By Public Key Method Patents (Class 380/282)
  • Patent number: 11409883
    Abstract: An information handling system may include a circuit board; a processor disposed on the circuit board, wherein the processor includes a media access control (MAC) address and a hidden root key (HRK) encoded therein; and a memory not disposed on the circuit board. The information handling system may be configured to: determine a customer public key (CPK); create a data structure comprising the CPK and the MAC address; encrypt the data structure using the HRK to generate an encrypted structure; and store the encrypted structure in the memory.
    Type: Grant
    Filed: January 19, 2021
    Date of Patent: August 9, 2022
    Assignee: Dell Products L.P.
    Inventors: Balaji Bapu Gururaja Rao, Elie Jreij, Paul Vancil, Marshal Savage
  • Patent number: 11411738
    Abstract: Systems, methods, and apparatuses of using biometric information to authenticate a first device of a user to a second device are described herein. A method includes storing, by the first device, a first key share of a private key and a first template share of a biometric template of the user. The second device stores a public key, and one or more other devices of the user store other key shares and other template shares. The first device receives a challenge message from the second device, measures biometric features of the user to obtain a measurement vector, and sends the measurement vector and the challenge message to the other devices. The first device receives partial computations, generated using a respective template share, key share, and the challenge message, from the other devices, uses them to generate a signature of the challenge message and send the signature to the second device.
    Type: Grant
    Filed: October 4, 2019
    Date of Patent: August 9, 2022
    Inventors: Shashank Agrawal, Saikrishna Badrinarayanan, Payman Mohassel, Pratyay Mukherjee
  • Patent number: 11405218
    Abstract: An example method includes receiving a quantum-resistant double signature (QSDS) message. The QSDS message is generated by digitally signing a quantum SignerInfo (qSignerInfo) attribute of a Quantum Signed Data (QSignedData) message using a private key of a signing party computing system using a quantum-vulnerable signature algorithm. The method then includes verifying the digital signature on the QSDS message, identifying the qSignerInfo attribute in a SignedAttributes value of the QSDS message, transmitting the SignedAttributes value to a QSDS processing computing system, and receiving, from the QSDS processing computing system, a verification notification for the QSignedData message.
    Type: Grant
    Filed: August 7, 2020
    Date of Patent: August 2, 2022
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Phillip H. Griffin
  • Patent number: 11392676
    Abstract: A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices.
    Type: Grant
    Filed: April 26, 2019
    Date of Patent: July 19, 2022
    Assignee: QUICKVAULT, INC.
    Inventor: Steven V. Bacastow
  • Patent number: 11386430
    Abstract: Methods and systems as described herein may secure the electronic transfer of assets using two-way handshakes. A second device may initialize a transaction by transmitting a transaction request and a second biometric identifier to a first device. The first device may receive the transaction request and review the second biometric identifier. When the first device recognizes the second biometric identifier, the second biometric identifier may be approved. The first device then transmits a response, that includes a first biometric identifier, to the second device, via a server that may record the first device's approval. The second device may confirm the identity of the first device using the first biometric identifier. When the second device approves the first biometric identifier, the second device may transmit an approval to the server. After the server has received approval of both biometric identifiers, the server may execute the requested transaction.
    Type: Grant
    Filed: October 1, 2020
    Date of Patent: July 12, 2022
    Assignee: Capital One Services, LLC
    Inventor: Animesh Chowdhury
  • Patent number: 11379834
    Abstract: Technologies are shown for secure management of a data file secured on a data file management blockchain that involve generating a genesis block for a data file management blockchain that contains a data file to be managed and signing the genesis block to commit the genesis block to the data file management blockchain. One or more transaction data blocks are generated for the data file management blockchain that each include a modification to the data file and the blocks are signed to commit them to the blockchain. In some examples, the modifications describe changes to the data file and the transaction data blocks are traced to the genesis block and a current data file generated by applying the modifications on the transaction data blocks to the data file in a sequence determined by an order of the one or more transaction data blocks in the data file management blockchain.
    Type: Grant
    Filed: October 13, 2020
    Date of Patent: July 5, 2022
    Assignee: eBay Inc.
    Inventor: Sergio Pinzon Gonzales, Jr.
  • Patent number: 11374741
    Abstract: A system comprises one or more storage entities (SEs) each configured to store data for applications that rely on higher levels of data integrity, wherein each of the SEs has its own cryptographic identity in the form of a unique root identity key pair of public and private keys created at manufacturing time. Each SE generates one or more SE-specific asymmetric data owner keys upon invocation of a smart contract by a prospective data owner. The system further comprises a distributed ledger provisioned to the SEs and configured to maintain all public keys and/or public key certificates of the SEs. The system also comprises a key manager configured to hold all SE-specific data owner public keys and SE data access control keys, wherein the data stored on the SEs is protected by the SE-specific data access control keys wrapped by the SE-specific data owner keys based on current data ownership.
    Type: Grant
    Filed: July 15, 2019
    Date of Patent: June 28, 2022
    Assignee: Seagate Technology LLC
    Inventors: Manuel Alexander Offenberg, Simon Thavatchai Phatigaraphong, Kenneth K. Claffey
  • Patent number: 11372993
    Abstract: Requests submitted to a computer system are evaluated for compliance with policy to ensure data security. Plaintext and associated data are used as inputs into a cipher to produce ciphertext. Whether a result of decrypting the ciphertext can be provided in response to a request is determined based at least in part on evaluation of a policy that itself is based at least in part on the associated data. Other policies include automatic rotation of keys to prevent keys from being used in enough operations to enable cryptographic attacks intended to determine the keys.
    Type: Grant
    Filed: November 4, 2019
    Date of Patent: June 28, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Matthew James Wren, Eric Jason Brandwine, Brian Irl Pratt
  • Patent number: 11368439
    Abstract: A non-transitory computer-readable storage medium comprising instructions stored thereon. When executed by at least one processor, the instructions may be configured to cause a computing system to at least receive a message, the message including a header, an encrypted symmetric key, and an encrypted body, decrypt the encrypted symmetric key using a private key to generate a decrypted symmetric key, decrypt the encrypted body using the decrypted symmetric key to generate a decrypted body, and store the header, the decrypted symmetric key, and the decrypted body in long-term storage.
    Type: Grant
    Filed: March 2, 2020
    Date of Patent: June 21, 2022
    Assignee: Google LLC
    Inventors: Laetitia Baudoin, Brian Goodman
  • Patent number: 11340801
    Abstract: A data protection method includes generating a decryption key acquisition request through a first operation account when encrypted data is received, obtaining the decryption key from a data security area through a second operation account in response that the decryption key acquisition request is an authorized request, using the decryption key to decrypt the encrypted data through the first operation account and obtaining decrypted data, mounting a data partition, and storing the decrypted data in the data partition through the first operation account.
    Type: Grant
    Filed: November 11, 2020
    Date of Patent: May 24, 2022
    Assignee: Fulian Precision Electronics (Tianjin) Co., LTD.
    Inventors: Chia-En Li, Po-Hui Lu, Kuo-Wei Lee, Yao-Wen Tung
  • Patent number: 11334678
    Abstract: There is provided a method for synchronization of node databases in a database system, said database system comprising a plurality of validation nodes each comprising a node database, and, optionally one or more client nodes, where one of the validation nodes is a primary validation node, the primary validation node having received at least one transaction message from another validation node or a client, the transaction message comprising instructions to modify the node databases, where each of the nodes stores, in its node database, a chain of data blocks, where each data block in the block chain comprises at least a cryptographically unambiguous identifier of the previous data block.
    Type: Grant
    Filed: July 6, 2018
    Date of Patent: May 17, 2022
    Assignee: CHROMAWAY AB
    Inventor: Oleksandr Mizrakhi
  • Patent number: 11336635
    Abstract: Provided are a system and method for authenticating a device through an Internet of Things (IoT) cloud by using a hardware security module. The system includes an IoT device connectable to a cloud which provides an IoT service and a security module connected to the IoT device and configured to generate a pair of public and private keys for authenticating the IoT device. The IoT device transmits a certificate generation request including the public key and a device identifier to an authentication server through the cloud in order to generate a device certificate.
    Type: Grant
    Filed: December 21, 2019
    Date of Patent: May 17, 2022
    Assignee: CIOT
    Inventors: Hyeon Ju Park, Han Na Park
  • Patent number: 11314888
    Abstract: Techniques disclosed herein encrypt sensitive data being transmitted from one endpoint to another endpoint through intermediary cloud(s) so that the sensitive data is not visible to the intermediary cloud(s). Double data encryption, utilizing public and private key pairs generated at the endpoints, is used to anonymize the sensitive data, while other data transmitted along with the sensitive data remains unencrypted so that intermediary cloud(s) can process the unencrypted data. In a particular embodiment, one of the endpoints is an application running in a first cloud, the other endpoint is a web browser executing a web application, and the intermediary cloud(s) are additional cloud(s) with applications running therein that provide services to the first cloud or coordinate with the application running in the first cloud to provide a service.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: April 26, 2022
    Assignee: VMware, Inc.
    Inventors: Wei Chen, Hongqiang Chen, Jun Sun
  • Patent number: 11310232
    Abstract: There are provided a network identity authentication method, a network identity authentication system, a user agent device used in the network identity authentication method and the network identity authentication system, and a computer-readable storage medium. The network identity authentication method includes: acquiring, by a user agent, identity information and a registration rule of a target website via a network terminal; acquiring registration information for the target website based on the identity information or generating registration information for the target website according to the registration rule; transmitting the identity information and the registration information to a server agent and sending, by the server agent based on the identity information and the registration information, an authentication request to a website server to complete an authentication process.
    Type: Grant
    Filed: September 25, 2018
    Date of Patent: April 19, 2022
    Inventors: Wenyin Liu, Xin Li, Zhiheng Shen, Jialong Zhang, Shuai Fan, Qixiang Zhang, Jiahong Wu
  • Patent number: 11243952
    Abstract: Expedition of retrieval of data from a database and loading of the retrieved data in an associated application. A cache table within the database is provided that associates a session identifier (i.e., a data record identifier) with a sequence identifier. As data records are received into the database, a sequencer is triggered that generates a sequence identifier for the data record and an entry is created in the cache table that associates the sequence identifier with the session identifier. Data is retrieved from the database and populated within the application, by (i) accessing the sequencer within the database to determine the last-in-time sequence identifier, (ii) accessing the cache table to determine a range of cache table entries based on the last-in-time sequence identifier, and (iii) retrieving the data records in the applicable data tables based on the associated session identifiers in the cache table entries.
    Type: Grant
    Filed: May 22, 2018
    Date of Patent: February 8, 2022
    Inventor: Paramdeep Singh Kalra
  • Patent number: 11233659
    Abstract: The present invention relates to a method of generating a secure RSA key by a server comprising the steps of: •generating (S1) a private RSA key d and a RSA modulus integer N; •splitting (S2) the secret key integer d in j key shares dJ of length n, with j in [1, J], J being an integer, and such that d=d1+d2+ . . . +dJ mod phi(N), with each key share dj being equal to (dj(0) . . . dj(i) . . . dj(n/b?1)) with each key share component dj(i) in {0 . . . 2{circumflex over (?)}b?1} and i in [0, n/b?1], b being an integer inferior to n and phi the Euler's totient function; •encrypting (S3) with a fully homomorphic encryption (FHE) algorithm each key share component dj(i) of the private RSA key d by using a Fully Homomorphic Encryption secret key ps of a set Ss comprising the index couple (i,j), to generate an encrypted key share component edj(i) of said secure RSA key, said set Ss being a set of integer couples, among a predetermined integer number u of disjoint sets {S1, S2 Ss, Ss+1, . . .
    Type: Grant
    Filed: December 6, 2017
    Date of Patent: January 25, 2022
    Assignee: GEMALTO SA
    Inventors: Mariya Georgieva, Aline Gouget
  • Patent number: 11233773
    Abstract: A system and method is disclosed for assuring that networked communications between parties playing a game on a network (e.g., the Internet) are not tampered with by either of the parties for illicitly gaining an advantage over the other party. An initial sequence of tokens (e.g., card representations) for playing the game are doubly encrypted using an encryption key from each of the parties. Accordingly, during play of the game neither party can modify the initial sequence of game tokens during the game. At termination of the game, at least one of the parties can fully decrypt the initial sequence of tokens, and thereby, if desired, compare the played token sequence with the corresponding the initial token sequence.
    Type: Grant
    Filed: July 6, 2020
    Date of Patent: January 25, 2022
    Inventor: Dennis J. Dupray
  • Patent number: 11222129
    Abstract: A first request to perform an entity resolution operation is received from a first client. The first request is related to a first record uploaded by the first client. The first record has one or more first attributes. The first record is stored in a secure data store. The first request is transmitted to a first program split of a secure multi-party computation. An entity resolution operation is performed by the first program split of the secure multi-party computation and by a third program split of the secure multi-party computation. The entity resolution operation is performed based on the received request. The entity resolution operation is related to the first record and one or more second records uploaded to the secure data store by a second client. The third program split of the secure multi-party computation operates in the secure data store.
    Type: Grant
    Filed: June 24, 2019
    Date of Patent: January 11, 2022
    Assignee: International Business Machines Corporation
    Inventors: Jeb R. Linton, Dennis Kramer, Michael Amisano, John Melchionne
  • Patent number: 11223486
    Abstract: A digital signature method, a device, and a system of the present invention can generate a partial signature private key T corresponding to a user by a key generation center using a digital signature algorithm based on the EC-Schnorr, and sign a message M by using a standard digital signature algorithm such as the ECDSA. In the calculation of generating the second part w of the partial signature private key T, a signature assignment R is used, and the signature assignment R is a hash digest of a message including at least a pre-signature ? and an ID of a signature side. When signing the message M and verifying the signature of the message M, the operation requiring M as input uses a concatenation of R and M as input. The present invention uses a mechanism to connect two signature algorithms to ensure that the constructed complete algorithm can effectively resist known attacks.
    Type: Grant
    Filed: December 18, 2017
    Date of Patent: January 11, 2022
    Inventors: Zhaohui Cheng, Feng Du
  • Patent number: 11206246
    Abstract: An exchange processing system may include multiple exchange components that are respectively included in multiple computing systems. A central exchange component may receive a request to enable access to secured data, the request having identity data encrypted via an identity encryption module and inquiry data encrypted via a first request encryption module. The central exchange component may decrypt the identity data via the identity encryption module, and decrypt the inquiry data via the first request encryption module. Response data may be generated from secured data that is selected based on the identity and inquiry data. The central exchange component may encrypt the response data via a second request encryption module and re-encrypt the identity data via the identity encryption module. The encrypted identity and response data may be provided to a second remote exchange module.
    Type: Grant
    Filed: November 12, 2019
    Date of Patent: December 21, 2021
    Assignee: EQUIFAX INC.
    Inventor: Sri Krishnamacharya
  • Patent number: 11190345
    Abstract: An identity of an email-address utilized by a client device is verified. According to one example, a server receives a request for verifying the identity of the email-address and calculates a first verification token, which is transmitted to the email address to be verified. The first verification token is received by the client device, which in response calculates a second verification token. The second verification token is transmitted to the server. The server verifies the identity of the email-address by verifying that the first and second verification tokens are identical. Other examples are disclosed.
    Type: Grant
    Filed: September 24, 2019
    Date of Patent: November 30, 2021
    Assignee: Virtual Solution AG
    Inventors: Thomas Jakobi, Christian Graf Von Spreti
  • Patent number: 11184177
    Abstract: A method and system for securing in-vehicle ethernet links are disclosed. According to one embodiment, a method comprises receiving from an authenticator, via an insecure channel, a public key of the authenticator, a random number, and a challenge. A private key of the peer that was supplied to the peer is accessed from local storage at the peer. A state machine computes a session key for the peer, based on the random number, the public key of the authenticator, and the private key of the peer. The state machine computes a peer response to the challenge using the session key for the peer and a symmetric cipher function.
    Type: Grant
    Filed: August 6, 2019
    Date of Patent: November 23, 2021
    Inventors: Guy Hutchison, Zubin Shah, Kamal Dalmia
  • Patent number: 11176554
    Abstract: A user initiates a transaction by providing identification data at an access device. Certain elements of a validation identity token, such validation keys, may be distributed among several remote server computers. After the elements are retrieved during the transaction, the validation identity token may be generated using the retrieved elements. The validation identity token may indicate whether the user is authenticated. No single entity can possess all elements utilized to generate the validation identity token, which mitigates risk of the validation identity token being compromised. In some embodiments, the validation identity token may be a chromatic identity token, which may indicate validity by color.
    Type: Grant
    Filed: February 2, 2016
    Date of Patent: November 16, 2021
    Assignee: Visa International Service Association
    Inventor: Duane Cash
  • Patent number: 11171988
    Abstract: In a secure communication system and method, a message is transmitted between a first user device and a second user device through a first routing device, a first connection server, the first routing device, a second routing device, a second connection server, and the second routing device. At the first user device, the message is encrypted at three levels. At the first routing device and the second routing device, the message is decrypted at the third and second levels, and encrypted at new second and third levels. At the first connection server and the second connection server, the message is decrypted at the third, second and first levels, and encrypted at new first, second and third levels. At the second user device, the message is decrypted at the third, second and first levels to retrieve the original message.
    Type: Grant
    Filed: October 15, 2018
    Date of Patent: November 9, 2021
    Assignee: ABN AMRO BANK N.V.
    Inventor: Bert Heijnen
  • Patent number: 11170106
    Abstract: The system for detecting hardware trojans in integrated circuits by analyzing the substrate noise generated by the unique physical properties of such an integrated circuit disclosed herein may compare the substrate noise signatures of a subject IC against the noise signature from one or more known good ICs to detect such trojans, and may measure the electromagnetic, current, or voltage noise of an IC as a function of time synchronized with the test sequence. The system may allow for the testing of such substrate noise at multiple points around the IC, and may further comprise a Cypher Block Chain (CBC) technique to incorporate the noise measurements over time into a signature unique to the IC.
    Type: Grant
    Filed: May 10, 2018
    Date of Patent: November 9, 2021
    Assignee: Robotic Research, LLC
    Inventors: Alberto Lacaze, Karl Murphy
  • Patent number: 11165590
    Abstract: A method and system for decentralized biometric signing of a digital contract. A private key is encrypted using biometric data captured, from a user, on a mobile device. The encrypted private key, a public key associated with the private key, and a digital identity pertaining to the user and the captured biometric data are stored on the mobile device. A digital hash of the digital contract is generated. Using the captured biometric data, the user is authenticated and the encrypted private key is decrypted. The digital hash is signed with the decrypted private key. The signed digital hash of the digital contract, the digital contract prior to being hashed, the identifier, the certifier of the identifier, the public key, a certification of the public key by a third party, and a record of a successful authentication of the user using the biometric data are stored in a blockchain.
    Type: Grant
    Filed: November 18, 2019
    Date of Patent: November 2, 2021
    Assignee: International Business Machines Corporation
    Inventors: Anthony M. Butler, Ghada Dulaim, Victor Usobiaga
  • Patent number: 11159503
    Abstract: Various examples are directed to system and methods for authenticating a first computing system and a second computing system. The first computing system may receive second system sending data from the second computing system. The first computing system may generate first composite data based at least in part on the second system sending data and first system receiving data. The first computing system may determine that the first composite data is consistent with first composite reference data. The first computing system may generate first tag data based at least in part on the first composite data and send a request message comprising the first tag data to the second computing system. The first computing system may also receive a reply message comprising second tag data from the second computing system and determine that the second tag data is consistent with reference tag data.
    Type: Grant
    Filed: October 17, 2017
    Date of Patent: October 26, 2021
    Assignee: Princeton SciTech, LLC
    Inventors: Richard Garfinkle, Norton Garfinkle
  • Patent number: 11159502
    Abstract: A system and method include an encryptor, a decryptor, and a communication link. The encryptor includes a first processor and a first memory, and the decryptor includes a second processor and a second memory. The encryptor and the decryptor communicate data via the communication link. The encryptor and the decryptor are configured to: exchange public messages comprising keying materials, and calculate a common key based on the keying materials, first private modular integers known only to the encryptor, and second private modular integers known only to the decryptor. The keying materials disclosed in the public messages form an under-determined system of equations in variables of the first and the second private modular integers.
    Type: Grant
    Filed: April 27, 2018
    Date of Patent: October 26, 2021
    Assignee: University of North Dakota
    Inventor: Jun Liu
  • Patent number: 11153302
    Abstract: Some embodiments are directed to a method for peering between first and second modules each installed in a different device, the device of the first module includes a human-machine interface, and the two devices can be linked by an unsecure communication channel. The method can include: receiving via the human-machine interface a command setting the device of the first module in operating mode so the first module takes control of a part of the communication means of the first device in order to set them in a secure operating mode and takes control of the human-machine interface; establishing a temporarily secure communication between first and second modules; displaying on the human-machine interface a status signaling the set-up of the secure communication; receiving via the human-machine interface a peering acceptance command; and exchanging of keys/secrets between the modules through the temporarily secure communication channel to perform the peering.
    Type: Grant
    Filed: September 18, 2015
    Date of Patent: October 19, 2021
    Inventor: Dominique Bolignano
  • Patent number: 11151499
    Abstract: A method comprises obtaining, from a service management database, one or more change tickets and one or more incident tickets relating to an information technology infrastructure, extracting, from the change tickets and the incident tickets, one or more dimensions indicating potential causality between one or more changes and one or more incidents, identifying configuration items of the information technology infrastructure associated with the one or more changes and the one or more incidents, defining one or more linkages between the one or more changes and the one or more incidents, storing, in the service management database, the defined linkages, building a risk assessment model using the defined linkages, and monitoring subsequent changes to the information technology infrastructure using the risk assessment model.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: October 19, 2021
    Assignee: International Business Machines Corporation
    Inventors: Sinem Guven, Karin Murthy, Amitkumar M. Paradkar
  • Patent number: 11144671
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media for containment of sensitive data within a communication platform. The system displays a communication interface including a first input section for receiving an input message associated with a sending user account, and a display section for displaying message information received by the sending user account from other user accounts. The system determines a requirement to input sensitive information. The system then displays a sensitive data user interface including second input section for receiving a sensitive message, and an interface control for setting an expiration time value for the sensitive message.
    Type: Grant
    Filed: January 30, 2021
    Date of Patent: October 12, 2021
    Inventors: Shane Springer, Thomas Noble
  • Patent number: 11134050
    Abstract: A novel architecture for a data sharing system (DSS) is disclosed and seeks to ensure the privacy and security of users' personal information. In this type of network, a user's personally identifiable information is stored and transmitted in an encrypted form, with few exceptions. The only key with which that encrypted data can be decrypted, and thus viewed, remains in the sole possession of the user and the user's friends/contacts within the system. This arrangement ensures that a user's personally identifiable information cannot be examined by anyone other than the user or his friends/contacts. This arrangement also makes it more difficult for the web site or service hosting the DSS to exploit its users' personally identifiable information. Such a system facilitates the encryption, storage, exchange and decryption of personal, confidential and/or proprietary data.
    Type: Grant
    Filed: February 6, 2020
    Date of Patent: September 28, 2021
    Inventor: Brian Lee Moffat
  • Patent number: 11108746
    Abstract: A system is configured for detecting a point of sale, receiving a personal identification number (PIN), generating a PIN based key using a message digest of the PIN, decrypting a data encryption key (DEK) using the PIN based key, and generating a DEK based dynamic key using the PIN based key. The system may also decrypt a session key using the DEK based dynamic key, generate a cryptogram from the session key, and send the cryptogram to the point of sale.
    Type: Grant
    Filed: May 24, 2018
    Date of Patent: August 31, 2021
    Inventors: Naresh Bhandari, Manish K. Deliwala, Ajay Maddukuri, John G. McDonald, Curtis Watson
  • Patent number: 11082214
    Abstract: A key generation apparatus includes a memory, a communication interface, and a processor. The memory stores a first private key corresponding to a first public key. The communication interface communicates with a peer apparatus that stores the first public key. The processor generates a second public key and a second private key in response to a key update request from the peer apparatus, generates a digital signature by encrypting data including the second public key with the first private key, and sends a message including the data and the digital signature to the peer apparatus. In addition, the processor switches the first private key to the second private key.
    Type: Grant
    Filed: October 1, 2019
    Date of Patent: August 3, 2021
    Inventors: Koichi Yasaki, Tadanobu Tsunoda, Kazuaki Nimura
  • Patent number: 11080697
    Abstract: Systems and methods are provided for authenticating users to payment accounts in connection with transactions. An exemplary method includes receiving, by at least one computing device, an authentication request for a transaction associated with a payment account where the authentication request includes a token associated with the payment account and a cryptogram, and mapping the token to a primary account number (PAN) for the payment account. The method also includes validating the cryptogram, generating a directory server nonce (DSN) for the authentication request, and transmitting the DSN and the account number to an access control server (ACS) associated with an issuer of the payment account. The method further includes, in response to an issuer authentication value (IAV), compiling an accountholder authentication value (AAV) including the IAV, the DSN and an amount of the transaction, and transmitting the AAV to one of a merchant and a server.
    Type: Grant
    Filed: October 5, 2017
    Date of Patent: August 3, 2021
    Inventors: Sowmya Reddy Lakka, Brian Piel, Vincenzo Palomba, Jonathan James Main, David Anthony Roberts
  • Patent number: 11075765
    Abstract: The techniques described herein facilitate scope-based certificate deployment for secure dedicated tenant access in multi-tenant, cloud-based content and collaboration environments. In some embodiments, a method is described that includes receiving an incoming authentication request from an access system, wherein the authentication request includes metadata, extracting the metadata from the authentication request, and processing the metadata to identify a tenant corresponding to the request. A tenant-specific certificate associated with the tenant is then accessed and provided to the access system for validation by a third-party certificate authority.
    Type: Grant
    Filed: May 21, 2019
    Date of Patent: July 27, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Mangalam Rathinasabapathy, Patrick Simek, Xinghuo Zeng, Harpreet Miglani, Roshane Silva
  • Patent number: 11064090
    Abstract: A management apparatus connected to an image forming apparatus for managing usage of the image forming apparatus is disclosed. The management apparatus includes a user data storage part for storing user identification data and use restriction data corresponding to the user identification data, and a use restriction data acquiring part for acquiring the use restriction data corresponding to the user identification data.
    Type: Grant
    Filed: November 12, 2019
    Date of Patent: July 13, 2021
    Assignee: Ricoh Company, Ltd.
    Inventors: Atsushi Sakagami, Naoto Sakurai, Daiya Miyasaka, Koji Sasaki, Tomoko Nishizawa
  • Patent number: 11057205
    Abstract: A seed key is expanded using a base primitive scheme. The first x bits of a seed key are used to determine a count number. These first x bits of the seed key are rotated from the front of the seed key to the back of the seed key. A pointer is then moved down the seed key a number of places corresponding to the count number. A specific bit pointed to by the pointer is then removed from the seed key and placed in the expanded key. After the deletion, the bit pointed to by the pointer is considered the front of the seed key and the process repeats until all the bits have been extracted and placed in the expanded key. These count numbers are also used to determine the specific bits to be removed from the plain text block and inserted into the cipher text block.
    Type: Grant
    Filed: December 4, 2018
    Date of Patent: July 6, 2021
    Inventor: Marc Leo Prince
  • Patent number: 11050733
    Abstract: A method for controlling communications between a data processing device in a first network and a target service in a second network via a gateway apparatus, the method comprising: transmitting a request to communicate with the target service from the data processing device to the gateway apparatus; transmitting device credentials from the data processing device to the gateway apparatus, wherein the credentials comprise information relating to the target service; verifying at the gateway apparatus an authentication status of the data processing device based on the device credentials; establishing a communication path between the data processing device and the target service if the authentication status is verified.
    Type: Grant
    Filed: July 23, 2019
    Date of Patent: June 29, 2021
    Assignee: ARM IP Limited
    Inventors: Amyas Edward Wykes Phillips, Milosch Meriac
  • Patent number: 11050558
    Abstract: A secure multi-party computation implements real number arithmetic using modular integer representation on the backend. As part of the implementation, a secret shared value jointly stored by multiple parties in a first modular representation is cast into a second modular representation having a larger most significant bit. The parties use a secret shared masking value in the first representation, the range of which is divided into two halves, to mask and reveal a sum of the secret shared value and the secret shared masking value. The parties use a secret shared bit that identifies the half of the range that contains the masking value, along with the sum to collaboratively construct a set of secret shares representing the secret shared value in the second modular format. In contrast with previous work, the disclosed solution eliminates a non-zero probability of error without sacrificing efficiency or security.
    Type: Grant
    Filed: November 9, 2020
    Date of Patent: June 29, 2021
    Inventors: Mariya Georgieva, Nicolas Gama, Dimitar Jetchev
  • Patent number: 11050568
    Abstract: A recording system that is designed to record a personal meeting between a service provider and a key-holder participant that includes an encryption subsystem, a recording means and a memory means. The recording means films the personal meeting and streams it to the encryption subsystem that encrypts the film and sends it to the memory means. The encryption subsystem includes an encryption means, a decryption means and a key reader. The encrypted film can be decrypted only by using a personal key of the key-holder participant.
    Type: Grant
    Filed: August 7, 2017
    Date of Patent: June 29, 2021
    Inventors: Eliahu Antopolsky, Yacov Gottman
  • Patent number: 11025435
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based cross-entity authentication are provided. One of the methods includes: obtaining, from a blockchain, a blockchain transaction comprising an authentication request by a first entity for authenticating a user, wherein the authentication request comprises a decentralized identifier (DID) of the user; in response to determining that the first entity is permitted to access authentication information of the user endorsed by a second entity, obtaining an authentication result of the user by the second entity in response to the obtained blockchain transaction, wherein the authentication result is associated with the DID; generating a different blockchain transaction comprising the authentication result; and transmitting the different blockchain transaction to a blockchain node for adding to the blockchain.
    Type: Grant
    Filed: November 2, 2020
    Date of Patent: June 1, 2021
    Inventors: Shubo Li, Jiawei Liu, Renhui Yang
  • Patent number: 11025419
    Abstract: A system for digital identity authentication including a computer system or platform to enable users (individual, identity editor, requestor) using invariant and variant data on an identity server which uses multi-factor authentication to: 1) The paired identity editor creates a public identifier of the individuals constructed from invariant data and signs/encrypts the individual's user data (including public identifier) with identity editor's private key (hardware) and links the public identifier to the encrypted data record; 2) a requestor obtains public identifier from the individual who wants to disclose his identity and executes an identity verification request (challenge) to an identity server, identity server sends identity verification request (challenge) to individual; 3) individual utilizes individual's private key (hardware) to sign/authenticate identity verification request (challenge); 4) identity server then uses the public key of the paired identity editor to decrypt the individuals data and to
    Type: Grant
    Filed: August 17, 2018
    Date of Patent: June 1, 2021
    Inventor: Alexander J. M. Van Der Velden
  • Patent number: 11012435
    Abstract: A method and system of authenticating a user are provided. A request for a resource is received from a user device. A predefined number is received. A first number and a second number are created. A first discrete logarithm based on the first number and the predefined number is determined and sent to the user device, together with the second number. A second discrete logarithm is received from the user device. A first pass code is calculated via a third discrete logarithm, based on the second discrete logarithm, the first number, and the predefined number. A second pass code is received via a fourth discrete logarithm, based on the first discrete logarithm, the third number, and the predefined number. Upon determining that the first pass code is identical to the second pass code, the user device is allowed to access a resource associated with the computing device.
    Type: Grant
    Filed: December 19, 2017
    Date of Patent: May 18, 2021
    Inventors: Yi-Chun Chen, Wen-Ping Chi, Chao Yuan Huang, Ting-Yi Wang
  • Patent number: 10999259
    Abstract: A semi-complete secure data container is associated with a unique identifier by a requesting entity. The data container link/portal address, and a request to add data to the container, are combined into a message that is sent to a client. Upon receipt of the request, the client need not do anything to create a secure environment by which to protect the data. The secure environment, or data container, is already created and is merely awaiting data; data supplied by the client. Once the client places the requested data into the data container, the container closes. The data when added is a unidirectional one-way flow and cannot be accessed once added by the sending party. The container, now closed and containing the sending party's data, returns to the original requesting entity per the unique identifier.
    Type: Grant
    Filed: November 4, 2019
    Date of Patent: May 4, 2021
    Assignee: ShortSave, Inc.
    Inventor: Karl Matthew Falk
  • Patent number: 10999264
    Abstract: A base key that is stored at a device may be received. A network identification may further be received. A device identification key may be generated based on a combination of the network identification and the base key. Furthermore, the device identification key may be used to authenticate the device with a network that corresponds to the network identification.
    Type: Grant
    Filed: August 24, 2015
    Date of Patent: May 4, 2021
    Assignee: Cryptography Research, Inc.
    Inventors: Philippe Alain Martineau, Ambuj Kumar, William Craig Rawlings
  • Patent number: 10984128
    Abstract: These solutions concern transforming a communication network into a scalable network to also automate personalized rapid healthcare support. They integrate biometric identification capabilities into a network entity of, or a resource communicably connectible with, a serving network by using computers to mediate biometric identification and location data. Network operators will provide always on enhanced emergency connectivity for mobility and roaming for user equipment to leverage biometric identification for rapid healthcare support and to produce a unified result set, without risk of undue disclosure of raw biometric data or of selected portions of health profile information. These techniques also support personalized, urgency-supported, healthcare to optimize biometrically-link identifiers/network keys (PUSH TO BLINK), even over a visited operator's IP services.
    Type: Grant
    Filed: January 28, 2018
    Date of Patent: April 20, 2021
    Inventor: Steven Miles Hoffer
  • Patent number: 10979396
    Abstract: A method comprising: when a user attempts to access: redirecting the user to a Triple Blind Identity Exchange Service (TBIES) Discovery Service (TBIES DS); redirecting, by the TBIES DS, the user back while providing a blinded name of a selected Identity Provider (IdP), redirecting the user to a TBIES-Service Provider (SP) proxy with a federation request; and blinding, by the TBIES-SP proxy, the identity of the SP and any user identifiable data and redirecting the user to a TBIES-IdP proxy, which performs any required data manipulation and redirects the user to the IdP. The IdP authenticates the user, and redirects the user to the TBIES-IdP proxy, which blinds the identity of the IdP, blinds all user information, and redirects to the SP-Proxy, which unblinds the transaction and redirects the user to the SP, where the SP consumes the assertion and decides whether to permit the user access.
    Type: Grant
    Filed: April 1, 2017
    Date of Patent: April 13, 2021
    Inventor: Ravi Ganesan
  • Patent number: 10977384
    Abstract: This document relates to hardware protection of differential privacy techniques. One example obtains multiple instances of encrypted telemetry data within a secure enclave and processes the encrypted telemetry data to obtain multiple instances of unencrypted telemetry data. The example also processes, within the secure enclave, the multiple instances of unencrypted telemetry data to obtain a perturbed aggregate. The example also releases the perturbed aggregate from the secure enclave.
    Type: Grant
    Filed: November 16, 2017
    Date of Patent: April 13, 2021
    Assignee: Microsoft Technoogy Licensing, LLC
    Inventors: Josh D. Benaloh, Harsha P. Nori, Janardhan Dattatreya Kulkarni, Joshua Stanley Allen, Jacob Rubin Lorch, Melissa Erin Chase, Olga Ohrimenko, Sergey Yekhanin, Srinath T. V. Setty, Bolin Ding
  • Patent number: 10970274
    Abstract: A software-based method and system for maintaining documents and datasets associated with a given commercial transaction as original, authenticated documents or datasets associated with the underlying transaction. Datasets that have been designated as “auditable” are maintained by the system as tamper-evident and reflect the data actually provided to the system by the transaction owner or a trusted third party at each stage of the transaction. In certain preferred embodiments the system establishes and maintains a verified, original audit trail or trails reflecting the custodial chain of ownership of said data. A visual interface is provided to the stakeholders for secure access to authoritative copies of documents, transaction data and the related audit trails. In addition, the system includes real-time analytics and monitoring with threshold-based alerts, and drill-down capability to any level of the data, documents and audit trail.
    Type: Grant
    Filed: September 19, 2016
    Date of Patent: April 6, 2021
    Assignee: eOriginal, Inc.
    Inventors: Stephen F. Bisbee, James W. Tebay, Adam J. Attinello