Key Management Patents (Class 380/277)
  • Patent number: 10692033
    Abstract: In various embodiments, a system may be configured to substantially automatically determine whether to take one or more actions in response to one or more identified risk triggers (e.g., data breaches, regulation change, etc.). The system may, for example: (1) compare the potential risk trigger to one or more previous risks triggers experienced by the particular entity at a previous time; (2) identify a similar previous risk trigger (e.g., one or more previous risk triggers related to a similar change in regulation, breach of data, type of issue identified, etc.); (3) determine the relevance of the current risk trigger based at least in part on a determined relevance of the previous risk trigger; and (4) determine whether to take one or more actions to the current risk trigger based at least in part on one or more determined actions to take in response to the previous, similar risk trigger.
    Type: Grant
    Filed: December 13, 2019
    Date of Patent: June 23, 2020
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Kevin Jones, Jonathan Blake Brannon
  • Patent number: 10693848
    Abstract: A system comprising a terminal and a server, wherein the terminal is installed in the system by the server being configured to: identify the terminal; generate key generation data, comprising at least one data seed; distribute the at least one seed to the terminal; generate key data and meta data based on said at least one seed and a function; store an identifier for the terminal along with the key data and the meta data for the terminal, wherein the terminal is arranged to receive the at least one seed from the server; generate key data and meta data based on said at least one seed and the same function; store the key data and the meta data, wherein the key data and the meta data stored in the terminal are the same as the key data and the meta data stored in the server.
    Type: Grant
    Filed: May 13, 2019
    Date of Patent: June 23, 2020
    Assignee: KELISEC AB
    Inventor: Elise Revell
  • Patent number: 10691837
    Abstract: Embodiments described herein enable multi-user storage volume encryption via a secure enclave processor. One embodiment provides for a computing device comprising a first processor to execute a first operating system having one or more user accounts; a second processor to execute a second operating system, the second processor including a secure enclave, the secure enclave to receive a first encrypted key from the first processor and decrypt a volume encryption key via a key encryption key derived from the first encrypted key, the first encrypted key derived via the secure enclave without user-provided entropy; and a non-volatile memory controller to access encrypted data within non-volatile memory using the volume encryption key.
    Type: Grant
    Filed: December 6, 2017
    Date of Patent: June 23, 2020
    Assignee: Apple Inc.
    Inventors: Pierre Olivier Martel, Arthur Mesh, Wade Benson
  • Patent number: 10686771
    Abstract: A data security system is provided. The data security system includes at least a first party and a second party that are mutually coupled via a data communication arrangement, wherein the data communication arrangement is operable to provide for user authentications and/or user sign-in. The first and second parties are provided with identical or mutually compatible copies of a digital key code list that includes keys and indexes referencing the keys. The first party is operable to deliver to the second party an authentication message including an index of a key to be derived, a unique identifier (ID) of a digital key code list from which the key is to be derived, and additional information indicative of at least one of: a unique user ID associated with the first party, a session token previously-received from the second party, a date and time at which an attempt for user authentications and/or user sign-in is made. The additional information is provided in an encrypted form.
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: June 16, 2020
    Assignee: Gurulogic Microsystems Oy
    Inventors: Tuomas Kärkkäinen, Ossi Kalevo
  • Patent number: 10686588
    Abstract: A technique includes performing element-by-element encryption of a segment of the plaintext string to provide a segment of an encrypted string. Performing the element-by-element encryption includes, for a given string element of the segment of the plaintext string, encrypting the given string element to provide a given string element of the segment of the encrypted string; and tweaking the encryption of the given string element based on a selector that includes multiple string elements of the encrypted string. The technique may include searching an encrypted database based on the encrypted string.
    Type: Grant
    Filed: August 31, 2017
    Date of Patent: June 16, 2020
    Assignee: MICRO FOCUS LLC
    Inventors: Leslie C. Gutschow, Richard Minner, Terence Spies
  • Patent number: 10686765
    Abstract: A method, computer system, and a computer program product for securing and accessing a plurality of data levels is provided. The present invention may include gathering, by a network device, data. The present invention may also include encrypting, by a network device, a first section of data within the gathered data with a level 1 encryption key. The present invention may then include encrypting, by a network device, a second section of data within the gathered data with a level 2 encryption key. The present invention may further include transmitting, by a network device, the data to a recipient device. The present invention may also include decrypting, by the recipient device, the second section of data with the level 2 encryption key. The present invention may then include decrypting, by the recipient device, the first section of data with the level 1 encryption key.
    Type: Grant
    Filed: April 19, 2017
    Date of Patent: June 16, 2020
    Assignee: International Business Machines Corporation
    Inventors: David B. Kumhyr, Arnaud A. Mathieu, Maharaj Mukherjee, Michael P. Robertson
  • Patent number: 10687213
    Abstract: The embodiments of the present invention provide a secure establishment method, system and device of a wireless local area network. The method includes: acquiring, by a UE, a first key; the first key is a shared key of the UE and a network element equipment in a mobile communication network accessed by the UE when implementing air interface security, or is derived according to the shared key; deriving, by the UE, according to the first key and a derivation parameter to acquire a derivation key; establishing, by the UE, according to the derivation key, a secure connection with a WLAN node acquiring a derivation key, wherein the derivation key acquired by the WLAN node is the same as the derivation key acquired by the UE.
    Type: Grant
    Filed: October 12, 2017
    Date of Patent: June 16, 2020
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Jing Chen
  • Patent number: 10685201
    Abstract: A method and a system for recognizing location information in a two-dimensional code are provided. The method comprises: acquiring a two-dimensional code in an image; performing, according to a main positioning block of the two-dimensional code, feature detection to recognize location information in the two-dimensional code; and determining, according to the location information in the two-dimensional code, spatial location information of the two-dimensional code in the image.
    Type: Grant
    Filed: January 18, 2019
    Date of Patent: June 16, 2020
    Assignee: Alibaba Group Holding Limited
    Inventors: Huan Liu, Wenrong Liu, Yinhai Tu
  • Patent number: 10681075
    Abstract: A method for detecting malware beaconing in a network is provided. The method includes maintaining a database identifying a plurality of server certificates and a number of Internet Protocol addresses associated with each of the plurality of server certificates, capturing network traffic over a network connection at a network connected device, and analyzing the network traffic by determining SSL and/or TLS server certificates associated with Internet Protocol addresses associated with the network traffic and a number of servers associated with each of the server certificates wherein a greater number of servers associated with a particular one of the server certificates is indicative of less likelihood of malware beaconing. The method may include further analyzing the network traffic to determine malware beaconing, wherein the further analyzing is performed by a computing device.
    Type: Grant
    Filed: March 22, 2019
    Date of Patent: June 9, 2020
    Assignee: NETSEC CONCEPTS LLC
    Inventors: Brian Fehrman, Elizabeth Woody, Joseph Lillo
  • Patent number: 10678953
    Abstract: A local key management system can be implemented with a unified extensible firmware interface (“UEFI”) basic input/output system (“BIOS”). The local key management system may be part of a removable data storage device that has a first secure area protected by a cryptographic module (e.g. hardware integrated circuit). The removable data storage device may also have a second secure area that stores a key to unlock a security enabled data storage device. The UEFI BIOS may be implemented to manage unlocking of security enabled data storage devices or data bands. The UEFI BIOS may also load a UEFI registration shell to manage registration of one or more security enabled drives or bands.
    Type: Grant
    Filed: April 26, 2017
    Date of Patent: June 9, 2020
    Assignee: Seagate Technology LLC
    Inventors: Christopher Nicholas Allo, Saheb Biswas
  • Patent number: 10678658
    Abstract: The present disclosure includes systems and methods for quorum-based data recovery, in which data is recovered provided at least a minimum number of quorum data portions are presented. In exemplary embodiments, a predetermined minimum number of versions of original data is received, and the original data is reconstructed from the received versions, wherein the original data cannot be reconstructed without loss unless a predetermined minimum number of versions is received. In other embodiments, erroneous or corrupted quorum data portions are detected and associated participants presenting said erroneous or corrupted quorum data portions are identified.
    Type: Grant
    Filed: December 6, 2018
    Date of Patent: June 9, 2020
    Assignee: PQ SOLUTIONS LIMITED
    Inventors: Martin Tomlinson, Cen Jung Tjhai, Andersen Cheng
  • Patent number: 10673626
    Abstract: For an encryption-protected decentralized and replicated blockchain file storage system maintained and managed by a channel of peers, the invention creates the additional levels of trust that are needed for peer voter authentication and transaction proposal endorsement. The invention effectively excludes hostile agents from influencing or impersonating legitimate voter peers through the mathematical strength of the K-of-N mechanism based on secret sharing with cryptographic hashing. In a further embodiment an extension to nested signatures is disclosed to enforce signing order.
    Type: Grant
    Filed: December 31, 2018
    Date of Patent: June 2, 2020
    Assignee: SPYRUS, INC.
    Inventors: William Sandberg-Maitland, Burton George Tregub
  • Patent number: 10671642
    Abstract: A method, system and computer program product for copying data from a source database to a target database. A first database engine of the source database assigns a data-change-ID to each changed row in the source table. The data rows of the source table are stored in a plurality of source pages. Each source page comprises a source-page-ID and a highest-data-change-ID indicating its most recently changed data row. The target table comprises a source-page-ID-column. A second database engine of the target database maintains a metadata table comprising a source-page-ID column and a highest-data-change-ID column. The highest-data-change-IDs in the metadata table are compared with the highest-data-change-IDs of the source pages for selectively copying source table rows of source pages whose highest-data-change-ID is higher than their highest-data-change-ID in the metadata table to the target table.
    Type: Grant
    Filed: November 11, 2016
    Date of Patent: June 2, 2020
    Assignee: International Business Machines Corporation
    Inventors: Andreas Brodt, Bjoern Broll, Daniel Martin, Jens P. Mueller
  • Patent number: 10668896
    Abstract: A car sharing system includes a car sharing device. The car sharing device includes a key function unit and a user authentication function unit. The key function unit allows a device of a vehicle that is shared with multiple people to operate by performing ID verification through a process similar to an electronic key of the vehicle. When the device of the vehicle is operated with a mobile terminal, the user authentication function unit obtains key information from an external device via the mobile terminal and performs authentication of the key information. When authentication of the key information is accomplished and use of the vehicle is within a reservation time, the user authentication function unit validates the key function unit. The key information is generated as information that is permitted only a temporary use.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: June 2, 2020
    Assignees: KABUSHIKI KAISHA TOKAI RIKA DENKI SEISAKUSHO, TOYOTA JIDOSHA KABUSHIKI KAISHA
    Inventors: Masahiro Arakawa, Masahiko Oya, Masaki Oshima, Masaki Hayashi, Yuichiro Haruna
  • Patent number: 10666443
    Abstract: A method includes receiving, by a processing device executing a validation service, a validation data associated with a first instance of an execution environment, the validation data provided by a publication service associated with a second instance of the execution environment, acquiring a decryption key from a release server associated with the execution environment, determining, using the decryption key, a validation status associated with the first instance in view of the validation data, and notifying the release server of the validation status.
    Type: Grant
    Filed: October 18, 2016
    Date of Patent: May 26, 2020
    Assignee: Red Hat, Inc.
    Inventors: Jay Vyas, Suneel Marthi
  • Patent number: 10664604
    Abstract: The subject matter discloses a method operated on a computerizing system comprising generating two secret shares of at least some of the data fields in a database, loading data fields of the database into two database copies, wherein one secret share of the two secret shares is loaded into one database copy and another secret share of the two secret shares is loaded into another database copy, receiving a request to perform a query in the database, processing said query on the database copies, wherein the database fields employed by the query process and the query results remain secret during processing, and revealing the secret query results.
    Type: Grant
    Filed: November 30, 2016
    Date of Patent: May 26, 2020
    Assignees: UNBOUND TECH LTD., BAR-ILAN UNIVERSITY
    Inventors: Yehuda Lindell, Guy Pe'er, Michael Kraitsberg, Valery Osheter, Alex Presman
  • Patent number: 10664612
    Abstract: The subject matter discloses a method for securing personal information, comprising securing the personal information stored on a data server using a cryptographic secret, said cryptographic secret is unique to a user, storing a first share of the cryptographic secret on a secret storage server communicating with the data server and a second share of the cryptographic secret on a computerized device controlled by the user, detecting a request from the data server to perform an action on the personal information, transmitting the request to the computerized device controlled by the user to use the second share of the cryptographic secret to decrypt the personal information, decrypting the personal information using the first share and the second share, without storing both the first share and the second share in a single device concurrently and performing the action on the personal information on the data server.
    Type: Grant
    Filed: October 9, 2018
    Date of Patent: May 26, 2020
    Assignee: UNBOUN TECH LTD.
    Inventors: George Wainblat, Oz Mishli
  • Patent number: 10664838
    Abstract: Systems and methods to process an authorization request related to mobile data stored by a mobile application in an account hosted on a server and accessed via an access token obtained via the mobile device during a registration session with a portal of an authorization processing system that stores an item associating with an account identifier. The access token is stored in a data warehouse in association with an account identifier registered during the registration session. In response to an authorization request containing the account identifier is determined by the authorization processing system to have satisfied a first set of conditions specified in the item associated with the account identifier, the portal is instructed to use the access token to communicate with the server to determine whether a second set of conditions identified by the item are met by the mobile data stored in the account hosted on the server that is separately operated from the authorization processing system.
    Type: Grant
    Filed: April 6, 2016
    Date of Patent: May 26, 2020
    Assignee: Visa International Service Association
    Inventors: Santosh Lachhman Achhra, Sonny Swords, Sergey Alex Paykis
  • Patent number: 10657071
    Abstract: In one embodiment, a cryptographic circuit is adapted to receive a data line including at least an encrypted portion from a memory in response to a read request having a memory address from a first agent, obtain a key identifier for a key of the first agent from the data line, obtain the key using the key identifier, decrypt the at least encrypted portion of the data line using the key and send decrypted data of the at least encrypted portion of the data line to the first agent. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: May 19, 2020
    Assignee: Intel Corporation
    Inventors: David M. Durham, Siddhartha Chhabra, Amy L. Santoni, Gilbert Neiger, Barry E. Huntley, Hormuzd M. Khosravi, Baiju V. Patel, Ravi L. Sahita, Gideon Gerzon, Ido Ouziel, Ioannis T. Schoinas, Rajesh M. Sankaran
  • Patent number: 10659438
    Abstract: A method of managing messages in a messaging system, the method including: identifying a policy associated with the messaging system, the policy including directives associated with the privacy and integrity of messages; applying the policy to a message, the policy including configuration data that determines when the message should be expired; sending the message to the messaging system; using the configuration data to calculate the expiry of the message and passing the calculated expiry of the message to the messaging system; determining whether the expiry has been reached; responsive to the expiry being reached, sending a report message to the message producer; and responsive to the expiry not being reached, attempting to deliver the message to the message consumer.
    Type: Grant
    Filed: July 9, 2015
    Date of Patent: May 19, 2020
    Assignee: International Business Machines Corporation
    Inventor: Jonathan L. Rumsey
  • Patent number: 10652015
    Abstract: Systems and methods are provided for confidential communication management. For example, a client computer can determine a client key pair comprising a client private key and a client public key. The client computer can further determine a protected server key identifier, identify a server public key associated with the protected server key identifier, and generating a shared secret using the server public key and the client private key. The client computer can further encrypt message data using the shared secret and sending, to a server computer, a message including the encrypted message data, the protected server key identifier, and the client public key. The protected server key identifier can be associated with the server computer and can be usable by the server computer to identify a server private key to be used in decrypting the encrypted message data.
    Type: Grant
    Filed: January 25, 2019
    Date of Patent: May 12, 2020
    Assignee: Visa International Service Association
    Inventors: Eric Le Saint, Soumendra Bhattacharya
  • Patent number: 10650135
    Abstract: The present application provides an authorization method for a joint account, applied to client software. The joint account is jointly managed by N joint managers, N is a natural number greater than 1. In one example, a user-side authentication parameter of a joint account is obtained. The user-side authentication parameter is the same as or corresponds to a network-side authentication parameter of the joint account, wherein the user-side authentication parameter is used to perform authentication on operation permissions for the joint account. The obtained user-side authentication parameter is divided into N parts. N joint management authentication parameters are generated based on each of the N parts. Each of the N joint management authentication parameters are transmitted to a different client device associated with each joint manager.
    Type: Grant
    Filed: August 31, 2018
    Date of Patent: May 12, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Kaiyao Luo
  • Patent number: 10652621
    Abstract: Media content search results ranked by popularity is described. In embodiment(s), a search request for television media content can be initiated by a viewer, and television media content that is relevant to the search request can be identified. The relevant television media content can then be ranked based on a popularity rating and the relevant television media content can be displayed in an ordered list that is ordered by popularity rankings.
    Type: Grant
    Filed: March 16, 2018
    Date of Patent: May 12, 2020
    Assignee: Rovi Technologies Corporation
    Inventors: Pradhan S. Rao, David H. Sloo
  • Patent number: 10650387
    Abstract: The present invention provides an apparatus, method and computer program product for a registry, such as a UDDI registry, to restrict access to business entity definitions contained in the registry according to permission details associated with the business service definition. A business entity definition may comprise a plurality of information elements. Permission details, which define users or groups of users with permission to access the information element, are then associated with one or more of these information elements. When a user request is received to access a business entity definition access is restricted to only those information elements for which the user has the required permission.
    Type: Grant
    Filed: December 8, 2014
    Date of Patent: May 12, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: John Colgrave
  • Patent number: 10649578
    Abstract: In one embodiment, a computer readable storage medium is provided for storing one or more programs, the one or more programs comprising instructions which, when executed by an electronic device with a display and a touch-sensitive surface, cause the electronic device to: display a screen on the display; while displaying the screen, detect a first input by a first contact on a first icon that meets application-launch criteria; in response to detecting the first input on the first icon that meets the application-launch criteria, replace the screen with a first user interface of a first application that corresponds to the first icon; while displaying the first user interface, detect a second input by a second contact that includes movement across the display in a first direction; and in response to detecting the second input, perform an operation.
    Type: Grant
    Filed: September 3, 2019
    Date of Patent: May 12, 2020
    Assignee: P4TENTS1, LLC
    Inventor: Michael S Smith
  • Patent number: 10642987
    Abstract: A cryptographic tracking engine is disclosed that can track a user's data over the Internet in a way that allows the user to maintain control over the data downstream while maintaining the security of the stored data. An online entity provides an identifier that is encrypted using a first mechanism. Further, the user provides a data item for an electronic communication between two users. The data item is encrypted using the first mechanism. The data encrypted using the first mechanism is stored in a cryptographic entry. Other data for the electronic communication between the a first and second user is encrypted using a second encryption mechanism, such as a block cipher. The user can then selectively expose data stored in the cryptographic entry on a block-by-block basis to track exchanges of data over the Internet.
    Type: Grant
    Filed: January 19, 2017
    Date of Patent: May 5, 2020
    Assignee: eBay Inc.
    Inventors: Michael Chan, Nikhil Firke, Todd Ryan Palmer, Brian Peter Dickson, Julien Soriano, Ralph Forsythe
  • Patent number: 10645068
    Abstract: Methods and systems for resetting a digital credential within a digital credential based authentication system. The method includes logging a first administrative user into the digital credential system, receiving, from the first administrative user, a first portion of authentication credentials for a first customer, validating, by the first administrative user using the digital credential system, the first portion, logging a second administrative user into the digital credential system, receiving, from the second administrative user, a second portion of authentication credentials for the first customer, receiving the second portion by the second administrative user, validating, by the second administrative user using the digital credential system, the second portion; and resetting the authentication credentials based on the validation of the first portion and second portion.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: May 5, 2020
    Assignee: United States Postal Service
    Inventors: Clayton C Bonnell, Kelley A Sullivan
  • Patent number: 10644886
    Abstract: A method and system for providing unencrypted access to encrypted data that may be stored on a device, sent as a message, or sent as a real-time communications stream. The method may include using public key cryptography to securely enable accessing the encrypted data stored on a device or communicated by a device. For instance, the method may include using a device vendor's public key to securely enable that vendor to enable only authorized parties to themselves decrypt previously-encrypted device storage, messages, or real-time communications streams.
    Type: Grant
    Filed: December 5, 2018
    Date of Patent: May 5, 2020
    Inventor: Raymond Edward Ozzie
  • Patent number: 10638178
    Abstract: The disclosure is directed to an apparatus that can include a first receiver, a second receiver, a video demultiplexor, and an assembly engine. The first receiver can receive multiplexed multimedia content and advertisement, the multiplexed multimedia content and advertisement being received over a reduced number of broadcast channels to release at least one of bandwidth and radio frequency spectrum, not included in the reduced number of broadcast channels, for other applications. The second receiver can receive unavailable other content, the unavailable other content being other content that is different from the multiplexed multimedia content and advertisement and unavailable to the apparatus. The video demultiplexor can demultiplex the received multiplexed multimedia content and advertisement from the reduced number of broadcast channels to produce a multimedia content and an advertisement and store, within a storage device, the multimedia content and the advertisement.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: April 28, 2020
    Assignee: Edge2020
    Inventors: Tell Allen Gates, Ronald Hirsch
  • Patent number: 10637654
    Abstract: Provided are a smart key device and a working method. When a register requesting command is received, the smart key device obtains a key handle, an authentication certificate and a first signing result and forms a response data of the register requesting command according to the second key pair, the key handle, the authentication certificate and the first signing result; when an authentication requesting command is received, the smart key device determines a current user legitimated by authenticating according to the authentication requesting command, obtains a second signing result according to the authentication requesting command and a current authenticating times, and forms a response data of the authentication requesting command according to the second signing result and the current authenticating times. Fast identity authentication can be implemented and security of online transaction can be enhanced by the present invention.
    Type: Grant
    Filed: September 20, 2018
    Date of Patent: April 28, 2020
    Assignee: FEITIAN TECHNOLOGIES CO., LTD.
    Inventors: Zhou Lu, Huazhang Yu
  • Patent number: 10637658
    Abstract: In a computing system, methods for secure OS level login authentication for internal users to access servers. Some or all servers in a group each utilize a local ID Service for generating and validating a challenge responsive to an OS login request. The challenge is processed in a centralized secure server HSM. Rather than copying individual user public keys to each host in the data center, we need only copy the public key of the HSM to each host in the group. When a user attempts OS level login to a host, it encrypts the challenge using the public key of the HSM and forwards the request for processing in the HSM. There, it decrypts the challenge using the private key in the HSM and re-encrypts the challenge with the public key of the individual user. The user's mobile device, previously registered, is required to complete the authentication process.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: April 28, 2020
    Assignee: SALESFORCE.COM, INC.
    Inventors: Prasad Peddada, Taher Elgamal
  • Patent number: 10637856
    Abstract: Systems, methods, and apparatuses for deploying a wireless router are disclosed. One method includes accessing, by the wireless router, default credentials, checking, by the wireless router, access to a backhaul link to an upstream network, authenticating, by the wireless router, using the default credentials, procuring, by the wireless router, a customer certificate of a customer, authenticating, by the wireless router, with an authentication server using the customer certificate, procuring, by the wireless router, from a management server, a customer specific wireless mesh configuration after being authenticated by the authentication server, rebooting, by the wireless router, using the customer specific wireless mesh configuration, thereby allowing the wireless router to operate within a wireless mesh network, and broadcasting, by the wireless router, service set identifiers (SSIDs) derived from the default credentials.
    Type: Grant
    Filed: December 12, 2017
    Date of Patent: April 28, 2020
    Assignee: ABB Power Grids Switzerland AG
    Inventors: Danu Tjahjono, Sunil Assao, Rafiq Shaikh
  • Patent number: 10628406
    Abstract: Example embodiments of the present invention relate to a method, a system, and a computer program product for verifying the integrity of replicated virtual machine data. The method includes reading data from a production volume at a production site. A representation of the data may be stored at a replica site with the integrity of the data stored in the replica volume being verified according to the representation of the data.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: April 21, 2020
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventor: Assaf Natanzon
  • Patent number: 10630464
    Abstract: A communication device to allocate shared keys to plural channels includes a storage, a receiver, a storage controller, an allocator, and an encryption processor. The storage includes a predetermined number of storage areas to store one or more shared keys shared with a destination device. The receiver is configured to receive a shared key. The storage controller controls storing the received shared key in any of the storage areas every time the shared key is received. The allocator can allocate the storage areas to communication channels used for communicating encrypted data between the communication device and the communication destination device, based on a ratio predetermined for each communication channel. The encryption processor can, according to a cryptosystem determined for the each communication channel, encrypt data and decrypt the encrypted data by using the shared key acquired from the storage area allocated to each communication channel.
    Type: Grant
    Filed: February 21, 2017
    Date of Patent: April 21, 2020
    Assignee: Kabushiki Kaisha Toshiba
    Inventor: Yoshimichi Tanizawa
  • Patent number: 10630663
    Abstract: The present disclosure describes techniques for configuring and participating in encrypted audio calls, audio conferences, video calls, and video conferences. In particular, a call initiator generates a meeting identifier and a first meeting key, which are encrypted using a first encryption key and distributed to one or more participants of the call. The one or more participants decrypt the meeting identifier and the first meeting key, and use that information to participate in the encrypted call. Further, participants respond to the encrypted communication data by encrypting their reply data with the first meeting key. The call initiator decrypts the reply data using the first meeting key.
    Type: Grant
    Filed: September 26, 2018
    Date of Patent: April 21, 2020
    Assignee: Wickr Inc.
    Inventors: Dipakkumar R. Kasabwala, Thomas Michael Leavy
  • Patent number: 10630686
    Abstract: In various embodiments, there is provide a method for organizing devices in a policy hierarchy. The method includes creating a first node. The method further includes assigning a first policy to the first node. The method further includes creating a second node, the second node referencing the first node as a parent node such that the second node inherits the first policy of the first node.
    Type: Grant
    Filed: March 10, 2016
    Date of Patent: April 21, 2020
    Assignee: Fornetix LLC
    Inventors: Charles White, Stephen Edwards
  • Patent number: 10621584
    Abstract: This disclosure includes biometrically secured networked devices with enhanced privacy protection. One system includes a first biometrically secured device having a first sensor, and a second biometrically secured device having a second sensor. The first device is programmed to: (i) obtain a first sample of a first biometric using the first sensor; (ii) generate a secret biometrically derived key using the first sample of the first biometric; (iii) encrypt a set of biometric data using the secret biometrically derived key; and (iv) transmit the set of encrypted biometric data to the second biometrically secured device. The second device is programmed to: (i) obtain a second sample of the first biometric using the second sensor; (ii) generate the secret biometrically derived key using the second sample of the first biometric; and (iii) decrypt the set of biometric data using the secret biometrically derived key.
    Type: Grant
    Filed: December 1, 2017
    Date of Patent: April 14, 2020
    Assignee: Clover Network, Inc.
    Inventors: Sameer Jayant Thatte, Arvin Carl Robert Haywood, Brian Jeremiah Murray
  • Patent number: 10616206
    Abstract: A method of creating an application purpose certificate, comprising: receiving from a software publisher an application code and declared privacy information, the declared privacy information includes at least one allowed usage purpose for each of a plurality of data types; analyzing the application's usage of data of each of the plurality of data types; verifying the usage is compliant with the least one allowed usage purpose according to the analysis; creating an encrypted digital purpose certificate, the digital purpose certificate is unique for the application code; and sending the digital purpose certificate to the software publisher to be bundled with the application code and a publisher authentication certificate.
    Type: Grant
    Filed: September 27, 2016
    Date of Patent: April 7, 2020
    Assignee: International Business Machines Corporation
    Inventors: Sima Nadler, Abigail Goldsteen
  • Patent number: 10615972
    Abstract: A computer and method for managing a shared key in a cluster of computers utilizes a node key to decrypt an encrypted shared key to obtain the shared key. A computer in the cluster can receive the node key from another computer in the cluster by transmitting an encrypted node key that has been encrypted using a master key to the other computer in the cluster, which is then decrypted using the master key at the other computer. The received node key can then be used by the requesting computer to decrypt the encrypted shared key to obtain the shared key.
    Type: Grant
    Filed: January 19, 2018
    Date of Patent: April 7, 2020
    Assignee: VMware, Inc.
    Inventors: Haoran Zheng, Wenguang Wang
  • Patent number: 10615971
    Abstract: Techniques for implementing high integrity logs for distributed software services are provided. According to one set of embodiments, a key management service running on a key server can maintain a secret master key. The key management service can further generate, for each of a plurality of distributed software service instances, a service key that is unique to a current lifecycle of the software service instance, the generating being based on the master key; and transmit the service key to the software service instance, where the service key is used by the software service instance in creating a high integrity log.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: April 7, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tolga Acar, Malcolm Erik Pearson
  • Patent number: 10608817
    Abstract: Disclosed is a zero-knowledge distributed application configured to securely share information among groups of users having various roles, such as doctors and patients. Confidential information may be encrypted client-side, with private keys that reside solely client side. Encrypted collections of data may be uploaded to, and hosted by, a server that does not have access to keys suitable to decrypt the data. Other users may retrieve encrypted data from the server and decrypt some or all of the data with keys suitable to gain access to at least part of the encrypted data. The system includes a key hierarchy with multiple entry points to a top layer by which access is selectively granted to various users and keys may be recovered.
    Type: Grant
    Filed: July 6, 2017
    Date of Patent: March 31, 2020
    Assignee: Masimo Corporation
    Inventors: Amer Haider, Ali Ahmed
  • Patent number: 10607211
    Abstract: The disclosure relates to a method for authenticating a user to a machine: generating a challenge by the machine, generating a first pattern, in which the challenge is coded, by the machine, displaying the first pattern on a display device of the machine, optically recording the first pattern by a user device, decoding the first pattern to receive the challenge by the user device, generating a response to the challenge by the user device, generating a second pattern, in which the response is coded, by the user device, displaying the second pattern on a display device of the user device, optically recording the second pattern by the machine, decoding the second pattern to receive the response by the machine, checking the correctness of the response by the machine, and, on the condition that the response is correct, fulfilling a function by the machine.
    Type: Grant
    Filed: January 6, 2014
    Date of Patent: March 31, 2020
    Assignee: BUNDESDRUCKEREI GMBH
    Inventors: Martin Schroeder, Frank Morgner
  • Patent number: 10601789
    Abstract: A plurality of devices are each operable to provide information that is usable for to prove authorization with any of the other devices. The devices may have common access to a cryptographic key. A device may use the cryptographic key to encrypt a session key and provide both the session key and the encrypted session key. Requests to any of the devices can include the encrypted session key and a digital signature generated using the session key. In this manner, a device that receives the request can decrypt the session key and use the decrypted session key to verify the digital signature.
    Type: Grant
    Filed: November 27, 2017
    Date of Patent: March 24, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Matthew James Wren, Eric Jason Brandwine, Brian Irl Pratt
  • Patent number: 10601874
    Abstract: A rule engine receives data flows. The data flows are between a network and an application. The rule engine determines data flow information and in dependence on the information performs an action with respect to said flow. A controller provides control information to the rule engine to define one or more actions. The communications between said rule engine and said controller are secure.
    Type: Grant
    Filed: September 18, 2018
    Date of Patent: March 24, 2020
    Assignee: Xilinx, Inc.
    Inventors: Steven L. Pope, David J. Riddoch, Derek Roberts
  • Patent number: 10601873
    Abstract: A rule engine receives data flows. The data flows are between a network and an application. The rule engine determines data flow information and in dependence on the information performs an action with respect to said flow. A controller provides control information to the rule engine to define one or more actions. The communications between said rule engine and said controller are secure.
    Type: Grant
    Filed: October 24, 2017
    Date of Patent: March 24, 2020
    Assignee: XILINX, INC.
    Inventors: Steven L. Pope, David J. Riddoch, Derek Roberts
  • Patent number: 10594694
    Abstract: Disclosed embodiments relate to securely caching and provisioning secrets for use in an offline process. Techniques include accessing, at an endpoint computing resource storing a secret, a first cryptographic key; encrypting the secret using the first cryptographic key; receiving, from an auxiliary device, a second cryptographic key; encrypting the encrypted secret with the second cryptographic key to produce an encrypted block; sending, without using a network connection, the encrypted block to the auxiliary device for decryption; receiving, from the auxiliary device and without using a network connection, a decrypted version of the encrypted block; and decrypting the encrypted secret with a cryptographic key corresponding to the first cryptographic key.
    Type: Grant
    Filed: March 11, 2019
    Date of Patent: March 17, 2020
    Assignee: CYBERARK SOFTWARE LTD.
    Inventors: Arthur Bendersky, Dima Barboi
  • Patent number: 10592685
    Abstract: A method for sharing read access to a document stored on memory hardware. The method includes receiving a shared read access command from a sharor sharing read access to a sharee for a document stored on memory hardware in communication with the data processing hardware, and receiving a shared read access request from the sharee. The shared read access command includes an encrypted value and a first cryptographic share value based on a write key, a read key, a document identifier, and a sharee identifier. The method also includes multiplying the first and second cryptographic share values to determine a cryptographic read access value. The cryptographic read access value authorizes read access to the sharee for the document. The method also includes storing a read access token for the sharee including the cryptographic read access value and the encrypted value in a user read set of the memory hardware.
    Type: Grant
    Filed: January 24, 2018
    Date of Patent: March 17, 2020
    Assignee: Google LLC
    Inventors: Kevin Yeo, Sarvar Patel, Giuseppe Persiano
  • Patent number: 10594663
    Abstract: This disclosure relates generally to computer based assessments, and more particularly to secured assessment distribution and printing. In one embodiment, the method includes mapping an assessment metadata with assessment conduction center (ACC) data to identify drive data having ACC location associated with candidates, count of candidates for each subject assessment, and subjects mapping with respective ACCs. The subjects are mapped with prestored content creator profile data to identify content creators capable of creating content for question papers corresponding to assessment subjects. The content for the question papers is bundled into distinct bundles that are encrypted with an encryption key based on schedule of assessment of assessment subject. The bundles are mapped with the drive data to identify bundles for respective ACCs and candidate profiles.
    Type: Grant
    Filed: February 6, 2017
    Date of Patent: March 17, 2020
    Assignee: Tata Consultancy Services Limited
    Inventors: Viral Prakash Shah, Rakesh Ramesh Ahirrao, Gaurav Singh, Komal Rameshwar Balode
  • Patent number: 10594691
    Abstract: Provided is an information processing apparatus including: a processing unit configured to selectively perform a process using information acquired from an application. The processing unit generates second key information based on first key information when the first key information is acquired from an application, retains specific information for specifying a target application on which a process is to be performed, when the first key information is acquired, determines whether an accessing application is the target application based on the specific information when being accessed by the application after the specific information is retained, performs a process based on information acquired from the accessing application and the second key information when the application is determined to be the target application, and refrains from performing a process using information acquired from the accessing application when the application is determined not to be the target application.
    Type: Grant
    Filed: January 22, 2015
    Date of Patent: March 17, 2020
    Assignee: SONY CORPORATION
    Inventor: Yasuo Takeuchi
  • Patent number: 10587653
    Abstract: A customer of a policy management service may use an interface with a configuration and management service to interact with policies that may be applicable to the customer's one or more resources. The customer may create and/or modify the policies and the configuration and management service may notify one or more other entities of the created and/or modified policies. The one or more other entities may be operated by user authorized to approve the created and/or modified policies. Interactions with the configuration and management service may be the same as the interactions with the policy management service.
    Type: Grant
    Filed: April 5, 2016
    Date of Patent: March 10, 2020
    Assignee: Amazon Technologies
    Inventors: William Frederick Kruse, Nima Sharifi Mehr