Key Distribution Patents (Class 380/278)
  • Patent number: 11128436
    Abstract: A processor device with a white-box masked implementation of the cryptographic algorithm AES implemented thereon, which comprises a SubBytes transformation. The white-box masked implementation is hardened in that white-box round input values x? are supplied at the round input of rounds instead of the round input values x, said white-box round input values being formed from a concatenation of: (i) the round input values x that are masked by means of the invertible masking mapping A and (ii) obfuscation values y that are likewise masked with the invertible masking mapping A; wherein from the white-box round input values x? only the (i) round input values x are fed to the SubBytes transformation T, and (ii) the masked obfuscation values y are not.
    Type: Grant
    Filed: July 12, 2017
    Date of Patent: September 21, 2021
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventor: Sven Bauer
  • Patent number: 11126241
    Abstract: A wireless mobile device in a public communication network receives network-initiated signaling or messaging, while operating in a battery-conserving mode, or modes that, keep(s) minimal baseband processing functions awake. The baseband processing functions process incoming signaling or data in a received message to determine whether to act further on information in the incoming message by enabling additional processing capability in the mobile device. The mobile device may have permanent template criteria values, either coded in firmware or implemented in hardware, or temporary template criteria values, stored in RAM or processor registers, that are compared to values of an incoming message or datagram from the mobile network to determine whether to perform additional actions, such as awakening an application processor.
    Type: Grant
    Filed: September 2, 2019
    Date of Patent: September 21, 2021
    Assignee: M2MD TECHNOLOGIES INC.
    Inventor: Charles M. Link, II
  • Patent number: 11108786
    Abstract: A data processing method may include: determining, by a transaction initiation node in a blockchain, transaction data of a transaction and information to be hidden in the transaction data; obtaining, by using the transaction data as an input of a predetermined one-way function, a transaction root of the transaction, and constructing, based on the transaction root, proof data corresponding to the information to be hidden; and, after signing the transaction root, initiating a transaction request to write the transaction root and the proof data on the blockchain, for a node in the blockchain to perform consensus verification on the transaction root and the proof data, and approve or reject the transaction request based on a verification result.
    Type: Grant
    Filed: February 6, 2021
    Date of Patent: August 31, 2021
    Assignee: ADVANCED NEW TECHNOLOGIES CO., LTD.
    Inventor: Husen Wang
  • Patent number: 11102185
    Abstract: Blockchain-based service data encryption methods and apparatuses are provided wherein by a first derived key is obtained by a node device of a key receiver, the first derived key distributed by a node device of a key distributor, wherein the first derived key is derived from a derived key of the key distributor based on a service data permission type of the key receiver and service data is encrypted based on the first derived key to obtain encrypted service data. The encrypted service data is sent to a blockchain, so that the encrypted service data is recorded in a distributed database of the blockchain after the blockchain performs consensus verification on the encrypted service. Because the derived key of the key distributor can decrypt the service data encrypted by the first derived key, the key distributor can decrypt, monitor, and manage service data uploaded by the key receiver.
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: August 24, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Shubo Li, Yixiang Zhang
  • Patent number: 11093413
    Abstract: Techniques for protecting information may include: exposing a logical device of a data storage system to a host, wherein the logical device has an attribute identifying the logical device as a stealth device having accessibility controlled by the data storage system based on commands issued over a control path, wherein the logical device has a mode indicating whether the logical device is accessible to the host; sending, from the host to the data storage system, a write command that writes first data on the logical device when the mode indicates the logical device is accessible to the host; and subsequent to said sending, issuing a command over the control path to the data storage system, wherein the command sets the mode of the logical device to inaccessible indicating the logical device is not accessible to the host.
    Type: Grant
    Filed: October 8, 2019
    Date of Patent: August 17, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Arieh Don, George F. Johnson
  • Patent number: 11095436
    Abstract: In providing cloud services, key-based security measures specific to a local network are utilized when an internal client terminal logs into the network to access cloud services, and when a remote client terminal connects directly to the cloud services. A cloud service computer references the credential authorization service of the local network, allowing key-based security measures of that network to be applied even when a remote client terminal connects directly to a cloud service computer. By referencing the local credential authorization service, it is possible to provide cloud services to different organizations that administer key-based security measures independently of each other.
    Type: Grant
    Filed: September 30, 2019
    Date of Patent: August 17, 2021
    Assignee: KONICA MINOLTA BUSINESS SOLUTIONS U.S.A., INC.
    Inventor: Randy Cruz Soriano
  • Patent number: 11088825
    Abstract: Examples disclosed herein relate to receiving a record of a data transaction between two participants, creating a ledger entry associated with the record of the data transaction, appending the ledger entry to a subset of a plurality of partial ledgers associated with a blockchain, and updating a table of contents associated with each of the plurality of partial ledgers associated with the blockchain.
    Type: Grant
    Filed: April 11, 2017
    Date of Patent: August 10, 2021
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Mike A Holmberg, Nataraj Kumar Gobbak
  • Patent number: 11080408
    Abstract: Embodiments of the disclosure include systems and methods for secure storage and/or retrieval of customer secrets by, e.g., a cloud services provider. According to methods, secret data that is to be securely stored may be transmitted, along with an initialization vector, to an encryption service for encryption using a private key stored on in a remote key vault. The encrypted data can be returned and stored, in its encrypted form, in a secure storage along with the initialization vector data. To retrieve the securely stored data, embodiments disclose retrieving the encrypted form of the data and transmitting it, along with its related initialization vector data, to the encryption service for decryption using the private key stored in the remote key vault. The decrypted data can then be made available to a requesting product service.
    Type: Grant
    Filed: August 27, 2019
    Date of Patent: August 3, 2021
    Assignee: Citrix Systems, Inc.
    Inventors: Thomas Kludy, Ricardo Fernando Feijoo
  • Patent number: 11070366
    Abstract: A method for anonymous authentication and key establishment based on passwords (APAKE), includes instantiating, by the server, an OPRF scheme and a symmetric encryption scheme; engaging in, by the client and the server, an OPRFEvaluate protocol so that the client learns a decryption key associated with its password while the server learns nothing; securely transferring, by the server, a nonce and a symmetric encryption key to the client if the client holds a valid password; sending, by the client, its nonce encrypted under the symmetric encryption key; using, by the server, the symmetric encryption key to decipher ciphertext received by virtue of the sending, by the client, its nonce encrypted under the symmetric encryption key and to recover the client's nonce; and computing, by the server and the client, a compute key based on the client's nonce and the server's nonce.
    Type: Grant
    Filed: January 4, 2019
    Date of Patent: July 20, 2021
    Assignee: NEC CORPORATION
    Inventors: Claudio Soriente, Maria Isabel Gonzalez Vasco, Angel Luis Perez del Pozo
  • Patent number: 11070369
    Abstract: A system that comprises a quantum key device configured to generate quantum information and transmit the quantum information over a first and second quantum communication channel. The system also comprises a first device, communicatively coupled to the quantum key device over the first quantum communication channel, and a second device, communicatively coupled to the quantum key device over the second quantum communication channel. The system further comprises an encryption module configured to encrypt data to create encrypted data, at the first device, using a first quantum encryption key. The system also comprises a decryption module configured to decrypt the encrypted data to create decrypted data, at the second device, using a second quantum encryption key. The first quantum encryption key is the same as the second quantum encryption key. The system further comprises a termination module configured to prevent access to the decrypted data after a predetermined period of time.
    Type: Grant
    Filed: January 16, 2020
    Date of Patent: July 20, 2021
    Assignee: The Boeing Company
    Inventors: Wayne R. Howe, Jeffrey H. Hunt
  • Patent number: 11057200
    Abstract: An apparatus for enhancing secret key rate exchange over quantum channel in QKD systems includes an emitter system with a quantum emitter and a receiver system with a quantum receiver, wherein both systems are connected by a quantum channel and a service communication channel. User interfaces within the systems allow to define a first quantum channel loss budget based on the distance to be covered between the quantum emitter and the quantum receiver and the infrastructure properties of the quantum channel as well as a second quantum channel loss budget associated to the loss within the realm of the emitter system. The emitter system is adapted to define the optimal mean number of photons of coherent states to be emitted based on the first and the second quantum channel loss budgets.
    Type: Grant
    Filed: November 24, 2017
    Date of Patent: July 6, 2021
    Assignee: id Quantique SA
    Inventors: Matthieu Legré, Grégoire Ribordy, Damien Stucki
  • Patent number: 11051169
    Abstract: Methods and apparatus for controlling access to and/or forwarding of communicated information, e.g. traffic, in a wireless communication system are described. The key, e.g., PSK, used to secure data that is transmitted to an access point for communication to a destination device is taken into consideration when deciding whether or not to provide the destination device access to the communicated content. The decision of whether or not to provide the destination device access to a communication may involve deciding whether or not to forward the received data to another device, e.g., another access point, for delivery to the destination device and/or may involve deciding whether or not to transmit the data to the destination device. If the destination device is not associated with, e.g., does not have access to and/or authorization to use, the key used to secure the received data, the data is not communicated to the destination device.
    Type: Grant
    Filed: August 16, 2017
    Date of Patent: June 29, 2021
    Assignee: Juniper Networks, Inc.
    Inventors: Randall Frei, Sujai Hajela, Guy Goldstone, Nicolas Dade, Linker Cheng
  • Patent number: 11050564
    Abstract: Disclosed are a robust and reliable edge storage method for the Internet of Things and a system therefor. A data owner server splits and encrypts raw data into an encrypted data segment, sets a trusted data access control policy and sends it to a third-party proxy server, and sends the encrypted data segment and the trusted data access control policy to a processing server; the processing server stores the encrypted data segment based on a totally local reconstruction code scheme, and forwards the request sent by a data requester server to the third-party proxy server; the third-party proxy server determines whether the data requester server that sends the request is trustable according to the trusted data access control policy, if it is trusted, then sends decrypted information to the data requester server through the processing server; the data requester server decrypts the encrypted data segment according to the decrypted information to obtain the raw data.
    Type: Grant
    Filed: September 14, 2020
    Date of Patent: June 29, 2021
    Inventor: Deke Guo
  • Patent number: 11048825
    Abstract: A computer-implemented method includes: in response to a first client device invoking a transaction with respect to a target smart contract, obtaining, by a blockchain node device in a blockchain, encrypted contract codes of the target smart contract; transmitting the encrypted contract codes of the target smart contract to a trusted execution environment; in response to determining that the target smart contract is not a managed smart contract, extracting a decryption key stored in the trusted execution environment, in which the decryption key corresponds to the encrypted contract codes of the target smart contract; decrypting the encrypted contract codes of the target smart contract; executing the decrypted contract codes of the target smart contract in the trusted execution environment; encrypting the execution result; and transmitting the encrypted execution result to the distributed ledgers of the blockchain for storage.
    Type: Grant
    Filed: November 13, 2020
    Date of Patent: June 29, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Changzheng Wei, Ying Yan
  • Patent number: 11050781
    Abstract: Example of secure monitoring of modular applications and associated edge devices are described herein. In an example, an accreditation request is initiated to accredit at least one of a modular application and an edge device hosting the modular application. The edge device may a device coupling an IoT device to a cloud server. Based on initiating, accreditation information corresponding to at least one of the modular application and the edge device may be received. The accreditation information are generated by a hardware encryption device associated with the edge device. Further, an accreditation status of the modular application may be monitored during execution of the modular application to ascertain whether the modular application and the edge device have been tampered. In case tampering is detected, a remedial action to address the tampering may be performed.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: June 29, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Arjmand M. Samuel, Chipalo N. Street, Damon Luke Barry, Eustace Asanghanwa, James W. Osborne
  • Patent number: 11044016
    Abstract: A data transmission method to avoid a channel resource waste where first random data and second random data are generated by a sending device; at least two pieces of reference data are determined; a modulation signal based on the first random data, the second random data, and the at least two pieces of reference data are generated; a component in a first polarization direction and a component in a second polarization direction of a first laser signal by using the modulation signal are modulated by the sending device, to obtain a second laser signal, where the first polarization direction and the second polarization direction are perpendicular to each other, and the second laser signal includes a quantum light and a reference light; and the second laser signal is sent by the sending device.
    Type: Grant
    Filed: December 17, 2019
    Date of Patent: June 22, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Zhengyu Li, Changzheng Su, Liangliang Lu
  • Patent number: 11038671
    Abstract: Authentication is performed on a plurality of links to be used to couple one node of the computing environment and another node of the computing environment. The performing authentication includes obtaining, by the other node from the one node via one link of the plurality of links, an identifier of a shared key maintained by a key server. The other node uses the identifier to obtain the shared key from the key server. An indication that the other node decrypted a message received from the one node using the shared key is sent from the other node via the one link. The sending the indication on one or more other links of the plurality of links is repeated for subsequent messages decrypted by the other node using the shared key previously obtained.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: June 15, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Patent number: 11036876
    Abstract: The disclosed technology provides solutions that enable scalable and secure data retrieval between microservices by using microservice attributes to encrypt container based data stores. A process of the technology can include steps for: instantiating a first microservice and a second microservice in a cloud environment, wherein the first microservice is associated with a first attribute label and the second microservice is associated with a second attribute label, generating a first key based on the first attribute label and a second key based on the second attribute label, associating a first data store with the first microservice, wherein the first data store is encrypted using the first key, and associating a second data store with the second microservice, wherein the second data store is encrypted using the second key. Systems and machine readable media are also provided.
    Type: Grant
    Filed: August 20, 2018
    Date of Patent: June 15, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Maik Guenter Seewald, Robert Edgar Barton, Jerome Henry
  • Patent number: 11030279
    Abstract: Systems and methods for managing provisioning of keys prior to a key rotation are provided. A license server generates a license that is associated with a renewal time. The renewal time is a time that is prior to a key rotation time, and triggers a receiver device to send a renewal request prior to the key rotation time. The renewal time may be a randomized time prior to the key rotation time that differs for different receiver devices. The license is transmitted to the receiver device. The license server then receives a renewal request from the receiver device that is triggered at the renewal time. The license server generates a next license that comprises a next key, whereby the next key is a decryption key for decrypting the encrypted signal after the key rotation time. The next license is transmitted to the receiver device prior to the key rotation time.
    Type: Grant
    Filed: August 28, 2019
    Date of Patent: June 8, 2021
    Assignee: OPENTV, INC.
    Inventors: Debra Hensgen, Charles Stevens
  • Patent number: 11025413
    Abstract: Authentication is performed on a plurality of links coupling one node of the computing environment and another node of the computing environment. The performing authentication includes obtaining by the one node a shared key from a key server coupled to the one node and another node of the computing environment. A message encrypted with the shared key is sent from the one node to the other node via one link of the plurality of links. An indication that the other node decrypted the message using the shared key obtained by the other node is received from the other node via the one link. The sending and the receiving are repeated on one or more other links of the plurality of links using the shared key previously obtained.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: June 1, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette, Peter G. Sutton
  • Patent number: 10997521
    Abstract: A method for operating a quantum-resilient server-cluster is provided. The server-cluster includes a plurality of servers. Each of the servers may be encapsulated in a selectively-quantum-resilient case. The method may include transmitting a first communication from a first server, included in the server-cluster. The first communication may be intercepted at a first selectively-quantum-resilient case. The method may include identifying, at the first selectively-quantum-resilient case, a recipient of the first communication. When the recipient of the first communication is a server included in the server-cluster, the first case verifies the security of the communication via quantum entanglement, and transmits the communication to the recipient in an encrypted manner via quantum tunneling.
    Type: Grant
    Filed: October 23, 2019
    Date of Patent: May 4, 2021
    Assignee: Bank of America Corporation
    Inventors: Maria Carolina Barraza Enciso, Elena Kvochko
  • Patent number: 10999070
    Abstract: Systems and methods for monitoring voice and SMS communication exchanged over a UMTS network is described wherein a technique for quickly testing different Count-C values, until the correct value is ascertained is used. The Count-C parameter consists of a HyperFrame Number (HFN) and the system iteratively attempts to decrypt the packets using a series of candidate HFNs. For each of these candidate HFNs, and for each of the packets, the system produces a candidate Count-C by appending the sequence number (SN). The system then uses the candidate Count-C to calculate a candidate keystream block. Subsequently, the system uses the candidate keystream blocks to decrypt the packets, and then tests whether the packets were correctly decrypted. If the system deems the decryption successful, the system stops iterating through the candidate HFNs, and uses the candidate HFN that correctly decrypted the packets to decrypt subsequent packets in the communication session.
    Type: Grant
    Filed: September 7, 2018
    Date of Patent: May 4, 2021
    Assignee: VERINT SYSTEMS LTD.
    Inventors: Itai Langer, Gil Leibovich
  • Patent number: 10992511
    Abstract: A machine-implemented method of encoding/decoding data is described. The encoding method comprises steps of receiving a message of a given size, the message being represented by a series of units of data, configuring multiple encoding elements (50) in an arrangement having a given frame size, and encoding the message by passing each unit of data through the arrangement so that each unit is processed by at least one of the encoding elements. The frame size of the arrangement is the maximum number of units of data that can pass through the arrangement without any unit of data passing through the arrangement and being processed in the same way as another unit of data.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: April 27, 2021
    Inventor: Thomas Malcolm Flynn
  • Patent number: 10977628
    Abstract: A server in a blockchain distribution network includes a processor and a transceiver operatively coupled to the processor. The transceiver is configured to receive bytes of an encrypted blockchain from a peer node in a peer-to-peer network, where the server is unable to identify a source node that generated the encrypted blockchain based on the received bytes. The transceiver is also configured to propagate the bytes of the encrypted blockchain to one or more additional peer nodes and to one or more additional servers in the blockchain distribution network.
    Type: Grant
    Filed: September 7, 2018
    Date of Patent: April 13, 2021
    Assignee: Northwestern University
    Inventors: Uri Klarman, Aleksandar Kuzmanovic
  • Patent number: 10972271
    Abstract: A secure text having an authentication code is efficiently created. A key generation part 12 generates secure texts ([x], [?], [?]) of “x”, “?” and “?” that are values satisfying x?=?. A secure text generation part 13 generates secure texts [ai] of random values “ai” for i=1, . . . , N. An authentication code generation part 14 generates authentication codes [?(ai)] by multiplying the secure texts [ai] by the secure text [?] for i=1, . . . , N. A verification value generation part 15 generates a secure text [w] of a verification value “w” using the secure texts ([x], [?], [?]), the secure text [ai] and the authentication code [?(ai)]. A verification value determination part 16 determines whether the verification value “w” is equal to zero or not.
    Type: Grant
    Filed: October 11, 2016
    Date of Patent: April 6, 2021
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Koki Hamada, Ryo Kikuchi
  • Patent number: 10972263
    Abstract: A computer node comprising multiple software modules may receive a cryptographic key from a hardware security module. The computer node may use the cryptographic key to produce two key portions, which are distributed to two software modules. These software modules and an optional additional software module may use the key portions in order to encrypt an initial message. The key portions and their locations in memory are periodically updated in order to provide improved cryptographic security.
    Type: Grant
    Filed: August 31, 2017
    Date of Patent: April 6, 2021
    Assignee: Visa International Service Association
    Inventors: Oleg Gryb, Sekhar Nagasundaram
  • Patent number: 10964414
    Abstract: In some embodiments, a device includes a memory and a processor. The memory is operatively coupled to the processor and configured to store encrypted personal data. The processor is configured to receive query and a personal identifier from a user. Based on the query, the processor further identifies and retrieves a portion of the associated encrypted personal data from the memory. Using the personal identifier, the processor produces decrypted personal data by decrypting a portion of the retrieved encrypted personal data. The processor is further configured to analyze the decrypted personal data to identify a result of the query. The result is sent to the user without sending the decrypted personal data.
    Type: Grant
    Filed: February 10, 2017
    Date of Patent: March 30, 2021
    Assignee: GENOSECURITY, LLC
    Inventors: Paul A. Kline, Allan M. Weinstein
  • Patent number: 10958626
    Abstract: Embodiments of the invention are directed to systems, methods and computer program products for end to end encryption on a network without using certificates. The system utilizes a correlation between two quantum particles that are entangled. In this way, data may be encrypted with the particles and transmitted to end users. Since the particles are forced to behave the same way even if they are separated, the data associated with the particles is not able to be breached. In the application encryption processing, that means the particles are not hackable and the encryption is always true and accurate. In this way, verification of application encryption occurs via particle measurement by leveraging the fact that that there is only one sender and one receiver, because they are of the same particle computation or physical end-point, instead of current encryption relying on logical end-points.
    Type: Grant
    Filed: July 25, 2018
    Date of Patent: March 23, 2021
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Joseph Benjamin Castinado, Charles Russell Kendall
  • Patent number: 10951587
    Abstract: A wireless network connection security method is disclosed, including: acquiring a type of a wireless network to which a mobile device is connected; determining that the type of the wireless network is insecure; monitoring an application, the application being installed on the mobile device; determining that the application is to be activated; and in response to the determination that the application is to be activated, establishing a secure communication channel between the mobile device and a first server.
    Type: Grant
    Filed: August 14, 2017
    Date of Patent: March 16, 2021
    Inventors: Zhenlong Guo, Lei Zhao
  • Patent number: 10929823
    Abstract: A system for use in a blockchain distribution network includes a plurality of peer-to-peer nodes and a plurality of central servers in communication with at least a portion of the plurality of peer-to-peer nodes. The plurality of peer-to-peer nodes includes a first peer node and a second peer node and the plurality of central servers includes a first central server. The first peer node includes a first transceiver that is configured to transmit a blockchain to the second peer node. The second peer node includes a second transceiver that is configured to relay the blockchain to the first central server such that the first central server is unable to identify an origin of the blockchain.
    Type: Grant
    Filed: September 7, 2018
    Date of Patent: February 23, 2021
    Assignee: Northwestern University
    Inventors: Uri Klarman, Aleksandar Kuzmanovic
  • Patent number: 10915888
    Abstract: A contactless card can include a plurality of keys for a specific operation, e.g., encryption or signing a communication. The contactless card can also include an applet which uses a key selection module. The key selection module can select one of the plurality of keys and the applet can use the key to, e.g., encrypt or sign a communication using an encryption or signature algorithm. The contactless card can send the encrypted or signed communication to a host computer through a client device. The host computer can repeat the key selection technique of the contactless device to select the same key and thereby decrypt or verify the communication.
    Type: Grant
    Filed: April 30, 2020
    Date of Patent: February 9, 2021
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Jeffrey Rule, Srinivasa Chigurupati, Kevin Osborn
  • Patent number: 10911451
    Abstract: Techniques for securely sealing and unsealing enclave data across platforms are presented. Enclave data from a source enclave hosted on a first computer may be securely sealed to a sealing enclave on a second computer, and may further be securely unsealed for a destination enclave on a third computer. Securely transferring an enclave workload from one computer to another is disclosed.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: February 2, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Manuel Costa
  • Patent number: 10911462
    Abstract: Embodiments disclose a method and a device for controlling access to data in a network service provider system. In the embodiments, when a received access request of accessing data in the network service provider system is a user access instruction, data requested by the user access instruction may be acquired from network service provider-usable data or network service provider-unusable data in the network service provider system, or when a received access request of accessing data in the network service provider system is a non-user access instruction sent by the network service provider system, data requested by the non-user access instruction is acquired from only network service provider-usable data in the network service provider system.
    Type: Grant
    Filed: July 16, 2019
    Date of Patent: February 2, 2021
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Hao Wu
  • Patent number: 10904357
    Abstract: Certain aspects of the present disclosure provide techniques for requesting data in a distributed system. Embodiments include receiving a query from an application running on a client device. Embodiments further include generating a plurality of subqueries based on the query, each subquery corresponding to an entity of the plurality of entities that is requested in the query. Embodiments further include determining that a group of subqueries of the plurality of subqueries corresponds to particular entities that are provided by particular providers of the plurality of providers that are included within a single service. Embodiments further include sending a batch request to the single service, the batch request comprising the group of subqueries. Embodiments further include receiving the particular entities from the single service in response to the batch request and providing the particular entities to the application in response to the query.
    Type: Grant
    Filed: March 16, 2018
    Date of Patent: January 26, 2021
    Assignee: INTUIT INC.
    Inventors: Elharith Elrufaie, Xuan Zhou
  • Patent number: 10887310
    Abstract: In a network system (100) for wireless communication an enrollee (110) accesses the network via a configurator (130). The enrollee acquires a data pattern (140) that represents a network public key via an out-of-band channel by a sensor (113). The enrollee derives a first shared key based on the network public key and the first enrollee private key, and encodes a second enrollee public key using the first shared key, and generates a network access request. The configurator also derives the first shared key, and verifies whether the encoded second enrollee public key was encoded by the first shared key, and, if so, generates security data and cryptographically protects data using a second shared key, and generates a network access message. The enrollee processor also derives the second shared key and verifies whether the data was cryptographically protected and, if so, engages the secure communication based on the second enrollee private key and the security data.
    Type: Grant
    Filed: December 8, 2016
    Date of Patent: January 5, 2021
    Assignee: Koninklijke Philips N.V.
    Inventor: Johannes Arnoldus Cornelis Bernsen
  • Patent number: 10887295
    Abstract: It is possible to reduce singling overhead in a radio access network by coordinating authentication of a group of UEs (e.g., IoT devices, etc.) via a master device. In particular, the master device may aggregate UE identifiers (UE_IDs) for UEs in the group, and send an identity message carrying the UE_IDs and a master device identifier (MD_ID) to a base station, which may then relay the identity message to a Security Anchor Node (SeAN). The SeAN may send an authentication data request carrying the UE_IDs and MD_ID to a Home Subscriber Server (HSS), which may return an authentication data response that includes a group authentication information. The group authentication information may then be used to achieve mutual authentication between the SeAN and each of the master device, group of UEs, and individual UEs.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: January 5, 2021
    Assignee: Futurewei Technologies, Inc.
    Inventors: Ahmad Shawky Muhanna, Xiang Xie
  • Patent number: 10880738
    Abstract: In one embodiment, a system for generating an access stratum key comprises: a first network-side device that has access to a core network (CN) and is communicably coupled to a user equipment device (UE) through a first air interface, and a second network-side device that has access to the CN through the first network-side device and is communicably coupled to the UE through a second air interface. The first network-side device is configured to calculate an access stratum root key of the second network-side device according to an access stratum root key of the first network-side device and an input parameter; and send the access stratum root key of the second network-side device to the second network-side device. The second network-side device is configured to receive the access stratum root key of the second network-side device from the first network-side device; and generate an access stratum key according to the access stratum root key of the second network-side device.
    Type: Grant
    Filed: May 30, 2019
    Date of Patent: December 29, 2020
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Dongmei Zhang, Jing Chen, Yang Cui
  • Patent number: 10866144
    Abstract: A branch circuit thermal monitoring system comprises a housing and an electrical power distribution sub-system. The housing includes a plurality of thermal modules each connected with a thermal sensor assembly of a plurality of thermal sensor assemblies. The housing further includes a module rack wherein each of the thermal modules is installed on the module rack. The housing further includes a main controller configured to communicate with the thermal modules. The thermal modules are configured for individually monitoring corresponding identified connection points of interest with the attached thermal sensor assemblies such that the thermal modules and the thermal sensor assemblies provide continuous temperature monitoring of the corresponding identified connection points of interest. The thermal sensor assembly is configured to be directly applied to a connection point of interest thus avoiding any additional mounting assembly. The electrical power distribution sub-system is coupled to the thermal modules.
    Type: Grant
    Filed: August 24, 2018
    Date of Patent: December 15, 2020
    Assignee: SIEMENS INDUSTRY, INC.
    Inventors: Amit Nayak, Matthew Leidy
  • Patent number: 10855454
    Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication. An example method includes receiving, by decoding circuitry and over a quantum line, a set of qbits generated based on a first set of quantum bases. The example method further includes decoding, by the decoding circuitry and based on a second set of quantum bases, the set of qbits to generate a decoded set of bits comprising at least one wildcard bit. The example method further includes generating, by session authentication circuitry, a session key based on the decoded set of bits, wherein the session key is generated based at least in part on the at least one wildcard bit.
    Type: Grant
    Filed: August 20, 2018
    Date of Patent: December 1, 2020
    Assignee: WELLS FARGO BANK, N.A.
    Inventor: Masoud Vakili
  • Patent number: 10839107
    Abstract: A computer-implemented method includes: in response to a first client device invoking a transaction with respect to a target smart contract, obtaining, by a blockchain node device in a blockchain, encrypted contract codes of the target smart contract; transmitting the encrypted contract codes of the target smart contract to a trusted execution environment; in response to determining that the target smart contract is not a managed smart contract, extracting a decryption key stored in the trusted execution environment, in which the decryption key corresponds to the encrypted contract codes of the target smart contract; decrypting the encrypted contract codes of the target smart contract; executing the decrypted contract codes of the target smart contract in the trusted execution environment; encrypting the execution result; and transmitting the encrypted execution result to the distributed ledgers of the blockchain for storage.
    Type: Grant
    Filed: January 30, 2020
    Date of Patent: November 17, 2020
    Assignee: ADVANCED NEW TECHNOLOGIES CO., LTD.
    Inventors: Changzheng Wei, Ying Yan
  • Patent number: 10841078
    Abstract: Encryption key block generation with barrier descriptors is provided. In some embodiments, a descriptor is read. The descriptor includes a list of revoked devices and a list of boundaries between devices. A plurality of subset differences is generated. The plurality of subset-differences covers a plurality of devices. None of the plurality of devices appears in the list of revoked devices. None of the plurality of subset differences spans any of the boundaries. Encrypted information is generated based on the subset differences.
    Type: Grant
    Filed: July 26, 2018
    Date of Patent: November 17, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: John B. Geagan, Dulce B. Ponceleon
  • Patent number: 10826907
    Abstract: A method includes receiving, at an access point, an access request from a first device after an expiration of a first passcode. The access request is encrypted based on the first passcode. The method includes making a determination by the access point before an expiration of a usage time of a first passcode usage list that an identifier of the first device is included in the first passcode usage list. The method also includes, in response to making the determination, generating, at the access point, data representing a second passcode by encrypting the second passcode using the first passcode; and sending the data representing the second passcode from the access point to the first device.
    Type: Grant
    Filed: April 25, 2019
    Date of Patent: November 3, 2020
    Assignees: AT&T INTELLECTUAL PROPERTY I, L.P., AT&T MOBILITY II LLC
    Inventors: Sheldon Kent Meredith, William Cottrill, Brandon B. Hilliard
  • Patent number: 10803864
    Abstract: A system and method for voice control of a media playback device is disclosed. The method includes receiving an instruction of a voice command, converting the voice command to text, transmitting the text command to the playback device, and having the playback device execute the command. An instruction may include a command to play a set of audio tracks, and the media playback device plays the set of audio tracks upon receiving the instruction.
    Type: Grant
    Filed: May 7, 2018
    Date of Patent: October 13, 2020
    Assignee: SPOTIFY AB
    Inventors: Daniel Bromand, Richard Mitic, Horia Jurcut, Jennifer Thom-Santelli, Henriette Cramer, Karl Humphreys, Robert Williams, Kurt Jacobson, Henrik Lindström
  • Patent number: 10791093
    Abstract: Implementations provide for extending an authentication protocol to dynamically create a per user end to end encryption over a multi-hop path for data traffic, which provides an automatic triggering of authentication on each hop of a path when a client joins the network. A device includes a processor that is configured to, in response to receipt of a request for authentication from an end device, perform an authentication protocol to authenticate with an authentication server via an authenticator device. When the authentication protocol is successfully performed, the processor is configured to receive a message indicating that the device was successfully authenticated by the authentication server. The processor is configured to create a pairwise master key (PMK) from the parameters, and derive a pairwise temporary key (PTK) from a key derivation function seeded by the PMK. The processor is configured to encrypt, using the PTK, a message from the end device.
    Type: Grant
    Filed: May 1, 2017
    Date of Patent: September 29, 2020
    Assignee: AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITED
    Inventor: Philippe Klein
  • Patent number: 10764059
    Abstract: Various examples are directed to systems and methods for communications security. For example, a computing device may generate a connection between the computing device and a client device. A first application executing at the computing device may send a first application session key to the client device via the connection. The first application may perform a cryptographic operation on a first message based at least in part on the first application session key to generate a first cryptographic result and send the first cryptographic result to the client device via the connection. The first application may receive a second cryptographic result from the client device via the connection and determine that the second cryptographic result was obtained with the first application session key.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: September 1, 2020
    Assignee: Intel Corporation
    Inventors: Brian J. Hernacki, Sumanth Naropanth, Chandra Prakash Gopalaiah
  • Patent number: 10764039
    Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically generate and manage a distribution of asymmetric cryptographic keys using distributed ledgers. For example, an apparatus may extract, from a hierarchical data structure, an index value associated with a corresponding element of permissioning data. The apparatus may also extract, from a first element of a distributed ledger, cryptographic data that includes a first public cryptographic key associated with the hierarchical data structure. The apparatus may generate a second public cryptographic key based on the first public cryptographic key and the extracted index value, and encrypt information using the second public cryptographic key. The encrypted information may be associated with the corresponding element of permissioning data, and the second public cryptographic key may be discarded in response to the encryption of the information.
    Type: Grant
    Filed: August 1, 2018
    Date of Patent: September 1, 2020
    Assignee: The Toronto-Dominion Bank
    Inventors: Alexey Shpurov, Helena Litani
  • Patent number: 10764349
    Abstract: A method includes initiating, by an agent application of an access point, a communication connection to a self-organizing network controller via a particular communication path to the self-organizing network controller. The particular communication path is identified in a prioritized set of communication paths to the self-organizing network controller. The method includes receiving, at the access point, control data from the self-organizing network controller via the particular communication path. The control data includes an instruction for a station, the station in communication with the access point via a wireless local area network supported by the access point. The method also includes sending the instruction to the station from the access point via the wireless local area network. The instruction is executable by the station to cause the station to modify a data transmission rate of the station.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: September 1, 2020
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Mostafa Tofighbakhsh, David R. Wolter
  • Patent number: 10742394
    Abstract: Methods, system and devices are provided that generate a sequence of sub-keys for cryptographic operations from a main key. The main key is operated on only once to generate the sub-keys of the sequence, with a transformation comprising one or more one-way functions. The respective bit values of the sub-keys of the sequence are set using respective bit values of the one or more one-way functions. Advantageously, deriving sub-key bits from respective output bits of one or more one-way functions removes or at least reduces correlations between the main key and the sub-keys, as well as between sub-keys, making it harder or even impossible to recover the main key or other sub-keys from a single sub-key, for example as found using a side-channel attack.
    Type: Grant
    Filed: November 2, 2016
    Date of Patent: August 11, 2020
    Assignee: NAGRAVISION S.A.
    Inventors: Karine Villegas, Brecht Wyseur
  • Patent number: 10735384
    Abstract: Techniques for key ratcheting with multiple step sizes are described. For example, an apparatus may be configured to receive two or more encrypted messages, where the encrypted messages are encrypted according to a multi-dimensional ratcheting encryption scheme. Moreover, the apparatus may be configured to determine which of the encrypted messages was most-recently received and extract a message iteration count from the most-recent encrypted message, generate a decrypted message by decrypting the encrypted message based on a decryption key, decompose the message iteration count into a plurality of message chain key iteration counts, and determine the decryption key based on the plurality of message chain key iteration counts.
    Type: Grant
    Filed: July 14, 2017
    Date of Patent: August 4, 2020
    Assignee: WHATSAPP INC.
    Inventors: Derek Alan Konigsberg, George Nachman, Chun Wing Yuen, Ehren Andrew Kret
  • Patent number: 10733138
    Abstract: The present invention provides an integrated system-on-chip device. The device is configured on a single silicon substrate member. The device has a data input/output interface provided on the substrate member. The device has an input/output block provided on the substrate member and coupled to the data input/output interface. The device has a signal processing block provided on the substrate member and coupled to the input/output block. The device has a driver module provided on the substrate member and coupled to the signal processing block. The device further includes a driver interface and coupled to the driver module and configured to be coupled to a silicon photonics device. In an example, a control block is configured to receive and send instruction(s) in a digital format to the communication block and is configured to receive and send signals in an analog format to communicate with the silicon photonics device.
    Type: Grant
    Filed: November 20, 2018
    Date of Patent: August 4, 2020
    Assignee: INPHI CORPORATION
    Inventor: Radhakrishnan L. Nagarajan