Key Management Patents (Class 380/277)
-
Patent number: 12218795Abstract: The Internet can be configured to provide communications to a large number of Internet-of-Things (IoT) devices. Devices can be designed to address the need for network layers, from central servers, through gateways, down to edge devices, to grow unhindered, to discover and make accessible connected resources, and to support the ability to hide and compartmentalize connected resources. Network protocols can be part of the fabric supporting human accessible services that operate regardless of location, time, or space. Innovations can include service delivery and associated infrastructure, such as hardware and software. Services may be provided in accordance with specified Quality of Service (QoS) terms. The use of IoT devices and networks can be included in a heterogeneous network of connectivity including wired and wireless technologies.Type: GrantFiled: August 29, 2022Date of Patent: February 4, 2025Assignee: INTEL CORPORATIONInventors: Ned M. Smith, Keith Nolan, Mark Kelly, Gregory Burns, Michael Nolan, John Brady, Cliodhna Ni Scanaill, Niall Cahill, Thiago Macieira, Zheng Zhang, Glen J. Anderson, Igor Muttik, Davide Carboni, Eugene Ryan, Richard Davies, Toby M. Kohlenberg, Maarten Koning, Jakub Wenus, Rajesh Poornachandran, William C. Deleeuw, Ravikiran Chukka
-
Patent number: 12212958Abstract: Aspects are provided which allow a first device to secure transmission of polar encoded control information by encoding at least a portion of frozen bits and/or information bits with a shared key with a second device before these bits are encoded by a polar encoder. The first device determines whether to encode at least one of a plurality of frozen bits or a plurality of information bits using the shared key. Based on the determination, the first device encodes the frozen bits and/or the information bits, and sends the encoded frozen bits and/or the encoded information bits to the second device. Since the receiving device has the shared key, the receiving device may successfully decode the control information, while an eavesdropper who receives the encoded bits may fail to decode the control information due to lack of knowledge of the shared key.Type: GrantFiled: September 8, 2021Date of Patent: January 28, 2025Assignee: QUALCOMM IncorporatedInventors: Ahmed Elshafie, Hung Dinh Ly
-
Patent number: 12192210Abstract: Systems are methods are used for facilitating identify anonymization by using controlled masking and encryption of user identifiers, such as UUIDs. A system that manages a UUID converts the UUID into a set of one or more different unique versions of the UUID for one or more corresponding different partner system(s) by removing and replacing masked portions of the UUID and by selectively encrypting the non-masked portions of the UUID. New masked portions added to the new version(s) of the UUID identify different corresponding partner(s) and/or rules to be applied by the different partner(s) when handling the different unique version(s) of the UUID(s). Partner systems that receive the new versions of the UUID identify and utilize the new masked portions to deterministically control decrypting and/or other processing of the new version of the UUID.Type: GrantFiled: October 14, 2022Date of Patent: January 7, 2025Assignee: Microsoft Technology Licensing, LLCInventor: Guillermo Paul Proano
-
Patent number: 12184755Abstract: A homomorphic encryption system includes a homomorphic encryption device encrypting original data into a first ciphertext using a homomorphic encryption algorithm, and a homomorphic encryption operation device receiving the first ciphertext from the homomorphic encryption device and performing an approximate arithmetic operation of a transcendental function with respect to the first ciphertext and a second ciphertext by performing a homomorphic multiplication operation in a binary tree structure.Type: GrantFiled: May 9, 2022Date of Patent: December 31, 2024Assignee: Samsung Electronics Co., Ltd.Inventors: Youngsik Moon, Jiyoup Kim, Hanbyeul Na, Hongrak Son
-
Patent number: 12184748Abstract: A method for transmitting data from a first sub-system to a second sub-system includes the steps of providing a dataset by the first sub-system, the dataset having a data structure identifier and a data value; sending the dataset to the second sub-system; receiving the dataset by the second sub-system; checking whether complete assignment information regarding the data structure assigned to the data structure identifier is present in the second sub-system; recovering any missing assignment information from a communication broker in the event that the second sub-system does not contain complete assignment information; and determining the data structure on the basis of the data structure identifier and the assignment information. A corresponding system, a corresponding first sub-system, a corresponding second sub-system and a communication broker are also proposed.Type: GrantFiled: February 18, 2021Date of Patent: December 31, 2024Assignee: Siemens AktiengesellschaftInventors: Kai Höfig, Chee-Hung Koo, Stefan Rothbauer, Sebastian Schröck, Marian Marcel Vorderer, Marc Zeller
-
Patent number: 12177128Abstract: Methods and systems for autonomous rule-based task coordination amongst edge devices are disclosed. Embodiments of the present technology may include a method for processing packet traffic at an edge device, the method including determining a side of a communication that corresponds to an edge device with regard to packet traffic. Embodiments may also include applying a task distribution rule to the packet traffic using the determined side of the communication that corresponds to the edge device to determine if a particular task related to the packet traffic should be executed at the edge device. In some embodiments, the task distribution rule is configured to ensure that the particular task is executed at only one side of the communication.Type: GrantFiled: December 22, 2020Date of Patent: December 24, 2024Assignee: PENSANDO SYSTEMS INC.Inventor: Mario Baldi
-
Patent number: 12164284Abstract: A method for collecting and pushing data from an industrial robot controller to at least one data consumer operating a consumer server, implementing a consumer data format and communication protocol, the method including the following steps implemented by a control unit of the industrial robot controller: command the data collector to collect data; command the data collector to store the data in a generic data buffer, the data being stored in a generic format; command the protocol and data adaptor to retrieve stored data from the generic data buffer, and to convert the retrieved data generic format into the consumer data format, and to push the converted data to the consumer server according to the consumer communication protocol.Type: GrantFiled: October 5, 2020Date of Patent: December 10, 2024Assignee: ABB SCHWEIZ AGInventors: Jean-Christophe Alt, Suresh Kumar, Roger Kullang
-
Patent number: 12166862Abstract: According to one embodiment, a storage system includes a processor, a storage device, and a first memory. The storage device includes a nonvolatile memory, a control circuit, and a second memory. The processor retrieves, based on a retrieval key and retrieval information stored in the first memory, location information of data including the retrieval key and a value, and transmits the location information and the retrieval key to the control circuit. The control circuit reads the data from the nonvolatile memory based on the location information and the retrieval key, stores the data in the second memory, retrieves the value corresponding to the retrieval key from the data, and transmits the value to the processor.Type: GrantFiled: April 21, 2023Date of Patent: December 10, 2024Assignee: KIOXIA CORPORATIONInventor: Kazuhiro Hiwada
-
Patent number: 12141332Abstract: A computation procedure change unit (100) changes a computation procedure, each time a computation execution time arrives to execute computation that uses a learning parameter having a value to be adjusted by machine learning, irregularly to a computation procedure which is different from a pre-change computation procedure and with which the same computation result as a computation result obtained by executing computation in accordance with the pre-change computation procedure is obtained. A computation execution unit (101) executes computation that uses the learning parameter, each time the computation execution time arrives, in accordance with the computation procedure that has been changed by the computation procedure change unit (100).Type: GrantFiled: May 11, 2022Date of Patent: November 12, 2024Assignee: Mitsubishi Electric CorporationInventor: Tsunato Nakai
-
Patent number: 12126713Abstract: Systems, methods, and computer program products are provided for quantum computing (QC) detection. An example QC detection system includes QC detection data generation circuitry that generates QC detection data. The QC detection system also includes cryptographic circuitry that distorts the QC detection data via a first post-quantum cryptographic (PQC) technique and generates a pair of asymmetric cryptographic keys including a public cryptographic key and a private cryptographic key. The cryptographic circuitry further generates encrypted QC detection data based on the pair of asymmetric cryptographic keys and destroys the private cryptographic key. The QC detection system further includes data monitoring circuitry that monitors a set of data environments for electronic information related to the encrypted QC detection data.Type: GrantFiled: January 17, 2020Date of Patent: October 22, 2024Assignee: Wells Fargo Bank, N.A.Inventors: Ramanathan Ramanathan, Andrew J. Garner, IV, Abhijit Rao, Pierre Arbajian, Michael Erik Meinholz, Omar B. Khan, Ramesh Yarlagadda
-
Patent number: 12120217Abstract: A fully homomorphic white-box implementation of one or more cryptographic operations is presented. This method allows construction of white-box implementations from general-purpose code without necessitating specialized knowledge in cryptography, and with minimal impact to the processing and memory requirements for non-white-box implementations. This method and the techniques that use it are ideally suited for securing “math heavy” implementations, such as codecs, that currently do not benefit from white-box security because of memory or processing concerns. Further, the fully homomorphic white-box construction can produce a white-box implementation from general purpose program code, such as C or C++.Type: GrantFiled: June 22, 2023Date of Patent: October 15, 2024Assignee: ARRIS Enterprises LLCInventor: Lex Aaron Anderson
-
Patent number: 12120506Abstract: Devices, methods, and a computer program for releasing transportation vehicle components and a vehicle-to-vehicle communication module. The device for releasing a vehicle component of a transportation vehicle includes at least one interface for communication with further vehicle components of the transportation vehicle and a control module for controlling the at least one interface to receive messages from the further vehicle components of the transportation vehicle and to verify the identity of the further vehicle components based on the received messages and the stored identification data of the further vehicle components. The messages on which the verification of the identity of the further vehicle components is based are messages used in regular operation of the vehicle component. The control module also releases the vehicle component in response to the identity of the further transportation vehicle components being consistent with the stored identification data of the further vehicle components.Type: GrantFiled: November 19, 2022Date of Patent: October 15, 2024Assignee: VOLKSWAGEN AKTIENGESELLSCHAFTInventors: Timo Winkelvos, Alexander Tschache
-
Patent number: 12099611Abstract: The present invention discloses a system for authenticating and securing message/instruction transmission, including a hardware processing unit for testing the validity of original message or derivative of the original message by running specific firmware code resulting first test results, a software processing unit, for testing the validity of the original message or derivative of the original message by running specific software code, for resulting a second test result, and a logic comparison module, for comparing between the first and the second test results, wherein the comparison authenticates the message. The testing is performed simultaneously at the hardware processing unit and the software processing unit. According to some embodiments of the present invention the logic comparison module is implemented as a hardware module including a gates array including at least one logic gate.Type: GrantFiled: June 24, 2020Date of Patent: September 24, 2024Inventors: Michael Ratiner, Dan Eliav
-
Patent number: 12088694Abstract: A first electronic device according to various embodiments of the disclosure may include: a communication circuit, and at least one processor. The at least one processor may be configured to: receive, through the communication circuit, a first public key and a first request for a first symmetric key from a second electronic device, encrypt the first symmetric key using the first public key, transmit, through the communication circuit, the encrypted first symmetric key to the second electronic device, generate at least one second symmetric key corresponding to at least one object, encrypt the at least one object using the generated at least one second symmetric key, encrypt each of the at least one second symmetric key using the first symmetric key, and transmit, through the communication circuit, the encrypted at least one object and the encrypted at least one second symmetric key to the second electronic device.Type: GrantFiled: December 16, 2021Date of Patent: September 10, 2024Assignee: SAMSUNG ELECTRONICS CO., LTD.Inventors: Heejin Woo, Kyunghee Lee, Yongwook Kim, Sungjun Yi, Yoserb Yi
-
Patent number: 12089178Abstract: A secure ranging system can use a secure processing system to deliver one or more ranging keys to a ranging radio on a device, and the ranging radio can derive locally at the system ranging codes based on the ranging keys. A deterministic random number generator can derive the ranging codes using the ranging key and one or more session parameters, and each device (e.g. a cellular telephone and another device) can independently derive the ranging codes and derive them contemporaneously with their use in ranging operations.Type: GrantFiled: October 6, 2023Date of Patent: September 10, 2024Assignee: APPLE INC.Inventors: Jerrold V. Hauck, Alejandro J. Marquez, Timothy R. Paaske, Indranil S. Sen, Herve Sibert, Yannick L Sierra, Raman S. Thiara
-
Patent number: 12074864Abstract: A mechanism for building decentralized computer applications that execute on a distributed computing system. The present technology works within a web browser, client application, or other software and provides access to decentralized computer applications through the browser. The present technology is non-custodial, wherein a public-private key pair, which represents user identity, is created on a client machine and then directly encrypted by a third-party platform without relying on one centralized computing system.Type: GrantFiled: January 8, 2024Date of Patent: August 27, 2024Assignee: Magic Labs, Inc.Inventors: Fei-Yang Jen, Yi Wei Chen, Jaemin Jin, Hanyu Xue, Wentao Liu, Shang Li
-
Patent number: 12058144Abstract: A method and apparatus for integrity protecting data that include and perform: receiving as input data any new digital information from one or more sources; forming a protection block representing the input data received during a first period of time, if any; forming a digital descriptor using at least the protection block; and producing a delay-coding verification code based on the digital descriptor and a previous verification code.Type: GrantFiled: February 12, 2019Date of Patent: August 6, 2024Assignee: NOKIA TECHNOLOGIES OYInventors: Erez Waisbard, Louis M. Shekhtman
-
Patent number: 12058255Abstract: The present description concerns an electronic system including one or a plurality of first microprocessors, a second microprocessor for securely managing first encryption keys of the first microprocessors, the second microprocessor being configured to communicate with each first microprocessor and including a first non-volatile memory having at least one second key stored therein, and for each first microprocessor, a second non-volatile memory external to the second microprocessor and containing the first keys of the first microprocessor encrypted with the second key.Type: GrantFiled: December 16, 2021Date of Patent: August 6, 2024Assignees: STMicroelectro cs (Rousset) SAS, STMicroelectronics (Grand Ouest) SASInventors: Julien Couvrand, William Orlando
-
Patent number: 12052346Abstract: A secret is sliced into a number of encrypted slices. The encrypted slices can be distributed amongst members of a group. The encrypted slices make recovery of the secret possible, but a group authority key is required for decryption. Thus, a number of slices are necessary, but still not sufficient, to recover the secret.Type: GrantFiled: July 2, 2020Date of Patent: July 30, 2024Assignee: International Business Machines CorporationInventor: Steven Robert Hetzler
-
Patent number: 12047493Abstract: Techniques are provided for threshold-based override of data privacy. One method comprises creating, by a service provider, an agreement with a user employing a user device, wherein the agreement is maintained on a distributed ledger, wherein user data sent to the distributed ledger is encrypted using an inner key and an outer key (split into multiple outer key shares and distributed to the user, the service provider and/or voters), wherein a predefined number of multiple outer key shares is required to reconstruct the outer key. To access the encrypted data of the user in some embodiments, the service provider: obtains a reconstructed outer key if the number of outer key shares provided by the user, the service provider and/or the voters satisfies the predefined number of outer key shares key; and decrypts the encrypted user data using the reconstructed outer key and the inner key.Type: GrantFiled: October 30, 2019Date of Patent: July 23, 2024Assignee: EMC IP Holding Company LLCInventor: Naveen Sunkavally
-
Patent number: 12015702Abstract: This disclosure describes techniques for exchanging keys associated with encrypted media sessions using blockchains. In an example method, one or more encrypted frames are generated by encrypting one or more media frames based on an encryption key. Data indicating a ledger in a blockchain is transmitted to one or more computing devices. The ledger includes a decryption key configured to decrypt the one or more encrypted frames. Data packets are generated by packetizing the one or more encrypted frames. The data packets are transmitted to the one or more computing devices.Type: GrantFiled: June 16, 2021Date of Patent: June 18, 2024Assignee: Cisco Technology, Inc.Inventor: Sebastian Jeuk
-
Patent number: 12002040Abstract: A device is configured to process contactless payments by wirelessly reading account information from enabled payment instruments and providing the account information, along with other information, to a remote payment processing system. The device has an embedded reader, such as a near-field communications (NFC) reader or a radio-frequency identification (RFID) reader. The operating system of the device has a device driver that provides access to the embedded reader. The device driver is implemented as part of the operating system kernel in order to protect it from access by non-privileged software. A POS application installed on the device uses the device driver to obtain payment instrument information from a payment instrument such as a credit card. Before providing the payment instrument information to the POS application, the device driver encrypts the payment instrument information using a public key provided by the payment processing system.Type: GrantFiled: September 26, 2022Date of Patent: June 4, 2024Assignee: Block, Inc.Inventors: Christopher Rohlf, Richard Neal Harris, Fredrick Lee
-
Patent number: 12003957Abstract: This document describes techniques and apparatuses for distributed network cellular identity management. In particular, a distributed-network cellular-identity-management (DNCIM) server includes a lookup table that stores and relates together a user-equipment (UE) public key associated with a UE private key, a core-network (CN) public key associated with a CN private key, and a subscriber identity. Using the DNCIM server, the UE and an authentication server respectively generate two different (e.g., asymmetric) cipher keys based on the UE private key and the CN public key, and the UE public key and the CN private key. The UE and the authentication server can also authenticate one another by referencing information in the lookup table of the DNCIM server. Using these cipher keys, the UE and the authentication server can establish secure communications with each other.Type: GrantFiled: September 30, 2019Date of Patent: June 4, 2024Assignee: GOOGLE LLCInventors: Erik Richard Stauffer, Jibing Wang
-
Patent number: 11991274Abstract: Some embodiments are directed to a system with a first cryptographic device (10) and second cryptographic device (20). The devices may compute a final seed from a preshared secret known to the devices, and on a pre-seed that exchanged between them. The final seed may be used to derive a common object (a).Type: GrantFiled: June 11, 2020Date of Patent: May 21, 2024Assignee: Koninklijke Philips N.V.Inventors: Oscar Garcia Morchon, Ludovicus Marinus Gerardus Maria Tolhuizen, Sauvik Bhattacharya
-
Patent number: 11979494Abstract: The disclosed exemplary embodiments include computer-implemented systems, devices, and processes that securely manage and regenerate cryptographic keys using permissioned distributed ledgers. For example, a device may receive, from a first computing system, data indicative of a recordation of a first public key onto a distributed ledger. Based on an occurrence of a regeneration condition, the device may transmit, to a second computing system, a second public key and a first digital signature, and the second computing system may validate the first digital signature, apply a second digital signature to the second public key, and transmit the second public key and the digital signatures to the first computing system. The device also receives, from the first computing system, additional data indicative of a recordation of the second public key onto the distributed ledger, and based on the additional data, the device may invalidate the first private key.Type: GrantFiled: April 13, 2022Date of Patent: May 7, 2024Assignee: The Toronto-Dominion BankInventors: Alexey Shpurov, Albert Louis Rothenstein, Adrian Chung-Hey Ma, Buturab Rizvi, Alexandra Tsourkis, Francis James Alexander Guttridge
-
Patent number: 11979376Abstract: A method of and system for utilizing an access token to authenticate a client device for accessing a resource server include generating a session key for a communication session between the device and a resource server, deriving a nonce from the session key, and transmitting a request to an identity platform for authenticating the device to access the resource server, where the request includes the nonce. Upon confirmation of authentication, the method and system may include receiving an access token from the identity platform, the access token including information that confirms authentication of the device, and transmitting the access token to the resource server to enable access to the resource server, where the access token includes the nonce.Type: GrantFiled: June 30, 2020Date of Patent: May 7, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Alan Thomas Gavin Jowett, Andrew Albert Hodgkinson, Lance Vernon Crandall, Jeffrey Scott Pinkston
-
Patent number: 11973617Abstract: Systems, methods, and devices of the various embodiments may enable distributed prefix signing by including a signature in a transitive Border Gateway Protocol (BGP) attribute of a new prefix announcement, and sending the new prefix announcement to peer components. The peer components may query an address and routing parameter area (ARPA) record to obtain nameserver information for an entity associated with the received prefix announcement in response to determining that the received prefix announcement includes a transitive BGP attribute that includes the signature, retrieve a public key from a Domain Name System (DNS) text record, and determine whether the signature included in the transitive BGP attribute of the received prefix announcement is valid based on the public key retrieved from the DNS text record.Type: GrantFiled: October 28, 2021Date of Patent: April 30, 2024Assignee: Charter Communications Operating, LLCInventors: Jody Lee Beck, Willard Andrew Gray
-
Patent number: 11934516Abstract: A non-transitory computer-readable storage medium, a secure application framework, a system, and a computer implemented method for enabling secure processing of data are disclosed. The method comprises steps performed within a secure application framework running in a trusted execution environment. The data encrypted using a first random key are received, the first random key is received in a secure way, and the encrypted data is decrypted using the first random key. The data are then input to the processing application, the processing application is executed to process the input data, and output data are received from the processing application. A second random key is generated, the output data are encrypted using the second random key, the second random key is encrypted using a public key of a storage device, and the encrypted output data and the encrypted second random key are sent to the storage device.Type: GrantFiled: August 16, 2022Date of Patent: March 19, 2024Assignee: AXIS ABInventor: Fredrik Hugosson
-
Patent number: 11936782Abstract: The performance of quantum key distribution by systems and methods that use wavelength division multiplexing and encode information using both wavelength and polarization of photons of two or more wavelengths. Multi-wavelength polarization state encoding schemes allow ternary-coded digits, quaternary-coded digits and higher-radix digits to be represented by single photons. Information expressed in a first radix can be encoded in a higher radix and combined with a string of key values to produce a datastream having all allowed digit values of that radix in a manner that allows eavesdropping to be detected without requiring the sender and receiver to exchange additional information after transmission of the information.Type: GrantFiled: February 1, 2023Date of Patent: March 19, 2024Assignee: ARIZONA BOARD OF REGENTS ON BEHALF OF NORTHERN ARIZONA UNIVERSITYInventors: Bertrand F. Cambou, Ines Montano, Ryan Behunin, Vince Rodriguez
-
Patent number: 11902781Abstract: Embodiments of a device and method are disclosed. In an embodiment, a method of communications involves from a wireless sensor deployed at a customer site, connecting to a wireless access point (AP) deployed at the customer site and based on a private key stored in the wireless sensor, performing mutual authentication between the wireless sensor and an authentication server connected to the wireless AP.Type: GrantFiled: December 19, 2022Date of Patent: February 13, 2024Assignee: NILE GLOBAL, INC.Inventors: Gopal Raman, Suresh Katukam, Promode Nedungadi, Sathish Damodaran, Tjandra Trisno, Avinash Kumar, Steve Alexander
-
Patent number: 11902776Abstract: Provided is an authentication device capable of generating a master key suited to a UE in a 5GS. The authentication device (10) includes a communication unit (11) configured to, in registration processing of user equipment (UE), acquire UE key derivation function (KDF) capabilities indicating a pseudo random function supported by the UE, a selection unit (12) configured to select a pseudo random function used for generation of a master key related to the UE by use of the UE KDF capabilities, and a key generation unit (13) configured to generate a master key related to the UE by use of the selected pseudo random function.Type: GrantFiled: December 9, 2022Date of Patent: February 13, 2024Assignee: NEC CORPORATIONInventors: Sheeba Backia Mary Baskaran, Anand Raghawa Prasad, Sivabalan Arumugam, Sivakamy Lakshminarayanan, Hironori Ito, Andreas Kunz
-
Patent number: 11893577Abstract: Aspects of the disclosure relate to storing sensitive information. A computing platform may split a signature key into shares, which may be used to regenerate the signature key. The computing platform may encrypt these shares using corresponding SEKs, and may subsequently encrypt the SEKs using corresponding operator keys. The computing platform may distribute the operator keys to user devices via corresponding HSMs. The computing platform may store the encrypted shares, encrypted SEKs, and identifiers of the user devices. The computing platform may receive requests for the encrypted SEKs from the user devices, and may send the respective encrypted SEKs accordingly. The user devices may return, to the computing platform, corresponding decrypted SEKs. The computing platform may use the SEKs to decrypt the encrypted shares, which may then be used to reconstruct the signature key.Type: GrantFiled: November 24, 2021Date of Patent: February 6, 2024Assignee: Coinbase, Inc.Inventors: Jeremy Suurkivi, Andrew Pau, Jayasudha Jayakumaran
-
Patent number: 11895228Abstract: A network device may establish a media access control security (MACsec) key agreement (MKA) session with another network device via a MACsec communication link; establish a fast heartbeat session via the MACsec communication link, between a first packet processing engine of the network device and a second packet processing engine of the other network device, where the fast heartbeat session is to permit the first packet processing engine and the second packet processing engine to exchange fast heartbeat messages via the fast heartbeat session and the MACsec communication link; place an MKA protocol of the MKA session in a pause state until the first packet processing engine detects a rekey event; determine that a key for the MKA session is to be regenerated based on detection of the rekey event; and perform an action based on the rekey event for the MKA session.Type: GrantFiled: November 22, 2022Date of Patent: February 6, 2024Assignee: Juniper Networks, Inc.Inventors: Baba Syed Mazaz Hussain, Sachin Mutalik Desai
-
Patent number: 11888983Abstract: Examples described herein relate to systems, apparatuses, methods, and non-transitory computer-readable medium for recovering a session object associated with a secure session established by a security protocol server, including receiving, by a recovery server, an encrypted session object from the security protocol server, wherein the encrypted session object is unique to the secure session, generating, by the recovery server, a recovery key based on a first initial key and a recovery key sequence number, wherein the recovery key sequence number corresponds to a number of times that secure sessions have been established since the first initial key is received by the security protocol server, and decrypting, by the recovery server, the encrypted session object using the recovery key to generate the session object associated with the secure session.Type: GrantFiled: September 29, 2020Date of Patent: January 30, 2024Assignee: Wells Fargo Bank, N.A.Inventors: Phillip H. Griffin, Jeffrey J. Stapleton
-
Patent number: 11882218Abstract: A matching apparatus generates a random number and transmits second encrypted data obtained by performing an operation of first encrypted data of each of first values related to a first binary vector encrypted and the random number to a matching request apparatus; transmits third encrypted data obtained by performing an operation of the second encrypted data and elements of a matching target second binary vector; based on a second value related to the first binary vector encrypted with the encryption key, the encrypted data and the random number, generates and transmits encrypted data and transmits the generated data to a verification apparatus as a query; and determines whether a count number of mismatched elements between the second binary vector and the first binary vector is less than or equal to a predetermined number based on values obtained by decrypting the encrypted data in the query.Type: GrantFiled: August 9, 2021Date of Patent: January 23, 2024Assignee: NEC CORPORATIONInventors: Haruna Higo, Toshiyuki Isshiki
-
Patent number: 11870898Abstract: A system for split keys for wallet recovery includes an interface configured to receive a request to recover a user private key, and a processor configured to provide a request to a credential issuing authority for a first encrypted recovery key share, wherein the request includes a first identification credential, receive the first encrypted recovery key share from the credential issuing authority, provide a request to a trusted organization for a second encrypted recovery key share, wherein the request includes a second identification credential, receive the second encrypted recovery key share from the trusted organization, combine the first encrypted recovery key share and the second encrypted recovery key share to determine a recovered encryption key, and determine the user private key using the recovered encryption key.Type: GrantFiled: May 21, 2020Date of Patent: January 9, 2024Assignee: Workday, Inc.Inventors: Bjorn Hamel, Prakash Sundaresan
-
Patent number: 11863977Abstract: A key generation method includes a user plane network function and a terminal device obtain key update information sent by each other. The user plane network function updates, by using the obtained key update information, a sub-key derived from a permanent key, to obtain a new protection key. The terminal device updates, by using the obtained key update information, a sub-key derived from the permanent key, to obtain a new protection key. The terminal device and the user plane network function perform, by using the new protection key, security protection on user plane data transmitted between the terminal device and the user plane network function.Type: GrantFiled: April 28, 2021Date of Patent: January 2, 2024Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Zhongding Lei, Haiguang Wang, Xin Kang
-
Patent number: 11841985Abstract: Methods and systems for implementing security operations in an input/output (I/O) device are disclosed. In an embodiment, an I/O (Input/Output) device involves an I/O port, a host bus configured to be connected to a host, a data processing pipeline within the I/O device coupled to the I/O port and to the host bus to process and forward data between the I/O port and the host bus, and a hardware security module (HSM) within the I/O device coupled to the host bus and to the data processing pipeline, the HSM comprising a crypto engine configured to encrypt and decrypt data of the data processing pipeline, and a secure key storage coupled to the crypto engine containing encryption keys for use in encrypting and decrypting packets, wherein the secure key storage contains keys that are encrypted by the HSM and that are accessible through the HSM.Type: GrantFiled: September 3, 2020Date of Patent: December 12, 2023Assignee: Pensando Systems Inc.Inventors: Enrico Schiattarella, David Antony Clear, Vipin Jain
-
Patent number: 11831687Abstract: A remote attestation system for a computer network includes an attestation operations subsystem configured to manage attestation procedures for the remote attestation system, and an attestation server pool including a plurality of attestation servers. The plurality of attestation servers is configured to perform attestation of at least one host in a data center. The system further includes an attestation state database configured to store a state of attestation of the at least one host, an attestation policy database configured to store at least one operator policy of the computer network, and an end-user service portal configured to provide access to the remote attestation system by users of the computer network.Type: GrantFiled: October 13, 2022Date of Patent: November 28, 2023Assignee: Cable Television Laboratories, Inc.Inventors: Steven J. Goeringer, Igor Faynberg, Donald E. A. Clarke
-
Patent number: 11824990Abstract: Systems and methods for verifying proofs generated from shared data without revealing the shared data are provided. In one aspect, a method comprises receiving, from a first node, a first proof generated from a first private key associated with the first node and data shared between the first node and a second node; receiving, from the second node, a second proof generated from a second private key associated with the second node and the shared data; verifying, without revealing the shared data, the first proof and the second proof were both generated from the shared data with a first public key mathematically related to the first private key, and a second public key mathematically related to the second private key; and preforming an action based on the verification of the first proof and the second proof both being generated from the shared data.Type: GrantFiled: May 17, 2022Date of Patent: November 21, 2023Assignee: Dapper Labs, Inc.Inventor: Tarek Ben Youssef
-
Patent number: 11816240Abstract: A self-modifying data container for improved data security and methods of use are disclosed. The self-modifying data container includes a data storage structure for storing financial transaction information. The self-modifying data container also includes a data manager stored as code within the container. The data manager can run on a system hosting the self-modifying data container. The data manager can access transaction information in the data storage structure and modify the data in response to modification triggers. The data manager can delete data in the data storage structure. The data manager can also encrypt data in the data storage structure. The self-modifying data container improves both data security and data privacy.Type: GrantFiled: November 24, 2020Date of Patent: November 14, 2023Assignee: United Services Automobile Association (USAA)Inventors: Michael J. Maciolek, Timothy Frank Davison, Donnette L. Moncrief Brown, Bryan J. Osterkamp, Kori Rochelle Newman, Brian Francisco Shipley, Eric David Schroeder, Robert Wiseman Simpson, Manfred Amann
-
Patent number: 11811922Abstract: A key generation device for a vehicle-internal communication system and a method for the vehicle-internal management of cryptographic keys comprises providing at least one secret for a vehicle-internal key generation device and generation of at least one new cryptographic key by the vehicle-internal key generation device on the basis of the at least one secret. The generation and providing of the at least one new cryptographic key takes place autonomously and is triggered by a key-exchange event, or a combination of key-exchange events. The key-exchange event may be one of a vehicle-internal change, an environmental change and a security key.Type: GrantFiled: February 3, 2021Date of Patent: November 7, 2023Assignee: Continental Teves AG & Co. OHGInventors: Marc Sebastian Patric Stöttinger, Patrick Thomas Michael Klapper
-
Patent number: 11811741Abstract: A first terminal holds first encrypted data encrypted by using a first key by a first encryption scheme having deterministic and commutativity, a second terminal holds second encrypted data encrypted by using a second key by the first encryption scheme, the first terminal transmits the first encrypted data to the second terminal, the second terminal transmits the second encrypted data to the first terminal, the first terminal generates third encrypted data by encrypting the second encrypted data by using the first key by the first encryption scheme, the third encrypted data is transmitted to the second terminal, the second terminal decrypts the third encrypted data with the second key, and calculates a common part between the second encrypted data and the decrypted third encrypted data, and transmits the common part to the first terminal, and the first terminal decrypts the common part with the first key.Type: GrantFiled: September 3, 2021Date of Patent: November 7, 2023Assignee: Hitachi, Ltd.Inventors: Hisayoshi Sato, Masayuki Yoshino
-
Patent number: 11799726Abstract: Some embodiments provide a method for distributing a service rule that is to be enforced across a first set of sites and that is defined by reference to a group identifier that identifies a group of machines. The method distributes the service rule to each site in the first set of sites. The method identifies at least one site in the first set of sites that is not in a second set of sites that has already received a definition of the group. The method distributes the group definition to each identified site in the first set of sites that has not already received the definition of the group.Type: GrantFiled: June 19, 2020Date of Patent: October 24, 2023Assignee: VMWARE, INC.Inventors: Ganesan Chandrashekhar, Pankaj Thakkar, Sachin Mohan Vaidya, Ujwala Kawalay, Amarnath Palavalli, Bhagyashree Gujar
-
Patent number: 11799633Abstract: The present application discloses a method, system, and computer system for managing data using keys. The method includes receiving a request to access data stored within a tenant database associated with a tenant, wherein the data is encrypted based at least in part on a tenant service encryption key (TSEK) corresponding to the tenant database, determining a wrapper key used in connection with encrypting the TSEK based at least in part on a TSEK metadata stored in association with the TSEK, determining a top-level key used in connection with encrypting the wrapper key based at least in part on wrapper key metadata stored in association with the encrypted version of the wrapper key, obtaining the data stored within the tenant database, comprising decrypting at least part of the data based at least in part on (i) the TSEK, (ii) the wrapper key, and (iii) the top-level key, and providing the data in response to the request. The TSEK metadata is stored in the tenant database.Type: GrantFiled: September 27, 2021Date of Patent: October 24, 2023Assignee: Workday, Inc.Inventors: Miguel Leonardo Chinchilla Cartagena, Karina Si-Woon Chan, Aswani Kaushik Chimthapalli, Michael Clarke, Amol Anant Deshmukh, Subha Gopalakrishnan, Bjorn Brook Hamel, Louis James LaTouche, Atlee Glen Lyden, Marcus Anthony Sanchez, Jasmine Teresa Schladen, Devaki Ajinkya Tarkunde, Harrison Yu
-
Patent number: 11790106Abstract: Systems and methods utilized to protect data. One method includes maintaining, by a first processing circuit in a production database of a production environment system, ciphertext data associated with a cryptographic function, wherein the production environment system corresponds to a first access level. The method further includes masking, by a second processing circuit in a middle environment system, the ciphertext data using a masking function to generate alternate ciphertext data, wherein the middle environment system is a proxy and communicably coupled with the production environment system over a secure network. The method further includes decrypting, by the second processing circuit in the middle environment system, the alternate ciphertext data utilizing a symmetric key to generate masked cleartext data, and storing, by the second processing circuit in a lower environment system, the masked cleartext data in a lower database, wherein the lower environment system correspond to a second access level.Type: GrantFiled: April 18, 2022Date of Patent: October 17, 2023Assignee: Wells Fargo Bank, N.A.Inventor: Jeff J. Stapleton
-
Patent number: 11790050Abstract: A device may not trust another device with which it is in communication. To establish trust, a first device may send a second device an indication of signed code that is stored in a protected memory of the first device. Based on determining that the first device is a trusted device, the second device may send the first device an encrypted content asset, a decryption key associated with the content asset, and/or an encryption key associated with the content asset.Type: GrantFiled: July 11, 2022Date of Patent: October 17, 2023Assignee: Comcast Cable Communications, LLCInventor: Andrew Morrow
-
Patent number: 11777714Abstract: The foundation of Matrix Encryption is a discrete function called the Modified Combinatorial Batch Decimation Function (CBDF-Mod) and its asymmetric inverse (CBDI-Mod). Herein we disclose the nature of Matrix Encryption, an encryption technology built upon these two discrete functions, together with their shared, Secondary Variable Functions. Matrix Encryption implements a block encryption with arbitrary block size dependent upon the length of text to be encrypted, thereby allowing for keys of user desired length and for the surpassing of industry standards of security. A Master Key may be used to generate a Key Set containing keys of appropriate length for any data presented above a minimum length, up to a length corresponding to the length of a message for which the Master Key is appropriate. Matrix Encryption reads and writes numerically encrypted text to text files as designated by the user.Type: GrantFiled: December 17, 2021Date of Patent: October 3, 2023Inventor: Watson Knox Williams, Jr.
-
Patent number: 11777710Abstract: Disclosed are systems, methods, and non-transitory computer-readable media for cryptography using different sized symbol sets. To protect against a brute force or other similar type of attack, multiple symbol sets having different sizes can be used for encrypting/decrypting data. For example, different portions of the data (e.g., data blocks representing multiple symbols, set of bits representing a single symbol) may be encrypted/decrypted using different symbol sets that include different numbers of unique symbols. Using different sized symbol sets adds additional complexity to the encryption process, thereby greatly increasing the difficulty in decrypting the encrypted data with a brute force attack.Type: GrantFiled: September 28, 2022Date of Patent: October 3, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Amer Aref Hassan, Whitney J Giaimo, Roy D. Kuntz
-
Patent number: RE49968Abstract: Method of certification including receiving user data at a device of a certifying entity. The method includes generating a salt that is unique. The method includes hashing the data combined with the salt to create a generated hashed data. The method includes generating a certification record based on signing the generated hashed data using a private key of the certifying entity to create a signed certification of the data. The method includes hashing the certification record. The method includes transmitting the hashed certification record to a blockchain for storing. The method includes receiving a certification tx-ID of the hashed certification record. The method includes generating a certification data block including the certification record and the certification tx-ID. The method includes storing the certification data block to a side chain.Type: GrantFiled: May 24, 2022Date of Patent: May 14, 2024Assignee: Ping Identity CorporationInventors: Armin Ebrahimi, Gaurav Khot, Vladimir Reshetnikov, Robert Gadbois