Key Distribution Center Patents (Class 380/279)
  • Patent number: 10715320
    Abstract: In some examples, a method includes receiving a user input string and generating an application password for a particular application from the user input string. Generating the application password may include generating a key for the particular application and specifying a derivation parameter of the application password by applying an indiscriminate selection process to select a character set from multiple character sets for generating the application password. Generating the application password may also include mapping a portion of a hash value of the key and the user input string to characters of the character set selected through the indiscriminate selection process to obtain the application password.
    Type: Grant
    Filed: September 4, 2015
    Date of Patent: July 14, 2020
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Wen-Da Hu, Shu-Jia Hua, Peter An-Ping Huang
  • Patent number: 10708072
    Abstract: Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using the shared secret. The first computer may send its blinded public key, the encrypted blinding factor, and the encrypted certificate to the second computer. The second computer may generate the same shared secret using its private key and the blinded public key of the first computer. The second computer may authenticate the first computer by verifying its blinded public key using the blinding factor and the certificate of the first computer. The first computer authenticates the second computer similarly.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: July 7, 2020
    Assignee: Visa International Service Association
    Inventor: Eric Le Saint
  • Patent number: 10701046
    Abstract: Techniques for provisioning a key server to facilitate secure communications between a web server and a client by providing the client with a first data structure including information on how the web server may obtain a target symmetric key are presented. The techniques can include: provisioning the key server with a second data structure including information on how the key server may generate the first data structure; receiving a request on behalf of a web server for a third data structure comprising information on how the client may obtain the first data structure from the key server; and obtaining the third data structure, such that the third data structure is published in association with an identification of the web server, and such that the client uses the third data structure to obtain the first data structure and uses the first data structure to communicate with the web server.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: June 30, 2020
    Assignee: VERISIGN, INC.
    Inventors: Burton S. Kaliski, Jr., Glen S. Wiley
  • Patent number: 10673625
    Abstract: Disclosed are various embodiments for certificate-free cryptosystems that achieve significant computational and communication efficiency as compared to prior systems. A private key generator (PKG) generates a master public key and a master private key unique to the PKG; receives identifying information for at least one client device; generates a public key for the at least one client device; generates a private key for the at least one client device by: performing a hash of the identifying information using the public key generated for the at least one client device to generate a plurality of indices; identifying values corresponding to the indices from the master private key; and deriving the private key based at least in part on a summation of the values corresponding to the indices; and sends the public key and the private key to the at least one client device.
    Type: Grant
    Filed: June 15, 2019
    Date of Patent: June 2, 2020
    Assignee: University of South Florida
    Inventors: Rouzbeh Behnia, Muslum Ozgur Ozmen, Attila Altay Yavuz
  • Patent number: 10666693
    Abstract: A messaging system establishes a secure call session between multiple parties. The call session is secured using an entropy value shared among parties in the call session. During the call session, the messaging system receives an instruction from a party in the call session to modify the call session. The call session may be modified by a party being added or removed from the session. Based on the received instruction, the messaging system performs an entropy value update to ensure that the call session is secure after the modification is made. A new entropy value is generated by a party in the call session and transmitted to other parties in the call session. Using the new entropy value, the messaging system establishes the modified secure call session.
    Type: Grant
    Filed: April 27, 2018
    Date of Patent: May 26, 2020
    Assignee: WhatsApp Inc.
    Inventors: Ehren Andrew Kret, Manpreet Singh
  • Patent number: 10621350
    Abstract: Techniques are described herein that are capable of establishing system integrity using attestation for a virtual trusted platform module (vTPM). For instance, an endorsement key certificate, including an endorsement key associated with the vTPM, may be signed to issue the endorsement key certificate to the vTPM. The endorsement key certificate may be used to establish a chain of trust with regard to the vTPM. For instance, the endorsement key certificate may be used to attest the vTPM (and measurements provided by the vTPM).
    Type: Grant
    Filed: October 2, 2017
    Date of Patent: April 14, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Mark Fishel Novak, Yevgeniy A. Samsonov, Jingbo Wu
  • Patent number: 10615967
    Abstract: A computing device uses a data encryption and decryption system that includes a trusted runtime and an inline cryptographic processor. The trusted runtime provides a trusted execution environment, and the inline cryptographic processor provides decryption and encryption of data in-line with storage device read and write operations. When a portion (e.g., partition) of a storage device is defined, the trusted runtime generates an encryption key and provides the encryption key to the inline cryptographic processor, which uses the encryption key to encrypt data written to the portion and decrypt data read from the portion. Access to the portion can be subsequently protected by associating the key with authentication credentials of a user or other entity. The trusted runtime protects the encryption key based on an authentication key associated with the authentication credentials, allowing subsequent access to the encryption key only in response to the proper authentication credentials being provided.
    Type: Grant
    Filed: March 20, 2014
    Date of Patent: April 7, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Innokentiy Basmov, Magnus Bo Gustaf Nyström, Niels T. Ferguson, Alex M. Semenko
  • Patent number: 10601790
    Abstract: A plurality of system nodes coupled via a dedicated private network is described herein. The nodes offer an end-to-end solution for protecting against network-based attacks. For example, a single node can receive and store user data via a data flow that passes through various components of the node. The node can be designed such that communications internal to the node, such as the transmission of encryption keys, are partitioned or walled off from the components of the node that handle the publicly accessible data flow. The node also includes a key management subsystem to facilitate the use of encryption keys to encrypt user data.
    Type: Grant
    Filed: June 24, 2019
    Date of Patent: March 24, 2020
    Assignee: ORock Technologies, Inc.
    Inventor: John Leon
  • Patent number: 10567362
    Abstract: Embodiments of systems and methods disclosed herein include an embedded secret provisioning system that is based on a shared-derivative mechanism. Embodiments of this mechanism use a trusted third-party topology, but only a single instance of a public-private key exchange is required for initialization. Embodiments of the system and methods are secure and any of the derived secret keys are completely renewable in untrusted environments without any reliance on asymmetric cryptography. The derived secrets exhibit zero knowledge attributes and the associated zero knowledge proofs are open and available for review. Embodiments of systems and methods can be implemented in a wide range of previously-deployed devices as well as integrated into a variety of new designs using minimal roots-of-trust.
    Type: Grant
    Filed: June 15, 2017
    Date of Patent: February 18, 2020
    Assignee: Rubicon Labs, Inc.
    Inventors: William V. Oxford, Gerald E. Woodcock, III, Stephen E. Smith, Roderick Schultz, Marcos Portnoi, Stuart W. Juengst, Charles T. Schad, Michael K. Eneboe, Alexander Usach, Keith Evans
  • Patent number: 10560265
    Abstract: A mobile secret communications method based on a quantum key distribution network, comprises the following steps: a mobile terminal registering to access the network and establishing a binding relationship with a certain centralized control station in the quantum key distribution network; after a communication service is initiated, the mobile terminals participating in the current communication applying for service keys from the quantum key distribution network; the quantum key distribution network obtaining addresses of the centralized control stations participating in service key distribution during the current communication, designating a service key generation centralized control station according to a current state indicator of each centralized control station; the service key generation centralized control station generating service keys required in the current communication and distributing the keys to the mobile terminals participating in the current communication.
    Type: Grant
    Filed: April 7, 2017
    Date of Patent: February 11, 2020
    Assignees: QUANTUMCTEK CO., LTD., Shandong Institute of Quantum Science and Technology Co., Ltd.
    Inventors: Yong Zhao, Chunhua Liu
  • Patent number: 10528767
    Abstract: A computer processor and a security enhancing chip may be provided. In one aspect, the computer processor may comprise a storage for storing an encryption key, a central processing unit (CPU) configured to execute one or more software programs, and a circuit configured to calculate a hash function to generate a hash value for data loaded into the computer processor and generate an authentication token for a request initiated by a software program running on the CPU. In another aspect, the security enhancing chip may comprise a first storage for storing an encryption key, a second storage for storing a certificate, a hash storage and circuit components configured to validate, using the first certificate, command(s) adding the encryption key to the first storage and storing a first hash to the hash storage, and to process a request if a second hash in the request is equal to the first hash.
    Type: Grant
    Filed: March 28, 2014
    Date of Patent: January 7, 2020
    Assignee: OLogN Technologies AG
    Inventors: Sergey Ignatchenko, Dmytro Ivanchykhin
  • Patent number: 10523419
    Abstract: A method for a first entity to protect a first amount of data and to enable a second entity to perform data processing based on the first amount of data, the method comprising the first entity: applying a predetermined function to the first amount of data to generate a first value; and generating a second amount of data for the second entity to process, said generating comprising combining, using a first combination function, each of a number N of elements of the first amount of data with the first value; wherein the predetermined function is a function for which application of the predetermined function to an input quantity of data generates a corresponding output value, and the predetermined function has a property that, given a second quantity of data generated by modifying each of N elements of a first quantity of data by combining, using the first combination function, each of those N of elements of the first quantity of data with the output value generated by applying the predetermined function to the f
    Type: Grant
    Filed: March 30, 2015
    Date of Patent: December 31, 2019
    Assignee: IRDETO B.V.
    Inventor: Michel Kinasz
  • Patent number: 10523512
    Abstract: The disclosed technology relates to a network agent for generating platform specific network policies. A network agent is configured to receive a platform independent network policy from a network policy system, determine implementation characteristics of the network entity, generate platform specific policies from the platform independent network policy based on the implementation characteristics of the network entity, and implement the platform specific policies on the network entity.
    Type: Grant
    Filed: March 24, 2017
    Date of Patent: December 31, 2019
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Rohit Prasad, Hai Vu, Shih-Chun Chang, Hoang Nguyen, Shashi Gandham, Navindra Yadav, Praneeth Vallem, Sunil Gupta, Ravi Prasad, Varun Malhotra
  • Patent number: 10516655
    Abstract: In a resource-on-demand environment, dynamically created server instances are allowed to boot from encrypted boot volumes. Access keys to the boot volumes are provided from a key provider that authenticates new instances based on possession of a security token that has been previously shared between the key provider and the new instance through an out-of-band communication.
    Type: Grant
    Filed: September 7, 2016
    Date of Patent: December 24, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Eric J. Brandwine
  • Patent number: 10515022
    Abstract: A high-security data center, having at least one data storage device, a host and an encryption and decryption key space. Each data storage device has a non-volatile memory and a controller chip. The controller chip includes an encryption and decryption module. The host machine operates the non-volatile memory via the controller chip. The encryption and decryption key space stores a key for the encryption and decryption module to perform data encryption and decryption. The encryption and decryption key space is isolated from the data storage device and the host machine by default so that a user who does not pass identity authentication is unable to operate the encryption and decryption module through the host to decrypt data of the non-volatile memory.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: December 24, 2019
    Assignee: SILICON MOTION, INC.
    Inventor: Ting-Kuan Lin
  • Patent number: 10498715
    Abstract: A wearable device provides protection for personal identity information by fragmenting a key needed to release the personal identity information among members of a body area network of wearable devices. A shared secret algorithm is used to allow unlocking the personal identity information with fragmental keys from less than all of the wearable devices in the body area network. The wearable devices may also provide protection for other personal user data by employing a disconnect and erase protocol that causes wearable devices to drop connections with an external personal data space and erase locally stored personal information if a life pulse from a connectivity root device is not received within a configurable predefined period.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: December 3, 2019
    Assignee: McAfee, LLC
    Inventors: Oleg Pogorelik, Alex Nayshtut, Igor Muttik, Justin Lipman
  • Patent number: 10492065
    Abstract: A key management tool comprises a memory, an interface, a compatibility engine, a validation engine, a distribution engine, and a verification engine. The compatibility engine is configured to determine that the first device is compatible with the key management tool, the validation engine is configured to validate the first device, and the distribution engine is configured to communicate a first temporary key to the first device. The verification engine is configured to perform a first set of one or more checks on the first device after the first temporary key is communicated to the first device, the distribution engine is further configured to communicate a first permanent key to the first device if the first device passes the first set of one or more checks, and, subsequent to the communication of the first permanent key, the interface is configured to receive a request for a second permanent key.
    Type: Grant
    Filed: June 23, 2017
    Date of Patent: November 26, 2019
    Assignee: Bank of America Corporation
    Inventors: Daniel Gapastione, Manish Nigam, Michael Stark
  • Patent number: 10484170
    Abstract: A device receives credentials of a user of a client device that is accessing an application associated with a server device, and verifies the user based on the credentials of the user. The device retrieves, based on verifying the user, a random function from a random functions data structure associated with the device, and utilizes the random function to select parameters and values for a user function. The device utilizes the user function, the parameters, and the values to generate a custom encryption function, and encrypts the custom encryption function to form an encrypted custom encryption function. The device provides the encrypted custom encryption function to the client device and the server device to permit encrypted communication between the client device and the server device using the custom encryption function.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: November 19, 2019
    Assignee: Capital One Services, LLC
    Inventor: Joni Bridget Jezewski
  • Patent number: 10469267
    Abstract: A method of managing implicit certificates of an elliptical curve encryption (ECQV). The implicit certificates are stored in different nodes of the network as a function of a distributed hash table (DHT) and not with a single certification authority. The implicit certificate of the public key associated with a node is obtained by chaining elementary certification operations with a sequence of indexing nodes of the network. Chaining of elementary certification operations can reinforce authentication of network nodes.
    Type: Grant
    Filed: February 24, 2017
    Date of Patent: November 5, 2019
    Assignee: COMMISSARIAT A L'ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES
    Inventor: Olivier Savry
  • Patent number: 10462112
    Abstract: Disclosed embodiments relate to systems and methods for secure distributed authentication data.
    Type: Grant
    Filed: January 9, 2019
    Date of Patent: October 29, 2019
    Assignee: CyberArk Software Ltd.
    Inventors: Gil Makmel, Or Gamliel
  • Patent number: 10460314
    Abstract: Methods and devices for pre-generating session keys for securing transactions are provided. A plurality of session cryptographic keys are generated from a master cryptographic key and a respective plurality of possible values of a transaction counter. The session cryptographic keys are encrypted to provide a plurality of encrypted session cryptographic keys, which are stored in the user terminal. The master cryptographic key is deleted from the user terminal after the session keys are generated. To secure a transaction, a cryptogram is generated based on one of the encrypted session cryptographic keys and transaction data for the transaction, and the cryptogram is transmitted to a transaction terminal. The transaction counter is updated, and the encrypted session cryptographic key is deleted from the user terminal.
    Type: Grant
    Filed: July 10, 2013
    Date of Patent: October 29, 2019
    Assignee: CA, Inc.
    Inventors: Geoffrey R. Hird, Douglas N. Hoover
  • Patent number: 10447469
    Abstract: According to an embodiment, a management apparatus connectable to a plurality of devices through a network includes storage, one or more processors, and an assignment transmitter. The storage stores therein management tree information in which node keys are respectively assigned to nodes and devices are respectively assigned to leaf nodes. The processors calculate similarity between attribute information representing an attribute of a new device and attribute information of devices already assigned in the management tree information. The processors determine a first leaf node to which the new device is to be assigned in the management tree information, based on the similarity. The assignment transmitter transmits, to the new device, at least one node key of node keys assigned to nodes on a path from a root node to the first leaf node in the management tree information.
    Type: Grant
    Filed: March 2, 2017
    Date of Patent: October 15, 2019
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Yoshikazu Hanatani, Yoshihiro Oba, Tatsuyuki Matsushita, Naoki Ogura
  • Patent number: 10439811
    Abstract: Systems and methods are provided for securing a private key on a mobile device for use with public key cryptography. Specifically, a private key is reduced to two partial keys where the partial keys are stored on separate electronic devices. The partial keys combine to temporarily regenerate the private key for the purposes of notarizing (digitally signing) messages or documents, and decrypting a message or document that was encrypted using the corresponding public key. The partial keys in some embodiments may be a secret key, which can be derived from an account identifier and a password, and an exclusive key, which can be derived from the secret key and the private key. The private key can be regenerated from the secret key and the exclusive key. With the partial keys stored on separate devices, another layer of practical security is provided to public key cryptography.
    Type: Grant
    Filed: December 22, 2017
    Date of Patent: October 8, 2019
    Assignee: Crater Dog Technologies, LLC
    Inventor: Derk Norton
  • Patent number: 10430607
    Abstract: Systems and methods which enable an authentication procedure to be used within the standard network security architecture to authenticate third party applications that are forbidden access to a particular secret key are disclosed. Third party smartphone applications that are unable to use SIM-based authentication due to being forbidden access to a SIM-based key are provided an alternate secret key for use in an EAP-AKA or EAP-SIM type procedure according to embodiments. An authentication server or other backend authentication infrastructure of embodiments requests authentication vectors from a backend system sharing the alternative secret key. Accordingly, the backend authentication platform of embodiments is adapted to know or detect that an application is using an alternative secret key (e.g., a secret key other than the SIM-based secret key) and to perform the appropriate procedure for the key type.
    Type: Grant
    Filed: May 2, 2017
    Date of Patent: October 1, 2019
    Assignee: Ribbon Communications Operating Company, Inc.
    Inventors: Keith A. Mumford, Satish Agrawal, Mark Wallis
  • Patent number: 10425792
    Abstract: This disclosure provides an apparatus and method for virtual wireless devices for industrial wireless sensor networks, including but not limited to, in industrial control systems and other systems. A method includes initializing, by a physical wireless device, a plurality of virtual wireless devices executing on the physical wireless device. The method includes registering with a control network by the physical wireless device. The method includes emulating a plurality of wireless sensors, by the physical wireless device and in the control network, by using the virtual wireless devices.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: September 24, 2019
    Assignee: Honeywell International Inc.
    Inventors: Thejaswini Chandrashekar, Prasad Samudrala, Amol Gandhi
  • Patent number: 10382196
    Abstract: This disclosure provides a system and method for secure communications. The method can enable secure machine-to-machine communications within discrete security groups having two or more communication nodes using a zero knowledge authentication process and related cryptography. A first node in the security group can encrypt payload data using a synchronized data set (SDS) known to the member nodes of the security group. The SDS can have a seed. A second node in the security group can decrypt the payload data using the seed. The seed can be provisioned within each node of the security group. The seed can also be provided or changed by a node or another entity to modify the security group membership. Member nodes of the security group can be added or removed as needed. Nodes not having the SDS cannot communicate securely with member nodes.
    Type: Grant
    Filed: November 15, 2017
    Date of Patent: August 13, 2019
    Assignee: OLYMPUS SKY TECHNOLOGIES, S.A.
    Inventors: Jon Barton Shields, David Gell
  • Patent number: 10373108
    Abstract: A system for providing products to a customer operates with an open purchase order having an acceptable inventory range bounded by a lower and an upper limit for each product supplied to the customer. The system includes a storage unit, a first processing unit that maintains a product inventory count, and a second processing unit that monitors the product inventory count. A system for transferring electronic files includes a first processing unit that stores and transfers the electronic file, generates a pointer associated with the transferred electronic file, generates a reference electronic file and thereafter includes the pointer in the reference electronic file. A second processing unit then displays the reference electronic file. A system for generating composite electronic files includes a first processing unit having composite locations including component electronic files, and generating the composite electronic files when the respective composite location is accessed from a second processing unit.
    Type: Grant
    Filed: January 8, 2016
    Date of Patent: August 6, 2019
    Assignee: THE BOEING COMPANY
    Inventors: Brian D. Laughlin, David R. Denny
  • Patent number: 10366097
    Abstract: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.
    Type: Grant
    Filed: May 23, 2016
    Date of Patent: July 30, 2019
    Assignee: OPEN TEXT HOLDINGS, INC.
    Inventors: Shawn McCreight, Dominik Weber, Matthew Garrett
  • Patent number: 10361844
    Abstract: Methods, systems, and computer programs for generating cryptographic function parameters are described. In some examples, astronomical data from an observed astronomical event is obtained. A pseudorandom generator is seeded based on the astronomical data. After seeding the pseudorandom generator, an output from the pseudorandom generator is obtained. A parameter for a cryptographic function is generated by operation of one or more data processors. The parameter is generated from the output from the pseudorandom generator.
    Type: Grant
    Filed: April 20, 2015
    Date of Patent: July 23, 2019
    Assignee: Certicom Corp.
    Inventor: Daniel Richard L. Brown
  • Patent number: 10355855
    Abstract: According to an embodiment, a communication control device includes a generating unit and a sending unit. The generating unit refers to specification information, which specifies the communication device belonging to a group from among a plurality of communication devices, and generates identification information, which enables identification of the communication device specified in the specification information, by implementing, from among a plurality of generation methods for generating the identification information, a generation method in which the size of the generated identification information is smaller than the other generation methods. The sending unit sends the identification information to a plurality of communication devices.
    Type: Grant
    Filed: September 8, 2016
    Date of Patent: July 16, 2019
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Yoshikazu Hanatani, Toru Kambayashi
  • Patent number: 10348502
    Abstract: Systems, methods, and software can be used to encrypt and decrypt data. In some aspects, a first primary secret key based on a primary ephemeral key pair and a primary master public key is generated by a primary data service application on an electronic device. A first primary ciphertext is generated by encrypting a first portion of the data using the first primary secret key. A second primary secret key is generated based on the first primary secret key. The first primary secret key is deleted. The first primary ciphertext is sent from the primary data service application to a secondary data service application. A first encrypted text is received from the secondary data service application. The first encrypted text is generated by encrypting the first primary ciphertext.
    Type: Grant
    Filed: September 2, 2016
    Date of Patent: July 9, 2019
    Assignees: BlackBerry Limited, 2236008 ONTARIO INC.
    Inventors: Roger Paul Bowman, Dmitri Pechkin, David Hughston Rodrigue Sarrazin, Timothy Lee Segato
  • Patent number: 10341102
    Abstract: Systems, methods, and software can be used to encrypt and decrypt data. In some aspects, a decryption request to decrypt the encrypted data is received from an application on an electronic device. A first secret key from a shared secret is generated. The shared secret is generated based on a master private key and an ephemeral public key associated with the encrypted data. A first encrypted secret key is generated using the first secret key and a context key. The context key is generated based on the master private key. A first portion of the encrypted data is decrypted using the first secret key. A second secret key is generated from the first secret key. The first secret key is deleted. At least a segment of the decrypted first portion of the encrypted data is sent to the application.
    Type: Grant
    Filed: September 2, 2016
    Date of Patent: July 2, 2019
    Assignee: BlackBerry Limited
    Inventors: Roger Paul Bowman, Dmitri Pechkin
  • Patent number: 10341859
    Abstract: A method of generating a key for D2D communication between a first user equipment and a second user equipment in a first radio access node is disclosed.
    Type: Grant
    Filed: October 19, 2012
    Date of Patent: July 2, 2019
    Assignee: Nokia Technologies Oy
    Inventors: Yang Liu, Da Jiang Zhang, Silke Holtmanns
  • Patent number: 10333719
    Abstract: A method and system configured to produce a cryptographic signature on a message, under a key, at a user computer wherein the key is shared between the user computer, which stores a first key-share, and an authentication computer, which stores a second key-share and a first authentication value. The user computer encodes the message to produce a blinded message, produces the first authentication value from a user password and a secret value, and produces a second authentication value by encoding the first authentication value and a nonce. The authentication computer uses the nonce to determine if the first authentication value is correct and, if so, encodes the blinded message using the second key-share to produce a partial signature. The user computer produces a signature on the message under the key by encoding the partial signature and the message using the first key-share and an unblinding function.
    Type: Grant
    Filed: May 3, 2018
    Date of Patent: June 25, 2019
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Anja Lehmann, Gregory Neven
  • Patent number: 10327136
    Abstract: The present invention relates to a method for identifying and/or, authenticating, and/or authorizing a first radio station in a radio network, comprising the steps of (a) at the first radio station, transmitting to a second radio station a first radio station identifier computed from a set of identity parameters based on the identity of the first radio station, comprising at least one identity parameter, (b) at the first radio station, transmitting at least one identity parameter from the set of identity parameters, (c) at the second radio station, comparing an authentication identifier computed on the basis of the transmitted identity parameter to the first radio station identifier for enabling a subsequent communication between the first and second radio stations.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: June 18, 2019
    Assignee: KONINKLIJKE PHILIPS N.V.
    Inventors: Oscar Garcia Morchon, Bozena Erdmann, Josef Heribert Baldus
  • Patent number: 10310885
    Abstract: An execution environment has a deployed virtual machine image. The virtual machine image provides a service that is identified by a role. The execution environment generates a measurement of the virtual machine image and provides it to a key service to request role keys that enable operation of the virtual machine image in the execution environment. The key service determines whether the virtual machine image is mapped to the role and, if so, returns the role keys to the requesting execution environment.
    Type: Grant
    Filed: October 25, 2016
    Date of Patent: June 4, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Malcolm E. Pearson, Tolga Acar, Rahul Verma
  • Patent number: 10306465
    Abstract: Managing data security on a mobile device. Data associated with a mobile device is received; the data includes an identification (ID) of the mobile device and a location of the mobile device relative to one or more location sensor devices. A path is determined, relative to the one or more location sensor devices, through which the mobile device has traveled. An electronic security key is communicated to the mobile device based on determining that the path corresponds to a defined path associated with the mobile device.
    Type: Grant
    Filed: July 18, 2017
    Date of Patent: May 28, 2019
    Assignee: International Business Machines Corporation
    Inventors: Ye Chen, Ruomeng Hao, Ting Jiang, Ning Wang, Shu Xi Wei, Youmiao Zhang
  • Patent number: 10298685
    Abstract: A system and a method for organizing, synchronizing, and sharing cumulative contact information are disclosed, along with a method for combining and updating contact profiles by linking personal and corporate or group IDs. The system and the method revolutionize and simplify the way people share and update contact information because each user updates only the contact information of the user himself or herself. Then the information is automatically synced and updated with other users (with whom the contact information was initially set to be shared).
    Type: Grant
    Filed: June 22, 2017
    Date of Patent: May 21, 2019
    Inventor: Myrat Amansahedov
  • Patent number: 10263787
    Abstract: Disclosed embodiments relate to decentralized and scalable trust among a plurality of decentralized applications. Techniques include receiving, at a first decentralized application, a signature associated with a first public key, receiving data representing one or more permissions specified by a trusted root application and signed by the trusted root application, signing a second public key associated with a second decentralized application, signing data representing one or more permissions specified by the first decentralized application, and providing the signature associated with the second public key and the signed data representing one or more permissions specified by the first decentralized application, in order to thereby provide trust between the first decentralized application and the second decentralized application.
    Type: Grant
    Filed: November 12, 2018
    Date of Patent: April 16, 2019
    Assignee: CyberArk Software Ltd.
    Inventors: Alex Gelman, Dor Simca
  • Patent number: 10249119
    Abstract: In embodiments of a hub key service, a device includes a communication interface for communication coordination with one or more associated devices of the device, and the associated devices correspond to hub members. A hub manager is implemented to generate an electronic key that includes access permissions, which are configurable to enable controlled access for the hub members, such as to a building, vehicle, media device, or location. The hub manager can then correlate the electronic key with the device to enable access to the building, vehicle, media device, or location with the device utilized as the electronic key.
    Type: Grant
    Filed: July 21, 2016
    Date of Patent: April 2, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Joseph H. Matthews, III, Lavanya Vasudevan, Shawn M. Thomas, Joseph A. Schrader, Ted Tai-Yu Chen, Raman K. Sarin
  • Patent number: 10222986
    Abstract: Embodiments include receiving an indication of a data storage module to be associated with a tenant of a distributed storage system, allocating a partition of a disk for data of the tenant, creating a first association between the data storage module and the disk partition, creating a second association between the data storage module and the tenant, and creating rules for the data storage module based on one or more policies configured for the tenant. Embodiments further include receiving an indication of a type of subscription model selected for the tenant, and selecting the disk partition to be allocated based, at least in part, on the subscription model selected for the tenant. More specific embodiments include generating a storage map indicating the first association between the data storage module and the disk partition and indicating the second association between the data storage module and the tenant.
    Type: Grant
    Filed: May 15, 2015
    Date of Patent: March 5, 2019
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Johnu George, Kai Zhang, Yathiraj B. Udupi, Debojyoti Dutta
  • Patent number: 10216921
    Abstract: Systems and methods for attesting to information about a computing resource involve electronically signed documents. For a computing resource, a document containing information about the resource is generated and electronically signed. The document may be provided to one or more entities as an attestation to at least some of the information contained in the document. Attestation to information in the document may be a prerequisite for performance of one or more actions that may be taken in connection with the computing resource.
    Type: Grant
    Filed: September 7, 2016
    Date of Patent: February 26, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Cornelle Christiaan Pretorius Janse Van Rensburg, Mark Joseph Cavage, Marc John Brooker, David Everard Brown, Abhinav Agrawal, Matthew S. Garman, Kevin Ross O'Neill, Eric Jason Brandwine, Christopher Richard Jacques de Kadt
  • Patent number: 10212141
    Abstract: Various embodiments described herein relate to network key manager which is configured to manage keys in nodes in the network, wherein the network key manager including a memory configured to store an update data structure; a processor configured to: determine which nodes are blacklisted; generate the update data structure of volatile private keys for each node that is not blacklisted, wherein the volatile private key is based upon secret information associated with the node and an index, wherein the volatile private key is used for the indexth key update; determine a neighbor node of the network key manager; remove the volatile private key for the neighbor node from the update data structure; encrypt the resulting update data structure and a new network key with the private key for the neighbor node to produce an encrypted message; and send the encrypted message to the neighbor node.
    Type: Grant
    Filed: October 19, 2016
    Date of Patent: February 19, 2019
    Assignee: NXP USA, Inc.
    Inventors: Andrei Catalin Frincu, George Bogdan Alexandru
  • Patent number: 10205594
    Abstract: Examples are generally directed towards providing a server polling component for remote cryptographic key erasure resilient to network outage. A set of keys received from a server are stored on data storage. The data storage sends a status request to the server. If a key enabled status is received, the data storage continues normal operations. If a key disabled status is received, a key failure action is performed. The key failure action includes deleting one or more of the keys in the set of keys or shutting down one or more storage devices of the data storage. If no response is received from the server, the data storage iteratively resends the status request at retry time intervals until a response is received from the server or until a time out period expires. On expiration of the time out period, the key failure action is performed.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: February 12, 2019
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventor: Charles W. Kaufman
  • Patent number: 10200692
    Abstract: A computer-implemented method is provided for processing a video stream in the compressed domain for watermarking, scrambling and other applications. Syntax elements are generated for input video as part of a video compression process. The syntax elements are entropy coded with an arithmetic entropy encoding process to produce a compressed bitstream for the input video. Regions of frames and related syntax elements of the input video are identified as candidates for modification. Based on metadata associated with a particular user, the syntax elements, the regions, and entropy coding state of the arithmetic entropy encoding process, bytes of the input video are changed to generate a modifying bitstream that is unique to the particular user; and modifying the compressed bitstream using the modifying bitstream to produce a decodable bitstream for the input video.
    Type: Grant
    Filed: March 16, 2017
    Date of Patent: February 5, 2019
    Assignee: Cisco Technology, Inc.
    Inventor: Thomas Davies
  • Patent number: 10187213
    Abstract: In representative embodiments keys used in authentication are removed from local systems and stored on a key server system. When keys are needed for authentication, requests are routed to the key server system. In some embodiments, the keys do not leave the key server system and the key server system performs requested operations using the keys. In other embodiments, secure protocols are used to temporarily allow the local system to retrieve and use the key. In this latter situation, keys are not maintained on the local system.
    Type: Grant
    Filed: November 7, 2014
    Date of Patent: January 22, 2019
    Assignee: Venafi, Inc.
    Inventors: Tero Petteri Harjula, Breon Malachy McCartney
  • Patent number: 10185698
    Abstract: An electronic device includes a display, a memory and a processor being configured to: register a plurality of pieces of first computational data in input order; register at least one or more pieces of second computational data each time the second computational data is input, the at least one or more pieces of second computational data corresponding to the plurality of pieces of first computational data, and each piece of the second computational data including numerical value data and calculation data; when second computational data is registered, determine whether the registered second computational data is consistent with the first computational data in input order corresponding to the registered second computational data; when the registered second computational data is determined to be inconsistent with the first computational data, correct the first computational data; and resume the registration of the second computational data after the first computational data is corrected.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: January 22, 2019
    Assignee: CASIO COMPUTER CO., LTD.
    Inventor: Kazuhiko Arikawa
  • Patent number: 10176305
    Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,
    Type: Grant
    Filed: June 9, 2017
    Date of Patent: January 8, 2019
    Assignee: OL Security Limited Liability Company
    Inventors: David H. Sitrick, Russell T. Fling
  • Patent number: 10169600
    Abstract: A computing device may parse a file into a plurality of nodes. The computing device may associate, based on the parsing, at least a first encryption policy with a first node of the plurality of nodes. The computing device may associate, based on the parsing, at least a second encryption policy with a second node of the plurality of nodes. Data may be encrypted, based on the associating at least the first encryption policy with a first node, within at least the first node. Data may be encrypted, based on the associating at least a second encryption policy with a second node, within at least the second node.
    Type: Grant
    Filed: October 13, 2015
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: Hao Feng, Shuo Li, ShengYan Sun, Jun Wang
  • Patent number: 10171465
    Abstract: A method for authenticating a client device for access to a host device based on timestamps. When the client device wants to access the host, it generates a first timestamp and sends the host device the first timestamp and the character strings from host tables related to the value of time units of the first timestamp. The host tables are known to all authorized client devices within the network. The strings are ordered according to a sequence table in the client device and the host device. When received, the host device compares the received characters strings to the character strings within its host string table based on an order determined by its host sequence table. If the character strings and order match, the host sends the client a second timestamp and the process is repeated using the second timestamp and sequence and string tables associated with, and known only to, the client device and the host device.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: January 1, 2019
    Inventor: Helene E. Schmidt