Abstract: The present invention Includes using an embedded SIM (eSIM) associated with a newly-opened mobile network operator (MNO) system and a receiving MNO system, the method performs the steps of: generating a security domain (SD) for a receiving MNO on the basis of a request from the newly-opened MNO system; injecting a prior SD key value; installing a secure applet for key generation and secure arithmetic operations, injecting a new SD key value on the basis of a request from the receiving MNO, and transmitting only a public key to the receiving MNO system after generating key pairs for the receiving MNO; and decoding a receiving MNO profile with a private key corresponding to the public key after receiving the receiving MNO profile from the receiving MNO system or the newly-opened MNO system.
Type:
Grant
Filed:
July 6, 2012
Date of Patent:
September 26, 2017
Assignee:
KT Corporation
Inventors:
Jaemin Park, Jinhyoung Lee, Kwangwuk Lee
Abstract: A method for sending a service by a first gateway (GW) among multiple GWs includes, upon reception of a request for a service from a terminal, determining whether the first GW is able to provide the service, detecting a second GW that is able to provide the service requested by the terminal among the multiple GWs based on GW management information that includes respective service information regarding services that the multiple GWs are able to provide, if the first GW is not able to provide the service, requesting the second GW to provide the service requested by the terminal, and upon reception of the service from the second GW, forwarding the service to the terminal. The other embodiments, including a gateway and a terminal are also disclosed.
Type:
Grant
Filed:
June 6, 2014
Date of Patent:
September 19, 2017
Assignee:
Samsung Electronics Co., Ltd.
Inventors:
Chung-Yong Eom, Hee-Dong Kim, Gye-Young Lee, Dong-Yun Hawng
Abstract: Managing data security on a mobile device. Data associated with a mobile device is received; the data includes an identification (ID) of the mobile device and a location of the mobile device relative to one or more location sensor devices. A path is determined, relative to the one or more location sensor devices, through which the mobile device has travelled. An electronic security key is communicated to the mobile device based on determining that the path corresponds to a defined path associated with the mobile device.
Type:
Grant
Filed:
June 23, 2015
Date of Patent:
September 12, 2017
Assignee:
International Business Machines Corporation
Inventors:
Ye Chen, Ruomeng Hao, Ting Jiang, Ning Wang, Shu Xi Wei, Youmiao Zhang
Abstract: A cloud deployment system is used for obfuscating CPU operation codes in a set of machines operating in a distributed computing environment. A reprogrammable microcode replaces a hardware instruction set, the microcode layer containing a set of original operation codes. A first transform of the set of original operation codes produces a first set of transformed operation codes. A first transformed microcode is created which incorporates the first set of transformed operation codes instead of the original operation codes. An operating system and an application is compiled using the first set of transformed operation codes to produce a first cross compiled operating system and application. The first transformed microcode, the first cross compiled operating system and application are deployed to a respective first one of the set of machines, the first one of the machines equipped with a softcore processor.
Type:
Grant
Filed:
September 29, 2015
Date of Patent:
September 12, 2017
Assignee:
International Business Machines Corporation
Abstract: The invention relates to a transaction method, the method including the steps of: providing a tenninal including a main processor, a graphic processor controlling a display, and a control member, the graphic processor including a memory bank which cannot be accessed from the outside; creating a link between the graphic processor and a secure processor, the link being secured by means of an encryption key shared only by the graphic processor and the secure processor; presenting first data to the user; collecting second data from commands entered by the user by means of the control member, in connection with the first data; transmitting the second data to the secure processor; and, if the user has been authenticated from the second data, carrying out the transaction, the secure link being used to transmit the first and/or second data, and/or to carry out the transaction.
Abstract: Database messages, such as queries, may be managed to process data based at least in part on performance characteristics. For example, a database query associated with a first database format may be received. The first database format may be one of a plurality of database formats. A second database format may be determined based at least in part on a performance characteristic of the second database format being above a threshold. The second database format may be determined as a result of the received database query. Additionally, the second database format may also be one of the plurality of different database formats. Data communicated by the received database query may be processed according to the second database format.
Abstract: Systems and techniques are provided for restricted accounts on a mobile platform. A request to create a restricted account may be received. The restricted account may be a user account with a restriction. Credentials for the restricted account may be received. A restriction for the restricted account may be received. The restriction may include an access restriction or a lifetime restriction. An access restriction may prevent an application from accessing the restricted account and a lifetime restriction may limit the lifetime of the restricted account. The restricted account may be stored with the credentials and the restriction. A request may be received for a list of user accounts from an application. The restricted account may be determined to include an access restriction that prevents the application from accessing the restricted account. The list of user accounts may be sent to the application and without an identifier for the restricted account.
Abstract: Crypto-glasses include systems that implement a method of authentication of users by blinking, the crypto-glasses including a frame configured so as to be worn by a user, a processor, a display device communicating with the processor so as to dynamically display data, and a communication unit, as executed by the processor, to execute the method of authentication by transmitting data to the display device for performing the authentication of the user to interact with the display device. The communication unit is configured to display in an optical unit of the crypto-glasses a key map which correlates data input into the display device with keys of the display device, the key map indicating data different from that of the keys of the display device.
Type:
Grant
Filed:
January 27, 2016
Date of Patent:
August 29, 2017
Assignee:
INTERNATIONAL BUSINESS MACHINES CORPORATION
Inventors:
Ashish Kundu, Amit A. Nanavati, Danny Soroker
Abstract: The present invention relates to managing a UNITY file in a mobile platform in order to forestall a UNITY library executable in a mobile platform from being analyzed by reverse engineering and decompiling and provides an apparatus for managing a UNITY file in a mobile platform comprising a file extracting section that extracts a UNITY library file from a UNITY application; an encrypting section that encrypts a programming library file in the UNITY library file thus extracted and creates an encrypted programming library file; a file creating section that creates a decrypting library to decrypt the encrypted programming library file and creates a secured UNITY application using the decrypting library and the encrypted programming library file; and a file executing section that, upon request to execute the secured UNITY application, executes the secured application by decrypting the encrypted programming library file using the decrypting library.
Type:
Grant
Filed:
August 7, 2015
Date of Patent:
August 22, 2017
Assignee:
SEWORKS, Inc.
Inventors:
Min Pyo Hong, Dong Seon Kim, Hyoung Kyu Choi, Chung Hui Kim, Seok Ha Lee
Abstract: Systems and methods for securely passing user authentication data between a Pre-Boot Authentication (PBA) environment and an Operating System (OS) are described. In some embodiments, an Information Handling System (IHS) may include a processor; and a Basic I/O System (BIOS) coupled to the processor, the BIOS having program instructions stored thereon that, upon execution by the processor, cause the computer system to: identify an encrypted Single-Sign-On (SSO) token and a Trusted Platform Module (TPM) key pair provisioned by an Operating System (OS) and stored in an OS registry; extract a TPM public key from the TPM key pair; encrypt a PBA private key generated by a PBA application with the TPM public key; and store the encrypted PBA private key, the TPM key pair, and the encrypted SSO token in a shadow partition of a self-encrypting hard drive coupled to the IHS.
Type:
Grant
Filed:
November 16, 2015
Date of Patent:
August 22, 2017
Assignee:
Dell Products, L.P.
Inventors:
Amy Christine Nelson, Christohper D. Burchett
Abstract: The present application discloses a method for synchronizing encryption information between a SCell and UE, which includes that: the SCell transmits a COUNT value of RB established for the UE to a PCell; the PCell transmits the COUNT value received from the SCell to the UE; and the PCell receives a COUNT value of RB established on the SCell that is saved by the UE from the UE. Or, the SCell and the UE may directly exchange the COUNT value of RB. By the present application, the security and correctness of data can be ensured.
Abstract: A determination is made that an authentication mechanism is unable to complete an attempt to authenticate, in association with a user attempting to access an application, user credentials. The user credentials include a user identifier and an additional authentication factor. An access allowance rate for the authentication mechanism is identified. The access allowance rate is based on a plurality of prior completed authentication attempts associated with the user identifier. A determination is made that the access allowance rate satisfies a set of criteria. In response to the determination that the authentication mechanism is unable to complete the authentication attempt and further in response to the determination that the access allowance rate satisfies the set of criteria, the user is allowed access to the application.
Type:
Grant
Filed:
July 2, 2015
Date of Patent:
August 15, 2017
Assignee:
International Business Machines Corporation
Abstract: A method and system for automating application of software patches to a server system having a virtualization layer. A plurality of software patches are downloaded to a computer system having a first operating system. The software patches to apply to a server console operating system are then determined. The software patches are automatically copied to the server system by executing a first script file. The copied software patches are automatically decompressed by executing a second script file. The decompressed software patches are installed in a specified order by executing the second script file. The console operating system is rebooted only after all software patches are installed.
Abstract: An approach for improved security protocols in a mobile satellite system is provided. A remote terminal performs a key establishment function, including determination of a first encryption key for encrypting data for transmission over the satellite communications channels, and determination of an authentication key for authenticating entities communicating over the communications channels. The remote terminal receives a security mode command including a key indicator, and determines a second encryption key for enhanced session data security over communications channels. The second encryption key is determined based on the key indicator and a key generation algorithm. The remote terminal further determines a key indicator response and transmits a security mode complete command including the key indicator response to a satellite base station subsystem (SBSS).
Type:
Grant
Filed:
April 29, 2014
Date of Patent:
August 1, 2017
Assignee:
Hughes Network Systems, LLC
Inventors:
Channasandra Ravishankar, Gaguk Zakaria, Nassir Benammar, John Corrigan
Abstract: A system for providing a multi-delivery-method policy-controlled client proxy is disclosed. The system may receive a request for a network service from a client. Based on the request for the network service, the system may detect the presence of a client proxy associated with the client. If client proxy is detected, the system may provide a data object that includes information that indicates that the client proxy is a primary source for content that may be requested by the client. The system may redirect, based on the data object, a request for the content received from the client to the client proxy. The system may then obtain, via the client proxy, the content by utilizing a delivery method that is selected based on a policy. Finally, the system may provide, via the client proxy, the content to the client.
Type:
Grant
Filed:
December 5, 2014
Date of Patent:
August 1, 2017
Assignee:
AT&T Intellectual Property I, L.P.
Inventors:
Vishwa Prasad, Ramana V. Munagala, Gregory J. Smith
Abstract: A method of managing keys and policies is provided. The method includes communicating policies from a key and policy manager in an enterprise environment to an agent in a cloud environment. The method includes generating keys at the key and policy manager and distributing one or more of the keys to computing or communication devices in the enterprise environment, in accordance with the policies. The method includes enforcing the policies in the cloud environment via an application of the policies by the agent, wherein at least one method operation is executed through a processor.
Abstract: A communications system includes RF processing circuitry for receiving a plurality of data streams and processing the plurality of data streams to associate with each of the plurality of data streams an orthogonal function to cause each of the plurality of data streams to be mutually orthogonal to each other on an RF link to enable transmission of each of the plurality of data streams on the RF link at a same time. Optical processing circuitry receives the plurality of data streams and processes the plurality of data streams to associate with each of the plurality of data streams the orthogonal function to cause each of the plurality of data streams to be mutually orthogonal to each other on an optical link to enable transmission of each of the plurality of data streams on the optical link at a same time. Switching circuitry multiplexes between the RF link and the optical link responsive to operating conditions on the RF link and the optical link.
Type:
Grant
Filed:
November 21, 2016
Date of Patent:
July 18, 2017
Assignee:
NXGEN PARTNERS IP, LLC
Inventors:
Solyman Ashrafi, Roger Linquist, Nima Ashrafi
Abstract: An improved system and method are disclosed for peer-to-peer communications. In one example, the method enables endpoints to securely send and receive messages to one another within a hybrid peer-to-peer environment.
Abstract: A messaging system enables client applications to send and receive messages. The messaging system includes independent component programs performing different functions of the messaging system, such as connection managers that maintain network connections with the client applications, a message router that sends received messages to recipient applications through network connections, and a dispatcher that authenticates other component programs. A messaging server may authenticate client applications using certificate-based authentication (e.g., private and public keys), authentication transfer from another trusted messaging server, or other methods (e.g., user name and password). To authenticate a component program, the dispatcher compares instantiation information (e.g., user identity, process identifier, creation time) of the component program provided by the operating system with instantiation information saved in a shared memory at the time of the component program's instantiation.
Type:
Grant
Filed:
January 29, 2016
Date of Patent:
July 18, 2017
Assignee:
BlackRock Financial Management, Inc.
Inventors:
Elliot Hamburger, Jonathan S. Harris, Jeffrey A. Litvin, Sauhard Sahi, John D. Valois, Ara Basil, Randall B. Fradin
Abstract: Techniques are provided for delegating evaluation of pseudorandom functions to a proxy. A delegator delegates evaluation of a pseudorandom function to a proxy, by providing a trapdoor ? to the proxy based on a secret key k and a predicate P using an algorithm T, wherein the predicate P defines a plurality of values for which the proxy will evaluate the pseudorandom function, wherein the plurality of values comprise a subset of a larger domain of values, and wherein the trapdoor ? provides an indication to the proxy of the plurality of values. A proxy evaluates a pseudorandom function delegated by a delegator by receiving a trapdoor ? from the delegator that provides an indication of a plurality of values to be evaluated, wherein the plurality of values comprise a subset of a larger domain of values; and evaluating an algorithm C on the trapdoor ? to obtain the pseudorandom function value for each of the plurality of values.
Type:
Grant
Filed:
June 30, 2013
Date of Patent:
July 18, 2017
Assignee:
EMC IP Holding Company LLC
Inventors:
Aggelos Kiayias, Stavros Papadopoulos, Nikolaos Triandopoulos, Thomas Megas Zacharias
Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1?n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2?t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T?t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
Type:
Grant
Filed:
September 25, 2015
Date of Patent:
July 11, 2017
Assignee:
International Business Machines Corporation
Inventors:
Jan Camenisch, Yossi Gilad, Anja Lehmann, Zoltan A. Nagy, Gregory Neven
Abstract: In one embodiment, a computing device may execute software from a first portion of memory of the computing device. The computing device may download from a server a new version of the software. The client computing device may receive instructions from the server to request an over-the-air (OTA) download of the new version of the software. The instructions may be an out-of-band message. The new version of the software may be installed into a second portion of memory of the computing device, and the new version of the software is executed from the second portion of memory. The download of the new version of software may be pursuant to a manifest for the download to determine whether the computing device may download the new version of software.
Type:
Grant
Filed:
January 7, 2016
Date of Patent:
June 13, 2017
Assignee:
Facebook, Inc.
Inventors:
Gueorgui Nikolov Djabarov, George Francis Hotz, Shaheen Ashok Gandhi
Abstract: A secret sharing system transforms shares in ramp secret sharing to shares in homomorphic secret sharing. On a data distribution apparatus, a division part divides information a into N shares fa(n) using an arbitrary ramp secret sharing scheme S1. On each of distributed data transform apparatuses, a random number selecting part generates a random number vector ri whose elements are L random numbers ri1. A first random number division part divides the random number vector into N shares fri(n) using a ramp secret sharing scheme S1. A second random number division part divides each of the L random numbers ri1 into N shares gri,1(n) using an arbitrary secret sharing scheme S2. A disturbance part generates a share Ui by using a share fa(i) and shares fr?(i). A reconstruction part reconstructs L pieces of disturbance information c1 from shares U? by using the ramp secret sharing scheme S1.
Type:
Grant
Filed:
July 4, 2013
Date of Patent:
June 13, 2017
Assignee:
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
Inventors:
Koji Chida, Dai Ikarashi, Koki Hamada, Ryo Kikuchi
Abstract: Encrypting data using a private key, and encrypting the private key by generating a first encrypted version of the private key using a first master key, and generating a second encrypted version of the private key using a second master key. The first master key is split into shares including a user input key share derived from user authentication data, and the second master key is split into shares including a remote key share stored on a remote server. Data access when the device is offline is provided by reconstructing the first master key using the user input key share, in order to decrypt the first encrypted version of the private key. Data access when the device is online is provided by reconstructing the second master key using the remote key share, in order to decrypt the second encrypted version of the private key.
Abstract: Disclosed are various embodiments for network site account management using a proxy server. A request for a secured resource on a network site is generated based at least in part on stored account information in response to receiving an initial request for the secured resource from a client. The request is sent to the network site. The secured resource is sent to the client in response to receiving the secured resource from the network site.
Type:
Grant
Filed:
February 16, 2016
Date of Patent:
June 6, 2017
Assignee:
Amazon Technologies, Inc.
Inventors:
Daniel Wade Hitchcock, Brad Lee Campbell, Bharath Kumar Bhimanaik
Abstract: In many information security scenarios, a certificate issued by a certificate authority may be presented to a client in order to assert a trust level of a certificated item, such as a message or a web page. However, due to a decentralized structure and incomplete coordination among certificate authorities, the presence and exploitation of security vulnerabilities to issue untrustworthy certificates may be difficult to determine, particularly for an individual client. Presented herein are techniques for advising clients of the reputations of respective certificate authorities by evaluating the certificates issued by such certificate authorities, such as the number and types of domains certified by the certificate; the number and pattern of certificates issued for the domain; and the certification techniques used to issue the certificates. Such evaluation enables a determination of a certificate authority trust level that may be distributed to the clients in a certificate authority trust set.
Type:
Grant
Filed:
August 1, 2014
Date of Patent:
May 23, 2017
Assignee:
Microsoft Technology Licensing, LLC
Inventors:
Anooshiravan Saboori, Muhammad Umar Janjua, Nelly Porter, Philip Hallin, Haitao Li, Xiaohong Su, Kelvin Yiu, Anthony Paul Penta, Vassil Dimitrov Bakalov, Bryston Mitsuo Nitta
Abstract: The systems, methods and apparatuses described herein provide a computing environment for authenticating a user. An apparatus according to the present disclosure may comprise a non-volatile storage, a user interface, and a password engine. The password engine is configured to retrieve two or more predetermined prompts from the non-volatile storage, present the two or more predetermined prompts on the user interface to a user in a random order, receive a first set of input(s) in response to the two or more predetermined prompts, create an encryption keyword from the received first set of input(s) according to an original order of the two or more predetermined prompts stored in the non-volatile storage, and use the encryption keyword to authenticate the user.
Abstract: Disclosed herein are techniques for encrypting data stored on a solid-state drive (SSD) managed by a system (e.g., a computing device). Specifically, the system is configured to track block units of a larger size on the SSD so that a mapping table associated with the SSD can be kept small. After running SSD encryption using the large size block units, the entire SSD can be fully encrypted without requiring clear text to be written onto the SSD subsequent to SSD encryption being activated. Thereafter, the entire SSD can be defragmented to produce a single physical extent of encrypted data.
Abstract: Disclosed are a security processing system and method for HLS transmissions. An aspect of the invention provides a content key conversion device connected over a network to a content proxy device configured to provide encryption key information to a content operating device for a content received from a content provider device of an external network. The content key conversion device includes: a reception part that receives a double encryption key of a content from the content proxy device; an interface part that receives key decryption information corresponding to the double encryption key from an encryption key provider device of an external network; a decryption part that decrypts the double encryption key of the content using the key decryption information and thereby converts the double encryption key to an encryption key; and a transmission part that transmits the encryption key converted by the decryption part to the content proxy device.
Abstract: A device may provide a login process to authenticate users prior to admittance to a computing environment. The device may also enable users to adjust various the computing environment, e.g., the language selected for communicating with the user and the user interfaces to be presented to the user, and may store such adjustments in a secured user account. However, if the user account is inaccessible to the device during the login process, the device is unable to adapt the login process to apply the user's adjustments. Instead, the device may be configured to store users' adjustments (including language selection) outside of the user accounts, and to, upon identifying the user during the login process, present login interfaces specified in the user account. Additionally, users may select different login interfaces during login, and the device may retrieve these login interfaces for selection during future login processes for the same user.
Type:
Grant
Filed:
May 31, 2012
Date of Patent:
May 2, 2017
Assignee:
Microsoft Technology Licensing, LLC
Inventors:
Adam James Betz, Wade H. Curtiss, Andrew Stuart Glass
Abstract: A method of gluing a cryptographic implementation of a cryptographic function to a surrounding program in a cryptographic system, including: receiving, by the cryptographic system, an input message; receiving a computed value from the surrounding program; performing, by the cryptographic system, a keyed cryptographic operation mapping the input message into an output message using the computed value from the surrounding program, wherein the output message is a correct output message when the computed value has a correct value; and outputting the output message.
Type:
Grant
Filed:
April 28, 2014
Date of Patent:
May 2, 2017
Assignee:
NXP B.V.
Inventors:
Wil Michiels, Jan Hoogerbrugge, Michael Patrick Peeters
Abstract: A processor includes an instruction decoder to receive a first instruction to process a secure hash algorithm 2 (SHA-2) hash algorithm, the first instruction having a first operand associated with a first storage location to store a SHA-2 state and a second operand associated with a second storage location to store a plurality of messages and round constants. The processor further includes an execution unit coupled to the instruction decoder to perform one or more iterations of the SHA-2 hash algorithm on the SHA-2 state specified by the first operand and the plurality of messages and round constants specified by the second operand, in response to the first instruction.
Type:
Grant
Filed:
March 30, 2012
Date of Patent:
April 25, 2017
Assignee:
Intel Corporation
Inventors:
Kirk S. Yap, Gilbert M. Wolrich, James D. Guilford, Vinodh Gopal, Erdinc Ozturk, Sean M. Gulley, Wajdi K. Feghali, Martin G. Dixon
Abstract: A non-deterministic encryption functionality receives and encrypts an open-text input stream. Codes for error-correction are generated for the encrypted stream, and a correctable amount of non-deterministic random error is overlaid onto the encrypted stream and the codes for error-correction. The error-injected encrypted stream and codes for error-correction are re-encrypted and delivered to a using process. A non-deterministic decryption functionality reverses the encryption, in some embodiments using key values used during the encryption, and delivers an open-text stream to a using process. Some embodiments of a non-deterministic encryption include a reversible scrambling layer. In some embodiments, the non-deterministic encryption and decryption functionalities are performed, at least in part, by a controller of a solid state disk. In some embodiments, the functionalities are performed within a secure physical boundary provided by implementation within a single integrated circuit.
Abstract: Disclosed is a technology related to a method of generating an OTP and an apparatus for performing the same. The method includes receiving user secret information that is input according to execution of a process of providing an OTP; authenticating the user secret information by generating a response value based on the received user secret information and a challenge value received from a user verification apparatus, and transmitting the response value to the user verification apparatus; and generating an OTP using at least one of the user secret information, the challenge value and the response value as the user secret information is authenticated, thereby effectively dealing with loss or appropriation of a user terminal and also improving the security of an OTP.
Type:
Grant
Filed:
December 18, 2014
Date of Patent:
April 11, 2017
Assignee:
PENTA SECURITY SYSTEMS INC.
Inventors:
Seok Woo Lee, You Sik Lee, Sang Gyoo Sim, Duk Soo Kim, Gi Young Joo
Abstract: Systems and methods for installing network certificates on a client computing device are provided. In some aspects, a method includes automatically determining that the certificate associated with the network is not installed on the computing device. The method also includes determining that the certificate can be installed on the computing device without assistance. The method also includes determining whether end-user input is required to install the certificate. The method also includes, if end-user input is required to install the certificate, displaying a graphical component which prompts an end-user for an input associated with generating the certificate, receiving the input, and providing a request to generate the certificate based on the input. The method also includes, if end-user input is not required to install the certificate, providing a request to generate the certificate. The method also includes storing the certificate. The method also includes connecting to the network using the certificate.
Abstract: A permission management method, apparatus, and terminal. The permission management method includes obtaining an installation package of a first application program, where the installation package carries a first certificate and permission request information of the first application program; next, determining, according to the permission request information, a first permission that the first application program requires during running, where the first permission is a system administrator permission of a system; and then, granting the first permission to the first application program according to the first certificate of the first application program. In this way, the first permission that the first application program requires during running is granted to the first application program.
Abstract: Techniques for automatically generating test data solve various problems in test data generation. A technique of automatically generating test data includes receiving a signature to be embedded in at least one character string to be generated and determining a total sum of attribute values intrinsic to characters in the character string. The sum is associated with each element of the signature. At least one of the characters in the character string may be selected from a character table describing characters prepared to create the test data so as to achieve the determined total sum for each element of the signature. The generated test data contains the character string including the selected character.
Type:
Grant
Filed:
September 5, 2014
Date of Patent:
April 4, 2017
Assignee:
INTERNATIONAL BUSINESS MACHINES CORPORATION
Abstract: A computer-implemented method for de-identifying data by creating tokens through a cascading algorithm includes the steps of processing at least one record comprising a plurality of data elements to identify a subset of data elements comprising data identifying at least one individual; generating, with at least one processor, a first hash by hashing at least one first data element with at least one second data element of the subset of data elements; generating, with at least one processor, a second hash by hashing the first hash with at least one third data element of the subset of data elements; creating at least one token based at least partially on the second hash or a subsequent hash derived from the second hash, wherein the token identifies the at least one individual; and associating at least a portion of a remainder of the data elements with the at least one token.
Abstract: According to an example, an intrusion-prevention system may include a network interface to receive a subject data word via a network. The intrusion-prevention system may include hardware to determine whether the subject data word partially matches a signature data pattern, and determine whether the subject data word fully matches the signature data pattern if the subject data word partially matches the signature data pattern.
Type:
Grant
Filed:
April 26, 2013
Date of Patent:
March 21, 2017
Assignee:
Trend Micro Incorporated
Inventors:
Ronald S. Stites, Craig D. Botkin, Brian K. Campbell
Abstract: An out-of-vehicle device interface apparatus includes a request message reception unit, a response message request unit, and a response message transmission unit. The request message reception unit receives a request message from an out-of-vehicle device, generates electrical signals in electric lines, and transfers the request message. The response message request unit requests response messages for the request message from one or more devices constituting an in-vehicle network based on one or more of the electric lines in which electrical signals have been generated. The response message transmission unit receives the response messages from the one or more devices, and transfers the response messages to the out-of-vehicle device via unidirectional communication.
Type:
Grant
Filed:
April 24, 2015
Date of Patent:
March 14, 2017
Assignee:
ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
Inventors:
Kyoung-Ho Kim, Jeong-Han Yun, Heemin Kim, Manhyun Chung, Woonyon Kim, Jungtaek Seo, Eung Ki Park
Abstract: The invention provides a digital asset authentication system and method. The invention includes a digital asset metadata register storing details of parties enrolled with the system, including at least one end user and at least one digital asset supplier, and details of digital assets available from the digital asset supplier. A security module is provided for producing a unique tag and for creating a digital asset security container for the tag comprising data relating to events involving the tag, and the tag and the security container are stored in a store. A processor executes authentication software in response to a request from said one end user for a respective digital asset to validate the request by reference to the metadata register to verify that the metadata register lists said one end user and the respective digital asset.
Abstract: A power compensation method, base station and user equipment. The method includes: transmitting, by a base station, when an expanded UE-specific PDCCH is amplitude phase keying modulated, a first ratio of the EPRE of the expanded UE-specific downlink control channel to the EPRE of a DM-RS in a first time slot occupied by the expanded UE-specific PDCCH, so that the terminal equipment performs power compensation in decoding the received data transmitted by the base station according to the first ratio, thereby ensuring correct demodulation of the received data by the terminal equipment.
Abstract: An automated security provisioning protocol is provided for wide area network communication devices in an open device environment, such as cellular communication devices in a machine-to-machine (M2M) environment. For example, a method for performing a security provisioning protocol between a first communication device and a second communication device over at least one wide area communication network comprises the following steps from the perspective of the first communication device. The first communication device automatically uses access information not previously provisioned in the wide area communication network to gain access to the wide area communication network for an initial purpose of communicating with the second communication device.
Type:
Grant
Filed:
July 14, 2009
Date of Patent:
March 7, 2017
Assignee:
Alcatel Lucent
Inventors:
Ganapathy S. Sundaram, Harish Viswanathan
Abstract: Methods, apparatus and computer readable media for transferring encrypted and unencrypted data between processing devices are disclosed. Example data transmission methods disclosed herein include dividing, at a first processing device, a set of data collected at the first processing device into a first unencrypted data subset and a second unencrypted data subset. Disclosed example methods also include encrypting, at the first processing device, the first unencrypted data subset using an encryption key provided by a second processing device to generate a first encrypted data subset. Disclosed example methods further include transmitting the second unencrypted data subset from the first processing device to the second processing device before transmitting the first encrypted data subset from the first processing device to the second processing device to thereby transmit the set of data from the first processing device to the second processing device.
Abstract: A method for establishing a secure connection between a station and an access point includes transmitting a communications system management message to the station, the communications system management message including an access point nonce. The method also includes receiving a station nonce from the station, and determining a first security key according to the access point nonce and the station nonce. The method further includes securing a connection between the station and the access point using the first security key.
Abstract: A system and method of performing a multi-party computation by determining a function for use in the multi-party computation, receiving a plurality of input values for the function, evaluating the function based at least in part on the plurality of input values to generate a result wherein the result is not usable to determine an input of the plurality of input values, and providing an output based at least in part on the result.
Type:
Grant
Filed:
September 3, 2014
Date of Patent:
February 21, 2017
Assignee:
Amazon Technologies, Inc.
Inventors:
Gregory Branchek Roth, Aaron Douglas Dokey
Abstract: A computer-implemented method for decrypting, by a browser application, an encrypted portion of a fragment identifier within a uniform resource identifier includes receiving, by a browser application executing on a computing device, from a user, a uniform resource identifier including a delimiter and a fragment identifier, the fragment identifier comprising an encrypted portion. The method includes requesting, by the browser application, from an access control manager, decryption information associated with the fragment identifier. The method includes receiving, by the browser application, from the access control manager, the requested decryption information. The method includes decrypting, by the browser application, the encrypted portion of the fragment identifier with the requested decryption information.
Type:
Grant
Filed:
March 12, 2015
Date of Patent:
February 21, 2017
Inventors:
William R Ackerly, Reuven Mark Vallejo Gonzales
Abstract: Methods, systems, computer-readable media, and apparatuses for providing service to access nodes are presented. In some embodiments, a computing device may generate a geographical coverage map comprising a plurality of wireless access nodes respectively at a plurality of geographic locations and a wireless coverage range for each wireless access node. The computing device may receive from at least one wireless access node of the plurality of wireless access nodes an indication that the at least one wireless access node detected a first wireless access node of the plurality of wireless access nodes. The computing device may refine a first coverage range of the first wireless access node based on a respective geographic location of the at least one wireless access node. In some embodiments, a first wireless access node may receive and forward join emergency mesh (JEM) messages to establish a wireless network.
Type:
Grant
Filed:
April 22, 2014
Date of Patent:
February 21, 2017
Assignee:
Comcast Cable Communications, LLC
Inventors:
Derrick Krening, Edward David Monnerat, Jonathan Alan Leech, Nicholas Adam Pinckernell, Andy Martushev, Jasbir Rajpal, Scott Moody, Garey Hoffman, David B. Leach, David O'hare
Abstract: A PIN server system interacts with one or more financial institutions to authenticate a mobile phone and-or a user thereof. The PIN server provides to the mobile phone one or more PIN numbers to use in financial transactions involving the one or more financial institutions, and also provides the one or more PIN numbers to the financial institutions in a manner that results in the one or more PIN numbers being associated with one or more accounts of the mobile phone user with the one or more financial institutions.
Abstract: A computer-implemented system and method for determining call connection status is provided. A call initiated by a calling party to a receiving party is monitored. Metadata associated with the receiving party is obtained upon reaching a ring tone of the receiving party. An identity of the receiving party is determined via the metadata. A connection with the receiving party is determined to be secure during the call when the metadata comprises a security certificate. A status of the secure connection is provided to each of the calling party and the receiving party.