Key Distribution Patents (Class 380/278)
  • Patent number: 10742394
    Abstract: Methods, system and devices are provided that generate a sequence of sub-keys for cryptographic operations from a main key. The main key is operated on only once to generate the sub-keys of the sequence, with a transformation comprising one or more one-way functions. The respective bit values of the sub-keys of the sequence are set using respective bit values of the one or more one-way functions. Advantageously, deriving sub-key bits from respective output bits of one or more one-way functions removes or at least reduces correlations between the main key and the sub-keys, as well as between sub-keys, making it harder or even impossible to recover the main key or other sub-keys from a single sub-key, for example as found using a side-channel attack.
    Type: Grant
    Filed: November 2, 2016
    Date of Patent: August 11, 2020
    Assignee: NAGRAVISION S.A.
    Inventors: Karine Villegas, Brecht Wyseur
  • Patent number: 10733138
    Abstract: The present invention provides an integrated system-on-chip device. The device is configured on a single silicon substrate member. The device has a data input/output interface provided on the substrate member. The device has an input/output block provided on the substrate member and coupled to the data input/output interface. The device has a signal processing block provided on the substrate member and coupled to the input/output block. The device has a driver module provided on the substrate member and coupled to the signal processing block. The device further includes a driver interface and coupled to the driver module and configured to be coupled to a silicon photonics device. In an example, a control block is configured to receive and send instruction(s) in a digital format to the communication block and is configured to receive and send signals in an analog format to communicate with the silicon photonics device.
    Type: Grant
    Filed: November 20, 2018
    Date of Patent: August 4, 2020
    Assignee: INPHI CORPORATION
    Inventor: Radhakrishnan L. Nagarajan
  • Patent number: 10735384
    Abstract: Techniques for key ratcheting with multiple step sizes are described. For example, an apparatus may be configured to receive two or more encrypted messages, where the encrypted messages are encrypted according to a multi-dimensional ratcheting encryption scheme. Moreover, the apparatus may be configured to determine which of the encrypted messages was most-recently received and extract a message iteration count from the most-recent encrypted message, generate a decrypted message by decrypting the encrypted message based on a decryption key, decompose the message iteration count into a plurality of message chain key iteration counts, and determine the decryption key based on the plurality of message chain key iteration counts.
    Type: Grant
    Filed: July 14, 2017
    Date of Patent: August 4, 2020
    Assignee: WHATSAPP INC.
    Inventors: Derek Alan Konigsberg, George Nachman, Chun Wing Yuen, Ehren Andrew Kret
  • Patent number: 10721081
    Abstract: An authentication method is performed between a first party and a second party. The method includes: i) determining a challenge; ii) sending the challenge to the second party; receiving a response from the second party including a second cryptogram; computing a first cryptogram using the challenge and the key of the first party; determining if the first cryptogram matches the second cryptogram received from the second party. If the first cryptogram does not match the second cryptogram, the method further includes performing a computation using the first cryptogram and the second cryptogram; and comparing a result of the computation with a stored set of results to recover a first data element carried by the second cryptogram.
    Type: Grant
    Filed: June 28, 2016
    Date of Patent: July 21, 2020
    Assignee: IDEMIA FRANCE
    Inventors: Emmanuelle Dottax, Francis Chamberot, Bruno Climen
  • Patent number: 10719828
    Abstract: A method of encrypting a passcode is disclosed. In one embodiment, the method includes: receiving an indication of a portion of the passcode; calculating a plaintext value based at least in part on the indication, wherein the plaintext value represents an encoded portion of the passcode; encrypting the plaintext value into ciphertext using a homomorphic encryption system; and updating a cumulative encryption string by executing a cumulative operation to aggregate the ciphertext corresponding to the encoded portion into the cumulative encryption string computed for a previous portion of the passcode, wherein the cumulative operation is dictated by a homomorphic property of the homomorphic encryption system.
    Type: Grant
    Filed: March 13, 2014
    Date of Patent: July 21, 2020
    Assignee: SQUARE, INC.
    Inventors: Oliver S. C. Quigley, Jason Douglas Waddle, Benjamin Michael Adida, Max Joseph Guise
  • Patent number: 10721080
    Abstract: The present invention provides for streamlined issuance of certificates and other tokens that are contingent on key attestation of keys from a trusted platform module within a computing platform. Various methods are described for wrapping the requested token in a secret, such as an AES key, that is encrypted to a TPM based key in a key challenge. If the requesting platform fails the key challenge, the encrypted certificate or token cannot be decrypted. If requesting platform passes the challenge, the encrypted certificate or token can be decrypted using the AES key recovered from the key challenge.
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: July 21, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Christopher Edward Fenner, Peter David Waxman, Gabriel Fortunato Stocco, Kam Kouladjie, Cristian Stefan Salvan, Prabu Raju, Himanshu Soni, Gridhar Viswanathan
  • Patent number: 10721059
    Abstract: Disclosed are an apparatus and method for data encryption and an apparatus and method for data decryption. The data encryption apparatus includes a key exchanger configured to generate a session key using a key exchange protocol, a cipher key generator configured to generate at least one of a cipher key and a key table from the session key, and an encryptor configured to encrypt data with the at least one of the cipher key and the key table generated from the session key.
    Type: Grant
    Filed: May 26, 2017
    Date of Patent: July 21, 2020
    Assignee: SAMSUNG SDS CO., LTD.
    Inventors: Kyu-Young Choi, Ji-Hoon Cho, Duk-Jae Moon
  • Patent number: 10715319
    Abstract: A method for performing spacetime-constrained oblivious transfer between a party A and a party B. The method includes imposing relativistic signaling constraints on a cryptographic task of one out-of-m oblivious transfer involving parties A and B. The method further includes using quantum systems for the one-out of-m oblivious transfer. The method guarantees unconditional security of the spacetime-constrained oblivious transfer, based on the imposed relativistic signaling constraints and based on using quantum systems for the one-out of-m oblivious transfer.
    Type: Grant
    Filed: December 15, 2017
    Date of Patent: July 14, 2020
    Assignee: UNIVERSITE PARIS DIDEROT
    Inventor: Damián Pitalúa García
  • Patent number: 10706380
    Abstract: Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for obtaining authorization for a plurality of split shipments associated with a single order. In particular, embodiments of the present invention allow a merchant to submit a separate split shipment authorization request for each of the plurality of split shipments. The split shipments authorization requests are linked to the original order using verifiable linking data. The linking data may be extracted from a previous (e.g., initial) split shipment authorization request and/or a previous (e.g., initial) split shipment authorization request. The linking data may be validated by an authorizing entity (e.g., a payment processing network computer or an issuer computer) to ensure validity of a split shipment authorization request. Additionally, the split shipment authorization requests may be validated using one or more predefined split shipment rules.
    Type: Grant
    Filed: May 8, 2015
    Date of Patent: July 7, 2020
    Assignee: Visa International Service Association
    Inventors: John Sheets, Glen Powell
  • Patent number: 10691812
    Abstract: A method for securing data in a storage grid is provided. The method includes generating a storage key from key shares of at least two storage clusters of a storage grid having at least three storage clusters and generating a grid key from the storage key and an external secret. The method includes encrypting data with the grid key to yield once encrypted data and encrypting the once encrypted data with the storage key to yield twice encrypted data. The method includes storing the twice encrypted data in a first storage cluster of the storage grid and storing the twice encrypted data in a second storage cluster of the storage grid, wherein at least one method operation is performed by a processor.
    Type: Grant
    Filed: November 3, 2017
    Date of Patent: June 23, 2020
    Assignee: Pure Storage, Inc.
    Inventors: Par Botes, John Hayes, Ethan Miller
  • Patent number: 10686594
    Abstract: A system for secure retrieval of stored data includes an encrypted key database and a processor. The encrypted key database is configured to store an encrypted tenant service key and an encrypted tenant master key. The processor is configured to request decryption of the encrypted tenant master key into an unencrypted tenant master key. The decryption of the encrypted master key is approved by a key release system. The processor is further configured to decrypt the encrypted tenant service key using the unencrypted tenant master key into an unencrypted tenant service key and authorize a response to a request using the unencrypted tenant service key.
    Type: Grant
    Filed: November 15, 2018
    Date of Patent: June 16, 2020
    Assignee: Workday, Inc.
    Inventors: Bjorn Hamel, Jonathan David Ruggiero
  • Patent number: 10686593
    Abstract: A system for secure storage of data includes a key database and a processor. The processor is configured to receive a request associated with securely storing data and encrypt the tenant service key using a tenant master key. The data is encrypted using the tenant service key. The processor is further configured to encrypt the tenant master key using a customer key and store encrypted tenant service key and encrypted tenant master key in the key database.
    Type: Grant
    Filed: October 24, 2018
    Date of Patent: June 16, 2020
    Assignee: Workday, Inc.
    Inventors: Bjorn Hamel, Jonathan David Ruggiero
  • Patent number: 10673624
    Abstract: A communication control device includes a receiving unit, a generating unit, and an output unit. The receiving unit receives input of a binary tree in which each leaf node has an index and a node key assigned thereto, and receives input of node IDs that, from among the leaf nodes, enable identification of the leaf nodes belonging to a group. The generating unit generates, using the node key assigned to the root node of each partial tree of the binary tree which includes only the leaf nodes identified by the node IDs, a cipher text by encrypting a group key shared in the group, and generates set information containing the generated cipher text. The output unit outputs the set information at least to the communication devices that are associated to the leaf nodes belonging to the group.
    Type: Grant
    Filed: February 27, 2017
    Date of Patent: June 2, 2020
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Yoshihiro Oba, Yoshikazu Hanatani
  • Patent number: 10673713
    Abstract: A communication control device includes an extracting unit and an output unit. The extracting unit extracts, from a media key block containing a plurality of elements, partial information that contains elements which can be processed by a communication device having a device ID thereof identified in identification information for identifying one or more device IDs. The output unit outputs a group ID for identifying a group, the identification information, and the partial information, to a plurality of the communication devices that include all of the communication devices belonging to the group.
    Type: Grant
    Filed: March 10, 2015
    Date of Patent: June 2, 2020
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Yoshikazu Hanatani, Toru Kambayashi, Fangming Zhao, Yoshihiro Oba
  • Patent number: 10674189
    Abstract: Aspects of the subject disclosure may include, for example, embodiments can include initiating a voice call to a communication device utilized by a subscriber of a media content service. The voice call indicates a video trailer for media content is available for viewing by the subscriber. Further embodiments can include receiving a first request to present the video trailer for the media content in response to the voice call. Additional embodiments can include providing the video trailer to the communication device. Other embodiments are disclosed.
    Type: Grant
    Filed: June 22, 2017
    Date of Patent: June 2, 2020
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: Vignesh Gurunatha Dhandapani
  • Patent number: 10666433
    Abstract: A quantum cryptography apparatus and system includes a photon emitter, a photon receiver, a first photodetector, a second photodetector, a first polarization optic, and a second polarization optic. The photon emitter is configured to emit a photon at a wavelength, wherein the photon emitter is coupled to the photon receiver by at least one quantum channel. The photon receiver includes the first polarization optic configured to output a polarization state of the emitted photon. The first photodetector is configured to detect the photon emitted from the output of the first polarization optic. The second photodetector is configured to detect a backflash from the first photodetector. The second polarization optic is between the first photodetector and the second photodetector. The quantum cryptography apparatus may be a quantum key distribution system for characterizing backflashes.
    Type: Grant
    Filed: September 12, 2017
    Date of Patent: May 26, 2020
    Assignee: The MITRE Corporation
    Inventors: Daniel Stack, Stephen Pappas, Brandon Rodenburg, Colin Lualdi
  • Patent number: 10657505
    Abstract: A dual mode payment interface device has a touch display and alternatively operates in a first mode and a second mode. The first mode provides access to a merchant system interface (MSI) on the touch display and provides access to a customer system interface (CSI) on the touch display. The second mode provides access to a CSI on the touch display and does not provide access to the MSI on the touch display. The system also includes a merchant display device having a second touch display. The merchant display device provides access to the MSI on the second touch display. The system also includes a wire that provides a communicative connection between the dual mode payment interface device and the merchant display device. The second mode is enabled by the communicative connection.
    Type: Grant
    Filed: July 26, 2018
    Date of Patent: May 19, 2020
    Assignee: Clover Network, Inc.
    Inventors: Jacob Whitaker Abrams, Nagalakshmi Rajagopal
  • Patent number: 10652010
    Abstract: A fully homomorphic encrypted ciphertext query method, the method including: acquiring a first plaintext, encrypting the first plaintext using a symmetric-key algorithm or a public-key algorithm to yield a first ciphertext, and storing the first ciphertext as a queried object; receiving a second plaintext which corresponds to a query condition, encrypting the second plaintext using a symmetric-key algorithm or a public-key algorithm to yield a second ciphertext, and storing the second ciphertext as a query object; performing bitwise summation on the queried object and the query object, to acquire a ciphertext query result; and decrypting the ciphertext query result to yield a decrypted plaintext, and comparing the decrypted plaintext with the second plaintext, determining, if the decrypted plaintext is the same as the second plaintext, the ciphertext query result is correct, and the query object exists in the queried object; otherwise, determining the ciphertext query result is incorrect.
    Type: Grant
    Filed: September 3, 2018
    Date of Patent: May 12, 2020
    Assignees: SHENZHEN FHE TECHNOLOGIES CO., LTD, HEPING HU
    Inventors: Heping Hu, Wei Hu
  • Patent number: 10645066
    Abstract: A computerized process is described for transferring content from a first entity to a second entity including first transferring separately and via a database entity for each content: a content identifier, content rights, a content encryption key, a content initialization vector, a content encryption count, and a first entity identifier. Included with the transferred content is a transfer identifier, which is encrypted. After transferred content is received by the second entity, the transfer identifier is used to retrieve the content rights, content encryption key, content encryption initialization vector, content encryption count, and first entity identifier from the database entity. After receiving the content, both actions taken on the content and disposition of the content at the second entity are controlled according to the content rights by the first entity and the status of the content is reported to the first entity via a database entity.
    Type: Grant
    Filed: November 17, 2017
    Date of Patent: May 5, 2020
    Inventor: Alan Earl Swahn
  • Patent number: 10637660
    Abstract: Disclosed herein are a quantum cryptography-based cryptographic communication system and an authentication, payment and transaction system via a relay device between a communication device and a server. A relay device for quantum cryptography authentication includes an optical receiver unit, an optical transmission unit, and a processor. The processor includes a quantum signal control unit, a user authentication unit, and a random number generation unit. The optical receiver unit receives a series of second quantum signals generated in such a manner that a series of first quantum signals generated by a first quantum filter and sent from a communication device pass through the second quantum filter of the relay device or a reception side, and the optical transmission unit transfers the series of second quantum signals to a server.
    Type: Grant
    Filed: July 20, 2017
    Date of Patent: April 28, 2020
    Assignee: University of Seoul Industry Cooperation Foundation
    Inventor: Do Yeol Ahn
  • Patent number: 10630866
    Abstract: An electronic device includes an imager and one or more processors operable with the imager. The imager captures at least one image of a plurality of persons. The one or more processors blur depictions of one or more persons of the plurality of persons until a reveal permission instruction is detected.
    Type: Grant
    Filed: January 28, 2018
    Date of Patent: April 21, 2020
    Assignee: Motorola Mobility LLC
    Inventors: Rachid Alameh, Amitkumar Balar, James Wylder, Jarrett Simerson, Thomas Merrell
  • Patent number: 10616941
    Abstract: A method, an electronic apparatus, and a recording medium for establishing a wireless connection through vibration are provided. In the method, at least one nearby electronic apparatus is scanned by the first electronic apparatus. A pairing request is transmitted to the second electronic apparatus among the at least one nearby electronic apparatus by the first electronic apparatus. A pairing code is generated in response to receiving the pairing request and a vibration with a pattern in accordance with the pairing code is triggered by the second electronic apparatus. The vibration is detected and the pattern of the vibration is identified to obtain the pairing code by the first electronic apparatus. The obtained pairing code is transmitted to the second electronic apparatus by the first electronic apparatus. Finally, the pairing code is confirmed by the second electronic apparatus to establish the wireless connection with the first electronic apparatus.
    Type: Grant
    Filed: November 3, 2017
    Date of Patent: April 7, 2020
    Assignee: HTC Corporation
    Inventors: Chi-Chen Cheng, Darren Sng
  • Patent number: 10609283
    Abstract: Systems, apparatuses and methods may provide for technology that transmits and processes panoramic video images in wireless display devices. Multiple video streams may be captured by one or more video cameras and transmitted from a transmitter to the receiver, and each of the video streams may be tagged with an identifier. The identifiers may be used by the receiver to determine an order in which the panoramic video images will be processed and stitched by the receiver, and rendered on a display device.
    Type: Grant
    Filed: April 1, 2017
    Date of Patent: March 31, 2020
    Assignee: Intel Corporation
    Inventors: Karthik Veeramani, Rajneesh Chowdhury
  • Patent number: 10594481
    Abstract: Disclosed aspects relate to local encryption of a set of replicated data in a shared pool of configurable computing resources which has a set of member nodes. A first local encryption key for the first node of the set of member nodes may be determined. The first local encryption key for the first node of the set of member nodes may be generated. A second local encryption key for the second node of the set of member nodes may be determined. The second local encryption key may differ from the first local encryption key. The second local encryption key for the second node of the set of member nodes may be generated. A temporary key for utilization by both the first and second nodes may be generated. The set of replicated data may be updated using the first local encryption key, the temporary key, and the second local encryption key.
    Type: Grant
    Filed: February 21, 2017
    Date of Patent: March 17, 2020
    Assignee: International Business Machines Corporation
    Inventors: Aaron T. Albertson, Robert Miller, Brian A. Nordland, Kiswanto Thayib
  • Patent number: 10572329
    Abstract: Methods and system described herein are directed to identifying anomalous behaving components of a distributed computing system. Methods and system collect log messages generated by a set of event log source running in the distributed computing system within an observation time window. Frequencies of various types of event messages generated within the observation time window are determined for each of the log sources. A similarity value is calculated for each pair of event sources. The similarity values are used to identify similar clusters of event sources of the distributed computing system for various management purposes. Components of the distributed computing system that are used to host the event source outliers may be identified as potentially having problems or may be an indication of future problems.
    Type: Grant
    Filed: December 12, 2016
    Date of Patent: February 25, 2020
    Assignee: VMware, Inc.
    Inventors: Ashot Nshan Harutyunyan, Nicholas Kushmerick, Arnak Poghosyan, Naira Movses Grigoryan, Vardan Movsisyan
  • Patent number: 10574454
    Abstract: Periodically re-encrypting user data stored on a storage device, including: detecting that a data encryption key should be decommissioned; and for user data stored on the storage device that is encrypted with the data encryption key: reading the user data that is encrypted with the data encryption key from the storage device; re-encrypting the user data utilizing a current data encryption key; and writing the user data that is encrypted utilizing the current data encryption key to the storage device.
    Type: Grant
    Filed: January 10, 2017
    Date of Patent: February 25, 2020
    Assignee: Pure Storage, Inc.
    Inventors: Andrew Bernat, Ethan Miller
  • Patent number: 10565381
    Abstract: A method and apparatus for performing firmware programming on a microcontroller chip and the associated microcontroller chip are provided.
    Type: Grant
    Filed: June 19, 2018
    Date of Patent: February 18, 2020
    Assignee: Faraday Technology Corp.
    Inventors: Chun-Yuan Lai, Chen-Chun Huang
  • Patent number: 10560440
    Abstract: Embodiments described herein relate to obtaining a public key for an application of a communication device, including, but not limited to, receiving a request from the communication device to obtain the public key, evaluating the request based on at least one policy, requesting the public key from a public key infrastructure (PKI) in response to determining that the request is authorized, receiving the public key from the PKI, and sending the public key to the communication device.
    Type: Grant
    Filed: March 10, 2016
    Date of Patent: February 11, 2020
    Assignee: FORNETIX LLC
    Inventors: Charles White, Stephen Edwards
  • Patent number: 10554419
    Abstract: A method for a re-issuance of an attribute-based credential of an issuer of the attribute-based credential for a user may be provided. The user is holding backup values derived from a first credential previously obtained from the issuer, wherein the first credential is built using at least a first value of at least one authentication pair. The method comprises receiving by the issuer from the user a set of values derived from the backup values comprising a second value of the at least one authentication pair, validating by the issuer that the second value is a valid authentication answer with respect to the first value and whether the set of values was derived from a valid first credential, and providing by the issuer a second credential to the user based on the first set of values.
    Type: Grant
    Filed: July 17, 2017
    Date of Patent: February 4, 2020
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Stephan Krenn, Anja Lehmann, Gregory Neven
  • Patent number: 10541983
    Abstract: Systems and techniques are disclosed for secure storage and searching of information on insecure search systems. One of the methods is implemented by a system of one or more computers being in communication with clients and search engines. A request associated with storage of client information in a search engine is obtained. First cryptographic information is generated based on a portion of the client information, such that the first cryptographic is to be utilized for indexing by the search engine. Second cryptographic information is generated based on performing an order-preserving encryption process on portion of the client information, such that the second cryptographic information is to be utilized to recover order associated with information included in the portion. The first cryptographic information and the second cryptographic information are provided for storage in the search system.
    Type: Grant
    Filed: July 19, 2017
    Date of Patent: January 21, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Afshin Khashei Varnamkhasti, Bogdan Ciprian Pistol
  • Patent number: 10528375
    Abstract: Example methods are provided for a host to maintain security system information in a virtualized computing environment, in which the host supporting a security system to secure a source virtualized computing instance. The method may include, based on an operation associated with the source virtualized computing instance, determining to maintain security system information associated with the security system. The method may further include obtaining the security system information that includes first information from the source virtualized computing instance, or second information from a source security virtualized computing instance, or both. The source virtualized computing instance may implement a first component of the security system and the source security virtualized computing instance a second component of the security system.
    Type: Grant
    Filed: October 21, 2016
    Date of Patent: January 7, 2020
    Assignee: NICIRA, INC.
    Inventors: Patil Rayanagouda, Vasantha Kumar, Anil Kumar, Hrishikesh Ghatnekar
  • Patent number: 10521602
    Abstract: Provided are a system and method of encrypting a folder in a device. The device for controlling access to the folder includes a communication part configured to transmit, to a server, an encryption key generation request with respect to the folder, and receive, from the server, an encryption key associated with the folder that is generated in response to the encryption key generation request, wherein the encryption key generation request includes an identification of the folder and authentication data of a user who accesses the folder is an authorized user; and a controller configured to authenticate the user by using the encryption key.
    Type: Grant
    Filed: October 17, 2017
    Date of Patent: December 31, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventor: Jung-kyuen Lee
  • Patent number: 10523430
    Abstract: An information processing method, includes calculating, using a first station, an estimated ratio of a quantity of pulses affected by a photon-number splitting (PNS) attack including a multi-photon in the pulses to a total quantity of the pulses, performing, using the first station, error correction processing on key information based on the estimated ratio to obtain a shared key of the first station and a second station when the estimated ratio is less than a preset threshold. Hence, a degree to which the photon is affected by the PNS attack can be estimated in order to perform error correction on the key information, thereby improving security of a key distribution.
    Type: Grant
    Filed: April 24, 2019
    Date of Patent: December 31, 2019
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Wei Geng, Chen-Xiong Zhang
  • Patent number: 10511587
    Abstract: Provided is a method for an authorized issuing of an authentication token for a device, including requesting an authentication token for the device by sending a request message and at least one authentication parameter to an authorization apparatus, verifying authenticity of the request message using the authentication parameter, verifying authorization for the request by comparing information on the device obtained with the request message in the authorization apparatus with context information for the device stored in a database, and on success of the verification of the authenticity and of the authorization, authorizing the issuing of the requested authentication token.
    Type: Grant
    Filed: May 18, 2016
    Date of Patent: December 17, 2019
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Hendrik Brockhaus, Steffen Fries, Michael Munzert, David Von Oheimb
  • Patent number: 10505724
    Abstract: The present application discloses an authentication method used in a QKD process, and further discloses additional authentication methods and corresponding apparatuses, as well as an authentication system. The method comprises: selecting, by a transmitter according to a basis selection rule, a basis of preparation for transmitter authentication information that is generated with a first pre-provisioned algorithm and varies dynamically, and transmitting quantum states containing key information and the transmitter authentication information; and measuring, by a receiver, quantum states of the transmitter authentication information according to the basis selection rule, and ending the QKD process if a measurement result is inconsistent with corresponding information calculated with the first pre-provisioned algorithm.
    Type: Grant
    Filed: August 17, 2016
    Date of Patent: December 10, 2019
    Assignee: ALIBABA GROUP HOLDING LIMITED
    Inventor: Yingfang Fu
  • Patent number: 10491404
    Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions configured to be executed by a processor. The code includes code to cause the processor to receive, at a first compute device, (1) a message signed using a signature associated with a derived private key of a second compute device, and (2) an identifier. The code further includes code to cause the processor to retrieve, using the identifier, an ascendant public key associated with the second compute device. The code further includes code to cause the processor to generate, using a key derivation function with the ascendant public key and the identifier as inputs, a derived public key that is paired with the derived private key. The code further includes code to cause the processor to authenticate the second compute device by verifying the signature using the derived public key.
    Type: Grant
    Filed: May 8, 2019
    Date of Patent: November 26, 2019
    Assignee: Hotpyp, Inc.
    Inventor: Kelly Bryant Yamamoto
  • Patent number: 10476806
    Abstract: Systems and techniques are disclosed to reduce workload on base stations in a mobile network when content delivery networks cache content inside the network. A user equipment sets a flag only with those packets on the uplink which include requests that should be routed to the cache server inside the mobile network. The base stations perform deep packet inspection of those packets where flags have been set and forward other packets on to the rest of the relevant backhaul of the mobile network. After deep packet inspection, the base stations either route the packet to the cache server via an established connection or propagate the flag in an extension header to another network node for routing to the cache server. The resulting content is returned to the UE with the source address of the originally intended destination instead of the cache server, rendering the process transparent to the end user.
    Type: Grant
    Filed: August 5, 2015
    Date of Patent: November 12, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Huichun Liu, Xipeng Zhu, Gavin Bernard Horn
  • Patent number: 10476911
    Abstract: To verify compliance with a data access policy, a query result including data specified by a requesting entity and a representation of a data access policy is received from a database. Based on the representation of the data access policy included in the query result, it is verified whether the requesting entity is permitted to access the data included in the query result. Transmission of the data included in the query result to the requesting entity is controlled responsive to the verification. Related methods, systems, and computer program products are also discussed.
    Type: Grant
    Filed: July 14, 2017
    Date of Patent: November 12, 2019
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Evgene Vahlis, Paul Giura
  • Patent number: 10476913
    Abstract: Some database systems may implement encryption services to improve the security of data stored in databases or on disks. The systems may implement encryption using multiple encryption keys. For example, a worker server may implement a system call interceptor, such as a filesystem in userspace (Fuse) driver. The system call interceptor may intercept system calls (e.g., associated with query or extract, transform, and load (ETL) jobs) as they enter or exit the kernel. The system call interceptor may determine whether data sets associated with the jobs are marked for encryption, and may perform an encryption process on the data sets. A worker may encrypt and store data sets on a worker disk or at a file store, or may retrieve and decrypt the data sets. The system may additionally manage encryption keys, and may provide mechanisms for archiving or revoking encryption keys while maintaining user access to stored data sets.
    Type: Grant
    Filed: September 8, 2017
    Date of Patent: November 12, 2019
    Assignee: salesforce.com, inc.
    Inventors: Saptarshi Roy, Ryan Lamore, Ankush Gulati, Navya Sruti Sirugudi
  • Patent number: 10454903
    Abstract: Encryption keys for an enterprise are stored at a perimeter device such as a gateway, and rules are applied at the network perimeter to control whether and how these keys are used for cryptographic processing of communications passing through the perimeter device. The encrypted status of communications, e.g. whether and how files are encrypted with the encryption keys, may also be used to assist in selecting appropriate security handling and routing of the communications.
    Type: Grant
    Filed: February 10, 2017
    Date of Patent: October 22, 2019
    Assignee: Sophos Limited
    Inventor: Roger Neal
  • Patent number: 10445510
    Abstract: A data checking device that is connected to a communication entity includes: a port unit configured to communicate with the communication entity; a key storage unit configured to store predetermined keys; an encryption/decryption unit configured to encrypt or decrypt data transmitted from the communication entity through the port unit by using a first key among the predetermined keys; an output unit configured to output decrypted data; and a connection unit configured to physically connect the data checking device with another device storing keys which are identical to the predetermined keys. The predetermined keys stored in the key storage unit are generated and stored when the data checking device is connected to the another device by the connection unit.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: October 15, 2019
    Assignee: INDUSTRY-ACADEMIC COOPERATION FOUNDATION, DANKOOK UNIVERSITY
    Inventors: Joonmo Kim, Younggeun Choi
  • Patent number: 10447662
    Abstract: A method begins by a dispersed storage (DS) processing module segmenting a data partition into a plurality of data segments. For a data segment of the plurality of data segments, the method continues with the DS processing module dividing the data segment into a set of data sub-segments and generating a set of sub keys for the set of data sub-segments based on a master key. The method continues with the DS processing module encrypting the set of data sub-segments using the set of sub keys to produce a set of encrypted data sub-segments and aggregating the set of encrypted data sub-segments into encrypted data. The method continues with the DS processing module generating a masked key based on the encrypted data and the master key and combining the encrypted data and the masked key to produce an encrypted data segment.
    Type: Grant
    Filed: January 27, 2017
    Date of Patent: October 15, 2019
    Assignee: PURE STORAGE, INC.
    Inventor: Jason K. Resch
  • Patent number: 10438684
    Abstract: A method of operating a memory system, having a non-volatile memory device, includes processing a response to a first request toward the memory device by using an original key, in response to the first request, generating and storing first parity data corresponding to the original key, and deleting the original key.
    Type: Grant
    Filed: April 27, 2015
    Date of Patent: October 8, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Seong-Hyeog Choi, Jun-Jin Kong, Hong-Rak Son, Pil-Sang Yoon, Chang-Kyu Seol, Ki-Jun Lee
  • Patent number: 10432395
    Abstract: A system that includes a quantum key device, a first device, and a second device. A monitor module is configured to detect, at the first device, that the second device is reading quantum information over a second quantum communication channel. A read module is configured to read, at the first device, the quantum information over a first quantum communication channel. An encryption module is configured to generate a first quantum encryption key at the first device using the quantum information that is read over the first quantum communication channel. The encryption module is also configured to encrypt data using the first quantum encryption key to create encrypted data. The second device decrypts the encrypted data using a second quantum encryption key generated at the second device using the quantum information read at the second device to create decrypted data.
    Type: Grant
    Filed: October 4, 2017
    Date of Patent: October 1, 2019
    Assignee: The Boeing Company
    Inventors: Wayne R. Howe, Jeffrey H. Hunt
  • Patent number: 10429918
    Abstract: In one embodiment, a processor comprises: a first domain including a plurality of cores; a second domain including at least one graphics engine; and a power controller including a first logic to receive a first performance request from a driver of the second domain and to determine a maximum operating frequency for the first domain responsive to the first performance request. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 7, 2017
    Date of Patent: October 1, 2019
    Assignee: Intel Corporation
    Inventor: Anil K. Kumar
  • Patent number: 10432685
    Abstract: Techniques and a system are provided for protecting content (or media item) streamed over a network from unauthorized access. As an example, the streaming protection system generates statistics when a client requests a media item. The statistic may be generated based on various factors. The media item is divided into different portions, each portion requiring a different key to decrypt the portion so that it may be viewed by a user. Based on the generated statistic, the streaming protection system determines whether or not to allow the client access to the decryption key for a portion of the media item.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: October 1, 2019
    Assignee: Brightcove, Inc.
    Inventors: Barry Hartman, Sean Knapp, Bob Sesek, Siddharth Gopalan
  • Patent number: 10432599
    Abstract: A method for managing keystore information on a computing device may include requesting a keystore from a distribution system, receiving the keystore from the distribution system, and populating a runtime environment with keystore information contained within the keystore. A method for generating a keystore may include receiving, by a distribution system, a request for a keystore from a computing device, generating a key pair including a public key and a private key, generating a certificate signing request, digitally signing the public key with the private key, generating the keystore, combining the signed public key with the private key in the keystore, and providing the keystore to the computing device. A method for generating a truststore may include receiving, by a distribution system, a request for a truststore from a computing device, generating the truststore, adding a certificate to the truststore, and providing the truststore to the computing device.
    Type: Grant
    Filed: June 19, 2017
    Date of Patent: October 1, 2019
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: Andrew Schiefelbein
  • Patent number: 10404466
    Abstract: Various technologies described herein pertain to a computing device that includes secure hardware (e.g., a TPM, a secure processor of a processing platform, protected memory that includes a software-based TPM, etc.). The secure hardware includes a shared secret, which is shared by the secure hardware and a server computing system. The shared secret is provisioned by the server computing system or a provisioning computing system of a party affiliated with the server computing system. The secure hardware further includes a cryptographic engine that can execute a cryptographic algorithm using the shared secret or a key generated from the shared secret. The cryptographic engine can execute the cryptographic algorithm to perform encryption, decryption, authentication, and/or attestation.
    Type: Grant
    Filed: March 15, 2017
    Date of Patent: September 3, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Himanshu Raj, Stefan Saroiu, Alastair Wolman, Chen Chen
  • Patent number: 10397216
    Abstract: The disclosed computer-implemented method for performing secure backup operations may include (i) identifying a backup server that has been designated to perform a backup task for a backup client, (ii) prior to facilitating the backup task on the backup client (a) identifying both a trust level of the designated backup server and a sensitivity level of the backup task and (b) determining whether the trust level of the designated backup server is appropriate for the sensitivity level of the backup task, and (iii) facilitating the backup task on the backup client based on the determination of whether the trust level of the designated backup server is appropriate for the sensitivity level of the backup task. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: November 18, 2016
    Date of Patent: August 27, 2019
    Assignee: Veritas Technologies LLC
    Inventors: Mukund Agrawal, Gaurav Malhotra, Vikas Kumar, Nachiket Tanksale
  • Patent number: 10380369
    Abstract: A data management and storage (DMS) cluster of peer DMS nodes manages resources of a multi-tenant environment. The DMS cluster provides an authorization framework that provides user access which is scoped to the resources within a tenant organization and the privileges of the user within the organization. To authorize an action on a resource by a user, the DMS cluster determines determine user authorizations associated with the user defining privileges of the user on the resources of the multi-tenant environment, and organization authorizations associated defining resources of the multi-tenant environment that belong to the organization. The DMS cluster authorizes the action when the user authorizations and organizations authorized indicate that the action on the resource is authorized.
    Type: Grant
    Filed: June 14, 2018
    Date of Patent: August 13, 2019
    Assignee: Rubrik, Inc.
    Inventors: Matthew Noe, Seungyeop Han, Arohi Kumar