User-to-user Key Distributed Over Data Link (i.e., No Center) Patents (Class 380/283)
  • Patent number: 10742413
    Abstract: Embodiments of the present invention may provide the capability for performing public-key encryption with proofs of plaintext knowledge using a lattice-based scheme that provides improved efficiency over conventional techniques. For example, in an embodiment, a computer-implemented method of verifying encryption may comprise generating a ciphertext, derived from a plaintext, via an encryption scheme, proving validity of the ciphertext, wherein the proof includes at least one challenge value, and using a decryption procedure that recovers a plaintext by choosing at least one additional challenge value at random from a challenge space.
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: August 11, 2020
    Assignee: International Business Machines Corporation
    Inventors: Vadim Lyubashevsky, Gregory Neven
  • Patent number: 10721064
    Abstract: Various embodiments relate to a key protocol exchange that provide a simple but still secure key exchange protocol. Security of key exchange protocols has many aspects; providing and proving all these properties gets harder with more complex protocols. These security properties may include: perfect forward secrecy; forward deniability; key compromise impersonation resistance; security against unknown key share attack; explicit or implicit authentication; key confirmation; protocol is (session-)key independent; key separation (different keys for encryption and MACing); extendable, e.g. against DOS attacks . . . (e.g. using cookies, . . . ); support of early messages; small communication footprint; and support of for public-key and/or password authentication.
    Type: Grant
    Filed: May 30, 2018
    Date of Patent: July 21, 2020
    Assignee: NXP B.V.
    Inventor: Bjorn Fay
  • Patent number: 10708978
    Abstract: Systems and methods that efficiently combine multiple wireless networks or devices resulting in faster, more reliable, and more secure mobile Internet. A Virtual Private Network (VPN) service application is operated to route outgoing and incoming data packets of a mobile device. The mobile device is (i) either coupled to a remote server through the VPN service application for data packets transfer between the remote server and the mobile device or (ii) performs cross-layer translation for data packets transfer between the mobile device and direct target hosts on the Internet. Concurrently using multiple channels secures data packets transfer by sending encrypted data packets over multiple channels and receiving the encrypted data packets by a single apparatus. Data packets are designated to be transferred via a Wi-Fi channel or a cellular channel, and then transferred using both the Wi-Fi channel and the cellular channel.
    Type: Grant
    Filed: December 31, 2018
    Date of Patent: July 7, 2020
    Assignee: SHOELACE WIRELESS, INC.
    Inventors: Minh Thoai Anh Le, James A. Mains
  • Patent number: 10687263
    Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment concurrently communicates with a source base station (BS) and a target BS on a connection with the source BS and a connection with the target BS as part of a make-before-break (MBB) handover procedure; and performs a common packet data convergence protocol (PDCP) function for the connection with the source BS and the connection with the target BS before the connection with the source BS is released as part of the MBB handover procedure. Numerous other aspects are provided.
    Type: Grant
    Filed: February 13, 2019
    Date of Patent: June 16, 2020
    Assignee: QUALCOMM Incorporated
    Inventors: Karthika Paladugu, Gavin Bernard Horn, Prashanth Haridas Hande, Keiichi Kubota, Prasad Reddy Kadiri, Alberto Rico Alvarino, Masato Kitazoe, Umesh Phuyal, Supratik Bhattacharjee
  • Patent number: 10685333
    Abstract: In one embodiment, a method for automatic inference of meeting attendance is provided. The method comprises sending a calendar request to a plurality of users that are invited to a meeting. The method further comprises receiving from each user of the plurality, a unique string identifying the user. The method further comprises generating a lookup table identifying the users of the plurality and their respective unique strings. The method further comprises receiving a first string broadcasted by a first user during the meeting. The method further comprises, responsive to determining that the broadcasted first string does not match one of the unique strings in the lookup table, performing an action to prevent the first user from receiving meeting content determined to be confidential.
    Type: Grant
    Filed: August 31, 2016
    Date of Patent: June 16, 2020
    Assignee: International Business Machines Corporation
    Inventors: Christopher J. Poole, Mark A. Woolley, Andrew Wright
  • Patent number: 10671747
    Abstract: A system and related methods for providing greater security and control over access to classified files and documents and other forms of sensitive information based upon a multi-user, multi-modality permission strategy centering on organizational structure, thereby making authentication strategy unpredictable so to significantly reduce the risk of exploitation. Based on the sensitivity or classification of the information being requested by a user, approvers are selected dynamically based on the work environment, e.g., mobility, use of the computing device seeking access, authentication factors under applicable environmental settings, access policy, and the like.
    Type: Grant
    Filed: April 10, 2017
    Date of Patent: June 2, 2020
    Inventors: Dipankar Dasgupta, Arunava Roy, Debasis Ghosh
  • Patent number: 10616213
    Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.
    Type: Grant
    Filed: January 8, 2019
    Date of Patent: April 7, 2020
    Assignee: Airbnb, Inc.
    Inventors: Ismail Cem Paya, Kevin Nguyen
  • Patent number: 10600506
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating source-specific, persistent patient identifiers for healthcare service providers. One method includes accessing a record of healthcare data, wherein the record includes patient identifying information (PII) associated with one or more persons to whom the healthcare data pertains. The portions of PII included in the accessed record of healthcare data are extracted from the accessed record and encrypted. Based on one or more business rules, one or more hashed tokens are created by applying one or more hashing functions to the extracted portions of PII. A source-specific identifier is received, the source-specific identifier having been encoded in a manner specific to an organization associated with the computer system and having been encoded with reference to the one or more hashed tokens. An association is stored between the source-specific identifier and the accessed record of healthcare data.
    Type: Grant
    Filed: May 13, 2015
    Date of Patent: March 24, 2020
    Assignee: IQVIA Inc.
    Inventors: Christopher Blum, Geoff Wall, John Giannouris
  • Patent number: 10599677
    Abstract: A computer-implemented method of a distributed database system includes generating a database index. The method includes mapping a first specified number of bits of the database index to a database key. The method includes mapping a second specified number of bits to a data object associated with the database key. The method includes storing the first specified number of bits of the database key in a dram memory. The method includes storing second specified number of bits with the data object in a solid-state device (SSD) storage.
    Type: Grant
    Filed: January 19, 2016
    Date of Patent: March 24, 2020
    Inventors: Brian J. Bulkowski, Andrew Gooding, Venkatachary Srinivasan
  • Patent number: 10594480
    Abstract: This invention establishes means and protocols to secure data, and practice online authentication, using large undisclosed amounts of randomness, replacing the algorithmic complexity paradigm. Computation is limited to basic primitives like transposition, and bit-flipping. Security is credibly appraised through combinatorics calculus, and this transfers the security responsibility to the user who determines how much randomness to use.
    Type: Grant
    Filed: February 12, 2018
    Date of Patent: March 17, 2020
    Inventor: Gideon Samid
  • Patent number: 10587585
    Abstract: Users desire a system that provides for the setting of custom, content-agnostic, permissions at a message, document, and/or sub-document-level through a communications network. Such a system may also allow the user to apply customized privacy settings and encryption keys differently to particular parts of a document. Customized encryption keys may be applied to particular parties (or groups of parties) to enhance the security of the permissions settings. In the case of structured document file types, dynamically-rendered content can present a challenge to accurately display to viewers, because one or more of the document's values referred to by the dynamically-rendered content may be encrypted or otherwise unavailable to the recipient—even though the dynamically-rendered content itself is viewable by the recipient.
    Type: Grant
    Filed: December 31, 2016
    Date of Patent: March 10, 2020
    Assignee: Entefy Inc.
    Inventor: Alston Ghafourifar
  • Patent number: 10496968
    Abstract: An improved financial terminal automatically reconfigures into different financial processing terminal types. In one embodiment, the terminal comprises a housing; a card reader configured to accept at least a portion of a card having an integrated circuit; at least one display; at least one processor; and at least one memory configured to store machine readable code, the machine readable code comprising a first kernel corresponding to a first transaction type and a second kernel corresponding to a second transaction type.
    Type: Grant
    Filed: February 9, 2018
    Date of Patent: December 3, 2019
    Assignee: Everi Payments Inc.
    Inventors: Timothy Richards, Dale Baltzell, Brian T. Sullivan
  • Patent number: 10491394
    Abstract: The present disclosure relates to a method and a device for processing a verification code. The method includes: acquiring the verification code in a message; determining whether the verification code has expired; and allowing an operation corresponding to the verification code if the verification code has not expired.
    Type: Grant
    Filed: September 22, 2017
    Date of Patent: November 26, 2019
    Assignee: BEIJING XIAOMI MOBILE SOFTWARE CO., LTD.
    Inventors: Liangxiong Wu, Jiankai Zhao, Jianquan Liu
  • Patent number: 10412546
    Abstract: A system includes a processor configured to detect a vehicle wireless signal at a first frequency-band. The processor is also configured to choose a second signal at a second frequency-band having a predefined relationship to a requested action. The processor is further configured to connect to the second signal and lower a signal data-transfer rate, responsive to the detection, and use the second signal to perform a time-of-flight based user-proximity detection, to determine if a user is within a vehicle proximity range associated with the requested action.
    Type: Grant
    Filed: January 12, 2018
    Date of Patent: September 10, 2019
    Assignee: FORD GLOBAL TECHNOLOGIES, LLC
    Inventors: Hamid M. Golgiri, Vivekanandh Elangovan, Aaron Matthew DeLong
  • Patent number: 10348496
    Abstract: A method for leveraging a first secure channel of communication between a first agent and a second agent to create a second secure channel of communication between the first agent and a third agent. The method includes creating the first secure channel of communication between the first agent and the second agent using a configurable data-driven initial process on a first computing device. Responsive to the first agent receiving a request from the third agent to establish the second secure channel of communication, the method further includes retrieving identifying information from the third agent. The method further includes ending the identifying information from the third agent to the second agent over the first secure channel of communication. Responsive to receiving approval of the third agent's request from the second agent, the method further includes establishing the second secure channel of communication.
    Type: Grant
    Filed: October 10, 2018
    Date of Patent: July 9, 2019
    Assignee: Uniken, Inc.
    Inventors: Bimal I. Gandhi, Nishant Kaushik, Robert Alan Levine, James Anthony Villarrubia, Tejas Digambar Limaye
  • Patent number: 10321314
    Abstract: There is provided a communication device including: a storage unit configured to store an authentication key generated from a plurality of keys; a communication unit configured to receive authentication key identification information for specifying the authentication key; and an authentication unit configured to perform an authentication process for a transmission source of the authentication key identification information using the authentication key specified from the storage unit based on the authentication key identification information.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: June 11, 2019
    Assignee: SONY CORPORATION
    Inventor: Yoshihito Ishibashi
  • Patent number: 10313135
    Abstract: A secure instant messaging (IM) system integrates secure instant messaging into existing instant messaging systems. A certificate authority (CA) issues security certificates to users binding the user's IM screen name to a public key, used by sending users to encrypt messages and files for the user. The CA uses a subscriber database to keep track of valid users and associated information, e.g. user screen names, user subscription expiration dates, and enrollment agent information. A user sends his certificate to an instant messaging server which publishes the user's certificate to other users. Users encrypt instant messages and files using an encryption algorithm and the recipient's certificate. A sending user can sign instant messages using his private signing key. The security status of received messages is displayed to recipients.
    Type: Grant
    Filed: May 24, 2018
    Date of Patent: June 4, 2019
    Assignee: Google LLC
    Inventors: Robert B. Lord, Terry N. Hayes, Justin Uberti
  • Patent number: 10263959
    Abstract: A method for communicating medical data includes forming a secure channel between a first medical device and a second medical device connected to each other through a network on the basis of first authentication information of the first medical device and second authentication information of the second medical device; encrypting medical data that is obtained by the first medical device using a secure circuit that is provided in the first medical device; and transmitting the encrypted medical data to the second medical device through the secure channel.
    Type: Grant
    Filed: November 19, 2015
    Date of Patent: April 16, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Sung-Hoon Son, Ki-Hyoun Kwon, Seung-Ho Lee, Jun-Ho Lee, Jerome Han
  • Patent number: 10263960
    Abstract: A wireless communication device 1 encrypts a passphrase which corresponds to a communication mode after change and which is a character string for authentication by using an encryption key PTK corresponding to a communication mode before change, and transmits the encrypted passphrase to a wireless communication device 2, and also creates an encryption key PTK corresponding to the communication mode after change from the passphrase corresponding to the communication mode after change. The wireless communication device 2 receives the encrypted passphrase transmitted from the wireless communication device 1 and decrypts the encrypted passphrase by using an encryption key PTK corresponding to the communication mode before change, and also creates an encryption key PTK corresponding to the communication mode after change from the decrypted passphrase.
    Type: Grant
    Filed: July 14, 2014
    Date of Patent: April 16, 2019
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Shintaro Fujikami, Yukimasa Nagai, Takenori Sumi
  • Patent number: 10210489
    Abstract: A method of authenticating to a computer server involves a first authentication client transmitting an authentication token to the computer server via a first communications channel, and a second authentication client receiving a payload from the computer server via a second communications channel distinct from the first communications channel in accordance with an outcome of a determination of authenticity of the authentication token by the computer server.
    Type: Grant
    Filed: April 8, 2011
    Date of Patent: February 19, 2019
    Assignee: SecureKey Technologies Inc.
    Inventors: Andre Michel Boysen, Troy Jacob Ronda, Pierre Antoine Roberge, Patrick Hans Engel, Gregory Howard Wolfond
  • Patent number: 10212142
    Abstract: A method of establishing a network by sharing a secret between a first entity (A) and a second entity (B), comprising the steps of: the first entity (A) broadcasting (100) an ANNOUNCE message announcing its identity and details of other entities it is aware of, wherein each of the other entities of which it is aware is associated with a particular nonce, and the message is encrypted using a broadcast encryption scheme common to the first and second entities (A,B), and; the second entity (B), upon receiving and decrypting the ANNOUNCE message, transmitting (110) to the first entity (A) a SHARE message, wherein the SHARE message comprises a signcryption of the secret, authenticated using signcryption data associated with the particular nonce associated with the second entity (B).
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: February 19, 2019
    Assignee: BAE Systems plc
    Inventors: Christopher Mark Dearlove, Alan Manuel Cullen, Kenneth Graham Paterson, Jacob Chroeis Nakamura Schuldt
  • Patent number: 10212761
    Abstract: Systems and methods that efficiently combine multiple wireless networks or devices resulting in faster, more reliable, and more secure mobile Internet. A Virtual Private Network (VPN) service application is operated to route outgoing and incoming data packets of a mobile device. The mobile device is (i) either coupled to a remote server through the VPN service application for data packets transfer between the remote server and the mobile device or (ii) performs cross-layer translation for data packets transfer between the mobile device and direct target hosts on the Internet. Concurrently using multiple channels secures data packets transfer by sending encrypted data packets over multiple channels and receiving the encrypted data packets by a single apparatus. Data packets are designated to be transferred via a Wi-Fi channel or a cellular channel, and then transferred using both the Wi-Fi channel and the cellular channel.
    Type: Grant
    Filed: July 12, 2017
    Date of Patent: February 19, 2019
    Assignee: SHOELACE WIRELESS, INC.
    Inventors: Minh Thoai Anh Le, James A. Mains
  • Patent number: 10165421
    Abstract: A method of identifying contact between terminals, and a computer program and an application for executing the method are disclosed. The method for identifying contact between terminals according to this invention includes the server receiving from a first terminal a first state information data of a first terminal based on information about an external magnetic force of the first terminal generated by a first terminal; receiving, by the server, second state information data of the second terminal based on the information about the external magnetic force of the second terminal generated in the second terminal from the second terminal; determining whether a difference between a time when the first state information data is generated and a time when the second state information data is generated is within a preset time; and the step of transmitting a message to at least one of the first terminal and the second terminal according to the determination by the server.
    Type: Grant
    Filed: March 7, 2016
    Date of Patent: December 25, 2018
    Assignee: DINGUL CO. LTD.
    Inventor: Seung Wook Choi
  • Patent number: 10158609
    Abstract: A user terminal device is disclosed. A user terminal device that supports an instant messenger service includes: a display unit for providing an instant messenger service screen including an output message; and a control unit for, when the output message is an encrypted message, decrypting the encrypted message according to a predetermined event and providing the decrypted message to the screen or another screen separate from the screen.
    Type: Grant
    Filed: November 21, 2014
    Date of Patent: December 18, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Jung-hwan Lim, Sung-kee Kim
  • Patent number: 10110552
    Abstract: The present invention is directed to a node (device), system, and computer program for providing secure dynamic address resolution and communication, without having to utilize third party DNS and/or MX server(s). Accordingly, a node may include processor and memory having instructions thereon, that when executed, cause the node to pair with another node. The pairing may include creating a DNS record on the node including a current address associated with the second node, this current address may be dynamically updated. The instructions may further allow the node to transmit a message to the second node, based on a resolved address from the DNS record on the first node. Authentication, dynamic message encryption and the provision of a DNS cache may further be implemented on the node.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: October 23, 2018
    Inventor: Willie L. Donaldson
  • Patent number: 10104545
    Abstract: An anonymity authentication method for wireless sensor networks is provided. A smart card carried by a user is used to provide two-factor verification protection. Moreover, a random factor and a hash function operation are introduced for participating an operation of the transmitted messages in all phases. Moreover, the operation of the transmitted messages uses only hash function and XOR operator.
    Type: Grant
    Filed: November 2, 2016
    Date of Patent: October 16, 2018
    Assignee: NATIONAL CHIN-YI UNIVERSITY OF TECHNOLOGY
    Inventor: Chi-Tung Chen
  • Patent number: 10068210
    Abstract: Methods, systems and apparatus are provided for facilitating financial transactions using an IC type financial card via a terminal. A user is provided a list of transaction types, such as PIN-based, signature-based, etc., and a requested transaction is processed via a first selected transaction type. If the transaction is unsuccessful, the terminal automatically presents a list of remaining available transaction types from which the user may select and the transaction is processed by the next selected transaction type. If the transaction is successful, funds are provided to the user, such as in the form of currency/coins or funds transfer.
    Type: Grant
    Filed: February 18, 2016
    Date of Patent: September 4, 2018
    Assignee: Everi Payments Inc.
    Inventors: Timothy Richards, Dale Baltzell, Brian T. Sullivan
  • Patent number: 10027482
    Abstract: A method and a cryptographic device for encrypting/decrypting an input message by using an algorithm having as entries, said input message, a cryptographic key, and a complementary unique value used as parameter of the algorithm. The output data is formed by the input message decrypted/encrypted by the algorithm using the cryptographic key and the complementary value. The latter is determined on the basis of a unique value physically bound to an electronic device by using a physically unclonable function (PUF) which is inherent to this device and which is used to generate this unique value from a plurality of physical measurements carried out on components integrated in said device.
    Type: Grant
    Filed: June 17, 2014
    Date of Patent: July 17, 2018
    Assignee: Nagravision S.A.
    Inventors: Marco Macchetti, Claudio Favi
  • Patent number: 10015287
    Abstract: A system tunnels real-time communications (“RTC”). The system creates a connection between a tunneling client and a signaling server. The connection includes a stream-based tunnel between the tunneling client and a tunneling server and a stream connection between the tunneling server and the signaling server. The system then receives, from the tunneling client, stream traffic encapsulated as datagram traffic within the stream-based tunnel. The system translates the datagram traffic into the stream traffic, and forwards the stream traffic to the signaling server over the stream connection.
    Type: Grant
    Filed: March 4, 2015
    Date of Patent: July 3, 2018
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Rolando Herrero, Henry Katz
  • Patent number: 10009328
    Abstract: In one embodiment, a system including one or more hardware processors is: to receive a user request to access a website; sign a nonce with at least some of the plurality of group private keys, the at least some of the plurality of group private keys corresponding to personalization attributes of the website; and send the signed nonce to a web server to enable personalized interaction with the web server. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 7, 2015
    Date of Patent: June 26, 2018
    Assignee: McAfee, LLC
    Inventors: Ned M. Smith, Sven Schrecker, Howard C. Herbert
  • Patent number: 9979542
    Abstract: Embodiments relate to deduplication and compression on data performed downstream from where the data is encrypted. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. Encrypted data to be written to a storage system is separated into one or more data chunks. For a data chunk, a master encryption key for an owning entity associated with the data chunk is retrieved. The data chunk is decrypted into plaintext, and the plaintext is transformed by performing one or more advanced data functions. A private key is created and used to encrypt the transformed plaintext, which is stored as a first encryption unit. A wrapped key is created by encrypting the private key with the master key, limits data access to the owning entity, and is stored as metadata for the encryption unit.
    Type: Grant
    Filed: December 9, 2016
    Date of Patent: May 22, 2018
    Assignee: International Business Machines Corporation
    Inventors: Elli Androulaki, Nathalie Baracaldo, Joseph S. Glider, Alessandro Sorniotti
  • Patent number: 9954684
    Abstract: Among other things, at a central server, management of a document sharing process includes uploading from client devices through a communication network, storing at the server, and downloading to client devices through the communication network documents that are shared between users of the client devices. Encryption keys are used to protect features of the documents from unauthorized or unintended disclosure. Operations are performed on encryption keys or encrypted data as a result of which protection of features of the documents from unauthorized or unintended disclosure may be compromised. A determination is made whether performance of a given one of the operations on any of the encryption keys or encrypted data meets predefined conditions for approval by members of an approval group. Performance of the operation on the encryption key or encrypted data is controlled based on a result of the determination.
    Type: Grant
    Filed: February 29, 2016
    Date of Patent: April 24, 2018
    Assignee: PreVeil LLC
    Inventors: Raluca Ada Popa, Nickolai Zeldovich, Sanjeev Verma, Randall Steven Battat, Aaron Delano Burrow
  • Patent number: 9913177
    Abstract: A communication system is described in which user plane communication and control plane communication for a particular mobile communication device can be split between a base station that operates a small cell and a macro base station. Appropriate security for the user plane and control plane communications is safeguarded by ensuring that each base station is able to obtain or derive the correct security parameters for protecting the user plane or control plane communication for which it is responsible.
    Type: Grant
    Filed: November 11, 2016
    Date of Patent: March 6, 2018
    Assignee: NEC Corporation
    Inventor: Vivek Sharma
  • Patent number: 9882713
    Abstract: A method for securing communications for a given network topology is provided. The method comprises generating by a node N(i) of the network, security parameters for the node N(i); transmitting by the node N(i), said security parameters to a controller for the network; maintaining by the controller said security parameters for the node N(i); receiving by the controller a request from a node N(j) for the security parameters for the node N(i); retrieving by the controller the security parameters for the node N(i); and transmitting by the controller said security parameters to the node N(j).
    Type: Grant
    Filed: January 30, 2013
    Date of Patent: January 30, 2018
    Assignee: VIPTELA INC.
    Inventors: Syed Khalid Raza, Praveen Raju Kariyanahalli, Rameshbabu Prabagaran, Amir Khan
  • Patent number: 9876823
    Abstract: In one embodiment, a method includes receiving, in a system of an external verifier of a first network, a plurality of attestation reports and a plurality of attestation values from a plurality of reporting nodes of the first network, each of the plurality of attestation values randomly generated in the corresponding reporting node based on a common random seed value; determining whether at least a threshold number of the plurality of attestation values match; responsive to at least the threshold number of the plurality of attestation values matching, decrypting the plurality of attestation reports, processing the decrypted plurality of attestation reports to obtain aggregated telemetry data of the plurality of nodes, where identity of the plurality of nodes remains anonymous to the external verifier; and enforcing a security policy based at least in part on the aggregated telemetry data. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 21, 2015
    Date of Patent: January 23, 2018
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Rajesh Poornachandran
  • Patent number: 9825918
    Abstract: Embodiments of a device and method are disclosed. In an embodiment, a Controller Area Network (CAN) device includes a security module connected between a CAN bus interface of a CAN transceiver and a microcontroller communications interface of the CAN transceiver and a shield device connected between the CAN bus interface and the microcontroller communications interface. The security module is configured to perform a security function on data traffic received from the CAN bus interface or from a Serial Peripheral Interface (SPI) interface of the microcontroller communications interface. The shield device is configured to direct CAN Flexible Data-rate (FD) traffic received from the CAN bus interface to the security module.
    Type: Grant
    Filed: July 29, 2015
    Date of Patent: November 21, 2017
    Assignee: NXP B.V.
    Inventors: Vibhu Sharma, Matthias Berthold Muth
  • Patent number: 9805173
    Abstract: An information storage device including one or more processors configured to store an encrypted content and to control access of an external device to the information storage device is provided. The one or more processors are further configured to store a converted title key obtained by converting a title key which is an encryption key to be applied to decryption of the encrypted content, and a user token obtained by converting binding secret information to be applied to calculate the title key from the converted title key. The one or more processors are further configured to allow the external device having a confirmed access right to the information storage device to read out the user token.
    Type: Grant
    Filed: June 26, 2013
    Date of Patent: October 31, 2017
    Assignee: SONY CORPORATION
    Inventors: Hiroshi Kuno, Yoshiyuki Kobayashi, Takamichi Hayashi, Katsumi Muramatsu
  • Patent number: 9769669
    Abstract: Apparatus, methods, computer readable media and processors may provide a secure architecture within which a client application on a wireless device may, in some aspects, exchange information securely with resident device resources, and in other aspects, with a remote server over a wireless network.
    Type: Grant
    Filed: October 26, 2012
    Date of Patent: September 19, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Kenny Fok, Eric Chi Chung Yip
  • Patent number: 9722794
    Abstract: System and method to digitally validate a document, the method including: receiving, by a secure development platform (SDP), a security information from an end user, the SDP comprising an SDP processor coupled to a secure SDP memory; exchanging a security token with a user device based upon the security information; receiving, from the user device, a request for a digital certificate; managing and storing public/private key pairs; transmitting, to the PKI service processor, the request for a digital certificate; if information in the request for a digital certificate is correct: creating the digital certificate; and receiving the digital certificate from the PKI service processor; and storing the digital certificate in the secure SDP memory, the secure SDP memory not directly accessible by the user device, the SDP processor configured to request a signature generation by use of the private key associated with the digital certificate, the SDP processor configured to request a validation by use of the digital c
    Type: Grant
    Filed: February 10, 2014
    Date of Patent: August 1, 2017
    Assignee: IMS HEALTH INCORPORATED
    Inventors: Charles Blair, Elkin Florez, David Annan, Ryan Fung, Hussam Mahgoub
  • Patent number: 9712501
    Abstract: A system and method for the randomization of packet headers is disclosed. A controller is used to provide random values, also referred to as nonces, that replace the source and destination addresses that typically appear in a packet header. The controller also provides routing rules to the switches and routers in the network that allow these devices to properly route packets, even though the source and destination addresses are not present. In some embodiments, network devices that support software-defined networking (SDN) are employed. The number of times that a particular nonce is used may be variable. In some embodiments, a nonce is used for exactly one packet header. In this way, packets may traverse a network using nonces in place of actual source and destination addresses. Because the nonces are changed periodically, detection of traffic patterns is made significantly more difficult.
    Type: Grant
    Filed: October 21, 2015
    Date of Patent: July 18, 2017
    Assignee: Massachusetts Institute of Technology
    Inventors: Hamed Okhravi, Richard W. Skowyra, Kevin Bauer, William W. Streilein
  • Patent number: 9712786
    Abstract: A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.
    Type: Grant
    Filed: April 21, 2015
    Date of Patent: July 18, 2017
    Assignee: Syphermedia International, Inc.
    Inventors: Ronald P. Cocchi, Gregory J. Gagnon, Dennis R. Flaharty
  • Patent number: 9691861
    Abstract: A method analyzes traps in a semiconductor device by determining a first-order derivative of a signal representing an operation of the semiconductor device over time to produce a signal rate change. The traps in the semiconductor device are analyzed based on lifetimes corresponding to peaks of the signal rate change.
    Type: Grant
    Filed: January 7, 2014
    Date of Patent: June 27, 2017
    Assignee: Mitsubishi Electric Research Laboratories, Inc.
    Inventors: Andrei Kniazev, Qun Gao, Koon Hoo Teo
  • Patent number: 9667600
    Abstract: A decentralized and distributed secure home subscriber server is provided. First data can be sent representing a first nonce string to a mobile device; and in response to receiving second data representing the first nonce string and a second nonce string, a communication channel can be established with the mobile device as a function of the first nonce string.
    Type: Grant
    Filed: April 6, 2015
    Date of Patent: May 30, 2017
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Roger Piqueras Jover, Joshua Lackey
  • Patent number: 9648026
    Abstract: At least one embodiment refers to a method for securely exchanging messages between at least two devices, each of them storing a shared secret key. The method comprises: at each device: generating a random number, then sending it to the other devices; determining a first key by a first operation based onto said secret key and each random number; determining a second key based on said first key and said random numbers; at a sending device: determining a pseudo message on the basis of the message and said random numbers; calculating then sending a cryptogram on the basis of said pseudo message and said second key; and at the receiving device: decrypting said cryptogram by means of said second key; and retrieving said message from said pseudo message.
    Type: Grant
    Filed: June 5, 2015
    Date of Patent: May 9, 2017
    Assignee: NAGRAVISION SA
    Inventor: Hervé Pelletier
  • Patent number: 9634770
    Abstract: A transmitter for a quantum communication system, the transmitter comprising an interferometer, the interferometer having a first path with a phase modulator and a second path configured such that light pulses entering the interferometer follow either the first path or the second path, the output of the first and second paths being combined, the transmitter further comprising an optical filter positioned such that photons exiting the interferometer pass through the optical filter, the optical filter being configured to restrict the frequency range of pulses passing through the optical filter and temporally broaden the pulses.
    Type: Grant
    Filed: June 9, 2015
    Date of Patent: April 25, 2017
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: James Dynes, Zhiliang Yuan, Marco Lucamarini, Andrew James Shields
  • Patent number: 9628473
    Abstract: A system, method, and device includes a platform data storage that stores a wrap that secures an executable controller and executable sensors. The wrap is verified, optionally through a downloaded authentication driver. After verifying the wrap, the wrap is opened and a sister of the executable controller is installed into the platform memory to cooperate with the executable controller. Additionally or alternatively, the authentication driver may cooperate with the executable controller. The executable controller allows the platform processor to access data secured in a vault and/or verify the platform to create a connection to an application server.
    Type: Grant
    Filed: January 27, 2017
    Date of Patent: April 18, 2017
    Inventors: Wayne Odom, Karolyn Gee
  • Patent number: 9590981
    Abstract: A system, method, and device includes a platform data storage that stores a wrap that secures an executable controller and executable sensors. The wrap is verified, optionally through a downloaded authentication driver. After verifying the wrap, the wrap is opened and a sister of the executable controller is installed into the platform memory to cooperate with the executable controller. Additionally or alternatively, the authentication driver may cooperate with the executable controller. The executable controller allows the platform processor to access data secured in a vault and/or verify the platform to create a connection to an application server.
    Type: Grant
    Filed: June 27, 2016
    Date of Patent: March 7, 2017
    Inventors: Wayne Odom, Karolyn Gee
  • Patent number: 9537839
    Abstract: Embodiments provide secure messaging communications. In an embodiment, a method comprises receiving, by a service provider processor, an encrypted message and a key from a sender associated with a first client device that is remote from the service provider, wherein the first client device internally encrypts the message. The message also comprises verifying the received key based on at least a comparison with a pre-determined key. Once the received key is verified, the method also comprises processing one or more unique factors associated with the sender or the first client device, wherein the one or more unique factors are known by the service provider. The method further comprises decrypting the message and re-encrypting the message using a key of a receiver associated with a second client device; and sending the re-encrypted message to the receiver associated with the second client device, wherein the second client device decrypts the message.
    Type: Grant
    Filed: May 12, 2015
    Date of Patent: January 3, 2017
    Assignee: PayPal, Inc.
    Inventor: Upendra Mardikar
  • Patent number: 9529735
    Abstract: A data storage device in a distributed computing system has physical block addresses that are each allocated to multiple namespaces. To access the data storage device, a host system issues a command to the data storage device that includes an access key and a virtual block address to be accessed. The data storage device converts the virtual block address to a physical block address of the data storage device using a mapping associated with the access key. Access to a physical data block associated with a particular namespace is granted only if an access key for that namespace is provided to the data storage device.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: December 27, 2016
    Assignee: Kabushiki Kaisha Toshiba
    Inventor: Daisuke Hashimoto
  • Patent number: RE47841
    Abstract: Using the same mathematical principle of paring with errors, which can be viewed as an extension of the idea of the LWE problem, this invention gives constructions of a new key exchanges system, a new key distribution system and a new identity-based encryption system. These new systems are efficient and have very strong security property including provable security and resistance to quantum computer attacks.
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: February 4, 2020
    Inventor: Jintai Ding