initiated intent-based changes and dynamic event-based changes incurred in the security policy and assigns a unique policy identifier (UPI) to the security policy. The UPI is a combination of unique identifiers assigned to the intent-based change and the event-based change. The PTE recomputes and stores the security policy and the UP in a policy database. The PTE receives network access information including the UPI from the corresponding resource deployed with the security policy. The PTE generates a traceability report that provides a complete traceability of each policy action performed in a networked environment to a source of each change incurred in the security policy as identified by the UPI.
    Type: Grant
    Filed: November 4, 2019
    Date of Patent: June 14, 2022
    Assignee: COLORTOKENS, INC.
    Inventors: Jayaraghavendran Kuppannan, Deepak Kushwaha
  • Patent number: 11354665
    Abstract: Spending digital currency without owning digital currency may be facilitated. The user may use a software application running on the user's computing platform to scan a digital currency public address quick-response code (QR), or a near-field-communication (NFC) based public address. The user may be prompted to swipe-to-authenticate the transaction. The user may authenticate the transaction by fingerprint-swiping a biometric-enabled transitory password authentication device. The biometric-enabled transitory password authentication device may transmit an encrypted transitory password a server via the user's computing platform. Upon receiving and verifying the transaction, the server may send an amount of digital currency to the target address on behalf of the user. The server may charge the user's debit card an equivalent amount of sovereign currency.
    Type: Grant
    Filed: November 11, 2014
    Date of Patent: June 7, 2022
    Assignee: HYPR Corp.
    Inventors: George Avetisov, Roman Kadinsky, Bojan Simic
  • Patent number: 11349648
    Abstract: Provided is a pre-calculation device capable of keeping a secret against malicious behaviors of participants while keeping a processing load small. A Beaver triple generation processor generates a secret-shared Beaver triple formed of two secret-shared random numbers and a secret-shared value of a product of the two random numbers. A Beaver triple random inspection processor randomly selects a secret-shared Beaver triple, restores the Beaver triple through communication to and from other pre-calculation devices, and confirms that a product of first two elements is equal to a third element. The Beaver triple position stirring processor randomly replaces Beaver triples that have not been restored, to generate replaced secret-shared Beaver triples.
    Type: Grant
    Filed: September 18, 2020
    Date of Patent: May 31, 2022
    Inventor: Jun Furukawa
  • Patent number: 11341251
    Abstract: A system includes a data storage device containing encrypted data to be decrypted, and a VZ storage device containing a key material for decrypting data, wherein the VZ storage device decrypts the encrypted data by consuming a portion of the key material and stores the decrypted data in the consumed portion of the key material.
    Type: Grant
    Filed: April 18, 2018
    Date of Patent: May 24, 2022
    Assignee: Quintessencelabs Pty Ltd.
    Inventors: John Leiseboer, Vikram Sharma, Ken Li Chong
  • Patent number: 11336443
    Abstract: A key distribution method based on broadband physical random sources includes: utilizing a driving semiconductor laser to generate an optical signal, passing the optical signal through a phase modulator driven by a random signal and then equally dividing the phase-modulated optical signal into two identical paths, injecting the two identical paths into slave semiconductor lasers at both communication parties Alice and Bob's sides, respectively, to generate initial synchronized signals, using the generated initial synchronized signals as driving signals to phase-modulate optical signals generated by continuous-wave (CW) light sources, and inputting the modulated optical signals to dispersion modules; wherein after the modulated CW optical signals pass through the dispersion modules, two synchronized broadband noise-like random signals are generated, and then high-speed synchronized keys are generated by a post-processing method.
    Type: Grant
    Filed: July 30, 2020
    Date of Patent: May 17, 2022
    Inventors: Ning Jiang, Kun Qiu, Anke Zhao, Shiqin Liu, Yiqun Zhang
  • Patent number: 11336454
    Abstract: Example embodiments of systems and methods for data transmission between a contactless card and a client application are provided. A card key may be generated using a master key and identification number. A first and second session key may be generated using the card key and portions of the. A cryptographic result including the counter may be generated using one or more cryptographic algorithms and the card key. A cryptogram may be generated using the first session key and encrypted using the second session key. The application may be transmit one or more messages to the first applet of the contactless card. The first applet may be configured to establish one or more communication paths to the second applet based on receipt of the one or more messages from the client device. The second applet may be deactivated by the first applet via the one or more communication paths.
    Type: Grant
    Filed: February 26, 2020
    Date of Patent: May 17, 2022
    Inventors: Jeffrey Rule, Rajko Ilincic
  • Patent number: 11334662
    Abstract: A method of enhancing travel security features associated with a mobile device is provided. The method may include operating a time clock to store a start device confiscation time in a memory and to store an end device confiscation time in the memory, monitoring the mobile device to detect tampering occurring between the start device confiscation time and the end device confiscation time, and in response to the detecting of tampering, prompting the user for a secure identifier. Upon receipt of the secure identifier, the method may include opening a secure i/o pathway to a re-image file. The secure i/o pathway preferably enables execution of an executable re-image file. The re-image file may be used to re-image a software image of the mobile device. The re-image file may contain a pre-tampered image of the mobile device.
    Type: Grant
    Filed: July 14, 2020
    Date of Patent: May 17, 2022
    Assignee: Bank of America Corporation
    Inventors: Vijaya L. Vemireddy, Brandon Sloane, Harvey Summers, Eileen D. Bridges
  • Patent number: 11323480
    Abstract: An authentication system handles authentication requests to apply introspection and policy enforcement. A policy server obtains a client security policy and an authenticator security policy. The policy server obtains an encrypted credential request with client metadata from a client and determines whether the client metadata satisfies the client security policy. The policy server provides the encrypted credential request to an authenticator device and obtains an encrypted credential response with authenticator metadata in response. The policy server determines whether the authenticator metadata satisfies the authenticator security policy. The policy server processes the encrypted credential response, without decrypting the encrypted credential request or the encrypted credential response, based on a determination of whether the client metadata satisfies the client security policy and the authenticator metadata satisfies the authenticator security policy.
    Type: Grant
    Filed: May 7, 2019
    Date of Patent: May 3, 2022
    Inventors: Jeremy Lee Erickson, Nicholas Hamilton Steele, Nicholas James Mooney
  • Patent number: 11323425
    Abstract: Systems and methods for selecting cryptographic settings based on computing device location are disclosed. According to an aspect, a method includes determining a location of a client of a server. The method also includes selecting, at the server and based on the location of the client, one of several different cryptographic settings for communication with the client or data management. The method may also include implementing, at the server, the selected cryptographic setting.
    Type: Grant
    Filed: September 18, 2019
    Date of Patent: May 3, 2022
    Assignee: Lenovo Global Technology (United States) Inc.
    Inventors: Taylor Leigh Greenwood, Doug Oliver, Christopher A. Peterson, Scott Piper
  • Patent number: 11316677
    Abstract: A quantum key distribution (QKD) node apparatus and a QKD method therein. The QKD node apparatus may include a QKD module for generating quantum keys and quantum key IDs, a quantum key synchronization management module for storing the quantum keys and the quantum key IDs as outbound and inbound quantum keys in a distributed manner and sharing the outbound and inbound quantum keys with a second QKD node apparatus, and a quantum key orchestration module for delivering a master key and a master key ID to a secure application connected therewith in response to a request for the master key with the ID of a second secure application and delivering a packet including the master key encrypted with the outbound quantum key shared with the second QKD node apparatus, the master key ID, and a quantum key ID, to the second QKD node apparatus.
    Type: Grant
    Filed: October 13, 2020
    Date of Patent: April 26, 2022
    Inventors: Haeng-Seok Ko, Se Wan Ji, Younchang Jeong, Osung Kwon, Seok Kim, Eun Ji Kim, Changho Hong, Jingak Jang, Daesung Kwon
  • Patent number: 11316662
    Abstract: Various embodiments relate to a method and apparatus for policy-hiding on ciphertext-policy attribute based encryption, the method including the steps of categorizing each of a plurality of attributes into a plurality of groups where each of the plurality of groups has a group attribute, inputting a policy and a message into an encryption algorithm and outputting a ciphertext; and encrypting an AND subtree in the policy and outputting a sub-cipher.
    Type: Grant
    Filed: July 16, 2019
    Date of Patent: April 26, 2022
    Inventors: Jin Qu, Fubiao Xia, Xin Ge
  • Patent number: 11303431
    Abstract: The present disclosure provides a method and system for performing an SSL Handshake. In the method, during an SSL handshake with a target terminal, a target CDN node determines a target service server accessed by the target terminal and obtains information to be processed by a private key; the target CDN node sends a private key processing request to a private key server corresponding to the target service server, the private key processing request carries the information to be processed and target private key processing type information; the private key server processes the information to be processed based on the target private key processing type information and a private key of the target service server and sends a processing result to the target CDN node so that the target CDN node may continue to perform the SSL handshake with the target terminal according to the processing result.
    Type: Grant
    Filed: December 31, 2019
    Date of Patent: April 12, 2022
    Assignee: Wangsu Science & Technology Co., Ltd.
    Inventors: Jinpeng Lin, Wencan Wang, Shujia Dong
  • Patent number: 11294633
    Abstract: A secure computation system calculates concealed text of a difference x?r from concealed text by using concealed text and generates concealed text and of an integer portion e and a decimal fraction portion f (0?f<1) of the difference x?r from the concealed text; reconstructs the decimal fraction portion f from the concealed text; generates, from the decimal fraction portion f and the concealed text, concealed text of a left shift value y obtained by shifting 2f, which is 2 raised to the power f which is the decimal fraction portion f, to the left by e bit; and calculates, as concealed text, concealed text of a value 2r×y obtained by multiplying 2r, which is a power of 2, by the left shift value y from the concealed text by using the concealed text.
    Type: Grant
    Filed: January 18, 2018
    Date of Patent: April 5, 2022
    Inventor: Koki Hamada
  • Patent number: 11295031
    Abstract: Embodiments are described for generating, by the processor, a first event record in response to an event being performed by the computer and generating, by the processor, a first tamper resistance record in response to the first event record being generated. The first tamper resistance record includes a first signature is created based at least in part on the first event record and a second signature is created based at least in part on the first event record. Aspects also includes validating the first event record based on the first signature and the second signature in the first tamper resistance record in response to a request to detect tampering of the first event record.
    Type: Grant
    Filed: October 8, 2019
    Date of Patent: April 5, 2022
    Inventors: Michael Kuan, Scott Ballentine, Anthony Thomas Sofia
  • Patent number: 11296865
    Abstract: Various embodiments relate to a method performed by a processor of a computing system. An example method includes determining a first cryptographic algorithm utilized in a first block of a first blockchain. The first block of the first blockchain has a first unique block identifier. A second cryptographic algorithm utilized in a second block of the first blockchain is determined. The second block of the first blockchain having a second unique block identifier. A first cryptographic algorithm status transition (“CAST”) event is defined if the second cryptographic algorithm is different than the first cryptographic algorithm. A first CAST record is defined upon occurrence of the first CAST event. The first CAST record includes the second cryptographic algorithm and the second unique block identifier. The first CAST record is digitally signed and stored on a second blockchain. The second blockchain may be referenced out-of-band of the first blockchain.
    Type: Grant
    Filed: August 16, 2019
    Date of Patent: April 5, 2022
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Phillip H. Griffin, Jeffrey J. Stapleton
  • Patent number: 11290368
    Abstract: Federated messaging for quantum systems through teleportation is disclosed. In one example, a first routing service of a first quantum computing device receives a routing request comprising a payload qubit and an identifier of a destination service of a second quantum computing device. The first routing service identifies a routing entry of a routing table corresponding to the destination service. A first teleporting service of the first quantum computing device is identified based on the routing entry, the first teleporting service being associated with a first qubit entangled with a second qubit of a second teleporting service of the second quantum computing device. The first routing service routes the routing request to the first teleporting service, which generates quantum state data for the payload qubit using the payload qubit and the first qubit. The quantum state data is then sent to the second teleporting service via a communications network.
    Type: Grant
    Filed: May 21, 2019
    Date of Patent: March 29, 2022
    Assignee: Red Hat, Inc.
    Inventors: Leigh Griffin, Stephen Coady
  • Patent number: 11283633
    Abstract: Systems and methods for secure communication between devices where one device has a physical unclonable function (“PUF”) array of PUF devices and another device stores data representing characteristics of the PUF array include encryption schemes using repeated application of one-way cryptographic functions to message segments. The devices transmit or receive a processing instruction used to determined PUF devices whose measured characteristics are used to derive encryption keys. Messages are segmented and message information is securely transmitted by repeatedly application of a suitable one-way cryptographic function to each message segment where the number of applications of the function is determined by each message segment.
    Type: Grant
    Filed: March 13, 2020
    Date of Patent: March 22, 2022
    Inventor: Bertrand F Cambou
  • Patent number: 11283600
    Abstract: Examples disclosed herein relate to symmetrically encrypting a master passphrase key. In one implementation, a computing system includes a machine-readable storage medium to store a symmetrically encrypted master passphrase key, an encrypted version of a first passphrase key associated with a second machine-readable storage medium encrypted using the master passphrase key, and an encrypted version of a second passphrase key associated with a third machine-readable storage medium encrypted using the passphrase key. A processing resource may symmetrically encrypt the master passphrase key using an encryption key derived from authentication information and/or decrypt the stored master passphrase key using a decryption key derived from the authentication information.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: March 22, 2022
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Anellena Santos, Diego R. Medaglia, Taciano Perez, Dirceu Ramos, James R. Waldron
  • Patent number: 11277383
    Abstract: Cloud-based Intrusion Prevention Systems (IPS) include receiving traffic associated with a user of a plurality of users, wherein each user is associated with a customer of a plurality of customers for a cloud-based security system, and wherein the traffic is between the user and the Internet; analyzing the traffic based on a set of signatures including stream-based signatures and security patterns; blocking the traffic responsive to a match of a signature of the set of signatures; and performing one or more of providing an alert based on the blocking and updating a log based on the blocking.
    Type: Grant
    Filed: April 27, 2020
    Date of Patent: March 15, 2022
    Assignee: Zscaler, Inc.
    Inventors: Srikanth Devarajan, Sushil Pangeni, Vladimir Stepanenko, Ravinder Verma, Naresh kumar Povlavaram Munirathnam
  • Patent number: 11263153
    Abstract: A data accessing method using data protection with aid of an Advanced Encryption Standard (AES) processing circuit, and associated apparatus such as memory device, memory controller, and the AES processing circuit are provided. The data accessing method includes: utilizing the memory controller to start receiving first protected data corresponding to a read request from predetermined storage space; utilizing the AES processing circuit to start performing decryption processing on the first protected data to obtain decrypted data; utilizing the AES processing circuit to start performing encryption processing on other data to obtain encrypted data to be second protected data corresponding to a write request; and utilizing the memory controller to start sending the second protected data to the predetermined storage space, for storing the second protected data into the predetermined storage space. The AES processing circuit can perform encryption and decryption simultaneously.
    Type: Grant
    Filed: November 2, 2020
    Date of Patent: March 1, 2022
    Assignee: Silicon Motion, Inc.
    Inventor: Chiao-Wen Cheng
  • Patent number: 11263147
    Abstract: According to one embodiment, a memory system stores a part of a logical-to-physical address translation table stored in a nonvolatile memory, as a first cache, in a random-access memory, and stores a compressed logical-to-physical address translation table obtained by compressing the logical-to-physical address translation table, as a second cache, in the random-access memory. The memory system stores first information indicative of a part of a first address translation data, in a first area of a first entry of the second cache where first compressed address translation data is stored. When executing processing of checking a part of the first address translation data, the memory system refers to the first information stored in the first entry of the second cache.
    Type: Grant
    Filed: September 6, 2019
    Date of Patent: March 1, 2022
    Inventor: Takashi Miura
  • Patent number: 11258580
    Abstract: Instantaneous key invalidation in response to a detected eavesdropper. A quantum computing system that includes a plurality of qubits and a quantum channel uses a quantum key distribution protocol to generate a key. The quantum computing system determines that an eavesdropper has eavesdropped on the quantum channel. In response to determining that the eavesdropper has eavesdropped on the quantum channel, the quantum computing system sends a key-revocation message to a designated destination.
    Type: Grant
    Filed: October 4, 2019
    Date of Patent: February 22, 2022
    Assignee: Red Hat, Inc.
    Inventors: Leigh Griffin, Stephen Coady
  • Patent number: 11256717
    Abstract: A distributed storage system, such as a distributed storage system in a virtualized computing environment, stores data in storage nodes as immutable key-value entries. A coordinator storage node creates a key-value entry and attempts to store the key-value entry in the coordinator storage node and in neighbor storage nodes. If the storage of the key-value entry in the in the coordinator storage node and in the neighbor storage node is successful, the coordinator storage node pushes the key-value entry to other storage nodes in the distributed storage system for storage as replicas.
    Type: Grant
    Filed: October 21, 2019
    Date of Patent: February 22, 2022
    Assignee: VMWARE, INC.
    Inventors: Haoran Zheng, Wenguang Wang, Tao Xie, Yizheng Chen