Symmetric Key Cryptography Patents (Class 380/259)
  • Patent number: 9887987
    Abstract: An application that enables documentation of meetings using a Smartphone or internet-based communication programs installed on a computer whereby the application enables each of the participants in the personal meeting to input a personal identification code designed to serve as a personal key. The application enables the user to document the personal meeting using the audio and video recording means of the Smartphone or the computer's internet-based communications programs and to save the documentation as a documentation file that may be opened only using all of the personal keys simultaneously.
    Type: Grant
    Filed: August 11, 2014
    Date of Patent: February 6, 2018
    Inventors: Eliahu Antopolsky, Yacov Gottman
  • Patent number: 9882718
    Abstract: A processing device is to determine that a module, executed from a memory by the processing device, is an initialized module in view of the module previously opening a first database. The processing device is to create a slot to open a second database using the initialized module.
    Type: Grant
    Filed: March 28, 2016
    Date of Patent: January 30, 2018
    Assignee: Red Hat, Inc.
    Inventor: Robert Relyea
  • Patent number: 9871772
    Abstract: A system and method operate on a first electronic device and a second electronic device. The first device has a control system and a cryptographic communications module. The second device has a key generator, a user interface, and a cryptographic communications module. The second device generates a single-mission cryptographic key that is securely programmed into the first device, and the first device is deployed to a remote location. The user interface receives a command for controlling the first device. The second device encrypts the command according to the cryptographic key, and transmits the encrypted command to the first device. The first device authenticates the command, decrypts it, and passes the decrypted command to the control system. The first device may be actively guided ordnance, and the second device may be a control element for controlling the actively guided ordnance. The key may be automatically obfuscated upon mission completion or termination.
    Type: Grant
    Filed: March 17, 2015
    Date of Patent: January 16, 2018
    Assignee: The Charles Stark Draper Laboratory, Inc.
    Inventors: William W. Weinstein, James M. Zagami, Joshua B. Weader
  • Patent number: 9858433
    Abstract: A hierarchical tree structure is used to facilitate the communication of encrypted keys to particular users having access to the tree. All users are in communication with a root node, but the information content of the material at the root node is decipherable only by the intended users of this information. Protected data is encrypted using a variety of data-keys specific to the data. These data-keys are encrypted using a combination of node-keys that are specific to particular users or groups of users. Users having access to the node-key associated with a particular encrypted data-key are able to decipher the data associated with the data-key; users without access to the particular node-key are unable to decrypt the data-key, and thus unable to decipher the data. The hierarchical tree is preferably structured based on a similarity of access rights among users, to minimize the overhead associated with providing user-specific access rights.
    Type: Grant
    Filed: September 14, 2006
    Date of Patent: January 2, 2018
    Assignee: Koninklijke Philips N.V.
    Inventors: Malik Hammoutene, Milan Petkovic, Claudine Conrado
  • Patent number: 9847987
    Abstract: Technologies and implementations for providing a data center access and management settings transfer service are generally disclosed.
    Type: Grant
    Filed: November 17, 2015
    Date of Patent: December 19, 2017
    Assignee: EMPIRE TECHNOLOGY DEVELOPMENT LLC
    Inventor: Ezekiel Kruglick
  • Patent number: 9832175
    Abstract: Techniques are presented for optimizing secure communications in a network. As disclosed herein, a key server is configured to provision a plurality of routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value, together with the security association, to the plurality of routers that are part of the virtual private network to enable them to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server then increments the counter value to a value within a range of counter values capable of being predicted by the plurality of routers that received the key value.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: November 28, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Lewis Chen, Scott Fluhrer, Warren Scott Wainner, Brian Weis
  • Patent number: 9825926
    Abstract: A method for delegating a computational burden from a computationally limited party to a computationally superior party is disclosed. Computations that can be delegated include inversion and exponentiation modulo any number m. This can be then used for sending encrypted messages by a computationally limited party in a standard cryptographic framework, such as RSA. Security of delegating computation is not based on any computational hardness assumptions, but instead on the presence of numerous decoys of the actual secrets.
    Type: Grant
    Filed: July 9, 2015
    Date of Patent: November 21, 2017
    Assignee: Research Foundation of the City University of New York
    Inventors: Delaram Kahrobaei, Bren Cavallo, Vladimir Shpilrain
  • Patent number: 9800684
    Abstract: The present invention relates to systems and methods for statistical caching. Inputs are captured via an appropriate network protocol. The input includes statistical data and a corresponding cache key. The values for each cache key within a cache are compacted using the input. The compacting involves determining if the corresponding cache key is already set within the cache, and if the cache key is present, aggregating the statistical data with the value stored within the cache to generate an updated value. The updated cache may be periodically synchronized with a final data store. Additionally, each operation performed by the statistical cache may be recorded in a transaction log for fault tolerance.
    Type: Grant
    Filed: January 19, 2015
    Date of Patent: October 24, 2017
    Assignee: Prevoty, Inc.
    Inventor: Kunal Anand
  • Patent number: 9800418
    Abstract: The present invention relates to data communication systems and protocols utilized in such systems.
    Type: Grant
    Filed: May 26, 2015
    Date of Patent: October 24, 2017
    Assignee: INFOSEC GLOBAL INC.
    Inventor: Adrian Antipa
  • Patent number: 9800403
    Abstract: Systems, methods, and computer-readable media are disclosed for processing and message padding an input message as well as processing an extended output message (EOM) in a manner that ensures that the input message and the padded message are processed only a single time, thus avoiding generation of an incorrect message digest. In addition, in those scenarios in which multiple padded message blocks are generated, the disclosed systems, methods, and computer-readable media ensure that all of the padded message blocks are processed.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: October 24, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Louis P. Gomes
  • Patent number: 9794234
    Abstract: A Key Generation System (KGS) includes a key server, a first network element, and a second network element. The first and second network elements register with the key server and receive first and second KGS key seeds and first and second KGS identifiers, respectively. The first network element transmits the first KGS identifier to the second network element and obtains the second KGS identifier. The first network element computes a shared key based on the first KGS key seed and the second KGS identifier. The second network element receives the first KGS identifier from the first network element and computes the shared key based on the second KGS key seed and the first KGS identifier.
    Type: Grant
    Filed: July 28, 2015
    Date of Patent: October 17, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Padmakumar Ampady Vasudevan Pillai, Brian Eliot Weis, Thamilarasu Kandasamy
  • Patent number: 9781039
    Abstract: Systems and methods for multi-channel signal processing by a series of single processing core logic circuitries in time-slicing. A first logic circuitry is configured to process multiple data streams from multiple channels in a first cycle-based time-sliced schedule. A time slice in the first cycle-based time-sliced schedule comprises a predetermined number of clock cycles allocated to a corresponding data stream. A second logic circuitry is coupled to the first logic circuitry and configured to process the data streams in a first fragment-based time-sliced schedule. A time slice in the first fragment-based time-sliced schedule is determined based on a predetermined boundary associated with the data fragment and is allocated to process a data fragment of the data streams.
    Type: Grant
    Filed: December 6, 2013
    Date of Patent: October 3, 2017
    Assignee: MACOM Connectivity Solutions, LLC
    Inventor: Dimitri Mavroidis
  • Patent number: 9735957
    Abstract: According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device.
    Type: Grant
    Filed: December 19, 2014
    Date of Patent: August 15, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Navindra Yadav, Atul Mahamuni, Jonathan Hui, Wei Hong, Alec Woo
  • Patent number: 9727744
    Abstract: Methods and systems are provided for decentralizing user data access rights control activities in networked organizations having diverse access control models and file server protocols. A folder management application enables end users of the file system to make requests for access to storage elements, either individually, or by becoming members of a user group having group access privileges. Responsibility for dealing with such requests is distributed to respective group owners and data owners, who may delegate responsibility to authorizers. The application may also consider automatically generated proposals for changes to access privileges. An automatic system continually monitors and analyzes access behavior by users who have been pre-classified into groups having common data access privileges. As the organizational structure changes, these groups are adaptively changed both in composition and in data access rights.
    Type: Grant
    Filed: August 4, 2016
    Date of Patent: August 8, 2017
    Assignee: VARONIS SYSTEMS, INC.
    Inventors: Yakov Faitelson, Ohad Korkus
  • Patent number: 9729321
    Abstract: Approaches described herein allow a stateless device to recover at least one private key. In particular, a stateless device can provide service-account credentials to a directory service to establish a first session and acquire a certificate and private key using information associated with the stateless device. The stateless device can store its private key before the first session ends. A stateless device can then provide user-account credentials to the directory service to establish a second session. After the second session begins, a private key can be acquired by the stateless device.
    Type: Grant
    Filed: April 29, 2015
    Date of Patent: August 8, 2017
    Assignee: CITRIX SYSTEMS, INC.
    Inventor: Christopher Morgan Mayers
  • Patent number: 9730254
    Abstract: In an example, the mobile device may be configured to determine whether to authorize a request for the vehicle head unit to utilize a resource of the mobile device. The mobile device may be configured to utilize a proxy of the mobile device to establish a connection with a destination in response to determining to authorize the request.
    Type: Grant
    Filed: April 23, 2015
    Date of Patent: August 8, 2017
    Assignee: Airbiquity Inc.
    Inventors: Mike O'Meara, Sagar Pawar, Leon Hong
  • Patent number: 9720848
    Abstract: Key information that is currently in use is archived in a management server to prevent the key information from being lost. A storage device 10 is communicatably connected to a management server 60 managing key information 1. The storage device includes a memory device 21, and a controller 100 controlling the memory device. The controller implements encryption processing on data inputted and outputted to and from the memory device by using the key information. When stoppage of an operation is indicated, the controller determines whether the key information used by the controller is managed by the management server, stops the operation in a case where the key information is managed by the management server, and does not stop the operation in a case where the key information is determined not to be managed by the management server.
    Type: Grant
    Filed: July 8, 2013
    Date of Patent: August 1, 2017
    Assignee: HITACHI, LTD.
    Inventors: Shinichiro Kanno, Nobuyuki Osaki
  • Patent number: 9680640
    Abstract: Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution (“QKD”) are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.
    Type: Grant
    Filed: January 5, 2015
    Date of Patent: June 13, 2017
    Assignee: Los Alamos National Security, LLC
    Inventors: Richard John Hughes, Jane Elizabeth Nordholt, Charles Glen Peterson
  • Patent number: 9654453
    Abstract: A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key.
    Type: Grant
    Filed: April 20, 2015
    Date of Patent: May 16, 2017
    Assignee: Intel Corporation
    Inventors: Divya Naidu Kolar Sunder, Prashant Dewan, Men Long
  • Patent number: 9647833
    Abstract: A system and method for identity (ID)-based key management are provided. The ID-based key management system includes an authentication server configured to authenticate a terminal through key exchange based on an ID and a password of a user of the terminal, set up a secure channel with the terminal, and provide a private key based on the ID of the user to the terminal through the secure channel, and a private-key generator configured to generate the private key corresponding to the ID of the terminal user according to a request of the authentication server.
    Type: Grant
    Filed: July 31, 2014
    Date of Patent: May 9, 2017
    Assignees: SAMSUNG SDS CO., LTD., SDS AMERICA, INC.
    Inventors: Hyo-Jin Yoon, Madjid Nakhjiri
  • Patent number: 9641322
    Abstract: A video processing device for decrypting a compressed video signal includes a key storage device for storing at least one decryption key. An decryption processing device retrieves the at least one decryption key from the key storage device, and decrypts an encrypted elementary bit stream into at least one elementary bit stream, wherein first portions of the encrypted elementary bit stream are encrypted and second portions of the encrypted elementary bit stream are unencrypted.
    Type: Grant
    Filed: February 9, 2015
    Date of Patent: May 2, 2017
    Assignee: ViXS Systems, Inc.
    Inventor: Paul D. Ducharme
  • Patent number: 9621343
    Abstract: Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption), or shared with other users (e.g., cryptographic communication). Use of context-based encryption keys enables key association with individual data elements, as opposed to public-private key pairs, or use of conventional user-based or system-based keys. In scenarios wherein data is shared by a sender with other users, the system manages the rights of users who are able to send and/or access the sender's data according to pre-defined policies/roles.
    Type: Grant
    Filed: February 26, 2016
    Date of Patent: April 11, 2017
    Assignee: Ionic Security Inc.
    Inventor: Adam Ghetti
  • Patent number: 9608967
    Abstract: A system and a method is provided for establishing a session key in a context of communications between entities, the identifiers of which are generated cryptographically and for which one of the entities is highly resource-constrained. It includes assigning to assistant entities of the resource-constrained entity, the highest-consuming asymmetric cryptography operations.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: March 28, 2017
    Assignee: Commissariat A L'Energie Atomique ET AUX Energies Alternatives
    Inventors: Yosra Ben Saied, Christophe Janneteau, Alexis Olivereau
  • Patent number: 9590956
    Abstract: A secure chat client is described that allows users to exchange encrypted communications via secure chat rooms, as well as one-to-one communications. In particular, the secure chat client allows users to create, configure, and manage secure chat rooms. Furthermore, the secure chat client provides users with the ability to recover secure messages when they obtain a new device or otherwise lose communications.
    Type: Grant
    Filed: February 29, 2016
    Date of Patent: March 7, 2017
    Assignee: Wickr Inc.
    Inventors: Gerard Ryan, Thomas Michael Leavy
  • Patent number: 9582678
    Abstract: A computer implemented method, server computer and computer program for securely storing a data file via a computer communication network. The method includes: providing a computer device of a user with code for providing a unique user name for the user; asking the user for a password; generating an asymmetric key pair for the user having one public key and one private key; encrypting the private key via the hash of the password; generating a file-specific symmetric key specific for the data file; encrypting the data file via the file-specific symmetric key; encrypting the file-specific symmetric key via the public key of the user; where the code is executed by a web browser on the computer device. The server is then receiving the encrypted data file, the encrypted file-specific symmetric key, the encrypted private key of the user and the public key of the user from the computer device.
    Type: Grant
    Filed: April 19, 2012
    Date of Patent: February 28, 2017
    Assignee: INVENIA AS
    Inventors: Trond Andersen, Anders Andersen, Anders Mathisen, Terje Wold
  • Patent number: 9584493
    Abstract: A secure chat client is described that allows users to exchange encrypted communications via secure chat rooms, as well as one-to-one communications. In particular, the secure chat client allows users to create, configure, and manage secure chat rooms. Furthermore, the secure chat client provides users with the ability to recover secure messages when they obtain a new device or otherwise lose communications.
    Type: Grant
    Filed: February 29, 2016
    Date of Patent: February 28, 2017
    Assignee: Wickr Inc.
    Inventors: Thomas Michael Leavy, Gerard Ryan
  • Patent number: 9571289
    Abstract: Methods and devices disclosed herein use techniques to resist glitch attacks when computing discrete-log based signatures. The methods and systems described herein replace the random nonce in conventional signature systems with a pseudorandom nonce derived in a deterministic way from some internal state information, such as a secret key or a counter, such that the nonce is not repeated. The methods and systems described herein may also use tests to verify that a glitch has not occurred or been introduced.
    Type: Grant
    Filed: November 11, 2013
    Date of Patent: February 14, 2017
    Assignee: Cryptography Research, Inc.
    Inventor: Joshua M Jaffe
  • Patent number: 9571475
    Abstract: Techniques described herein may be used to encrypt a telephone call between users. User devices (e.g., smart phones) may be connected to encryption relay devices that operate as relays between headsets worn by the user and the user devices. As information passes from the headset toward a corresponding user device, an encryption relay device may encrypt the information before the information reaches the user device so that the user device transmits encrypted call information to the other user participating in the call. When encrypted information is received, and travels from the user device to the headset, the encryption relay device may decrypt the information before it reaches the headset. Thus, the techniques described herein provide an end-to-end encryption solution to telephone calls.
    Type: Grant
    Filed: June 9, 2015
    Date of Patent: February 14, 2017
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Mohammad Raheel Khalid, Manuel Enrique Caceres, Mauricio Pati Caldeira de Andrada, Paul Berman
  • Patent number: 9553722
    Abstract: A first key associated with a plurality of devices may be received. Furthermore, a second key associated with a single device may be received. The first key associated with the plurality of devices may be modified based on a device identification of the single device. Additionally, a primary key may be generated based on the modified first key and the second key.
    Type: Grant
    Filed: July 6, 2015
    Date of Patent: January 24, 2017
    Assignee: CRYPTOGRAPHY RESEARCH, INC.
    Inventors: Benjamin Che-Ming Jun, Ambuj Kumar
  • Patent number: 9537836
    Abstract: A content delivery platform is provided that includes generating a first content package of content that is encrypted with a unique symmetric key, and a second content package including a link encrypted with the key to the first content package. The first content package is stored in a repository, and a request including the key is transmitted to a first computing device associated with a mail exchange for an encryption key file. An encryption key file is generated using the unique symmetric key and together with a authorizing token is received. A third content package is generated that is encrypted using the encryption key file and includes the encrypted link. The third content package is transmitted to a distributor gateway and the encrypted link is accessible in response to the consumer decrypting the third content package. The link is available to provide to access to the content for the consumer.
    Type: Grant
    Filed: October 31, 2014
    Date of Patent: January 3, 2017
    Assignee: ECO-MAIL DEVELOPMENT, LLC
    Inventors: Jay Maller, Bikram Chaudri
  • Patent number: 9531688
    Abstract: Disclosed are requesting party and responding party computer systems which perform a message level encryption for messages sent through the computer systems. Using the message level encryption, the computer systems may prevent those with access to an unsecured zone in one or more of the computer systems from viewing the messages.
    Type: Grant
    Filed: January 14, 2015
    Date of Patent: December 27, 2016
    Assignee: BLACKHAWK NETWORK, INC.
    Inventor: Derk Norton
  • Patent number: 9503259
    Abstract: In the present disclosure, implementations of Diffie-Hellman key agreement are provided that, when embodied in software, resist extraction of cryptographically sensitive parameters during software execution by white-box attackers. Four embodiments are taught that make extraction of sensitive parameters difficult during the generation of the public key and the computation of the shared secret. The embodiments utilize transformed random numbers in the derivation of the public key and shared secret. The traditional attack model for Diffie-Hellman implementations considers only black-box attacks, where attackers analyze only the inputs and outputs of the implementation. In contrast, white-box attacks describe a much more powerful type of attacker who has total visibility into the software implementation as it is being executed.
    Type: Grant
    Filed: February 9, 2012
    Date of Patent: November 22, 2016
    Assignee: Irdeto B.V.
    Inventors: SK MD Mizanur Rahman, James Muir
  • Patent number: 9497174
    Abstract: Provided are system, methods, and computer-readable media for systems, methods, and computer-readable media for secure digital communications and networks. The system provides for secure communication between nodes through the use of a subscription between two nodes based on unique identifiers that are unique to each node, and communication between nodes without a subscription may be blocked. Additionally, secure communications between a node and a remote node are dynamically encrypted using asymmetric and symmetric encryption. The encryption algorithms and key lengths may be changed at each subsequent negotiation between a node and a remote node.
    Type: Grant
    Filed: September 9, 2015
    Date of Patent: November 15, 2016
    Inventor: Matthew Tyrone Armatis
  • Patent number: 9477561
    Abstract: In one embodiment, the gateway includes a trunk interface module (TI) for coupling the gateway to a trunk of the public network (PSTN), a media Server module (MS) coupled to an enterprise network, a transcoder module (TC), a call control module (CC), and a proxy module (PRO). The proxy module is configured to forward each SIP message received by the gateway, according to the IP address contained in a SIP Request-URI in this message. The SIP message is either sent to the Call Control module (CC) if this IP address is the address of the gateway, or to the data compression module (DC) if the IP address is the address of the main SIP Server (MSS). The proxy module is configured to add, in the latter case, its own IP address in Path header on each Register method; and, for each other SIP method sent to the main SIP Server (MSS), suppress its own IP address in the Route header.
    Type: Grant
    Filed: September 9, 2013
    Date of Patent: October 25, 2016
    Assignee: Alcatel Lucent
    Inventors: Sebastien Brunel, Laurent Barbero
  • Patent number: 9473506
    Abstract: A system, method and computer readable medium for secure file transfer is disclosed. In one embodiment, the system encrypts a file; sends, via a secure channel, a packet to a group having one or more members, the group authorized to access the encrypted file, the packet associated with the encrypted file and including access information for the encrypted file; receives a first request for the encrypted file from a first requestor; and sends the encrypted file to the first requestor via an unsecured channel that performs caching, wherein the first requestor is able to access the encrypted file using the packet when the first requestor is a member of the group authorized to access the encrypted file and received the packet via the secure channel and unable to access the encrypted file when the first requestor is not a member of the group authorized to access the encrypted file.
    Type: Grant
    Filed: November 7, 2014
    Date of Patent: October 18, 2016
    Assignee: Progress Software Corporation
    Inventors: John Alan Hensley, Robert Fischer
  • Patent number: 9473471
    Abstract: A method for performing proxy transformation between a user and a server includes: selecting a first proxy relationship between a target user and a first user from a proxy relationship library; selecting a random value, and generating a second proxy relationship according to the random value and the first proxy relationship; and encrypting original information according to the public key of the first user and the random value to obtain the encrypted information, and transmitting the encrypted information and the second proxy relationship to the server, so that the server performs proxy transformation on the encrypted information according to the second proxy relationship to obtain the transformed information. The method for performing proxy transformation thoroughly solves the security hazard that the server performs proxy transformation without user permission. The present invention further discloses a user terminal and a system for performing proxy transformation.
    Type: Grant
    Filed: December 31, 2013
    Date of Patent: October 18, 2016
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Lei Xu, Xiaoxin Wu
  • Patent number: 9473521
    Abstract: A method for mitigating false positive type errors while applying an information leak prevention policy to identify important information and to prevent outward leakage. A positive criterion is defined for a positive set, and a negative criterion for a negative set of benign traffic. An ambiguity set contains items showing indications for both positive and negative sets. An ambiguity resolution criterion allows ambiguous items to be placed in/removed from the positive set or negative set. Each information item is searched for matches with the positive set. Each item in the positive set is checked for membership in the ambiguity set. The ambiguity resolution criteria are used for each member of the ambiguity set and to remove items from the positive set accordingly. The leak prevention policy is applied for all items remaining in the positive set thus protecting the important information.
    Type: Grant
    Filed: May 13, 2013
    Date of Patent: October 18, 2016
    Assignee: PortAuthority Technologies, LLC
    Inventors: Lidror Troyansky, Assaf Litai, Sharon Bruckner
  • Patent number: 9449186
    Abstract: The present invention is directed to systems for and methods of controlling access to computer systems. A method in accordance with the present invention comprises performing a test that includes comparing input responses to randomly selected questions with corresponding pre-determined responses to the questions and granting access to the system in the event the test is passed. A first condition of passing the test is that each input response matches a corresponding pre-determined response. Once passing the test, the user is granted permissions to access data based on his position. For example, a corporate director generally has greater permissions than an engineer. Preferably, the user's permissions determine an encryption key and a decryption key that the user is able to use to access protected data.
    Type: Grant
    Filed: June 14, 2012
    Date of Patent: September 20, 2016
    Assignee: ENCRYPTHENTICA LIMITED
    Inventor: Ernst B. Carter
  • Patent number: 9438585
    Abstract: A system is provided and facilitates management of a device by a first entity and management of a third entity by a second entity, wherein by way of the system access rights permitting access otherwise prevented by the device are assignable by the first entity to the second entity, the access rights are able to be administrated by the second entity to the third entity, and the access is obtainable by the third entity using a combination of the access rights and personal identification information to affect the device.
    Type: Grant
    Filed: May 15, 2015
    Date of Patent: September 6, 2016
    Assignee: UTC FIRE & SECURITY CORPORATION
    Inventors: Adam Kuenzi, Teri Lynne Briskey, James Young, Jonah J. Harkema, David Casey Fale
  • Patent number: 9425956
    Abstract: A method for transmitting a file from a file source (101) to a plurality of electronic devices (110j) is described herein. To each electronic device are associated an encryption key and a unique identifier code. According to the method described herein, to the plurality of electronic devices are transmitted: a file encrypted by means of a session key, and a plurality of encrypted session keys, each paired with a respective electronic device, with whose encryption key the respective encrypted session key was obtained; Moreover, each electronic device decrypts its own encrypted session key using the respective encryption key to obtain the decrypted session key, and decrypts the encrypted file by means of the decrypted session key.
    Type: Grant
    Filed: May 29, 2012
    Date of Patent: August 23, 2016
    Assignee: ABB Technology AG
    Inventors: Filippo Vernia, Davide Tazzari
  • Patent number: 9405920
    Abstract: A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.
    Type: Grant
    Filed: May 21, 2014
    Date of Patent: August 2, 2016
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Gregory Alan Rubin, Matthew John Campagna, Petr Praus
  • Patent number: 9374373
    Abstract: In an embodiment, content may be encrypted by a first device using a dual hash chain technique, where the first device maintains a forward hash chain and a second device maintains a backward hash chain, and content keys for encrypting content are derived using values of the forward and backward hash chains. The second device may not have knowledge of a seed used to generate the forward hash chain, and therefore may be unable to generate the content keys, reducing a likelihood that the encrypted content becomes compromised. Additionally, embodiments provide for techniques for using proxy re-encryption (PRE) to re-encrypt content, such that the encrypted content may be provided to and decrypted by a requesting device without knowledge of the forward and backward hash chains. Additionally, embodiments provide techniques for distributing encrypted content to a requesting device with fine-grained access control.
    Type: Grant
    Filed: February 3, 2015
    Date of Patent: June 21, 2016
    Assignee: Hong Kong Applied Science and Technology Research Institute Co., Ltd.
    Inventors: Chung Fai Aldar Chan, Man Ming Andrew Hon
  • Patent number: 9363073
    Abstract: A method of protecting a circuit from attacks aiming to discover secret data used during the execution of a cryptographic calculation by the circuit, by, executing a transformation calculation implementing a bijective transformation function, receiving as input a secret data, and supplying a transformed data, executing a cryptographic calculation receiving as input a data to process and the transformed data, and executing an inverse transformation calculation receiving as input the result of the cryptographic calculation, and supplying a result that the cryptographic calculation would have supplied if it had been applied to the data to process and directly to the secret data, the data to process belong to a stream of a multiplicity of data, the transformed data being supplied as input to the cryptographic calculation for all the data of the stream.
    Type: Grant
    Filed: November 26, 2013
    Date of Patent: June 7, 2016
    Assignee: STMicroelectronics (Rousset) SAS
    Inventor: Yannick Teglia
  • Patent number: 9356783
    Abstract: In one embodiment, it is proposed a method for ciphering a plaintext M belonging to a group of prime order p, such method being performed by an electronic device. The method is remarkable in that it comprises: encrypting said plaintext M in function of a public vector Z=(Z1, . . . , Zl)?l of l elements of said group , where l?2 log2(p), and a one-time private vector K comprising l binary elements (K[1], . . . , K[l])?{0,1}l, said encrypting delivering a first ciphertext belonging to a group k1 for an integer k1?1; encrypting said l binary elements delivering a second ciphertext in a group k2, for an integer k2>1.
    Type: Grant
    Filed: September 3, 2014
    Date of Patent: May 31, 2016
    Assignee: Thomson Licensing
    Inventors: Marc Joye, Benoit Libert
  • Patent number: 9325505
    Abstract: An apparatus and method for encrypting content based on an identifier (ID) of a storage device and a decrypting apparatus and method corresponding thereto. The content recording device includes a storage device interface to receive a first primitive ID and a second primitive ID to identify first and second portions provided in a storage device from the storage device, and a processor to generate a media ID that is a unique ID of the storage device using the first primitive ID and the second primitive ID and to encrypt one or more contents using an encryption key generated using the media ID, wherein the storage device interface provides the content encrypted by the processor to the storage device.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: April 26, 2016
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Weixin Wang, Hee-Chang Cho, Hyoung-Suk Jang
  • Patent number: 9306937
    Abstract: A processing device is to determine that a module, executed from a memory by the processing device, is initialized from opening a first database. The processing device is to identify a second database to be opened from a request from an application to access data that is stored in the second database. The processing device is to create, a slot, via the initialized module, to open the second database using the initialized module.
    Type: Grant
    Filed: December 5, 2014
    Date of Patent: April 5, 2016
    Assignee: Red Hat, Inc.
    Inventor: Robert Relyea
  • Patent number: 9300472
    Abstract: Systems and methods are provided for enchancing pseudo random number generation to thwart various security attacks to a system that relies on digital signature security measures. For example, a random number may be bound to a message that is to be signed using a digital signature. Alternatively, a random number may be bound to a secret seed value, which may be updated subsequent to each signing. Alternatively still, a random number may be bound to both the message to be signed using a digital signature and a secret seed value.
    Type: Grant
    Filed: September 30, 2011
    Date of Patent: March 29, 2016
    Assignee: Nokia Technologies Oy
    Inventors: Sampo Sovio, Martti Takala, Rauno Tamminen, Suvi Lehtinen
  • Patent number: 9288047
    Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Additionally, a method of generating a cryptographic key based on a user-entered password and a device-specific identifier secret utilizing an encryption algorithm is disclosed.
    Type: Grant
    Filed: June 9, 2014
    Date of Patent: March 15, 2016
    Assignee: Apple Inc.
    Inventors: Michael Lambertus Hubertus Brouwer, Mitchell David Adler
  • Patent number: 9270455
    Abstract: A method of providing a secure, reliable and verifiable seed generation a random number generator. The method includes determining a first input based upon at least one entropy source related to operation of the processing device. For example, the entropy source can be random information related to the current operation of a computing device. The method further includes accessing a secret input that is unique to the processing device and combining the first input and the secret input via a secure cryptographic combining function, wherein the secret input and the secure cryptographic combining function are stored in a hardware-based storage medium associated with a specific processing device such that they are accessible only by that specific processing device. Based upon the combination, the method includes determining a first output value and outputting the first output value as a random seed for a random number generator.
    Type: Grant
    Filed: February 14, 2014
    Date of Patent: February 23, 2016
    Assignee: Google Inc.
    Inventor: Theodore Yue Tak Ts'o
  • Patent number: 9262753
    Abstract: A method for video messaging includes recording a video message, at a device, for a recipient; and selecting a contact as a recipient of the video message, at the device, without requiring typing at the device.
    Type: Grant
    Filed: December 16, 2014
    Date of Patent: February 16, 2016
    Assignee: TangoMe, Inc.
    Inventors: Eric Setton, Jamie Odell