Key Distribution Center Patents (Class 380/279)
  • Patent number: 11520878
    Abstract: The technology disclosed herein provides a proof-of-work key wrapping system for verifying device capabilities. An example method may include: accessing a wrapped key and a cryptographic attribute for the wrapped key from an encrypted memory region, wherein the wrapped key encodes a cryptographic key; deriving, by a processing device, the cryptographic key in view of the wrapped key and the cryptographic attribute, wherein the deriving consumes computing resources for a duration of time; using the cryptographic key to access program data; and executing, by the processing device, the program data, wherein the executed program data evaluates a condition related to the duration of time.
    Type: Grant
    Filed: November 26, 2019
    Date of Patent: December 6, 2022
    Assignee: Red Hat, Inc.
    Inventors: Michael Hingston McLaughlin Bursell, Nathaniel Philip McCallum, Peter M. Jones
  • Patent number: 11522825
    Abstract: An object interface for quick access to object(s) of a communication platform is described. Server(s) of the communication platform can receive, in association with a user interface of the communication platform, a request to associate an object with an object interface associated with a virtual space of the communication platform. The server(s) can cause one or more objects to be presented via the user interface and can receive a selection of a particular object from the one or more objects. The server(s) can cause, in response to the selection, a user interface element representative of the particular object to be associated with the object interface, wherein the user interface element is associated with an actuation mechanism that, when actuated, causes the particular object to be presented via the user interface. Notifications associated with the particular object can be indicated by annotation(s) to the user interface.
    Type: Grant
    Filed: April 26, 2021
    Date of Patent: December 6, 2022
    Assignee: Slack Technologies, LLC
    Inventors: Farzad Khosrowshahi, Issac Gerges, Raja Jamwal, Madhu Balakrishna, Rohan Venapusala
  • Patent number: 11507661
    Abstract: An information handling system includes a basic input/output system (BIOS), a memory, and a processor. The processor scans a current state of each BIOS attribute in the BIOS, and stores one or more changed attributes in a secure event log in the memory. The processor converts each changed attribute into a different threat event including a first changed attribute into a first threat event. The processor provides a list of threat events to multiple threat chains, each of which determine whether the threat events match threat criteria in a threat chain policy. In response to the threat event matching a threat criterion in the threat chain policy, the threat chain provides a threat state change to the processor, which in turn provides new threat state changes to a threat state change consumer.
    Type: Grant
    Filed: March 5, 2021
    Date of Patent: November 22, 2022
    Assignee: Dell Products L.P.
    Inventors: Marc N. McGarry, Nizar A. Basan, Bradley C. Rood, Andy A. Yiu
  • Patent number: 11502827
    Abstract: Techniques for exporting remote cryptographic keys are provided. In one technique, a proxy server receives, from a secure enclave of a client device, a request for a cryptographic key. The request includes a key name for the cryptographic key. In response to receiving the request, the proxy server sends the request to a cryptographic device that stores the cryptographic key. The cryptographic device encrypts the cryptographic key based on an encryption key to generate a wrapped key. The proxy server receives the wrapped key from the cryptographic device and sends the wrapped key to the secure enclave of the client device.
    Type: Grant
    Filed: September 3, 2021
    Date of Patent: November 15, 2022
    Assignee: Garantir LLC
    Inventor: Kieran Miller
  • Patent number: 11496294
    Abstract: A method for securing communications for a given network topology is provided. The method comprises generating by a node N(i) of the network, security parameters for the node N(i); transmitting by the node N(i), said security parameters to a controller for the network; maintaining by the controller said security parameters for the node N(i); receiving by the controller a request from a node N(j) for the security parameters for the node N(i); retrieving by the controller the security parameters for the node N(i); and transmitting by the controller said security parameters to the node N(j).
    Type: Grant
    Filed: August 7, 2020
    Date of Patent: November 8, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Syed Khalid Raza, Praveen Raju Kariyanahalli, Rameshbabu Prabagaran, Amir Khan
  • Patent number: 11488180
    Abstract: Online retailers may operate a network of computing systems in order to provide an electronic marketplace to customers. The network of computing systems may be responsible for maintaining and providing different data to the customers of the online retailer. When a customer transmits a request to the online retailer the request may be divided into a set of tasks that may be executed in parallel by the computing systems. The data generated by executing the various tasks may be cached for various periods of time. Furthermore, log information may be generated based at least in part on execution of the various tasks. The logs may record data on initial access along with an identifier associated with the cached data. For subsequent tasks requiring cached data the log may include only the identifier associated with the cached data.
    Type: Grant
    Filed: January 22, 2014
    Date of Patent: November 1, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Jeremy Boynes, Thomas Lowell Keller
  • Patent number: 11470086
    Abstract: In various embodiments, there is provide a method for organizing devices in a policy hierarchy. The method includes creating a first node. The method further includes assigning a first policy to the first node. The method further includes creating a second node, the second node referencing the first node as a parent node such that the second node inherits the first policy of the first node.
    Type: Grant
    Filed: March 16, 2020
    Date of Patent: October 11, 2022
    Assignee: Fornetix LLC
    Inventors: Charles White, Stephen Edwards
  • Patent number: 11470062
    Abstract: An embedded processing system includes processing circuitry, a memory system, and a reprogramming control. The reprogramming control is configured to authenticate a user associated with a reprogramming operation of the embedded processing system and receive an encrypted configuration item. The reprogramming control is further configured to decrypt and authenticate the encrypted configuration item either for storage of the configuration item in the embedded processing system or for transmission externally as an encrypted and signed entity. These operations are performed only after the user requesting such an operation has been authenticated to have the permission to perform the requested operation.
    Type: Grant
    Filed: March 10, 2020
    Date of Patent: October 11, 2022
    Assignee: RAYTHEON TECHNOLOGIES CORPORATION
    Inventors: Jayashree Rajagopalan, Paul A. Adamski, Jason E. Posniak, Douglas E. Sansom, David Howland
  • Patent number: 11463435
    Abstract: The method comprises: a user terminal initiating an authentication request to a target server and providing device information of the user terminal, and the target server receiving the authentication request and generating a temporary session, and sending a temporary session ID and the device information to a quantum key allocation network; the quantum key allocation network searching for a wearable device bound to the user terminal, and sending the temporary session ID to the wearable device; the wearable device collecting biological recognition information of a user, and sending the biological recognition information to the quantum key allocation network; and the quantum key allocation network matching the biological recognition information with pre-stored biological recognition information, wherein if matching is successful, an authentication result is sent to the target server, and then the target server sends the authentication result to the user terminal.
    Type: Grant
    Filed: February 28, 2019
    Date of Patent: October 4, 2022
    Assignees: QUANTUMCTEK CO.. LTD., SHANDONG INSTITUTE OF QUANTUM SCIENCE AND TECHNOLOGY CO., LTD.
    Inventors: Yong Zhao, Chunhua Liu
  • Patent number: 11451391
    Abstract: Protecting an encryption key for data stored in a storage system that includes a plurality of storage devices, including: reading, from at least a majority of the storage devices, a portion of an apartment key; reconstructing the apartment key using the portions of the apartment key read by the majority of the storage devices; unlocking the main portion of each of the storage devices utilizing the apartment key; reading, from the main portion of one of the storage devices, a portion of a third-party resource access key; requesting, from the third-party resource utilizing the third-party resource access key, an encryption key; receiving, from the third-party resource, the encryption key; and decrypting the data stored on the storage devices utilizing the encryption key.
    Type: Grant
    Filed: October 23, 2019
    Date of Patent: September 20, 2022
    Assignee: PURE STORAGE, INC.
    Inventors: Andrew Bernat, Alexandre Duchâteau, Marco Sanvido, Constantine Sapuntzakis, Kiron Vijayasankar
  • Patent number: 11438318
    Abstract: Techniques for provisioning a key server to facilitate secure communications between a web server and a client by providing the client with a first data structure including information on how the web server may obtain a target symmetric key are presented. The techniques can include: provisioning the key server with a second data structure including information on how the key server may generate the first data structure; receiving a request on behalf of a web server for a third data structure comprising information on how the client may obtain the first data structure from the key server; and obtaining the third data structure, such that the third data structure is published in association with an identification of the web server, and such that the client uses the third data structure to obtain the first data structure and uses the first data structure to communicate with the web server.
    Type: Grant
    Filed: May 19, 2020
    Date of Patent: September 6, 2022
    Assignee: VeriSign, Inc.
    Inventors: Burton S. Kaliski, Jr., Glen S. Wiley
  • Patent number: 11436305
    Abstract: In one embodiment, a computer-implemented method of a data processing (DP) accelerator obtaining a watermark of an artificial intelligence (AI) model includes receiving, from a host device, the AI model to execute on the DP accelerator, and receiving input data that triggers output from the AI model on the DP accelerator. The DP accelerator calculates AI model output, in response to the received input and provides the output to the host device. The output can be a watermark extracted from the AI model. DP accelerator can call a security unit of the DP accelerator to digitally sign the output. In an embodiment, the security unit digitally signs the output from the AI model using a key that is retrieved from, or is derived from, a key stored in a secure storage on the security unit.
    Type: Grant
    Filed: October 10, 2019
    Date of Patent: September 6, 2022
    Assignees: BAIDU USA LLC, KUNLUNXIN TECHNOLOGY (BEIJING) COMPANY LIMITED
    Inventors: Yong Liu, Yueqiang Cheng
  • Patent number: 11386230
    Abstract: Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests. A function can implement a data manipulation, such as filtering out sensitive data before reading or writing the data. The functions can be applied prior to implementing a request method (e.g., GET or PUT) specified within the I/O request, such that the data to which the method is applied my not match the object specified within the request. For example, a user may request to obtain (e.g., GET) a data set. The data set may be passed to a function that filters sensitive data to the data set, and the GET request method may then be applied to the output of the function. In this manner, owners of objects on an object storage service are provided with greater control of objects stored or retrieved from the service.
    Type: Grant
    Filed: September 27, 2019
    Date of Patent: July 12, 2022
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Ramyanshu Datta, Timothy Lawrence Harris, Kevin C. Miller
  • Patent number: 11366766
    Abstract: Disclosed are an electronic device and a control method thereof. The electronic device according to the present disclosure includes a memory, a cache memory, a CPU, and includes a processor which controls the electronic device by using a program stored in the memory, wherein the CPU monitors an input address through which an input value is accessed in the cache memory, and changes the input address when the input address through which the input value is accessed in the cache memory is changed to a preset pattern.
    Type: Grant
    Filed: September 12, 2018
    Date of Patent: June 21, 2022
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Dong-uk Kim, Jin-bum Park
  • Patent number: 11368315
    Abstract: A processor of a device may provision a component of the device with a digital signature algorithm and an authentication key algorithm and/or server-provisioned private and/or public keys. The processor may generate one or more private keys and public keys and/or store them in a secure memory of the device. The processor may transmit the generated public keys to an owner server and receive a pedigree document in response, which may be signed with the private key. The owner server may determine a change in an ownership of the device and append the pedigree document in an immutable fashion in response to the determining to reflect the change in the ownership and/or sign the appended pedigree document with a private key. A chain of ownership of the device is verifiable using only information contained within the appended pedigree document and rooted in the processor itself.
    Type: Grant
    Filed: July 16, 2020
    Date of Patent: June 21, 2022
    Assignee: VERIDIFY SECURITY INC.
    Inventors: Derek A. Atkins, Brian A. Marks, Louis M. Parks, Richard D. Smith
  • Patent number: 11366904
    Abstract: A machine-implemented method for controlling a configuration data item in a storage-equipped device having at least two security domains, comprising receiving, by one of the security domains, a configuration data item; storing the configuration data item; providing a security indication for the configuration data item; and when an event indicates untrustworthiness of the data item, invalidating a configuration effect of the stored configuration data item. Further provided is a machine-implemented method for controlling a storage-equipped device as a node in a network of devices, comprising receiving information that a data source or type of a configuration data item is untrusted; analysing metadata for the data source and the configuration data item; populating a knowledge base with analysed metadata; and responsive to the analysed metadata, transmitting security information to the network of devices. A corresponding device and computer program product are also described.
    Type: Grant
    Filed: August 1, 2016
    Date of Patent: June 21, 2022
    Assignee: ARM IP LIMITED
    Inventors: Geraint Luff, Thomas Grocutt, Milosch Meriac, Jonathan Austin
  • Patent number: 11362818
    Abstract: A method for issuing a quantum key chip, a method for applying a quantum key chip, an issuing platform and a system. The method comprises: feeding, by a a quantum key issuing platform, a quantum key into a quantum key chip and binding an ID of the quantum key chip in a one-to-one correspondence to an ID of a user using the quantum key chip, where the ID of the quantum key chip and/or the ID of the user serve as identification information of the quantum key in the quantum key chip, and the quantum key is obtained by pre-negotiation between the quantum key issuing platform and a key distribution center (KDC); and sending, by the quantum key issuing platform, the identification information of the quantum key to the KDC, so that the KDC binds the identification information to the quantum key corresponding to the identification information.
    Type: Grant
    Filed: November 22, 2017
    Date of Patent: June 14, 2022
    Assignee: QUANTUMCTEK (GUANGDONG) CO., LTD.
    Inventors: Qing Chen, Xiang Xiao, Jiayi Lin, Songyan Ding, Jierong Chen
  • Patent number: 11363461
    Abstract: A security key management method performed in a PDCP layer of a terminal dual-connected to a first cell and a second cell may comprise receiving a PDCP PDU on which ciphering or integrity protection to which a first security key of the first cell or a second security key of the second cell is applied is performed; performing at least one of integrity verification and header decompression for the PDCP PDU based on the first security key; performing at least one of integrity verification and header decompression for the PDCP PDU based on the second security key; and determining a security key applied to the PDCP PDU, based on result of the at least one of integrity verification and header decompression based on the first security key and result of the at least one of integrity verification and header decompression based on the second security key.
    Type: Grant
    Filed: August 6, 2020
    Date of Patent: June 14, 2022
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Jae Su Song, Seung Kwon Baek
  • Patent number: 11356442
    Abstract: A wearable device-based identity authentication method and system, comprising: a user terminal initiates an authentication request to a target server and provides device information of the user terminal, the target server generates a temporary session, and sends a temporary session ID and the device information to a quantum key distribution network; the quantum key distribution network generates identification information, searches a wearable device bound to the user terminal, and sends the identification information to the wearable device; the wearable device receives and provides the identification information to the user terminal, the user terminal acquires the identification information, and sends verification information to the wearable device and then to the quantum key distribution network; the quantum key distribution network generates an authentication result and sends to the target server; and the target server generates an identification authentication result and sends to the user terminal.
    Type: Grant
    Filed: February 28, 2019
    Date of Patent: June 7, 2022
    Assignees: QUANTUMCTEK CO., LTD., SHANDONG INSTITUTE OF QUANTUM SCIENCE AND TECHNOLOGY CO., LTD.
    Inventors: Yong Zhao, Chunhua Liu
  • Patent number: 11356280
    Abstract: A method of encrypting data at an electronic device where the electronic device is associated with a key device. Each device is associated with an asymmetric cryptography pair, each pair including a first private key and a first public key. Respective second private and public keys may be determined based on the first private key, first public key and a deterministic key. A secret may be determined based on the second private and public keys. The data at the electronic device may be encrypted using the determined secret or an encryption key that is based on the secret. Information indicative of the deterministic key may be sent to the key device where the information may be stored.
    Type: Grant
    Filed: July 10, 2020
    Date of Patent: June 7, 2022
    Assignee: nChain Holdings Ltd
    Inventors: Craig Steven Wright, Stephane Savanah
  • Patent number: 11343087
    Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication. An example system includes encoding circuitry configured to generate, based on a first set of quantum bases, a set of qbits, and transmit the set of qbits over a quantum line, wherein the encoding circuitry is further configured not to transmit the first set of quantum bases. The example system further includes decoding circuitry in communication with the encoding circuitry over the quantum line, the decoding circuitry configured to receive, over a quantum line, the set of qbits, and decode, based on a second set of quantum bases, the set of qbits to generate a decoded set of bits. The example system further includes session authentication circuitry configured to generate a session key based on the decoded set of bits.
    Type: Grant
    Filed: March 9, 2018
    Date of Patent: May 24, 2022
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Masoud Vakili
  • Patent number: 11329817
    Abstract: The present disclosure, in some embodiments, relates to a data protection method comprising: determining a file comprising content data on a computing system; generating index information for the file; transmitting the index information to a cloud system; executing a corruption operation on the file comprising: dividing the content data of the file into a plurality of data chunks; executing a first encryption operation based on an encryption protocol, on the first data chunk; executing a second encryption operation based on the encryption protocol, on the second data chunk; generating or assigning a first name for the first data and a second name for the second data chunk; and generating a key associated with an order of the first data chunk and the second data chunk.
    Type: Grant
    Filed: October 1, 2021
    Date of Patent: May 10, 2022
    Inventor: Devi Selva Kumar Vijayanarayanan
  • Patent number: 11317466
    Abstract: The technology provides a convenient and efficient way for business entities and other organizations to gather and transmit data from remotely located facilities without having to rely on satellite communication or specialized communication equipment. A geographically isolated facility may be used for manufacturing, warehousing, power generation, environmental monitoring, as well as other services. Information about the facility, its equipment and operation are transmitted to a back end system using high altitude platforms (HAPs). This provides opportunistic communication between remote facilities and the back-end system on an as-needed basis, for example based on bandwidth usage, peak/off-peak usage, etc. The HAPs may act as a store and forward service, or process received data before transmitting it to a ground station or the back end system. This approach allows an organization to periodically monitor its facilities, to determine equipment failure, resupply needs, and to assess the status of each facility.
    Type: Grant
    Filed: January 8, 2021
    Date of Patent: April 26, 2022
    Assignee: SoftBank Corp.
    Inventor: James Smith
  • Patent number: 11301583
    Abstract: A method for facilitating communications while protecting customer privacy through cryptography and withholding of personally identifiable information includes: storing, in a memory of a processing server, contact data and a reference value associated with a first external computing device; receiving, by a receiver of the processing server, a communication request from a second external computing device, the communication request including at least the reference value and a digital signature; validating, by a processor of the processing server, the digital signature using a communicator public key of a cryptographic key pair; receiving, by the receiver of the processing server, a communication message from the second external computing device; and forwarding, by a transmitter of the processing server, the communication message to the first external computing device using the stored contact data following successful validation of the digital signature.
    Type: Grant
    Filed: October 9, 2019
    Date of Patent: April 12, 2022
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Rahul Lamba, Aastha Dhiman, Tushar Rungta, Aditya Koduri
  • Patent number: 11291059
    Abstract: Methods, a user equipment (UE) and a base station are disclosed for sidelink identification. According to an embodiment, a first UE participates in an identity (ID) determination procedure such that a sidelink ID is determined for a sidelink between the first UE and a second UE. The sidelink ID comprises a full ID for identifying one of the first and second UEs and a short ID for identifying the other of the first and second UEs.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: March 29, 2022
    Assignee: Telefonaktiebolaget LM Ericsson (Publ) Stockholm, Sweden
    Inventors: Zhang Zhang, Ricardo Blasco Serrano, Shehzad Ali Ashraf, Marco Belleschi
  • Patent number: 11288256
    Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. The analysis appliance, in some embodiments, receives definitions of keys and provides them to the host computers. In some embodiments, existing keys are modified based on the analysis. Additionally, or alternatively, new keys are provided based on the analysis. In some embodiments, the analysis appliance receives the flow group records (e.g., sets of attributes) based on the keys and the configuration data from each host computer.
    Type: Grant
    Filed: July 23, 2019
    Date of Patent: March 29, 2022
    Assignee: VMWARE, INC.
    Inventors: Jayant Jain, Russell Lu, Ly Loi, Rick Lund, Arnold Poon
  • Patent number: 11281482
    Abstract: A host machine includes a guest machine, a device emulator, and a hypervisor communicably coupled to the guest machine and the device emulator. The guest machine executes a non-real time thread that causes a non-real time I/O emulation by the device emulator. Responsive to receipt of a real time thread by the guest machine, the hypervisor determines whether the non-real time I/O emulation is abortable or non-abortable. If abortable, the hypervisor aborts the non-real time thread and causes the guest machine to execute the real time thread. Upon completing the execution of the real time thread, the hypervisor causes the guest machine to revert to a non-real time context based on a previous system snapshot. Upon establishing the non-real time context, the hypervisor causes the guest machine to execute the previously aborted non-real time thread.
    Type: Grant
    Filed: December 14, 2016
    Date of Patent: March 22, 2022
    Assignee: Intel Corporation
    Inventors: Yunhong Jiang, Chao Peng, Yao Zu Dong
  • Patent number: 11263310
    Abstract: The technology disclosed herein provides a proof-of-work key wrapping system for verifying device capabilities. An example method may include: accessing instructions, a wrapped key, and a cryptographic attribute for the wrapped key from an encrypted memory region, wherein the wrapped key encodes a cryptographic key; executing, by a processing device, the instructions to derive the cryptographic key in view of the wrapped key and the cryptographic attribute, wherein the executing consumes computing resources for a duration of time; using the cryptographic key to access program data; executing, by the processing device, the program data, wherein the executed program data evaluates a condition related to the duration of time; and transmitting a message comprising an indication of the evaluated condition.
    Type: Grant
    Filed: November 26, 2019
    Date of Patent: March 1, 2022
    Assignee: Red Hat, Inc.
    Inventors: Michael Hingston McLaughlin Bursell, Nathaniel Philip McCallum, Peter M. Jones
  • Patent number: 11258590
    Abstract: Described herein are methods, systems, and computer-readable storage media for managing cryptographic keys needed for peripheral devices to securely communicate with host computing devices. Techniques include receiving, at a centralized identity management resource, a first key that is part of a cryptographic key pair comprising the first key and a second key, wherein the second key is stored at a peripheral device for use by the peripheral device in encrypting data. Techniques further include identifying a first host computing device that is permitted to engage in secure communications with the peripheral device. Further, making available the first key from the centralized identity management resource to the first host computing device to enable the first host computing device to decrypt the encrypted data.
    Type: Grant
    Filed: March 31, 2021
    Date of Patent: February 22, 2022
    Assignee: CyberArk Software Lid.
    Inventors: Omar Tsarfati, Asaf Hecht, Hadas Elkabir
  • Patent number: 11240395
    Abstract: In an information-processing device, a memory is configured to store setting information including an operation setting for the information-processing device. A controller is configured to perform: acquiring; determining; allowing; importing; and encrypting. The acquiring acquires import authentication information including a device password for the information-processing device while a removable storage medium storing import setting information is connected to an input-output interface. The determining determines whether the device password matches a preset device password of the information-processing device. The allowing allows, in response to determining that the device password matches the preset device password, the import setting information to be imported. The importing imports the import setting information from the removable storage medium into the memory as the setting information.
    Type: Grant
    Filed: March 10, 2020
    Date of Patent: February 1, 2022
    Assignee: Brother Kogyo Kabushiki Kaisha
    Inventor: Takatsugu Yamada
  • Patent number: 11227057
    Abstract: An example operation may include one or more of identifying a new member (M1) to a permissioned database, creating a new group including the new member and one or more previously identified members (MP), modifying a world state of the permissioned database to identify a set of members in the new group with access to the permissioned database, and responsive to the new member (M1) being identified, creating a new entry (TX1) to the permissioned database using an encryption key (K1) associated with the new member (M1).
    Type: Grant
    Filed: November 8, 2018
    Date of Patent: January 18, 2022
    Assignee: International Business Machines Corporation
    Inventors: Jeronimo Irazabal, Andres Garagiola, Diego A. Masini
  • Patent number: 11195167
    Abstract: The present application provides techniques for offline payments. The method includes: receiving an offline payment request for an offline payment through a target payment application, the offline payment being made by a user registered with the target payment application; receiving an identity authentication identifier (ID) of the user; determining that the identity authentication ID of the user matches a stored identity authentication ID previously stored for the user on the computing device; in response to determining that the identity authentication ID matches the stored identity authentication ID, receiving an offline payment certificate issued by the target payment application to the user and stored on the computing device; and providing the offline payment certificate to an offline payment service party of the target payment application, the offline payment service party configured to authorize the offline payment based on the offline payment certificate.
    Type: Grant
    Filed: December 23, 2019
    Date of Patent: December 7, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Yuanbo Sun
  • Patent number: 11184170
    Abstract: Methods, systems, and devices for public key protection techniques are described. An embedded multimedia card (eMMC) may be formatted to include a permanent write protect group that is configured to prevent disabling of write protection for data stored in the permanent write protect group. The eMMC may store a public key associated with a first host device in the permanent write protect group of the eMMC. A data package may be received from the host device and authenticated by using the public key stored in the permanent write protect group. The embedded memory controller may be configured to prevent modifying or writing data to a permanent write protect group.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: November 23, 2021
    Assignee: Micron Technology, Inc.
    Inventor: Zhan Liu
  • Patent number: 11171944
    Abstract: A method for automatically attaching a purpose-built electronic device to a provider network includes steps of discovering, by a Wi-Fi module of the purpose-built electronic device, a wireless data network in operable communication with the provider network selecting, by the Wi-Fi module, the wireless data network, transmitting a primary authentication certificate from the Wi-Fi module to an authentication, authorization, and accounting server of the provider network, receiving, by an application server of the provider network, a secondary authentication certificate from a functionality module of the purpose-built electronic device authenticating, by the provider network, the primary and secondary authentication certificates, and attaching the purpose-built device to the provider network.
    Type: Grant
    Filed: June 4, 2019
    Date of Patent: November 9, 2021
    Assignee: Cable Television Laboratories, Inc.
    Inventors: Ralph William Brown, Bernard McKibben, Stuart Hoggan, Brian A. Scriber
  • Patent number: 11159512
    Abstract: Systems and methods for providing a single sign-on for authenticating a user via multiple client devices is provided. For example, the system includes a processor configured to receive a first connection request from a first client device. The processor processes the first connection request and transmits an access token to the first client. The processor can further receive a second connection request from a second client device and process the second connection request. The processor can transmit a single sign-on response to the second client device in reply to the second connection request. The second client device can be configured to communicated with and transmit the single-sign on response to the first client device for processing. The processor can receive a single sign-on verification from the first client device, process the single sign-on verification, and transmit a copy of the access token to the second client device.
    Type: Grant
    Filed: July 22, 2020
    Date of Patent: October 26, 2021
    Assignee: Citrix Systems, Ine.
    Inventors: Liangang Shi, Rulei Lin, Zhenxing Liu
  • Patent number: 11146392
    Abstract: A system includes processor(s) and memory(s). When encryption key(s) need to be generated to encrypt a key, processor(s): securely generate encryption key(s); encrypt key using encryption key(s) to generate encrypted key; split encrypted key and encryption key(s) into set(s) of key components, wherein subset of key components can be used to reconstruct encrypted key and encryption key(s); and securely erase key from memory(s). When encryption key(s) need to be used, processor(s): receive set(s) of key components from subset(s) of users that can be used to reconstruct encrypted key and encryption key(s) used to securely decrypt key from encrypted key; when set(s) of key components is received from subset(s) of users that can be used to reconstruct encrypted key and encrypted key(s), securely reconstruct encrypted key and encryption key(s); and when the encrypted key and the encryption key(s) have both been reconstructed, securely decrypt encrypted key into key using encryption key(s).
    Type: Grant
    Filed: March 15, 2019
    Date of Patent: October 12, 2021
    Assignee: tZERO IP, LLC
    Inventors: Tron Black, Denny Becker, Tyler Perkins, Joel Weight, Jesse Empey
  • Patent number: 11080077
    Abstract: Life cycle management techniques are provided for cloud-based application executors with key-based access to other devices. An exemplary method comprises determining that a retention time for a first cloud-based application executor (e.g., a virtual machine or a container) has elapsed, wherein the first cloud-based application executor has key-based access to at least one other device using a first key; in response to the determining, performing the following steps: creating a second cloud-based application executor; and determining a second key for the second cloud-based application executor that is different than the first key, wherein the second cloud-based application executor uses the first key to add the second key to one or more trusted keys of the at least one other device and deactivates the first key from the one or more trusted keys.
    Type: Grant
    Filed: October 25, 2018
    Date of Patent: August 3, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Amihai Savir, Oron Golan, Aviram Fireberger, Or Herman Saffar, Roie Ben Eliyahu
  • Patent number: 11074363
    Abstract: Techniques are provided for selectively or completely redacting the text of database commands submitted to a database system. The database server receives the clear text version of the commands, parses the commands, and generates an execution plan, as normal. However, prior to providing the text of the commands to any location that is externally visible, the database server determines whether the command qualifies as “sensitive”. If the command qualifies as sensitive, then a redacted version of the command is generated. In the case of selective redaction, portions of the redacted version remain in clear text, while selected portions are replaced with encrypted text. In the case of total redaction, the entire command is replaced with encrypted text.
    Type: Grant
    Filed: December 5, 2018
    Date of Patent: July 27, 2021
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Patrick F. Sack, William Maroulis, Scott Gaetjen, Mark Tatum, Mark E. Schultz, Kenneth Westbrook, Ryan Feipel
  • Patent number: 11044083
    Abstract: A first server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different, second, server. The first server transmits messages between the client device and the second server where the second server has access to a private key that is not available on the first server. The first server receives from the second server a set of session key(s) used in the secure session for encrypting/decrypting communication between the client device and the first server. The session key(s) are generated using a master secret that is generated using a premaster secret generated using Diffie-Hellman public values selected by the client device and the second server. The first server uses the session key(s) to encrypt/decrypt communication with the client device.
    Type: Grant
    Filed: July 24, 2018
    Date of Patent: June 22, 2021
    Assignee: CLOUDFLARE, INC.
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
  • Patent number: 11038698
    Abstract: A path is secured from one node to another node of the computing environment. The one node obtains a first encryption key and one or more first parameters for transmission of data, and a second encryption key and one or more second parameters for reception of data. A shared key is obtained by the one node from a key server, and the shared key is used to encrypt a message. The encrypted message includes the first encryption key, the one or more first parameters, the second encryption key and the one or more second parameters. The encrypted message and an identifier of the shared key is sent from the one node to the other node, and a response message is received by the one node. The response message at least provides an indication that the other node received the encrypted message and obtained the shared key.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: June 15, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Patent number: 11019489
    Abstract: Technology described in this document can be embodied in a method for facilitating automatic connection to a network. The method includes receiving, at a first device that is authenticated to the network, an identifier of a second device, and retrieving, by the first device based on the identifier, a public key for the second device. The data encrypted using the public key is decryptable using a private key of the second device. The method also includes encrypting, using the public key for the second device, credential information usable by the second device for authenticating to the network, and transmitting, to the second device, the encrypted credential information.
    Type: Grant
    Filed: March 26, 2018
    Date of Patent: May 25, 2021
    Assignee: Bose Corporation
    Inventors: Pankaj Aggarwal, Kapil Hali, Sheshadri Mantha, Scott Stinson
  • Patent number: 11012243
    Abstract: A method and system configured to produce a cryptographic signature on a message, under a key, at a user computer wherein the key is shared between the user computer, which stores a first key-share, and an authentication computer, which stores a second key-share and a first authentication value. The user computer encodes the message to produce a blinded message, produces the first authentication value from a user password and a secret value, and produces a second authentication value by encoding the first authentication value and a nonce. The authentication computer uses the nonce to determine if the first authentication value is correct and, if so, encodes the blinded message using the second key-share to produce a partial signature. The user computer produces a signature on the message under the key by encoding the partial signature and the message using the first key-share and an unblinding function.
    Type: Grant
    Filed: April 3, 2019
    Date of Patent: May 18, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jan L. Camenisch, Anja Lehmann, Gregory Neven
  • Patent number: 11012244
    Abstract: A method for network node encryption is provided. Signals that carry a node encryption request from a client for a network node is received by an apparatus. Subsequently, node data information of the network node according to the node encryption request is acquired by the apparatus. The node data information includes a preset link. Next, an application to a trusted third party for an encryption certificate is transmitted via the apparatus and the application includes the node data information. The trusted third party sends a certificate verification request including a verification file once the application is received to verify an authority to the preset link. The certificate verification request is received and the verification file is stored subsequently. The trusted third party verifies the storing of the verification file and sends an encryption certificate. The encryption certificate is received and deployed on the network node via the apparatus.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: May 18, 2021
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Wei Wei
  • Patent number: 10979219
    Abstract: According to an example embodiment of the present invention, there is provided an apparatus comprising at least one processing core configured to determine a pairing opportunity with a second apparatus and to cause a message to be transmitted to a server, the message comprising a generated number, a receiver configured to receive from the server an indication, and the at least one processing core being further configured to, at least in part based on the indication, cause the apparatus to participate in pairing with the second apparatus.
    Type: Grant
    Filed: March 12, 2014
    Date of Patent: April 13, 2021
    Assignee: Nokia Technologies Oy
    Inventors: Arto Palin, Jukka Reunamäki
  • Patent number: 10949556
    Abstract: The invention concerns a method for decrypting data sent by a first user having at least a first role in a first entity, the first entity comprising at least the first user and a first instance, to a second user having at least a second role in a second entity, the second entity comprising at least the second user and a second instance, the data being encrypted using a symmetric encryption key, the symmetric encryption key being encrypted using a public key of an asymmetric key pair comprising a private key and a public key, wherein the asymmetric key pair is associated with the second role of the second user, and the encrypted data is associated with a transmission ID, the method furthermore involving the use of an element for electronic or digital identification and authentication identifying the second user in his second role and being unique to the second role. The invention also concerns a corresponding method for encrypting data.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: March 16, 2021
    Assignee: OSMERUS INVESTMENTS LTD
    Inventor: Alexander Signäs
  • Patent number: 10951401
    Abstract: A system is disclosed for facilitating the secure transfer of digital assets that include making a first key and index scheme accessible for seamlessly and continuously executing digital asset transactions. The first key is capable of generating second keys and is made accessible to a sender of digital assets. The index scheme is customizable to meet the needs of the parties of the transaction and is capable of being used to generate a key derivation index. The first key and index scheme are secure, and for each digital asset transaction, the second key may be derived from the index scheme and first key, and the new key may be used to generate a new address.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: March 16, 2021
    Assignee: BITNOMIAL, INC.
    Inventors: Luke Hoersten, Michael Scott Dunn, Matthew Wraith
  • Patent number: 10938781
    Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: March 2, 2021
    Assignee: Sophos Limited
    Inventors: Daniel Salvatore Schiappa, Andrew J. Thomas, Kenneth D. Ray, Joseph H. Levy
  • Patent number: 10938570
    Abstract: Technologies for remote attestation include a group member device to generate a signature of a message using a cryptographic key assigned to the group member device by a group manager and determine an authentication path that indicates a plurality of cryptographic hashes necessary to compute a group public key of a group associated with a plurality of group member devices. The cryptographic key is assigned to the group member device based on a permutation of a set of cryptographic keys generated by the plurality of group member devices. The group member device transmits the signature and the authentication path to a verifier device for verification of the signature.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: March 2, 2021
    Assignee: INTEL CORPORATION
    Inventors: Rafael Misoczki, Rachid El Bansarkhani
  • Patent number: 10911225
    Abstract: An approach for full-path data encryption, where user virtualized computers (e.g., user VMs) are configured to communicate with other virtualized computers or VMs using IPsec protocol encryption standards. The user VMs may send a first encryption or authorization key to the other VMs, which the other VMs may use to authenticate the user VMs and encrypt and decrypt data stored to storage devices using a second encryption key. In some approaches, the other VMs may interpret or decrypt the data sent via IPsec and then perform data optimizations (e.g., compression, deduplication) on the data before decrypting/encrypting with the second key.
    Type: Grant
    Filed: June 3, 2016
    Date of Patent: February 2, 2021
    Assignee: Nutanix, Inc.
    Inventors: Alexander Michael Bunch, Miao Cui, Ajay Prakash Kulkarni, Peter Alan Turshmid
  • Patent number: 10903997
    Abstract: The present invention is a platform and/or agnostic method and system operable to protect data, documents, devices, communications, and transactions. Embodiments of the present invention may be operable to authenticate users and may be operable with any client system. The method and system are operable to disburse unique portions of anonymous related information amongst multiple devices. These devices disburse unique portions of anonymous information and are utilized by the solution to protect sensitive data transmissions, and to authenticate users, data, documents, device and transactions. When used for authentication, login-related information is not stored in any portion of the solution, users and devices are anonymously authenticated. The solution also permits a user to access secured portions of the client system through a semi-autonomous process and without having to reveal the user's key.
    Type: Grant
    Filed: May 11, 2020
    Date of Patent: January 26, 2021
    Assignee: Autnhive Corporation
    Inventor: Devi Selva Kumar Vijayanarayanan