Control Vector Or Tag Patents (Class 380/280)
  • Patent number: 11115209
    Abstract: The present invention relates to the field of tracing and anti-counterfeit protection of physical objects, and particularly to preparing and performing a secure authentication of such objects. Specifically, the invention is directed to a method and a system for preparing a subsequent secured authentication of a physical object or group of physical objects by a recipient thereof, to a method and system for authenticating a physical object or group of physical objects, to a method and system of securely providing a time-variant combination scheme for authenticating a physical object or group of physical objects according to the above methods, and to related computer programs corresponding to said methods. The invention is based on the concept of increasing the security level by increasing the information entropy of the data on which the anti-counterfeit protection is based by means of random data communicated to authenticating entities in an algorithmically hidden way.
    Type: Grant
    Filed: January 30, 2020
    Date of Patent: September 7, 2021
    Assignee: Merck Patent GmbH
    Inventors: Thomas Endress, Daniel Szabo, Frederic Berkermann, Natali Melgarejo Diaz
  • Patent number: 11017211
    Abstract: Aspects of the present disclosure include methods for generating a sampled profile including a plurality of sampling points having a plurality of characteristic values associated with the detected non-visible light, identifying one or more macroblocks each includes a subset of the plurality of sampling points, calculating a number of occurrences of the local pattern value within each subset of the plurality of the sampling points for each of the one or more macroblocks, generating a first array including a plurality of weighted values by calculating the plurality of weighted values based on the numbers of occurrences of the local pattern value and corresponding sizes of the one or more macroblocks, assigning a unique index to each of the plurality of weighted values, generating a second array of the unique index by ranking the plurality of weighted values, and generating a third array including a plurality of ranking distances.
    Type: Grant
    Filed: March 8, 2019
    Date of Patent: May 25, 2021
    Assignee: Stone Lock Global, Inc.
    Inventors: James Trani, David Douglas Dunlap
  • Patent number: 10880281
    Abstract: Examples described herein relate to apparatuses and methods for evaluating an encryption key based on policies for a policy operation, including, but not limited to, receiving user request for the policy operation, determining one or more of a node, group, client, or user associated with the user request, determining the policies associated with the one or more of the node, group, client, or user based on priority, and evaluating at least one key attribute of an encryption key based, at least in part, on the policies.
    Type: Grant
    Filed: February 22, 2017
    Date of Patent: December 29, 2020
    Assignee: Fornetix LLC
    Inventors: Stephen Edwards, Gary C. Gardner, Charles White
  • Patent number: 10846108
    Abstract: Disclosed are various embodiments for providing limited access within a private network. A connection request is received from a client device coupled to a public network. A remote desktop environment is implemented in a private network in response to the connection request. Access to the public network through the remote desktop environment may be restricted to communicating with a particular storage service.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: November 24, 2020
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Peter Chung, Jason Falivene
  • Patent number: 10785855
    Abstract: A lighting device for communication with a mobile terminal, comprising: a lighting means, and an electronic operating device for operating the lighting means, a data storage unit, in which a first key is stored in a memory area reserved therefor, an encryption unit configured to read out the first key from the reserved memory area and, in accordance with a specifiable encryption operation, to convert measurement value data and/or identification data intended for transfer to the mobile terminal into a message encrypted by means of the first key, and a transmitting unit configured to transmit the encrypted message to the mobile terminal.
    Type: Grant
    Filed: November 3, 2016
    Date of Patent: September 22, 2020
    Assignees: OSRAM GMBH, OSRAM SYLVANIA INC.
    Inventors: Henry Feil, Barry Stout
  • Patent number: 10742400
    Abstract: In some examples, a non-transitory machine readable storage medium has machine readable instructions to cause a computer processor to segment a datastream into a plurality of equal length blocks each of which has a fixed length, separately encrypt each equal length block using a first encryption key, swap a subset of bits of a first encrypted equal length block with a subset of bits of a second encrypted equal length block such that both of the blocks each have a length equal to the fixed length, and separately encrypt each block using a second encryption key.
    Type: Grant
    Filed: March 20, 2015
    Date of Patent: August 11, 2020
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Liqun Chen, Peter Thomas Camble, Michael Wendland
  • Patent number: 10700971
    Abstract: Systems and methods for supporting inter subnet partitions in a high performance computing environment. In accordance with an embodiment, a fabric manager can define a range of P_Key values, among a plurality of P_Key values, as a inter subnet partition (ISP) P_Key range. The fabric manager can communicate this defined range of P_Key values to a number of subnets, via their subnet managers. The subnet managers in each subnet retain management over their subnets. As there is no central management that configures each side of inter subnet communication, subnet managers on within participating subnets can set up ISP membership, and then exchange information with the other subnet.
    Type: Grant
    Filed: July 19, 2018
    Date of Patent: June 30, 2020
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Bjørn Dag Johnsen, Bartosz Bogdanski, Line Holen
  • Patent number: 10673830
    Abstract: The disclosure provides for two or more transceiver devices and a system that utilizes one or more encrypters and one or more decrypters comprising one or more communication sources that provides transmission(s) and at least one connector, wherein transmission(s) from one or more communications sources enter a first transceiver through the connector and travels to a randomized encrypted data sub-channels (REDS) encrypter and wherein the (REDS) encrypter securely sends encrypted transmission(s) to a second transceiver. The encrypted transmission(s) enter a second transceiver and are sent to a randomized decrypted data sub-channels (RDDS) decrypter wherein the transmission(s) are decrypted.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: June 2, 2020
    Inventor: Daniel Maurice Lerner
  • Patent number: 10554405
    Abstract: The present invention relates to the field of tracing and anti-counterfeit protection of physical objects, and particularly to preparing and performing a secure authentication of such objects. Specifically, the invention is directed to a method and a system for preparing a subsequent secured authentication of a physical object or group of physical objects by a recipient thereof, to a method and system for authenticating a physical object or group of physical objects, to a method and system of securely providing a time-variant combination scheme for authenticating a physical object or group of physical objects according to the above methods, and to related computer programs corresponding to said methods. The invention is based on the concept of increasing the security level by increasing the information entropy of the data on which the anti-counterfeit protection is based by means of random data communicated to authenticating entities in an algorithmically hidden way.
    Type: Grant
    Filed: February 8, 2019
    Date of Patent: February 4, 2020
    Assignee: Merck Patent GmbH
    Inventors: Thomas Endress, Daniel Szabo, Frederic Berkermann, Natali Melgarejo Diaz
  • Patent number: 10541814
    Abstract: The present application describes a method, system, and non-transitory computer-readable medium for end-to-end encryption during a secure communication session. According to the present disclosure, a first device receives an invitation to a secure communication session. The invitation includes a token, which the first device transmits to the call initiating device. Next, the first device performs a three-way handshake with the call initiating device to negotiate a first encryption key and a second encryption key for the secure communication session. The first device encrypts first communication data using the first encryption key and transmits the encrypted first communication data to the call initiating device.
    Type: Grant
    Filed: November 8, 2017
    Date of Patent: January 21, 2020
    Assignee: Wickr Inc.
    Inventors: Thomas Michael Leavy, Joël Alwen
  • Patent number: 10469245
    Abstract: A system for cryptographic processing comprises message unit (1, 7, 12) for providing a first message representation (3, 6, 11), wherein the first message representation is a representation of a message. The system comprises key unit (2) for providing a key representation (4, 9, 14), wherein the key representation is an encrypted representation of a first key of a first cryptographic algorithm and a second key of a second cryptographic algorithm, wherein the first cryptographic algorithm is different from the second cryptographic algorithm. The system comprises step unit (5, 10, 15) for performing a step of the first cryptographic algorithm and a step of the second cryptographic algorithm based on the first message representation (3, 6, 11) and the key representation, to obtain a second message representation (6, 11, 16).
    Type: Grant
    Filed: December 11, 2015
    Date of Patent: November 5, 2019
    Assignee: KONINKLIJKE PHILIPS N.V.
    Inventors: Hendrik Jan Jozef Hubertus Schepers, Paulus Mathias Hubertus Mechtildis Antonius Gorissen, Maarten Peter Bodlaender, Wicher Ido-Jan Gispen
  • Patent number: 10438053
    Abstract: An exemplary embodiment of the present invention provides a method of verifying an identity of a person-to-be-identified using biometric signature data. The method includes creating a face sample database based on biometric signature data from a plurality of individuals, calculating a feature database by extracting selected features of entries in the sample database, calculating positive samples by calculating a feature absolute value distance for a same position of any two different images from one person, calculating negative samples by calculating a feature absolute value distance for a same position of different people, calculating a key bin feature using a learning algorithm, calculating a classifier from the key bin feature for use in identifying and authenticating an acquired face image of a person-to-be-identified and identifying and authenticating the person-to-be-identified using the classifier and the acquired face image of the person-to-be-identified.
    Type: Grant
    Filed: July 13, 2017
    Date of Patent: October 8, 2019
    Assignee: STONE LOCK GLOBAL, INC.
    Inventors: David D. Dunlap, Yulun Hu
  • Patent number: 10285055
    Abstract: A server device of an authentication system includes: an optical signal communication unit that causes optical signal transmitters to repeatedly transmit modulated optical signals, by notifying, of pieces of partial authentication information stored in an authentication information management unit, the optical signal transmitters respectively related to the pieces of partial authentication information; and an authentication processing unit that authenticates, when authentication is requested from a client device, the client device, based on integrated authentication information notified with the request, and integrated authentication information before being segmented into the respective pieces of partial authentication information notified by the optical signal communication unit.
    Type: Grant
    Filed: April 20, 2016
    Date of Patent: May 7, 2019
    Assignee: MINEBEA MITSUMI INC.
    Inventor: Kunihiko Hatta
  • Patent number: 10264009
    Abstract: A predictive engine for analyzing existing vulnerability information to determine the likelihood of a vulnerability being exploited by malicious actors against a particular computer or network of computers. The predictive engine relies on multiple data sources providing historical vulnerability information, a plurality of predictive models, and periodic retraining of the prediction ensemble utilizing predictive models. Modeling schemes may also be used when retraining the predictive models forming the prediction ensemble.
    Type: Grant
    Filed: July 26, 2016
    Date of Patent: April 16, 2019
    Assignee: BOOZ ALLEN HAMILTON INC.
    Inventors: Eric Smyth, Aaron Sant-Miller, Kevin Field
  • Patent number: 10237279
    Abstract: There is provided a method comprising: receiving, by an apparatus of a data center, a request message from a server computer of said data center, the apparatus and the server computer being physically separate entities communicatively coupled with each other, said message requesting data center specific information stored into a read-only memory area of the apparatus; initiating deciphering of the request message in response to receiving the request message; and as a response to successfully deciphering the request message, transmitting a response message to the server computer, said message comprising the data center specific information acquired from the read-only memory area of the apparatus.
    Type: Grant
    Filed: February 8, 2018
    Date of Patent: March 19, 2019
    Assignee: NOKIA SOLUTIONS AND NETWORKS OY
    Inventors: Leo Tapani Hippelainen, Ian Justin Oliver, Shankar Lal
  • Patent number: 10154016
    Abstract: The disclosure provides for two or more transceiver devices and a system that utilizes one or more encrypters and one or more decrypters comprising one or more communication sources that provides transmission(s) and at least one connector, wherein transmission(s) from one or more communications sources enter a first transceiver through the connector and travels to a randomized encrypted data sub-channels (REDS) encrypter and wherein the (REDS) encrypter securely sends encrypted transmission(s) to a second transceiver. The encrypted transmission(s) enter a second transceiver and are sent to a randomized decrypted data sub-channels (RDDS) decrypter wherein the transmission(s) are decrypted.
    Type: Grant
    Filed: June 12, 2018
    Date of Patent: December 11, 2018
    Assignee: IRONCLAD ENCRYPTION CORPORATION
    Inventor: Daniel Maurice Lerner
  • Patent number: 10095882
    Abstract: In one embodiment, a method for securing data on a semi-trusted server is implemented on a computing device and includes: receiving at least a current session key from a user device for use during a current session, where the current session key is suitable for encrypting data and for decrypting data encrypted with the current session key, decrypting communications received from the user device during the session with said session key, encrypting with the session key at least one of communications to be sent to said user device and personal data generated during the session, storing the encrypted personal data, and discarding the current session key upon completion of the session, thereby limiting possible access to the stored encrypted personal data other than during the session. Related apparatus and methods are also described.
    Type: Grant
    Filed: August 18, 2014
    Date of Patent: October 9, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Erez Waisbard, Anna Schnaiderman
  • Patent number: 9998293
    Abstract: A method and a device for maintaining a multicast group member are disclosed. The method includes sending a query message to a switch at intervals of a preset period, so that the switch sends the query message to each multicast group member included in a multicast group; acquiring a count value of current period query responses received by the switch in a current period; and maintaining, according to the count value of current period query responses and a count value of previous period query responses, the multicast group member included in the multicast group. The device includes a first sending module, an acquiring module, and a maintenance module. In the present disclosure, a multicast group member is maintained using a flow table maintained in a switch, which decreases load of a controller, and improves processing efficiency of maintaining, by the controller, the multicast group member.
    Type: Grant
    Filed: October 27, 2016
    Date of Patent: June 12, 2018
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Chenji Li, Quancai Li, Bo Man
  • Patent number: 9912830
    Abstract: A data processing apparatus determines whether or not administrator authority of a user is set, and whether access is made locally or from the network. When the access is made locally, even if the user has the administrator authority, folders of all users are not displayed. The folders of all users are displayed only when the user having the administrator authority accesses from the network.
    Type: Grant
    Filed: July 2, 2015
    Date of Patent: March 6, 2018
    Assignee: Canon Kabushiki Kaisha
    Inventor: Takafumi Mizuno
  • Patent number: 9818108
    Abstract: Systems and methods for updating a transactional device having a reader is provided. In one embodiment, the method includes: reading data on a command token, wherein the data is stored in a memory device; identifying the token as a command token based on the data; generating transaction data that include an instruction based on the token data and a code identifying the instruction as a command data; and transmitting the transaction data to a remote device for command execution.
    Type: Grant
    Filed: December 10, 2007
    Date of Patent: November 14, 2017
    Assignee: VERIFONE, INC.
    Inventors: Clay von Mueller, Scott R. Yale, Patrick K. Hazel, Paul Catinella
  • Patent number: 9807062
    Abstract: A method and apparatus for enabling a cloud server to provide screen information data indicating a screen to be displayed on a client device are provided. The method of enabling a cloud server to provide screen information data relating to a screen to be displayed on a client device includes: generating the screen information data; determining whether or not to protect the generated screen information data based on characteristics of an object configuring the screen; encrypting the provided screen information data based on the determining; and transmitting the encrypted the screen information data to the client device.
    Type: Grant
    Filed: September 26, 2013
    Date of Patent: October 31, 2017
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Sung-bum Park, Yong-je Kim, Myung-jin Eom, Dae-Sung Cho, Woong-il Choi
  • Patent number: 9793960
    Abstract: An NFC device may include a first and second controller interfaces, a first communication channel coupled to the first controller interface, and a second communication channel connected to the second controller interface. A secure element may include a secure element interface connected to the first communication channel and encryption/decryption circuitry configured to encrypt data to be sent on the first communication channel for being framed into the encrypted frames and to decrypt encrypted data extracted from the encrypted frames and received from the first communication channel. The secure element may also include management circuitry configured to control the encryption/decryption circuitry for managing the encrypted communication with the NFC controller.
    Type: Grant
    Filed: July 17, 2013
    Date of Patent: October 17, 2017
    Assignees: STMicroelectronics (Rousset) SAS, STMicroelectronics Application GMBH
    Inventors: Juergen Boehler, Alexandre Charles
  • Patent number: 9787479
    Abstract: There is described a challenge-response method for a client device. The method comprises steps of: (a) receiving challenge data, wherein the challenge data is content encrypted using an encryption key, the content including a nonce; (b) using a secured module of the client device to access the content by decrypting the challenge data using a decryption key of the secured module, the decryption key corresponding to the encryption key; (c) processing a version of the content output by the secured module so as to obtain the nonce; and (d) providing the nonce as a response. There is also described a client device for implementing the above challenge-response method. There is also described a computer program which, when executed by a processor, causes the processor to carry out the above challenge-response method. Finally, there is described a computer readable medium storing the above-mentioned computer program.
    Type: Grant
    Filed: March 27, 2013
    Date of Patent: October 10, 2017
    Assignee: IRDETO B.V.
    Inventors: Andrew Augustine Wajs, Calin Ciordas, Fan Zhang
  • Patent number: 9767322
    Abstract: A method of protecting information in a data storage device is provided. The method includes receiving, in the data storage device, encrypted data via a host computer in which the data storage device is employed. The encrypted data is then decrypted, and re-encrypted, in the data storage device, either before storage or just before data is transferred back to the host computer. The decryption and re-encryption (transcription) is performed substantially independently of the host computer. In addition, a data storage device, readable by a computer system, for implementing the above method for protecting information is provided.
    Type: Grant
    Filed: August 28, 2014
    Date of Patent: September 19, 2017
    Assignee: Seagate Technology LLC
    Inventors: Laszlo Hars, Robert H Thibadeau
  • Patent number: 9742762
    Abstract: Techniques for utilizing a trusted platform module of a host device are described. According to various embodiments, a client device that does not include a trusted platform module (TPM) may leverage a TPM of a host device to provide trust services to the client device.
    Type: Grant
    Filed: December 1, 2014
    Date of Patent: August 22, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Ronald Aigner, Merzin Kapadia, Stuart H. Schaefer, Robert Karl Spiger
  • Patent number: 9729521
    Abstract: Devices, methods, systems, and computer-readable media for auto-commissioning of devices in a communication network are described herein. One or more embodiments include a method for auto-commissioning of a device added to a communication network, comprising: determining properties of signal transitions of the communication network via a device added to the network while the signal transitions of the communication network are passing unchanged, and processing the signal transitions of the communication network, via the device, based on the properties of the signal transitions.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: August 8, 2017
    Assignee: Honeywell International Inc.
    Inventor: Kevin Raymond Driscoll
  • Patent number: 9633212
    Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.
    Type: Grant
    Filed: August 26, 2016
    Date of Patent: April 25, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Todd W. Arnold, Elizabeth A. Dames, Charles D. Helfenberger, Richard V. Kisley, Jimmie R. Mayfield, Jr.
  • Patent number: 9607159
    Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.
    Type: Grant
    Filed: December 10, 2014
    Date of Patent: March 28, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Todd W. Arnold, Elizabeth A. Dames, Charles D. Helfenberger, Richard V. Kisley, Jimmie R. Mayfield, Jr.
  • Patent number: 9544135
    Abstract: Disclosed herein are methods of and systems for facilitating decryption of encrypted electronic information to obtain unencrypted electronic information for consumption by an authorized recipient. A decryption server receives a request for decryption sent by a requesting entity. Subsequently, prior to fulfilling the request for decryption, authentication of the requesting entity may be performed based on a secondary credential. The secondary credential may be issued based on the primary credential. Thereafter, the decryption server retrieves the decryption key by communicating with a source entity, such as a certificate authority, that issued the decryption key. Subsequently, the decryption server decrypts the encrypted electronic information utilizing the decryption key. Thereafter, in an embodiment, the decryption server may transmit the unencrypted electronic information to the requesting entity.
    Type: Grant
    Filed: June 12, 2015
    Date of Patent: January 10, 2017
    Inventor: Issam Andoni
  • Patent number: 9497172
    Abstract: A method of encrypting and transferring data between a sender and a receiver using a network thereby transferring data in a secure manner includes the steps of a server receiving from the sender an identifier of the receiver; generating a transfer specific encryption key specific to the transfer; encrypting the data using the generated transfer specific encryption key; the server retrieving information specific to the receiver that is accessed according to the identifier of the receiver received from the sender, and using the retrieved information specific to the receiver to encrypt the transfer specific encryption key; transferring the encrypted data and the encrypted transfer specific encryption key over the network for receipt by the receiver; the server receiving from the receiver the encrypted transfer specific encryption key and identifier of the receiver; the server retrieving information specific to the receiver that is accessed according to the identifier of the receiver received from the receiver, a
    Type: Grant
    Filed: June 26, 2013
    Date of Patent: November 15, 2016
    Assignee: LITERA CORP.
    Inventor: Michael H. Alculumbre
  • Patent number: 9485100
    Abstract: The present invention provides systems and methods for making efficient trust management decisions. A trust management engine is provided that processes requests for system resources, authorizations or certificates, and the identity of one or more root authorities that are ultimately responsible for granting or denying the requests. To determine whether a request should be granted, the trust management engine identifies a set principals from whom authorization may flow, and interprets each of the certificates as a function of the state of one or more of the principals. The processing logic iteratively evaluates the functions represented by the certificates, updates the states of the principals, and repeats this process until a reliable determination can be made as to whether the request should be granted or denied.
    Type: Grant
    Filed: June 15, 2015
    Date of Patent: November 1, 2016
    Assignee: Intertrust Technologies Corporation
    Inventors: Stephen P. Weeks, Xavier Serret-Avila
  • Patent number: 9471796
    Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.
    Type: Grant
    Filed: March 7, 2016
    Date of Patent: October 18, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Todd W. Arnold, Elizabeth A. Dames, Charles D. Helfenberger, Richard V. Kisley, Jimmie R. Mayfield, Jr.
  • Patent number: 9450925
    Abstract: Devices, methods, systems, and computer-readable media for auto-commissioning of devices in a communication network are described herein. One or more embodiments include a method for auto-commissioning of a device added to a communication network, comprising: determining properties of signal transitions of the communication network via a device added to the network while the signal transitions of the communication network are passing unchanged, and processing the signal transitions of the communication network, via the device, based on the properties of the signal transitions.
    Type: Grant
    Filed: August 29, 2014
    Date of Patent: September 20, 2016
    Assignee: Honeywell Inernational Inc.
    Inventor: Kevin Raymond Driscoll
  • Patent number: 9385867
    Abstract: Hierarchical predicate encryption (HPE) for inner products with enhanced efficiency of operations. A cryptographic processing system includes a key generation device, an encryption device, and a decryption device. The key generation device generates, as a decryption key skL, a vector in which predicate information v{right arrow over ( )}t is embedded in a basis vector of a basis B*t for each integer t of t=1, . . . , L. The encryption device generates, as a ciphertext ct, a vector in which attribute information x{right arrow over ( )}t is embedded in a basis vector of a basis Bt for at least some integer t of t=1, . . . , L. The decryption device performs a pairing operation on the decryption key skL generated by the key generation device and the ciphertext ct generated by the encryption device, and decrypts the ciphertext ct.
    Type: Grant
    Filed: December 12, 2011
    Date of Patent: July 5, 2016
    Assignees: Mitsubishi Electric Corporation, NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Katsuyuki Takashima, Tatsuaki Okamoto
  • Patent number: 9306745
    Abstract: According to one embodiment, a method for implementing secure key management is provided. The method includes populating a section of information associated with a key, the section being populated with information relating to how the key was created. The method also includes populating the section with information relating to how the key was acquired by a secure module; and binding the section to the key, wherein the key is encrypted.
    Type: Grant
    Filed: October 15, 2012
    Date of Patent: April 5, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
  • Patent number: 9306742
    Abstract: A first portion of a cryptographic key can be conveyed through a secure channel to a device that can interact with a home network. After the first portion is received, a prompt can be sent by the recipient of the portion through a non-secure channel to the sender of the portion to send a second portion of the key. The cryptographic key can be constituted from the received portions and used by the device to secure communications with home network.
    Type: Grant
    Filed: February 5, 2013
    Date of Patent: April 5, 2016
    Assignee: Google Inc.
    Inventors: Girts Folkmanis, Paul Heninwolf
  • Patent number: 9172529
    Abstract: Methods, systems, and computer programs for using hybrid encryption schemes are disclosed. In some implementations, a random value is obtained by a pseudorandom generator. A symmetric key is generated based on the random value. A public component is also generated based on the random value. Additionally, an initialization vector is generated based on the random value. The symmetric key and the initialization vector are used to generate an encrypted message based on an input message. The encrypted message and the public component are transmitted to an entity. At least one of the public component or the symmetric key is generated based additionally on a public key of the entity.
    Type: Grant
    Filed: September 16, 2011
    Date of Patent: October 27, 2015
    Assignee: Certicom Corp.
    Inventor: Gregory Marc Zaverucha
  • Patent number: 9141814
    Abstract: Computer systems and methods ensuring high availability of cryptographic keys using a shared file system. The keys are encrypted with at least one shareable master key to generate corresponding encrypted cryptographic keys, which are stored in a key database in the shared file system. A master key manager with access to the key database is elected from among master key manager candidates and is assigned a common virtual address. All master key manager candidates have the shareable master key such that during a failover event the availability of the encrypted cryptographic keys is not interrupted as a new master key manager takes over the common virtual address from the previous master key manager. Additionally, a message authentication code (MAC) is deployed for testing the integrity of keys during their retrieval.
    Type: Grant
    Filed: June 3, 2014
    Date of Patent: September 22, 2015
    Assignee: ZETTASET, Inc.
    Inventor: Eric A. Murray
  • Patent number: 9137011
    Abstract: Technologies are generally described for providing rapid data encryption and decryption for secure communication over an open channel with plausible deniability. In some examples, a single bit of information may be encoded by many alternative combinations of bits thus providing high security as well as enabling a single ciphertext to encrypt several different plaintexts of the same length simultaneously. The ability to encrypt several different plaintexts of the same length simultaneously may allow plausible deniability of messages. Encryption speed may be enhanced through accumulation of useful bit sets with desired properties in advance for later use. When the need arises, several plaintexts of the same size may be encrypted into a single ciphertext using accumulated bit combinations corresponding to different secret keys.
    Type: Grant
    Filed: May 7, 2013
    Date of Patent: September 15, 2015
    Assignee: Empire Technology Development LLC
    Inventor: Alexander Y. Davydov
  • Patent number: 9106406
    Abstract: According to an embodiment, a communication apparatus includes a key storage unit configured to store therein a cryptographic key; a receiving unit configured to receive a message; an analyzing unit configured to analyze whether the message includes an access request for the cryptographic key; a generating unit configured to, when the message includes the access request, generate request information used to request an access to the cryptographic key requested by the access request; and an access controller configured to control the access to the cryptographic key based on the request information.
    Type: Grant
    Filed: August 28, 2012
    Date of Patent: August 11, 2015
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Shinichi Baba, Yoshimichi Tanizawa, Hideaki Sato
  • Patent number: 9047491
    Abstract: The subject matter herein relates to data processing and, more particularly, to encryption acceleration. Various embodiments herein provide devices and systems including a standardized encryption application programming interface embedded in firmware to perform encryption services. Some such embodiments move encryption operations away from operating system processes into firmware. As a result, encryption operations are generally accelerated.
    Type: Grant
    Filed: June 22, 2011
    Date of Patent: June 2, 2015
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Michael Rothman
  • Patent number: 9042554
    Abstract: Methods, apparatus, and articles of manufacture to encode auxiliary data into text data and methods, apparatus, and articles of manufacture to obtain encoded data from text data are disclosed. An example method to embed auxiliary data into text data includes assigning source data to one of a plurality of groups, the source data comprising text data, identifying a symbol to be added to the source data based on an assigned group of the source data, and generating encoded data by including in the source data a text character representative of the symbol.
    Type: Grant
    Filed: November 30, 2012
    Date of Patent: May 26, 2015
    Assignee: The Nielsen Company (US), LLC
    Inventors: Nikolay Georgiev, Leonid Ayzenshtat
  • Patent number: 9021272
    Abstract: The present invention relates to key management in a secure microcontroller, and more particularly, to systems, devices and methods of automatically and transparently employing logic or physical address based keys that may also be transferred using dedicated buses. A cryptographic engine translates a logic address to at least one physical address, and processes a corresponding data word based on at least one target key. The target key is selected from a plurality of keys based on the logic or physical address. A universal memory controller stores each processed data word in the corresponding physical address within a memory. Each key is associated with a memory region within the memory, and therefore, the logic or physical address associated with a memory region may be used to automatically identify the corresponding target key. A dedicated secure link may be used to transport key request commands and the plurality of keys.
    Type: Grant
    Filed: August 28, 2012
    Date of Patent: April 28, 2015
    Assignee: Maxim Integrated Products, Inc.
    Inventors: Vincent Debout, Frank Lhermet, Yann Yves René Loisel, Grégory Rome, Christophe Tremlet
  • Patent number: 9009479
    Abstract: Techniques are described for enabling authentication and/or key agreement between communications network stations and service networks. The techniques described include the negotiation and use of a cryptographic primitive shared between a service network and a home environment of a station. The techniques described also feature a key usage indicator, such as a sequence number, maintained by the service network and a station. Comparison of the key usage indicators can, for example, permit efficient authentication of the service network.
    Type: Grant
    Filed: December 10, 2012
    Date of Patent: April 14, 2015
    Assignee: Verizon Laboratories Inc.
    Inventor: Christopher P. Carroll
  • Patent number: 8959333
    Abstract: Method for providing a mesh key which can be used to encrypt messages between a first node and a second node of a mesh network, wherein a session key is generated when authenticating the first node in an authentication server, the first node and the authentication server or an authentication proxy server using a predefined key derivation function to derive the mesh key from said session key, which mesh key is transmitted to the second node.
    Type: Grant
    Filed: May 29, 2007
    Date of Patent: February 17, 2015
    Assignee: Nokia Siemens Networks GmbH & Co. KG
    Inventors: Rainer Falk, Florian Kohlmayer
  • Patent number: 8958555
    Abstract: In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial fn(x), including: receiving the first polynomial v(x) modulo the second polynomial fn(x), where the second polynomial is of a form fn(x)=xn±1, where n=2k and k is an integer greater than 0; computing lowest two coefficients of a third polynomial g(z) that is a function of the first polynomial and the second polynomial, where g(z)?i=0n?1(v(?i)?z), where ?0, ?1, . . . , ?n?1 are roots of the second polynomial fn(x) over a field; outputting the lowest coefficient of g(z) as the resultant; and outputting the second lowest coefficient of g(z) divided by n as the free term of the scaled inverse of the first polynomial v(x) modulo the second polynomial fn(x).
    Type: Grant
    Filed: June 19, 2013
    Date of Patent: February 17, 2015
    Assignee: International Business Machines Corporation
    Inventors: Craig B. Gentry, Shai Halevi
  • Patent number: 8953794
    Abstract: A short-range communication tag includes a transmitter, a clock circuit providing a clock value and a memory containing a unique identification value. The tag further includes a processor which generates encryption keys with a period of K seconds and combines the unique identification value with the encryption key, according to a predetermined encryption method, to generate an obfuscated unique identification value. The tag further includes a short-range transmitter to transmit the tag identification value.
    Type: Grant
    Filed: August 1, 2013
    Date of Patent: February 10, 2015
    Assignee: Cambridge Silicon Radio Limited
    Inventor: Nicolas Graube
  • Patent number: 8954740
    Abstract: A server receives identifying information of a user of a client device and data encrypted with a public key of a group, where the encrypted data includes an encrypted session key for secure content. The server determines whether the user is a member of the group using the identifying information of the user. If the user is a member of the group, the server decrypts the encrypted session key using a private key of the group, and causes the client device to obtain a session key to access the secure content.
    Type: Grant
    Filed: October 4, 2010
    Date of Patent: February 10, 2015
    Assignee: Symantec Corporation
    Inventors: Vincent E. Moscaritolo, Damon Cokenias, David Finkelstein
  • Patent number: 8929542
    Abstract: It is an object of this invention to implement a predicate encryption scheme with delegation capability. A cryptographic process is performed using dual vector spaces (dual distortion vector spaces) of a space V and a space V* paired through a pairing operation. An encryption device generates as a cipher vector a vector of the space V, the cipher vector being a vector in which transmission information is embedded. Using a predetermined vector of the space V* as a key vector, a decryption device performs the pairing operation on the cipher vector generated by the encryption device and the key vector to decrypt the cipher vector and to extract information concerning the transmission information. In particular, the encryption device and the decryption device perform the cryptographic process without using some dimensions of the space V and the space V*.
    Type: Grant
    Filed: December 20, 2010
    Date of Patent: January 6, 2015
    Assignees: Mitsubishi Electric Corporation, Nippon Telegraph and Telephone Corporation
    Inventors: Katsuyuki Takashima, Tatsuaki Okamoto
  • Patent number: 8931084
    Abstract: Methods and systems for cross-site scripting (XSS) defense are described herein. An embodiment includes, embedding one or more tags in content at a server to identify executable and non-executable regions in the content and transmitting the content with the tags to a client based on a request from the client. Another embodiment includes receiving content embedded with one or more permission tags from a server, processing the content and the permission tags, and granting permission to a browser to execute executable content in the content based on the permission tags. A method embodiment also includes receiving content embedded with one or more verify tags from a server, performing an integrity check using the verify tags and granting permission to a browser to execute executable content in the content based on the integrity check.
    Type: Grant
    Filed: September 11, 2009
    Date of Patent: January 6, 2015
    Assignee: Google Inc.
    Inventors: Cem Paya, Johann Tomas Sigurdsson, Sumit Gwalani