Symmetric Key Cryptography Patents (Class 380/259)
  • Patent number: 10721074
    Abstract: Methods and apparatus to authenticate and differentiate virtually identical resources using session chaining are disclosed. In response to a session request from at least one of a management device or a resource, example methods and apparatus locate a session chain stack associated with an identifier of the at least one of the management device or the resource, and determine whether a first nonce at a top of the session chain stack associated with the identifier of the at least one of the management device or the resource is equal to a second nonce associated with the session request from the at least one of the management device or the resource.
    Type: Grant
    Filed: February 11, 2019
    Date of Patent: July 21, 2020
    Assignee: VMware, Inc.
    Inventor: Gregory A. Frascadore
  • Patent number: 10708248
    Abstract: A method of controlling a vehicle that includes a plurality of electronic control units (ECUs), the method including: allocating an order in which at least one ECU among the plurality of ECUs is to be assigned an encryption key, based on a data rate of each ECU; receiving, by the at least one ECU, at least one encryption key that is assigned to the at least one ECU according to the allocated order; and performing, by the at least one ECU and using the assigned at least one encryption key, (i) encryption of data to be transmitted through a Controller Area Network (CAN) communication bus, or (ii) decryption of data that is transmitted through the CAN communication bus.
    Type: Grant
    Filed: February 4, 2019
    Date of Patent: July 7, 2020
    Assignee: LG Electronics Inc.
    Inventors: Cheolseung Kim, Seongsoo Kim, Byeongrim Jo
  • Patent number: 10700701
    Abstract: A method of compression is disclosed in which an input sequence of bits is divided into a plurality of portions. Each portion is sub-divided into a plurality of sub-divisions. Frequency analysis is performed to determine the number of occurrences of each sub-division permutation and new values are assigned, based on the frequency analysis, to each of the sub-division permutations. For each portion a label representing the permutation of bits in that portion is assigned. The label comprises a representation of a combined value resulting from combining the new values associated with the sub-division permutations of that portion. A processed sequence of bits is generated by replacing, within the input sequence of bits, bit portions with the respective label representing the permutation of bits in that portion.
    Type: Grant
    Filed: June 24, 2019
    Date of Patent: June 30, 2020
    Assignee: SISP Technologies Ltd.
    Inventors: Stuart Marlow, Nicholas Stavrinou
  • Patent number: 10700874
    Abstract: System and method for providing secure machine to machine, M2M, communications comprising a device management, DM, server configured to obtain credentials of one or more M2M devices and provision the one or more M2M devices with credentials of a virtual private network, VPN. An application programming interface, API. A VPN server comprising a first communications interface configured to communicate API requests and API responses with the API. A second communications interface configured to provide a VPN for the one or more M2M devices. Logic configured to issue an API request, wherein the request includes the credentials of the VPN. Receive an API response from the DM server including an indication of the one or more M2M devices provisioned with the credentials of the VPN. Initiate a VPN over the second interface between the one or more M2M devices and the VPN server.
    Type: Grant
    Filed: July 12, 2016
    Date of Patent: June 30, 2020
    Assignee: VODAFONE IP LICENSING LIMITED
    Inventors: Nicholas Bone, Tim Snape
  • Patent number: 10701039
    Abstract: Various embodiments are generally directed to the providing for mutual authentication and secure distributed processing of multi-party data. In particular, an experiment may be submitted to include the distributed processing of private data owned by multiple distrustful entities. Private data providers may authorize the experiment and securely transfer the private data for processing by trusted computing nodes in a pool of trusted computing nodes.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: June 30, 2020
    Assignee: INTEL CORPORATION
    Inventors: Vinay Phegade, Huaiyu Liu, Jesse Walker
  • Patent number: 10685141
    Abstract: The invention relates to a method for storing data blocks from client devices to a cloud storage system, the method includes the steps of: d) storing an encrypted first data block and a challenge of the first data block of a first client device on the cloud storage system, e) determining if a hash of a second data block of a second client device stored on the cloud storage system equals the hash of the first data block, f) if yes, transmitting the challenge of the first data block from the cloud storage system to the second client device, g) extracting, at the second client device, the bits at the positions or at the range contained in the challenge, hashing the extracted bits, encrypting the hashed bits with a public key of the first client device or of the second client device and uploading the encrypted bits from the second client device to the cloud storage system, and h) storing the encrypted bits from the second client device on the cloud storage system.
    Type: Grant
    Filed: February 4, 2019
    Date of Patent: June 16, 2020
    Assignee: ABB Scheiz AG
    Inventors: Johannes Schneider, Matus Harvan, Sebastian Obermeier, Thomas Locher, Yvonne-Anne Pignolet
  • Patent number: 10637838
    Abstract: Systems and methods for secure communications between mobile applications installed on a user's mobile device. In some embodiments, a first application installed on a user's mobile device generates a key and transmits the key and a message to a server, where the message is to be communicated to a second application. According to disclosed embodiments, there is no limit on the size or a type of data included in the message. The server receives the message and the key from the first application. The first application shares the key with the second application which is then transmitted to the server for authenticating the second application. Upon authenticating the second application, the server transmits the message to the second application. In some embodiments, the applications and/or the server exchanges data with goods/services providers associated with the applications.
    Type: Grant
    Filed: July 1, 2016
    Date of Patent: April 28, 2020
    Assignee: moovel North America, LLC
    Inventors: Pedro Larios, Celite Milbrandt
  • Patent number: 10630642
    Abstract: The present disclosure relates to network security software cooperatively configured on plural nodes to authenticate and authorize devices, applications, users, and data protocol in network communications by exchanging nonpublic identification codes, application identifiers, and data type identifiers via pre-established communication pathways and comparing against pre-established values to provide authorized communication and prevent compromised nodes from spreading malware to other nodes.
    Type: Grant
    Filed: October 5, 2018
    Date of Patent: April 21, 2020
    Assignee: Stealthpath, Inc.
    Inventors: Mike Clark, Andrew Gordon, Matt Clark
  • Patent number: 10618775
    Abstract: A method is disclosed of retrofitting an elevator machine with primary and secondary braking, the machine being disposed on a machine support frame in an elevator machine room, and engaging one or more ropes for providing selective movement of an elevator car disposed in an elevator shaft, the machine having a drive sheave including a cylindrical brake drum, and brake components including dual brake arms; the method including: removing the brake components; affixing flanged disc segments about the drum and interlocking the flanged disc segments to form a brake rotor; and mounting respective brake calipers to frame mounts for providing primary and secondary braking to the elevator machine.
    Type: Grant
    Filed: November 18, 2016
    Date of Patent: April 14, 2020
    Assignee: OTIS ELEVATOR COMPANY
    Inventors: Daniel B. Davis, III, Robert K. Williams, John Eschenbrenner, Gregory M. O'Seep, James L. Hubbard, Martin J. Hardesty, Bruce P. Swaybill, Jesse R. Richter, Gary P. Mendrala, Patricia Derwinski, Christopher H. Koenig
  • Patent number: 10616586
    Abstract: A method is provided for encoding at least one image cut into blocks. The method implements, for a current block to be encoded, the acts of: predicting the current block with the aid of at least one predictor block, determining a residual data block representative of the difference between the predictor block and the current block, selecting, according to a predetermined criterion, a pair of mathematical operations including a permutation operation and a transformation operation from among a plurality of permutation operations, and a plurality of transformation operations, applying the permutation operation of said selected pair to the data of the determined residual block, applying the transformation operation of said selected pair to the permuted data, and encoding the data from said applied transformation operation.
    Type: Grant
    Filed: November 27, 2014
    Date of Patent: April 7, 2020
    Assignee: ORANGE
    Inventors: Pierrick Philippe, Hendrik Vorwerk
  • Patent number: 10581850
    Abstract: A method includes transmitting, by a user device, an encrypted user profile to a locking device, the encrypted user profile including a user key and encrypted by a server using a lock key; decrypting, by the locking device, the encrypted user profile using the lock key to generate a decrypted user profile and obtain the user key from the decrypted user profile; generating, by the user device, an encrypted firmware update command, the encrypted firmware update command encrypted using the user key of the user profile; transmitting, by the user device, the encrypted firmware update command to the locking device; decrypting, by the locking device, the encrypted firmware update command using the user key to generate a decrypted firmware update command; and installing, by the locking device, a firmware update in accordance with the decrypted firmware update command in response to successfully decrypting the encrypted firmware update command.
    Type: Grant
    Filed: February 12, 2018
    Date of Patent: March 3, 2020
    Assignee: Master Lock Company LLC
    Inventor: Nathan Conrad
  • Patent number: 10572317
    Abstract: The present technology pertains to responding to a kernel level file event for a content item and presenting a file event window associated with the content item. A client device can detect the kernel level file event for the content item. This can be accomplished using a kernel extension on a client device that is networked with a content management system. The client device can then retrieve data associated with the content item, including an instruction for the content item. The client device can then perform the instruction. This instruction can be to retrieve collaboration data from the content management system and present the collaboration data in a file event window.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: February 25, 2020
    Assignee: Dropbox, Inc.
    Inventors: Marcio von Muhlen, Vinod Valloppillil, Nils Bunger
  • Patent number: 10574637
    Abstract: A terminal pairing method and a pairing terminal includes acquiring, when a terminal detects a preset pairing trigger event, a pairing hidden value that is of the terminal and that is associated with the preset pairing trigger event; and implementing, by the terminal, pairing with the peer end by using the pairing hidden value of the terminal. Compared with some approaches, in the present disclosure, pairing can be accurately implemented without using an NFC interface, which reduces costs of terminal pairing.
    Type: Grant
    Filed: May 14, 2014
    Date of Patent: February 25, 2020
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Zhiming Ding, Su Lu, Ping Fang, Xiaoxian Li, Ji Chen
  • Patent number: 10572930
    Abstract: A method for providing purchased content is provided. Management data including the identification data of the purchased content data stored in the information processing apparatus is received. Backup data of a user identification associated with the information processing apparatus is updated based on the management data. A request with the user identification associated with the information processing apparatus is received. A determination is made as to whether the request is authorized based on an authentication process. A list of identification data of content data identified in the backup data is provided to the information processing apparatus in response to a determination that the request is authorized. Further, the purchased content data without the fee is provided to the information processing apparatus based on a user selection of the identification data of the purchased content data from the list of the identification data of the content data.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: February 25, 2020
    Assignee: Sony Corporation
    Inventors: Izuru Tanaka, Hiraku Inoue
  • Patent number: 10554402
    Abstract: An email request is received from a client device, where the email request is intended for an email server and includes a request for an email recipient's certificate. The compliance status of the client device is obtained. If the client device is in compliance, the email request is modified, and the modified email request is sent to the email server while a certificate retrieval request in the email request is redirected to a certificate repository implemented in a server separate from a certificate repository maintained by the email server. The email certificate is retrieved from the certificate repository and combined with information received from the email server to generate a response, which is sent to the client device.
    Type: Grant
    Filed: November 21, 2018
    Date of Patent: February 4, 2020
    Assignee: AirWatch, LLC
    Inventors: Christopher Henretty, William Pinner, Emil Novakov, Anand Patel, David Shaw, Marshall Brown
  • Patent number: 10554640
    Abstract: According to a first aspect of the present disclosure, a method for facilitating secure communication in a network is conceived, comprising: encrypting, by a source node in the network, a cryptographic key using a device key as an encryption key, wherein said device key is based on a device identifier that identifies a destination node in the network; transmitting, by said source node, the encrypted cryptographic key to the destination node. According to a second aspect of the present disclosure, a corresponding non-transitory, tangible computer program product is provided. According to a third aspect of the present disclosure, a corresponding system for facilitating secure communication in a network is provided.
    Type: Grant
    Filed: June 13, 2016
    Date of Patent: February 4, 2020
    Assignee: NXP B.V.
    Inventors: Jurgen Geerlings, Ghiath Al-Kadi, Piotr Polak
  • Patent number: 10535091
    Abstract: In a server serving as an information distribution apparatus and an information communication terminal, contents are managed by using content identifiers (content IDs) managed as IDs conforming to a rule of uniformity. Particularly, in the information communication terminal, a content ripped from a recording medium and stored in storage means is also managed by using a content identifier acquired from the information distribution apparatus. In this way, contents stored in the storage means can be managed by using content IDs each managed as an ID common to the information communication terminal and the information distribution apparatus. In communication between the information communication terminal and the information distribution apparatus, a content identifier conforming to a rule of uniformity identifies a content to which the content identifier is assigned so that the terminal is capable of downloading the content as well as acquiring additional information relevant to the content from the apparatus.
    Type: Grant
    Filed: September 21, 2018
    Date of Patent: January 14, 2020
    Assignee: Sony Corporation
    Inventors: Izuru Tanaka, Hiraku Inoue
  • Patent number: 10511582
    Abstract: Methods and systems for simplified encryption key generation in optical networks use a Transport Layer Security (TLS) protocol to securely generate an encryption key at both endpoints of an optical path provisioned in an optical transport network. Instead of generating yet another key for payload data transmission, the encryption key from TLS is used for encrypting payload data transmission without using the TLS protocol.
    Type: Grant
    Filed: April 7, 2017
    Date of Patent: December 17, 2019
    Assignee: FUJITSU LIMITED
    Inventors: Muhammad Sakhi Sarwar, Abirami Sathyamoorthy, Swati Mittal
  • Patent number: 10491571
    Abstract: A computing system can initiate one or more recording mechanisms to record content within a passenger interior of the vehicle as a driver transports a rider. After the vehicle arrives at a drop-off location, the computing system can dual encrypt the content utilizing a first public key associated with the driver and a second public key associated with the requesting user and store the dually encrypted content in a storage device. Decryption can require a pair of private keys associated with the rider and the driver.
    Type: Grant
    Filed: September 12, 2018
    Date of Patent: November 26, 2019
    Assignee: Uber Technologies, Inc.
    Inventor: Brian McClendon
  • Patent number: 10482291
    Abstract: Method and systems using stateful encryption for non-bypassable FPGA configuration including receiving, at an FPGA, FPGA-configuration data comprising a cryptographic state to initialize a cryptographic state of the FPGA, and decrypting, at the FPGA, the FPGA-configuration data, wherein decrypting the FPGA-configuration data yields at least a second cryptographic state and decrypted FPGA-configuration data. Embodiments can include receiving, at the FPGA, a challenge message, processing, at the FPGA, the challenge message to yield at least a third cryptographic state and a response, and transmitting the response from the FPGA.
    Type: Grant
    Filed: January 17, 2018
    Date of Patent: November 19, 2019
    Assignee: Raytheon Company
    Inventor: Thomas R. Woodall
  • Patent number: 10484177
    Abstract: A system for a time-based one-time password security system operating at a provisioning server may comprise transmitting one or more first locally generated random-string numbers for generation of a first time-based one-time password to a remotely connected internet of things sensor and a remotely connected internet of things sensor hub. The system may also comprise executing code instructions to associate the internet of things sensor with a first client key in a table stored in a memory operatively connected to the processor, associate the internet of things sensor hub with a second client key in the table, and associate the internet of things sensor and internet of things sensor hub with the one or more first locally generated random-string numbers in the table. Further the first remotely generated random-string numbers may identify a first preset function for generation of a first session key used in encrypting and decrypting sensor data records.
    Type: Grant
    Filed: July 10, 2017
    Date of Patent: November 19, 2019
    Assignee: Dell Products, LP
    Inventors: Daniel L. Hamlin, Minhaj Ahmed, Amy C. Nelson
  • Patent number: 10476912
    Abstract: Techniques described herein are directed toward creating, visualizing, and simulating a threat based whitelisting security policy and security zones for networks. The disclosed technology may be implemented by providing a graphical user interface (GUI) on a network orchestration and security platform that facilitates creation and visualization of security zones and security policies for networks.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: November 12, 2019
    Assignee: VERACITY SECURITY INTELLIGENCE, INC.
    Inventor: Roger Hill
  • Patent number: 10469247
    Abstract: A technique for generating a keystream (128) for ciphering or deciphering a data stream (122) is provided. As to a method aspect of the technique, a nonlinear feedback shift register, NLFSR (112), including n register stages implemented in a Galois configuration is operated. At least one register stage of the implemented n register stages is representable by at least one register stage of a linear feedback shift register, LFSR. A first subset of the implemented n register stages is representable by a second subset of a second NLFSR. A number of register stages receiving a nonlinear feedback in the second NLFSR is greater than one and less than a number of register stages receiving a nonlinear feedback in the implemented NLFSR. The keystream (128) is outputted from a nonlinear output function (118). An input of the nonlinear output function (118) is coupled to at least two of the implemented n register stages of the NLFSR (112).
    Type: Grant
    Filed: December 17, 2014
    Date of Patent: November 5, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Mats Näslund, Elena Dubrova, Martin Hell, Bernard Smeets
  • Patent number: 10439753
    Abstract: A host device communicates with a stylus device. A digitizer at the host device receives a scrambled stylus code frame transmitted from the stylus device. The scrambled stylus code frame includes a scrambled data field and an unscrambled data field. The scrambled data field has been scrambled by the stylus device using a pseudo-random sequence. A descrambler descrambles the at least one scrambled data field of the scrambled stylus code frame using the pseudo-random sequence to output at least one descrambled data field in a descrambled stylus code frame. The descrambled stylus code frame further includes the at least one unscrambled data field. A synchronizer synchronizes the at least one descrambled data field and the at least one unscrambled data field of the descrambled stylus code frame with a supported code pattern.
    Type: Grant
    Filed: May 25, 2017
    Date of Patent: October 8, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Benjamin Imanilov
  • Patent number: 10438005
    Abstract: A device, system, and method protects cryptographic keying material. The method is performed at an electronic device including a plurality of components housed in an enclosure. The method includes determining a tamper state of the enclosure, the tamper state being one of a secure state in which the enclosure has not been physically tampered or an unsecure state in which the enclosure has been physically tampered. When the tamper state is the secure state, the method includes associating a first value with the application. When the tamper state is the unsecure state, the method includes associating a second value with the application. The first value is configured to enable access to the data in the data storage unit. The second value prevents access to the data in the data storage unit.
    Type: Grant
    Filed: April 10, 2017
    Date of Patent: October 8, 2019
    Assignee: Wind River Systems, Inc.
    Inventor: Arlen Baker
  • Patent number: 10425226
    Abstract: An encryption processing device includes an encryption processing section that repeats a round operation on input data and generate output data, and a key scheduling section that outputs a round key to be applied in the round operation to the encryption processing section. The encryption processing section has an involution property in which a data conversion function E and an inverse function E?1 are executed sequentially, and executes the round operation in which a constant is applied once or more in only one of the function E and the inverse function E?1. The constant is a state that satisfies a condition that all of constituent elements of a state which is a result of a matrix operation with the linear conversion matrix which is applied in the linear conversion processing section at a position adjacent to the exclusive-OR section to which the constant is input are nonzero.
    Type: Grant
    Filed: February 24, 2015
    Date of Patent: September 24, 2019
    Assignee: SONY CORPORATION
    Inventors: Kyoji Shibutani, Takanori Isobe
  • Patent number: 10416986
    Abstract: In a computer-implemented method for automating application updates in a virtual computing environment, an update script and a digital signature for the update script are received, where the update script comprises an application update for updating an application installed on the virtual computing environment. The digital signature of the update script is validated using a public key of the virtual computing environment. Provided the digital signature of the update script is validated, the update script is executed to update the application.
    Type: Grant
    Filed: July 20, 2017
    Date of Patent: September 17, 2019
    Assignee: VMware, Inc.
    Inventors: Sudipto Mukhopadhyay, Muhammad Akbar
  • Patent number: 10397201
    Abstract: Sending encrypted data to a service provider includes exchanging an encryption key between an entity and a service provider without retaining the encryption key and while hiding an identity of said entity from the service provider and forwarding encrypted data based on the encryption key to the service provider from the entity while hiding the identity of the entity from the service provider.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: August 27, 2019
    Assignee: ENTIT SOFTWARE LLC
    Inventors: Joern Schimmelpfeng, Timo Schneller, Michael Bernd Beiter, Carsten Laengerer
  • Patent number: 10382200
    Abstract: Information, such as a cryptographic key, is used repeatedly in the performance of operations, such as certain cryptographic operations. To prevent repeated use of the information from enabling security breaches, the information is rotated (replaced with other information). To avoid the resource costs of maintaining a counter on the number of operations performed, decisions of when to rotate the information are performed based at least in part on the output of stochastic processes.
    Type: Grant
    Filed: September 10, 2018
    Date of Patent: August 13, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Gregory Branchek Roth
  • Patent number: 10366631
    Abstract: A ciphertext generation apparatus that can compare the magnitudes of encrypted numerical values and largely reduce the risk of information leakage while maintaining the confidentiality. This apparatus includes a derived key generator that generates a derived key based on a main key and a document, an auxiliary derived key generator that generates an auxiliary derived key based on the main key, the document, and the derived key, an identifier-specific ciphertext generator that generates, based on an identifier of the document, the derived key, and the auxiliary derived key, an identifier-specific ciphertext in which the identifier is encrypted, and a relative value ciphertext generator that generates, based on the identifier and the derived key, a relative value ciphertext. A character string including the identifier-specific ciphertext and the relative value ciphertext is generated as a ciphertext for the document.
    Type: Grant
    Filed: June 16, 2014
    Date of Patent: July 30, 2019
    Assignee: NEC Corporation
    Inventor: Jun Furukawa
  • Patent number: 10367792
    Abstract: Systems, methods, software and apparatus enable end-to-end encryption of group communications by implementing a pairwise encryption process between a pair of end user devices that are members of a communication group. One end user device in the pairwise encryption process shares a group key with the paired end user device by encrypting the group key using a message key established using the pairwise encryption process. The group key is shared among group members using the pairwise process. When a transmitting member of the group communicates with members, the transmitting member generates a stream key, encrypts stream data using the stream key, encrypts the stream key with the group key, then transmits the encrypted stream key and encrypted stream data to group members. The group key can be updated through the pairwise encryption process. A new stream key can be generated for each transmission of streaming data such as voice communications.
    Type: Grant
    Filed: February 21, 2017
    Date of Patent: July 30, 2019
    Assignee: Orion Labs
    Inventor: Greg Albrecht
  • Patent number: 10356057
    Abstract: Embodiments of the present invention use a limited-use public/private key pair to encrypt and decrypt messages sent through an intermediary. The messages may contain sensitive information and may be transmitted between entities over one or more networks. In some embodiments, the entities and/or the networks may be untrusted. Nevertheless, the content of the messages may remain protected by virtue of the limited-use key pair infrastructure.
    Type: Grant
    Filed: November 15, 2018
    Date of Patent: July 16, 2019
    Assignee: Visa International Service Association
    Inventors: Rhidian John, Bartlomiej Piotr Prokop, Thomas Looney
  • Patent number: 10341331
    Abstract: An information processing apparatus includes circuitry that retains firmware and performs processing based on the firmware, receives a command from an external device, and transmits a predetermined response to the external device as processing of the firmware in a case where the received command is a predetermined authentication command.
    Type: Grant
    Filed: May 6, 2016
    Date of Patent: July 2, 2019
    Assignee: BUFFALO INC.
    Inventors: Suguru Ishii, Tsukasa Ito
  • Patent number: 10341381
    Abstract: A technique includes performing a plurality of instances of retrieving components of a security key from a plurality of locations of an electronic device and constructing the security key from the components. The technique includes inhibiting electromagnetic field-based eavesdropping from being used to reveal the security key, where the inhibiting includes varying a protocol that is used to retrieve the components among the instances.
    Type: Grant
    Filed: April 29, 2015
    Date of Patent: July 2, 2019
    Assignee: ENTIT SOFTWARE LLC
    Inventors: John M. Lewis, Susan K. Langford
  • Patent number: 10341100
    Abstract: Examples of the present disclosure describe systems and methods for partially encrypting conversations using different cryptographic keys. Messages communicated during a conversation session may be encrypted using a cryptographic key. Other conversation participants may then decrypt the messages using the cryptographic key. During the conversation, an event may occur that causes a new cryptographic key to be generated. The conversation participants may then use the new cryptographic key when communicating. As such, previously-encrypted messages may be inaccessible to new members that do not have the old cryptographic key, while newly-encrypted messages may be inaccessible to former members that do not have the new cryptographic key. An isolated collection may store the messages and related cryptographic keys. Relationships may exist within the isolated collection, such that messages may be related to one another and messages may also be related to the cryptographic keys used to encrypt them.
    Type: Grant
    Filed: January 6, 2017
    Date of Patent: July 2, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Christopher L. Mullins, Robert Standefer, III
  • Patent number: 10313112
    Abstract: Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.
    Type: Grant
    Filed: December 28, 2015
    Date of Patent: June 4, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Nathan R. Fitch, Gregory B. Roth, Graeme D. Baer
  • Patent number: 10305684
    Abstract: A secure connection method for a network device includes: acquiring a public key operation value of a second device in an out-of-band manner; sending public key information of a first device to the second device; receiving public key information of the second device that is sent by the second device, and decrypting the public key information of the second device by using a private key of the first device, to obtain the public key of the second device; and performing a preset-algorithm operation on the public key of the second device to obtain a copy of the public key operation value of the second device, and after the copy of the public key operation value of the second device matches the public key operation value of the second device, accepting received connection information sent by the second device.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: May 28, 2019
    Assignee: Huawei Device Co., Ltd.
    Inventors: Gaokun Pang, Zhiming Ding, Xiaoxian Li, Su Lu
  • Patent number: 10305680
    Abstract: Systems, methods, and computer-readable media are disclosed for processing and message padding an input message as well as processing an extended output message (EOM) in a manner that ensures that the input message and the padded message are processed only a single time, thus avoiding generation of an incorrect message digest. In addition, in those scenarios in which multiple padded message blocks are generated, the disclosed systems, methods, and computer-readable media ensure that all of the padded message blocks are processed.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: May 28, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Louis P. Gomes
  • Patent number: 10305686
    Abstract: Secure data transfers between communication nodes is performed using a group encryption key supplied by a remote management system. A first node transmits a request for secure communications with a second node to the remote management system using a control channel. The remote management system generates and encrypts a group encryption key usable by the first and second nodes and forwards the encrypted group encryption key to the first and second nodes using one or more control channels. The first and second communication nodes decrypt the group encryption key and use it to encrypt data transmitted between the nodes using a data transport network. In some implementations the securely communicating nodes may use encryption keys and/or techniques that prevent the remote management system from eavesdropping on the nodes' communications.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: May 28, 2019
    Assignee: Orion Labs
    Inventors: Greg Albrecht, Andy Isaacson, Nelson Carpentier, Dan Phung, Schuyler Erle
  • Patent number: 10298394
    Abstract: The present invention relates to a method to authenticate two devices to establish a secure channel, one belonging to a first group of devices, the second belonging to a second group of devices, in a non-traceable manner without the need to share a secret, each group being authenticated by an authority that stores a group secret key into the devices under its authority. The method uses a set of authentication tokens, one for each of the other groups with which the device is intended to communicate, said authentication token comprising at least a random number and a cipher of at least this random number by the secret key of each of these other groups, said authentication tokens being further renewed at each communication with a device from another group.
    Type: Grant
    Filed: February 20, 2015
    Date of Patent: May 21, 2019
    Assignee: GEMALTO SA
    Inventor: Alain Rhelimi
  • Patent number: 10298387
    Abstract: A method includes detecting, at an interceptor device, a transmission of an encrypted media stream from a first device to a second device. The method also includes intercepting the encrypted media stream, during the transmission, for a simulcast operation associated with the encrypted media stream. The transmission of the encrypted media stream from the first device to the second device is substantially unaffected by the interception. The method further includes simulcasting a version of the encrypted media stream to at least a third device in response to intercepting the encrypted media stream.
    Type: Grant
    Filed: July 26, 2018
    Date of Patent: May 21, 2019
    Assignee: WOWZA MEDIA SYSTEMS, LLC
    Inventor: Charles F. Good
  • Patent number: 10289830
    Abstract: An interception-proof authentication and encryption system and method is provided that utilizes passcodes with individual pins that are made up of symbols from a set of symbols, and tokens that contain at least two symbols from the set of symbols used for the passcode. Multiple tokens (a “token set”) are presented to a user, with some or all of a user's pre-selected pins (symbols) randomly inserted into some or all of the tokens. The user selects a token from the token set for each pin position in the passcode. The user is authenticated based on the selected tokens. Because each selected token may or may not contain one of the pre-selected pins in the user's passcode, and also contains other randomly generated symbols that are not one of the pre-selected pins in the user's passcode, someone that observes which tokens the user has chosen cannot determine what the user's actual passcode is.
    Type: Grant
    Filed: August 27, 2016
    Date of Patent: May 14, 2019
    Inventor: Min Ni
  • Patent number: 10291392
    Abstract: A method for encrypting data based on all-or-nothing encryption includes: providing, by an encryption system, data to be encrypted and an encryption key; dividing, by the encryption system, the data into an odd number of blocks, wherein each of the blocks has the same size; encrypting, by the encryption system, the blocks with the encryption key to obtain an intermediate ciphertext c? comprising intermediate ciphertext blocks c0?, . . . , cN?, wherein c0? corresponds to a random seed and c1?, . . . , cN? corresponds to the encrypted blocks; and obtaining, by the encryption system, a final ciphertext c using the intermediate ciphertext c?. An intermediate overall ciphertext t is obtained based on XOR'ing the intermediate ciphertext blocks c0?, . . . , cN?; and obtaining a plurality of final ciphertext blocks c1, . . . cN by XOR'ing respective intermediate ciphertext blocks c1?, . . . , cN? with the intermediate overall ciphertext t.
    Type: Grant
    Filed: August 28, 2017
    Date of Patent: May 14, 2019
    Assignee: NEC CORPORATION
    Inventors: Ghassan Karame, Claudio Soriente, Srdjan Capkun
  • Patent number: 10275767
    Abstract: A method for generating cryptograms in a webservice environment includes: receiving, in a first environment of a computing system, a credential request transmitted by an external computing device using a secure communication protocol, the credential request including a transaction identifier and account identifier; transmitting, by the first environment, a data request to a second environment of the computing system, the data request including the account identifier; receiving, by the first environment, an account profile and session key from the second environment; transmitting, by the first environment, a cryptogram request to a third environment of the computing system, the cryptogram request including the account profile and session key; receiving, by the first environment, a cryptogram from the third environment generated using the account profile and session key; and transmitting, by the first environment, the cryptogram and transaction identifier to the external computing device via the secure communic
    Type: Grant
    Filed: October 21, 2015
    Date of Patent: April 30, 2019
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Mehdi Collinge, Patrik Smets
  • Patent number: 10277569
    Abstract: Techniques for using short-term session credentials across regions are described herein. A first request for resources generated using a short-term session credentials and digitally signed with a digital signature. The request is generated in a first region and received in a second region. In response to the request, a second request is generated in the second region to validate the first request. A new session token that is usable in the second region is generated and returned to the second region. The new session token can then be used in the second region to fulfill the first request.
    Type: Grant
    Filed: December 3, 2015
    Date of Patent: April 30, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Marc R. Barbour, Khaled Salah Sedky, Slavka Praus, Srikanth Mandadi
  • Patent number: 10262152
    Abstract: An access control apparatus comprises a control unit that, based on predetermined access control information, restricts access to an electronic file by software that is permitted to access or prohibited from accessing the electronic file. An access control system comprises: an access control apparatus that has a control unit that, based on predetermined access control information, restricts access to an electronic file by software that is permitted to access or prohibited from accessing the electronic file; and a management apparatus that is provided outside the access control apparatus, and provides, to the access control apparatus, at least one of the predetermined access control information and a judgment result based on the predetermined access control information.
    Type: Grant
    Filed: July 15, 2015
    Date of Patent: April 16, 2019
    Assignee: FinalCode, Inc.
    Inventors: Toshio Dogu, Noriyuki Takahashi, Takuya Matsumoto
  • Patent number: 10263785
    Abstract: Securing information is increasingly difficult. With technological advances and tools/information sharing between hackers it is becoming even more difficult to ensure that sensitive data remains secure. Disclosed are systems and methods for uniquely securing data for each communication. The disclosed systems and methods allow for transmitting data across multiple boundaries (national, linguistic, operating system, platform, brand, etc.), while maintaining the desired security of the originator's data.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: April 16, 2019
    Inventors: Thomas J. Waters, Richard H. Waters, Robert N. Barrett
  • Patent number: 10242195
    Abstract: Examples described herein include a computing device with a processing resource to execute beginning booting instructions of the computing device. The beginning booting instructions may include a first booting instruction. The computing device also includes an access line to access the first booting instruction, a measuring engine to duplicate the first booting instruction and to generate a first integrity value associated with the first booting instruction, and a measurement register to store the first integrity value. The measuring engine may be operationally screened from the processing resource and the measurement register may be inaccessible to the processing resource.
    Type: Grant
    Filed: July 22, 2016
    Date of Patent: March 26, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Ludovic Emmanuel Paul Noel Jacquin, Thomas M. Laffey, Adrian Shaw
  • Patent number: 10218696
    Abstract: The techniques and systems described herein are directed to providing targeted, secure software deployment in a computing system. An identity of the computing device can be determined and verified using a trusted platform module (TPM) of the computing device, and a software update can be expressly configured to operate solely on the computing device. Further, a configuration of the computing device can be ascertained using platform configuration registers (PCRs) of the TPM to determine that the computing device has not been modified from a trusted configuration. For example, if malware or unauthorized software is operating on the computing device, the software update may be prevented from being installed. Further, the software update can be targeted for a particular computing device, such that when the software update is received at the computing device, the software update may not be duplicated and provided to an additional, unauthorized device.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: February 26, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Merzin Kapadia
  • Patent number: 10218501
    Abstract: A method includes: securely obtaining, by a first device, a first public key estimated value of a second device in an out-of-band manner; encrypting an asymmetric encryption public key by using the first public key estimated value; sending the encrypted asymmetric encryption public key to the second device; receiving an encrypted first key-exchange public key sent by the second device; decrypting the encrypted first key-exchange public key by using an asymmetric encryption private key; performing an operation based on the decrypted first key-exchange public key, to obtain a second public key estimated value; and when the first public key estimated value is consistent with the second public key estimated value, determining that the decrypted first key-exchange public key is correct, generating a shared key by using a key-exchange private key and the first key-exchange public key, and establishing a secure connection to the second device by using the shared key.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: February 26, 2019
    Assignee: Huawei Device (Dongguan) Co., Ltd.
    Inventors: Gaokun Pang, Zhiming Ding