By Public Key Method Patents (Class 380/282)
  • Patent number: 10347215
    Abstract: A user manipulates a document using a desktop computer with a large screen. Upon deciding to sign the document, the user invokes a “Sign with Mobile” workflow that causes a two-dimensional barcode to be displayed. Using a signature acquisition application executing on his or her smartphone, the user scans the displayed barcode and creates an electronic signature by snapping a photograph of a conventional pen-and-paper signature or by detecting a handwritten signature drawn on a touch sensitive surface. The signature acquisition application sends the resulting electronic signature to the desktop computer, for example via an electronic signature server. The user is then able to apply the electronic signature to the document as desired.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: July 9, 2019
    Assignee: Adobe Inc.
    Inventors: Rahul Bansal, Nikhil Dang
  • Patent number: 10324915
    Abstract: An information processing apparatus includes a processor, a plurality of storage devices, and an FPGA. The plurality of storage devices stores a plurality of items of segment data. Each item of segment data includes configuration information on a configuration of the segment data. A search command in which search target segment data and a search formula for the database are described is received from a host computer. The FPGA reads the configuration information relating to the search target segment data, analyzes the search formula to specify column data to be used for search, specifies, based on the read configuration information, a storage location of the specified column data in the search target segment data, reads column data to be used by the specified search target from the storage device in which the search target segment data is stored and executes search, and returns the search result to the host computer.
    Type: Grant
    Filed: January 4, 2017
    Date of Patent: June 18, 2019
    Assignee: Hitachi, Ltd.
    Inventors: Yuji Saeki, Satoru Watanabe
  • Patent number: 10313371
    Abstract: A system and method for auditing data. A first request, the request including at least one data item and generated at a client may be received. The at least one data item may be processed to produce at least one processed data item. A second request may be generated based on the first request and on the processed data items. The second request may be forwarded to a server.
    Type: Grant
    Filed: May 19, 2011
    Date of Patent: June 4, 2019
    Assignee: CyberArk Software Ltd.
    Inventors: Ben Matzkel, Maayan Tal, Aviad Lahav
  • Patent number: 10305693
    Abstract: Embodiments include method, systems and computer program products for anonymous secure socket layer (SSL) certificate verification in a trusted group. In some embodiments, a device associated with a user receiving a web server certificate from a web server. A message that includes the web server certificate and associated universal resource locator (URL) may be encrypted using a group key and a proxy key. The message may be transmitted to a proxy server. An anonymized request based on the message may be received from the proxy server. An encrypted response may be generated and transmitted to the proxy server. Encrypted and anonymized responses from members of a trusted group may be received. The responses may be processed and an action associated with the web server certificate may be facilitated.
    Type: Grant
    Filed: November 3, 2016
    Date of Patent: May 28, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Karsten Graul, Marco H. Kroll, Jakob C. Lang, Rene Trumpp
  • Patent number: 10289813
    Abstract: Mechanisms are disclosed herein for storing various records. Numerous keys and parties can access online repositories. These repositories contain a plurality of lockboxes, structured hierarchically and otherwise, providing public and private areas with varying levels of access. Some content of such lockboxes can be sharable. These lockboxes can be used not only to store diverse content, ranging from birth certificates to deeds and social security numbers, but they can also be accessed in a variety of ways. For example, keys to lockboxes can be made available by such events as the issuing of death certificates or birth certificates. Alternatively, keys can be issued according to various rules and heuristics stipulated by lockbox users. In either case, the plurality of lockboxes residing in repositories can be configured to provide centralized storage facilities that are secure and readily accessible from various computing devices.
    Type: Grant
    Filed: June 13, 2017
    Date of Patent: May 14, 2019
    Assignee: United Services Automobile Association (USAA)
    Inventors: Randy Ray Morlen, Charles Lee Oakes, Rickey Dale Burks
  • Patent number: 10268532
    Abstract: The present disclosure provides an application message processing system, method, and application device. The processing system includes an application device and a message forwarder. The application device is configured to perform authentication on a transmitting-end corresponding to a received first-type application message, send the first-type application message to the message forwarder if the transmitting-end has a message sending permission; perform authentication on a target receiving-end corresponding to a received second-type application message, and initiate a consumption operation of the second-type application message to the target receiving-end if the target receiving-end has a message receiving permission. The message forwarder is configured to receive the first-type application message from the application device, or to send the second-type application message to the application device.
    Type: Grant
    Filed: November 30, 2017
    Date of Patent: April 23, 2019
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Tao Yang
  • Patent number: 10255455
    Abstract: A system and method is provided to allow access to centralized patient data captured from a medical device across an open network to a third party. The system and method receives the request based upon patient-specific information, checks the request and allows access if the request matches stored information.
    Type: Grant
    Filed: November 26, 2013
    Date of Patent: April 9, 2019
    Assignee: FISHER & PAYKEL HEALTHCARE LIMITED
    Inventor: Benjamin Wilson Casse
  • Patent number: 10242206
    Abstract: A method includes extracting from a computer-based system, (e.g., a role-based access control system) information identifying users and information identifying one or more profiles for each of the users, creating one computer-based user bloom filter for each one of the users, creating one computer-based profile bloom filter for each one of the profiles and creating one action bloom filter for each of a plurality of possible end user queries. Each profile corresponds to one or more assigned authorizations, each user bloom filter correlates an associated one of the users to one or more of the assigned profiles, each profile bloom filter correlates an associated one of the profiles to one or more of the assigned authorizations, and each action bloom filter correlates an associated one of the possible end user queries to a set of users that are authorized to perform the action associated with the corresponding end user query.
    Type: Grant
    Filed: September 1, 2016
    Date of Patent: March 26, 2019
    Assignee: Onapsis, Inc.
    Inventors: Sergio Abraham, Fernando Russ
  • Patent number: 10237077
    Abstract: A method for protected communication by a vehicle which includes generating a key pair consisting of a private key and a public key and/or of one or more symmetric keys for the vehicle or for a controller of the vehicle in the area of influence of the vehicle manufacturer, generating a first certificate using the key pair, introducing the key pair and the first certificate and/or the symmetric key into the vehicle or the controller, authenticating the vehicle or the controller to a new communication partner by generation of a new key pair for this communication path and sending a signed message together with the certificate, and authenticating a new communication partner to the vehicle or the controller using a signed message and a public key, which are produced by the new communication partner on the basis of a certification by the vehicle manufacturer.
    Type: Grant
    Filed: October 11, 2016
    Date of Patent: March 19, 2019
    Assignee: Volkswagen AG
    Inventors: Timo Winkelvos, Alexander Tschache
  • Patent number: 10229286
    Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.
    Type: Grant
    Filed: June 22, 2017
    Date of Patent: March 12, 2019
    Assignee: Airbnb, Inc.
    Inventors: Ismail Cem Paya, Nelson Aurel Gauthier, Kevin Nguyen
  • Patent number: 10212217
    Abstract: A data transmission method and apparatus avoids uneven loading of stored data, supports allocation of storage spaces with load balancing, and supports fast access to data. The method may include receiving, by a distributed storage system, data and a corresponding data key sent by a client. Nodes are allocated to the data according to load conditions of nodes in the distributed storage system. The data is stored in the corresponding nodes. A constructed key is generated for the data, which includes the data key and node routing information corresponding to a location where the data is stored. The constructed key is returned to the client. The client uses the constructed key to acquire the stored data. The distributed storage system receives the constructed key, retrieves the stored data based on the routing information in the constructed key and sends the data to the client.
    Type: Grant
    Filed: January 28, 2016
    Date of Patent: February 19, 2019
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Yang Liu, Fangming Zou
  • Patent number: 10200469
    Abstract: The application discloses a method and a system for information synchronization between cloud storage gateways and a cloud storage gateway, to resolve a problem that an address obtained by a cloud storage gateway is usually a dynamic address or even a private address, and it is difficult to perform direct communication and impossible to perform directory synchronization. A cloud storage gateway obtains, from a cloud message queue of a cloud service provider, a directory distributed by another cloud storage gateway; and therefore, as long as the cloud storage gateway can communicate with the cloud service provider, directory synchronization can be implemented without a need of direct communication between the cloud storage gateways. Therefore, even through an address obtained by the cloud storage gateway is a dynamic address or a private address, directory synchronization is not affected.
    Type: Grant
    Filed: October 23, 2014
    Date of Patent: February 5, 2019
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Feng Dong, Wei Zhang
  • Patent number: 10192062
    Abstract: Techniques for multiplexing between an execute-in-place (XIP) mode and a memory-mapped input/output (MMIO) mode for access to external memory devices are described herein. In an example embodiment, an IC device comprises a serial interface and a controller that is configured to communicate with external memory devices over the serial interface. The controller comprises a control register and a cryptography block. The control register is configured to indicate an XIP mode or a MMIO mode. The cryptography block is configured to encrypt and decrypt XIP data transfers to and from a first external memory device in the XIP mode, and to encrypt and decrypt MMIO data transfers to and from a second external memory device in the MMIO mode.
    Type: Grant
    Filed: December 21, 2017
    Date of Patent: January 29, 2019
    Assignee: Cypress Semiconductor Corporation
    Inventors: Hans Van Antwerpen, Jan-Willem Van de Waerdt
  • Patent number: 10181951
    Abstract: A system and method for supporting encryption key retrieval. A first digital key is created. A first protected key is created by applying a first protection algorithm based on a first user provided password to the first digital key. A first unlock key is created that is separate from the first digital key. A second protected key is created by applying a second protection algorithm based on the first unlock key to the first digital key. The first protected key and the second protected key are stored. The first unlock key is sent to a remote storage and no copy of the unlock key is retained after the sending the first unlock key.
    Type: Grant
    Filed: May 13, 2016
    Date of Patent: January 15, 2019
    Assignee: BlackBerry Limited
    Inventors: Neil Patrick Adams, David Bajar
  • Patent number: 10171236
    Abstract: A method for operating a primary unit which exchanges pieces of information with a secondary unit, including receiving first pieces of information from the secondary unit, the first pieces of information formed as a function of at least one first measured value of a physical variable in the area of the secondary unit and as a function of a first random number; measuring the physical variable in the area of the primary unit to obtain a second measured value; ascertaining a first estimated value for the first random number as a function of the first pieces of information and the second measured value; measuring the physical variable in the area of the primary unit to obtain a third measured value; forming second pieces of information as a function of the first estimated value and the third measured value; transmitting the second pieces of information to the secondary unit.
    Type: Grant
    Filed: September 12, 2016
    Date of Patent: January 1, 2019
    Assignee: ROBERT BOSCH GMBH
    Inventors: Christopher Huth, Paulius Duplys
  • Patent number: 10163080
    Abstract: An apparatus for use in electronic document control includes a storage device a processor coupled to the storage device. The storage device storing software instructions for controlling the processor that when executed by the processor configure the processor to: receive a signal representing data including an original document, append a unique identifier to the original document to generate a modified document, generate a hash value of the modified document, and transmit the hash value corresponding to the modified document to an electronic distributed ledger.
    Type: Grant
    Filed: August 12, 2016
    Date of Patent: December 25, 2018
    Assignee: The Toronto-Dominion Bank
    Inventors: Arthur Carroll Chow, Paul Mon-Wah Chan, Perry Aaron Jones Haldenby, John Jong Suk Lee
  • Patent number: 10157283
    Abstract: Techniques for multiplexing between an execute-in-place (XIP) mode and a memory-mapped input/output (MMIO) mode for access to external memory devices are described herein. In an example embodiment, an IC device comprises a serial interface and a controller that is configured to communicate with external memory devices over the serial interface. The controller comprises a control register and a cryptography block. The control register is configured to indicate an XIP mode or a MMIO mode. The cryptography block is configured to encrypt and decrypt XIP data transfers to and from a first external memory device in the XIP mode, and to encrypt and decrypt MMIO data transfers to and from a second external memory device in the MMIO mode.
    Type: Grant
    Filed: December 21, 2017
    Date of Patent: December 18, 2018
    Assignee: Cypress Semiconductor Corporation
    Inventors: Hans Van Antwerpen, Jan-Willem Van de Waerdt
  • Patent number: 10136310
    Abstract: A wireless device and a method for secure data transmission is described. Information representing biometric data of a user is obtained. The information is processed to produce a code and the code is sent over a wireless technology. A response is requested of a device that has a matching code, where the matching can be within a predetermined tolerance. A response is received that includes at least one of a public key which includes the code as a part of the key and the identity of the device having the matching code. The data to be transmitted is encrypted with the public key and sent to the device with the matching code.
    Type: Grant
    Filed: April 24, 2015
    Date of Patent: November 20, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Roope Rainisto
  • Patent number: 10129252
    Abstract: A system and method of validating an identity of a user device is disclosed that includes registering a biometric signature with an authoritative identity source, transmitting an encrypted user identity element from the authoritative identity source to a user device, sending an identity request from a third party entity to the user device, transmitting the encrypted user identity element from the user device to the third party, sending an identity validation request from the third party to the authoritative identity source, transmitting a communication from the authoritative identity request to the third party entity, and informing the third party entity if the identity of the user is confirmed.
    Type: Grant
    Filed: December 17, 2015
    Date of Patent: November 13, 2018
    Assignee: WELLS FARGO BANK, N.A.
    Inventor: Darrell L. Suen
  • Patent number: 10129687
    Abstract: Some examples include a plurality of secure low-power compressive sensing sensor blocks able to communicate with each other and with a computing device to perform spatial and/or temporal compressive sensing. As one example, a first sensor block may obtain data by randomly sampling a sensor signal from a first sensor coupled to the first sensor block. The first sensor block may send the data obtained from the randomly sampled sensor signal to at least one other sensor block of the plurality of sensor blocks, wherein the data is distributed to the plurality of sensor blocks. In addition, at least one of the first sensor block or another sensor block may process the data to at least one of packetize or encrypt the data. The first sensor block and/or the other sensor block may send the processed data to the computing device.
    Type: Grant
    Filed: August 11, 2015
    Date of Patent: November 13, 2018
    Assignee: BIOBIT, INC.
    Inventors: Rohit Mittal, Neeraj Jhanji
  • Patent number: 10110579
    Abstract: Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.
    Type: Grant
    Filed: August 24, 2015
    Date of Patent: October 23, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Nathan R. Fitch, Gregory B. Roth, Graeme D. Baer
  • Patent number: 10097518
    Abstract: A method for securely distributing a profile within a dispersed storage network (DSN) that begins by encrypting a profile using a key. The method continues by encoding the encrypted profile in accordance with a dispersed storage error encoding function. The method continues by outputting the set of encoded profile slices to the DSN for storage therein. The method continues by encoding the key in accordance with an error encoding function and outputting the set of secure key portions to a set of devices of the DSN for storage therein. A device obtains the profile by retrieving secure key portions from the set of devices and recovering the key therefrom. The device then retrieves encoded profile slices from the DSN and decodes them to recover the encrypted profile. The device then decrypts the encrypted profile using the key to recover the profile.
    Type: Grant
    Filed: June 17, 2013
    Date of Patent: October 9, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: S. Christopher Gladwin, Kumar Abhijeet, Greg Dhuse, Jason K. Resch
  • Patent number: 10091196
    Abstract: A method and apparatus for authenticating a user is disclosed that includes measuring biometric information of the user to create biometric measurement information, determining whether a private key included in a user authentication request signal matches a private key issued in advance to the user, comparing pre-set biometric authentication information for the user with the biometric measurement information, calculating a matching ratio when a match is detected, authenticating the user having provided the biometric information as an authorized user based on a result of comparison of the calculated matching ratio with a pre-determined biometric authentication threshold value, and providing an updated private key to the information processing device based on a result of comparison of the calculated matching ratio with a pre-determined updated threshold value.
    Type: Grant
    Filed: December 29, 2015
    Date of Patent: October 2, 2018
    Assignee: SUPREMA HQ INC.
    Inventors: Kideok Lee, Hochul Shin, Hyeonchang Lee, Jae Won Lee, Bong Seop Song
  • Patent number: 10075596
    Abstract: A method and apparatus for sharing a service in a wireless network are disclosed. For example, the method receives a request for sharing a service from a first user endpoint device associated with a first customer, wherein the request is directed to a second user endpoint device associated with a second customer, performs an authentication of the first user endpoint device, determines whether the first user endpoint device has a subscription to a sharing service, determines whether the second user endpoint device has a subscription to the sharing service, attempts to obtain an authorization to enable the first user endpoint device to access the service that is associated with the second user endpoint device, wherein the service is related to a financial transaction privilege and provides a response granting the request for the sharing of the service, if the authorization is received.
    Type: Grant
    Filed: June 1, 2012
    Date of Patent: September 11, 2018
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Soumyajit Chakraborty, James Gordon Beattie, Jr., Stephen J. Griesmer, Shiv Kumar
  • Patent number: 10055599
    Abstract: Disclosed are systems and processing methods that may be performed by first, second, and third processor units to give access to an item of sensitive text data from a secure electronic document. In various implementations, the systems and methods may perform operations that include obtaining the secure electronic document; triggering the display of the secure document on a first terminal; selecting at least one marker contained in the secure document; determining secure data; and on the basis of said secure data, determining the item of sensitive text data. In various implementations, the third unit may trigger the display of the item of sensitive text data, and the second and third processor units may be distinct from the first unit and may execute an operating system that is independent of the operating system of the first processor unit.
    Type: Grant
    Filed: December 2, 2014
    Date of Patent: August 21, 2018
    Assignee: IDEMIA FRANCE
    Inventor: Jean-Loup Depinay
  • Patent number: 10020946
    Abstract: Embodiment herein provide, for example, a method, comprising: downloading an encrypted data block from a server, where the encrypted data block includes a server-stored symmetric key; and decrypted the encrypted data block with a locally-stored symmetric key, where the sever-stored symmetric key: encrypts a message before transmitting a message to it's intended recipient; and decrypts a received message.
    Type: Grant
    Filed: August 31, 2015
    Date of Patent: July 10, 2018
    Assignee: CYPH, INC.
    Inventors: Ryan Lester, Bryant Zadegan
  • Patent number: 10007786
    Abstract: A computer-implemented method for detecting malware may include (1) identifying a behavioral trace of a program, the behavioral trace including a sequence of runtime behaviors exhibited by the program, (2) dividing the behavioral trace to identify a plurality of n-grams within the behavioral trace, each runtime behavior within the sequence of runtime behaviors corresponding to an n-gram token, (3) analyzing the plurality of n-grams to generate a feature vector of the behavioral trace, and (4) classifying the program based at least in part on the feature vector of the behavioral trace to determine whether the program is malicious. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: November 28, 2015
    Date of Patent: June 26, 2018
    Assignee: Symantec Corporation
    Inventors: Sandeep Bhatkar, Jugal Parikh, Carey Nachenberg
  • Patent number: 9998432
    Abstract: A system and method is disclosed for assuring that networked communications between parties playing a game on a network (e.g., the Internet) are not tampered with by either of the parties for illicitly gaining an advantage over the other party. An initial sequence of tokens (e.g., card representations) for playing the game are doubly encrypted using an encryption key from each of the parties. Accordingly, during play of the game neither party can modify the initial sequence of game tokens during the game. At termination of the game, at least one of the parties can fully decrypt the initial sequence of tokens, and thereby, if desired, compare the played token sequence with the corresponding the initial token sequence.
    Type: Grant
    Filed: December 28, 2015
    Date of Patent: June 12, 2018
    Assignee: Dennis Duray
    Inventor: Dennis Dupray
  • Patent number: 9973337
    Abstract: A domain is identified from a communication address. The domain corresponds to a host name. Resource records associated with the host name are caused to be queried for a public key reference. The public key reference is received in response to the caused resource record query. A public key associated with the communication address is identified based on the public key reference.
    Type: Grant
    Filed: November 18, 2015
    Date of Patent: May 15, 2018
    Assignee: International Business Machines Corporation
    Inventors: Yaser K. Doleh, Mauro Marzorati, John C. Wingenbach
  • Patent number: 9954832
    Abstract: In one embodiment, a method of secure network transmission is performed by a computer system. The method includes encrypting a payload via a first symmetric key and encrypting the first symmetric key via a second symmetric key. The method further includes encrypting an author header comprising the encrypted first symmetric key and a recipient list via a third symmetric key, wherein the recipient list comprises at least one recipient. The method also includes encrypting the third symmetric key via a public asymmetric key associated with an authentication server. Furthermore, the method includes transmitting the encrypted author header and the encrypted third symmetric key to the authentication server for use in recipient-initiated pre-access authentication. In addition, the method includes transmitting the encrypted payload and the second symmetric key over a computer network to the at least one recipient.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: April 24, 2018
    Assignee: Encryptics, LLC
    Inventors: Cody Pollet, Charles Burgess, Courtney Roach, Brandon Hart
  • Patent number: 9942042
    Abstract: A digitally signed authentication assertion is generated in response to successful authentication of a current user of a user device by using a signing key that is uniquely assigned to the authenticator process to digitally sign a document indicating that the current user of the user device was successfully authenticated on the user device. The signing key uniquely assigned to the authenticator process is stored in a key container associated with the user device, and the key container is located on a key container server that is physically separate from the user device. The digitally signed authentication assertion is conveyed from the authenticator process to an authentication service, in order to securely indicate to the authentication service that the current user of the user device has been verified as an authentic user by the authenticator process.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: April 10, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Lawrence N. Friedman, Kayvan Alikhani
  • Patent number: 9934069
    Abstract: A method is used in managing provisioning of storage resources. An access is provided to a provisioning decision making service configured to derive a storage provisioning decision based on information provided to the provisioning decision making service. Provisioning of storage resources is enabled on a storage system over a communication medium by using the provisioning decision making service.
    Type: Grant
    Filed: March 19, 2013
    Date of Patent: April 3, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Alexey Alexandrovich Polkovnikov, Dmitry Nikolayevich Tylik, Sergey Alexandrovich Alexeev
  • Patent number: 9881173
    Abstract: A method, a data processing system, and a computer program product for managing cryptographic information. A determination is made as to whether a first time stamp of when cryptographic information was created is more recent than a second time stamp of a backup of the cryptographic information in response to receiving a request for the cryptographic information from a requester. The cryptographic information is used to encrypt data. The cryptographic information is prevented from being provided to the requester in response to a determination that the first time stamp of cryptographic information creation is more recent than the second time stamp of the backup of the cryptographic information.
    Type: Grant
    Filed: June 27, 2016
    Date of Patent: January 30, 2018
    Assignee: International Business Machines Corporation
    Inventors: Kristin M. Hazlewood, John T. Peck, Krishna K. Yellepeddy
  • Patent number: 9871662
    Abstract: A certificate orchestration system for digital certificate and encryption key management is provided herein along with associated methods. The system includes a certificate orchestration server having a processing device in communication with a coupled storage system that is coupled to the certificate orchestration server. The system further includes an interface provided by the certificate orchestration server to a client device; and a database to store digital certificates and keys. The certificate orchestration server is configured to receive a request from the client device to generate a digital certificate and an associated public key, receive the digital certificate and associated public key from a third-party certificate authority system over an external network, store the digital certificate and public key in the coupled storage system. The coupled storage system is not directly connected to the client device.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: January 16, 2018
    Assignee: NETFLIX, INC.
    Inventor: Kevin Glisson
  • Patent number: 9860060
    Abstract: A method according to an embodiment includes transforming registered data on a user, which is encrypted with an encryption algorithm that enables a calculation of a Hamming distance in an encrypted state, such that a calculation result of a Hamming distance between the registered data and verification data that is encrypted with the algorithm includes a Hamming distance between the verification data and the user's registered data and a Hamming distance between the verification data and a random vector generated from the user's registered data; calculating a Hamming distance between the verification data and the registered data; and determining whether the input verification data is false based on a result of comparison of each of the Hamming distance between the verification data and the user's registered data and the Hamming distance between the verification data and the random vector included in the calculated Hamming distance with a threshold.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: January 2, 2018
    Assignee: FUJITSU LIMITED
    Inventors: Yumi Sakemi, Masahiko Takenaka, Masaya Yasuda
  • Patent number: 9842215
    Abstract: A computer-implemented system and method for anonymizing encrypted data is provided. At least one attribute is identified within a dataset for anonymization and is associated with a plurality of data values. Each data value is encrypted for each identified attribute while maintaining an order of the encrypted data values. The encrypted values are ordered and the ordered encrypted data values are segmented into two or more classes based on the ordering of the encrypted data values. A range of the encrypted data values within each of the segmented classes is identified and the range of one of the classes is assigned to each encrypted data value within that class as anonymized data.
    Type: Grant
    Filed: November 3, 2015
    Date of Patent: December 12, 2017
    Assignee: Palo Alto Research Center Incorporated
    Inventors: Julien Freudiger, Alejandro E. Brito, Shantanu Rane, Ersin Uzun
  • Patent number: 9826064
    Abstract: For securely transferring session information between a client and a server using claim numbers, a method is provided, including generating a claim number associated with a data session of a local device. The method may further include receiving a claim pickup request from a client application, the claim pickup request including the claim number. The method may also include verifying that the client application is executing on local device, responsive to the claim pickup request, and returning a session information package for the data session based on the claim number, in response to the claim pickup request.
    Type: Grant
    Filed: February 23, 2015
    Date of Patent: November 21, 2017
    Assignee: Lenovo (Singapore) PTE. LTD.
    Inventors: Matthew William Fardig, Travis Lee Ennis, Roger Alan Thomas
  • Patent number: 9825920
    Abstract: A computer-implemented method is provided that includes propagating a first identifier and a first key to one or more cipher engines on a computing system, the one or more cipher engines configured to perform at least one of decryption and encryption based on a first cryptographic scheme from a plurality of cryptographic schemes identified by the first identifier, and the first key; on expiration of the first identifier and the first key, propagating a second identifier and a second key to the one or more cipher engines on the computing system and instructions for configuring the one or more cipher engines to change the first cryptographic scheme to a second cryptographic scheme based on the second identifier and the second key; and setting a time window beyond the expiration for acceptance of messages encrypted in the first cryptographic scheme and messages encrypted in the second cryptographic scheme.
    Type: Grant
    Filed: November 2, 2015
    Date of Patent: November 21, 2017
    Assignee: GOOGLE LLC
    Inventors: Marcel M. M. Yung, Nunzio Thron, Gang Wang
  • Patent number: 9825977
    Abstract: Disclosed are systems and methods for controlling access to data of a user device using a security application that provides accessibility services. An exemplary method comprises: executing, on the user device, the security application and one or more user applications; intercepting, by an interception module of the security application using a plurality of accessibility API functions, data accessed by a user application being executed on the user device; determining, by a categorization module of the security application, a category of intercepted data; intercepting, by the interception module using the accessibility API functions, one or more events of user's interaction with a user interface of the user application; and determining, by an access control module of the security application, an access control policy that specifies and controls whether to allow a user's access to the intercepted data based on the category of intercepted data and types of intercepted events.
    Type: Grant
    Filed: November 23, 2016
    Date of Patent: November 21, 2017
    Assignee: AO Kaspersky Lab
    Inventors: Alexey A. Demov, Konstantin M. Filatov, Victor V. Yablokov
  • Patent number: 9813234
    Abstract: A method and apparatus are provided for secure multiparty computation. A set of first parties is selected from a plurality of first parties for computation. Inputs for computation associated with each party in the set of first parties are divided into shares to be sent to other parties in the set of first parties. The computation on the shares is performed by the set of first parties using multiparty computation functions. In response to a trigger event, shares of the set of first parties are transferred to a set of second parties selected from a plurality of second parties. The computation is completed by the set of second parties using the transferred shares. Finally, the transferred shares are recombined to reveal an output of the computation.
    Type: Grant
    Filed: May 11, 2015
    Date of Patent: November 7, 2017
    Assignee: The United States of America, as represented by the Secretery of the Air Force
    Inventors: Michael R Clark, Kenneth M Hopkinson
  • Patent number: 9800402
    Abstract: A third party system generates a public-private key pair, the public key of the key pair being an encryption key, and the private key of the key pair being a decryption key. The third party system publishes the encryption key as a DNS record of a third party system. The third party system receives a request to sign a message on behalf of a domain owner, the message to be sent to a recipient, and accesses an encrypted delegated private key published by the domain owner via a DNS record of the domain owner, the encrypted delegated private key encrypted using the encryption key. The third party system decrypts the encrypted delegated private key using the decryption key, and generates a signature for the message using the delegated private key. The third party system sends the signature and the message to the recipient.
    Type: Grant
    Filed: May 12, 2017
    Date of Patent: October 24, 2017
    Assignee: VALIMAIL INC.
    Inventor: Peter Martin Goldstein
  • Patent number: 9785937
    Abstract: A computer enabled system for facilitating electronic micropayments in which an accounting application receives a vendor submission a remote vendor server via a public communications network. This includes identifiers for the vendor, the customer and an item selected by the customer. The accounting application then checks the status of the customer's account. If it has sufficient funds, the transaction proceeds. The customer account is conditionally debited, and the vendor account conditionally credited with the transaction amount, including fees. A transaction confirmation is sent to the vendor application which then confers usage rights for the item to the customer. The accounting application periodically reconciles the vendor and customer accounts, deducts any service fees, and makes a single payment to each vendor. This single payment only incurs a single per-transaction credit-card company fee, thereby spreading it across multiple purchases and clients, making micro-transactions profitable.
    Type: Grant
    Filed: April 30, 2013
    Date of Patent: October 10, 2017
    Inventor: Paul Wickliffe
  • Patent number: 9785491
    Abstract: A method begins by a requesting device transmitting a certificate signing request to a managing unit, wherein the certificate signing request includes fixed certificate information and suggested certificate information. The method continues with the managing unit forwarding the certificate signing request to a certificate authority and receiving a signed certificate from the certificate authority, wherein the signed certificate includes a certificate and a certification signature and wherein the certificate includes the fixed certificate information and determined certificate information based on the suggested certificate information. The method continues with the managing unit interpreting the fixed certificate information of the signed certificate to identify the requesting device and forwarding the signed certificate to the identified requesting device.
    Type: Grant
    Filed: August 17, 2012
    Date of Patent: October 10, 2017
    Assignee: International Business Machines Corporation
    Inventors: Bart Cilfone, Wesley Leggette, Jason K. Resch, Andrew Baptist
  • Patent number: 9778813
    Abstract: A method performed on a device includes receiving, from a user, a finger-touch-initiated request for access to a layer of a multi-layer application on the device, the multi-layer application having a plurality of user interface layers. The method may also include identifying a finger of the user used to provide the finger-touch-initiated request, the finger associated with one of the layers of the multi-layer application. The layer associated with the identified finger of the user may be operated on. Each finger of the user can be associated with a different layer of the multi-layer application. Fingerprints can be used to differentiate each finger and/or to identify the user by fingerprint recognition techniques. Fingerprints can be used to vary the access parameters of a layer of the application and/or to provide security levels for accessing the layers of the multi-layer application.
    Type: Grant
    Filed: August 9, 2011
    Date of Patent: October 3, 2017
    Assignee: BlackBerry Limited
    Inventors: Michael Shenfield, Arnold Sheynman
  • Patent number: 9769196
    Abstract: Methods for managing a communication session in a communication network are disclosed. For example, a method includes detecting, by a first endpoint comprising at least one processor, an error condition associated with the communication session, sending, by the first endpoint, a notification of the error condition to a second endpoint that is using a transport layer session and receiving, by the first endpoint, a communication from the second endpoint, proposing a response to the error condition. Another method includes receiving, by a first endpoint comprising at least one processor, a notification of an error condition associated with the communication session, selecting, by the first endpoint, a response to the error condition, and sending, by the first endpoint, a communication to a second endpoint that is using a transport layer session, proposing a response to the error condition.
    Type: Grant
    Filed: July 6, 2015
    Date of Patent: September 19, 2017
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: David B. Small, Thomas Spencer, IV
  • Patent number: 9762557
    Abstract: Techniques and systems are disclosed for enabling device configuration using signals that encode device policy settings. A method of configuring policy settings on a host device can include receiving a signal that encodes at least one policy setting; interpreting the signal to determine the at least one policy setting; and applying the at least one policy setting to the host device at its own authority.
    Type: Grant
    Filed: October 28, 2014
    Date of Patent: September 12, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Christopher Thilgen
  • Patent number: 9727742
    Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.
    Type: Grant
    Filed: March 30, 2015
    Date of Patent: August 8, 2017
    Assignee: Airbnb, Inc.
    Inventors: Ismail Cem Paya, Nelson Aurel Gauthier, Kevin Nguyen
  • Patent number: 9721119
    Abstract: A system and method for secure use of messaging systems. A mediator may receive an original message, process the original message to produce a processed message, and may forward the processed message to a server or a messaging system. A mediator may receive a processed message from a server or a messaging system, process the received processed message to produce an unprocessed message that may be substantially identical to the original message and may forward the unprocessed message to a destination.
    Type: Grant
    Filed: September 17, 2015
    Date of Patent: August 1, 2017
    Assignee: VAULTIVE LTD.
    Inventors: Ben Matzkel, Maayan Tal, Aviad Lahav
  • Patent number: 9721242
    Abstract: A method of payment terminal operation, including: receiving a payment collection request for a payment from an application, generating a payment initiation request for the payment, sending the payment initiation request to a secure processing system, switching the secure processing system from operation in an unsecured mode to operation in a secured mode in response to receipt of the payment initiation request, facilitating payment information entry, and receiving a payment response notification, generated based on the payment information, at the main processor.
    Type: Grant
    Filed: October 28, 2014
    Date of Patent: August 1, 2017
    Assignee: Poynt Co.
    Inventors: Osama Bedier, Ray Tanaka, Praveen Alavill, Syed Fayez Asar, Victor Chau
  • Patent number: 9710668
    Abstract: A computer-based method and system of distributing biological sample data acquired as a digital image of a subject biological sample. The acquired digital image and image capture data are processed according to at least one user. This results in processed image data and capture metadata. The processed image data represents biological sample data of the subject biological sample. A package processing combines the processed image data and capture metadata into a working Package. The method and system enables simultaneous electronic access to the working Package by multiple users, across multiple sectors, in addition to the one user.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: July 18, 2017
    Assignee: Corista LLC
    Inventors: Charles P. Pace, Eric W. Wirch