Using Master Key (e.g., Key-encrypting-key) Patents (Class 380/281)
  • Patent number: 11194562
    Abstract: A method at a domain controller for software update control, the method including receiving, at the domain controller, a software update package; verifying, at the domain controller, a source of the software update package; unbundling the software update package into at least one software update, each of the at least one software update being destined for a control unit managed by the domain controller; signing each of the at least one software update; and forwarding each signed software update to the control unit for which the software update is destined.
    Type: Grant
    Filed: May 19, 2017
    Date of Patent: December 7, 2021
    Assignee: BlackBerry Limited
    Inventor: Marcus Klische
  • Patent number: 11171922
    Abstract: A VPN box is connected upstream of a field device. The VPN box uses a secret cryptographic key of the field device for authentication when setting up a VPN tunnel and/or when setting up a cryptographically protected communication link.
    Type: Grant
    Filed: September 5, 2011
    Date of Patent: November 9, 2021
    Assignee: Siemens Mobility GmbH
    Inventors: Rainer Falk, Steffen Fries
  • Patent number: 11113408
    Abstract: A method for use in managing a secure object store in a computing system includes: securing the secure object store including creating, maintaining, and using a hierarchical key system and accessing an encrypted data object using the Node Key Encryption Key and a selected one of the Data Encryption Keys. The securing includes: generating a Node Key Encryption Key; generating a plurality of Data Encryption Keys that are encrypted using the Node Key Encryption Key; and encrypting a plurality of data objects using the Data Encryption Keys, each data object being encrypted by a respective Data Encryption Key.
    Type: Grant
    Filed: August 20, 2018
    Date of Patent: September 7, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Gareth David Richards, Michael William Francis Healey, Jr.
  • Patent number: 11106824
    Abstract: Systems and methods of dynamic management of private data during communication between a remote server and a user's device, including receipt of a request for retrieval of at least one data packet from the user's device, wherein the user's device is configured to provide a response corresponding to the received request, determination of at least one communication data type of the at least one data packet corresponding to the received request, receipt of a privacy preference for the user's device, wherein the privacy preference comprises a list of allowed data packet communication types for sharing during communication, modification of data packets corresponding to requests for sharing of responses that are not compatible with the received privacy preference and maintenance of communication between the remote server and the user's device, with sharing of the modified data packet.
    Type: Grant
    Filed: March 28, 2018
    Date of Patent: August 31, 2021
    Assignee: Privacy Rating Ltd.
    Inventors: Yoseph Koren, Yehonatan Wasserman
  • Patent number: 11100383
    Abstract: Living Machine for the Manufacture of Living Knowledge by Living Individuals through the practice of the Living Knowledge Creation Process in Living Knowledge Creation Process Cycles where Living Knowledge Economics operates.
    Type: Grant
    Filed: April 5, 2016
    Date of Patent: August 24, 2021
    Inventor: Ann Racuya-Robbins
  • Patent number: 11070372
    Abstract: A system and method improves operational performance of a computer by enhancing digital security with an added electronic circuit. The electronic circuit stores sensitive data in an un-erasable state such that the sensitive data may not be altered. The electronic circuit limits transfer of the sensitive data only once after each power-up or after each reset of the computer. The electronic circuit prevents access to the sensitive data by an authorized program. The electronic circuit utilizes its own storage medium and a random access memory, the latter of which can receive and store the sensitive data from the non-transitory computer storage medium. The method uses a software driver and a copy-of-copy of first security key obtained from the sensitive data stored on the electronic circuit. The software driver installs a software module on the computer using the copy-of-copy of first security key to encrypt each installed file.
    Type: Grant
    Filed: December 7, 2020
    Date of Patent: July 20, 2021
    Assignee: Atense, Inc.
    Inventor: John Almeida
  • Patent number: 11042816
    Abstract: Vehicle access control is disclosed. In various embodiments, a vehicle reservation from a wireless communication device is received, the vehicle reservation is authenticated, and access to the vehicle is provided after authenticating the vehicle reservation. In various embodiments, a system for vehicle access control includes a vehicle access control component that is configured to provide access to a vehicle and a communication interface for communication with a wireless communication device, a communication interface for communication with a wireless communication device. Access to the vehicle is provided when a vehicle reservation is received from the wireless communication device.
    Type: Grant
    Filed: October 28, 2010
    Date of Patent: June 22, 2021
    Assignee: Getaround, Inc.
    Inventors: Sam Zaid, Vijai Anma, Elliot Kroo, Michael Lee Crogan
  • Patent number: 11012429
    Abstract: Described embodiments provide systems and methods for remapping connections to tunnels selected based on a security level of the communications. A first network device may be in communication with a second network device via a plurality of communication tunnels. The plurality of communication tunnels may include an encrypted communication tunnel and an unencrypted communication tunnel. The first network device may receive a packet, the packet including header information and a payload. The first network device may determine whether the received packet is encrypted to meet a threshold level of security. The first network device may, responsive to determining that the packet is to meet the threshold level of security, communicate an identifier of the payload and the header information to the second network device via the encrypted communication tunnel, and communicate the payload to the second network device via the unencrypted communication tunnel.
    Type: Grant
    Filed: December 5, 2018
    Date of Patent: May 18, 2021
    Assignee: Citrix Systems, Inc.
    Inventors: Praveen Raja Dhanabalan, Surya Prakash Patel, J Mohan Rao Arisankala
  • Patent number: 10999318
    Abstract: A middlebox includes at least one processor and a memory storing one or more executable instructions that, when executed by the least one processor, cause the at least one processor to receive, from a server, a middlebox key that includes an indication of a lifetime of the middlebox key, receive, from a client device, one or more data packets including encrypted header data and a client device identifier, and determine whether to permit a transmission of the one or more data packets to the server or prevent a transmission of the one or more data packets to the server based on the middlebox key, the encrypted header data, and the client device identifier.
    Type: Grant
    Filed: July 5, 2018
    Date of Patent: May 4, 2021
    Assignee: UNIKEN INC.
    Inventors: Robert Alan Levine, Nishant Kaushik, Bimal I. Gandhi
  • Patent number: 10992453
    Abstract: A system architecture providing memory encryption suitable for protection against liquid nitrogen and trace probe attacks. In one embodiment, a method of and system for memory encryption are provided. A write request is received at a memory controller. The write request includes first data and a first address. The memory controller is embedded in a CPU and is operatively coupled to memory external to the CPU. The first data are encrypted at the memory controller to generate encrypted first data. The encrypted first data are written to the memory.
    Type: Grant
    Filed: May 18, 2016
    Date of Patent: April 27, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: John B. Geagan, Dulce B. Ponceleon
  • Patent number: 10984121
    Abstract: A method for protecting content, comprising receiving, from a client device, a request for an encryption key for encrypting the content comprising a reference associated with the client device, identifying a set of supported security capabilities corresponding to the reference associated with the client device, identifying a set of required security capabilities corresponding to the content associated with the key request, determining if the set of supported security capabilities satisfy the set of required security capabilities, and in response to determining that the supported security capabilities satisfy the set of required security capabilities, transmitting the encryption key to the client device.
    Type: Grant
    Filed: August 31, 2018
    Date of Patent: April 20, 2021
    Assignee: ARRIS Enterprises LLC
    Inventors: Ananth Seetharam, Sean J. Higgins, Paul R. Osborne
  • Patent number: 10892895
    Abstract: A system and method improves operational performance of a computer by enhancing digital security with an added electronic circuit. The electronic circuit stores sensitive data in an un-erasable state such that the sensitive data may not be altered. The electronic circuit limits transfer of the sensitive data only once after each power-up or after each reset of the computer. The electronic circuit prevents access to the sensitive data by an authorized program. The electronic circuit utilizes its own storage medium and random access memory, the latter of which can receive and store the sensitive data. The method uses a software driver and a copy-of-copy of first security key obtained from the sensitive data stored on the electronic circuit. The software driver installs a software module on the computer using the copy-of-copy of first security key to encrypt each installed file.
    Type: Grant
    Filed: August 22, 2019
    Date of Patent: January 12, 2021
    Assignee: Atense, Inc.
    Inventor: John Almeida
  • Patent number: 10892903
    Abstract: A communication system includes a first communication system and a second communication terminal. The first communication terminal generates a first shared key, and the second communication terminal generates a second shared key. During an exchange operation, the first communication terminal stores the second shared key of the second communication terminal, and the second communication terminal stores the first shared key of the first communication terminal. During a challenge operation, the first communication terminal sends a challenge string to the second communication terminal, the second communication terminal generates a response string by performing reversible encryption operations to the challenge string with the first shared key and the second shared key, the second communication terminal sends the response string to the first communication terminal, and the first communication terminal verifies the response string.
    Type: Grant
    Filed: April 8, 2019
    Date of Patent: January 12, 2021
    Assignee: eMemory Technology Inc.
    Inventor: Meng-Yi Wu
  • Patent number: 10853784
    Abstract: Embodiments of the invention are directed to a system, method, or computer program product for providing a real-time determination of resource availability for usage via an interactive forecast interface with incorporated dashboard. In this way, the invention provides a real-time overlay forecast interface on a mobile device. The system gains access to one or more resources of a user and compiles the resources into an interactive forecast interface for visualization, manipulation, and mock manipulation of resources. The invention converts resource data extracted from the sources of the resource into a textual format encrypted for secure implementation and use into the interactive forecast interface.
    Type: Grant
    Filed: January 4, 2016
    Date of Patent: December 1, 2020
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Kevin T. Cole, Matthew Hsieh, Scott R. Enscoe, Caitlin Chrisman Bullock
  • Patent number: 10841406
    Abstract: A method for communication in an IP network is described. The method includes a first communicating device initializing a communication with a second communicating device, signalling to the second communicating device that the first communicating device is compatible with multi-path User Datagram Protocol (UDP) communications. If the second communicating device is also compatible with multi-path UDP communications, one of the first or second communicating devices transmits data to the other device using the UDP transport protocol, including in the messages containing said data, regardless of the path used, a single context identifier, allowing the receiving communicating device to correlate all of the UDP datagrams associated with the same multi-path UDP communication.
    Type: Grant
    Filed: June 16, 2017
    Date of Patent: November 17, 2020
    Assignee: ORANGE
    Inventors: Mohamed Boucadair, Christian Jacquenet
  • Patent number: 10803230
    Abstract: The present teaching relates to a communication authentication device that includes a data storage system, a first communication interface, a display screen, and a processor. The processor is connected to the data storage system, first communication interface, and display screen. The processor may be configured to: acquire a first message in a binary format via the first communication interface; decode the first message in the binary format in accordance with a message formatting standard (e.g., the H standard, which requires particular sizes of messages), to obtain a first decoded message in a text format; and transmit the first decoded message in the text format to the display screen for comparison purposes.
    Type: Grant
    Filed: November 17, 2016
    Date of Patent: October 13, 2020
    Assignee: BULL SAS
    Inventor: Khalid Lhasnaoui
  • Patent number: 10755345
    Abstract: One embodiment provides a system that facilitates secure transfer of funds. During operation, the system generates, by a server, an authentication identifier for a payee of a bank account, wherein the authentication identifier indicates the bank account and a corresponding payment account of the payee. The system receives, from a payer, a message which indicates a first command to transfer a payment amount to the payee, wherein the first command includes the authentication identifier. In response to successfully verifying the authentication identifier, the system extracts information associated with the payment account and the bank account from the authentication identifier. The system transfers the payment amount to the bank account of the payee based on the extracted information.
    Type: Grant
    Filed: November 25, 2015
    Date of Patent: August 25, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Jian Sun
  • Patent number: 10735196
    Abstract: An access management system is disclosed that can provide access to resources by password-less authentication. The access management system can provide multiple layers of security for authentication taking into account risk factors (e.g., device, location, etc.) to ensure authentication without compromising access. Contextual details of a user based on a mobile device can be used for authentication based on possession of a device. Password-less authentication of a user may be enabled by registration of devices and/or a location (e.g., a geo-graphic location) as trusted. Security data embedded with encrypted data can be sent to a first device for password-less authentication of a user at the device. A second device registered with the user can obtain the security data from the first device. The second device can decrypts the data and send the decrypted data to the access management system for verification to enable password-less authentication at the first device.
    Type: Grant
    Filed: November 7, 2018
    Date of Patent: August 4, 2020
    Assignee: Oracle International Corporation
    Inventors: Venugopal Padmanabhan Shastri, Sreenivasa R. Chitturi, Vamsi Motukuru, Mandar Bhatkhande, Sunil Kumar Joshi
  • Patent number: 10713336
    Abstract: A configuration in which usage control that is substantially similar to content usage control in a copy source medium can be performed in a content copy destination is implemented. A data processing unit that performs a copy process of recording data recorded on a first medium on a second medium records encrypted content in the first medium on the second medium, without decrypting the encrypted content. In addition, the data processing unit converts a CPS unit key file recorded on the first medium to generate a converted CPS unit key file and records the converted CPS unit key file on the second medium. Further, the data processing unit acquires an MKB not requiring KCD, which is capable of directly calculating a media key using only a device key, without using key conversion data (KCD) recorded on the first medium, from a server and records the MKB not requiring KCD on the second medium.
    Type: Grant
    Filed: August 19, 2016
    Date of Patent: July 14, 2020
    Assignee: SONY CORPORATION
    Inventors: Kenjiro Ueda, Tateo Oishi
  • Patent number: 10638313
    Abstract: Systems and methods for confirming a cryptographic key. The system includes an electronic controller configured to generate an electronic message in response to an installation of a secret key on the electronic controller, the electronic message comprising information about the installation of the secret key, digitally sign the electronic message using a manufacturer private key, encrypt the electronic message, store the electronic message in a memory, access the stored electronic message in response to a request by a user, decrypt the electronic message, confirm a digital signature of the electronic message using a manufacturer public key, generate a confirmation message, and send the confirmation message to a user.
    Type: Grant
    Filed: October 26, 2017
    Date of Patent: April 28, 2020
    Assignee: Robert Bosch GmbH
    Inventors: Robert J. Lambert, Robert M. Kaster
  • Patent number: 10630646
    Abstract: Method, apparatus and system for communicating between a machine to machine, M2M, device 110 and a device management, DM, server 420 over SMS, comprising: obtaining key material, the key material configured to protect data communicated between the M2M device 110 and the DM server 420. Protecting data to be communicated using the key material. Communicating the protected data between the M2M device 110 and the DM server 420 over SMS.
    Type: Grant
    Filed: September 12, 2014
    Date of Patent: April 21, 2020
    Assignee: VODAFONE IP LICENSING LIMITED
    Inventors: Nick Bone, Friedhelm Rodermund
  • Patent number: 10581844
    Abstract: A method for access authentication includes receiving a facial recognition picture from a mobile electronic apparatus of a user. The facial recognition picture is compared to a stored facial recognition picture of the user. If a positive match exists, an authorization key is transmitted to a locking mechanism. The stored facial recognition picture can include a picture stored on a picture database populated by each transmitted facial recognition picture. In certain embodiments, the facial recognition picture can be retrieved from on a social media account.
    Type: Grant
    Filed: August 31, 2015
    Date of Patent: March 3, 2020
    Assignee: UTC Fire & Security Corporation
    Inventor: Kimmo A. Kyllonen
  • Patent number: 10581604
    Abstract: A Post-Quantum Computing Cryptographic communication protocol including a lattice based RSA algorithm, the protocol may include: generating a public key and a private key pair; encrypting a message using a public key pair; transmitting the encrypted message over a communication channel; and decrypting the encrypted message using a private key pair, wherein the generating the public key and the private key pair includes; selecting a first random vector from lattices using a Klein's Algorithm; selecting a second random vector from lattices using the Klein's Algorithm; generating a shortest random vector using a Gauss Sieve algorithm; taking a first vector product of the first random vector and the second random vector; calculating a Totient function of the first vector product; converting the Totient function to the first vector product; generating the public key pair; and generating the private key pair.
    Type: Grant
    Filed: January 15, 2018
    Date of Patent: March 3, 2020
    Assignee: COMSATS Institute of Information Technology
    Inventors: Iqra Mustafa, Tanveer Khan, Masoom Alam, Nadeem Javaid, Abid Khan, Adnan Akhunzada
  • Patent number: 10554789
    Abstract: Key based authorization for programmatic clients is described. One or more server computers receive a request for an action on one or more target resources, the request indicating the action to be performed on the one or more target resources at the resource access point, and a key identifying a client program running on a client computer system. A data store that stores mapping data representing one or more associations among keys, actions and target resources is queried. An existence, in the data store, of an association of a particular key corresponding to a particular client program, with a particular target resource and with a particular action associated with the particular target, represents the particular client program having authorization to perform the particular action on the particular target resource. The system authorizes performance of the action on the one or more target resources for the request.
    Type: Grant
    Filed: November 14, 2016
    Date of Patent: February 4, 2020
    Assignee: Coupa Software Incorporated
    Inventor: Bradley Rosintoski
  • Patent number: 10523644
    Abstract: A system based on layered, two-tier double cryptographic keys providing a closed cryptosystem within a secured network environment, the system including a digital key management device and a network node. The digital key management device generates a first-tier cryptographic key, a second-tier cryptographic key and makes the first-tier and second-tier cryptographic keys publicly accessible within a first and a second secured walled regions that are accessible to a network node registered to a first authentication database associated with an access server of the system, encrypts a first and second content with the first-tier and second-tier cryptographic keys, and generates encrypted first and second content. The network node requests access to the first secured walled region, accesses the first-tier and the second-tier cryptographic keys, decrypts the first and second content, generates first and second data containers based on the decrypted content, and transfers the data containers to a client device.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: December 31, 2019
    Assignee: SWISS REINSURANCE COMPANY LTD.
    Inventor: Oliver Werneyer
  • Patent number: 10504116
    Abstract: A method is described for providing user authentication and user consent for a transaction made with a payment device. A user authentication step is taken to verify that a user is entitled to use the payment device, and a user consent step is taken to verify that the user consents to the transaction. The user authentication step is discrete from the user consent step. A payment device adapted to perform this method is also described.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: December 10, 2019
    Assignee: Mastercard International Incorporated
    Inventors: Mehdi Collinge, Patrik Smets
  • Patent number: 10505729
    Abstract: Embodiments manage access to cryptography keys for database data, within a secure key store of a local key server owned by a new (security) operating system (OS) user separate from an original default OS user. Existing principles governing distinct OS user access privileges engrained within the OS itself, are leveraged to preclude the default OS user from accessing files of the new security OS user. Embodiments thus segregate the right to read secure cryptography keys of a secure key store, from the right to administer database installation on the OS level. While the original default OS user retains access to the encrypted data, the new security OS user now owns the cryptography key necessary to decrypt that database data. Thus, the default OS user is denied enough information to unlock the database data, enhancing its security. Embodiments are particularly useful for promoting data security in cloud setups and multi-tenant databases.
    Type: Grant
    Filed: November 9, 2016
    Date of Patent: December 10, 2019
    Assignee: SAP SE
    Inventors: Meinolf Block, Christoph Hohner, Martin Schindewolf, Sascha Zorn
  • Patent number: 10496999
    Abstract: Methods and apparatuses of controlling a network payment are disclosed, which obtain a payment record when a selection of a payment instrument is needed, and determine a preferred payment instrument for a current transaction based on the payment record. By analyzing the payment record, a payment success rate of each payment instrument supported by a current payer under a current business scenario may be obtained, and a payment instrument having a maximum payment success rate may be set as the preferred payment instrument for the current transaction. The embodiments of the present disclosure therefore are able to implement an automatic selection of a payment instrument, reduce manual operations of a payer, simplify a payment process, and improve the payment efficiency and the transaction efficiency.
    Type: Grant
    Filed: July 21, 2015
    Date of Patent: December 3, 2019
    Assignee: Alibaba Group Holding Limited
    Inventor: Jianwei Jin
  • Patent number: 10491388
    Abstract: A system uses a multi-level encryption and tokenization mechanism to allow for fields of a larger object to be individually tokenized and encrypted. Protected data is encrypted using an encryption key and a generated token is displayed in its place. The encryption key is then encrypted using a secondary key. To dereference a token, a requesting application provides the token and associated context to a token service, which searches a token store for a record having both the token and the context. If such a record is located, the token service generates a secondary key and decrypts the encryption key. The decrypted encryption key then decrypts the protected data and transmits the data to the requesting application.
    Type: Grant
    Filed: March 1, 2019
    Date of Patent: November 26, 2019
    Assignee: Uber Technologies, Inc.
    Inventor: Ronald Dana Kuris
  • Patent number: 10447688
    Abstract: A system and method provides security features for inter-computer communications. A user identifier of the user that cannot be used to log the user in to a data consolidating system is received by a matching system from the data consolidating system. The validity of the user is checked at the matching system and, in response to the checking, the user identifier is converted to a different user identifier and the different user identifier is provided to a data providing system by the matching system. The data providing system provides the data of the user in response, and the matching system forwards the data to the data consolidating system.
    Type: Grant
    Filed: August 20, 2018
    Date of Patent: October 15, 2019
    Assignee: Charles Schwab & Co., Inc.
    Inventor: William Page
  • Patent number: 10423940
    Abstract: A session to enroll customers to make payments has two stages, a first stage completed on the telephone or on a merchant or debt collector website, and a second stage completed via a communications link such as a telephone or Internet link. The customer enrollment record is linked to financial account information received from the customer in the second stage and stored on a second, secure server. A token linked to the securely stored financial account information is returned to the merchant and then used by the merchant to initiate payments on that financial account. The merchant's personnel and customer record system do not store or have access to the underlying financial account information.
    Type: Grant
    Filed: January 17, 2017
    Date of Patent: September 24, 2019
    Assignee: Autoscribe Corporation
    Inventors: Robert E. Pollin, Brian E. Downey, Jr., Sean A. Fleming
  • Patent number: 10395458
    Abstract: The present disclosure relates to a method and a system for securely accessing a vehicle. The method comprises a preliminary phase, a data exchange phase, and an access phase. The method implements the vehicle, a remote data server, and at least one personal electronic device supplied with a dedicated application. The method implements an elliptic encryption curve, a master key, a primary key, a secondary key, and a tertiary key.
    Type: Grant
    Filed: April 19, 2017
    Date of Patent: August 27, 2019
    Assignee: Dura Operating, LLC
    Inventors: Arnaud Georges Thooris, Mickaël Roches
  • Patent number: 10375046
    Abstract: Methods, devices, and systems for determining whether a received user generated response key matches the generated first unique key, thereby providing an autonomous authentication system to verify the user. The validation computing system may use a unique key to associate with each request for authentication from a client and further validate that unique key. Additionally, the authentication may be validated as an added security measure by a webhost.
    Type: Grant
    Filed: January 19, 2016
    Date of Patent: August 6, 2019
    Inventor: Arsen Samvelian
  • Patent number: 10361845
    Abstract: A system and method for cryptographically securing a device includes initializing a cryptographic processing circuit which includes provisioning a cryptographic key store associated with the cryptographic processing circuit with cryptographic key material; and establishing a first cryptographically secured connection between a main central processing unit of the autonomous device and the cryptographic processing circuit of the device; and implementing a cryptographic validation of resident firmware of the main central processing unit by validating a cryptographic digital signature ascribed to the resident firmware against an up-to-date cryptographic digital signature used for installing and/or updating the resident firmware of the main central processing circuit.
    Type: Grant
    Filed: October 19, 2018
    Date of Patent: July 23, 2019
    Assignee: SWFL, Inc.
    Inventors: Jeremie Miller, Thomas Muldowney, Allison Clift-Jennings
  • Patent number: 10291502
    Abstract: Embodiments relate to systems and methods for electronically conditioning transmission of communications based on results of a connection assessment. An electronic file is executed at an electronic device, which causes a first query and a second query to be presented. A first query response and a second query response are identified. The first query response is stored in a locked configuration that inhibits the ability to modify the first query response to the first query. The second query response is stored but is not stored in the locked configuration. Query response data is generated that includes an identifier of the second query, an identifier of the second query response and an identifier of the electronic device. A connection variable is determined by assessing one or more network connections available to the electronic device. When a transmission condition is satisfied, the query response data is transmitted to another device.
    Type: Grant
    Filed: July 13, 2018
    Date of Patent: May 14, 2019
    Assignee: PEARSON EDUCATION, INC.
    Inventors: Brendan Kealey, Paul Arens, Adam Krapfl, Paul Grudnitski, Robbie Allen Nielsen, James Setaro, Jason Sobanski
  • Patent number: 10291398
    Abstract: A control unit of a communication device decrypts, when receiving via an antenna from a reader/writer a cipher key encrypted with a key same as a common key recorded in a recording unit by the reader/writer, the encrypted cipher key with the common key recorded in the recording unit, and when receiving via the antenna from the reader/writer a readout target address specifying a region of a data readout source in the recording unit encrypted with a cipher key same as the cipher key by the reader/writer, decrypting the encrypted readout target address with the cipher key, and transmitting the data recorded in the region specified by the readout target address obtained through decryption of the regions of the recording unit to the reader/writer via the antenna.
    Type: Grant
    Filed: July 28, 2016
    Date of Patent: May 14, 2019
    Assignee: Sony Corporation
    Inventors: Toshinori Kanemoto, Teiichi Shiga
  • Patent number: 10270594
    Abstract: A system for generating an enhanced polymorphic quantum enabled firewall in real-time typically includes a classical computer apparatus and a quantum optimizer in communication with the classical computer apparatus. The classical computer apparatus is configured to identify an unauthorized attempt to access information by an unidentified source, collect a first set of data about the unauthorized attempt, determine a type of the unauthorized attempt by analyzing the first set of data, and transmit the first set of data and the type of the unauthorized attempt to the quantum optimizer. The quantum optimizer upon receiving the first set of data and the type of the unauthorized attempt, generates a second key and a second level of encryption using the second key, generates a new protocol for transferring the second level of encryption over a network, and transfers the second level of encryption and the new protocol to the classical computer apparatus.
    Type: Grant
    Filed: March 6, 2017
    Date of Patent: April 23, 2019
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Joseph Benjamin Castinado, Jeffery B. Schroeder, William August Stahlhut
  • Patent number: 10263776
    Abstract: A system uses a multi-level encryption and tokenization mechanism to allow for fields of a larger object to be individually tokenized and encrypted. Protected data is encrypted using an encryption key and a generated token is displayed in its place. The encryption key is then encrypted using a secondary key. To dereference a token, a requesting application provides the token and associated context to a token service, which searches a token store for a record having both the token and the context. If such a record is located, the token service generates a secondary key and decrypts the encryption key. The decrypted encryption key then decrypts the protected data and transmits the data to the requesting application.
    Type: Grant
    Filed: September 21, 2016
    Date of Patent: April 16, 2019
    Assignee: Uber Technologies, Inc.
    Inventor: Ronald Dana Kuris
  • Patent number: 10250386
    Abstract: Methods and systems are provided for power management and security for wireless modules in “Machine-to-Machine” communications. A wireless module operating in a wireless network and with access to the Internet can efficiently and securely communicate with a server. The wireless network can be a public land mobile network (PLMN) that supports wireless wide area network technology including 3rd generation (3G) and 4th generation (4G) networks, and future generations as well. The wireless module can (i) utilize sleep and active states to monitor a monitored unit with a sensor and (ii) communicate with wireless network by utilizing a radio. The wireless module can include power control steps to reduce the energy consumed after sending sensor data by minimizing a tail period of a radio resource control (RRC) connected state.
    Type: Grant
    Filed: May 7, 2018
    Date of Patent: April 2, 2019
    Assignee: Network-1 Technologies, Inc.
    Inventor: John A. Nix
  • Patent number: 10239494
    Abstract: A secure vehicle access system comprises a vehicle and a key associated with the vehicle. The key comprises: a radio frequency, RF, key transceiver configured to: broadcast at least one signal; and listen for an acknowledgement message from the vehicle. The vehicle comprises: a radio frequency, RF, vehicle transceiver configured to: listen for the at least one broadcast signal from the key; and in response thereto, transmit an acknowledgement message back to the key to establish a communication link between the vehicle and the key. The key further comprises a ranging circuit configured to perform a distance determination between the vehicle and the key, following the establishment of the communication link, to determine whether to allow access to the vehicle.
    Type: Grant
    Filed: December 13, 2017
    Date of Patent: March 26, 2019
    Assignee: NXP B.V.
    Inventor: Bernhard Spiess
  • Patent number: 10211979
    Abstract: A system and method for cryptographically securing a device includes initializing a cryptographic processing circuit which includes provisioning a cryptographic key store associated with the cryptographic processing circuit with cryptographic key material; and establishing a first cryptographically secured connection between a main central processing unit of the autonomous device and the cryptographic processing circuit of the device; and implementing a cryptographic validation of resident firmware of the main central processing unit by validating a cryptographic digital signature ascribed to the resident firmware against an up-to-date cryptographic digital signature used for installing and/or updating the resident firmware of the main central processing circuit.
    Type: Grant
    Filed: May 17, 2018
    Date of Patent: February 19, 2019
    Assignee: SWFL, Inc.
    Inventors: Jeremie Miller, Thomas Muldowney, Allison Clift-Jennings
  • Patent number: 10198595
    Abstract: The present disclosure deals with a system and a method to determine if an unauthorized user is attempting to access securely stored data. A user enters and stores sensitive data on a user device using a first computing system. The first computing system gathers sensitive data from the user device and stores the data on a second computing system. If the first computing system detects a potential data breach when trying to access the securely stored data, the first computing system may request the user to enter a subset of the securely stored data to confirm that the user has access to the securely stored data. The second computing system verifies the subset against the securely stored data and the securely stored data is made accessible to the user. If the second computing system is unable to verify the subset the second computing system triggers an event.
    Type: Grant
    Filed: December 12, 2016
    Date of Patent: February 5, 2019
    Assignee: Walmart Apollo, LLC
    Inventor: Norman Bradley Lancaster
  • Patent number: 10169719
    Abstract: Embodiments include method, systems and computer program products for identifying unusual activity in an IT system based on user configurable message anomaly scoring. Aspects include receiving a message stream for the IT system and selecting a plurality of messages from the message stream that correspond to an interval. Aspects also include determining a message anomaly score for each of the plurality of the messages, wherein the message anomaly score for each of the plurality of the messages is determined to be one of a default message anomaly score and a custom message anomaly score and calculating an interval anomaly score for the interval by adding the message anomaly score for each of the plurality of the messages. Aspects further include identifying a priority level of the interval by comparing the interval anomaly score to one or more thresholds.
    Type: Grant
    Filed: October 20, 2015
    Date of Patent: January 1, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: James M. Caffrey
  • Patent number: 10142101
    Abstract: Embodiments of an invention for hardware enforced one-way cryptography are disclosed. In one embodiment, a processor includes a processor key location, instruction hardware, and execution hardware. The processor key location is to hold a processor key. The instruction hardware is to receive a first instruction in an instruction set of the processor. The first instruction is to encrypt input data with the processor key and return a handle. The instruction set lacks a second instruction corresponding to the first instruction to decrypt the handle with the processor key to return the input data. The execution hardware is to perform, in response to receipt of the first instruction by the instruction hardware, encryption of the input data with the processor key and to return the handle.
    Type: Grant
    Filed: September 29, 2015
    Date of Patent: November 27, 2018
    Assignee: Intel Corporation
    Inventors: Vinodh Gopal, Jason W Brandt
  • Patent number: 10111100
    Abstract: Aspects of the invention can log a user into a primary device in a more efficient manner. For example, aspects of the invention may eliminate the need for the user to supply user credentials directly to a primary device. Instead, the companion device recognizes relevant primary devices located proximate to the companion device and automatically initiates a user login to the primary device without user intervention. Aspects of the invention can automatically login a user to known and unknown primary devices.
    Type: Grant
    Filed: August 25, 2014
    Date of Patent: October 23, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ross David Heeter, Jason Robert Tuck, Cyrus Kanga
  • Patent number: 10075358
    Abstract: Embodiments relate to systems and methods for electronically conditioning transmission of communications based on results of a connection assessment. An electronic file is executed at an electronic device, which causes a first query and a second query to be presented. A first query response and a second query response are identified. The first query response is stored in a locked configuration that inhibits the ability to modify the first query response to the first query. The second query response is stored but is not stored in the locked configuration. Query response data is generated that includes an identifier of the second query, an identifier of the second query response and an identifier of the electronic device. A connection variable is determined by assessing one or more network connections available to the electronic device. When a transmission condition is satisfied, the query response data is transmitted to another device.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: September 11, 2018
    Assignee: PEARSON EDUCATION, INC.
    Inventors: Brendan Kealey, Paul Arens, Adam Krapfl, Paul Grudnitski, Rob Nielsen, James Setaro, Jason Sobanski
  • Patent number: 10042990
    Abstract: Atomically modifying a personal security device includes presenting the personal security device to a reader/writer coupled to an access module, the access module determining if the personal security device includes a factory security mechanism, and, if the personal security device includes a factory security mechanism, using the reader/writer and the access module to replace the factory security mechanism with another security mechanism. The access module may authenticate the personal security device in connection with replacing the factory security mechanism. Authenticating the personal security device may grant access to a user through a door controlled by the access module. Replacing the factory security mechanism may include replacing an application on the personal security device. An ISO/IEC 7816-13 application management request command may be used to replace the application.
    Type: Grant
    Filed: March 26, 2013
    Date of Patent: August 7, 2018
    Assignee: Assa Abloy AB
    Inventors: Kapil Sachdeva, Philip Hoyer, Eric F. Le Saint, Sylvain Prevost
  • Patent number: 10032171
    Abstract: Methods are described for performing a timely authorization of digital credential data delivered from a mobile device that is without access to a local persistently stored permanent cryptographic key; through an interrogation with a point-of-sale that behaves according to the direction of a card specification; wherein the card specification expects the mobile device to create a cryptogram that is calculated, at least in part, using the permanent cryptographic key and, at least in part, from unpredictable data delivered from the point-of-sale to the mobile device during the interrogation.
    Type: Grant
    Filed: August 30, 2012
    Date of Patent: July 24, 2018
    Assignee: SimplyTapp, Inc.
    Inventor: Douglas C. Yeager
  • Patent number: 10033744
    Abstract: A method for certifying information about a subject entity, where the subject entity has trusted information associated with them, which is stored at one or more trusted entity computing systems, comprising the steps of a certifying entity obtaining information from one or more trusted entity computing systems, selecting trusted information from the obtained information, and certifying the trusted information as being from the trusted entity computing system and has not been modified.
    Type: Grant
    Filed: October 22, 2014
    Date of Patent: July 24, 2018
    Assignee: eTeam Software Pty Ltd
    Inventors: Mark Mervyn Chazan, Michael Kontorovich
  • Patent number: 9930015
    Abstract: A communication device for performing encrypted communication with at least one further communication device in a communication network is provided. Advantageously, the device is adapted to communicate with a plurality of further communication devices. The communication device comprises a communication unit and a cryptographic unit. Moreover it comprises a key encryption key generator configured to generate at least one key encryption key jointly with the at least further communication device, using the communication unit. Also, it comprises a traffic encryption key generator configured to generate a traffic encryption key, specific to the communication device, for encrypting traffic data by the communication device. The cryptographic unit is preferably configured to encrypt the traffic encryption key using the at least one key encryption key. Moreover, the communication unit is preferably configured to transmit the encrypted traffic encryption key to the at least one further communication device.
    Type: Grant
    Filed: October 19, 2015
    Date of Patent: March 27, 2018
    Assignee: Rohde & Schwarz SIT GmbH
    Inventors: Andreas Graubner, Stefan Roehrich, Bernhard Heep