Abstract: A device may provide a login process to authenticate users prior to admittance to a computing environment. The device may also enable users to adjust various the computing environment, e.g., the language selected for communicating with the user and the user interfaces to be presented to the user, and may store such adjustments in a secured user account. However, if the user account is inaccessible to the device during the login process, the device is unable to adapt the login process to apply the user's adjustments. Instead, the device may be configured to store users' adjustments (including language selection) outside of the user accounts, and to, upon identifying the user during the login process, present login interfaces specified in the user account. Additionally, users may select different login interfaces during login, and the device may retrieve these login interfaces for selection during future login processes for the same user.
Type:
Grant
Filed:
May 2, 2017
Date of Patent:
May 7, 2019
Assignee:
MICROSOFT TECHNOLOGY LICENSING, LLC
Inventors:
Adam James Betz, Wade H. Curtiss, Andrew Stuart Glass
Abstract: A node in a wireless network includes a memory, transceiver, and processor operatively coupled to one another. The memory stores a signature of the node. The transceiver is configured to transmit, during an initial frame, the signature to one or more neighboring nodes, and receive, during the initial frame, a first signal that includes one or more signatures of the one or more neighboring nodes. The transceiver is also configured to transmit, during a repetition frame, a scrambled waveform of the first signal received during the initial frame, and receive, during the repetition frame, a second signal that includes a retransmission of signals received by the one or more neighboring nodes during the initial frame. The processor is configured to determine a distance from the node to each of the one or more neighboring nodes based at least in part on the first signal and the second signal.
Abstract: Systems and methods are disclosed for analyzing a plurality of failed login records that correspond to failed login attempts detected by a computing system, to identify suspicious patterns of activity that can facilitate the supplementation of password blacklists for improving account security. To accomplish the foregoing, failed login records that include information associated with failed login attempts are obtained for analysis. The failed login records are analyzed to identify a set of failed login records that show initial characteristics of a suspicious pattern of activity. The information included in the set of failed login records are further analyzed to determine whether a suspicious pattern of activity is actually present. When a suspicious pattern of activity is identified in the set of failed login records, the passwords used in the failed login attempts are stored in password blacklists associated with the account identifier(s) with which the passwords were used.
Type:
Grant
Filed:
January 25, 2016
Date of Patent:
April 23, 2019
Assignee:
Oath Inc.
Inventors:
Lachlan A. Maxwell, Donald J. McQueen, William C. Wakefield, III
Abstract: A router, and a method of routing an interest packet having multiple nonces in NDN to eliminate stale PIT entries. The method includes a consumer device initially sending an interest packet having a first nonce within a protocol data unit (PDU), the interest packet having a second nonce. A router receives the interest packet and creates a pending interest table (PIT) entry. The consumer device resends the interest packet, the router keeping a single PIT entry per consumer device and using the second nonce to clear PIT entries corresponding to the initial transmission of the consumer device. The first nonce is indicative of requested content from the producer device, and the second nonce is indicative of the consumer device.
Type:
Grant
Filed:
December 19, 2014
Date of Patent:
April 23, 2019
Assignee:
FutureWei Technologies, Inc.
Inventors:
Aytac Azgin, Ravishankar Ravindran, Guo-Qiang Wang
Abstract: System and method for displaying digital content on a display device, including a display screen, a structural assembly, secured to the rear face of the display screen, and a processing controller within the structural assembly, including a memory, display processor, and power distribution and adaptation module. An external power assembly configured to connect to an external power supply, a connector cord configured to connect the power assembly and the power distribution and adaptation module, and a case for the display device, configured to couple to the display screen to provide structural rigidity during shipping, are also presented. An application is provided, configured to run on a computer with memory, processor, and user input device, and configured to communicate via the internet with the processing controller of the display device and a service cloud including a server, memory, and processor, to control the display of digital content on the display screen.
Abstract: A login method is disclosed, including: receiving, by a first server, a login request of a first terminal; generating, by the first server, a unique identifier according to the login request, storing the unique identifier, generating a corresponding two-dimensional code according to the unique identifier, and returning the corresponding two-dimensional code to the first terminal, the two-dimensional code including the unique identifier; receiving, by a second server, the unique identifier that is obtained by a second terminal by scanning the corresponding two-dimensional code and a user name that has been used by the second terminal for logging in to an application, and sending the unique identifier and the user name to the first server; performing, by the first server, identity verification of the second server, and binding, by the first server, the stored unique identifier to the user name when the identity verification of the second server succeeds, to implement login to the first terminal by using the use
Type:
Grant
Filed:
March 17, 2017
Date of Patent:
April 23, 2019
Assignee:
TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
Abstract: Organically Derived Synchronized Processes provide encryption parameter management in a certificate-less system. A first node generates a parameter data set containing multiple values; uses a seed value stored at the first node to select values from a random parameter data set to form a parameter subset; generates encryption parameters using the subset; encrypts user data using the encryption parameters; generates a signature based at least on the parameter data set; and transmits a start frame including the parameter data set, the encrypted user data, and the signature. A second node receives the start frame; uses a seed value stored at the second node to select values from the received parameter data set to form a parameter subset; generates decryption parameters using the subset; decrypts the user data using the decryption parameters; and verifies the received signature. The encryption and decryption parameters are then applied to further payload data.
Abstract: A scrambling method of data on a J1939 communication system of a vehicle involves at least moving data from one of a PGN and a PGN/SPN location to another PGN or PGN/SPN location at a first controller on the vehicle before transmitting data and then re-ordering the data at a second controller. Some embodiments further comprise encrypting data either before or after shifting, but before transmitting so as to further complicate efforts to interpret meaningful data from the transmission. The second controller may be on the vehicle or may be remotely located.
Type:
Grant
Filed:
October 19, 2016
Date of Patent:
April 9, 2019
Assignee:
The Heil Co.
Inventors:
Ricardo Castano Salinas, John Forrest Smith
Abstract: Techniques are disclosed for providing and/or implementing utilizing declarative techniques for transaction-specific authentication. Certain techniques are disclosed herein that enable transaction signing using modular authentication via declarative requests from applications. An application can declaratively specify one or more transaction factor values to be used in an authentication, and the authentication, using a transaction-signed one-time password, can be directed by an access manager module without further involvement of the application. Upon a successful or non-successful authentication, the access manager module can provide the result back to the application. Accordingly, an authentication process specific to (and valid only for) a particular transaction can be performed without direct involvement of the application and without application-centric knowledge required by the access manager module.
Abstract: A key distribution service operated by a signature authority distributes one-time-use cryptographic keys to one or more delegates that generate digital signatures on behalf of the signature authority. The key distribution service uses a root seed value to generate subordinate seeds. The subordinate seeds are used to generate a set of cryptographic keys. Hashes are generated for each key, and the hashes are arranged into a Merkle tree with a root hash controlled by the signature authority. In response to a request from a delegate, the signature authority provides a subordinate seed to the delegate. The delegate uses the subordinate seed to generate one or more cryptographic keys. The cryptographic keys are used to generate digital signatures which are verifiable up to the root hash of the Merkle tree. Additional subordinate seeds may be distributed to entities by the signature authority when appropriate.
Type:
Grant
Filed:
December 23, 2016
Date of Patent:
March 26, 2019
Assignee:
Amazon Technologies, Inc.
Inventors:
Matthew John Campagna, Gregory Alan Rubin, Nicholas Alexander Allen, Andrew Kyle Driggs, Eric Jason Brandwine
Abstract: The present invention provides methods and apparatuses for verifying that a transaction is legitimate. The methods and apparatuses use protected memory space, such as kernel space of an operating system, or a separate memory space, such as is available on a SIM card of a cellular phone. The method of the invention proceeds by creating a transaction identification string (TID) and associating the TID with a transaction. The TID contains data relevant to or associated with the transaction and is typically readable by an end-user. The transaction is then interrupted until a user responds in the affirmative to allow completion of the transaction. Methods and devices used in the invention are particularly well suited to M-commerce, where transactions originating from a device are typically recognized by a merchant as coming from the owner of the device without further authentication.
Type:
Grant
Filed:
March 2, 2015
Date of Patent:
March 12, 2019
Assignee:
AT&T Intellectual Propery I, L.P.
Inventors:
Lusheng Ji, Donald John Bowen, Thomas Killian, David Kormann, Robert R. Miller, II, Norman L. Schryer
Abstract: A system and method to automatically provision a trusted virtual appliance (VA) (which may include one or more virtual machines (VM)) for installation onto a consumer-owned acceptable device (COAD) where the system and method may create a provision the VA for the COAD without human interaction and a COAD may install a received trusted VA without human interaction, and the VM of a VA may operate independently of other applications on the COAD other than a VM supervisory program such as a hypervisor.
Abstract: The present technology may determine an anomaly in a portion of a distributed business application. Data can automatically be captured and analyzed for the portion of the application associated with the anomaly. By automatically capturing data for just the portion associated with the anomaly, the present technology reduces the resource and time requirements associated with other code-based solutions for monitoring transactions. A method for performing a diagnostic session for a request may begin with initiating collection of diagnostic data associated with a request. An application thread on each of two or more servers may be sampled. The application threads may be associated with the same business transaction and the business transaction may be associated with the request. The diagnostic data may be stored.
Abstract: Techniques for enhancing group communication on a device are described. A method may include presenting a message in a message portion of a user interface (UI) for a group communication application executing on a first device, where the group communication application communicates messages among multiple devices. The method may further include monitoring an input component for the first device and detecting a first control directive from the input component. The first control directive may select a message displayed in the message portion of the user interface. The method may further include performing a pin operation on the selected message; and presenting the pinned message in a banner portion of the UI. Other embodiments are described and claimed.
Type:
Grant
Filed:
December 2, 2014
Date of Patent:
March 5, 2019
Assignee:
FACEBOOK, INC.
Inventors:
Vincent Charles Cheung, Connie Yeewei Ho, Daniel Tsuan
Abstract: The present invention provides a method for detecting image steganography based on deep learning, which comprises: filtering images having steganographic class label or true class label in a training set with a high-pass filter to obtain a training set including steganographic class residual images and true class residual images; training a deep network model on said training set to obtain a trained deep model for steganalysis; filtering the image to be detected with said high-pass filter to obtain a residual image to be detected; detecting said residual image to be detected on said deep model so as to determine whether said residual image to be detected is a steganographic image. The method for detecting image steganography in the present invention can create an automatic blind steganalysis model through feature learning and can identify steganographic images accurately.
Type:
Grant
Filed:
April 15, 2015
Date of Patent:
March 5, 2019
Assignee:
Institute of Automation Chinese Academy of Sciences
Abstract: An encryption method includes: converting a section of express information into a binary sequence, grouping the binary sequence into a plurality of group data, and aligning each group data into an information matrix; converting the information matrix into a corresponding a basic group information matrix; randomly choosing a reference DNA sequence from a gene library, and aligning the reference DNA sequence into a basic group transition matrix, using the basic group transition matrix to convert the basic group information matrix into an encrypted information matrix, and exploding the encrypted information matrix to obtain a basic group information sequence; generating a primer for the basic group information sequence, and adding the primer before and behind the primer generator to obtain a completed DNA sequence; and synthesizing a DNA matter based on the completed DNA sequence.
Abstract: Methods and apparatus to perform string matching for network packet inspection are disclosed. In some embodiments there is a set of string matching slice circuits, each slice circuit of the set being configured to perform string matching steps in parallel with other slice circuits. Each slice circuit may include an input window storing some number of bytes of data from an input data steam. The input window of data may be padded if necessary, and then multiplied by a polynomial modulo an irreducible Galois-field polynomial to generate a hash index. A storage location of a memory corresponding to the hash index may be accessed to generate a slice-hit signal of a set of H slice-hit signals. The slice-hit signal may be provided to an AND-OR logic array where the set of H slice-hit signals is logically combined into a match result.
Type:
Grant
Filed:
February 22, 2016
Date of Patent:
February 26, 2019
Assignee:
Intel Corporation
Inventors:
Vinodh Gopal, Christopher F. Clark, Gilbert M. Wolrich, Wajdi K. Feghali
Abstract: A collation system includes first through third nodes N1-N3. N1 includes: an evaluation formula generation unit generating an evaluation formula evaluating a distance with authentication data; an encryption unit encrypting coefficients of the evaluation formula by a public key and transmitting the encrypted coefficients to N3; and an evaluation value generation unit acquiring the encrypted coefficients from N3 when authentication target data to be collated with the authentication data is received, generating an evaluation value collating the authentication target data with the authentication data based on the authentication target data and the encrypted coefficients, and transmitting the evaluation value to N2. N2 includes: a key generation unit generating a public/secret key pair and transmitting the public key to N1; and a collation unit decrypting the evaluation value using the secret key, thereby collating the authentication target data with the authentication data.
Abstract: This disclosure is directed to a multiple input cryptographic engine. In general, an cryptographic engine consistent with the present disclosure may improve on existing systems that generate encrypted data (e.g., ciphertext) from decrypted input data (e.g., plaintext), or that conversely generate decrypted data from encrypted data, in that a second input may be received into the cryptographic engine while a first input is still being processed, allowing multiple inputs to be processed concurrently. An example device may include an input interface to receive data into the device, an output interface to output data from the device and cryptographic circuitry. The cryptographic circuitry may be configured encrypt/decrypt data received via the input interface into encrypted/decrypted data while also converting a least a portion of a second input received via the input interface into second encrypted/decrypted data. The encrypted/decrypted data may then be output via the output interface.
Abstract: Systems, apparatuses, and methods for utilizing in-memory accelerators to perform data conversion operations are disclosed. A system includes one or more main processors coupled to one or more memory modules. Each memory module includes one or more memory devices coupled to a processing in memory (PIM) device. The main processors are configured to generate an executable for a PIM device to accelerate data conversion tasks of data stored in the local memory devices. In one embodiment, the system detects a read request for data stored in a given memory module. In order to process the read request, the system determines that a conversion from a first format to a second format is required. In response to detecting the read request, the given memory module's PIM device performs the conversion of the data from the first format to the second format and then provides the data to a consumer application.
Abstract: A system and method that include receiving a service provider identity request through a federated authentication protocol; transmitting a proxy identity request to a configured identity provider; receiving an identity assertion; facilitating execution of a second layer of authentication; determining a proxy identity assertion based on the identity assertion and the second layer of authentication; and transmitting the proxy identity assertion to the service provider.
Abstract: Technologies are provided in embodiments to monitor and analyze networks. The embodiments can cause a bit in a first bit sequence of a device filter to indicate a failure state based on not receiving a message from a node in a network during a reporting time interval, and upon the reporting time interval expiring, to combine the first bit sequence with a corresponding bit sequence of a shadow filter. The combination preserves, in the shadow filter, an indication of the failure state from the bit in the first bit sequence and any other indications of failure states from bits of the corresponding bit sequence of the shadow filter. More specific embodiments cause, upon the reporting interval expiring, a bit in a second bit sequence of the device filter to indicate a no failure state based on an indication of another no failure state in the first bit sequence.
Type:
Grant
Filed:
September 28, 2016
Date of Patent:
January 29, 2019
Assignee:
McAfee, LLC
Inventors:
Ned M. Smith, Thiago Jose Macieira, Zheng Zhang, Tobias M. Kohlenberg, Igor G. Muttik
Abstract: In a machine to machine (M2M) communication system, a request for a service targeted to a common service entity (CSE) with a CSE-ID is received from an underlying network, a M2M device which is associated with the CSE ID for the service request is identified using a M2M external identifier (M2M-Ext-ID). Provisioning operations for a pre-provisioned M2M-Ext-ID and a dynamic M2M-Ext-ID are performed at different domains from each other.
Abstract: Provided are methods and systems for caching network generated security certificates. An example system may include a security gateway node and a storage module. The security gateway node may be operable to receive, from a client, a session request to establish a secure connection with a server. Based on the session request, the security gateway node may establish a first secure session between the client and the security gateway node and a second secure session between the security gateway node and the server. The security gateway node may receive a server certificate from the server. The security gateway node may match the server certificate against a gateway certificate table. Based on the matching, the security gateway node may receive a gateway certificate associated with the gateway certificate entry that matches the server certificate. The gateway certificate may be used for performing the first secure session.
Abstract: An apparatus, system, and method are disclosed for secure data transmissions. A method includes receiving a request for data that is encrypted according to a first encryption scheme, and determining a first public IP address associated with the request. The first public IP address identifies a remote client that created the request and is located in a field of a data packet that includes the request. The method includes determining a second public IP address associated with the request that identifies a sender of the request and is determined dynamically when the request is received. The method includes verifying an authenticity of the request in response to the first public IP address of the remote client matching the second public IP address of the sender. The method includes encrypting the requested data according to a second encryption scheme, and transferring the data to the remote client.
Abstract: A “trusted domain” is established within which content received from a communications network, e.g., a cable TV network, is protected from unauthorized copying thereof, in accordance with the invention. In an illustrative embodiment, the trusted domain includes a device associated with a user which receives content from the cable TV network. The content may be encrypted using a content key in accordance, e.g., with a 3DES encryption algorithm before it is stored in the device. In addition, a first encrypted content key version and a second encrypted content key version are generated by respectively encrypting the content key with a public key associated with the device and another public key associated with the user, in accordance with public key cryptography. The first and second encrypted content key versions are stored in association with the encrypted content in the device storage.
Type:
Grant
Filed:
July 2, 2015
Date of Patent:
January 8, 2019
Assignee:
Time Warner Cable Enterprises LLC
Inventors:
William Helms, Michael T. Hayashi, Kevin J. Leddy, David A. Christman
Abstract: A method for access to all cells in a memory area for purposes of writing or reading data blocks in the cells may include, for each access time (Ti with i=0 to N) to the cells in the memory area to be accessed, a process of determining the address (ADRj, with j=0 to N) of the cell of the memory area to be accessed at the access time (Ti), an address (ADRj) determined for an access time Ti not being once again determined for another access time (Tk, k?j). The process of determining each address (ADRj) may be a pseudorandom process. The method may be used, for example, in any type of card, chip card, SIM card, etc., which includes a processing unit, such as a microcontroller, for manipulating cryptographic data serving to identify and/or authenticate a user of such a card.
Abstract: Systems and methods for moderating branded content provided by users to an online content publishing and distribution network are described. In some embodiments, a content management system stores user-generated or user-created content, and creates and shares links associated to the user-generated content to online networks and other sites, where other users share, consume, and/or interact with the content (e.g., videos and other multimedia content).
Type:
Grant
Filed:
October 5, 2016
Date of Patent:
December 25, 2018
Assignee:
Vivoom, Inc.
Inventors:
Katherine Hays Miller, John Clayton Webster, Nicholas Joseph Nassar, Johnathan Paul Meyer
Abstract: An apparatus, a method, and a client for synchronizing a jump context are provided. The apparatus includes a session ID generating module configured to acquire a jump context of a user from a social application platform, save the jump context to a session data DB, and return an ID of the jump context to the social application platform, so that the social application platform sends the ID of the jump context to the third-party website. The apparatus also includes a session data acquiring API configured to receive processing state information of the user with the ID of the jump context from the third-party website, and send the processing state information to the social application platform, so that the social application platform displays the processing state information. The session data DB is configured to save the jump context and the ID corresponding to the jump context.
Type:
Grant
Filed:
June 5, 2018
Date of Patent:
December 25, 2018
Assignee:
Tencent Technology (Shenzhen) Company Limited
Abstract: Operating conditions of a blockchain configuration may be dynamic and change automatically under certain circumstances. One example method of operation may include one or more of identifying an existing consensus procedure used in an existing blockchain configuration, identifying current metrics associated with the existing blockchain configuration, comparing the current metrics to predefined rules, identifying one or more deviations based on the current metrics being compared to the predefined rules, and changing the existing consensus procedure to a next consensus procedure for a subsequent block in the existing blockchain configuration responsive to identifying the one or more deviations.
Type:
Grant
Filed:
October 28, 2016
Date of Patent:
December 18, 2018
Assignee:
International Business Machines Corporation
Inventors:
Sheehan Anderson, Konstantinos Christidis, Anna D. Derbakova, Nitin Gaur
Abstract: According to one embodiment, a memory device includes: a nonvolatile semiconductor memory; and a controller which controls the semiconductor memory. The controller includes: a first memory which stores a first key; a second memory which stores a second key; a first generator which generates a third key based on a random number; a second generator which generates a fourth key based on the first key and the third key; and an encryptor which encrypts the second key with the third key. The third key and the encrypted second key are stored in a host device enabled to access the memory device.
Abstract: A processor includes an instruction decoder to receive a first instruction to process a secure hash algorithm 2 (SHA-2) hash algorithm, the first instruction having a first operand associated with a first storage location to store a SHA-2 state and a second operand associated with a second storage location to store a plurality of messages and round constants. The processor further includes an execution unit coupled to the instruction decoder to perform one or more iterations of the SHA-2 hash algorithm on the SHA-2 state specified by the first operand and the plurality of messages and round constants specified by the second operand, in response to the first instruction.
Type:
Grant
Filed:
December 31, 2016
Date of Patent:
December 11, 2018
Assignee:
Intel Corporation
Inventors:
Kirk S. Yap, Gilbert M. Wolrich, James D. Guilford, Vinodh Gopal, Erdinc Ozturk, Sean M. Gulley, Wajdi K. Feghali, Martin G. Dixon
Abstract: A processor includes an instruction decoder to receive a first instruction to process a secure hash algorithm 2 (SHA-2) hash algorithm, the first instruction having a first operand associated with a first storage location to store a SHA-2 state and a second operand associated with a second storage location to store a plurality of messages and round constants. The processor further includes an execution unit coupled to the instruction decoder to perform one or more iterations of the SHA-2 hash algorithm on the SHA-2 state specified by the first operand and the plurality of messages and round constants specified by the second operand, in response to the first instruction.
Type:
Grant
Filed:
December 31, 2016
Date of Patent:
December 4, 2018
Assignee:
Intel Corporation
Inventors:
Kirk S. Yap, Gilbert M. Wolrich, James D. Guilford, Vinodh Gopal, Erdinc Ozturk, Sean M. Gulley, Wajdi K. Feghali, Martin G. Dixon
Abstract: Methods and systems described in this disclosure receive a call from a caller, generate a first session through a first channel associated with the caller when the call is received and then send a request for authentication credentials to a device associated with the caller. In some embodiments, sending the request for authentication credentials generates a second session through a second channel associated with the caller. The caller can be authenticated to the first session using communication received during the second session through the second channel.
Type:
Grant
Filed:
November 13, 2015
Date of Patent:
November 27, 2018
Assignee:
UNITED SERVICES AUTOMOBILE ASSOCIATION (USAA)
Inventors:
Michael Justin Cairns, David Alexander Lilley, Robert Bruno Pace, Jr., John Raymond Harris, Joshua Samuel Leonard, Yuibi Fujimoto, Kevin Kenneth Fielder, Michael W. Lester
Abstract: A secure chat client is described that allows users to exchange encrypted communications via secure chat rooms, as well as one-to-one communications. In particular, the secure chat client allows users to create, configure, and manage secure chat rooms. Furthermore, the secure chat client provides users with the ability to recover secure messages when they obtain a new device or otherwise lose communications.
Abstract: In order to reduce latency of elliptical curve digital signature generation a portion of the digital signature is pre-calculated before receipt of the message hash using an unmodified ECDSA computing engine. After the message hash is received, the digital signature is completed without using the ECDSA computing engine. Applications include generating digital signatures for the safety messages in Intelligent Transport Systems.
Type:
Grant
Filed:
December 31, 2013
Date of Patent:
November 20, 2018
Assignee:
NXP B.V.
Inventors:
Peter Maria Franciscus Rombouts, Timotheus Arthur van Roermund
Abstract: A digital assistant includes an extensibility client that interfaces with application extensions that are built by third-party developers so that various aspects of application user experiences, content, or features may be integrated into the digital assistant and rendered as native digital assistant experiences. Application extensions can use a variety of services provided from cloud-based and/or local sources such as language/vocabulary, user preferences, and context services that add intelligence and contextual relevance while enabling the extensions to plug in and operate seamlessly within the digital assistant context. Application extensions may also access and utilize general digital assistant functions, data structures, and libraries exposed by the services and implement application domain-specific context and behaviors using the programming features captured in the extension.
Type:
Grant
Filed:
May 14, 2015
Date of Patent:
November 20, 2018
Assignee:
MICROSOFT TECHNOLOGY LICENSING, LLC
Inventors:
Tanvi Surti, Michael Patten, Sean Lyndersay, Chee Chen Tong
Abstract: A signature authority generates a master seed value that is used to generate a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values from the seed tree which are distributed to one or more subordinates, each of which generates a set of one-time-use cryptographic keys from the provided seed. Each subordinate generates a hash tree from its set of one-time-use cryptographic keys, and returns the root of its hash tree to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree, and the root of the hash tree acts as a public key for the signature authority.
Type:
Grant
Filed:
April 5, 2018
Date of Patent:
November 13, 2018
Assignee:
Amazon Technologies, Inc.
Inventors:
Matthew John Campagna, Gregory Alan Rubin, Nicholas Alexander Allen, Andrew Kyle Driggs, Eric Jason Brandwine
Abstract: A processor includes an instruction decoder to receive a first instruction to process a secure hash algorithm 2 (SHA-2) hash algorithm, the first instruction having a first operand associated with a first storage location to store a SHA-2 state and a second operand associated with a second storage location to store a plurality of messages and round constants. The processor further includes an execution unit coupled to the instruction decoder to perform one or more iterations of the SHA-2 hash algorithm on the SHA-2 state specified by the first operand and the plurality of messages and round constants specified by the second operand, in response to the first instruction.
Type:
Grant
Filed:
December 31, 2016
Date of Patent:
November 13, 2018
Assignee:
Intel Corporation
Inventors:
Kirk S. Yap, Gilbert M. Wolrich, James D. Guilford, Vinodh Gopal, Erdinc Ozturk, Sean M. Gulley, Wajdi K. Feghali, Martin G. Dixon
Abstract: A DisplayPort (DP) High-bandwidth Digital Content Protection (HDCP) version converter that converts an HDCP content protection version from input to output includes a receiver and a transmitter. The receiver receives a serial bit stream transmitted from an upstream device, and decrypts link symbols of the received serial bit stream by use of a decryption unit. The transmitter encrypts, by use of an encryption unit, the link symbols decrypted by the receiver, and converts the encrypted link symbols into a serial bit stream and transmits the serial bit stream to a downstream device. The receiver and the transmitter have the same link configuration.
Type:
Grant
Filed:
September 28, 2016
Date of Patent:
November 13, 2018
Assignee:
MEGACHIPS TECHNOLOGY AMERICA CORPORATION
Inventors:
Alan Kobayashi, Sujan Thomas, Ali Noorbakhsh
Abstract: Devices and methods for masking and unmasking sensitive data, based on a standard cryptographic algorithm defining a ciphering algorithm, and a deciphering algorithm using more resources than the ciphering algorithm are described. The masking of sensitive data is done by applying the deciphering algorithm to the sensitive data to obtain masked sensitive data. The unmasking of the masked sensitive data is done by applying the ciphering algorithm to the masked sensitive data to obtain sensitive data in plain form.
Abstract: A method and circuit for implementing Electronic Fuse (eFuse) visual security of stored data using embedded dynamic random access memory (EDRAM), and a design structure on which the subject circuit resides are provided. The circuit includes EDRAM and eFuse circuitry having an initial state of a logical 0. The outputs of the eFuse and an EDRAM are connected through an exclusive OR (XOR) gate, enabling EDRAM random data to be known at wafer test and programming of the eFuse to provide any desired logical value out of the XORed data combination.
Type:
Grant
Filed:
May 5, 2017
Date of Patent:
November 6, 2018
Assignee:
International Business Machines Corporation
Inventors:
Todd A. Christensen, Karl R. Erickson, Phil C. Paone, David P. Paulsen, John E. Sheets, II, Gregory J. Uhlmann
Abstract: A technique for enabling nominal flow of an executable file on a client. The executable file includes executable code lacking at least one nominal constant, wherein only the nominal constant enables the nominal flow of the executable file and wherein a server has access to the at least one nominal constant. In a method aspect performed by the client, the method includes retrieving hardware information of the client, wherein the hardware information is at least substantially unique, transmitting one of the hardware information and information derived therefrom to a server and, in turn, receiving at least one constant that has been transformed based on one of the hardware information and the information derived therefrom. The client then performs, using one of the hardware information and the information derived therefrom, an inverse transformation on the at least one transformed constant to recover the nominal constant.
Type:
Grant
Filed:
August 28, 2015
Date of Patent:
October 30, 2018
Assignee:
Denuvo GmbH
Inventors:
Christopher Gabler, Robert Yates, Leo Rauch, Matthias Moninger
Abstract: A tool for installing and configuring a software development environment with an embedded help feature is provided. The help feature may provide a user (e.g., developer) with technical assistance to resolve problems that occur when building software. In one example, the system may include a configuration tool that includes a help feature and installs and configures one or more software programs to build software. The software programs may include, for example, operating systems, source code editors, debuggers, software build tools or any component of a software development environment.
Abstract: Techniques of identifying fraud detection rule strength involve varying the rendering of a graph from transaction data. Along these lines, a rules server computer provides a general graph from a group of transaction entries defining a group of fraudulent and authentic transactions on an electronic display. A user defines selection criteria that the rules server computer applies to the group of transaction entries to generate a subgroup of transaction entries. From the subgroup of transaction entries, the rules server computer provides a focused graph on the electronic display from the subgroup of transaction entries defining a subgroup of the group of fraudulent and authentic transactions. A ratio of the number of fraudulent transactions to the number of authentic transactions represented in the focused graph identifies the strength of the selection criteria for use in a fraud detection rule.
Type:
Grant
Filed:
March 29, 2016
Date of Patent:
October 30, 2018
Assignee:
EMC IP Holding Company LLC
Inventors:
Anatoly Gendelev, Alex Zaslavsky, Kineret Raviv, Eyal Kolman, Alma Zohar
Abstract: A computer manages methods for utilizing an index to manage access to data in a dataset stored in one or more file locations in an ETL tool by receiving a request to access a dataset associated with one or more file locations, wherein the dataset is stored in the one or more file locations. The computer queries an index for the one or more file locations associated with the dataset, wherein the dataset has another index for data in the dataset. The computer receives the one or more file locations associated with the dataset. The computer determines to cache the request to access the one or more file locations for the dataset until one or more thresholds are met, wherein the cached request is part of a total number of cached requests.
Type:
Grant
Filed:
December 16, 2013
Date of Patent:
October 30, 2018
Assignee:
International Business Machines Corporation
Inventors:
Manish A. Bhide, Jean-Claude Mamou, Shyam R. Mudambi
Abstract: A system for providing a multi-delivery-method policy-controlled client proxy is disclosed. The system may receive a request for a network service from a client. Based on the request for the network service, the system may detect the presence of a client proxy associated with the client. If client proxy is detected, the system may provide a data object that includes information that indicates that the client proxy is a primary source for content that may be requested by the client. The system may redirect, based on the data object, a request for the content received from the client to the client proxy. The system may then obtain, via the client proxy, the content by utilizing a delivery method that is selected based on a policy. Finally, the system may provide, via the client proxy, the content to the client.
Type:
Grant
Filed:
July 13, 2017
Date of Patent:
October 30, 2018
Assignee:
AT&T Intellectual Property I, L.P.
Inventors:
Vishwa Prasad, Ramana V. Munagala, Gregory J. Smith
Abstract: When compressing an arrangement of fixed-length records in a columnar direction, a data compression device carries out data compression aligned with the performance of a data decompression device by computing a number of rows processed with one columnar compression from the performance on the decompression device side, such as the memory cache capacity of the decompression device or the capacity of a primary storage device which may be used by an application, and the size of one record. Thus, while improving compression ratios of large volumes of data, including an alignment of a plurality of fixed-length records, decompression performance is improved.
Abstract: A method for operating an electronic device, and an electronic device, are provided. In the normal operation state of the electronic device, data which is stored in the main storage device of the electronic device is encrypted by a first encryption algorithm prior to being stored in a non-volatile storage device of the electronic device. The method includes the steps of generating snapshot data in the main storage device when the electronic device is entering a hibernation state, allocating space in the non-volatile storage device for storing the snapshot data, and storing the snapshot data in the space without encrypting the snapshot data using the first encryption algorithm.
Type:
Grant
Filed:
July 29, 2015
Date of Patent:
October 23, 2018
Assignee:
MEDIATEK INC.
Inventors:
Wen-Long Yang, Jia-Ming Chen, Ming-Yueh Chuang, Nicholas Ching Hui Tang, Yu-Ming Lin
Abstract: Methods and systems for authenticating and confidence marking e-mail messages are described. One embodiment describes a method of authenticating an e-mail message. This method involves extracting a plurality of e-mail headers associated with the e-mail message, and identifying a sending edge mail transfer agent (MTA). The method then calls for determining if the sending edge MTA is authorized to send the e-mail message.