Key Distribution Center Patents (Class 380/279)
  • Patent number: 11146392
    Abstract: A system includes processor(s) and memory(s). When encryption key(s) need to be generated to encrypt a key, processor(s): securely generate encryption key(s); encrypt key using encryption key(s) to generate encrypted key; split encrypted key and encryption key(s) into set(s) of key components, wherein subset of key components can be used to reconstruct encrypted key and encryption key(s); and securely erase key from memory(s). When encryption key(s) need to be used, processor(s): receive set(s) of key components from subset(s) of users that can be used to reconstruct encrypted key and encryption key(s) used to securely decrypt key from encrypted key; when set(s) of key components is received from subset(s) of users that can be used to reconstruct encrypted key and encrypted key(s), securely reconstruct encrypted key and encryption key(s); and when the encrypted key and the encryption key(s) have both been reconstructed, securely decrypt encrypted key into key using encryption key(s).
    Type: Grant
    Filed: March 15, 2019
    Date of Patent: October 12, 2021
    Assignee: tZERO IP, LLC
    Inventors: Tron Black, Denny Becker, Tyler Perkins, Joel Weight, Jesse Empey
  • Patent number: 11080077
    Abstract: Life cycle management techniques are provided for cloud-based application executors with key-based access to other devices. An exemplary method comprises determining that a retention time for a first cloud-based application executor (e.g., a virtual machine or a container) has elapsed, wherein the first cloud-based application executor has key-based access to at least one other device using a first key; in response to the determining, performing the following steps: creating a second cloud-based application executor; and determining a second key for the second cloud-based application executor that is different than the first key, wherein the second cloud-based application executor uses the first key to add the second key to one or more trusted keys of the at least one other device and deactivates the first key from the one or more trusted keys.
    Type: Grant
    Filed: October 25, 2018
    Date of Patent: August 3, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Amihai Savir, Oron Golan, Aviram Fireberger, Or Herman Saffar, Roie Ben Eliyahu
  • Patent number: 11074363
    Abstract: Techniques are provided for selectively or completely redacting the text of database commands submitted to a database system. The database server receives the clear text version of the commands, parses the commands, and generates an execution plan, as normal. However, prior to providing the text of the commands to any location that is externally visible, the database server determines whether the command qualifies as “sensitive”. If the command qualifies as sensitive, then a redacted version of the command is generated. In the case of selective redaction, portions of the redacted version remain in clear text, while selected portions are replaced with encrypted text. In the case of total redaction, the entire command is replaced with encrypted text.
    Type: Grant
    Filed: December 5, 2018
    Date of Patent: July 27, 2021
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Patrick F. Sack, William Maroulis, Scott Gaetjen, Mark Tatum, Mark E. Schultz, Kenneth Westbrook, Ryan Feipel
  • Patent number: 11044083
    Abstract: A first server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different, second, server. The first server transmits messages between the client device and the second server where the second server has access to a private key that is not available on the first server. The first server receives from the second server a set of session key(s) used in the secure session for encrypting/decrypting communication between the client device and the first server. The session key(s) are generated using a master secret that is generated using a premaster secret generated using Diffie-Hellman public values selected by the client device and the second server. The first server uses the session key(s) to encrypt/decrypt communication with the client device.
    Type: Grant
    Filed: July 24, 2018
    Date of Patent: June 22, 2021
    Assignee: CLOUDFLARE, INC.
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
  • Patent number: 11038698
    Abstract: A path is secured from one node to another node of the computing environment. The one node obtains a first encryption key and one or more first parameters for transmission of data, and a second encryption key and one or more second parameters for reception of data. A shared key is obtained by the one node from a key server, and the shared key is used to encrypt a message. The encrypted message includes the first encryption key, the one or more first parameters, the second encryption key and the one or more second parameters. The encrypted message and an identifier of the shared key is sent from the one node to the other node, and a response message is received by the one node. The response message at least provides an indication that the other node received the encrypted message and obtained the shared key.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: June 15, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patricia G. Driever, Roger G. Hathorn, Christopher Colonna, John Flanagan, George P. Kuch, Richard M. Sczepczenski, Glen Jaquette
  • Patent number: 11019489
    Abstract: Technology described in this document can be embodied in a method for facilitating automatic connection to a network. The method includes receiving, at a first device that is authenticated to the network, an identifier of a second device, and retrieving, by the first device based on the identifier, a public key for the second device. The data encrypted using the public key is decryptable using a private key of the second device. The method also includes encrypting, using the public key for the second device, credential information usable by the second device for authenticating to the network, and transmitting, to the second device, the encrypted credential information.
    Type: Grant
    Filed: March 26, 2018
    Date of Patent: May 25, 2021
    Assignee: Bose Corporation
    Inventors: Pankaj Aggarwal, Kapil Hali, Sheshadri Mantha, Scott Stinson
  • Patent number: 11012243
    Abstract: A method and system configured to produce a cryptographic signature on a message, under a key, at a user computer wherein the key is shared between the user computer, which stores a first key-share, and an authentication computer, which stores a second key-share and a first authentication value. The user computer encodes the message to produce a blinded message, produces the first authentication value from a user password and a secret value, and produces a second authentication value by encoding the first authentication value and a nonce. The authentication computer uses the nonce to determine if the first authentication value is correct and, if so, encodes the blinded message using the second key-share to produce a partial signature. The user computer produces a signature on the message under the key by encoding the partial signature and the message using the first key-share and an unblinding function.
    Type: Grant
    Filed: April 3, 2019
    Date of Patent: May 18, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jan L. Camenisch, Anja Lehmann, Gregory Neven
  • Patent number: 11012244
    Abstract: A method for network node encryption is provided. Signals that carry a node encryption request from a client for a network node is received by an apparatus. Subsequently, node data information of the network node according to the node encryption request is acquired by the apparatus. The node data information includes a preset link. Next, an application to a trusted third party for an encryption certificate is transmitted via the apparatus and the application includes the node data information. The trusted third party sends a certificate verification request including a verification file once the application is received to verify an authority to the preset link. The certificate verification request is received and the verification file is stored subsequently. The trusted third party verifies the storing of the verification file and sends an encryption certificate. The encryption certificate is received and deployed on the network node via the apparatus.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: May 18, 2021
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Wei Wei
  • Patent number: 10979219
    Abstract: According to an example embodiment of the present invention, there is provided an apparatus comprising at least one processing core configured to determine a pairing opportunity with a second apparatus and to cause a message to be transmitted to a server, the message comprising a generated number, a receiver configured to receive from the server an indication, and the at least one processing core being further configured to, at least in part based on the indication, cause the apparatus to participate in pairing with the second apparatus.
    Type: Grant
    Filed: March 12, 2014
    Date of Patent: April 13, 2021
    Assignee: Nokia Technologies Oy
    Inventors: Arto Palin, Jukka Reunamäki
  • Patent number: 10951401
    Abstract: A system is disclosed for facilitating the secure transfer of digital assets that include making a first key and index scheme accessible for seamlessly and continuously executing digital asset transactions. The first key is capable of generating second keys and is made accessible to a sender of digital assets. The index scheme is customizable to meet the needs of the parties of the transaction and is capable of being used to generate a key derivation index. The first key and index scheme are secure, and for each digital asset transaction, the second key may be derived from the index scheme and first key, and the new key may be used to generate a new address.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: March 16, 2021
    Assignee: BITNOMIAL, INC.
    Inventors: Luke Hoersten, Michael Scott Dunn, Matthew Wraith
  • Patent number: 10949556
    Abstract: The invention concerns a method for decrypting data sent by a first user having at least a first role in a first entity, the first entity comprising at least the first user and a first instance, to a second user having at least a second role in a second entity, the second entity comprising at least the second user and a second instance, the data being encrypted using a symmetric encryption key, the symmetric encryption key being encrypted using a public key of an asymmetric key pair comprising a private key and a public key, wherein the asymmetric key pair is associated with the second role of the second user, and the encrypted data is associated with a transmission ID, the method furthermore involving the use of an element for electronic or digital identification and authentication identifying the second user in his second role and being unique to the second role. The invention also concerns a corresponding method for encrypting data.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: March 16, 2021
    Assignee: OSMERUS INVESTMENTS LTD
    Inventor: Alexander Signäs
  • Patent number: 10938570
    Abstract: Technologies for remote attestation include a group member device to generate a signature of a message using a cryptographic key assigned to the group member device by a group manager and determine an authentication path that indicates a plurality of cryptographic hashes necessary to compute a group public key of a group associated with a plurality of group member devices. The cryptographic key is assigned to the group member device based on a permutation of a set of cryptographic keys generated by the plurality of group member devices. The group member device transmits the signature and the authentication path to a verifier device for verification of the signature.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: March 2, 2021
    Assignee: INTEL CORPORATION
    Inventors: Rafael Misoczki, Rachid El Bansarkhani
  • Patent number: 10938781
    Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: March 2, 2021
    Assignee: Sophos Limited
    Inventors: Daniel Salvatore Schiappa, Andrew J. Thomas, Kenneth D. Ray, Joseph H. Levy
  • Patent number: 10911225
    Abstract: An approach for full-path data encryption, where user virtualized computers (e.g., user VMs) are configured to communicate with other virtualized computers or VMs using IPsec protocol encryption standards. The user VMs may send a first encryption or authorization key to the other VMs, which the other VMs may use to authenticate the user VMs and encrypt and decrypt data stored to storage devices using a second encryption key. In some approaches, the other VMs may interpret or decrypt the data sent via IPsec and then perform data optimizations (e.g., compression, deduplication) on the data before decrypting/encrypting with the second key.
    Type: Grant
    Filed: June 3, 2016
    Date of Patent: February 2, 2021
    Assignee: Nutanix, Inc.
    Inventors: Alexander Michael Bunch, Miao Cui, Ajay Prakash Kulkarni, Peter Alan Turshmid
  • Patent number: 10902110
    Abstract: Systems and methods which enable an authentication procedure to be used within the standard network security architecture to authenticate third party applications that are forbidden access to a particular secret key are disclosed. Third party smartphone applications that are unable to use SIM-based authentication due to being forbidden access to a SIM-based key are provided an alternate secret key for use in an EAP-AKA or EAP-SIM type procedure according to embodiments. An authentication server or other backend authentication infrastructure of embodiments requests authentication vectors from a backend system sharing the alternative secret key. Accordingly, the backend authentication platform of embodiments is adapted to know or detect that an application is using an alternative secret key (e.g., a secret key other than the SIM-based secret key) and to perform the appropriate procedure for the key type.
    Type: Grant
    Filed: September 12, 2019
    Date of Patent: January 26, 2021
    Assignee: Ribbon Communications Operating Company, Inc.
    Inventors: Keith A. Mumford, Satish Agrawal, Mark Wallis
  • Patent number: 10903997
    Abstract: The present invention is a platform and/or agnostic method and system operable to protect data, documents, devices, communications, and transactions. Embodiments of the present invention may be operable to authenticate users and may be operable with any client system. The method and system are operable to disburse unique portions of anonymous related information amongst multiple devices. These devices disburse unique portions of anonymous information and are utilized by the solution to protect sensitive data transmissions, and to authenticate users, data, documents, device and transactions. When used for authentication, login-related information is not stored in any portion of the solution, users and devices are anonymously authenticated. The solution also permits a user to access secured portions of the client system through a semi-autonomous process and without having to reveal the user's key.
    Type: Grant
    Filed: May 11, 2020
    Date of Patent: January 26, 2021
    Assignee: Autnhive Corporation
    Inventor: Devi Selva Kumar Vijayanarayanan
  • Patent number: 10892956
    Abstract: A device management server that manages information regarding an application associated with a product key, and information regarding a panel application includes a first creation unit configured to create a first task for distributing to a network device the application associated with the product key, and a second creation unit configured to create a second task for distributing the panel application to the network device, and in a case where the second task is executed, acquires version information regarding the second application installed on the network device, and distributes a new version of the panel application.
    Type: Grant
    Filed: February 4, 2020
    Date of Patent: January 12, 2021
    Assignee: Canon Kabushiki Kaisha
    Inventor: Satoshi Nishikawa
  • Patent number: 10877806
    Abstract: In one embodiment, an apparatus comprises a first processor to generate a first cryptographic key in response to a request from a software application; receive a second cryptographic key generated by a second processor; encrypt the first cryptographic key using the second cryptographic key; and provide the encrypted first cryptographic key for use by the software application.
    Type: Grant
    Filed: June 14, 2017
    Date of Patent: December 29, 2020
    Assignee: INTEL CORPORATION
    Inventors: Daniel Nemiroff, Jason W. Brandt
  • Patent number: 10880269
    Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows with cryptographically secure labels that identify an application or other source of each network flow. Cryptographic techniques may be used, for example, to protect the encoded information in the label from interception by third parties or to support cryptographic authentication of a source of each label. A label may provide health, status, or other heartbeat information for the endpoint, and may be used to identify compromised endpoints, to make routing decisions for network traffic (e.g., allowing, blocking, rerouting, etc.), to more generally evaluate the health of an endpoint that is sourcing network traffic, or for any other useful purpose.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: December 29, 2020
    Assignee: Sophos Limited
    Inventors: Daniel Salvatore Schiappa, Andrew J. Thomas, Kenneth D. Ray, Joseph H. Levy
  • Patent number: 10871984
    Abstract: An execution environment has a deployed virtual machine image. The virtual machine image provides a service that is identified by a role. The execution environment generates a measurement of the virtual machine image and provides it to a key service to request role keys that enable operation of the virtual machine image in the execution environment. The key service determines whether the virtual machine image is mapped to the role and, if so, returns the role keys to the requesting execution environment.
    Type: Grant
    Filed: April 17, 2019
    Date of Patent: December 22, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Malcolm E. Pearson, Tolga Acar, Rahul Verma
  • Patent number: 10873452
    Abstract: This disclosure relates to secret sharing data exchange for generating a data processing model. In some aspects, first data party device determines respective values of first coefficients based on a first share of service data. The first coefficients are corresponding coefficients of respective target variables in different terms of a polynomial expression and the target variables are variables that are in the polynomial expression and associated with the first share of the service data. A second data party device determines respective values of second coefficients based on a second share of the service data. The second coefficients include coefficients other than the first coefficients in the different terms of the polynomial expression. The first data party device secretly shares respective values of the different terms in the polynomial expression in parallel based on the respective values of the first coefficients.
    Type: Grant
    Filed: February 14, 2020
    Date of Patent: December 22, 2020
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Yashun Zhou, Lichun Li, Shan Yin, Huazhong Wang
  • Patent number: 10868806
    Abstract: Secure network communications are described. In one aspect, a secure network can include a passbuilder that provides policy information related to performance characteristics of the secure network. A sender can receive the policy information and transmit packets to a receiver if the policy information is complied with by the potential packet transmission.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: December 15, 2020
    Assignee: APPLIED INVENTION, LLC
    Inventors: W. Daniel Hillis, Mathias L. Kolehmainen
  • Patent number: 10855451
    Abstract: Security of data storage devices and servers can be improved by the system and methods described herein. In some embodiments, a key management server may be locally or externally located. An encryption key may be used for locking a portion or the entirety of a storage device. The key management server may communicate with data storage devices regarding encryption keys using secure protocols. For example, the key management server may generate a communication key that may be used to securely encrypt messages between the server and a data storage device.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: December 1, 2020
    Assignee: SEAGATE TECHNOLOGY LLC
    Inventor: Christopher Nicholas Allo
  • Patent number: 10846379
    Abstract: A method for providing an access key for a field device of automation technology, wherein the access key controls accessing of the field device, includes: producing an individual key; storing the individual key in a database together with an identification feature of the field device; storing the individual key in the field device which is to be unlocked based on an input access key; ascertaining at least the identification feature of the field device for which the access key is to be provided; and forming/producing/generating the access key, such that it includes at least one hash value, wherein the hash value is formed at least from the individual key read-out from the database with the assistance of the ascertained identification feature.
    Type: Grant
    Filed: November 15, 2016
    Date of Patent: November 24, 2020
    Assignee: Endress+Hauser Flowtec AG
    Inventors: Nikolai Fink, Sushil Siddesh
  • Patent number: 10841784
    Abstract: A method for authentication and key agreement in a communication network is disclosed. In the method, a network node generates a common public key and a master secret key, assigns to a first user equipment a first set of one or more pseudonym identifications corresponding to a real identity of the first user equipment, the common public key and a first private key specific to the first user equipment, and assigns to a second user equipment a second set of one or more pseudonym identifications corresponding to a real identity of the second user equipment, the common public key and a second private key specific to the second user equipment.
    Type: Grant
    Filed: December 24, 2015
    Date of Patent: November 17, 2020
    Assignee: Nokia Technologies Oy
    Inventors: Mingjun Wang, Zheng Yan
  • Patent number: 10833857
    Abstract: One general aspect of encryption key management by a data storage controller which communicates with asynchronous key servers is directed to issue a prepare for enable command to request an encryption key from an encryption key server. State machine logic transitions from an unconfigured state to a prepare for enable state in which key server mirror management logic receives from a key server a requested encryption key and caches the received key. In an enabling state, enablement logic verifies successful mirroring of the encryption key by a key server to another key server and activates the encryption key if key mirroring by key servers is verified. In an enabled state, data is encrypted using the verified, activated encryption key. Other features and aspects may be realized, depending upon the particular application.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: November 10, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Rashmi Chandra, Jacob L. Sheppard
  • Patent number: 10833850
    Abstract: A key management tool comprises a memory, an interface, a compatibility engine, a validation engine, a distribution engine, and a verification engine. The compatibility engine is configured to determine that the first device is compatible with the key management tool, the validation engine is configured to validate the first device, and the distribution engine is configured to communicate a first temporary key to the first device. The verification engine is configured to perform a first set of one or more checks on the first device after the first temporary key is communicated to the first device, the distribution engine is further configured to communicate a first permanent key to the first device if the first device passes the first set of one or more checks, and, subsequent to the communication of the first permanent key, the interface is configured to receive a request for a second permanent key.
    Type: Grant
    Filed: November 4, 2019
    Date of Patent: November 10, 2020
    Assignee: Bank of America Corporation
    Inventors: Daniel Gapastione, Manish Nigam, Michael Stark
  • Patent number: 10817836
    Abstract: A system for providing products to a customer operates with an open purchase order having an acceptable inventory range bounded by a lower and an upper limit for each product supplied to the customer. The system includes a storage unit, a first processing unit that maintains a product inventory count, and a second processing unit that monitors the product inventory count. A system for transferring electronic files includes a first processing unit that stores and transfers the electronic file, generates a pointer associated with the transferred electronic file, generates a reference electronic file and thereafter includes the pointer in the reference electronic file. A second processing unit then displays the reference electronic file. A system for generating composite electronic files includes a first processing unit having composite locations including component electronic files, and generating the composite electronic files when the respective composite location is accessed from a second processing unit.
    Type: Grant
    Filed: August 5, 2019
    Date of Patent: October 27, 2020
    Assignee: THE BOEING COMPANY
    Inventors: Brian D. Laughlin, David R. Denny
  • Patent number: 10819688
    Abstract: In view of the foregoing, an embodiment herein provides a method of generating and managing a key package using a key manufacturing server. The key manufacturing server performs the steps of: (i) obtaining a key package from a development signing server; (ii) generating at least one production key that is specific to a device in the key package; (iii) communicating the key package with the at least one production key to a key manager associated with the device using a communication link; and (iv) obtaining the key package with at least one device key that is generated by the key manager.
    Type: Grant
    Filed: March 24, 2018
    Date of Patent: October 27, 2020
    Inventors: Rajesh Kanungo, Rampura Venkatachar Raman, Benjamin R. Loomis
  • Patent number: 10810296
    Abstract: A communication apparatus of the disclosure includes: an authentication section that performs personal authentication of a user through BAN (Body Area Network) communication prior to data exchange with a communication peer for predetermined processing; and a communication section that performs the data exchange with the communication peer for the predetermined processing in a case of success of the personal authentication.
    Type: Grant
    Filed: August 12, 2016
    Date of Patent: October 20, 2020
    Assignees: Sony Corporation, Sony Mobile Communications Inc.
    Inventors: Katsuyuki Tanaka, Shigeki Teramoto, Yoshihito Ishibashi
  • Patent number: 10797879
    Abstract: Disclosed is a method of facilitating authentication of a user. The method may include performing at least one of generating and receiving, using a processor, a primary cryptographic identifier consisted of a primary public key and a primary private key. Further, the method may include generating, using the processor, a global static user identifier corresponding to the user based on the primary public key. Further, the method may include generating, using the processor, a digital signature corresponding to a service based on a unique identifier associated with the service and the primary cryptographic identifier. Further, the method may include generating, using the processor, a key generation seed based on the digital signature and the global static user identifier. Further, the method may include generating, using the processor, a secondary cryptographic identifier including a secondary public key based on the key generation seed.
    Type: Grant
    Filed: July 3, 2018
    Date of Patent: October 6, 2020
    Inventor: Lawrence Liu
  • Patent number: 10791101
    Abstract: The disclosed technology relates to broadcasting encrypted data to multiple receiver devices, where some receiver devices have long-term access to the encrypted data and some receiver devices have a temporary access to the encrypted data. Receivers having long-term access are part of a “member group” because these member group devices have a master key and the master key enables the member group devices to derive the necessary information to decrypt the encrypted broadcast. In contrast, devices with temporary access possess only a guest key and not master key, without a master key the devices need to receive the guest key from another device to decrypt the broadcast. Access to the encrypted stream can also be based on broadcasting multiple or single diversifiers, where a diversifier can include group identification information to assist in restricting access to the encrypted stream.
    Type: Grant
    Filed: July 16, 2018
    Date of Patent: September 29, 2020
    Assignee: Sonova AG
    Inventor: Stephan Gehring
  • Patent number: 10789383
    Abstract: A system includes a data owner interface, a database, a requester interface, an approver interface, a database interface, and a central controller. The data owner interface can provide protected data and data usage rules. The database can store the protected data. The requester interface can provide a request to access the protected data and receive sanitized results. The approver interface can provide approval or disapproval of access to the protected data and receive the data usage rules. The database interface can store the protected data in the database and provide access to the protected data.
    Type: Grant
    Filed: January 9, 2020
    Date of Patent: September 29, 2020
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Mark Watson, Anh Truong, Vincent Pham, Reza Farivar, Fardin Abdi Taghi Abad, Jeremy Goodsitt, Austin Walters
  • Patent number: 10778518
    Abstract: An information handling system includes a management controller and a processor coupled to the management controller. The processor determines that an application is running on the processor, and determines that a hardware resource of the information handling system is used by the application. The management controller determines to change a first configuration setting for the information handling system, determines that the first configuration setting is related to the hardware resource, and prevents the first configuration setting from being changed based upon the determination that the first configuration setting is related to the hardware resource.
    Type: Grant
    Filed: April 24, 2018
    Date of Patent: September 15, 2020
    Assignee: Dell Products, L.P.
    Inventors: Vaideeswaran Ganesan, Naman Goel, Abhijeet Bhattacharya
  • Patent number: 10771243
    Abstract: Disclosed herein are embodiments for implementing periodic management of cryptographic keys. An embodiment includes a processor configured to perform operations comprising receive a first input associating a first set of subscribers with a first data stream published by the first publisher device, and a first cryptographic key. Processor may transmit, to the first publisher device, a first confirmation, indicating that the first cryptographic key is ready for use, for example. In some embodiments, processor may release the first cryptographic key to a first set of subscribers, receive a second input from a publishing user, associating a different, second set of subscribers with the first data stream, and receive a second cryptographic key after a certain time period. Processor may further transmit, to the first device, a second confirmation, indicating that the second cryptographic key is ready for use, and release the second cryptographic key to the second set of subscribers.
    Type: Grant
    Filed: April 29, 2020
    Date of Patent: September 8, 2020
    Assignee: Ecosteer Srl
    Inventors: Elena Pasquali, Daniele Grazioli
  • Patent number: 10757572
    Abstract: A network entity may provision a UE and a base station with parameters for securing network communications. The network entity may send a system parameter to a UE and a private security key to a base station. Additionally, the UE and the base station may each receive synchronization information from the network which may be used to create a randomness parameter. The base station may create a signature based on the private security key, a cell identifier, and the randomness parameter and include the signature in a system information message that is to be broadcasted to one or more UEs. A UE connecting to the base station may receive the system information message from the base station, determine the cell identifier, and verify the system information message based on one or more of the cell identifier, the system parameter, or the randomness parameter.
    Type: Grant
    Filed: October 30, 2019
    Date of Patent: August 25, 2020
    Assignee: QUALCOMM Incorporated
    Inventors: Soo Bum Lee, Adrian Edward Escott, Gavin Bernard Horn, Anand Palanigounder
  • Patent number: 10754843
    Abstract: There is provided an information management method used by a computer that manages a system storing key-data pairs, each including a key obtained by application of a predetermined function and data associated with the key, in such a way as to be distributed among a plurality of nodes. The method includes storing, in a management table, information on an identifier common to a plurality of systems, one or more keys commonly assigned to the identifier, and nodes assigned to the identifier; and reflecting, when a node whose assignment to the identifier has been once cancelled is reassigned to the identifier, the reassignment of the node into the management table, and implementing synchronization of one or more key-data pairs corresponding to the keys assigned to the identifier between the reassigned node and remaining nodes assigned to the identifier.
    Type: Grant
    Filed: April 20, 2017
    Date of Patent: August 25, 2020
    Assignee: FUJITSU LIMITED
    Inventor: Kazuhito Matsuda
  • Patent number: 10715320
    Abstract: In some examples, a method includes receiving a user input string and generating an application password for a particular application from the user input string. Generating the application password may include generating a key for the particular application and specifying a derivation parameter of the application password by applying an indiscriminate selection process to select a character set from multiple character sets for generating the application password. Generating the application password may also include mapping a portion of a hash value of the key and the user input string to characters of the character set selected through the indiscriminate selection process to obtain the application password.
    Type: Grant
    Filed: September 4, 2015
    Date of Patent: July 14, 2020
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Wen-Da Hu, Shu-Jia Hua, Peter An-Ping Huang
  • Patent number: 10708072
    Abstract: Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using the shared secret. The first computer may send its blinded public key, the encrypted blinding factor, and the encrypted certificate to the second computer. The second computer may generate the same shared secret using its private key and the blinded public key of the first computer. The second computer may authenticate the first computer by verifying its blinded public key using the blinding factor and the certificate of the first computer. The first computer authenticates the second computer similarly.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: July 7, 2020
    Assignee: Visa International Service Association
    Inventor: Eric Le Saint
  • Patent number: 10701046
    Abstract: Techniques for provisioning a key server to facilitate secure communications between a web server and a client by providing the client with a first data structure including information on how the web server may obtain a target symmetric key are presented. The techniques can include: provisioning the key server with a second data structure including information on how the key server may generate the first data structure; receiving a request on behalf of a web server for a third data structure comprising information on how the client may obtain the first data structure from the key server; and obtaining the third data structure, such that the third data structure is published in association with an identification of the web server, and such that the client uses the third data structure to obtain the first data structure and uses the first data structure to communicate with the web server.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: June 30, 2020
    Assignee: VERISIGN, INC.
    Inventors: Burton S. Kaliski, Jr., Glen S. Wiley
  • Patent number: 10673625
    Abstract: Disclosed are various embodiments for certificate-free cryptosystems that achieve significant computational and communication efficiency as compared to prior systems. A private key generator (PKG) generates a master public key and a master private key unique to the PKG; receives identifying information for at least one client device; generates a public key for the at least one client device; generates a private key for the at least one client device by: performing a hash of the identifying information using the public key generated for the at least one client device to generate a plurality of indices; identifying values corresponding to the indices from the master private key; and deriving the private key based at least in part on a summation of the values corresponding to the indices; and sends the public key and the private key to the at least one client device.
    Type: Grant
    Filed: June 15, 2019
    Date of Patent: June 2, 2020
    Assignee: University of South Florida
    Inventors: Rouzbeh Behnia, Muslum Ozgur Ozmen, Attila Altay Yavuz
  • Patent number: 10666693
    Abstract: A messaging system establishes a secure call session between multiple parties. The call session is secured using an entropy value shared among parties in the call session. During the call session, the messaging system receives an instruction from a party in the call session to modify the call session. The call session may be modified by a party being added or removed from the session. Based on the received instruction, the messaging system performs an entropy value update to ensure that the call session is secure after the modification is made. A new entropy value is generated by a party in the call session and transmitted to other parties in the call session. Using the new entropy value, the messaging system establishes the modified secure call session.
    Type: Grant
    Filed: April 27, 2018
    Date of Patent: May 26, 2020
    Assignee: WhatsApp Inc.
    Inventors: Ehren Andrew Kret, Manpreet Singh
  • Patent number: 10621350
    Abstract: Techniques are described herein that are capable of establishing system integrity using attestation for a virtual trusted platform module (vTPM). For instance, an endorsement key certificate, including an endorsement key associated with the vTPM, may be signed to issue the endorsement key certificate to the vTPM. The endorsement key certificate may be used to establish a chain of trust with regard to the vTPM. For instance, the endorsement key certificate may be used to attest the vTPM (and measurements provided by the vTPM).
    Type: Grant
    Filed: October 2, 2017
    Date of Patent: April 14, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Mark Fishel Novak, Yevgeniy A. Samsonov, Jingbo Wu
  • Patent number: 10615967
    Abstract: A computing device uses a data encryption and decryption system that includes a trusted runtime and an inline cryptographic processor. The trusted runtime provides a trusted execution environment, and the inline cryptographic processor provides decryption and encryption of data in-line with storage device read and write operations. When a portion (e.g., partition) of a storage device is defined, the trusted runtime generates an encryption key and provides the encryption key to the inline cryptographic processor, which uses the encryption key to encrypt data written to the portion and decrypt data read from the portion. Access to the portion can be subsequently protected by associating the key with authentication credentials of a user or other entity. The trusted runtime protects the encryption key based on an authentication key associated with the authentication credentials, allowing subsequent access to the encryption key only in response to the proper authentication credentials being provided.
    Type: Grant
    Filed: March 20, 2014
    Date of Patent: April 7, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Innokentiy Basmov, Magnus Bo Gustaf Nyström, Niels T. Ferguson, Alex M. Semenko
  • Patent number: 10601790
    Abstract: A plurality of system nodes coupled via a dedicated private network is described herein. The nodes offer an end-to-end solution for protecting against network-based attacks. For example, a single node can receive and store user data via a data flow that passes through various components of the node. The node can be designed such that communications internal to the node, such as the transmission of encryption keys, are partitioned or walled off from the components of the node that handle the publicly accessible data flow. The node also includes a key management subsystem to facilitate the use of encryption keys to encrypt user data.
    Type: Grant
    Filed: June 24, 2019
    Date of Patent: March 24, 2020
    Assignee: ORock Technologies, Inc.
    Inventor: John Leon
  • Patent number: 10567362
    Abstract: Embodiments of systems and methods disclosed herein include an embedded secret provisioning system that is based on a shared-derivative mechanism. Embodiments of this mechanism use a trusted third-party topology, but only a single instance of a public-private key exchange is required for initialization. Embodiments of the system and methods are secure and any of the derived secret keys are completely renewable in untrusted environments without any reliance on asymmetric cryptography. The derived secrets exhibit zero knowledge attributes and the associated zero knowledge proofs are open and available for review. Embodiments of systems and methods can be implemented in a wide range of previously-deployed devices as well as integrated into a variety of new designs using minimal roots-of-trust.
    Type: Grant
    Filed: June 15, 2017
    Date of Patent: February 18, 2020
    Assignee: Rubicon Labs, Inc.
    Inventors: William V. Oxford, Gerald E. Woodcock, III, Stephen E. Smith, Roderick Schultz, Marcos Portnoi, Stuart W. Juengst, Charles T. Schad, Michael K. Eneboe, Alexander Usach, Keith Evans
  • Patent number: 10560265
    Abstract: A mobile secret communications method based on a quantum key distribution network, comprises the following steps: a mobile terminal registering to access the network and establishing a binding relationship with a certain centralized control station in the quantum key distribution network; after a communication service is initiated, the mobile terminals participating in the current communication applying for service keys from the quantum key distribution network; the quantum key distribution network obtaining addresses of the centralized control stations participating in service key distribution during the current communication, designating a service key generation centralized control station according to a current state indicator of each centralized control station; the service key generation centralized control station generating service keys required in the current communication and distributing the keys to the mobile terminals participating in the current communication.
    Type: Grant
    Filed: April 7, 2017
    Date of Patent: February 11, 2020
    Assignees: QUANTUMCTEK CO., LTD., Shandong Institute of Quantum Science and Technology Co., Ltd.
    Inventors: Yong Zhao, Chunhua Liu
  • Patent number: 10528767
    Abstract: A computer processor and a security enhancing chip may be provided. In one aspect, the computer processor may comprise a storage for storing an encryption key, a central processing unit (CPU) configured to execute one or more software programs, and a circuit configured to calculate a hash function to generate a hash value for data loaded into the computer processor and generate an authentication token for a request initiated by a software program running on the CPU. In another aspect, the security enhancing chip may comprise a first storage for storing an encryption key, a second storage for storing a certificate, a hash storage and circuit components configured to validate, using the first certificate, command(s) adding the encryption key to the first storage and storing a first hash to the hash storage, and to process a request if a second hash in the request is equal to the first hash.
    Type: Grant
    Filed: March 28, 2014
    Date of Patent: January 7, 2020
    Assignee: OLogN Technologies AG
    Inventors: Sergey Ignatchenko, Dmytro Ivanchykhin
  • Patent number: 10523419
    Abstract: A method for a first entity to protect a first amount of data and to enable a second entity to perform data processing based on the first amount of data, the method comprising the first entity: applying a predetermined function to the first amount of data to generate a first value; and generating a second amount of data for the second entity to process, said generating comprising combining, using a first combination function, each of a number N of elements of the first amount of data with the first value; wherein the predetermined function is a function for which application of the predetermined function to an input quantity of data generates a corresponding output value, and the predetermined function has a property that, given a second quantity of data generated by modifying each of N elements of a first quantity of data by combining, using the first combination function, each of those N of elements of the first quantity of data with the output value generated by applying the predetermined function to the f
    Type: Grant
    Filed: March 30, 2015
    Date of Patent: December 31, 2019
    Assignee: IRDETO B.V.
    Inventor: Michel Kinasz
  • Patent number: 10523512
    Abstract: The disclosed technology relates to a network agent for generating platform specific network policies. A network agent is configured to receive a platform independent network policy from a network policy system, determine implementation characteristics of the network entity, generate platform specific policies from the platform independent network policy based on the implementation characteristics of the network entity, and implement the platform specific policies on the network entity.
    Type: Grant
    Filed: March 24, 2017
    Date of Patent: December 31, 2019
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Rohit Prasad, Hai Vu, Shih-Chun Chang, Hoang Nguyen, Shashi Gandham, Navindra Yadav, Praneeth Vallem, Sunil Gupta, Ravi Prasad, Varun Malhotra