Symmetric Key Cryptography Patents (Class 380/259)
  • Patent number: 10313112
    Abstract: Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.
    Type: Grant
    Filed: December 28, 2015
    Date of Patent: June 4, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Nathan R. Fitch, Gregory B. Roth, Graeme D. Baer
  • Patent number: 10305684
    Abstract: A secure connection method for a network device includes: acquiring a public key operation value of a second device in an out-of-band manner; sending public key information of a first device to the second device; receiving public key information of the second device that is sent by the second device, and decrypting the public key information of the second device by using a private key of the first device, to obtain the public key of the second device; and performing a preset-algorithm operation on the public key of the second device to obtain a copy of the public key operation value of the second device, and after the copy of the public key operation value of the second device matches the public key operation value of the second device, accepting received connection information sent by the second device.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: May 28, 2019
    Assignee: Huawei Device Co., Ltd.
    Inventors: Gaokun Pang, Zhiming Ding, Xiaoxian Li, Su Lu
  • Patent number: 10305686
    Abstract: Secure data transfers between communication nodes is performed using a group encryption key supplied by a remote management system. A first node transmits a request for secure communications with a second node to the remote management system using a control channel. The remote management system generates and encrypts a group encryption key usable by the first and second nodes and forwards the encrypted group encryption key to the first and second nodes using one or more control channels. The first and second communication nodes decrypt the group encryption key and use it to encrypt data transmitted between the nodes using a data transport network. In some implementations the securely communicating nodes may use encryption keys and/or techniques that prevent the remote management system from eavesdropping on the nodes' communications.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: May 28, 2019
    Assignee: Orion Labs
    Inventors: Greg Albrecht, Andy Isaacson, Nelson Carpentier, Dan Phung, Schuyler Erle
  • Patent number: 10305680
    Abstract: Systems, methods, and computer-readable media are disclosed for processing and message padding an input message as well as processing an extended output message (EOM) in a manner that ensures that the input message and the padded message are processed only a single time, thus avoiding generation of an incorrect message digest. In addition, in those scenarios in which multiple padded message blocks are generated, the disclosed systems, methods, and computer-readable media ensure that all of the padded message blocks are processed.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: May 28, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Louis P. Gomes
  • Patent number: 10298387
    Abstract: A method includes detecting, at an interceptor device, a transmission of an encrypted media stream from a first device to a second device. The method also includes intercepting the encrypted media stream, during the transmission, for a simulcast operation associated with the encrypted media stream. The transmission of the encrypted media stream from the first device to the second device is substantially unaffected by the interception. The method further includes simulcasting a version of the encrypted media stream to at least a third device in response to intercepting the encrypted media stream.
    Type: Grant
    Filed: July 26, 2018
    Date of Patent: May 21, 2019
    Assignee: WOWZA MEDIA SYSTEMS, LLC
    Inventor: Charles F. Good
  • Patent number: 10298394
    Abstract: The present invention relates to a method to authenticate two devices to establish a secure channel, one belonging to a first group of devices, the second belonging to a second group of devices, in a non-traceable manner without the need to share a secret, each group being authenticated by an authority that stores a group secret key into the devices under its authority. The method uses a set of authentication tokens, one for each of the other groups with which the device is intended to communicate, said authentication token comprising at least a random number and a cipher of at least this random number by the secret key of each of these other groups, said authentication tokens being further renewed at each communication with a device from another group.
    Type: Grant
    Filed: February 20, 2015
    Date of Patent: May 21, 2019
    Assignee: GEMALTO SA
    Inventor: Alain Rhelimi
  • Patent number: 10289830
    Abstract: An interception-proof authentication and encryption system and method is provided that utilizes passcodes with individual pins that are made up of symbols from a set of symbols, and tokens that contain at least two symbols from the set of symbols used for the passcode. Multiple tokens (a “token set”) are presented to a user, with some or all of a user's pre-selected pins (symbols) randomly inserted into some or all of the tokens. The user selects a token from the token set for each pin position in the passcode. The user is authenticated based on the selected tokens. Because each selected token may or may not contain one of the pre-selected pins in the user's passcode, and also contains other randomly generated symbols that are not one of the pre-selected pins in the user's passcode, someone that observes which tokens the user has chosen cannot determine what the user's actual passcode is.
    Type: Grant
    Filed: August 27, 2016
    Date of Patent: May 14, 2019
    Inventor: Min Ni
  • Patent number: 10291392
    Abstract: A method for encrypting data based on all-or-nothing encryption includes: providing, by an encryption system, data to be encrypted and an encryption key; dividing, by the encryption system, the data into an odd number of blocks, wherein each of the blocks has the same size; encrypting, by the encryption system, the blocks with the encryption key to obtain an intermediate ciphertext c? comprising intermediate ciphertext blocks c0?, . . . , cN?, wherein c0? corresponds to a random seed and c1?, . . . , cN? corresponds to the encrypted blocks; and obtaining, by the encryption system, a final ciphertext c using the intermediate ciphertext c?. An intermediate overall ciphertext t is obtained based on XOR'ing the intermediate ciphertext blocks c0?, . . . , cN?; and obtaining a plurality of final ciphertext blocks c1, . . . cN by XOR'ing respective intermediate ciphertext blocks c1?, . . . , cN? with the intermediate overall ciphertext t.
    Type: Grant
    Filed: August 28, 2017
    Date of Patent: May 14, 2019
    Assignee: NEC CORPORATION
    Inventors: Ghassan Karame, Claudio Soriente, Srdjan Capkun
  • Patent number: 10275767
    Abstract: A method for generating cryptograms in a webservice environment includes: receiving, in a first environment of a computing system, a credential request transmitted by an external computing device using a secure communication protocol, the credential request including a transaction identifier and account identifier; transmitting, by the first environment, a data request to a second environment of the computing system, the data request including the account identifier; receiving, by the first environment, an account profile and session key from the second environment; transmitting, by the first environment, a cryptogram request to a third environment of the computing system, the cryptogram request including the account profile and session key; receiving, by the first environment, a cryptogram from the third environment generated using the account profile and session key; and transmitting, by the first environment, the cryptogram and transaction identifier to the external computing device via the secure communic
    Type: Grant
    Filed: October 21, 2015
    Date of Patent: April 30, 2019
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Mehdi Collinge, Patrik Smets
  • Patent number: 10277569
    Abstract: Techniques for using short-term session credentials across regions are described herein. A first request for resources generated using a short-term session credentials and digitally signed with a digital signature. The request is generated in a first region and received in a second region. In response to the request, a second request is generated in the second region to validate the first request. A new session token that is usable in the second region is generated and returned to the second region. The new session token can then be used in the second region to fulfill the first request.
    Type: Grant
    Filed: December 3, 2015
    Date of Patent: April 30, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Marc R. Barbour, Khaled Salah Sedky, Slavka Praus, Srikanth Mandadi
  • Patent number: 10262152
    Abstract: An access control apparatus comprises a control unit that, based on predetermined access control information, restricts access to an electronic file by software that is permitted to access or prohibited from accessing the electronic file. An access control system comprises: an access control apparatus that has a control unit that, based on predetermined access control information, restricts access to an electronic file by software that is permitted to access or prohibited from accessing the electronic file; and a management apparatus that is provided outside the access control apparatus, and provides, to the access control apparatus, at least one of the predetermined access control information and a judgment result based on the predetermined access control information.
    Type: Grant
    Filed: July 15, 2015
    Date of Patent: April 16, 2019
    Assignee: FinalCode, Inc.
    Inventors: Toshio Dogu, Noriyuki Takahashi, Takuya Matsumoto
  • Patent number: 10263785
    Abstract: Securing information is increasingly difficult. With technological advances and tools/information sharing between hackers it is becoming even more difficult to ensure that sensitive data remains secure. Disclosed are systems and methods for uniquely securing data for each communication. The disclosed systems and methods allow for transmitting data across multiple boundaries (national, linguistic, operating system, platform, brand, etc.), while maintaining the desired security of the originator's data.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: April 16, 2019
    Inventors: Thomas J. Waters, Richard H. Waters, Robert N. Barrett
  • Patent number: 10242195
    Abstract: Examples described herein include a computing device with a processing resource to execute beginning booting instructions of the computing device. The beginning booting instructions may include a first booting instruction. The computing device also includes an access line to access the first booting instruction, a measuring engine to duplicate the first booting instruction and to generate a first integrity value associated with the first booting instruction, and a measurement register to store the first integrity value. The measuring engine may be operationally screened from the processing resource and the measurement register may be inaccessible to the processing resource.
    Type: Grant
    Filed: July 22, 2016
    Date of Patent: March 26, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Ludovic Emmanuel Paul Noel Jacquin, Thomas M. Laffey, Adrian Shaw
  • Patent number: 10218696
    Abstract: The techniques and systems described herein are directed to providing targeted, secure software deployment in a computing system. An identity of the computing device can be determined and verified using a trusted platform module (TPM) of the computing device, and a software update can be expressly configured to operate solely on the computing device. Further, a configuration of the computing device can be ascertained using platform configuration registers (PCRs) of the TPM to determine that the computing device has not been modified from a trusted configuration. For example, if malware or unauthorized software is operating on the computing device, the software update may be prevented from being installed. Further, the software update can be targeted for a particular computing device, such that when the software update is received at the computing device, the software update may not be duplicated and provided to an additional, unauthorized device.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: February 26, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Merzin Kapadia
  • Patent number: 10218501
    Abstract: A method includes: securely obtaining, by a first device, a first public key estimated value of a second device in an out-of-band manner; encrypting an asymmetric encryption public key by using the first public key estimated value; sending the encrypted asymmetric encryption public key to the second device; receiving an encrypted first key-exchange public key sent by the second device; decrypting the encrypted first key-exchange public key by using an asymmetric encryption private key; performing an operation based on the decrypted first key-exchange public key, to obtain a second public key estimated value; and when the first public key estimated value is consistent with the second public key estimated value, determining that the decrypted first key-exchange public key is correct, generating a shared key by using a key-exchange private key and the first key-exchange public key, and establishing a secure connection to the second device by using the shared key.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: February 26, 2019
    Assignee: Huawei Device (Dongguan) Co., Ltd.
    Inventors: Gaokun Pang, Zhiming Ding
  • Patent number: 10210776
    Abstract: A method of protecting a Rijndael-type algorithm executed by an electronic circuit against side channel attacks, wherein: each block of data to be encrypted or to be decrypted is masked with a first mask before a non-linear block substitution operation is applied based on a substitution box, and is then unmasked with a second mask after the substitution; and the substitution box is recalculated, block by block, before the non-linear operation is applied, the processing order of the blocks of the substitution box being submitted to a random permutation, commutative with the non-linear substitution operation.
    Type: Grant
    Filed: February 17, 2016
    Date of Patent: February 19, 2019
    Assignee: STMicroelectronics (Rousset) SAS
    Inventor: Nicolas Bruneau
  • Patent number: 10187198
    Abstract: A method of protecting a Rijndael-type algorithm executed by an electronic circuit against side channel attacks, wherein: each block of data to be encrypted or decrypted is masked with a first mask before applying a non-linear block substitution operation from a first substitution box, and is then unmasked by a second mask after the substitution; the substitution box is recalculated, block by block, before applying the non-linear operation, the processing order of the blocks of the substitution box being submitted to a random permutation; and the recalculation of the substitution box uses the second mask as well as third and fourth masks, the sum of the third and fourth masks being equal to the first mask.
    Type: Grant
    Filed: February 17, 2016
    Date of Patent: January 22, 2019
    Assignee: STMICROELECTRONICS (ROUSSET) SAS
    Inventor: Nicolas Bruneau
  • Patent number: 10187200
    Abstract: A computerized method that encrypts each of a plurality of segments of a binary value using a selected block cipher of a plurality of block ciphers and a unique symmetric key of a first plurality of unique, symmetric keys to produce a first ciphertext. The method further encrypts each of a plurality of segments of the first ciphertext using a selected block cipher of the plurality of block ciphers and a unique symmetric key of a second plurality of unique, symmetric keys to produce a second ciphertext. The selected block cipher used to encrypt a first segment of the binary value to produce a first segment of the plurality of segments of the first ciphertext is different than the selected block cipher used to encrypt the first segment of the ciphertext to produce a first encrypted segment of the second ciphertext.
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: January 22, 2019
    Assignee: SECURE CHANNELS INC.
    Inventors: Adam C. Firestone, Hilary L. MacMillan
  • Patent number: 10181037
    Abstract: Booting a machine in a secure fashion in a potentially unsecure environment. The method includes a target machine beginning a boot process. The method further includes the target machine determining that it needs provisioning data to continue booting. The target machine contacts a secure infrastructure to obtain the provisioning data. The target machine provides an identity claim that can be verified by the secure infrastructure. As a result of the secure infrastructure verifying the identity claim, the target machine receives a request from the secure infrastructure to establish a key sealed to the target machine. The target machine provides the established key to the secure infrastructure. The target machine receives the provisioning data from the secure infrastructure. The provisioning data is encrypted to the established key. The target machine decrypts the encrypted provisioning data, and uses the provisioning data to finish booting.
    Type: Grant
    Filed: November 9, 2016
    Date of Patent: January 15, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Mark Fishel Novak, Nir Ben-Zvi, John Anthony Messec, Kinshumann, Christopher McCarron
  • Patent number: 10181044
    Abstract: The present invention is a system for monitoring encrypted data and preventing the encrypted data from being decrypted in large quantities, the system comprising: an access control unit which stores information of a decryption; a crypto-unit which receives the information of the decryption from the access control unit and decrypts the encrypted data; a counter which counts the number of the process of the decryption processed by the crypto-unit; an event logger which stores the number of the process of the decryption counted by the counter; and a monitoring server which receives the information of the number of the decryption and displays it.
    Type: Grant
    Filed: July 3, 2014
    Date of Patent: January 15, 2019
    Assignee: Eglobal Systems Co., Ltd.
    Inventors: Dae Won Mun, Yu Ho Kim, Don Seob Cho
  • Patent number: 10178123
    Abstract: For improving the protection of a network against denial of service attacks and other hostile attacks, while keeping the operation of the network simple and efficient and considering restricted capacities of single network nodes, a control unit, a system and a method for operating a network with a plurality of nodes are provided, wherein at least one operation parameter of at least one node is adjusted based on a current network phase and a data packet received by the node (10) is processed based on the operation parameter.
    Type: Grant
    Filed: June 7, 2012
    Date of Patent: January 8, 2019
    Assignee: PHILIPS LIGHTING HOLDING B.V.
    Inventors: Oscar Garcia Morchon, Daniel Martin Görgen, Tim Corneel Wilhelmus Schenk, Javier Espina Perez, Marc Aoun
  • Patent number: 10178079
    Abstract: Exemplary embodiments provide various techniques for managing groups of authenticated entities. In one exemplary computer-implemented method, an entity accesses a group roster that includes a first group identifier identifying a first group, a first group digital certificate associated with the first group, and a first entity identifier identifying the entity being a member of the first group. The entity also receives a request to update the group roster. Here, the request includes a second group identifier identifying a second group and a second group digital certificate associated with the second group. In response to the request, the entity replaces the first group identifier in the group roster with the second group identifier. Additionally, in response to the request, the entity replaces the first group digital certificate with the second group digital certificate. The replacements change a membership of the entity from the first group to the second group.
    Type: Grant
    Filed: November 28, 2016
    Date of Patent: January 8, 2019
    Assignee: NetApp Inc.
    Inventors: Craig Fulmer Everhart, Steven Ewing
  • Patent number: 10164951
    Abstract: A method includes performing by at least one host entity implemented in a network, receiving an encryption key generated by a key server and a key identifier associated with said encryption key, generating a header comprising an information identifier associated with an information to be protected, the device identifier corresponding to the key server and the key identifier associated with the encryption key, encrypting said information using said encryption key and associating the header with the encrypted information, transmitting said encrypted information and the associated header to a receiving entity and transmitting an authorization information, said key identifier, and said header to the key server. Further, in response to determination that the receiving entity is authorized to access the encrypted information, the receiving entity decrypts the encrypted information using decryption key received from the key server.
    Type: Grant
    Filed: April 24, 2018
    Date of Patent: December 25, 2018
    Assignee: SKYI Technology Limited
    Inventors: Kenneth Keung Yum Yu, Chan Yiu Ng
  • Patent number: 10159098
    Abstract: In an example, the mobile device may be configured to determine whether to authorize a request for the vehicle head unit to utilize a resource of the mobile device. The mobile device may be configured to utilize a proxy of the mobile device to establish a connection with a destination in response to determining to authorize the request.
    Type: Grant
    Filed: June 14, 2017
    Date of Patent: December 18, 2018
    Assignee: Airbiquity Inc.
    Inventors: Mike O'Meara, Sagar Pawar, Leon Hong
  • Patent number: 10154018
    Abstract: A method for facilitating network joining is disclosed, wherein, while a communication session is active between a network gateway and an NFC device comprised in or connected to a networkable device, the following steps are performed: the network gateway obtains a first cryptographic key associated with the networkable device; the network gateway encrypts, using said first cryptographic key, a network key associated with a network; the network gateway provides the encrypted network key to the networkable device, such that the networkable device may decrypt the encrypted network key using a second cryptographic key. Furthermore, a corresponding computer program product and a corresponding system for facilitating network joining are disclosed.
    Type: Grant
    Filed: February 18, 2016
    Date of Patent: December 11, 2018
    Assignee: NXP B.V.
    Inventors: Ewout Brandsma, Elisabeth Eichhorn, Piotr Polak, Ruud Hendricksen
  • Patent number: 10148424
    Abstract: Aspects of the disclosure provide a technological improvement to a cipher by improving data security of format-preserving encryption (FPE), by, inter alia, embedding specific key identifiers for rotating keys directly into ciphertext. Aspects of the disclosure relate to methods, computer-readable media, and apparatuses for improving data security in a format-preserving encryption (FPE) context by using specific methods of rotating and identifying the appropriate encryption key from among numerous rotating keys stored in a key data store. Specific to FPE, a plaintext of the data and its corresponding ciphertext of the data remain the same in length/size; yet the methods, computer-readable media, and/or apparatuses disclosed herein permit embedding of an identification of a specific key among the plurality of rotating keys for the particular ciphertext without compromising the technical requirements of FPE.
    Type: Grant
    Filed: September 26, 2016
    Date of Patent: December 4, 2018
    Assignee: Bank of America Corporation
    Inventors: Shankar Ramasubramanian Iyer, Navanith R. Keerthi
  • Patent number: 10142107
    Abstract: Binding a security token to a client token binder, such as a trusted platform module, is provided. A bound security token can only be used on the client on which it was obtained. A secret binding key (kbind) is established between the client and an STS. The client derives a key (kmac) from kbind, signs a security token request with kmac, and instructs the STS to bind the requested security token to kbind. The STS validates the request by deriving kmac using a client-provided nonce and kbind to MAC the message and compare the MAC values. If the request is validated, the STS generates a response comprising the requested security token, derives two keys from kbind: one to sign the response and one to encrypt the response, and sends the response to the client. Only a device comprising kbind is enabled to use the bound security token, providing increased security.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: November 27, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Adrian Frei, Tarek B. Kamel, Guruprasad B. Aphale, Sankara Narayanan Venkataraman, Xiaohong Su, Yordan Rouskov, Vijay G. Bharadwaj
  • Patent number: 10135767
    Abstract: An access-control device that controls access to encrypted messages. During operation, the access-control device can receive an access key for a corrupted message, and can receive a cover message digest associated with the corrupted message. The access-control device stores the access key in association with the cover message digest, and stores the cover message digest in a block chain. A respective block of the block chain includes at least one cover message digest, and a hash value of a previous block of the block chain.
    Type: Grant
    Filed: September 6, 2017
    Date of Patent: November 20, 2018
    Assignee: Private Giant
    Inventors: Shaun Murphy, Charles Murphy, Richard Johnson
  • Patent number: 10129221
    Abstract: A transport facilitation system can manage a transportation arrangement service that links requesting users with available drivers throughout a given region. In doing so, the transport facilitation system can receive pick-up requests from users and transmit invitations to drivers to service those requests. For each ride, the transport facilitation system can initiate one or more recording mechanisms to record content within a passenger interior of the vehicle as the driver transports the requesting user from a pick-up location to a destination location. After the vehicle arrives at the destination location, the transport facilitation system can dual encrypt the content utilizing a first public key associated with the driver and a second public key associated with the requesting user, and store the dually encrypted content in a storage device. Decryption can require a pair of private keys associated with the rider and the driver.
    Type: Grant
    Filed: July 5, 2016
    Date of Patent: November 13, 2018
    Assignee: Uber Technologies, Inc.
    Inventor: Brian McClendon
  • Patent number: 10127317
    Abstract: Methods, systems, and computer program for implementing a private cloud are provided. A computer-implemented method may include registering a private cloud in a central registry; retrieving private cloud registration data from the central registry; sharing the private cloud registration data with other users; and allowing other users to connect to the private cloud using the shared private cloud registration data.
    Type: Grant
    Filed: September 18, 2014
    Date of Patent: November 13, 2018
    Assignee: RED HAT, INC.
    Inventors: Martin Ve{hacek over (c)}e{hacek over (r)}a, Jiri Pechanec
  • Patent number: 10115147
    Abstract: It is an object of the present invention to enhance convenience and service qualities in an information distribution system. In a server serving as an information distribution apparatus and an information communication terminal, contents are managed by using content identifiers (content IDs) managed as IDs conforming to a rule of uniformity. Particularly, in the information communication terminal, a content ripped from a recording medium such as a CD and stored in storage means such as an HDD is also managed by using a content identifier acquired from the information distribution apparatus. In this way, contents stored in the storage means can be managed by using content IDs each managed as an ID common to the information communication terminal and the information distribution apparatus.
    Type: Grant
    Filed: September 6, 2017
    Date of Patent: October 30, 2018
    Assignee: SONY CORPORATION
    Inventors: Izuru Tanaka, Hiraku Inoue
  • Patent number: 10095859
    Abstract: The present invention prevents a maintenance tool for carrying out maintenance work of an electronic control unit (ECU) from being abused by a third person. In an authentication system according to the present invention, an authentication apparatus authenticates an operator of an operation terminal (equivalent to the maintenance tool), and the operation terminal forwards an authentication code generated by the authentication apparatus to the ECU. By using the authentication code, the ECU determines whether or not to permit the operation terminal to carry out a maintenance operation.
    Type: Grant
    Filed: January 23, 2015
    Date of Patent: October 9, 2018
    Assignee: Hitachi Automotive Systems, Ltd.
    Inventor: Junji Miyake
  • Patent number: 10091001
    Abstract: Approaches described herein allow a stateless device to recover at least one private key. In particular, a stateless device can provide service-account credentials to a directory service to establish a first session and acquire a certificate and private key using information associated with the stateless device. The stateless device can store its private key before the first session ends. A stateless device can then provide user-account credentials to the directory service to establish a second session. After the second session begins, a private key can be acquired by the stateless device.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: October 2, 2018
    Assignee: Citrix Systems, Inc.
    Inventor: Christopher Morgan Mayers
  • Patent number: 10084888
    Abstract: A method provides a web service. The method includes obtaining authentication information of at least one web server from the at least one web server to establish a session in advance and storing the authentication information in a database; searching the database for authentication information of a particular web server, upon reception of a request from a client for access to the particular web server; and performing web server access acceleration if the particular web server exists.
    Type: Grant
    Filed: October 25, 2013
    Date of Patent: September 25, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Ji-Cheol Lee
  • Patent number: 10075295
    Abstract: Information, such as a cryptographic key, is used repeatedly in the performance of operations, such as certain cryptographic operations. To prevent repeated use of the information from enabling security breaches, the information is rotated (replaced with other information). To avoid the resource costs of maintaining a counter on the number of operations performed, decisions of when to rotate the information are performed based at least in part on the output of stochastic processes.
    Type: Grant
    Filed: March 3, 2016
    Date of Patent: September 11, 2018
    Assignee: Amazon Technologies, Inc.
    Inventor: Gregory Branchek Roth
  • Patent number: 10069629
    Abstract: Disclosed are various examples of systems and methods for transferring data between applications executing in sandboxed environments. An application executing on a computing device in a sandbox provided by an operating system is identified. A key-value pair is retrieved from an access-restricted data store provided by the operating system, wherein the key-value pair comprises a timestamp and an application identifier. The application identifier is compared with the application. Data is sent to the application based at least in part on the application identifier matching an identification of the application and the timestamp specifying a point in time within a predetermined period of time.
    Type: Grant
    Filed: August 18, 2015
    Date of Patent: September 4, 2018
    Assignee: AIRWATCH LLC
    Inventors: Vijaykumar Bhat, Ramani Panchapakesan, Ilanchezhian Kuppusamy, Gangadhar Nittala
  • Patent number: 10050794
    Abstract: The present invention relates to a method (500) performed at an IP network node for IPSec establishment with other IP network nodes in a network. The method comprises collecting (S1) information about the other IP network nodes in the network using a dynamic routing protocol, the information comprising an IP address associated with the respective other IP network node, and establishing (S2) an IPSec relationship with a predetermined set of the other IP network nodes in the network based on the collected information and based on Internet Key Exchange (IKE) using a certification protocol and the identity of the IP network node, wherein the identity of the IP network node is determined by a pre-stored node certificate.
    Type: Grant
    Filed: September 30, 2013
    Date of Patent: August 14, 2018
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventor: Jonas Tevemark
  • Patent number: 10050979
    Abstract: The validity/invalidity of a credit card, an IC card storing electronic money, or the like is appropriately determined based on a blacklist. A terminal device includes a list storage means and an invalidity recording means. The list storage means stores an identifier, validity information indicating validity or invalidity, and a blacklist that relates the identifier to an invalidity count specification value for a recording medium storing a set value. The invalidity recording means reads from the blacklist, the invalidity count specification value related to the identifier read from the recording medium, and compares the invalidity count specification value with the set value read from the recording medium. The invalidity recording means executes predetermined processing based on the validity information for the recording medium when the set value is equal to the invalidity count specification value.
    Type: Grant
    Filed: June 17, 2014
    Date of Patent: August 14, 2018
    Assignee: NEC CORPORATION
    Inventors: Saburo Shiota, Yuichi Koike
  • Patent number: 9998477
    Abstract: Access to a linked resource may be protected using a time-based transformation of links to the resource. A linked resource may be transmitted to a browser in a markup language page. Information indicative of a time-based transformation of a link may be transmitted to the browser in the markup language page, or separately from the markup language page. The time-based transformation may be applied to the transmitted link. The transformed link may be requested, and compared to a version of the link that has been transformed, using the time-based transformation with respect to the time the request is received.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: June 12, 2018
    Inventor: Nicholas Kaiho
  • Patent number: 9979541
    Abstract: According to one embodiment, a content key is split into split content keys and separately stored in a plurality of regions in a protected region of a memory device. Then, a common key is generated between the host device and the memory device, and encryption keys are cut out from the common key. When the split content keys are read from the memory device and transmitted to the host device, the split content keys are encrypted with the encryption keys and then decrypted with the encryption keys on the host device side. Subsequently, the split content keys decrypted with the encryption keys on the host side are combined with each other, and the original content key is thereby obtained. Finally, the content is decrypted with the content key.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: May 22, 2018
    Assignee: KABUSHIKI KAISHA TOSHIBA
    Inventor: Ken Matsushita
  • Patent number: 9979703
    Abstract: There is disclosed a method of providing a software update to a secure element comprised in a host device, comprising converting the software update into a sequence of ciphertext blocks using a chained encryption scheme, and transmitting said sequence of ciphertext blocks to the host device. Furthermore, there is disclosed a method of installing a software update on a secure element comprised in a host device, comprising receiving, by the host device, a sequence of ciphertext blocks generated by a method of providing a software update of the kind set forth, converting said sequence of ciphertext blocks into the software update, and installing the software update on the secure element. Furthermore, corresponding computer program products and a corresponding host device are disclosed.
    Type: Grant
    Filed: December 12, 2014
    Date of Patent: May 22, 2018
    Assignee: NXP B.V.
    Inventors: Dimitri Warnez, Thierry Gouraud, Rafael Jan Josef Meeusen, Andreas Lessiak, Frank Siedel, Ernst Haselsteiner, Bruce Murray
  • Patent number: 9979709
    Abstract: A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.
    Type: Grant
    Filed: September 9, 2015
    Date of Patent: May 22, 2018
    Assignee: Apple Inc.
    Inventors: David S. Abdallah, Barry W. Johnson
  • Patent number: 9973481
    Abstract: The present document describes systems and methods that, in some situations, improve data security. In one embodiment, communications between a client and a server are encrypted using an envelope-based encryption scheme. The envelope includes: a data encryption key reference; and data encrypted with a corresponding data encryption key. A data encryption key server maintains a collection of data encryption keys that are accessible using corresponding data encryption key references. In another embodiment, a storage server maintains stored data using the envelope-based encryption scheme. The stored data is made available to particular clients in encrypted or plaintext form based at least in part on a trust score determined for each client's request. In yet another embodiment, as a result of a secure transport handshake, a client is provided with a pluggable cipher suite.
    Type: Grant
    Filed: June 16, 2015
    Date of Patent: May 15, 2018
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 9961030
    Abstract: A messaging and content sharing platform that allows for sender-controlled permissions and rules. During operation, a sending device can receive user input to set permissions and rules for an object to be sent to a receiving device. The permissions and rules control how the object will be managed after leaving the sending device. A receiving device receives the object and complies with the permissions and rules associated with the object. Other features of the platform include a hierarchical view for group messaging, an attachment-only view of messages, large file attachments, and the ability to allow users to access external services such as social networking websites without logging in.
    Type: Grant
    Filed: October 2, 2015
    Date of Patent: May 1, 2018
    Assignee: PRIVATE GIANT
    Inventors: Shaun Murphy, Charles Murphy, Richard Johnson
  • Patent number: 9948624
    Abstract: Disclosed is a key downloading method. The method comprises: sending a hardware series number (SN) and a first random number (Rnd1) to a key server; receiving a second random number (Rnd2), a first encrypted text (C1) and a key server working certificate (KSWCRT) sent by the key server; authenticating the validity of KSWCRT by using a KSRCRT; if valid, extracting a public key (PuKS) from the KSWCRT, and decrypting the first encrypted text (C1) by using the PuKS to obtain a third random number (Rnd1?); determining whether Rnd1 is consistent with Rnd1?; if consistent, encrypting the second random number (Rnd2) by using a terminal authentication public key (TKP_Pu) to generate a third encrypted text (C2?), and sending the C2? to the key server; receiving an key encrypted text (Ctmk) sent by the key server; and obtain a master key (TMK), and storing the TMK in a security control module.
    Type: Grant
    Filed: January 23, 2014
    Date of Patent: April 17, 2018
    Assignee: FUJIAN LANDI COMMERCIAL EQUIPMENT CO., LTD
    Inventors: Wenlong Su, Luqiang Meng, Yixuan Hong
  • Patent number: 9948621
    Abstract: Various embodiments include a method for managing a group of devices in communication with each other and sharing a set of keys. The method may include opening a secure channel with each of two devices from the group; providing the set of keys to the two devices from the group, wherein the set of keys include an encryption and an authentication key; indicating to the two devices to begin using the set of keys; and performing an audit process including verifying that nodes within a key group have the same copy of encryption and authentication keys. Embodiments of the method may include synchronization, active/standby redundancy and the ability to manage the network when some nodes perform the data encryption and some node do not, do, or when both encrypted and non-encrypted tunnels and services can work together.
    Type: Grant
    Filed: May 20, 2015
    Date of Patent: April 17, 2018
    Assignee: Alcatel Lucent
    Inventors: Mohammad Reza Rokui, Rajesh Kumar Paida, Carl Rajsic
  • Patent number: 9942750
    Abstract: Disclosed is an apparatus, system, and method to decrypt an encrypted account credential at a second device that is received from a first device. The second device may receive a first share of a master key and the encrypted account credential from the first device. The second device may reconstruct the master key with the first share of the master key and a second share of the master key stored at the second device. The second device may decrypt the encrypted account credential with the reconstructed master key. Based upon the decrypted account credential, the second device may be enabled to access an account based upon the decrypted account credential.
    Type: Grant
    Filed: January 23, 2013
    Date of Patent: April 10, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Cameron A. McDonald, Matthew C. Duggan, Craig M. Brown
  • Patent number: 9934849
    Abstract: A system for asymmetrically selecting a memory element is described. The system includes a number of memory cells in a crossbar array. Each memory cell includes a memory element to store information. The memory element is defined as an intersection between a column electrode and a row electrode of the crossbar array. Each memory cell also includes a selector to select a target memory element by relaying a first selecting voltage to a column electrode that corresponds to the target memory element and relaying a second selecting voltage to a row electrode that corresponds to the target memory element. The system also includes a controller to pass a first standing voltage to column electrodes of the crossbar array and to pass a second standing voltage to row electrodes of the crossbar array. The first standing voltage is different than the second standing voltage.
    Type: Grant
    Filed: July 25, 2014
    Date of Patent: April 3, 2018
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Kyung Min Kim, Jianhua Yang, Zhiyong Li
  • Patent number: 9924357
    Abstract: A method for providing mobile communication provider information and a device for performing the same are disclosed. A terminal having an eUICC receives data, in which mobile communication provider information is capsulized and included, and stores the received data in the eUICC. Therefore, the mobile communication provider information can be transferred by applying the highest security scheme, and duplication of the eUICC due to the exposure of an authentication key by external hacking attacks can be prevented.
    Type: Grant
    Filed: May 23, 2013
    Date of Patent: March 20, 2018
    Assignee: KT Corporation
    Inventors: Hyung Jin Lee, Kwan Lae Kim, Joo Young Kim, Chul Hyun Park, Jin Hyoung Lee, Youn Pil Jeung
  • Patent number: 9916206
    Abstract: In connection with a data distribution architecture, client-side “deduplication” techniques may be utilized for data transfers occurring among various file system nodes. In some examples, these deduplication techniques involve fingerprinting file system elements that are being shared and transferred, and dividing each file into separate units referred to as “blocks” or “chunks.” These separate units may be used for independently rebuilding a file from local and remote collections, storage locations, or sources. The deduplication techniques may be applied to data transfers to prevent unnecessary data transfers, and to reduce the amount of bandwidth, processing power, and memory used to synchronize and transfer data among the file system nodes. The described deduplication concepts may also be applied for purposes of efficient file replication, data transfers, and file system events occurring within and among networks and file system nodes.
    Type: Grant
    Filed: December 31, 2014
    Date of Patent: March 13, 2018
    Assignee: Code 42 Software, Inc.
    Inventors: Matthew Dornquast, Brian Bispala, Damon Allison, Brad Armstrong, Marshall Scorcio, Rory Lonergan, Peter Lindquist, Christopher Parker