Key Management Patents (Class 380/277)
  • Patent number: 11403407
    Abstract: Various embodiments described herein relate to a system for providing file access while keeping both the accessing client and storage server from gaining any information about file contents or access patterns which they are not authorized to obtain. According to various embodiments, a key server instructs the storage server to retrieve a list of files, shuffle and re-encrypt the files in the list, and then send the list to the client. According to some embodiments, the key server also provides the client with information used to access the requested file from the list, re-encrypts the files in the lists again, reshuffles the list, and transmits the list back to the storage server to be recommitted to storage.
    Type: Grant
    Filed: September 19, 2017
    Date of Patent: August 2, 2022
    Assignee: KONINKLIJKE PHILIPS N.V.
    Inventor: Meilof Geert Veeningen
  • Patent number: 11405203
    Abstract: According to one example, a system includes a second computing device that has one or more processors configured to receive encrypted data from a first computing device, the encrypted data being encrypted based on a first encryption key. The one or more processors are further configured to generate a second encryption key that matches the first encryption key, decrypt the encrypted data using the second encryption key, and transmit the data for use.
    Type: Grant
    Filed: February 17, 2020
    Date of Patent: August 2, 2022
    Assignee: ECLYPSES, INC.
    Inventors: Robert E. Nelson, Aron J. Seader
  • Patent number: 11405374
    Abstract: Systems and methods of mitigating leakage of credentials of a user of a computer network, including monitoring at least one data source to scrape data that is compatible with credential data, applying a machine learning algorithm to the scraped data to identify at least one potential leaked credential, wherein the at least one potential leaked credential is identified using at least one neural network, authenticating the identified at least one potential leaked credential by a database of valid credentials of the computer network, and replacing credentials corresponding to the at least one leaked credential.
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: August 2, 2022
    Assignee: IntSights Cyber Intelligence Ltd.
    Inventors: Gal Ben David, Amir Hozez, Alon Arvatz, Guy Nizan
  • Patent number: 11405199
    Abstract: Provided are a computer program product, system, and method for determining key server type and key server redundancy information to enable encryption. A first key server type for a first protocol is indicated in a key server type field in response to determining a current protocol used to communicate with the key server comprises the first protocol. A query information request is submitted to the key server to determine a key server type in response to determining that the current protocol comprises the second protocol. The second key server type indicated in the response to the query information request is indicated in the key server type field in response to the response indicating the second key server type. The first or second type of key server indicated in the key server type field is used to determine information to include in a key retrieval request.
    Type: Grant
    Filed: March 11, 2020
    Date of Patent: August 2, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jacob Lee Sheppard, Roger G. Hathorn, Igor Popov
  • Patent number: 11398899
    Abstract: A data processing method includes the following steps: a processor receives a symmetric wrapping key, and when an application needs to use a user private key, the processor executes an encryption and decryption instruction in a hardware-acceleration instruction-set. The encryption and decryption instruction is configured to apply the symmetric wrapping key to decrypt a wrapped private key that corresponds to the application to obtain the user private key. In addition, the symmetric wrapping key is stored in a model specific register of the processor.
    Type: Grant
    Filed: March 16, 2020
    Date of Patent: July 26, 2022
    Assignee: SHANGHAI ZHAOXIN SEMICONDUCTOR CO., LTD.
    Inventors: Gangru Xue, Zhenhua Huang, Yun Shen
  • Patent number: 11398902
    Abstract: Systems and methods for non-deterministic multi-party, multi-user sender-receiver authentication and non-repudiated resilient authorized access to secret data are described herein. In one aspect, a method for data access includes receiving, at a server, a request for data access from a user; transmitting to users, a prompt for identity verification corresponding to the identity of each user, where at least one of user is different than the user requesting data access; receiving, in response to the identity verification prompt, a plurality of identification key fragments from storage locations or devices associated with the users, where each identification key fragment is user specific; generating an organization-specific data object from the plurality of identification key fragments; confirming the organization-specific data object by the users whose identities were validated; and authorizing the request for data access based on confirming the organization-specific data object.
    Type: Grant
    Filed: September 10, 2020
    Date of Patent: July 26, 2022
    Assignee: CYBORN LIMITED
    Inventor: David Lanc
  • Patent number: 11392490
    Abstract: Systems and methods for marking similarity groups impacted by a garbage collection operation are disclosed. Similarity groups are used to identify segments associated with objects in a computing system. Using deletion records that identify objects to be deleted, the similarity groups impacted by the deletion records can be identified. The live segments associated with the impacted similarity groups are also identified. This allows segments that are associated with the deleted objects and that are not associated with any live objects to be removed.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: July 19, 2022
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Kimberly R. Lu, Joseph S. Brandt, Nicholas A. Noto, Tipper Truong, Mariah Arevalo, Philip Shilane
  • Patent number: 11394550
    Abstract: Systems and methods for verifying proofs generated from shared data without revealing the shared data are provided. In one aspect, a method comprises receiving, from a first node, a first proof generated from a first private key associated with the first node and data shared between the first node and a second node; receiving, from the second node, a second proof generated from a second private key associated with the second node and the shared data; verifying, without revealing the shared data, the first proof and the second proof were both generated from the shared data with a first public key mathematically related to the first private key, and a second public key mathematically related to the second private key; and preforming an action based on the verification of the first proof and the second proof both being generated from the shared data.
    Type: Grant
    Filed: July 30, 2021
    Date of Patent: July 19, 2022
    Assignee: Dapper Labs Inc.
    Inventor: Tarek Ben Youssef
  • Patent number: 11394539
    Abstract: An information handling system may include a persistent memory configured to be secured via a passphrase; a basic input/output system (BIOS); and a management controller configured to provide out-of-band management of the information handling system. The BIOS may be configured to set the passphrase of the persistent memory, encrypt the passphrase via a first key of a first asymmetric key pair, and transmit the encrypted passphrase to the management controller. The management controller may be configured to decrypt the encrypted passphrase via a second key of the first asymmetric key pair, re-encrypt the passphrase via a first key of a second asymmetric key pair, and transmit the re-encrypted passphrase to an external management console via an out-of-band management interface.
    Type: Grant
    Filed: June 30, 2020
    Date of Patent: July 19, 2022
    Assignee: Dell Products L.P.
    Inventors: Wenwei Tang, Joan Jun Xiong
  • Patent number: 11386187
    Abstract: A device may not trust another device with which it is in communication. To establish trust, a first device may send a second device an indication of signed code that is stored in a protected memory of the first device. Based on determining that the first device is a trusted device, the second device may send the first device an encrypted content asset, a decryption key associated with the content asset, and/or an encryption key associated with the content asset.
    Type: Grant
    Filed: June 18, 2019
    Date of Patent: July 12, 2022
    Assignee: Comcast Cable Communications, LLC
    Inventor: Andrew Morrow
  • Patent number: 11386480
    Abstract: Systems and methodologies are disclosed that enable the distribution of production information and confirmation of the receipt of such information. The system and methodologies of the innovation require an access code to complete a transaction or application process. Use of the system and methodologies of the innovation enable customers to review accurate product information prior to purchasing a product and also provides greater protections against fraudulent purchases.
    Type: Grant
    Filed: August 17, 2017
    Date of Patent: July 12, 2022
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Manpreet Singh
  • Patent number: 11381391
    Abstract: A first computing node configures for communication with a second computing node according to a secure Media Access Layer (MAC) layer communication protocol. The first computing node transmits a first message, to the second computing node. The first message includes at least a first indication that the first computing node is capable of communicating according to the secure MAC layer communication protocol based on a pre-shared secret key. The first computing nodes determines to communicate with the second computing node according to the secure MAC layer communication protocol based on one of a pre-shared secret key or a distributed shared key. The first computing node, at least in part based on the determining, transmits a second message to the second computing node according to the secure MAC layer communication protocol based on the one of the pre-shared secret key or the distributed shared key.
    Type: Grant
    Filed: June 15, 2020
    Date of Patent: July 5, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Lionel Florit, Chennakesava Reddy Gaddam, Annu Singh, Gaurav Kumar, Shwetha Subray Bhandari
  • Patent number: 11372983
    Abstract: A select processor obtains a request to perform a requested operation. The request includes encrypted data and a protected key. The protected key is to be used by the select processor on behalf of an entity unauthorized to use the protected key. The encrypted data is decrypted using the protected key to obtain decrypted data. The requested operation is performed on the decrypted data to obtain resulting data. The resulting data is encrypted (e.g., using the protected key) to obtain encrypted resulting data. The encrypted resulting data is provided to a requestor of the request.
    Type: Grant
    Filed: March 26, 2019
    Date of Patent: June 28, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Anthony T. Sofia, Jonathan D. Bradbury
  • Patent number: 11374975
    Abstract: A method and a system for integrating post quantum cryptographic algorithms into TLS. The method includes transmitting a client hello message to a server including a request for post quantum cryptographic (PQC) mode of operation and a PQC public client key, receiving a server hello message from the server in response to the client hello message including a PQC server key exchange generated from the PQC public client key. The method includes determining the server hello message includes an authorization to operate the PQC mode of operation. The method also includes transmitting a second client hello message to the server including a PQC encrypted client key share. The PQC encrypted client key share is encrypted using a client encryption key. The method includes receiving a second server hello message that includes a PQC encrypted server key share and decrypting the PQC encrypted server key share using a server encryption key.
    Type: Grant
    Filed: July 2, 2020
    Date of Patent: June 28, 2022
    Assignee: International Business Machines Corporation
    Inventors: Michael W. Gray, Narayana Aditya Madineni, Simon D. McMahon, Matthew Green, Leigh S. McLean, Peter T. Waltenberg
  • Patent number: 11368469
    Abstract: This disclosure relates to generating location event measurements. In one aspect, a method includes presenting, by a client device, a digital component comprising geofence data that defines one or more physical locations corresponding to the digital component. In response to presenting the digital component, a trusted program of the client device stores, in a presentation event data structure, a presentation event data element specifying the geofence data. The trusted program detects, based on location information indicating a current location of the client device and the geofence data that the client device is within one of the one or more physical locations. In response to detecting that the client device is within one of the one or more physical locations, an event report is transmitted to a reporting system for the digital component. The event report indicates that a location event for the digital component has occurred.
    Type: Grant
    Filed: June 22, 2020
    Date of Patent: June 21, 2022
    Assignee: Google LLC
    Inventors: Alex Daniel Jacobson, Gang Wang
  • Patent number: 11362834
    Abstract: Systems and methods are described for managing digital rights. Methods may comprise causing an encrypted content asset to be stored at a storage location. The encrypted content asset at the storage location may be accessible by one or more user devices. A transaction may be generated and may comprise an identifier and a decryption key, wherein the decryption key is configured to decrypt at least a portion of the encrypted content asset. The transaction may be caused to be stored in a distributed database, wherein the distributed database is accessible by the one or more user devices using at least the identifier.
    Type: Grant
    Filed: July 24, 2017
    Date of Patent: June 14, 2022
    Assignee: Comcast Cable Communications, LLC
    Inventor: Ross Gilson
  • Patent number: 11356253
    Abstract: To propose a technique for solving a key delivery problem. Both of a client and a server have a function of generating the same solution at the same date and time based on the same initial solution. The client sends identification information for identifying the client to the server (S1002). The client and the server generate the same solution with time synchronization based on the initial solution (S1003 and S2002). The client and the server perform encrypted communication using the same key as a common key (S1004 and S2003).
    Type: Grant
    Filed: September 18, 2018
    Date of Patent: June 7, 2022
    Assignee: NTI, INC.
    Inventor: Takatoshi Nakamura
  • Patent number: 11356284
    Abstract: A method at a computing device within an Intelligent Transportation System, the method comprising: determining, at the computing device, whether a short-term certificate is available to sign a message; if the short-term certificate is available, signing the message with a private key associated with the short-term certificate; if the short-term certificate is not available, signing the message with a private key associated with a long-term certificate; and sending the message to a recipient.
    Type: Grant
    Filed: October 19, 2020
    Date of Patent: June 7, 2022
    Assignee: BlackBerry Limited
    Inventors: Stephen John Barrett, John Octavius Goyo, James Randolph Winter Lepp
  • Patent number: 11354048
    Abstract: A storage device includes at least one non-volatile memory device, a memory controller encrypting data using key information, storing the encrypted data in the at least one non-volatile memory device, or reading the encrypted data from the at least one non-volatile memory device, decrypting the read encrypted data using the key information and outputting the decrypted data to an external device, and a security chip connected to the memory controller, and storing the key information, and including an identification module for use in a data disposal operation.
    Type: Grant
    Filed: September 29, 2020
    Date of Patent: June 7, 2022
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Juil Kim, Jaecheol An
  • Patent number: 11349655
    Abstract: Described herein are systems and methods for a distributed Java Keystore, in accordance with an embodiment. This KeyStore can provide a secure place for a distributed queue to persist credentials, private keys, and other sensitive information. Such a KeyStore can be utilized within other distributed systems that require scaling (in and out) in runtime.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: May 31, 2022
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Chen He, Satish Panchumarthy, Geoffrey Stewart
  • Patent number: 11349822
    Abstract: A request may be received from an application for a performance of an operation associated with a cryptographic key that is stored at a secure enclave. A plugin of the secure enclave may be identified from the request for performance of the operation. The operation associated with the cryptographic key may be performed by using the plugin of the secure enclave to generate an output within the secure enclave. The output generated within the secure enclave and based on the plugin may be provided to the application.
    Type: Grant
    Filed: November 20, 2017
    Date of Patent: May 31, 2022
    Assignee: Fortanix, Inc.
    Inventors: Anand Kashyap, Ambuj Kumar, Jethro Gideon Beekman, Jeffrey Seyfried
  • Patent number: 11347679
    Abstract: Systems and methods for a hybrid system-on-chip usable for predicting performance and power requirements of a host server include a big cores module, including central processing units, for receiving and pre-processing performance and power metrics data of the host server and to allocate computing resources, a small cores module, including massively parallel processing units, for mapping each instance associated with host server in the performance and power metrics data to a corresponding massively parallel processing unit based on the allocated computing resources for a per-instance metrics calculation, and an artificial intelligence (AI) accelerator for calculating performance and power prediction results based on the per-instance calculations from the small cores module.
    Type: Grant
    Filed: February 8, 2018
    Date of Patent: May 31, 2022
    Assignee: Alibaba Group Holding Limited
    Inventors: Jun Song, Yi Liu, Lingling Jin, Guan Wang, Ying Wang, Hong Tang, Nan Zhang, Zhengxiong Tian, Yu Zhou, Chao Qian, Shuiwang Liu, Jun Ruan, Bo Yang, Lin Yu, Jiangwei Huang, Hong Zhou, Yijun Lu, Ling Xu, Shiwei Li, Xiaolin Meng
  • Patent number: 11341252
    Abstract: A personal information security system allows for the storage of data in a secure manner by assigning a key to the data and breaking up the data then sending parts or pieces to many computing devices on a network. The data is requested and gathered from the user base by providing the key to the data.
    Type: Grant
    Filed: March 12, 2019
    Date of Patent: May 24, 2022
    Inventor: Cody Ray Anderson
  • Patent number: 11343098
    Abstract: The systems and methods of securing digital conversations for its life cycle, comprising: establishing a secure channel on a private network to receive communication on a first profile from another profile on a whitelist using alias and digital keys; establishing a cryptographic key that is of a length that is supported by the computing device of the first profile; sending an encrypted conversation with digital signature using a first temporal key of detected cryptographic key length to a second profile; storing the sent conversation in a digital vault with the first temporal key; receiving an encrypted response with digital signature using a second temporal key from the second profile; decrypting the response after validating the digital signature; re-encrypting the response with a third temporal key; storing the re-encrypted response in the digital vault with the third temporal key.
    Type: Grant
    Filed: July 22, 2019
    Date of Patent: May 24, 2022
    Assignee: Whitestar Communications, Inc.
    Inventor: Billy Gayle Moon
  • Patent number: 11343092
    Abstract: A method of biometric signature. The method comprises receiving a biometric data input from a user and generating a digital artifact from the biometric data input. N private keys are generated from the digital artifact. Upon receiving input of a document, a hash of the document is generated. In response to receiving a signature from the user on the document, the hash is encrypted with each private key to create an encrypted hash with N encrypted keys. The encrypted hash and N encrypted keys are stored in a database.
    Type: Grant
    Filed: June 18, 2020
    Date of Patent: May 24, 2022
    Assignee: ADP, Inc.
    Inventors: Israel Oliveira, Cristian Basilio, Douglas Parnoff, Leandro Pereira
  • Patent number: 11336440
    Abstract: The disclosed exemplary embodiments include computer-implemented systems, devices, and processes that securely manage and regenerate cryptographic keys using permissioned distributed ledgers. For example, a device may receive, from a first computing system, data indicative of a recordation of a first public key onto a distributed ledger. Based on an occurrence of a regeneration condition, the device may transmit, to a second computing system, a second public key and a first digital signature, and the second computing system may validate the first digital signature, apply a second digital signature to the second public key, and transmit the second public key and the digital signatures to the first computing system. The device also receives, from the first computing system, additional data indicative of a recordation of the second public key onto the distributed ledger, and based on the additional data, the device may invalidate the first private key.
    Type: Grant
    Filed: December 16, 2019
    Date of Patent: May 17, 2022
    Assignee: The Toronto-Dominion Bank
    Inventors: Alexey Shpurov, Albert Louis Rothenstein, Adrian Chung-Hey Ma, Buturab Rizvi, Alexandra Tsourkis, Francis James Alexander Guttridge
  • Patent number: 11329967
    Abstract: A system and method of provisioning personalization data of a second type to a device having personalization data of a first type, the device having a global root key GK_0, and a secure processing environment having unique information is disclosed. In one embodiment, the method comprises accepting a provisioning request from the device, the provisioning request comprising the unique information and an identifier of a second type of provisioning data requested, converting the personalization data from the first type to the second type, and transmitting the converted personalization data to the device.
    Type: Grant
    Filed: May 22, 2020
    Date of Patent: May 10, 2022
    Assignee: ARRIS Enterprises LLC
    Inventors: Tat Keung Chan, Alexander Medvinsky
  • Patent number: 11330465
    Abstract: A method, apparatus and system for transmitting control information in a header of a physical protocol data unit (PPDU), such as an IEEE 802.11 compliant PPDU. Embodiments include indicating control features in an EDMG PPDU for Wireless LAN communications. The method and system may include overloading at least one bit of a Scrambler Initialization Field in the PPDU header (e.g. the PHY header) to convey control information, as well as to be used to initialise the scrambler shift register. The same header bits are thus used for both purposes. Examples of control information include a primary channel, channel width or MIMO configuration to be used in further communication.
    Type: Grant
    Filed: April 5, 2017
    Date of Patent: May 10, 2022
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Yan Xin, Sheng Sun, Osama Aboul-Magd, Kwok Shum Au, Jung Hoon Suh
  • Patent number: 11330428
    Abstract: Core network equipment (20) in a wireless communication system transmits control plane signaling (22) to a user equipment (16) which receives that control plane signaling (22). The control plane signaling (22) indicates a privacy key (24) with which a subscriber identifier (e.g., an international mobile subscriber identity, IMSI) associated with the user equipment (16) is to be encrypted or decrypted. The control plane signaling (22) may be non-access stratum, NAS, signaling. The privacy key (24) may be a public key of a home network associated with the subscriber identifier.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: May 10, 2022
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Christine Jost, Peter Hedman, Monica Wifvesson
  • Patent number: 11323276
    Abstract: Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using the shared secret. The first computer may send its blinded public key, the encrypted blinding factor, and the encrypted certificate to the second computer. The second computer may generate the same shared secret using its private key and the blinded public key of the first computer. The second computer may authenticate the first computer by verifying its blinded public key using the blinding factor and the certificate of the first computer. The first computer authenticates the second computer similarly.
    Type: Grant
    Filed: June 3, 2020
    Date of Patent: May 3, 2022
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventor: Eric Le Saint
  • Patent number: 11323479
    Abstract: A system comprises a data storage service includes a web service interface operating as a proxy to the data storage service. Data obtained at the data storage service is analyzed by one or more criteria of a data loss prevention policy, the data is encrypted by a key that is inaccessible to a remote service, and then the encrypted data is transmitted to the remote service.
    Type: Grant
    Filed: July 26, 2018
    Date of Patent: May 3, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Matthew James Wren
  • Patent number: 11316672
    Abstract: A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.
    Type: Grant
    Filed: June 27, 2019
    Date of Patent: April 26, 2022
    Assignee: lOT AND M2M TECHNOLOGIES, LLC
    Inventor: John A. Nix
  • Patent number: 11314879
    Abstract: A method for generating and storing a digital copy of a motor vehicle includes: (a) generating a private key; (b) storing the private key in a data memory of the motor vehicle; (c) generating the digital copy of the motor vehicle; and (d) storing the digital copy of the motor vehicle in a blockchain by way of the private key.
    Type: Grant
    Filed: February 24, 2020
    Date of Patent: April 26, 2022
    Inventor: Sebastian Söhner
  • Patent number: 11316667
    Abstract: A network device may identify a plurality of security policies associated with the network device. The network device may generate respective sets of local key pairs for the plurality of security policies, wherein the respective sets of local key pairs are to facilitate negotiating security associations involving the network device. The network device may store the respective sets of local key pairs in a key data structure of the network device to permit the network device to provide, to a source device, a local public key for a security association with the source device.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: April 26, 2022
    Assignee: Juniper Networks, Inc.
    Inventors: Pavan Gururaj Katti, Veerabhushan K. Hatte
  • Patent number: 11308435
    Abstract: In various embodiments, a system may be configured to substantially automatically determine whether to take one or more actions in response to one or more identified risk triggers (e.g., data breaches, regulation change, etc.). The system may, for example: (1) compare the potential risk trigger to one or more previous risks triggers experienced by the particular entity at a previous time; (2) identify a similar previous risk trigger (e.g., one or more previous risk triggers related to a similar change in regulation, breach of data, type of issue identified, etc.); (3) determine the relevance of the current risk trigger based at least in part on a determined relevance of the previous risk trigger; and (4) determine whether to take one or more actions to the current risk trigger based at least in part on one or more determined actions to take in response to the previous, similar risk trigger.
    Type: Grant
    Filed: June 22, 2020
    Date of Patent: April 19, 2022
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Kevin Jones, Jonathan Blake Brannon
  • Patent number: 11310208
    Abstract: Methods and apparatus for a secure time service are disclosed. A time server including a time source, a cryptographic key and a cryptographic engine is instantiated within a provider network. A time service endpoint receives a timestamp request from a client. The endpoint transmits a representation of the request to the time server, and receives, from the time server, an encryption of at least a timestamp generated using the time source. A response comprising the encryption of at least the timestamp is transmitted to the requesting client.
    Type: Grant
    Filed: December 22, 2017
    Date of Patent: April 19, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Thomas Charles Stickle, Eric Jason Brandwine
  • Patent number: 11303427
    Abstract: The method of verifying an opinion includes, by an account module, receiving a request for identification information of the opinion (Ballot Stamp) from the user terminal; requesting a first random value to the user terminal; receiving a first homomorphic ciphertext from the user terminal; generating a second random value; storing a first value; generating a second homomorphic ciphertext from the Ballot Stamp; receiving a third homomorphic ciphertext obtained from a tag from an opinion verifying program module; and transmitting the second homomorphic ciphertext and the third homomorphic ciphertext to the user terminal. The method further includes, by the opinion verifying program module, receiving the tag obtained by decrypting the third homomorphic ciphertext, Ballot Stamp, and the opinion message, from the user terminal; and determining the opinion as being verified if the value calculated by the first arithmetic operation to the random value and Ballot Stamp is identical to the tag.
    Type: Grant
    Filed: June 25, 2020
    Date of Patent: April 12, 2022
    Assignee: Korea Smart Authentication Corp.
    Inventors: Joonkoo Kang, Kibong Moon, Hawon Han
  • Patent number: 11301845
    Abstract: Methods and systems for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include: receiving, in a cryptoasset custodial system, a request to authorize a staking operation associated with a blockchain, wherein the staking operation is associated with a private key of an asymmetric cryptographic key pair, the private key is usable to control ownership of a cryptoasset recorded in the blockchain, and the private key is securely held in the custodial system; performing, in response to the request, a portion of the proof-of-stake protocol in a hardware security module using logic designed for the protocol, wherein the logic in the hardware security module is configured to authorize the staking operation by digitally signing an associated staking transaction; and sending the digitally signed staking transaction to another computer to effect the staking operation on behalf of the user.
    Type: Grant
    Filed: August 19, 2019
    Date of Patent: April 12, 2022
    Assignee: Anchor Labs, Inc.
    Inventors: Diogo Monica, Nathan P. McCauley, Boaz Avital, Riyaz D. Faizullabhoy
  • Patent number: 11296870
    Abstract: A method, a system, and a computer program product for performing key management configurations. One or more encryption keys for encrypting one or more data payloads for accessing one or more databases are received. The received encryption keys are compared to a plurality of encryption keys associated with the databases. Based on the comparison, a configuration of at least one database is changed using the received encryption keys. The changed configuration is stored.
    Type: Grant
    Filed: October 1, 2019
    Date of Patent: April 5, 2022
    Assignee: SAP SE
    Inventors: Christoph Hohner, Sascha Zorn, Meinolf Block, Martin Schindewolf
  • Patent number: 11290433
    Abstract: A networked device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences of messages, such as replicated data, using one or more keypairs and wrapping keys. The sequences of messages can include an initial set of messages that are encrypted by a wrapping key, and further include another set of messages that are encrypted by a replaced staggered key. The sequence of messages can be configured to be decrypted without exporting keys of hardware security modules.
    Type: Grant
    Filed: March 31, 2021
    Date of Patent: March 29, 2022
    Assignee: Snowflake Inc.
    Inventors: Damien Carru, Robert Bengt Benedikt Gernhardt, Martin Hentschel, Nithin Mahesh, Eric Robinson
  • Patent number: 11288753
    Abstract: The invention creates a single use authentication code from (1) predefined unencrypted data from at least one tax form, (2) primary keys, and (3) a secondary key generated from metadata correlated to the input of the unencrypted data, the above elements being used by a data encryption circuit having a polynomial integer encryption (PIE) engine, to generate the authentication code. The authentication code is translated into at least one symbol, using, for example, barcode technology, and applied to a tax document or form or otherwise encoded into electronic documents. (4) the IRS SENTENAL Key/Code alphanumeric characters are stored from the previous year(s), and applied in the preamble of the secure authentication transmission; and/or in the subsequent year of tax filing form(s).
    Type: Grant
    Filed: October 2, 2019
    Date of Patent: March 29, 2022
    Inventor: Kurt B. Schuh
  • Patent number: 11290258
    Abstract: A hybrid encryption method for securely transferring an electronic data package from a sender to a plurality of clients. The method comprises storing a shared symmetric key on each of the clients. The sender encrypts a private key of an asymmetric key pair using the shared symmetric key. The sender encrypts the data package with a temporary symmetric key to generate an encrypted data package. The sender encrypts the temporary symmetric key with the public key of the asymmetric key pair to generate an encrypted temporary symmetric key. The sender transmits the encrypted data package, the encrypted temporary symmetric key, and the encrypted private key to the clients. Each client decrypts the encrypted data package by: using the shared symmetric key to decrypt the encrypted private key; using the decrypted private key to decrypt the encrypted temporary symmetric key, and using the decrypted temporary symmetric key to decrypt the encrypted data package.
    Type: Grant
    Filed: February 22, 2019
    Date of Patent: March 29, 2022
    Assignee: PANASONIC AVIONICS CORPORATION
    Inventor: Philip Watson
  • Patent number: 11290282
    Abstract: In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic end-to-end integrity for data repositories in an on-demand services environment, where a database system-implemented method includes receiving, by the database system, a content file and metadata to be submitted to a data repository of the database system. The content file may include content, where the metadata may include identifying data associated with at least one of the content and a user associated with the content. The method may include verifying, by the database system, the identifying data of the metadata. The verification of the identifying data represents authentication of at least one of the user and the content. The method may include submitting, by the database system, the content file and the metadata to the data repository, upon authentication of at least one of the user and the content via successful verification of the identifying data.
    Type: Grant
    Filed: November 25, 2019
    Date of Patent: March 29, 2022
    Assignee: salesforce.com, Inc.
    Inventors: Shiloh Cory Heurich, Frank Siebenlist, Taher Elgamal, Clayten Tyler Joseph Hamacher, Matthew Steele, Pathik Ashok Solanki, Matthew B. Schechtman
  • Patent number: 11284439
    Abstract: A method and apparatus for transmitting a physical random access channel (PRACH) in a wireless communication system is provided. A user equipment (UE) receives multiple PRACH configurations which include a first PRACH configuration for new radio access technology (NR) downlink/uplink (DL/UL) carrier in a NR band and a second PRACH configuration for a supplemental UL carrier in a long-term evolution (LTE) band, and transmits at least one of a first PRACH for accessing the NR DL/UL carrier in the NL band by using a first PRACH power based on the first PRACH configuration, or a second PRACH for accessing the supplemental UL carrier in the LTE band by using a second PRACH power based on the second PRACH configuration. The first PRACH configuration and the second PRACH configuration include different PRACH power configuration.
    Type: Grant
    Filed: January 4, 2018
    Date of Patent: March 22, 2022
    Assignee: LG Electronics Inc.
    Inventors: Yunjung Yi, Seonwook Kim, Daesung Hwang, Inkwon Seo
  • Patent number: 11283626
    Abstract: An apparatus including a processor and a memory, where the processor and the memory are configured to provide a secure execution environment and the memory stores a hardware unique key and a class key. The processor is configured to recover, in the secure execution environment, a certificate signing key based on the class key, where the certificate signing key is associated with a certificate authority. The processor is further configured to derive a device key pair based on the hardware unique key, where the device key pair includes a device public key and a device private key, and generate a device certificate based on the device public key and the certificate signing key. The generated device certificate is configured to be validated based on a public key associated with the certificate authority.
    Type: Grant
    Filed: September 6, 2016
    Date of Patent: March 22, 2022
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Gang Lian, Sampo Sovio, Taisheng Deng, Xiaopu Wang, Zongbo Ye
  • Patent number: 11275706
    Abstract: According to an aspect of the present disclosure, SATA bridges in cascade connection and storage devices connected beyond the SATA bridges are identified. A setting of the operation mode of each of the SATA bridges is performed in accordance with a connection configuration of the SATA bridge and the storage device.
    Type: Grant
    Filed: October 31, 2018
    Date of Patent: March 15, 2022
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Hiroki Ito
  • Patent number: 11271724
    Abstract: One-time-pad (OTP) encryption systems and methodologies are resistant to cracking, even by advanced quantum computers. In contrast to some purported solutions, the required elements of an unbreakable OTP system are preserved under Claude Shannon's mathematical proof. In alternative embodiments, the invention uses a secure network to reconstitute blockchain systems without the use of asymmetric encryption. Described extensions of these block chain systems are described which enable an entirely new set of applications for protecting privacy, sharing information, performing validations and analysis of data, and creating system actions that are constrained by complex data algorithms.
    Type: Grant
    Filed: February 21, 2020
    Date of Patent: March 8, 2022
    Assignee: Quantum Lock, Inc.
    Inventor: Will Ragan
  • Patent number: 11271727
    Abstract: In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle's operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.
    Type: Grant
    Filed: July 18, 2018
    Date of Patent: March 8, 2022
    Assignee: KARAMBA SECURITY LTD.
    Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai, Eli Mordechai
  • Patent number: 11271923
    Abstract: According to the present invention, an information processing apparatus that verifies a signed token is provided. The apparatus comprises a holding unit for holding key information for verifying the signed token, an obtainment unit for obtaining new key information from a server that provides the key information, and holding the new key information in the holding unit, if the key information for verifying a received signed token is not held in the holding unit, and a verification unit for verifying the signed token using the key information if the key information for verifying the received signed token is held in the holding unit.
    Type: Grant
    Filed: August 26, 2019
    Date of Patent: March 8, 2022
    Assignee: Canon Kabushiki Kaisha
    Inventor: Ryo Kishimoto
  • Patent number: 11265152
    Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. The access controller receives from a manager device a public key. The public key is associated with a private key stored on a device to be authorized. The controller determines a user key that provides access to the cryptographic key; encrypts the user key based on the public key and such that the user key is decryptable based on the private key stored on the device to be authorized; and stores, on the data store, authorization data indicative of the encrypted user key.
    Type: Grant
    Filed: January 9, 2020
    Date of Patent: March 1, 2022
    Assignee: Western Digital Technologies, Inc.
    Inventors: Brian Edward Mastenbrook, David Robert Arnold