Key Distribution Center Patents (Class 380/279)
  • Patent number: 10298685
    Abstract: A system and a method for organizing, synchronizing, and sharing cumulative contact information are disclosed, along with a method for combining and updating contact profiles by linking personal and corporate or group IDs. The system and the method revolutionize and simplify the way people share and update contact information because each user updates only the contact information of the user himself or herself. Then the information is automatically synced and updated with other users (with whom the contact information was initially set to be shared).
    Type: Grant
    Filed: June 22, 2017
    Date of Patent: May 21, 2019
    Inventor: Myrat Amansahedov
  • Patent number: 10263787
    Abstract: Disclosed embodiments relate to decentralized and scalable trust among a plurality of decentralized applications. Techniques include receiving, at a first decentralized application, a signature associated with a first public key, receiving data representing one or more permissions specified by a trusted root application and signed by the trusted root application, signing a second public key associated with a second decentralized application, signing data representing one or more permissions specified by the first decentralized application, and providing the signature associated with the second public key and the signed data representing one or more permissions specified by the first decentralized application, in order to thereby provide trust between the first decentralized application and the second decentralized application.
    Type: Grant
    Filed: November 12, 2018
    Date of Patent: April 16, 2019
    Assignee: CyberArk Software Ltd.
    Inventors: Alex Gelman, Dor Simca
  • Patent number: 10249119
    Abstract: In embodiments of a hub key service, a device includes a communication interface for communication coordination with one or more associated devices of the device, and the associated devices correspond to hub members. A hub manager is implemented to generate an electronic key that includes access permissions, which are configurable to enable controlled access for the hub members, such as to a building, vehicle, media device, or location. The hub manager can then correlate the electronic key with the device to enable access to the building, vehicle, media device, or location with the device utilized as the electronic key.
    Type: Grant
    Filed: July 21, 2016
    Date of Patent: April 2, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Joseph H. Matthews, III, Lavanya Vasudevan, Shawn M. Thomas, Joseph A. Schrader, Ted Tai-Yu Chen, Raman K. Sarin
  • Patent number: 10222986
    Abstract: Embodiments include receiving an indication of a data storage module to be associated with a tenant of a distributed storage system, allocating a partition of a disk for data of the tenant, creating a first association between the data storage module and the disk partition, creating a second association between the data storage module and the tenant, and creating rules for the data storage module based on one or more policies configured for the tenant. Embodiments further include receiving an indication of a type of subscription model selected for the tenant, and selecting the disk partition to be allocated based, at least in part, on the subscription model selected for the tenant. More specific embodiments include generating a storage map indicating the first association between the data storage module and the disk partition and indicating the second association between the data storage module and the tenant.
    Type: Grant
    Filed: May 15, 2015
    Date of Patent: March 5, 2019
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Johnu George, Kai Zhang, Yathiraj B. Udupi, Debojyoti Dutta
  • Patent number: 10216921
    Abstract: Systems and methods for attesting to information about a computing resource involve electronically signed documents. For a computing resource, a document containing information about the resource is generated and electronically signed. The document may be provided to one or more entities as an attestation to at least some of the information contained in the document. Attestation to information in the document may be a prerequisite for performance of one or more actions that may be taken in connection with the computing resource.
    Type: Grant
    Filed: September 7, 2016
    Date of Patent: February 26, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Cornelle Christiaan Pretorius Janse Van Rensburg, Mark Joseph Cavage, Marc John Brooker, David Everard Brown, Abhinav Agrawal, Matthew S. Garman, Kevin Ross O'Neill, Eric Jason Brandwine, Christopher Richard Jacques de Kadt
  • Patent number: 10212141
    Abstract: Various embodiments described herein relate to network key manager which is configured to manage keys in nodes in the network, wherein the network key manager including a memory configured to store an update data structure; a processor configured to: determine which nodes are blacklisted; generate the update data structure of volatile private keys for each node that is not blacklisted, wherein the volatile private key is based upon secret information associated with the node and an index, wherein the volatile private key is used for the indexth key update; determine a neighbor node of the network key manager; remove the volatile private key for the neighbor node from the update data structure; encrypt the resulting update data structure and a new network key with the private key for the neighbor node to produce an encrypted message; and send the encrypted message to the neighbor node.
    Type: Grant
    Filed: October 19, 2016
    Date of Patent: February 19, 2019
    Assignee: NXP USA, Inc.
    Inventors: Andrei Catalin Frincu, George Bogdan Alexandru
  • Patent number: 10205594
    Abstract: Examples are generally directed towards providing a server polling component for remote cryptographic key erasure resilient to network outage. A set of keys received from a server are stored on data storage. The data storage sends a status request to the server. If a key enabled status is received, the data storage continues normal operations. If a key disabled status is received, a key failure action is performed. The key failure action includes deleting one or more of the keys in the set of keys or shutting down one or more storage devices of the data storage. If no response is received from the server, the data storage iteratively resends the status request at retry time intervals until a response is received from the server or until a time out period expires. On expiration of the time out period, the key failure action is performed.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: February 12, 2019
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventor: Charles W. Kaufman
  • Patent number: 10200692
    Abstract: A computer-implemented method is provided for processing a video stream in the compressed domain for watermarking, scrambling and other applications. Syntax elements are generated for input video as part of a video compression process. The syntax elements are entropy coded with an arithmetic entropy encoding process to produce a compressed bitstream for the input video. Regions of frames and related syntax elements of the input video are identified as candidates for modification. Based on metadata associated with a particular user, the syntax elements, the regions, and entropy coding state of the arithmetic entropy encoding process, bytes of the input video are changed to generate a modifying bitstream that is unique to the particular user; and modifying the compressed bitstream using the modifying bitstream to produce a decodable bitstream for the input video.
    Type: Grant
    Filed: March 16, 2017
    Date of Patent: February 5, 2019
    Assignee: Cisco Technology, Inc.
    Inventor: Thomas Davies
  • Patent number: 10187213
    Abstract: In representative embodiments keys used in authentication are removed from local systems and stored on a key server system. When keys are needed for authentication, requests are routed to the key server system. In some embodiments, the keys do not leave the key server system and the key server system performs requested operations using the keys. In other embodiments, secure protocols are used to temporarily allow the local system to retrieve and use the key. In this latter situation, keys are not maintained on the local system.
    Type: Grant
    Filed: November 7, 2014
    Date of Patent: January 22, 2019
    Assignee: Venafi, Inc.
    Inventors: Tero Petteri Harjula, Breon Malachy McCartney
  • Patent number: 10185698
    Abstract: An electronic device includes a display, a memory and a processor being configured to: register a plurality of pieces of first computational data in input order; register at least one or more pieces of second computational data each time the second computational data is input, the at least one or more pieces of second computational data corresponding to the plurality of pieces of first computational data, and each piece of the second computational data including numerical value data and calculation data; when second computational data is registered, determine whether the registered second computational data is consistent with the first computational data in input order corresponding to the registered second computational data; when the registered second computational data is determined to be inconsistent with the first computational data, correct the first computational data; and resume the registration of the second computational data after the first computational data is corrected.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: January 22, 2019
    Assignee: CASIO COMPUTER CO., LTD.
    Inventor: Kazuhiko Arikawa
  • Patent number: 10176305
    Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,
    Type: Grant
    Filed: June 9, 2017
    Date of Patent: January 8, 2019
    Assignee: OL Security Limited Liability Company
    Inventors: David H. Sitrick, Russell T. Fling
  • Patent number: 10169600
    Abstract: A computing device may parse a file into a plurality of nodes. The computing device may associate, based on the parsing, at least a first encryption policy with a first node of the plurality of nodes. The computing device may associate, based on the parsing, at least a second encryption policy with a second node of the plurality of nodes. Data may be encrypted, based on the associating at least the first encryption policy with a first node, within at least the first node. Data may be encrypted, based on the associating at least a second encryption policy with a second node, within at least the second node.
    Type: Grant
    Filed: October 13, 2015
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: Hao Feng, Shuo Li, ShengYan Sun, Jun Wang
  • Patent number: 10171465
    Abstract: A method for authenticating a client device for access to a host device based on timestamps. When the client device wants to access the host, it generates a first timestamp and sends the host device the first timestamp and the character strings from host tables related to the value of time units of the first timestamp. The host tables are known to all authorized client devices within the network. The strings are ordered according to a sequence table in the client device and the host device. When received, the host device compares the received characters strings to the character strings within its host string table based on an order determined by its host sequence table. If the character strings and order match, the host sends the client a second timestamp and the process is repeated using the second timestamp and sequence and string tables associated with, and known only to, the client device and the host device.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: January 1, 2019
    Inventor: Helene E. Schmidt
  • Patent number: 10158625
    Abstract: Methods and apparatus are provided for key pairing between peer D2D UEs in different eNBs or D2D areas. A method may comprise: receiving at a first access network node serving a first D2D area from a first user equipment in the first D2D area, a request for keys for a D2D communication between the first user equipment and a second user equipment, wherein the request comprises an identification of a second D2D area where the second user equipment is located and being different from the first D2D area; identifying a second access network node serving the second D2D area based on the identification; sending to the second access network node, a request for a security context of the second user equipment; and receiving from the second access network node the security context for obtaining the keys for the D2D communication.
    Type: Grant
    Filed: September 27, 2013
    Date of Patent: December 18, 2018
    Assignee: Nokia Technologies Oy
    Inventors: Yang Liu, Dajiang Zhang
  • Patent number: 10158993
    Abstract: This relates to wireless communications, and in particular to the generation of keying material for security purposes. In particular, A method of performing authentication for a user terminal. The method comprises performing an Authentication and Key Agreement procedure for authenticating the user terminal in a cellular access network, wherein a core network of the cellular network comprises a Home Subscriber Server; determining in a Bootstrapping Server Function that the user terminal requires keying material for use outside the cellular access network. The method also comprises transferring authentication information directly from the Home Subscriber Server to the Bootstrapping Server Function; and generating session keys in the Bootstrapping Server Function using said authentication information, wherein said session keys are also generated in the user terminal.
    Type: Grant
    Filed: April 13, 2015
    Date of Patent: December 18, 2018
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Vesa Torvinen, Vesa Lehtovirta, Katharina Pfeffer, Patrik Teppo, Monica Wifvesson
  • Patent number: 10153895
    Abstract: The HOMOMORPHIC DATABASE OPERATIONS APPARATUSES, METHODS AND SYSTEMS (“HEDO”) transform transaction storage requests and homomorphic model queries using HEDO components into homomorphic model query results. In some implementations, the disclosure provides a processor-implemented method of securely querying a shared homomorphically encrypted data repository and performing cross-table homomorphic joins.
    Type: Grant
    Filed: January 11, 2018
    Date of Patent: December 11, 2018
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventors: Paul Payton, Scott Edington, Johan Van Tilburg
  • Patent number: 10154063
    Abstract: A device management apparatus includes a setting information acquisition unit that acquires setting information of one or more security setting items from a device; a policy information acquisition unit that acquires policy information defining a single piece of compliant information, a plurality of pieces of compliant information, or a compliant range, for each security setting item; a determination unit that determines whether each of the setting information of the one or more security setting items conforms, based on the policy information; a change unit that changes, when the setting information of any security setting item does not conform, the setting information so as to conform; and a distribution unit that distributes the changed setting information of the security setting item to the device.
    Type: Grant
    Filed: October 1, 2014
    Date of Patent: December 11, 2018
    Assignee: RICOH COMPANY, LIMITED
    Inventor: Atsuhisa Saitoh
  • Patent number: 10135826
    Abstract: A method of leveraging security-as-a-service for cloud-based file sharing includes receiving, at a cloud-based file sharing server external to an enterprise network and having connectivity to the enterprise network, instructions from an enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded. The file sharing server may then receive the file from the first user and forward the file to a cloud-based security-as-a-service (SECaaS) server that is also external to the enterprise network and has connectivity to the enterprise network. The file sharing server receives a determination of validation from the cloud-based SECaaS server and allows a second user to download the file based on the determination. To make the determination, the SECaaS server retrieves cryptographic keying material from a cloud-based key management server, and decrypts the file.
    Type: Grant
    Filed: September 4, 2015
    Date of Patent: November 20, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: K. Tirumaleswar Reddy, Prashanth Patil, Daniel Wing
  • Patent number: 10110584
    Abstract: Credentials sent over a back channel during the authentication of a user to a RESTful service can elevate the trust the recipient system can place in the user's identity. The addition of an identity credential of higher strength can increase confidence in user identities electronically presented with a lower strength credential. Attributes from either credential can be used to determine authorization to a protected resource.
    Type: Grant
    Filed: September 15, 2016
    Date of Patent: October 23, 2018
    Assignee: JERICHO SYSTEMS CORPORATION
    Inventors: Timothy Schmoyer, Michael Dufel, David Staggs, Vijayababu Subramanium
  • Patent number: 10095636
    Abstract: Techniques and logic are presented for encrypting and decrypting applications and related data within a multi-processor system to prevent tampering. The decryption and encryption may be performed either between a system bus and a processor's individual L1 cache memory or between a processor's instruction and execution unit and their respective L1 caches. The logic may include one or more linear feedback shift registers (LFSRs) that may be used for generation of unique sequential address related codes to perform the decryption of instructions and transformation logic that may be used for generation of equivalent offset address related codes to perform decryption and encryption of data. The logic may also be programmable and may be used for test purposes.
    Type: Grant
    Filed: November 28, 2017
    Date of Patent: October 9, 2018
    Inventor: Laurence H. Cooke
  • Patent number: 10097350
    Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.
    Type: Grant
    Filed: February 3, 2017
    Date of Patent: October 9, 2018
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Conor P. Cahill, Victoria C. Moore, Jason Martin, Micah J. Sheller
  • Patent number: 10091185
    Abstract: The system has a user terminal. A client provides access for the user terminal to data entries stored in a database. A database holds information consisting of one or more data entries and data identifications connected to the data entries. The client forms data identification for a certain data entry to be stored in the database from a unique user name and a master password. A pair of the data identification and the data entry is stored. Access for the user terminal is provided to a data entry stored in a database by using the master password, and the unique user name.
    Type: Grant
    Filed: January 21, 2011
    Date of Patent: October 2, 2018
    Assignee: FINNISH TECHNOLOGY MANAGEMENT OY
    Inventors: Ilkka Pietikainen, Harri Yli-Kujala
  • Patent number: 10089655
    Abstract: A data-publishing system facilitates broadcasting a data stream so that each client device obtains a personalized data stream. During operation, a publisher can generate an encoded data stream that does not include a reproducible version of the data stream's contents, and generates an encoding sauce to provide to at least one data-brokering system. When a broker receives a request from a client device for access to the data stream, the broker validates the client device's access to the data stream, and uses the encoding sauce to generate a secret sauce for the client device. The client device can process the encoded data stream using instructions in the secret sauce to produce a personalized data stream that includes a reproducible version of the data stream's contents.
    Type: Grant
    Filed: November 27, 2013
    Date of Patent: October 2, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Priya Mahadevan, Roger C. Meike, Glenn C. Scott
  • Patent number: 10089651
    Abstract: A content broker can receive a request from a user's client device for access to a data stream, and determines whether the client device has a sufficient number of credits to consume the digital content. If the client device does not have a sufficient number of credits, the broker can provide the client device an opportunity to earn credits. The broker can send to the client device an advertisement stream, and a corresponding challenge query that includes a set of instructions for generating a challenge-response that proves the client device has consumed the advertisement stream. If the broker receives a valid challenge response from the client device, the broker can assign a predetermined number of credits to the user's account.
    Type: Grant
    Filed: March 3, 2014
    Date of Patent: October 2, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Priya Mahadevan, Glenn C. Scott, Roger C. Meike
  • Patent number: 10050966
    Abstract: The present disclosure is directed to methods and systems of providing a user-selectable list of disparately hosted applications. A device intermediary to a client and one or more servers may receive a user request to access a list of applications published to the user. The device may communicate to the client the list of published applications available to the user, the list comprising graphical icons corresponding to disparately hosted applications, at least one graphical icon corresponding to a third-party hosted application of the disparately hosted applications, the third party hosted application served by a remote third-party server. The device may receive a selection from the user of the at least one graphical icon. The device may communicate, from the remote third party server to the client of the user, execution of the third party hosted application responsive to the selection by the user.
    Type: Grant
    Filed: September 2, 2016
    Date of Patent: August 14, 2018
    Assignee: Citrix Systems, Inc.
    Inventors: Richard Hayton, Ajay Soni, Abhishek Chauhan, Rajiv Sinha, Minoo Gupta
  • Patent number: 10050789
    Abstract: A method relates to receiving, by an authentication server, an authentication request from a client device via a public network, selecting a first private key of the authentication server from a first range of numbers and a second private key of the authentication server from a second range of numbers, receiving, from the client device, a first public key of the client device and a second public key of the client device, calculating a third private key of the authentication server in view of the second private key of the authentication server and a numerical value of the password, receiving a third public key of the client device, calculating a session key of the authentication server in view of the second public key of the client device, the third public key of the client device, and the third private key of the authentication server, and validating the session key.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: August 14, 2018
    Assignee: Red Hat, Inc.
    Inventor: Nathaniel McCallum
  • Patent number: 10027475
    Abstract: An initiating key-agreement device (100) and a responding key-agreement device (200) are provided, configured to generate a symmetric key shared between them. The devices are configured for generating in electronic form a private random value (112, 212), obtaining in electronic form a public set of bivariate polynomials (122) and computing a univariate polynomial (124, 222) by summing the univariate polynomials obtained by substituting the private random value (112, 212) into the polynomials of the public set (122). The devices are configured to send their computed univariate polynomial to the other device, and to compute or reconstruct the shared symmetric key (214, 312) by substituting its generated private random value (112, 212) in the received univariate polynomial.
    Type: Grant
    Filed: July 14, 2014
    Date of Patent: July 17, 2018
    Assignee: KONINKLIJKE PHILIPS N.V.
    Inventors: Ronald Rietman, Oscar Garcia Morchon, Ludovicus Marinus Gerardus Maria Tolhuizen, Santos Merino Del Pozo
  • Patent number: 10015830
    Abstract: A communication apparatus functioning as a master device denies participation by new communication apparatuses in a network in communication parameter configuration mode based on participation statuses of communication apparatuses functioning as slave devices in the network. The communication apparatus functioning as a master device establishes the network in communication parameter configuration mode between the communication apparatuses participating in the network, and configures communication parameters.
    Type: Grant
    Filed: October 11, 2016
    Date of Patent: July 3, 2018
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Fumihide Goto
  • Patent number: 10015019
    Abstract: A method and system configured to produce a cryptographic signature on a message, under a key, at a user computer wherein the key is shared between the user computer, which stores a first key-share, and an authentication computer, which stores a second key-share and a first authentication value. The user computer encodes the message to produce a blinded message, produces the first authentication value from a user password and a secret value, and produces a second authentication value by encoding the first authentication value and a nonce. The authentication computer uses the nonce to determine if the first authentication value is correct and, if so, encodes the blinded message using the second key-share to produce a partial signature. The user computer produces a signature on the message under the key by encoding the partial signature and the message using the first key-share and an unblinding function.
    Type: Grant
    Filed: June 2, 2017
    Date of Patent: July 3, 2018
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Anja Lehmann, Gregory Neven
  • Patent number: 10009182
    Abstract: A method and system configured to produce a cryptographic signature on a message, under a key, at a user computer wherein the key is shared between the user computer, which stores a first key-share, and an authentication computer, which stores a second key-share and a first authentication value. The user computer encodes the message to produce a blinded message, produces the first authentication value from a user password and a secret value, and produces a second authentication value by encoding the first authentication value and a nonce. The authentication computer uses the nonce to determine if the first authentication value is correct and, if so, encodes the blinded message using the second key-share to produce a partial signature. The user computer produces a signature on the message under the key by encoding the partial signature and the message using the first key-share and an unblinding function.
    Type: Grant
    Filed: April 4, 2017
    Date of Patent: June 26, 2018
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Anja Lehmann, Gregory Neven
  • Patent number: 10002257
    Abstract: Systems and methods using a cryptographic key loader embedded in a removable data storage device are provided. In one embodiment, the removable data storage device can include a dedicated key memory storing one or more cryptographic keys for cryptographic processing of data by a host system. The removable data storage device can further include a dedicated data memory storing data subject to cryptographic processing by the host system. When the removable data cartridge is interfaced with the host system, the cryptographic key(s) and the data subject to cryptographic processing can become accessible to host system.
    Type: Grant
    Filed: August 4, 2015
    Date of Patent: June 19, 2018
    Assignee: GE AVIATION SYSTEMS LLC
    Inventors: Deven J. Anthony, John Jared Creech
  • Patent number: 9990249
    Abstract: Apparatus, systems, and/or methods may provide for identifying unencrypted data including a plurality of bits, wherein the unencrypted data may be encrypted and stored in memory. In addition, a determination may be made as to whether the unencrypted data includes a random distribution of the plurality of bits, for example based on a compressibility function. An integrity action may be implemented when the unencrypted data includes a random distribution of the plurality of bits, which may include error correction including a modification to ciphertext of the unencrypted data. Independently of error correction, a diffuser may generate intermediate and final ciphertext. In addition, a key and/or a tweak may be derived for a location in the memory. Moreover, an integrity value may be generated (e.g., as a copy) from a portion of the unencrypted data, and/or stored in a slot of an integrity check line based on the location.
    Type: Grant
    Filed: December 24, 2015
    Date of Patent: June 5, 2018
    Assignee: Intel Corporation
    Inventors: David M Durham, Siddhartha Chhabra, Sergej Deutsch, Men Long, Alpa T Narendra Trivedi
  • Patent number: 9992670
    Abstract: Facilitating authentication on communication between a mobile terminal and a server is achieved. The communication is made through a Serving GPRS Support Node (SGSN) of a network in which the mobile terminal is operating. A Home Public Land Mobile Network (PLMN) of the mobile terminal generates a ciphering key for encryption of packet-switched data between the mobile terminal and the server. As part of a message from a network entity in the Home PLMN to the SGSN in which the SGSN expects to receive the ciphering key, alternative data is communicated in place of the ciphering key. Secure communication between the mobile terminal and the server is performed by applying encryption using a ciphering key generated by a network entity in a Home PLMN of the mobile terminal in messages between the mobile terminal and the server.
    Type: Grant
    Filed: July 20, 2015
    Date of Patent: June 5, 2018
    Assignee: VODAFONE IP LICENSING LIMITED
    Inventors: Christopher Pudney, Assen Mahaboob Khan Golaup, Nicholas Bone
  • Patent number: 9992026
    Abstract: A system or method for enrolling a signature may include transmitting a user's public key and a time stamp to a client device. The method may further include receiving an encrypted time stamp and encrypted signature data associated with the user, wherein the signature data is encrypted using the user's public key. The encrypted time stamp may be decrypted using the user's private key, and the received encrypted signature data may be validated based on the decrypted time stamp. If the received encrypted signature data is determined to be valid, the encrypted signature data may be stored and digitally signed with the user's private key. The encrypted signature data may be further digitally certified with an administrator's private key.
    Type: Grant
    Filed: March 27, 2015
    Date of Patent: June 5, 2018
    Inventor: Mohammed Alawi E Geoffrey
  • Patent number: 9985782
    Abstract: A method relates to receiving, by a processing device, a first request to decrypt encrypted data stored on an encrypted portion of a drive, transmitting, to a decryption server, a second request comprising an encrypted first encryption key, wherein the encrypted first encryption key is produced by encrypting a first encryption key using a public key of an asymmetric key pair, receiving the first encryption key from the decryption server, decrypting an encrypted second encryption key using the first encryption key to produce a second encryption key, and decrypting the encrypted data using the second encryption key to produce data.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: May 29, 2018
    Assignee: Red Hat, Inc.
    Inventor: Nathaniel McCallum
  • Patent number: 9973733
    Abstract: A communication system includes a terminal having a first storage section for storing a number of pieces of content information, a second storage section for storing a number of pieces of the content information, a storage control section for placing a content ID stored in the second storage section into purchase information for each terminal and stored in the second storage section, an access control section for controlling access to the content information corresponding to the content ID stored in the second storage section, and an accounting setting section for setting an amount of a fee to be imposed on the terminal in response to the purchase information.
    Type: Grant
    Filed: August 20, 2012
    Date of Patent: May 15, 2018
    Assignee: SONY CORPORATION
    Inventors: Takashi Kumagai, Izuru Tanaka
  • Patent number: 9965627
    Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.
    Type: Grant
    Filed: September 14, 2014
    Date of Patent: May 8, 2018
    Assignee: Sophos Limited
    Inventors: Kenneth D. Ray, Daniel Salvatore Schiappa, Simon Neil Reed, Mark D. Harris, Neil Robert Tyndale Watkiss, Andrew J. Thomas, Robert W. Cook, Harald Schütz, John Edward Tyrone Shaw, Anthony John Merry
  • Patent number: 9954678
    Abstract: A computer system can send a secure request over a named-data network to a remote device by generating an Interest with encrypted name components. During operation, the computer system can receive or obtain a request for data, such as from a local user or from a local application. If the system cannot satisfy the request locally, the system can determine at least a routable prefix and a name suffix associated with the request. The system can generate the secure Interest for the request by determining an encryption key that corresponds to a session with the remote computer system, and encrypts the name suffix using the session encryption key. The system then generates an Interest whose name includes the routable prefix and the encrypted name suffix, and disseminates the Interest over a named-data network to send the request to the remote computer system.
    Type: Grant
    Filed: February 6, 2014
    Date of Patent: April 24, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Marc E. Mosko, Ersin Uzun
  • Patent number: 9928485
    Abstract: Methods, apparatuses, computer program products, devices and systems are described that carry out accepting at least one indication of an interaction involving at least one member of a network; creating a persona corresponding to the at least one member of a network, wherein the persona is at least partly based on the indication of an interaction; and presenting the persona for use in the interaction involving the at least one member of the network.
    Type: Grant
    Filed: November 16, 2011
    Date of Patent: March 27, 2018
    Assignee: Elwha LLC
    Inventors: Marc E. Davis, Matthew G. Dyor, William Gates, Xuedong Huang, Roderick A. Hyde, Edward K. Y. Jung, Jordin T. Kare, Royce A. Levien, Richard T. Lord, Robert W. Lord, Qi Lu, Mark A. Malamud, Nathan P. Myhrvold, Satya Nadella, Daniel Reed, Harry Shum, Clarence T. Tegreene, Lowell L. Wood, Jr.
  • Patent number: 9922200
    Abstract: Systems, methods, and computer-readable storage media are provided for securely storing and accessing content within a public cloud. A processor manufacturer provides processors having secure enclave capability to a cloud provider. The provider makes available a listing of processor identifiers (CPUIDs) for processors available for storing content and having secure enclave capability. A content owner provides CPUIDs for desired processors from the listing to the manufacturer which provides the content owner with a processor-specific public code encryption key (CEK) for encrypting content to be stored on each processor identified. Each processor is constructed such that content encrypted with the public CEK may only be decrypted within a secure enclave thereof. The content owner encrypts the desired content with the public CEK and returns the encrypted content and the CPUID for the appropriate processor to the cloud provider. The cloud provider then stores the encrypted content on the particular processor.
    Type: Grant
    Filed: June 30, 2014
    Date of Patent: March 20, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Galen Clyde Hunt, Mark Eugene Russinovich
  • Patent number: 9923720
    Abstract: A network device (110) is provided which is configured to determine a shared cryptographic key of key length (b) bits shared with a second network device (120) from a polynomial and an identity number of the second network device. A reduction algorithm is used to evaluate the polynomial in the identity number of the second network device and reduce module a public modulus and modulo a key modulus. The reduction algorithm comprises an iteration over the terms of the polynomial. In at least the iteration which iteration is associated with a particular term of the polynomial are comprised a first and second multiplication. The first multiplication is between the identity number and a least significant part of the coefficient of the particular term obtained from the representation of the polynomial, the least significant part of the coefficient being formed by the key length least significant bits of the coefficient of the particular term.
    Type: Grant
    Filed: February 11, 2014
    Date of Patent: March 20, 2018
    Assignee: KONINKLIJKE PHILIPS N.V.
    Inventors: Oscar Garcia Morchon, Sandeep Shankaran Kumar, Ludovicus Marinus Gerardus Maria Tolhuizen
  • Patent number: 9913150
    Abstract: Disclosed are a method and device for implementing a microwave device trusteeship. The method includes: a plurality of all-outdoor units (AOUs) are configured into a trusteeship mode; res the AOUs already configured into the trusteeship mode are respectively connected to the ports of the service units of an IP device; by accessing the IP device by the AOUs configured into a trusteeship mode, the connected AOUs are configured at the corresponding ports of the service unit of the IP device, and the virtual slot numbers of the connected AOUs are generated; and the IP device selects at least two AOUs from the plurality of AOUs already configured into a trusteeship mode to form a protection group, and sets a transmission unit number for each selected corresponding AOU, so as to virtually set each of the selected AOUs as a transmission unit of the IP device.
    Type: Grant
    Filed: September 23, 2013
    Date of Patent: March 6, 2018
    Assignee: ZTE CORPORATION
    Inventors: Yazhou Liu, Guangwei Li
  • Patent number: 9892239
    Abstract: Techniques and mechanisms described herein facilitate the management of digital rights for media content item presentation. According to various embodiments, a request for a content decryption key may be received at a media application implemented at a computing device. The request may be transmitted by a media content player implemented at the computing device. The request may be transmitted in accordance with a designated key exchange protocol. A license for an encrypted media content item corresponding with the requested content decryption key may be identified at the media application. Based on information included in the license, encrypted key material may be decrypted to create the requested content decryption key via a processor at the computing device. The requested content decryption key may be provided to the media content player.
    Type: Grant
    Filed: January 29, 2013
    Date of Patent: February 13, 2018
    Assignee: MOBITV, INC.
    Inventors: Fritz Barnes, Torbjorn Einarsson, Do Hyun Chung, Ken Klinner
  • Patent number: 9894053
    Abstract: Embodiments of the present application relate to a method, a system, and a computer program product for authenticating a service. A method for authenticating a service is provided. The method includes receiving a first service request from a first terminal, generating a first link address that is used to link to an access location based on the received first service request, determining a preset terminal identifier corresponding to a second terminal, the preset terminal identifier being a terminal identifier preset by the user, sending the first link address to the second terminal, receiving a first link request, determining an issued terminal identifier based on the first link request, comparing the determined issued terminal identifier with the preset terminal identifier of the second terminal, and performing a next processing operation on the first service request based on the comparison result.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: February 13, 2018
    Assignee: Alibaba Group Holding Limited
    Inventor: Kai Cao
  • Patent number: 9846656
    Abstract: Techniques and logic are presented for encrypting and decrypting applications and related data within a multi-processor system to prevent tampering. The decryption and encryption may be performed either between a system bus and a processor's individual L1 cache memory or between a processor's instruction and execution unit and their respective L1 caches. The logic may include one or more linear feedback shift registers (LFSRs) that may be used for generation of unique sequential address related codes to perform the decryption of instructions and transformation logic that may be used for generation of equivalent offset address related codes to perform decryption and encryption of data. The logic may also be programmable and may be used for test purposes.
    Type: Grant
    Filed: December 7, 2015
    Date of Patent: December 19, 2017
    Inventor: Laurence H. Cooke
  • Patent number: 9830433
    Abstract: The present invention provides a method for creating an electronic document file comprising monitoring creation and changes of an electronic document file, receiving a policy file including document level set-up information and security policy, searching for words associated with business information from the text data retrieved from the electronic document file, computing an exposure score of the electronic document file based on the number of times for words associated with business information being searched and document level set-up information, assigning a document level to the electronic document file based on the exposure score, and inserting a watermark to text of the electronic document file to be displayed on the client device based on the user's personal information received from the server. Accordingly, leakage of business documents for electronic document files including business information can be prevented by providing pre-security and post-security measures stronger than conventional measures.
    Type: Grant
    Filed: July 24, 2014
    Date of Patent: November 28, 2017
    Assignee: MARKANY, INC.
    Inventors: Jong-Uk Choi, Joo Won Cho, Yusep Rosmansyah
  • Patent number: 9819666
    Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.
    Type: Grant
    Filed: March 1, 2016
    Date of Patent: November 14, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: David R. Mowers, John A. Banes, Daniel R. Simon, Paul J. Leach
  • Patent number: 9812138
    Abstract: A robust digital fingerprint of a file ensures that one able to produce the robust digital fingerprint has possession of the file. A client obtains information that is unpredictable to the client and uses that information to modify the file and generate a robust digital fingerprint from the modified file. A server, with access to the same unpredictable information, verifies the generated robust digital fingerprint. An algorithm for generating the robust digital fingerprint has a property that different representations of the same content will produce matching digital fingerprints.
    Type: Grant
    Filed: September 3, 2014
    Date of Patent: November 7, 2017
    Assignee: Amazon Technologies, Inc.
    Inventor: Thibault Candebat
  • Patent number: 9769127
    Abstract: Systems and methods for a smart card accessible over a personal area network (PAN). An example method may include: communicatively coupling a device to the PAN, storing a digital certificate that identifies a user, logging the user on to an additional device within the PAN, and providing an encryption service for the additional device, by: receiving a message to be encrypted, encrypting the message, sending the encrypted message to the additional device via the PAN, receiving an encrypted version of an additional message, decrypting the additional message using the private key associated with the user to produce an unencrypted version of the additional message, and sending the unencrypted version of the additional message to the additional device via the PAN.
    Type: Grant
    Filed: June 3, 2015
    Date of Patent: September 19, 2017
    Assignee: Red Hat, Inc.
    Inventor: Peter A. Rowley
  • Patent number: 9762387
    Abstract: A method for establishing an encrypted communication channel is described. Query IDs are generated at a first device. Each query ID identifies a keyword in a set of keywords. Query IDs are received, at a second device. A second set of keywords is determined by the second device based on the query IDs. Match IDs are determined based on the second set. Each match ID identifies a keyword in the second set. An encryption key is generated based on the second set. A response is sent which includes the match IDs and an encrypted message. At the first device, the second set is determined based on the match IDs. The second set includes keywords of the first set of keywords identified by the match IDs. The encryption key is generated at the first device and the encrypted message is decrypted. Apparatus and computer readable media are also described.
    Type: Grant
    Filed: September 13, 2012
    Date of Patent: September 12, 2017
    Assignee: Nokie Technologies Oy
    Inventors: Kari J. Leppänen, Philip Ginzboorg, Janne Kulmala, Antti Laine, Marko Hannikainen