Control Vector Or Tag Patents (Class 380/280)
  • Patent number: 10285055
    Abstract: A server device of an authentication system includes: an optical signal communication unit that causes optical signal transmitters to repeatedly transmit modulated optical signals, by notifying, of pieces of partial authentication information stored in an authentication information management unit, the optical signal transmitters respectively related to the pieces of partial authentication information; and an authentication processing unit that authenticates, when authentication is requested from a client device, the client device, based on integrated authentication information notified with the request, and integrated authentication information before being segmented into the respective pieces of partial authentication information notified by the optical signal communication unit.
    Type: Grant
    Filed: April 20, 2016
    Date of Patent: May 7, 2019
    Assignee: MINEBEA MITSUMI INC.
    Inventor: Kunihiko Hatta
  • Patent number: 10264009
    Abstract: A predictive engine for analyzing existing vulnerability information to determine the likelihood of a vulnerability being exploited by malicious actors against a particular computer or network of computers. The predictive engine relies on multiple data sources providing historical vulnerability information, a plurality of predictive models, and periodic retraining of the prediction ensemble utilizing predictive models. Modeling schemes may also be used when retraining the predictive models forming the prediction ensemble.
    Type: Grant
    Filed: July 26, 2016
    Date of Patent: April 16, 2019
    Assignee: BOOZ ALLEN HAMILTON INC.
    Inventors: Eric Smyth, Aaron Sant-Miller, Kevin Field
  • Patent number: 10237279
    Abstract: There is provided a method comprising: receiving, by an apparatus of a data center, a request message from a server computer of said data center, the apparatus and the server computer being physically separate entities communicatively coupled with each other, said message requesting data center specific information stored into a read-only memory area of the apparatus; initiating deciphering of the request message in response to receiving the request message; and as a response to successfully deciphering the request message, transmitting a response message to the server computer, said message comprising the data center specific information acquired from the read-only memory area of the apparatus.
    Type: Grant
    Filed: February 8, 2018
    Date of Patent: March 19, 2019
    Assignee: NOKIA SOLUTIONS AND NETWORKS OY
    Inventors: Leo Tapani Hippelainen, Ian Justin Oliver, Shankar Lal
  • Patent number: 10154016
    Abstract: The disclosure provides for two or more transceiver devices and a system that utilizes one or more encrypters and one or more decrypters comprising one or more communication sources that provides transmission(s) and at least one connector, wherein transmission(s) from one or more communications sources enter a first transceiver through the connector and travels to a randomized encrypted data sub-channels (REDS) encrypter and wherein the (REDS) encrypter securely sends encrypted transmission(s) to a second transceiver. The encrypted transmission(s) enter a second transceiver and are sent to a randomized decrypted data sub-channels (RDDS) decrypter wherein the transmission(s) are decrypted.
    Type: Grant
    Filed: June 12, 2018
    Date of Patent: December 11, 2018
    Assignee: IRONCLAD ENCRYPTION CORPORATION
    Inventor: Daniel Maurice Lerner
  • Patent number: 10095882
    Abstract: In one embodiment, a method for securing data on a semi-trusted server is implemented on a computing device and includes: receiving at least a current session key from a user device for use during a current session, where the current session key is suitable for encrypting data and for decrypting data encrypted with the current session key, decrypting communications received from the user device during the session with said session key, encrypting with the session key at least one of communications to be sent to said user device and personal data generated during the session, storing the encrypted personal data, and discarding the current session key upon completion of the session, thereby limiting possible access to the stored encrypted personal data other than during the session. Related apparatus and methods are also described.
    Type: Grant
    Filed: August 18, 2014
    Date of Patent: October 9, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Erez Waisbard, Anna Schnaiderman
  • Patent number: 9998293
    Abstract: A method and a device for maintaining a multicast group member are disclosed. The method includes sending a query message to a switch at intervals of a preset period, so that the switch sends the query message to each multicast group member included in a multicast group; acquiring a count value of current period query responses received by the switch in a current period; and maintaining, according to the count value of current period query responses and a count value of previous period query responses, the multicast group member included in the multicast group. The device includes a first sending module, an acquiring module, and a maintenance module. In the present disclosure, a multicast group member is maintained using a flow table maintained in a switch, which decreases load of a controller, and improves processing efficiency of maintaining, by the controller, the multicast group member.
    Type: Grant
    Filed: October 27, 2016
    Date of Patent: June 12, 2018
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Chenji Li, Quancai Li, Bo Man
  • Patent number: 9912830
    Abstract: A data processing apparatus determines whether or not administrator authority of a user is set, and whether access is made locally or from the network. When the access is made locally, even if the user has the administrator authority, folders of all users are not displayed. The folders of all users are displayed only when the user having the administrator authority accesses from the network.
    Type: Grant
    Filed: July 2, 2015
    Date of Patent: March 6, 2018
    Assignee: Canon Kabushiki Kaisha
    Inventor: Takafumi Mizuno
  • Patent number: 9818108
    Abstract: Systems and methods for updating a transactional device having a reader is provided. In one embodiment, the method includes: reading data on a command token, wherein the data is stored in a memory device; identifying the token as a command token based on the data; generating transaction data that include an instruction based on the token data and a code identifying the instruction as a command data; and transmitting the transaction data to a remote device for command execution.
    Type: Grant
    Filed: December 10, 2007
    Date of Patent: November 14, 2017
    Assignee: VERIFONE, INC.
    Inventors: Clay von Mueller, Scott R. Yale, Patrick K. Hazel, Paul Catinella
  • Patent number: 9807062
    Abstract: A method and apparatus for enabling a cloud server to provide screen information data indicating a screen to be displayed on a client device are provided. The method of enabling a cloud server to provide screen information data relating to a screen to be displayed on a client device includes: generating the screen information data; determining whether or not to protect the generated screen information data based on characteristics of an object configuring the screen; encrypting the provided screen information data based on the determining; and transmitting the encrypted the screen information data to the client device.
    Type: Grant
    Filed: September 26, 2013
    Date of Patent: October 31, 2017
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Sung-bum Park, Yong-je Kim, Myung-jin Eom, Dae-Sung Cho, Woong-il Choi
  • Patent number: 9793960
    Abstract: An NFC device may include a first and second controller interfaces, a first communication channel coupled to the first controller interface, and a second communication channel connected to the second controller interface. A secure element may include a secure element interface connected to the first communication channel and encryption/decryption circuitry configured to encrypt data to be sent on the first communication channel for being framed into the encrypted frames and to decrypt encrypted data extracted from the encrypted frames and received from the first communication channel. The secure element may also include management circuitry configured to control the encryption/decryption circuitry for managing the encrypted communication with the NFC controller.
    Type: Grant
    Filed: July 17, 2013
    Date of Patent: October 17, 2017
    Assignees: STMicroelectronics (Rousset) SAS, STMicroelectronics Application GMBH
    Inventors: Juergen Boehler, Alexandre Charles
  • Patent number: 9787479
    Abstract: There is described a challenge-response method for a client device. The method comprises steps of: (a) receiving challenge data, wherein the challenge data is content encrypted using an encryption key, the content including a nonce; (b) using a secured module of the client device to access the content by decrypting the challenge data using a decryption key of the secured module, the decryption key corresponding to the encryption key; (c) processing a version of the content output by the secured module so as to obtain the nonce; and (d) providing the nonce as a response. There is also described a client device for implementing the above challenge-response method. There is also described a computer program which, when executed by a processor, causes the processor to carry out the above challenge-response method. Finally, there is described a computer readable medium storing the above-mentioned computer program.
    Type: Grant
    Filed: March 27, 2013
    Date of Patent: October 10, 2017
    Assignee: IRDETO B.V.
    Inventors: Andrew Augustine Wajs, Calin Ciordas, Fan Zhang
  • Patent number: 9767322
    Abstract: A method of protecting information in a data storage device is provided. The method includes receiving, in the data storage device, encrypted data via a host computer in which the data storage device is employed. The encrypted data is then decrypted, and re-encrypted, in the data storage device, either before storage or just before data is transferred back to the host computer. The decryption and re-encryption (transcription) is performed substantially independently of the host computer. In addition, a data storage device, readable by a computer system, for implementing the above method for protecting information is provided.
    Type: Grant
    Filed: August 28, 2014
    Date of Patent: September 19, 2017
    Assignee: Seagate Technology LLC
    Inventors: Laszlo Hars, Robert H Thibadeau
  • Patent number: 9742762
    Abstract: Techniques for utilizing a trusted platform module of a host device are described. According to various embodiments, a client device that does not include a trusted platform module (TPM) may leverage a TPM of a host device to provide trust services to the client device.
    Type: Grant
    Filed: December 1, 2014
    Date of Patent: August 22, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Ronald Aigner, Merzin Kapadia, Stuart H. Schaefer, Robert Karl Spiger
  • Patent number: 9729521
    Abstract: Devices, methods, systems, and computer-readable media for auto-commissioning of devices in a communication network are described herein. One or more embodiments include a method for auto-commissioning of a device added to a communication network, comprising: determining properties of signal transitions of the communication network via a device added to the network while the signal transitions of the communication network are passing unchanged, and processing the signal transitions of the communication network, via the device, based on the properties of the signal transitions.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: August 8, 2017
    Assignee: Honeywell International Inc.
    Inventor: Kevin Raymond Driscoll
  • Patent number: 9633212
    Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.
    Type: Grant
    Filed: August 26, 2016
    Date of Patent: April 25, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Todd W. Arnold, Elizabeth A. Dames, Charles D. Helfenberger, Richard V. Kisley, Jimmie R. Mayfield, Jr.
  • Patent number: 9607159
    Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.
    Type: Grant
    Filed: December 10, 2014
    Date of Patent: March 28, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Todd W. Arnold, Elizabeth A. Dames, Charles D. Helfenberger, Richard V. Kisley, Jimmie R. Mayfield, Jr.
  • Patent number: 9544135
    Abstract: Disclosed herein are methods of and systems for facilitating decryption of encrypted electronic information to obtain unencrypted electronic information for consumption by an authorized recipient. A decryption server receives a request for decryption sent by a requesting entity. Subsequently, prior to fulfilling the request for decryption, authentication of the requesting entity may be performed based on a secondary credential. The secondary credential may be issued based on the primary credential. Thereafter, the decryption server retrieves the decryption key by communicating with a source entity, such as a certificate authority, that issued the decryption key. Subsequently, the decryption server decrypts the encrypted electronic information utilizing the decryption key. Thereafter, in an embodiment, the decryption server may transmit the unencrypted electronic information to the requesting entity.
    Type: Grant
    Filed: June 12, 2015
    Date of Patent: January 10, 2017
    Inventor: Issam Andoni
  • Patent number: 9497172
    Abstract: A method of encrypting and transferring data between a sender and a receiver using a network thereby transferring data in a secure manner includes the steps of a server receiving from the sender an identifier of the receiver; generating a transfer specific encryption key specific to the transfer; encrypting the data using the generated transfer specific encryption key; the server retrieving information specific to the receiver that is accessed according to the identifier of the receiver received from the sender, and using the retrieved information specific to the receiver to encrypt the transfer specific encryption key; transferring the encrypted data and the encrypted transfer specific encryption key over the network for receipt by the receiver; the server receiving from the receiver the encrypted transfer specific encryption key and identifier of the receiver; the server retrieving information specific to the receiver that is accessed according to the identifier of the receiver received from the receiver, a
    Type: Grant
    Filed: June 26, 2013
    Date of Patent: November 15, 2016
    Assignee: LITERA CORP.
    Inventor: Michael H. Alculumbre
  • Patent number: 9485100
    Abstract: The present invention provides systems and methods for making efficient trust management decisions. A trust management engine is provided that processes requests for system resources, authorizations or certificates, and the identity of one or more root authorities that are ultimately responsible for granting or denying the requests. To determine whether a request should be granted, the trust management engine identifies a set principals from whom authorization may flow, and interprets each of the certificates as a function of the state of one or more of the principals. The processing logic iteratively evaluates the functions represented by the certificates, updates the states of the principals, and repeats this process until a reliable determination can be made as to whether the request should be granted or denied.
    Type: Grant
    Filed: June 15, 2015
    Date of Patent: November 1, 2016
    Assignee: Intertrust Technologies Corporation
    Inventors: Stephen P. Weeks, Xavier Serret-Avila
  • Patent number: 9471796
    Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.
    Type: Grant
    Filed: March 7, 2016
    Date of Patent: October 18, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Todd W. Arnold, Elizabeth A. Dames, Charles D. Helfenberger, Richard V. Kisley, Jimmie R. Mayfield, Jr.
  • Patent number: 9450925
    Abstract: Devices, methods, systems, and computer-readable media for auto-commissioning of devices in a communication network are described herein. One or more embodiments include a method for auto-commissioning of a device added to a communication network, comprising: determining properties of signal transitions of the communication network via a device added to the network while the signal transitions of the communication network are passing unchanged, and processing the signal transitions of the communication network, via the device, based on the properties of the signal transitions.
    Type: Grant
    Filed: August 29, 2014
    Date of Patent: September 20, 2016
    Assignee: Honeywell Inernational Inc.
    Inventor: Kevin Raymond Driscoll
  • Patent number: 9385867
    Abstract: Hierarchical predicate encryption (HPE) for inner products with enhanced efficiency of operations. A cryptographic processing system includes a key generation device, an encryption device, and a decryption device. The key generation device generates, as a decryption key skL, a vector in which predicate information v{right arrow over ( )}t is embedded in a basis vector of a basis B*t for each integer t of t=1, . . . , L. The encryption device generates, as a ciphertext ct, a vector in which attribute information x{right arrow over ( )}t is embedded in a basis vector of a basis Bt for at least some integer t of t=1, . . . , L. The decryption device performs a pairing operation on the decryption key skL generated by the key generation device and the ciphertext ct generated by the encryption device, and decrypts the ciphertext ct.
    Type: Grant
    Filed: December 12, 2011
    Date of Patent: July 5, 2016
    Assignees: Mitsubishi Electric Corporation, NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Katsuyuki Takashima, Tatsuaki Okamoto
  • Patent number: 9306742
    Abstract: A first portion of a cryptographic key can be conveyed through a secure channel to a device that can interact with a home network. After the first portion is received, a prompt can be sent by the recipient of the portion through a non-secure channel to the sender of the portion to send a second portion of the key. The cryptographic key can be constituted from the received portions and used by the device to secure communications with home network.
    Type: Grant
    Filed: February 5, 2013
    Date of Patent: April 5, 2016
    Assignee: Google Inc.
    Inventors: Girts Folkmanis, Paul Heninwolf
  • Patent number: 9306745
    Abstract: According to one embodiment, a method for implementing secure key management is provided. The method includes populating a section of information associated with a key, the section being populated with information relating to how the key was created. The method also includes populating the section with information relating to how the key was acquired by a secure module; and binding the section to the key, wherein the key is encrypted.
    Type: Grant
    Filed: October 15, 2012
    Date of Patent: April 5, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
  • Patent number: 9172529
    Abstract: Methods, systems, and computer programs for using hybrid encryption schemes are disclosed. In some implementations, a random value is obtained by a pseudorandom generator. A symmetric key is generated based on the random value. A public component is also generated based on the random value. Additionally, an initialization vector is generated based on the random value. The symmetric key and the initialization vector are used to generate an encrypted message based on an input message. The encrypted message and the public component are transmitted to an entity. At least one of the public component or the symmetric key is generated based additionally on a public key of the entity.
    Type: Grant
    Filed: September 16, 2011
    Date of Patent: October 27, 2015
    Assignee: Certicom Corp.
    Inventor: Gregory Marc Zaverucha
  • Patent number: 9141814
    Abstract: Computer systems and methods ensuring high availability of cryptographic keys using a shared file system. The keys are encrypted with at least one shareable master key to generate corresponding encrypted cryptographic keys, which are stored in a key database in the shared file system. A master key manager with access to the key database is elected from among master key manager candidates and is assigned a common virtual address. All master key manager candidates have the shareable master key such that during a failover event the availability of the encrypted cryptographic keys is not interrupted as a new master key manager takes over the common virtual address from the previous master key manager. Additionally, a message authentication code (MAC) is deployed for testing the integrity of keys during their retrieval.
    Type: Grant
    Filed: June 3, 2014
    Date of Patent: September 22, 2015
    Assignee: ZETTASET, Inc.
    Inventor: Eric A. Murray
  • Patent number: 9137011
    Abstract: Technologies are generally described for providing rapid data encryption and decryption for secure communication over an open channel with plausible deniability. In some examples, a single bit of information may be encoded by many alternative combinations of bits thus providing high security as well as enabling a single ciphertext to encrypt several different plaintexts of the same length simultaneously. The ability to encrypt several different plaintexts of the same length simultaneously may allow plausible deniability of messages. Encryption speed may be enhanced through accumulation of useful bit sets with desired properties in advance for later use. When the need arises, several plaintexts of the same size may be encrypted into a single ciphertext using accumulated bit combinations corresponding to different secret keys.
    Type: Grant
    Filed: May 7, 2013
    Date of Patent: September 15, 2015
    Assignee: Empire Technology Development LLC
    Inventor: Alexander Y. Davydov
  • Patent number: 9106406
    Abstract: According to an embodiment, a communication apparatus includes a key storage unit configured to store therein a cryptographic key; a receiving unit configured to receive a message; an analyzing unit configured to analyze whether the message includes an access request for the cryptographic key; a generating unit configured to, when the message includes the access request, generate request information used to request an access to the cryptographic key requested by the access request; and an access controller configured to control the access to the cryptographic key based on the request information.
    Type: Grant
    Filed: August 28, 2012
    Date of Patent: August 11, 2015
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Shinichi Baba, Yoshimichi Tanizawa, Hideaki Sato
  • Patent number: 9047491
    Abstract: The subject matter herein relates to data processing and, more particularly, to encryption acceleration. Various embodiments herein provide devices and systems including a standardized encryption application programming interface embedded in firmware to perform encryption services. Some such embodiments move encryption operations away from operating system processes into firmware. As a result, encryption operations are generally accelerated.
    Type: Grant
    Filed: June 22, 2011
    Date of Patent: June 2, 2015
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Michael Rothman
  • Patent number: 9042554
    Abstract: Methods, apparatus, and articles of manufacture to encode auxiliary data into text data and methods, apparatus, and articles of manufacture to obtain encoded data from text data are disclosed. An example method to embed auxiliary data into text data includes assigning source data to one of a plurality of groups, the source data comprising text data, identifying a symbol to be added to the source data based on an assigned group of the source data, and generating encoded data by including in the source data a text character representative of the symbol.
    Type: Grant
    Filed: November 30, 2012
    Date of Patent: May 26, 2015
    Assignee: The Nielsen Company (US), LLC
    Inventors: Nikolay Georgiev, Leonid Ayzenshtat
  • Patent number: 9021272
    Abstract: The present invention relates to key management in a secure microcontroller, and more particularly, to systems, devices and methods of automatically and transparently employing logic or physical address based keys that may also be transferred using dedicated buses. A cryptographic engine translates a logic address to at least one physical address, and processes a corresponding data word based on at least one target key. The target key is selected from a plurality of keys based on the logic or physical address. A universal memory controller stores each processed data word in the corresponding physical address within a memory. Each key is associated with a memory region within the memory, and therefore, the logic or physical address associated with a memory region may be used to automatically identify the corresponding target key. A dedicated secure link may be used to transport key request commands and the plurality of keys.
    Type: Grant
    Filed: August 28, 2012
    Date of Patent: April 28, 2015
    Assignee: Maxim Integrated Products, Inc.
    Inventors: Vincent Debout, Frank Lhermet, Yann Yves René Loisel, Grégory Rome, Christophe Tremlet
  • Patent number: 9009479
    Abstract: Techniques are described for enabling authentication and/or key agreement between communications network stations and service networks. The techniques described include the negotiation and use of a cryptographic primitive shared between a service network and a home environment of a station. The techniques described also feature a key usage indicator, such as a sequence number, maintained by the service network and a station. Comparison of the key usage indicators can, for example, permit efficient authentication of the service network.
    Type: Grant
    Filed: December 10, 2012
    Date of Patent: April 14, 2015
    Assignee: Verizon Laboratories Inc.
    Inventor: Christopher P. Carroll
  • Patent number: 8958555
    Abstract: In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial fn(x), including: receiving the first polynomial v(x) modulo the second polynomial fn(x), where the second polynomial is of a form fn(x)=xn±1, where n=2k and k is an integer greater than 0; computing lowest two coefficients of a third polynomial g(z) that is a function of the first polynomial and the second polynomial, where g(z)?i=0n?1(v(?i)?z), where ?0, ?1, . . . , ?n?1 are roots of the second polynomial fn(x) over a field; outputting the lowest coefficient of g(z) as the resultant; and outputting the second lowest coefficient of g(z) divided by n as the free term of the scaled inverse of the first polynomial v(x) modulo the second polynomial fn(x).
    Type: Grant
    Filed: June 19, 2013
    Date of Patent: February 17, 2015
    Assignee: International Business Machines Corporation
    Inventors: Craig B. Gentry, Shai Halevi
  • Patent number: 8959333
    Abstract: Method for providing a mesh key which can be used to encrypt messages between a first node and a second node of a mesh network, wherein a session key is generated when authenticating the first node in an authentication server, the first node and the authentication server or an authentication proxy server using a predefined key derivation function to derive the mesh key from said session key, which mesh key is transmitted to the second node.
    Type: Grant
    Filed: May 29, 2007
    Date of Patent: February 17, 2015
    Assignee: Nokia Siemens Networks GmbH & Co. KG
    Inventors: Rainer Falk, Florian Kohlmayer
  • Patent number: 8954740
    Abstract: A server receives identifying information of a user of a client device and data encrypted with a public key of a group, where the encrypted data includes an encrypted session key for secure content. The server determines whether the user is a member of the group using the identifying information of the user. If the user is a member of the group, the server decrypts the encrypted session key using a private key of the group, and causes the client device to obtain a session key to access the secure content.
    Type: Grant
    Filed: October 4, 2010
    Date of Patent: February 10, 2015
    Assignee: Symantec Corporation
    Inventors: Vincent E. Moscaritolo, Damon Cokenias, David Finkelstein
  • Patent number: 8953794
    Abstract: A short-range communication tag includes a transmitter, a clock circuit providing a clock value and a memory containing a unique identification value. The tag further includes a processor which generates encryption keys with a period of K seconds and combines the unique identification value with the encryption key, according to a predetermined encryption method, to generate an obfuscated unique identification value. The tag further includes a short-range transmitter to transmit the tag identification value.
    Type: Grant
    Filed: August 1, 2013
    Date of Patent: February 10, 2015
    Assignee: Cambridge Silicon Radio Limited
    Inventor: Nicolas Graube
  • Patent number: 8929542
    Abstract: It is an object of this invention to implement a predicate encryption scheme with delegation capability. A cryptographic process is performed using dual vector spaces (dual distortion vector spaces) of a space V and a space V* paired through a pairing operation. An encryption device generates as a cipher vector a vector of the space V, the cipher vector being a vector in which transmission information is embedded. Using a predetermined vector of the space V* as a key vector, a decryption device performs the pairing operation on the cipher vector generated by the encryption device and the key vector to decrypt the cipher vector and to extract information concerning the transmission information. In particular, the encryption device and the decryption device perform the cryptographic process without using some dimensions of the space V and the space V*.
    Type: Grant
    Filed: December 20, 2010
    Date of Patent: January 6, 2015
    Assignees: Mitsubishi Electric Corporation, Nippon Telegraph and Telephone Corporation
    Inventors: Katsuyuki Takashima, Tatsuaki Okamoto
  • Patent number: 8931084
    Abstract: Methods and systems for cross-site scripting (XSS) defense are described herein. An embodiment includes, embedding one or more tags in content at a server to identify executable and non-executable regions in the content and transmitting the content with the tags to a client based on a request from the client. Another embodiment includes receiving content embedded with one or more permission tags from a server, processing the content and the permission tags, and granting permission to a browser to execute executable content in the content based on the permission tags. A method embodiment also includes receiving content embedded with one or more verify tags from a server, performing an integrity check using the verify tags and granting permission to a browser to execute executable content in the content based on the integrity check.
    Type: Grant
    Filed: September 11, 2009
    Date of Patent: January 6, 2015
    Assignee: Google Inc.
    Inventors: Cem Paya, Johann Tomas Sigurdsson, Sumit Gwalani
  • Patent number: 8862867
    Abstract: The disclosure discloses a method for protecting security of layer-3 mobility user plane data in Next Generation Network (NGN), includes: performing authentication by a terminal with an authentication server; after the authentication is passed, obtaining a shared key material by both the terminal and the authentication server; generating, by the terminal and the authentication server, a mobility data security key according to the shared key material; transmitting, by the authentication server, the generated mobility data security key to a mobility data transmission module; protecting security of the layer-3 mobility user plane data, by the terminal and the mobility data transmission module, by using the mobility data security key. The disclosure also discloses a system for protecting security of layer-3 mobility user plane data in NGN.
    Type: Grant
    Filed: March 22, 2010
    Date of Patent: October 14, 2014
    Assignee: ZTE Corporation
    Inventors: Hongyan Wang, Yinxing Wei
  • Patent number: 8848922
    Abstract: Secure information is managed for each host or machine in an electronic environment using a series of key identifiers that each represent one or more secure keys, passwords, or other secure information. Applications and services needing access to the secure information can specify the key identifier, for example, and the secure information currently associated with that identifier can be determined without any change to the code or manual input or exposure of the secure information on the respective device. Functionality such as encryption key management and rotation are inaccessible and transparent to the user. In a networked or distributed environment, the key identifiers can be associated with host classes such that at startup any host in a class can obtain the necessary secure information. Updates and key rotation can be performed in a similar fashion by pushing updates to host classes transparent to a user, application, or service.
    Type: Grant
    Filed: November 26, 2012
    Date of Patent: September 30, 2014
    Assignee: Amazon Technologies, Inc.
    Inventors: Cyrus J. Durgin, Pratik S. Dave, Eric J. Martin
  • Patent number: 8848923
    Abstract: A method for control ling information object (102) usage in a network of information (100) wherein information objects (102) are identified by information object identities and locations of the information objects (102) are indicated by location pointing information, the method comprising receiving (5b) an encrypted information object (102), sending (7) to a resolution node (D200) a request for location pointing information of a key issuing node (D300), the request comprising an identity of the received information object (102), receiving (8) the location pointing information of the key issuing node (D300), sending (9) to the key issuing node (D300) a request for an access key (104) for decrypting the encrypted information object (102), the request comprising the identity of the received information object (102), receiving (11) the access key (104), and decrypting (12) the received encrypted information object (102) with the received access key (104).
    Type: Grant
    Filed: June 5, 2009
    Date of Patent: September 30, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Rene Rembarz, Daniel Catrein, Frank Hartung
  • Patent number: 8832429
    Abstract: Method for operating a smart grid including a plurality of smart meters configured to monitor at least one physical measured quantity and to provide measurement results of the at least one physical measured quantity to a central entity, includes the following steps: partitioning the smart grid into groups of smart meters, such that each of the smart meters belongs to exactly one group, all smart meters of one of the groups encrypt their measured value by applying a bihomomorphic encryption scheme and send it to the central entity, one smart meter per group is designated as key aggregator to which all smart meters of that group send their key employed for the encryption, the key aggregator computes the aggregation of all received keys and sends the aggregated key to the central entity, the central entity aggregates all received encrypted measured values and decrypts the aggregation by employing the aggregated key.
    Type: Grant
    Filed: January 31, 2011
    Date of Patent: September 9, 2014
    Assignees: NEC Europe Ltd., Universidad de Murcia
    Inventors: Felix Gomez Marmol, Christoph Sorge, Osman Ugus, Gregorio Martinez Perez, Alban Hessler
  • Patent number: 8812848
    Abstract: A method, user equipment (UE) and system are provided for negotiating a security capability during idle state mobility of the UE from a non-long term evolution (non-LTE) network to a long term evolution (LTE) network. The UE sends UE security capabilities supported by the UE to the LTE network for a non-access stratum (NAS) security algorithm selection use. The UE then receives from the LTE network selected NAS security algorithm. The UE further generates a root key from an authentication vector-related key stored at the UE and then derives, from the generated root key, a NAS protection key for security communication with the LTE network.
    Type: Grant
    Filed: January 3, 2014
    Date of Patent: August 19, 2014
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Chengdong He
  • Patent number: 8788811
    Abstract: A method and system for server-side key generation for non-token clients is described.
    Type: Grant
    Filed: May 28, 2010
    Date of Patent: July 22, 2014
    Assignee: Red Hat, Inc.
    Inventors: Christina Fu, Andrew Wnuk
  • Patent number: 8787573
    Abstract: A cipher communication method for an encryption apparatus an includes: receiving a second encryption key while performing a cipher communication using a first encryption key; storing encryption key input information on the first and second encryption keys in a static region; copying the stored encryption key input information into a dynamic region; selecting any one of the first and second encryption keys based on the copied encryption key input information and current time information; generating encryption key position information and encryption key selection information on the selected encryption key; and transmitting a cipher text and the encryption key selection information to another encryption apparatus connected to the encryption apparatus through a network such that the another encryption apparatus acquires an encryption key to decrypt the cipher text.
    Type: Grant
    Filed: August 10, 2012
    Date of Patent: July 22, 2014
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Taek-Jun Nam, Byeong-Ho Ahn
  • Patent number: 8787578
    Abstract: Method and apparatus for encrypting transmission traffic at separate protocol layers L1, L2, and L3 so that separate encryption elements can be assigned to separate types of transmission traffic, which allows the implementation of different levels of encryption according to service requirements. Encryption elements use variable value inputs, called crypto-syncs, along with semi-permanent encryption keys to protect from replay attacks from rogue mobile stations. Since crypto-sync values vary, a method for synchronizing crypto-syncs at the mobile station and base station is also presented.
    Type: Grant
    Filed: November 7, 2005
    Date of Patent: July 22, 2014
    Assignee: QUALCOMM Incorporated
    Inventors: Ramin Rezaiifar, Roy F. Quick, Jr., Paul Williamson, Jun Wang, Edward G. Tiedemann, Jr.
  • Patent number: 8789172
    Abstract: Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.
    Type: Grant
    Filed: March 18, 2009
    Date of Patent: July 22, 2014
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Salvatore J. Stolfo, Wei-Jen Li, Angelos D. Keromylis, Elli Androulaki
  • Patent number: 8713321
    Abstract: The invention provides a method of verifiable generation of public keys. According to the method, a self-signed signature is first generated and then used as input to the generation of a pair of private and public keys. Verification of the signature proves that the keys are generated from a key generation process utilizing the signature. A certification authority can validate and verify a public key generated from a verifiable key generation process.
    Type: Grant
    Filed: September 14, 2012
    Date of Patent: April 29, 2014
    Assignee: Certicom Corp.
    Inventor: Daniel R. Brown
  • Patent number: 8687813
    Abstract: Disclosed are methods, circuit, devices and systems for provisioning cryptographic material to a target device. According to embodiments, a cryptographic material provisioning (CMP) module may be adapted to process a provisioning message with a first message portion which is encrypted with a native key of the target device and which includes first cryptographic material along with a first permissions data vector, wherein the CMP may be further adapted to process data bits of a second portion of the provisioning message using the first cryptographic material and in accordance with usage limitations defined in the first permissions data vector.
    Type: Grant
    Filed: December 9, 2010
    Date of Patent: April 1, 2014
    Assignee: Discretix Technologies Ltd.
    Inventor: Hagai Bar-El
  • Patent number: 8677140
    Abstract: A computer-implemented method represents a list of informational items using a bit array. The method converts an informational item to a cryptographic value using a cryptographic algorithm and extracts a plurality of n-bit samples from the cryptographic value. The n-bit samples includes at least a first field and a second field. The first field identifies a group of bits of the bit array and the second field identifies one or more individual bits within the group of bits. The individual bits are set to a pre-determined value according to the first field identifying the group of bits and the second field identifying the individual bits within the group of bits.
    Type: Grant
    Filed: September 12, 2012
    Date of Patent: March 18, 2014
    Assignee: United States Postal Service
    Inventors: Robert F. Snapp, James D. Wilson