Rekeying System Patents (Class 380/273)
  • Patent number: 10952149
    Abstract: The present method and electronic device are adapted for secured commissioning. A generic password is stored in memory of the electronic device, and a transmission power of the electronic device is set to a reduced transmission power. The electronic device receives a commissioning request including the generic password and a specific password. The generic password is replaced in the memory of the electronic device by the specific password, and the transmission power of the electronic device is increased to full transmission power.
    Type: Grant
    Filed: June 11, 2019
    Date of Patent: March 16, 2021
    Assignee: DISTECH CONTROLS INC.
    Inventors: Dominic Gagnon, Xavier Rousseau
  • Patent number: 10951405
    Abstract: Examples disclosed herein relate to encryption of community-based security information. Some examples may enable authorizing a user of a community to access an encrypted data item (e.g., at least an encrypted portion of community-based security information of that community) using a decryption key. The community may be generated on a security information sharing platform based on a set of community attributes. The decryption key may comprise a private key corresponding to each user attribute of a set of user attributes that are associated with the authorized user where the set of user attributes satisfy the set of community attributes.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: March 16, 2021
    Assignee: MICRO FOCUS LLC
    Inventors: Terence Spies, Tomas Sander, Susan K. Langford
  • Patent number: 10938574
    Abstract: This disclosure describes techniques for authenticating text documents that can include a cryptographic font script. The text documents can be generated using a text editor application that can generate a machine-readable code or a unique document identification (ID) that can include a metadata component having various authentication data and that can cryptographically sign the documents. The signature on the document can be used to verify the data and identity of the signer. Each such transaction is referenced in a blockchain to construe a public ledger representing the ownership of the text documents from the full record of transactions in the blockchain.
    Type: Grant
    Filed: November 26, 2018
    Date of Patent: March 2, 2021
    Assignee: T-Mobile USA, Inc.
    Inventors: Aaron Drake, Lee Miller London
  • Patent number: 10931715
    Abstract: This disclosure provides for a network element (in the middle) to inject enrichments into SSL connections, and for taking them out. This network element is sometimes referred to herein as a “middle box.” In the context of layered software architecture, this solution preferably is implemented by a library that operates below the SSL layer and above the TCP sockets layer at the two endpoints of the SSL connection. Preferably, the SSL enrichments are implemented as SSL/TLS records.
    Type: Grant
    Filed: September 23, 2019
    Date of Patent: February 23, 2021
    Assignee: Akamai Technologies, Inc.
    Inventor: Mangesh Kasbekar
  • Patent number: 10924274
    Abstract: A network device may determine that network traffic for a communication session between a first peer device and a second peer device is to be protected using a security protocol suite. The network device may establish, using one or more tunnels, multiple security associations that are to be used to securely provide the network traffic of the communication session over an unsecured medium. The network device may determine a rekey scheduling time for each security association, of the multiple security associations, based on a combination of configuration information and dynamic network device information. The network device may perform, at each rekey scheduling time, a rekeying procedure to rekey each security association of the multiple security associations.
    Type: Grant
    Filed: February 13, 2018
    Date of Patent: February 16, 2021
    Assignee: Junioer Networks, Inc.
    Inventors: Shibu Piriyath, Vinay Gudur
  • Patent number: 10904014
    Abstract: The claimed invention is a method for encryption synchronization and user authentication, which allows a user to set up an encrypted mark created by using an encryption algorithm and a user-provided encryption key. The method does not leave any information that would be used by internal staff or an authentication service provider to acquire user account credentials, and thus preventing hackers from acquiring such information to be used to gain unauthorized access to stored user data.
    Type: Grant
    Filed: September 17, 2016
    Date of Patent: January 26, 2021
    Inventor: Jianqing Wu
  • Patent number: 10877716
    Abstract: A wireless peripheral mode is provided by a host system that communicates to a WiFi infrastructure and, utilizing the same WiFi RF subsystem, also communicates to peripherals. The host system may employ additional RF channels for communicating with high bandwidth peripherals, such as display devices, where high levels of QoS may be managed locally. The host system may be a conventional desktop computer system, a notebook computer system, a multi-media access point, a cell phone, a game machine, a portable game machine, a Personal Digital Assistant (PDA), a smart phone or any other type of device that benefits from accessing both a WiFi infrastructure and local peripherals.
    Type: Grant
    Filed: October 7, 2019
    Date of Patent: December 29, 2020
    Assignee: III Holdings 1, LLC
    Inventor: Neal David Margulis
  • Patent number: 10878848
    Abstract: A technique to manage members of a group of decoders having access to broadcast data, each group member sharing a common broadcast encryption scheme (BES) comprising the steps of, in a stage for a decoder to become a group member, receiving keys pertaining to the position in the group according to the BES, receiving a current group access data comprising a current group access key, and in a stage of accessing broadcast data, using the current group access data to access the broadcast data, and in a stage of renewing the current group access key, sending a first group message comprising at lease a next group access key encrypted so that only non-revoked decoders can access it, said group message being further encrypted by the current group access key, updating the current group access key with the next group access key.
    Type: Grant
    Filed: July 6, 2017
    Date of Patent: December 29, 2020
    Assignee: NAGRAVISION S.A.
    Inventors: Guy Moreillon, Alexandre Karlov
  • Patent number: 10873569
    Abstract: A communication device of handling data transmission comprises instructions of configuring a first bearer and a second bearer according to at least one bearer configuration received from a network; encrypting a first packet of a first flow into a first encrypted packet according to an encryption key and a first bearer identity of the first bearer; receiving a second packet of the first flow from the network via the second bearer, before transmitting the first encrypted packet to the network successfully; transmitting the first encrypted packet to the network via the first bearer, after receiving the second packet; encrypting a third packet of the first flow into a second encrypted packet according to the encryption key and a second bearer identity of the second bearer in response to the second packet; and transmitting the second encrypted packet to the network via the second bearer.
    Type: Grant
    Filed: September 23, 2019
    Date of Patent: December 22, 2020
    Assignee: HTC Corporation
    Inventor: Chih-Hsiang Wu
  • Patent number: 10855463
    Abstract: Methods and systems for providing quality of service to an information handling system may involve generating a new transport encryption key for a management controller group, notifying nodes in the management controller group to negotiate for the new transport encryption key, and encrypting a first message to be sent to a first node in the management controller group using a current transport encryption key. The new transport encryption key for encrypted communications in the management controller group and to replace a current transport encryption key. The first message encrypted after notifying the nodes in the management controller group to negotiate for the new transport encryption key. The nodes of the management controller group including the first node.
    Type: Grant
    Filed: February 8, 2018
    Date of Patent: December 1, 2020
    Assignee: Dell Products L.P.
    Inventors: Yee Ja, Marshal F. Savage, Cyril Jose
  • Patent number: 10856145
    Abstract: Authentication problems often occur when a user of a terminal visits a communications network while roaming. A method is therefore provided for authorizing an authenticated user of a communications terminal. The terminal is configured to connect to a packet-switching network via an access gateway over a current network to which the terminal is connected. The method is implemented by a current authentication server over the current network and includes: receipt of a user authorization request from the access gateway, including an identifier of the user; transmission of a user authorization response to the access gateway, including parameters for authorizing the user, and a unique identifier of an authentication server that authenticated the user.
    Type: Grant
    Filed: August 2, 2016
    Date of Patent: December 1, 2020
    Assignee: ORANGE
    Inventors: Marc Varon, Lionel Morand, Julien Bournelle
  • Patent number: 10819524
    Abstract: Systems, methods, and devices of the various embodiments provide for header extension preservation, security, authentication, and/or protocol translation for Multipath Real-Time Transport Protocol (MPRTP). Various embodiments include methods that may be implemented in a processor of a computing device for MPRTP transmission of Real-Time Transport Protocol (RTP) packets. Various embodiments may include receiving an RTP packet in which the received RTP packet may be part of an RTP stream that may be protected using secure RTP (SRTP), and applying an authentication signature to the RTP packet to authenticate an MPRTP header extension separate from a body of the RTP packet. Various embodiments may include sending and/or receiving MPRTP subflows of an MPRTP session in which a same security context may be applied across all MPRTP subflows of the MPRTP session.
    Type: Grant
    Filed: August 29, 2017
    Date of Patent: October 27, 2020
    Assignee: QUALCOMM Incorporated
    Inventors: Ralph Akram Gholmieh, Sivaramakrishna Veerepalli, Min Wang, Long Duan, Mukesh Kumar Mittal, Arnaud Meylan
  • Patent number: 10778429
    Abstract: Fault-tolerant storage of cryptographic information maintained on a fleet of HSMs may be provided by dividing the cryptographic information into a number of stripes which are distributed and stored on individual HSMs in the HSM fleet. Parity information is generated which allows one or more stripes to be regenerated if one or more stripes becomes corrupt or is lost. The parity information may be stored on an HSM in the HSM fleet, or outside the fleet on a storage service, HSM management hub, tangible computer-readable media, or other device. If an HSM in the HSM fleet fails, resulting in the loss of a stripe, an HSM in the fleet can recover the missing stripe by re-creating the missing stripe from the remaining stripes combined with the parity information. In some examples, stripes are mirrored within the fleet of HSMs.
    Type: Grant
    Filed: December 3, 2015
    Date of Patent: September 15, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Alan Rubin, Benjamin Philip Grubin
  • Patent number: 10771460
    Abstract: A method. At least some embodiments are a method including detecting docking of a mobile computer system to a docking device. In response to detecting the docking, the method further includes connecting an external data communication network to a bridge logic device in the mobile computer system via the docking device, and uploading, via the external data communication network, first data to a non-volatile random access memory coupled to the bridge logic device in the mobile computer system. The method further includes uploading, via the external data communication network, second data to the non-volatile random access memory coupled to the bridge logic device in the mobile computer system, the second data comprising programming instructions for execution on a computer system external to the mobile computer system.
    Type: Grant
    Filed: July 31, 2017
    Date of Patent: September 8, 2020
    Assignee: Elbit Systems of America, LLC
    Inventors: Robert A. Woodward, Daniel M. Herring, Andrew W. Hull
  • Patent number: 10733300
    Abstract: A Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) on a Self-Service Terminal (SST) processes during a boot of the SST. When a new hard disk is detected as being present and an identifier for the new hard disk is missing from a whitelist, a signed hard disk identifier is verified from storage on the new hard disk. If the signed hard disk identifier is verified: the new hard disk is authenticated, the whitelist is updated to include the new hard disk identifier, a unique identifier for BIOS/UEFI and the new hard disk identifier are written to the storage of the new hard disk, and the boot process is permitted to continue for the SST.
    Type: Grant
    Filed: October 24, 2017
    Date of Patent: August 4, 2020
    Assignee: NCR Corporation
    Inventor: Brian Steven Wotherspoon
  • Patent number: 10700856
    Abstract: A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.
    Type: Grant
    Filed: November 27, 2018
    Date of Patent: June 30, 2020
    Assignee: Network-1 Technologies, Inc.
    Inventor: John A. Nix
  • Patent number: 10674359
    Abstract: A method by which a first vehicle authenticates a second vehicle using a plurality of communication schemes and a vehicle capable of performing the method are disclosed.
    Type: Grant
    Filed: October 16, 2017
    Date of Patent: June 2, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Seong-won Han, Woo-jin Park, Dae-hyun Ban, Sang-soon Lim
  • Patent number: 10652021
    Abstract: The present disclosure relates to secure communication over a cellular network between a mobile terminal 30 and a network entity 40 via a node of a cellular network, wherein a Home Public Land Mobile Network, PLMN, of the mobile terminal generates a ciphering key, CK, and/or an integrity key, IK, for authentication of the mobile terminal and wherein performance of an Authentication and Key Agreement, AKA, procedure between the mobile terminal and the node of the cellular network permits the mobile terminal to determine CK and/or IK. In particular, there is provided the method comprising applying a special key to allow communication of user-plane data between the mobile terminal and the network entity in a trusted manner, wherein the special key is generated from the CK and/or IK but is different from the CK and IK.
    Type: Grant
    Filed: April 13, 2016
    Date of Patent: May 12, 2020
    Assignee: VODAFONE IP LICENSING LIMITED
    Inventor: Aguibou Mountaga Barry
  • Patent number: 10642600
    Abstract: A method and system for securing a cloud application are provided. The method includes receiving a webpage sent to a client device from at least one cloud application; injecting a piece of code into the webpage, wherein the piece of code maintains an encryption key in a document object model (DOM) of the webpage, wherein the piece of code allows encryption of any text field in the webpage when executed by the client device; intercepting at least one encrypted text field inserted into the DOM; and modifying the DOM by decrypting each of the intercepted at least one encrypted text field and inserting each decrypted text field into the DOM.
    Type: Grant
    Filed: May 1, 2019
    Date of Patent: May 5, 2020
    Assignee: Microsoft Technology Licensing, LLC.
    Inventors: Gregory Vishnepolsky, Liran Moysi
  • Patent number: 10623178
    Abstract: Methods and systems for secure messaging may involve receiving an encrypted message from a node, decrypting the message using a default key, sending a message, rotating a group key, and distributing a key rotation message. The message received may be to discover a master of a group. The message sent may welcome the node into the group as a member. The welcome message may be encrypted with the default key and may include information to determine the group key. The group key may be rotated based on an expiration of a group key rotation window. The group key may become a prior group key and the rotated group key may be a current group key. The key rotation message may be encrypted with one of the default key or the prior group key and may include information to determine the current group key.
    Type: Grant
    Filed: July 15, 2016
    Date of Patent: April 14, 2020
    Assignee: Dell Products L.P.
    Inventors: Marshal F. Savage, Cyril Jose
  • Patent number: 10606738
    Abstract: A blockchain test configuration may provide a simple and secure infrastructure for testing applications. One example method of operation may comprise one or more of transmitting a request to a network of nodes to test a test package associated with an application. The method may also include receiving results based on the test of the test package and recording the results in a blockchain.
    Type: Grant
    Filed: February 5, 2018
    Date of Patent: March 31, 2020
    Assignee: International Business Machines Corporation
    Inventors: Vijay Kumar Ananthapur Bache, Jhilam Bera, Arvind Kumar, Bidhu Sahoo
  • Patent number: 10609561
    Abstract: A method performed by a network node (106) of a serving public land mobile network, PLMN, (112) associated with a user equipment, UE, (102) comprising: obtaining a secret identifier (110) that uniquely identifies the UE, wherein the secret identifier is a secret that is shared between the UE and at least a home PLMN of the UE and that is shared by the home PLMN with the network node; and performing an operation (108) related to the UE using the secret identifier. Other methods, computer programs, computer program products, network nodes and a serving PLMN are also disclosed.
    Type: Grant
    Filed: July 12, 2017
    Date of Patent: March 31, 2020
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Prajwol Kumar Nakarmi, Noamen Ben Henda, Christine Jost, Vesa Torvinen
  • Patent number: 10592679
    Abstract: Representative embodiments set forth herein disclose techniques for modifying encryption classes of files. According to some embodiments, a technique can include receiving a request to update an encryption configuration of a file from a current encryption class to an updated encryption class. In response, the technique involves obtaining (i) a first class key associated with the current encryption class, and (ii) a second class key associated with the updated encryption class. Next, the technique involves identifying file extents of the file, where each file extent is encrypted by a respective extent key that is encrypted by the first class key. Finally, the technique involves, for each file extent of the file: (i) decrypting the respective extent key using the first class key to produce a decrypted respective extent key, and (ii) encrypting the decrypted respective extent key using the second class key to produce an updated respective extent key.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: March 17, 2020
    Assignee: Apple Inc.
    Inventors: Eric B. Tamura, Kelly B. Yancey
  • Patent number: 10565074
    Abstract: A computing device configured to identify portions of a computing job that are assigned to the computing device, if any, based on identification information of the computing job and identifiers of a list of computing devices present in a computing network to process the computing job. The portions are identified by the computing device independent of other computing devices in the computing network. For example, the identification information of the computing job can be mapped by the computing device to a set of identifiers of computing devices based on a predetermined computing function. Each of the identifiers corresponds to a predetermined portion of the computing job. If one of identifiers corresponds to the identifier of the computing device, the computer device performs the predetermined portion of the computing job associated with the mapped identifier.
    Type: Grant
    Filed: April 20, 2015
    Date of Patent: February 18, 2020
    Assignee: CYNNY SPACE SRL
    Inventor: Stefano Bargagni
  • Patent number: 10470241
    Abstract: Communication between drones of multiple drone meshes is disclosed. Attributes of drones can be cataloged by a network device. A portion of the drone attribute catalog can be received by a drone belonging to a drone mesh. The drone can determine, based on the portion of the drone attribute catalog, an adaptation to the drone mesh in response to a change in a status of a drone of the drone mesh. The adaptation of the drone mesh can comprise adding a drone to the drone mesh, removing drone from the drone mesh, merging the drone mesh with another drone mesh, splitting the drone mesh into a plurality of drone meshes, forming a submesh of the drone mesh, etc. Receiving the portion of the drone attribute catalog can facilitate self-organization and/or self-optimization of a drone mesh by drones comprising the drone mesh. A drone can concurrently be a member of one or more drone meshes as a result of the adaptation of the drone mesh.
    Type: Grant
    Filed: November 15, 2016
    Date of Patent: November 5, 2019
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Venson Shaw, Sangar Dowlatkhah, Zhi Cui
  • Patent number: 10452821
    Abstract: A method for viewing a plurality of encrypted code displayed within an integrated development environment with a pair of augmented reality (AR) glasses. A plurality of user login credentials submitted by a user utilizing the pair of AR glasses to access a plurality of encrypted code. The method may determine the user is authorized to access a portion of the plurality of encrypted code based on the received plurality of user login credentials. The method may further decrypt the portion based on determining the user is authorized to access the portion. The method may further include displaying the decrypted portion on a lens within the pair of AR glasses.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: October 22, 2019
    Assignee: International Business Machines Corporation
    Inventors: James K. Hook, Hamish C. Hunt, Nicholas K. Lincoln
  • Patent number: 10432261
    Abstract: A method of transferring data between a first device and a second device comprises: bringing a first object into an activation zone of a near-field communication module so as thereby to establish a near-field communication link between the module and the first object. The near-field communication module sends a control signal to at least one of the first and second devices to begin a second communication session through a second, different channel between the first and second devices and the data is transferred between the first device and the second device in the second communication session. The second communication session is ended if the first object is removed from the activation zone.
    Type: Grant
    Filed: May 17, 2016
    Date of Patent: October 1, 2019
    Assignee: Nordic Semiconductor ASA
    Inventor: Tore Austad
  • Patent number: 10320752
    Abstract: This disclosure relates to characterising data sets that are distributed as multiple data subsets over multiple computers such as by determining a gradient of an objective function. A computer determines a partial gradient of the objective function over a data subset stored on the computer and determines random data. The computer then determines an altered gradient by modifying the partial gradient based on the random data and encrypts the altered gradient such that one or more operations on the altered gradient can be performed based on the encrypted gradient and sends the encrypted gradient. Since the partial gradient is altered based on random data and encrypted it is difficult for another computer to calculate the data that is stored on the first computer. This is an advantage as it allows to preserve the privacy of the data stored on the first computer while still allowing to characterise the data set.
    Type: Grant
    Filed: October 26, 2015
    Date of Patent: June 11, 2019
    Assignee: National ICT Australia Limited
    Inventors: Stephen Hardy, Felix Lawrence, Daniel Visentin
  • Patent number: 10313312
    Abstract: A plurality of devices, having common access to a first key under which a set of data objects used by the plurality of devices are encrypted, is caused to replace the first key with a second key by at least causing a device of the plurality of devices to encrypt a subset of the set of data objects that are not selected for electronic shredding, allow access to a data object of the subset regardless of whether the data object is encrypted using the first key or the second key. At a time after the data object becomes accessible by using the second key, each of the plurality of devices is verified have common access to the second key, and the plurality of devices is caused to lose access to the first key.
    Type: Grant
    Filed: March 17, 2017
    Date of Patent: June 4, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Matthew James Wren, Eric Jason Brandwine, Brian Irl Pratt
  • Patent number: 10303895
    Abstract: A data management system stores data related to a plurality of users. The data management system initially stores the data in an encrypted format. The data management system automatically periodically re-encrypts the data in accordance with a re-encryption policy. The re-encryption policy includes re-encryption periodicity data defining a periodicity for automatically re-encrypting the data.
    Type: Grant
    Filed: January 19, 2017
    Date of Patent: May 28, 2019
    Assignee: Intuit Inc.
    Inventors: Sean McCluskey, Elangovan Shanmugam, Narendra Dandekar, Rachit Lohani
  • Patent number: 10305871
    Abstract: A server receives a request from a client to establish a secure session. The server analyzes the request to determine a set of one or more properties of the request. The server selects, based at least in part on the determined set of properties, one of multiple certificates for a hostname of the server, where each of the certificates is signed using a different signature and hash algorithm pair. The server returns the selected certificate to the client.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: May 28, 2019
    Assignee: CLOUDFLARE, INC.
    Inventors: Nicholas Thomas Sullivan, Lee Hahn Holloway, Piotr Sikora, Ryan Lackey, John Graham-Cumming, Dane Orion Knecht, Patrick Donahue, Zi Lin
  • Patent number: 10284525
    Abstract: A device for secure transmission of vehicle data over vehicle datalinks that may be shared with passenger devices and are connected to a publicly shared network is provided. The device comprises a processor embedded within a portion of an Ethernet cable for a vehicle. A plurality of applications resides in the processor and comprises a VPN application, and a VPN address and certificate update application. A first Ethernet transceiver communicates with the processor through the VPN application and also communicates with onboard electronic equipment. A second Ethernet transceiver communicates with the processor through the VPN application and also communicates with an external datalink. The VPN application automatically establishes a VPN when the datalink is available, provides an authentication certificate to verify that the device is a correct and legitimate node, and verifies a VPN hosting certification to determine whether the device is communicating with a correct and legitimate external facility.
    Type: Grant
    Filed: July 11, 2016
    Date of Patent: May 7, 2019
    Assignee: Honeywell lntemational Inc.
    Inventors: James Christopher Kirk, Alexander Chernoguzov, Kevin Staggs
  • Patent number: 10248813
    Abstract: One embodiment provides a method for enabling computation of a signature of an information set given change information by storing information in a hierarchical data structure, the method including: utilizing at least one processor to execute computer code that performs the steps of: receiving change information relating to a first node within the hierarchical data structure; accessing a database comprising at least one key, wherein the at least one key comprises a crypto-hash and is assigned to a node within the hierarchical data structure; identifying a node key within the database that is assigned to the first node; computing a node crypto-hash for the first node after modifying the first node using the received change information; modifying the node key based upon the computed node crypto-hash; and updating the database with the modified node key. Other aspects are described and claimed.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: April 2, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Sheehan Anderson, Manish Sethi
  • Patent number: 10218681
    Abstract: A network control apparatus and method is provided. The method includes operations of informing a server of capability information including an encryption/decryption method, wherein the server provides the network control apparatus with control information used to control a network device using a general-purpose control web application, transmitting to the server a control information requesting message that requests the control information, receiving from the server the control information which has been encrypted using the encryption/decryption method, decrypting the encrypted control information according to the encryption/decryption method, and transmitting a control command for controlling the network device according to the decrypted control information.
    Type: Grant
    Filed: April 27, 2015
    Date of Patent: February 26, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Ho Jin, Jong-wook Park, Young-chul Sohn
  • Patent number: 10193698
    Abstract: A device may receive a message, associated with establishing a secure session, including a first certificate chain associated with a server device. The device may generate a first certificate fingerprint associated with the first certificate chain and determine a policy identifier associated with a security policy on which the first certificate chain is to be validated. The device may identify a second certificate fingerprint associated with a second certificate chain that has been validated based on the security policy. The device may determine whether the first certificate fingerprint matches the second certificate fingerprint.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: January 29, 2019
    Assignee: Juniper Networks, Inc.
    Inventors: Premenjit Das, Rajeev Chaubey
  • Patent number: 10193904
    Abstract: Systems and methods are provided for intrusion detection, specifically, identifying masquerade attacks in large scale, multiuser systems, which improves the scoring systems over conventional masquerade detection systems by adopting distinct alignment parameters for each user. For example, the use of DDSGA may result in a masquerade intrusion detection hit ratio of approximately 88.4% with a small false positive rate of approximately 1.7%. DDSGA may also improve the masquerade intrusion detection hit ratio by about 21.9% over convention masquerade detection techniques and lower the Maxion-Townsend cost by approximately 22.5%. It will also improve the computational overhead.
    Type: Grant
    Filed: July 18, 2016
    Date of Patent: January 29, 2019
    Assignee: QATAR UNIVERSITY
    Inventors: Hesham Abdelazim Ismail Mohamed Kholidy, Abdulrahman Azab, Fabrizio Baiardi
  • Patent number: 10187206
    Abstract: A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.
    Type: Grant
    Filed: August 18, 2017
    Date of Patent: January 22, 2019
    Assignee: Network-1 Technologies, Inc.
    Inventor: John A. Nix
  • Patent number: 10176153
    Abstract: Systems and methods are provided for determining customized markup content to deter malicious attackers and/or to decrease electronic submissions from robots. In some embodiments, markup content may be randomized with unique identifiers, reordering of markup elements, and/or insertion of hidden markup elements. The modifications to markup content may have no impact on human usability of the markup content. However, the customized markup content may render the content unusable by a programmed, automated attacker that cannot parse and/or recognize the content. Thus, automated attackers are deterred from using markup content, while human users remain unaffected.
    Type: Grant
    Filed: September 25, 2014
    Date of Patent: January 8, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Joseph Martin Sack
  • Patent number: 10171426
    Abstract: A network control apparatus and method is provided. The method includes operations of informing a server of capability information including an encryption/decryption method, wherein the server provides the network control apparatus with control information used to control a network device using a general-purpose control web application, transmitting to the server a control information requesting message that requests the control information, receiving from the server the control information which has been encrypted using the encryption/decryption method, decrypting the encrypted control information according to the encryption/decryption method, and transmitting a control command for controlling the network device according to the decrypted control information.
    Type: Grant
    Filed: April 27, 2015
    Date of Patent: January 1, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Ho Jin, Jong-wook Park, Young-chul Sohn
  • Patent number: 10135612
    Abstract: The present disclosure describes techniques for configuring and participating in encrypted audio calls, audio conferences, video calls, and video conferences. In particular, a call initiator generates a meeting identifier and a first meeting key, which are encrypted using a first encryption key and distributed to one or more participants of the call. The one or more participants decrypt the meeting identifier and the first meeting key, and use that information to participate in the encrypted call. Further, participants respond to the encrypted communication data by encrypting their reply data with the first meeting key. The call initiator decrypts the reply data using the first meeting key.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: November 20, 2018
    Assignee: Wickr Inc.
    Inventors: Thomas Michael Leavy, Dipakkumar R. Kasabwala
  • Patent number: 10090999
    Abstract: A device for wireless communication includes key logic configured to obtain a candidate group key corresponding to a data link group. The device also includes a wireless interface configured to transmit an announcement message to one or more devices of the data link group during a paging window designated for the data link group. The announcement message includes a multicast message and indicates availability of the candidate group key, and the announcement message.
    Type: Grant
    Filed: January 26, 2016
    Date of Patent: October 2, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Abhishek Pramod Patil, George Cherian, Soo Bum Lee, Jouni Kalevi Malinen, Santosh Paul Abraham, Alireza Raissinia
  • Patent number: 10044693
    Abstract: In an example embodiment, a submission of confidential data is received from a user. Then, the confidential data is encrypted using a first public key generated as part of a first public key-first private key pair. The encrypted confidential data is stored in a first column of a first submission table in a confidential information database. An identification of the user is encrypted using a second public key different than the first public key, the second public key generated as part of a first public key-first private key pair. Then, the encrypted identification of the user is stored in a second submission table in the confidential information database. The first private key is provided to a first component to decrypt the confidential information, without providing the second private key to the first component.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: August 7, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ahsan Chudhary, Joseph Florencio, Krishnaram Kenthapadi, Anthony Duane Duerr
  • Patent number: 10009376
    Abstract: A Secure Input/Output (I/O) Module (SIOM) is networked-enabled providing secure communications with terminals and peripherals integrated into the terminals. Communications between devices are securely made through encrypted communication sessions provisioned, defined, and managed through a secure protocol using the network-based SIOM. In an embodiment, a single-tenant network-based SIOM is provided. In an embodiment, a hybrid dual single-tenant and multi-tenant network-based SIOM is provided. In an embodiment, a multi-tenant network-based SIOM is provided. In an embodiment, a cloud-based SIOM is provided.
    Type: Grant
    Filed: November 25, 2014
    Date of Patent: June 26, 2018
    Assignee: NCR Corporation
    Inventors: Stavros Antonakakis, Erick Kobres, Bradley William Corrion
  • Patent number: 9965645
    Abstract: Systems, apparatuses, and methods for providing data security for data that is stored in a cloud-level platform. In one embodiment, each session is associated with specific session “keys” for use in encrypting and decrypting data. The session specific keys are generated by a client application and the client public key of a public/private key pair is provided to the cloud platform as part of a user authentication process. If the user is properly authenticated, then the platform creates its own set of keys and sends the server public key of a public/private key pair to the client. When the client requests a data record or document, the platform can determine if the user is authorized to have access to the entire data record or document or only to certain fields or portions of the record or document. Based on that determination, the platform may selectively encrypt certain fields or portions of the record or document with the client public key.
    Type: Grant
    Filed: May 12, 2016
    Date of Patent: May 8, 2018
    Assignee: NETSUITE Inc.
    Inventor: Dale Sinor
  • Patent number: 9934138
    Abstract: A blockchain test configuration may provide a simple and secure infrastructure for testing applications. One example method of operation may comprise one or more of transmitting a request to a network of nodes to test a test package associated with an application. The method may also include receiving results based on the test of the test package and recording the results in a blockchain.
    Type: Grant
    Filed: December 7, 2016
    Date of Patent: April 3, 2018
    Assignee: International Business Machines Corporation
    Inventors: Vijay Kumar Ananthapur Bache, Jhilam Bera, Arvind Kumar, Bidhu Sahoo
  • Patent number: 9900162
    Abstract: A method includes receiving, at an access point of a network, a first message from a wireless device. The method further includes determining a device type of the wireless device. In response to determining that the device type satisfies a criterion, the method includes sending, to the wireless device, a second message granting the wireless device access to the network subject to a first restriction level and sending a network access request to a second device associated with an operator of the access point. The method may further include receiving a response to the network access request from the second device and determining, based on the response, whether to grant the wireless device access to the network subject to a second restriction level.
    Type: Grant
    Filed: November 11, 2015
    Date of Patent: February 20, 2018
    Assignees: AT&T MOBILITY II LLC, AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Morgan D. Woxland, Jonathan Davis
  • Patent number: 9882714
    Abstract: In many secure communication systems, group keys are updated on a regular basis in order to maintain high security level. Decryption and encryption keys are typically updated simultaneously in policy enforcement points (PEPs). Such approach makes the respective communication system prone to dropping of network traffic. According to at least one embodiment, re-keying is performed by installing, at a first phase, a new decryption key at the PEPs without removing an old decryption key previously installed in the PEPs. At a second phase, a new encryption corresponding to the new decryption key is installed and an old encryption key corresponding to the old decryption is removed. At a third stage, the old decryption key and any other old decryption keys are removed from the PEPs.
    Type: Grant
    Filed: March 10, 2014
    Date of Patent: January 30, 2018
    Assignee: Certes Networks, Inc.
    Inventors: Todd L. Cignetti, Miles S. Krivoshia, Ganesh Murugesan, Timothy J. Megela
  • Patent number: 9871653
    Abstract: A technique for key sharing among multiple key servers connected to one another over a communication network is provided herein. Each key sever of the multiple key servers stores respective cryptographic keys, and provides the keys to a local device group connected with the key server, to enable the device group to encrypt messages with the keys. Each key server acts as a proxy for the other key servers in order to receive other keys from the other key servers over the network, and provide the other keys to the device group for use to decrypt messages received from other local device groups respectively connected with the other key servers that were encrypted with the other keys and to check message integrity. The multiple key servers may share keys with each other directly, or alternatively, indirectly through a central key server, as needed to support secure communications between their respective device groups.
    Type: Grant
    Filed: July 18, 2013
    Date of Patent: January 16, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Brian Eliot Weis, Maik Guenter Seewald, Ruben Gerald Lobo
  • Patent number: 9866376
    Abstract: System, device, and method of provisioning cryptographic assets to electronic devices. A delegation message is generated at a first provisioning server. The delegation message indicates provisioning rights that are delegated by the first provisioning server to a second provisioning server with regard to subsequent provisioning of cryptographic assets to an electronic device. The delegation message includes an association key unknown to the first provisioning server, encrypted using a public key of the electronic device. The delegation message further includes a public key of the second provisioning server. The electronic device locally generates the association key, which is unknown to the first provisioning server. The delegation message is delivered to the electronic device. Based on the delegation message, cryptographic assets are provisioned by the second provisioning server to the electronic device, using the association key.
    Type: Grant
    Filed: June 11, 2017
    Date of Patent: January 9, 2018
    Assignee: ARM LIMITED
    Inventors: Hagai Bar-El, Alexander Klimov, Asaf Shen
  • Patent number: 9858442
    Abstract: A system includes a security device, configured for cryptographic processing, coupled to receive incoming data from a plurality of data sources (e.g., data from different customers), wherein the incoming data includes first data from a first data source; a controller (e.g., an external key manager) configured to select a first set of keys from a plurality of key sets, each of the key sets corresponding to one of the plurality of data sources, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device.
    Type: Grant
    Filed: May 10, 2016
    Date of Patent: January 2, 2018
    Assignee: SECTURION SYSTEMS, INC.
    Inventor: Richard J. Takahashi