Key Management Patents (Class 380/277)
  • Patent number: 11074997
    Abstract: A multi-modal encrypted messaging platform to provide HIPAA compliant messaging and interfaces to provide access to electronic data records. The proposed invention discloses example embodiments that comprise a server-system, a client device in communication with the server-system, and an auxiliary device coupled to the client device.
    Type: Grant
    Filed: April 8, 2019
    Date of Patent: July 27, 2021
    Assignee: Statum Systems Inc.
    Inventors: Stephen Michael Okajima, Arman Serebrakian, Ara Nazarian
  • Patent number: 11075949
    Abstract: Certain embodiments described herein are generally directed to allocating security parameter index (“SPI”) values to a plurality of endpoints in a network. The SPI values may be derived using an SPI derivation formula and a plurality of parameters. In some embodiments, the SPI values may be derived by an endpoint and in other embodiments by a server. Using the SPI derivation formula and the plurality of parameters enables endpoints and servers to instantaneously derive SPI values without the need for servers to store them.
    Type: Grant
    Filed: February 2, 2017
    Date of Patent: July 27, 2021
    Assignee: Nicira, Inc.
    Inventors: Amit Chopra, Chen Li, Ganesan Chandrashekhar, Jinqiang Yang, Sanal Pillai, Bin Qian
  • Patent number: 11068511
    Abstract: One embodiment provides a method, including: obtaining information related to a plurality of communication interactions between a first user and at least one other user, wherein each of the communication interactions is associated with a communication source and wherein the obtained information identifies a response by the first user to a received communication; constructing a plurality of relationship graphs for the user, wherein each relationship graph corresponds to one communication source and wherein each of the relationship graphs indicates (i) relationships between the first user and at least one other user and (ii) a condition of each of the relationships with respect to other relationships within the relationship graph; and constructing an aggregate relationship graph, wherein the constructing an aggregate relationship graph comprises computing an importance score for each relationship between the user and another user.
    Type: Grant
    Filed: March 27, 2018
    Date of Patent: July 20, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Vijay Ekambaram, Ramasuri Narayanam, Sarbajit K. Rakshit
  • Patent number: 11070531
    Abstract: A data communication system for a local network. The system includes a network node and a plurality of network devices associated therewith. The network node provides a network node service to clients or bots executing on the plurality of network devices. Individual clients or bots are communicably and only programmatically coupled around the network node service in a programmatic star configuration to create the local network. The network node service validates and authenticates local services provided by the clients or bots within the local network. Data is communicated between clients or bots within the local network in real time or near real time, by relaying the data through the network node service. Information content of the data is encrypted prior to communicating the data, by employing a key store associated with a user of the source client or bot.
    Type: Grant
    Filed: July 6, 2018
    Date of Patent: July 20, 2021
    Assignee: Gurulogic Microsystems Oy
    Inventors: Tuomas Kärkkäinen, Mikko Sahlbom
  • Patent number: 11062080
    Abstract: In implementations of application-based font previewing, a font preview system of a computing device receives a font file corresponding to a font of a font repository via a network. The font preview system encrypts font tables of the font file and the font preview system writes the encrypted font tables to a font disk cache of the computing device. The font preview system writes metadata describing the font tables to a font memory cache of the computing device. In response to receiving a request to preview the font from an application of the computing device, the font preview system uses the metadata to identify and decrypt a particular font table of the encrypted font tables, and the application renders glyphs of the font in a user interface using the decrypted particular font table.
    Type: Grant
    Filed: September 10, 2019
    Date of Patent: July 13, 2021
    Assignee: Adobe Inc.
    Inventors: Nirmal Kumawat, Praveen Kumar Dhanuka, Gaurishankar Kshirsagar
  • Patent number: 11063754
    Abstract: Systems, devices, and methods for hybrid secret sharing are disclosed. In accordance with embodiments, a computing device may encrypt the secret message using a first encryption key to generate an encrypted secret message. The computing device may also split a second encryption key into a plurality of key shares in accordance with a threshold number. The threshold number is less than or equal to the number of the plurality of key shares. Then, the computing device may transmit a plurality of messages. Each message of the plurality of messages comprises the encrypted secret message and one of the plurality of key shares.
    Type: Grant
    Filed: May 1, 2018
    Date of Patent: July 13, 2021
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Amirhossein Vakili, Yin Tan
  • Patent number: 11063753
    Abstract: A system is provided for distribution of device key sets over a network in a protected software environment (PSE). In the system, a client device includes a connection interface for receiving a crypto hardware (CH) token belonging to a user, untrusted software, a quoting enclave, and a PSE for generating a provisioning request for a device key set. An attestation proxy server (APS) receives the provisioning message using a first network connection, and transmits the provisioning message to an online provisioning server (OPS) using a second network connection. The OPS constructs a provisioning response and an encrypted device key set, and delivers the provisioning response to the untrusted software using the first and second network connections. The PSE decrypts the encrypted device key set to obtain the device key set, re-encrypts the device key set with a local chip-specific key, and stores the re-encrypted device key set.
    Type: Grant
    Filed: March 20, 2019
    Date of Patent: July 13, 2021
    Assignee: ARRIS Enterprises LLC
    Inventors: Alexander Medvinsky, Jinsong Zheng, Jason A. Pasion, Xin Qiu, Tat Keung Chan, Eric Eugene Berry, Michael Ryan Pilquist, Douglas M. Petty
  • Patent number: 11062032
    Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: July 13, 2021
    Assignee: GOOGLE LLC
    Inventors: Gaurav Shah, William A. Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
  • Patent number: 11055706
    Abstract: Aggregated transaction data from a transaction data provider may be encrypted and exchanged with a content item selection system using commutative encryption algorithms. The transaction data provider and content item selection system may utilize a set of common identifiers that are each encrypted using a respective commutative encryption algorithm of the transaction data provider or content item selection system. The other of the transaction data provider or content item selection system encrypts the single-encrypted common identifier using a respective commutative encryption algorithm to generate double encrypted common identifiers. The double encrypted common identifiers may be used to match a set of common identifiers with transaction data. The transaction data may be encrypted and/or may include random offset values.
    Type: Grant
    Filed: March 17, 2015
    Date of Patent: July 6, 2021
    Assignee: Google LLC
    Inventors: Vinod Kumar Ramachandran, Shobhit Saxena, David Owen Shanahan, Marcel M. M. Yung, Sarvar Patel
  • Patent number: 11057194
    Abstract: A processing system includes a first processing unit; a second processing unit; and a cryptographic coprocessor communicatively coupled to the first processing unit and the second processing unit. The cryptographic coprocessor includes a key storage memory for storing a cryptographic key; a first interface configured to receive source data to be processed directly from the first processing unit; a hardware cryptographic engine configured to process the source data as a function of the cryptographic key stored in the key storage memory; a second interface configured to receive a first cryptographic key directly from the second processing unit; and a hardware key management circuit configured to store the first cryptographic key in the key storage memory.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: July 6, 2021
    Assignees: STMICROELECTRONICS S.R.L., STMICROELECTRONICS APPLICATION GMBH
    Inventors: Roberto Colombo, Guido Marco Bertoni, William Orlando, Roberta Vittimani
  • Patent number: 11057381
    Abstract: A credentials store definition identifying a remote credential store is received. The credential store definition includes access information to enable access to the remote credentials store. A credentials object is created in an internal database based on a credentials object definition. The credentials object identifies a security credential to retrieve from the remote credentials store to access an external resource. At runtime, a request to access the external resource is received, and based on receiving the request, the security credentials identified by the credentials object are retrieved from the remote credential store using the access information. The retrieved security credential is provided to a processing component to access the external resource.
    Type: Grant
    Filed: April 29, 2020
    Date of Patent: July 6, 2021
    Assignee: Snowflake Inc.
    Inventors: Derek Denny-Brown, Tyler Jones, Isaac Kunen
  • Patent number: 11044244
    Abstract: Aspects of the disclosure relate to a system and method for securely authenticating a device via token(s) and/or verification computing device(s). A verification computing device may generate a pseudorandom number or sequence. Based on the pseudorandom number or sequence, the verification computing device may select a first plurality of parameters associated with a user of a device to be authenticated. The verification computing device may transmit, to the device, the pseudorandom number or sequence, and the device may select a second plurality of parameters. The device may generate a token based on the second plurality of parameters. The device may send the token to another device, and the other device may send the token to the verification computing device. The verification computing device may authenticate the device based on the token.
    Type: Grant
    Filed: September 18, 2018
    Date of Patent: June 22, 2021
    Assignee: Allstate Insurance Company
    Inventors: John Parkinson, Jason Park, David Harris
  • Patent number: 11042358
    Abstract: A secure computation system is provided. The system includes a distribution information generation apparatus that generates data distribution values, sign distribution values and carry distribution values from at least two fixed-point numbers by distributing each of the at least two fixed-point numbers using an additive secret sharing scheme; and a secure computation apparatus group including at least two secure computation apparatuses. The secure computation apparatus group includes: a secure digit extender; and a secure multiplier.
    Type: Grant
    Filed: July 6, 2017
    Date of Patent: June 22, 2021
    Assignee: NEC CORPORATION
    Inventors: Toshinori Araki, Jun Furukawa, Kazuma Ohara, Haruna Higo
  • Patent number: 11039308
    Abstract: Embodiments relate to a wireless communication device of a group of wireless communication devices configured to communicate with a base station, the wireless communication device comprising a transceiver configured to receive a token from the base station and a processor configured to generate a first data structure on the basis of a function of the token and of a key ki of the wireless communication device and a second data structure comprising an identity idi of the wireless communication device, wherein the transceiver is further configured to broadcast the first data structure and the second data structure to the group of wireless communication devices and the base station.
    Type: Grant
    Filed: September 20, 2019
    Date of Patent: June 15, 2021
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Elizabeth Quaglia, Benjamin Smyth, Tsz Hon Yuen
  • Patent number: 11036863
    Abstract: A method, an information handling system (IHS) and a validation system for validating an image using an embedded hash. The method includes retrieving, via a controller, a first image from a first memory device and extracting a first hash from a first location within the first image. The first hash was previously generated using an original set of data that includes a first data string, and the first image includes the first hash inserted into the first location to replace the first data string. The method includes retrieving a copy of the first data string. The method further includes generating a second image by inserting the first data string into the first location from which the first hash was extracted such that the second image contains the original set of data. The method further includes validating the first image using the first hash and the second image.
    Type: Grant
    Filed: August 1, 2017
    Date of Patent: June 15, 2021
    Assignee: Dell Products, L.P.
    Inventors: Elie A. Jreij, Eugene D. Cho
  • Patent number: 11036869
    Abstract: A security module securely manages keys. The security module is usable to implement a cryptography service that includes a request processing component. The request processing component responds to requests by causing the security module to perform cryptographic operations that the request processing component cannot perform due to a lack of access to appropriate keys. The security module may be a member of a group of security modules that securely manage keys. Techniques for passing secret information from one security module to the other prevent unauthorized access to secret information.
    Type: Grant
    Filed: June 3, 2016
    Date of Patent: June 15, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Matthew James Wren, Eric Jason Brandwine, Brian Irl Pratt
  • Patent number: 11039102
    Abstract: Various techniques for providing video feed redundancy are described herein. Instructions may be provided for switching input to an output video feed between two or more redundant input video feeds. In some examples, the redundant input video feeds may not be duplicates, may not be frame synchronized, may not be transmitted from the same location, may not be transmitted using the same network types or transmission protocols, and/or may not be initiated at the same time. In some examples, the instructions for video feed redundancy may be associated with respective authorization keys for the redundant input video feeds.
    Type: Grant
    Filed: December 12, 2017
    Date of Patent: June 15, 2021
    Assignee: Twitch Interactive, Inc.
    Inventors: Ivan Marcin, Jonas Bengtson, Tarek Amara, Shawn Hsu, Abhinav Kapoor, Jorge Arturo Villatoro, Eran Ambar
  • Patent number: 11036998
    Abstract: A smart surveillance system includes a communicator configured to communicate with a closed circuit television (CCTV) camera and a cloud server, a background image extractor configured to analyze CCTV image data received from the CCTV camera and to extract a background image, an object image analyzer configured to distinguish an object image from the background image through big data analysis of a CCTV image, a region of interest (ROI) extractor configured to extract an ROI corresponding to the object image, and a controller configured to provide the background image and the ROI to the cloud server, to receive the background image and the ROI from the cloud server, to combine the background image and the ROI, and to generate a complete CCTV image, if necessary.
    Type: Grant
    Filed: November 21, 2019
    Date of Patent: June 15, 2021
    Assignee: JEJU NATIONAL UNIVERSITY—ACADEMIC COOPERATION FOUNDATION
    Inventors: Donghyeok Lee, Namje Park
  • Patent number: 11032256
    Abstract: A computer implemented method of exchanging first valuable data at a first node for second valuable data from a second node, the method comprising the steps of: applying a first encryption to a first plurality of messages, at the first node, with a function having a commutative property, so as to create a blinded first plurality of messages; sending the blinded first plurality of messages from the first node to the second node, wherein the first valuable data is concealed in one message of the blinded first plurality of messages; receiving a blinded second plurality of messages at the first node, wherein the second valuable data is concealed in one message of the blinded second plurality of messages and the blinded second plurality of messages have been encrypted with a second encryption; in response to receiving the blinded second plurality of messages at the first node, applying a third encryption to the blinded second plurality of messages with a function having a commutative property so as to create do
    Type: Grant
    Filed: March 16, 2018
    Date of Patent: June 8, 2021
    Assignee: Oxford University Innovation Limited
    Inventors: Andrew William Roscoe, Peter Yvain Anthony Ryan
  • Patent number: 11032252
    Abstract: A device stores a first portion of a database, which is distributed across communication devices of a network, and to authenticate a first interaction with a second device: sends a first ID to the second device to authenticate itself with the second device; receives a second ID from the second device; retrieve, using the second ID, a public key associated with one of the first portion of the database or a second portion of the database stored in a third device, which has a third address that is numerically within a threshold value of a first address of the device; and verify, based on a permission stored in relation to the public key, that the second device is authorized to engage in the first interaction with the device.
    Type: Grant
    Filed: January 2, 2019
    Date of Patent: June 8, 2021
    Assignee: SYCCURE, INC.
    Inventors: Seth James Nielson, Thomas Capola
  • Patent number: 11030280
    Abstract: Creating a certificate for a software module. A method includes obtaining a public key for a software module. The method includes obtaining a public key for a software module implemented on a hardware device. The method further includes creating a certificate using the public key by signing the public key using a hardware protected key and hardware protected compute elements. The hardware protected key is protected by a protected portion of the hardware device, and not accessible outside of the protected portion of the hardware device.
    Type: Grant
    Filed: August 1, 2018
    Date of Patent: June 8, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Eustace Ngwa Asanghanwa, Arjmand Samuel
  • Patent number: 11032379
    Abstract: Approaches described herein allow an appliance to receive a message from a client device when the client device is attempting to connect to a service other than the appliance. For instance, a client device might connect to a service on a private network, however if the client device is not on the private network, it may encounter an appliance such as a gateway. The appliance is configured to return a message to a client device indicating that it is an appliance, and the client device returns a certificate to the appliance that allows the client to indicate a first purpose of a connection and a second purpose of the connection. In approaches described herein, the second purpose is used by the appliance to perform an action related to providing the service with a certificate that allows for the first purpose, which can include information to create a secure connection between the service and the client device.
    Type: Grant
    Filed: April 24, 2015
    Date of Patent: June 8, 2021
    Assignee: CITRIX SYSTEMS, INC.
    Inventors: David Alessandro Penry Lloyd, Christopher Morgan Mayers
  • Patent number: 11032268
    Abstract: Embodiments provide a system and method for network tracking. Through various methods of packet encapsulation or IP option filling, one or more packets of information can be tagged with a unique security tag to prevent unauthorized access. A user agent can be validated by an authentication server through acceptance of one or more user credentials. The authentication server can generate a security token that can be transmitted to the user agent. The user agent can generate a keystream from the security token, and portions of that keystream can be attached to the packets as the security tag. The tagged packets can be forwarded to an authenticator, who can recreate the keystream from a copy of the security token provided by the authentication server. If the tags generated from the authenticator match the tags on the tagged packet, the authenticator can strip the tag from the tagged packet and forward the packet on to its next network address.
    Type: Grant
    Filed: April 11, 2019
    Date of Patent: June 8, 2021
    Assignee: International Business Machines Corporation
    Inventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Ming-Hsun Wu
  • Patent number: 11030328
    Abstract: A cryptographic object management system is provided that includes physically separated first and second object management sites. The first and second object management sites each respectively include HSMs, a HSM server connected to each of the HSMs, and a persistent layer connected to the HSM server. The HSM servers respectively manage operation of each of the HSMs. The HSM server of the first object management site includes an object manager module that manages and controls the cryptographic object management system. The persistent layers respectively store cryptographic objects for use by the HSMs. Each of the HSMs respectively performs crypto-processing on one or more of the cryptographic objects.
    Type: Grant
    Filed: May 30, 2018
    Date of Patent: June 8, 2021
    Assignee: ENTRUST CORPORATION
    Inventors: Christophe Biehlmann, Kent Landerholm, Vishal Arora
  • Patent number: 11032067
    Abstract: A hardware secure module includes a processing unit and a cryptographic coprocessor. The cryptographic coprocessor includes a key storage memory; a hardware key management circuit configured to store a first cryptographic key in the key storage memory; a first interface configured to receive source data to be processed; a second interface configured to receive the first cryptographic key from the processing unit for storing in the key storage memory; a hardware cryptographic engine configured to process the source data as a function of the first cryptographic key stored in the key storage memory; and a third interface configured to receive a second cryptographic key. The hardware secure module further includes a non-volatile memory configured to store the second cryptographic key; and a hardware configuration module configured to read the second cryptographic key from the non-volatile memory and send the second cryptographic key to the third interface.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: June 8, 2021
    Assignees: STMICROELECTRONICS S.R.L., STMICROELECTRONICS APPLICATION GMBH
    Inventors: Roberto Colombo, Guido Marco Bertoni, William Orlando, Roberta Vittimani
  • Patent number: 11025418
    Abstract: A device may include a secure processor and a secure memory coupled to the secure processor. The secure memory may be inaccessible to other device systems. The secure processor may store some keys and/or entropy values in the secure memory and other keys and/or entropy values outside the secure memory. The keys and/or entropy values stored outside the secure memory may be encrypted using information stored inside the secure memory.
    Type: Grant
    Filed: June 10, 2019
    Date of Patent: June 1, 2021
    Assignee: Apple Inc.
    Inventors: Kumar Saurav, Jerrold V. Hauck, Yannick L. Sierra, Charles E. Gray, Roberto G. Yepez, Samuel Gosselin, Petr Kostka, Wade Benson
  • Patent number: 11019098
    Abstract: The present disclosure is directed to systems and methods for providing protection against replay attacks on memory, by refreshing or updating encryption keys. The disclosed replay protected computing system may employ encryption refresh of memory so that unauthorized copies of data are usable for a limited amount of time (e.g., 500 milliseconds or less). The replay protected computing system initially encrypts protected data prior to storage in memory. After a predetermined time or after a number of memory accesses have occurred, the replay protected computing system decrypts the data with the existing key and re-encrypts data with a new key. Unauthorized copies of data (such as those made by an adversary system/program) are not refreshed with subsequent new keys. When an adversary program attempts to use the unauthorized copies of data, the unauthorized copies of data are decrypted with the incorrect keys, which renders the decrypted data unintelligible.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: May 25, 2021
    Assignee: Intel Corporation
    Inventors: Sergej Deutsch, David Durham, Karanvir Grewal, Rajat Agarwal
  • Patent number: 11018858
    Abstract: A method for re-keying an encrypted data file, the data file being stored chunkwise on a storage entity (SE), data file chunks being encrypted with a global secret, and the method being performed in a memory available to a computing device, includes partially updating a global secret for encryption data for a data chunk to be re-keyed such that an output of a non-interactive oblivious key exchange is used to identify the private key of the data chunk to be re-keyed with a new private key; and reencrypting the data chunk to be re-keyed with the updated global secret.
    Type: Grant
    Filed: December 8, 2015
    Date of Patent: May 25, 2021
    Assignee: NEC CORPORATION
    Inventor: Ghassan Karame
  • Patent number: 11018860
    Abstract: The techniques discussed herein relate to providing a highly available and reliable secret distribution infrastructure. In an implementation, a key master service (KMS) system is disclosed. The KMS system includes one or more computer readable storage media having program instructions stored thereon which, when executed by one or more processing systems, direct the one or more processing systems to identify a hydration event and, responsive to the hydration event, determine if other KMS systems are running in a secret distribution infrastructure. The program instructions, when executed by one or more processing systems, further direct the KMS system to hydrate the KMS system with secret information obtained from the one or more of the other KMS systems when the other KMS systems are running in the secret distribution infrastructure.
    Type: Grant
    Filed: May 19, 2017
    Date of Patent: May 25, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Andy Ness, Catherine Amy McDonald, Jeffrey E. Steinbok, Prajakta Sudhir Samant, Tyler Pennington, Nicola Alfeo
  • Patent number: 11017127
    Abstract: Method and apparatus for managing data in a data storage device configured as a storage compute appliance. In some embodiments, the data storage device has a non-volatile memory (NVM) and a controller circuit. The NVM stores a plurality of data sets encrypted by at least one encryption key. The controller circuit performs a storage compute appliance process by locally decrypting the plurality of data sets in a local memory of the data storage device, generating summary results data from the decrypted data sets, and transferring the summary results data across the host interface to an authorized user without a corresponding transfer of any portion of the decrypted data sets across the host interface.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: May 25, 2021
    Assignee: Seagate Technology LLC
    Inventors: Stacey Secatch, Kristofer C. Conklin, Dana Lynn Simonson, Robert Wayne Moss
  • Patent number: 11005825
    Abstract: One or more networks each include a plurality of sensor nodes operable to communicate public data with each other. Each of the plurality of sensor nodes is operable to gather sensor node data and store the sensor node data locally on the sensor node. Duplicate portions of the sensor node data are distributed to the public data of others of the plurality of sensor nodes via the public data paths for backup storage. The system includes a host that is coupled to individually communicate private data with each of the plurality of sensor nodes. Each of the sensor nodes protects the private data from others of the sensor nodes using distributed key management to ensure distributed encryption.
    Type: Grant
    Filed: November 13, 2018
    Date of Patent: May 11, 2021
    Assignee: Seagate Technology LLC
    Inventors: Mehmet Fatih Erden, Walter R. Eppler, Robert D. Murphy, Greg D. Larrew
  • Patent number: 11003761
    Abstract: Embodiments for implementing an inferred access authentication decision for an application by a processor. A minimum required credential strength of a current authentication process for an application is compared to a previous, successful authentication for the application. The minimum required credential strength of application is inferred to be sufficient to validate the current authentication process upon determining a minimum required credential value (AMRCV) is greater than a predetermined threshold of the previous successful authentication for the application.
    Type: Grant
    Filed: September 5, 2018
    Date of Patent: May 11, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Charles S. Lingafelt, Gregory J. Boss, Andrew R. Jones, John E. Moore, Jr., Kevin Charles Mcconnell
  • Patent number: 10997314
    Abstract: A data management system stores data related to a plurality of users. The data management system initially stores the data in an encrypted format. The data management system automatically periodically re-encrypts the data in accordance with a re-encryption policy. The re-encryption policy includes re-encryption periodicity data defining a periodicity for automatically re-encrypting the data.
    Type: Grant
    Filed: April 17, 2019
    Date of Patent: May 4, 2021
    Assignee: Intuit Inc.
    Inventors: Sean McCluskey, Elangovan Shanmugam, Narendra Dandekar, Rachit Lohani
  • Patent number: 10999056
    Abstract: An apparatus and method for performing operation being secure against side channel attack are provided. The apparatus and method generate values equal to values obtained through an exponentiation operation or a scalar multiplication operation of a point using values extracted from previously generated parameter candidate value sets and an operation secure against side-channel attack, thereby improving security against side-channel attack without degrading performance.
    Type: Grant
    Filed: January 4, 2018
    Date of Patent: May 4, 2021
    Assignee: SAMSUNG SDS CO., LTD.
    Inventors: Kyu-Young Choi, Duk-Jae Moon, Hyo-Jin Yoon, Ji-Hoon Cho
  • Patent number: 10999257
    Abstract: A content item service enables users to upload media for content items to be given to others. The content item service performs operations on uploaded media content, such as transcoding. A transformed instance of content is encrypted using a cryptographic key, and an identifier for the encrypted transformed instance of content is generated. The encrypted transformed instance of content and an encrypted version of the cryptographic key are stored in association with the identifier.
    Type: Grant
    Filed: July 19, 2019
    Date of Patent: May 4, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Ravi Kiran Chilakapati, Catalin Mihai Constantin, Francis Xavier Kearney
  • Patent number: 10997317
    Abstract: The method allows a sender to safeguard its identification in messages sent to a recipient. Even when using promiscuous channels for transmitting the message, only the recipient is able to disclose the sender's identity. The method uses symmetrical cryptography of low computational requirements, without depending on a single shared key among the users so that the sender cannot disclose the identity of the others. The method gradually safeguards the sender's identification, by using successive symmetric cryptographic operations and keys of a binary tree structure built for this purpose in the recipient which applies the steps in a reverse way to that of the sender's protection, to disclose its identification. It is also possible to encrypt the message body.
    Type: Grant
    Filed: January 19, 2017
    Date of Patent: May 4, 2021
    Assignee: SCOPUS SOLUCOES EM TI LTDA
    Inventors: Adren Sassaki Hirose, Reginaldo Arakaki, Armin Werner Mittelsdorf, Wilson Vicente Ruggiero
  • Patent number: 10992649
    Abstract: Systems and methods for privacy in distributed ledger transactions are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor for a first node in a computer network comprising a plurality of nodes, a method for generating a key directory in a network comprising a plurality of nodes may include: (1) advertising a public key for a first node to the other nodes; (2) receiving public key information from each of the plurality of nodes; and (3) generating a public key directory that associates each node in the computer network with its public key.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: April 27, 2021
    Assignee: ConsenSys Software Inc.
    Inventors: Tyrone Lobban, Patrick Mylund Nielsen, Amber Baldet, Samer Falah
  • Patent number: 10990691
    Abstract: A method is provided that permits user to submit a password to the private key that is to be used to decrypt files either at the time of user account setup or at the time of submitting the files. The password is stored securely in the system, permanently or temporarily, and is used later to decrypt the files right before the system is ready to process the files.
    Type: Grant
    Filed: May 10, 2019
    Date of Patent: April 27, 2021
    Assignee: ARRIS Enterprises LLC
    Inventors: Jinsong Zheng, Alexander Medvinsky, Tat Keung Chan, Ting Yao, Jason A. Pasion
  • Patent number: 10990300
    Abstract: An example method for restricting read access to content in the component circuitry and securing data in the supply item is disclosed. The method identifies the status of a read command, and depending upon whether the status disabled or enabled, either blocks the accessing of encrypted data stored in the supply chip, or allows the accessing of the encrypted data stored in the supply chip.
    Type: Grant
    Filed: April 15, 2019
    Date of Patent: April 27, 2021
    Assignee: LEXMARK INTERNATIONAL, INC.
    Inventors: Stephen Porter Bush, Jennifer Topmiller Williams
  • Patent number: 10992839
    Abstract: A method for controlling an electronic device including at least one processor configured to encrypt an image and upload the encrypted image to an external server by using an artificial intelligence neural network model is provided. The method includes receiving a command to upload an image to the external server; acquiring, based on the command, a characteristic value corresponding to the image by inputting the image and a key of the electronic device into a neural network model trained to identify characteristic values based on an input image and an input key; and transmitting identification information of the image and the characteristic value to the external server.
    Type: Grant
    Filed: February 5, 2020
    Date of Patent: April 27, 2021
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Seong-min Kang, Heung-woo Han
  • Patent number: 10990684
    Abstract: The present invention generally relates to a context-aware security self-assessment method or module that determines the context in which the device is used and based on this, assesses the devices security settings. The context may refer to the system environment, the applications the device is used for, and/or the current life-cycle stage of the device, without being limited to said contexts. The method of the present invention preferably prioritizes and rates the security relevant findings and presents them in combination with mitigation options through a web interface, a configuration tool, or through notifications in the control system.
    Type: Grant
    Filed: September 18, 2018
    Date of Patent: April 27, 2021
    Assignee: ABB Power Grids Switzerland AG
    Inventors: Sebastian Obermeier, Roman Schlegel, Johannes Schneider, Thomas Locher, Matus Harvan
  • Patent number: 10992464
    Abstract: A chip includes a processing device to perform cryptographic operations by secret data; a memory to store a first plurality of information portions that correspond to a first breakdown of the data and from which the secret data are reconstructible by combination of the first plurality of information portions; a random number generator to provide random values; and a conversion device to ascertain second breakdowns of the data into a second plurality of information portions, from which the secret data are reconstructible and to control the memory for an ascertained second breakdown to store the present second plurality of information portions. The conversion device is further configured to ascertain the second breakdowns based on the random values and/or to determine the interval of time between the ascertaining and storing of a second breakdown and the ascertaining and storing of the subsequent second breakdown based on the random values.
    Type: Grant
    Filed: January 8, 2019
    Date of Patent: April 27, 2021
    Assignee: INFINEON TECHNOLOGIES AG
    Inventors: Berndt Gammel, Bernd Meyer
  • Patent number: 10992461
    Abstract: Technology permitting secure storage and transmission of data stream as well as tiered access to multiple data stream according to permission. Data streams may be encrypted using symmetric encryption performed with varying symmetric keys according to a key stream of symmetric keys. Native data may be discarded for safety. Whole or partial key streams may be encrypted using the public keys of authorized entities having permission to access respective data streams or portions thereof. Only the corresponding private keys can decrypt the encrypted key streams required to decrypt the encrypted data streams. Thus rigorous access control is provided. IT personnel accessing data stream files on a server or intruders maliciously obtaining files will not be able to derive the data stream. Sensitive data streams may be stored using cloud services despite inherent risks.
    Type: Grant
    Filed: November 18, 2016
    Date of Patent: April 27, 2021
    Assignee: GENETEC INC.
    Inventors: Pierre Racz, Frederic Rioux
  • Patent number: 10986177
    Abstract: A multi-dimensional blockchain protocol designed to self-fork into multiple chains, scale infinitely, achieve zero cost transactions, sub-second finality and open new markets for sharders, blobbers, developers, and content publishers, while managing a low inflation rate.
    Type: Grant
    Filed: July 3, 2018
    Date of Patent: April 20, 2021
    Assignee: 0Chain, LLC
    Inventor: Saswata Basu
  • Patent number: 10986209
    Abstract: A method implemented by a first content network element (NE) in an information centric network (ICN), the method comprising receiving, by a receiver, an interest packet through a first interface, wherein a header of the interest packet comprises a path filter, the path filter being associated with one or more segments on a path from a consumer to a producer, modifying, by a processor coupled to the receiver, the path filter based on information identifying one or more previous content NEs or one or more next content NEs on the path to produce a modified path filter, and transmitting, by a transmitter coupled to the receiver, the interest packet with the modified path filter to the next content NE.
    Type: Grant
    Filed: April 19, 2018
    Date of Patent: April 20, 2021
    Assignee: Futurewei Technologies, Inc.
    Inventors: Aytac Azgin, Ravishankar Ravindran
  • Patent number: 10985921
    Abstract: Example embodiments of systems and methods for application verification are provided. An application may generate a cryptographic key, and encrypt the cryptographic key with a predefined public key. A server, in data communication with the application, may include a predefined private key. The application may transmit the cryptographic key to the server. The server may receive, from the application, the cryptographic key; decrypt the cryptographic key using the predefined private key; encrypt an authorization token using the decrypted key; and transmit, to the client application, the authorization token via an out-of-band channel. The application may receive, from the server, the authorization token via the out-of-band channel; and decrypt the authorization token to obtain access to one or more services associated with the server.
    Type: Grant
    Filed: November 5, 2019
    Date of Patent: April 20, 2021
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Panayiotis Varvarezis, Mausam Gautam, Reza Jaberi, Edward Lee, Chad Landis
  • Patent number: 10986451
    Abstract: A hearing assistive system, comprises a personal communication device (10) and a head-worn device (20). The personal communication device (10) has a user interface (12) being adapted for user interaction, a processor (11) controlling the user interface (12) and being adapted to run an application program, a short-range radio (13), and an output transducer (15). The head-worn device (20) has an input transducer (24) adapted for converting sound into an electric signal applied to a processor (21) outputting a modified audio signal via an output transducer (25). The application program is adapted to generate and output a data packet (70) on an audio carrier via the output transducer (15). The head-worn device (20) has an audio signaling block (26) for detecting and decoding the data packet (70) received by the input transducer (24). The head-worn device (20) has a controller (27) for controlling the operation of a short-range radio (28).
    Type: Grant
    Filed: February 2, 2018
    Date of Patent: April 20, 2021
    Assignee: Widex A/S
    Inventors: Michael Ungstrup, Michael Johannes Pihl, Mike Lind Rank, Jan Hesselballe
  • Patent number: 10985905
    Abstract: A fully homomorphic white-box implementation of one or more cryptographic operations is presented. This method allows construction of white-box implementations from general-purpose code without necessitating specialized knowledge in cryptography, and with minimal impact to the processing and memory requirements for non-white-box implementations. This method and the techniques that use it are ideally suited for securing “math heavy” implementations, such as codecs, that currently do not benefit from white-box security because of memory or processing concerns. Further, the fully homomorphic white-box construction can produce a white-box implementation from general purpose program code, such as C or C++.
    Type: Grant
    Filed: February 11, 2020
    Date of Patent: April 20, 2021
    Assignee: ARRIS Enterprises LLC
    Inventor: Lex Aaron Anderson
  • Patent number: 10979901
    Abstract: Provided are an electronic device and a method for processing data in the electronic device. The electronic device may receive server registration time-related information—that is, information related to a time when at least one beacon device becomes registered in a server, and decrypt at least one beacon signal received from the at least one beacon device based on the received server registration time-related information.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: April 13, 2021
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Hye-Won Park
  • Patent number: 10970408
    Abstract: A method for securing a digital document comprising first and second types of data, where a set of data of the second type is previously identified in an initial version of the document. For each data of the second type, an identifier is allocated to the data and an entry comprising the data is stored in a secure storage unit. The identifier comprises a display value and a link value. The data is reachable in the secure storage unit through the link value. The secure storage unit is configured to use access rules for authorizing or denying a request initiated by a user for accessing data of the second type contained in an entry of the secure storage unit. An updated version of the digital document is generated by replacing each data of the second type by its allocated identifier in the initial version of the digital document.
    Type: Grant
    Filed: October 10, 2018
    Date of Patent: April 6, 2021
    Assignee: THALES DIS CPL USA, INC.
    Inventors: Christopher Holland, Russell Egan