Key Escrow Or Recovery Patents (Class 380/286)
  • Patent number: 9900288
    Abstract: Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored.
    Type: Grant
    Filed: November 18, 2014
    Date of Patent: February 20, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Patent number: 9894151
    Abstract: A method begins by a module to generate a secure signature on an item by selecting a first key representation index of a set of key representation indexes, wherein a first mathematical encoding of a private key generates a first plurality of key shares as a first key representation. The method continues with the module determining whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of a first set of dispersed storage (DS) units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions and when the first plurality of signature contributions have been received, generating the secure signature on the item from the first plurality of signature contributions.
    Type: Grant
    Filed: January 6, 2014
    Date of Patent: February 13, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Greg Dhuse, Jason K. Resch, Wesley Leggette
  • Patent number: 9881145
    Abstract: An indication of a change in a right to use a service or feature is received. For example, this can be based on an administrator granting access to a previously installed service or feature. In response, a notification is sent to a user of the change of the right to use the service or feature. The notification requests the user to provide a credential to approve the change of the right to use the service or feature. For example, a link may be provided in an email or text message that the user can click on to provide a password/user name. The credential is received and verified. In response to validating the credential, access is allowed according to the change of the right to use the service or feature. The user then has access to the service/feature without the administrator having to know the user's credential.
    Type: Grant
    Filed: December 1, 2015
    Date of Patent: January 30, 2018
    Assignee: Avaya Inc.
    Inventors: Manish Dusad, Ping Lin, Gordon Brunson, Mark Mackenzie, Navjot Singh, Geoff Baskwill
  • Patent number: 9871944
    Abstract: An image forming apparatus transmits a database to an external server. The image forming apparatus includes a storage section, a replication section, an encipherment section, a transmission section, a generation section, and an acquisition section. The storage section stores a database therein. The replication section generates a replica of the database stored in the storage section as a replicated database. The encipherment section enciphers the replicated database. The transmission section transmits the enciphered database to the external server each time a predetermined time period elapses. The generation section generates a deciphering key for deciphering the enciphered database. The acquisition section acquires disaster information. Upon the acquisition section acquiring the disaster information, the transmission section transmits the deciphering key to the external server.
    Type: Grant
    Filed: November 20, 2015
    Date of Patent: January 16, 2018
    Assignee: KYOCERA Document Solutions Inc.
    Inventors: Masayoshi Hayama, Masaru Sato, Kazunori Goto, Masaki Kikuchi, Toshiya Miyai
  • Patent number: 9867042
    Abstract: Disclosed is a radio frequency identification (RFID) tag comprising: an RFID functional portion configured to enable wireless communication between the RFID tag and an RFID reader; a data processing functional portion with asymmetric cryptographic capability; and a power source configured to power the data processing functional portion.
    Type: Grant
    Filed: August 8, 2012
    Date of Patent: January 9, 2018
    Assignee: MIKOH CORPORATION
    Inventor: Peter Samuel Atherton
  • Patent number: 9843928
    Abstract: A method and apparatus is provided for connecting a communication device to a deployable system. The deployable system obtains at least one deployable key derived on a fixed system for the deployable system based on an existing key stored on a database of the fixed system, wherein the existing key is used to authenticate a communication device. The deployable system stores the derived key. Subsequent to the storing, the deployable system is activated to provide communication resources to communication devices disconnected from the fixed system. The activated deployable system is not connected to the fixed system. The activated deployable system receives an authentication request from the communication device requesting connection to the deployable system; generates authentication vectors using the at least one derived deployable key; and authenticates an authentication response received from the communication device using the authentication vectors.
    Type: Grant
    Filed: October 30, 2014
    Date of Patent: December 12, 2017
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: Steven D Upp, Isam R Makhlouf, Francesca Schuler, Gino A Scribano
  • Patent number: 9832025
    Abstract: A policy server that is associated with a secure element owner receives a request, from a service provider, to provision access, by an application, to the secure element. The policy server creates, in response to the request, a policy ticket, for the service provider, that defines privileges for the service provider to create a security domain or a new profile within the secure element. The policy server provides, to a service provider trusted service manager (TSM), the policy ticket and a signed certificate, the signed certificate corresponding to a root certificate that is inserted into a Controlling Authority Security Domain (CASD) portion of the secure element prior to receiving the request. When the CASD receives the policy ticket and signed certificate from the service provider TSM, the CASD validates based on the root certificate and provisions access to the secure element based on information in the policy ticket.
    Type: Grant
    Filed: May 19, 2015
    Date of Patent: November 28, 2017
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Manuel Enrique Caceres, Warren Hojilla Uy, Ruben Cuadrat, Taussif Khan
  • Patent number: 9811869
    Abstract: A system, method, server processing system, and computer program product for operating a registry. In one aspect, the server processing system is configured to: receive, from a user processing system in data communication with the server processing system, document data relating to an entity; receive, from the user processing system, access data indicative of an accessing party to be provided access to the document data if a defined trigger event occurs; store, in a data store associated with the server processing system, a registry for the entity indicative of the document data and the access data; determine that a defined trigger event has occurred; and in response to determining that that a defined trigger event has occurred, provide the accessing party read-only access to the document data via an access processing system in data communication with the server processing system.
    Type: Grant
    Filed: October 25, 2012
    Date of Patent: November 7, 2017
    Assignee: YDF Global Party Ltd.
    Inventors: Jamie Robert Wilson, Craig Steven Wright
  • Patent number: 9800411
    Abstract: In a general aspect, a secret generator is used in an elliptic curve cryptography (ECC) scheme. In some aspects, an elliptic curve subgroup is specified by a public generator of an ECC system, and the secret generator is an element of the elliptic curve subgroup. In some instances, the secret generator is used to generate an ECC key pair that includes a public key and a private key, and the private key is used to generate a digital signature based on a message. In some instances, the public key and the secret generator are used to verify the digital signature.
    Type: Grant
    Filed: May 5, 2016
    Date of Patent: October 24, 2017
    Assignee: ISARA Corporation
    Inventors: Michael Kenneth Brown, Gustav Michael Gutoski, Marinus Struik, Atsushi Yamada
  • Patent number: 9787472
    Abstract: Described is a system for mobile proactive secret sharing amongst a set of servers. A First protocol distributes a block of secret data among the set of servers, the block of secret data including shares of data. Each server holds one share of data encoding the block of secret data. A Second protocol periodically refreshes shares of data such that each server holds a new share of data that is independent of the previous share of data. A Third protocol reveals the block of secret data. Shares of data are periodically erased to preserve security against the adversary. The Second protocol provides statistical security or non-statistical security against the adversary.
    Type: Grant
    Filed: October 31, 2016
    Date of Patent: October 10, 2017
    Assignee: HRL Laboratories, LLC
    Inventors: Joshua D. Lampkins, Karim El Defrawy
  • Patent number: 9787672
    Abstract: A method and system for emulating a smartcard which includes receiving a one time password and a container PIN for a container, validating the container PIN, upon validating the container PIN, and sending a request to validate the one time password to an authentication server based on a credential ID and a user ID, wherein the request includes the credential ID, the user ID, and the one time password. Upon validation of the one time password by the authentication server, a response is received from the authentication server, and the response includes at least one of: at least a portion of a private key or an authorization to access a at least a portion of the private key stored locally.
    Type: Grant
    Filed: June 14, 2013
    Date of Patent: October 10, 2017
    Assignee: Symantec Corporation
    Inventors: Alan Dundas, Eirik Herskedal
  • Patent number: 9780950
    Abstract: A method and system for authenticating a credential via a one time password which includes receiving a user ID, a client ID, and the one time password from a client device, and then validating the one time password based on the user ID and the credential ID. Upon validating the one time password, a response is sent to the client device, and the response includes at least one of an authorization to access a private key stored on the client device or at least a portion of the private key.
    Type: Grant
    Filed: June 14, 2013
    Date of Patent: October 3, 2017
    Assignee: Symantec Corporation
    Inventors: Alan Dundas, Eirik Herskedal
  • Patent number: 9768953
    Abstract: A processor-based method for secret sharing in a computing system is provided. The method includes encrypting shares of a new secret, using a previous secret and distributing unencrypted shares of the new secret and the encrypted shares of the new secret, to members of the computing system. The method includes decrypting at least a subset of the encrypted shares of the new secret, using the previous secret and regenerating the new secret from at least a subset of a combination of the unencrypted shares of the new secret and the decrypted shares of the new secret.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: September 19, 2017
    Assignee: Pure Storage, Inc.
    Inventors: Andrew R. Bernat, Ethan L. Miller
  • Patent number: 9754118
    Abstract: A method of performing an operation on a data storage for storing data being encrypted with a key KD associated with an owner of the data is provided. The method includes deriving, for each authorized client Cj, a first key KCj and a second key KTj, providing the client Cj with the first key KCj, and providing a Trusted Third Party (TTP) with the second key KTj. The method further includes, at a Policy Enforcement Point, receiving a request for performing the operation on the data storage from a client Ck of the authorized clients, acquiring a first key KCk from the client Ck, acquiring a second key KTk from the TTP, deriving the key KD from the first key KCk and the second key KTk, and performing the operation on the data storage using the derived key KD. The disclosed trust model uses two-part secret sharing.
    Type: Grant
    Filed: September 9, 2013
    Date of Patent: September 5, 2017
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Mats Näslund, Christian Schaefer
  • Patent number: 9754253
    Abstract: Identity certificates such as SSL certificates can be issued in such a way that their use can be disabled upon short notice. In one embodiment, private signing information associated with a certificate is used by an infrastructure service on behalf of an entity, without making the private signing information accessible to the entity. In another embodiment, short-term certificates are dynamically issued to an application based on a previous certificate authorization.
    Type: Grant
    Filed: November 28, 2011
    Date of Patent: September 5, 2017
    Assignee: Amazon Technologies, Inc.
    Inventor: Eric J. Brandwine
  • Patent number: 9742561
    Abstract: A method for authentication of a computing device so that shares of a secret may be delivered, over a network that uses a communications protocol which does not require use of an address, and on which an authentication server is listening, comprising the steps of dividing the secret into a first share and a second share, or more; destroying the secret; transmitting the second share, together with a unique identifier, out of band to a pre-designated location; erasing the second share from the computing device; storing the first share at the computing device; broadcasting the unique identifier over the network; accepting a request over the network from an authentication server to initiate an authentication protocol; responding to the request; receiving the second share from the authentication server; and reconstructing the secret using the received second share and the stored first share.
    Type: Grant
    Filed: March 17, 2017
    Date of Patent: August 22, 2017
    Assignee: SPYRUS, INC.
    Inventors: Michael Perretta, Burton Tregub
  • Patent number: 9735959
    Abstract: A method for enforcing access control policies on data owned by a plurality of users includes evaluating the access control policies of users, applying a collusion resistant sharing scheme for generating key shares of an encryption key and delegating the key shares to one or more designated users based on a result of the evaluation. The data is securely dispersed by applying an encryption scheme on all parts of the data to be encrypted to produce encrypted data shares. The encryption scheme is provided such that for decryption of the encrypted data, the encryption key and at least a predetermined number of data shares are provided. Each data share is delegated to one or more designated users, and the data shares and the key shares are distributed to the respective designated users.
    Type: Grant
    Filed: April 24, 2014
    Date of Patent: August 15, 2017
    Assignee: NEC CORPORATION
    Inventors: Ghassan Karame, Claudio Soriente, Srdjan Capkun
  • Patent number: 9735962
    Abstract: Securing encryption keys in a data storage system using three layer key wrapping that encrypts a data encryption key using a key encryption key, encrypts the key encryption key using a controller encryption key, and encrypts the controller encryption key using a public key of an asymmetric key pair. The private key is stored on a removable storage device. A separate encryption accelerator component decrypts the encryption keys in order to encrypt and/or decrypt host data from a memory of a storage processor. The removable storage drive must be inserted into a receptacle of the encryption accelerator for encryption and/or decryption to be performed, since the encryption accelerator accesses the private key from the removable storage device in order to decrypt the encrypted controller key. The encryption accelerator generates key handles for the storage processor to use when requesting encryption and/or decryption operations.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: August 15, 2017
    Assignee: EMC IP Holding Company LLC
    Inventors: Lifeng Yang, Jian Gao, Xinlei Xu, Ruiyong Jia, Lili Chen
  • Patent number: 9712499
    Abstract: A cryptographic processing apparatus that holds a first key, and receives authentication object data upon authentication includes a communication unit and a computing unit. The communication unit communicates with a calculation apparatus and a determination apparatus. In the calculation apparatus, encrypted registration data obtained by encrypting registration data twice, once with the first key and once with a second key, is registered. The registration data is data against which the authentication object data is verified. The determination apparatus uses the second key upon the authentication. When registering the encrypted registration data in the calculation apparatus, the computing unit generates a key different from the first key, generates encrypted data by encrypting the registration data twice, once with the first key and once with the different key, transmits the different key to the determination apparatus, and the encrypted data to the calculation apparatus, through the communication unit.
    Type: Grant
    Filed: March 25, 2015
    Date of Patent: July 18, 2017
    Assignee: FUJITSU LIMITED
    Inventors: Yumi Sakemi, Tetsuya Izu, Masahiko Takenaka
  • Patent number: 9705856
    Abstract: Methods (500) of a network node (111) for creating and joining secure sessions for members (111-114) of a group of network nodes are provided. The methods comprise receiving an identity certificate and an assertion for the network node as well as a secret group key for the group. The method for creating a session further comprises creating (501) a session identifier and a secret session key for the session, and sending (502) an encrypted and authenticated broadcast message comprising the session identifier. The method for joining a session further comprises sending an encrypted and authenticated discovery message comprising the identity certificate and the assertion, and receiving an encrypted and authenticated discovery response message from another network node which is a member of the group. The disclosed combined symmetric key and public key scheme is based on the availability of three credentials at each node, i.e.
    Type: Grant
    Filed: July 27, 2012
    Date of Patent: July 11, 2017
    Assignee: TELEFONAKTIEBOLAGET L M ERICSSON
    Inventors: Christian Gehrmann, Oscar Ohlsson, Ludwig Seitz
  • Patent number: 9673984
    Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.
    Type: Grant
    Filed: October 31, 2013
    Date of Patent: June 6, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Wei Jiang, Adam Back, John D. Whited, Yordan I. Rouskov, Ismail Cem Paya, Wei-QUiang Michael Guo
  • Patent number: 9667616
    Abstract: A communication apparatus sends a processing request, including request information, a digital signature, and an electronic certificate, to a control apparatus. The control apparatus sends a verification request including the electronic certificate to a verification server. The verification server verifies the electronic certificate included in the verification request, and sends authentication-use reference information, including the verification result, as a verification response, to the control apparatus. When the verification result included in the authentication-use reference information indicates validity, the control apparatus, using the request information and a public key included in the electronic certificate, verifies whether or not the digital signature is valid. When the digital signature is valid, the control apparatus performs the requested processing in accordance with the request information, and sends a processing response, to the communication apparatus.
    Type: Grant
    Filed: January 8, 2013
    Date of Patent: May 30, 2017
    Assignee: Mitsubishi Electric Corporation
    Inventors: Nobuhiro Kobayashi, Tsutomu Sakagami, Manabu Misawa
  • Patent number: 9667599
    Abstract: Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored.
    Type: Grant
    Filed: November 17, 2014
    Date of Patent: May 30, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Patent number: 9648046
    Abstract: A computer-implemented method for managing an authentication policy for a user on a network of an organization includes determining at least one social media attribute of the user, and a social media risk value is assigned based on the at least one social media attribute of the user. The method further includes determining at least one network activity risk attribute of the user, and a network activity risk score is assigned based on the at least one network activity risk attribute. A current risk assessment score of the user is calculated based on the social media risk value and the network activity risk value. An authentication policy for the user is determined based on the current risk assessment score.
    Type: Grant
    Filed: February 16, 2016
    Date of Patent: May 9, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Gregory J. Boss, Andrew R. Jones, C. Steven Lingafelt, Kevin C. McConnell, John E. Moore, Jr.
  • Patent number: 9641325
    Abstract: A server system for implementing a distributed cryptographic protocol includes a machine management server which comprises a current virtual machine configured to implement the protocol using a set of communication keys and state information for the protocol. The system further includes a memory and a refresh server. The system is configured, for each of successive new time periods in operation of the protocol, to perform a refresh operation wherein: the refresh server retrieves the state information from the memory, generates a new set of communication keys, and sends the state information and new set of keys to the machine management server; the machine management server configures a new virtual machine for implementing the protocol, whereby the new virtual machine receives the new set of keys and state information sent by the refresh server; and the new virtual machine assumes operation as the current virtual machine for the new time period and stores state information for that time period in the memory.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: May 2, 2017
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Mark Korondi, Daniel Kovacs, Michael C. Osborne
  • Patent number: 9639687
    Abstract: A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.
    Type: Grant
    Filed: November 18, 2015
    Date of Patent: May 2, 2017
    Assignee: CLOUDFARE, INC.
    Inventor: Nicholas Thomas Sullivan
  • Patent number: 9641514
    Abstract: Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.
    Type: Grant
    Filed: October 7, 2015
    Date of Patent: May 2, 2017
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Bin Benjamin Zhu, Min Feng
  • Patent number: 9628479
    Abstract: Systems and methods for generating and using ephemeral identifiers are provided. One example method includes determining, by one or more computing devices, a current time-count. The method includes determining, by the one or more computing devices, a time-modified identifier based at least in part on a static identifier and the current time-count. The method includes determining, by the one or more computing devices, an ephemeral identifier based at least in part on the time-modified identifier and a rotation key. One example system includes a plurality of beacon devices, at least one observing entity, and at least one verifying entity.
    Type: Grant
    Filed: May 22, 2015
    Date of Patent: April 18, 2017
    Assignee: Google Inc.
    Inventors: Ken Krieger, Michel Weksler
  • Patent number: 9626525
    Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: April 18, 2017
    Assignee: CITRIX SYSTEMS, INC.
    Inventors: Georgy Momchilov, Ola Nordstrom
  • Patent number: 9614676
    Abstract: Described is a system for implementing proactive secret sharing. The system uses a Secret-Share protocol to distribute, by a computing device, a block of secret data comprising shares of secret data among a set of computing devices, wherein each computing device in the set of computing devices holds an initial share of secret data. The system uses at least one Secret-Redistribute protocol to periodically redistribute the plurality of shares of secret data among the set of computing devices, wherein each computing device in the set of computing devices holds a subsequent share of secret data from the block of secret data that is independent of the initial share of secret data. Finally, a Secret-Open protocol is initialized to reveal the block of secret data.
    Type: Grant
    Filed: August 3, 2015
    Date of Patent: April 4, 2017
    Assignee: HRL Laboratories, LLC
    Inventors: Karim El Defrawy, Joshua D. Lampkins, Joshua W. Baron
  • Patent number: 9614670
    Abstract: Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or was accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.
    Type: Grant
    Filed: February 5, 2016
    Date of Patent: April 4, 2017
    Assignee: Ionic Security Inc.
    Inventors: Adam Ghetti, James Jordan, Kenneth Silva, Jeremy Eckman, Robert McColl, Ryan Speers
  • Patent number: 9596344
    Abstract: A system and method for recording media for a contact center where a processor is configured to determine that media exchanged between first and second communication devices during a telephony call is to be recorded; bridge a media path between the first and second communication devices; cause replicating of the media exchanged in the media path; encrypt the replicated media via a first cryptographic key for storing the encrypted media in a data storage device; and encrypt the first cryptographic key via a second cryptographic key for storing the encrypted first cryptographic key as metadata for the encrypted media.
    Type: Grant
    Filed: August 30, 2013
    Date of Patent: March 14, 2017
    Assignee: GENESYS TELECOMMUNICATIONS LABORATORIES, INC.
    Inventors: Henry R. Lum, Vladimir Filonov, Jeffrey Culbert, Daniel Blander, Somasundaram Subramaniam, Angelo Cicchitto, Paul Gvildys
  • Patent number: 9596574
    Abstract: A method and apparatus of communicating with multiple mobile station devices in a concerted effort is disclosed. According to one example method of operation content is provided to multiple mobile station devices in a pre-defined venue location. The method may also provide identifying the mobile station devices as being present at the pre-defined venue location via a server and initiating an application on the server that establishes a customized content delivery function utilized to deliver customized content to each of the identified mobile station devices. A command may be triggered to begin transmitting the customized content to each of the mobile station devices at a predetermined time and the customized content may be transmitted to each of the mobile station devices responsive to receiving the trigger command.
    Type: Grant
    Filed: July 22, 2015
    Date of Patent: March 14, 2017
    Assignee: West Corporation
    Inventor: Jason H. Groenjes
  • Patent number: 9590804
    Abstract: Provided is an identification information generation device capable of generating identification information with its complete individual identifiability guaranteed.
    Type: Grant
    Filed: November 16, 2012
    Date of Patent: March 7, 2017
    Assignee: NEC CORPORATION
    Inventor: Sumio Morioka
  • Patent number: 9590807
    Abstract: A method for generating cryptographic parameters comprises generating a private_IGTABLE based on an Euler totient function of a composite number (?(n)), where the private_IGTABLE includes a plurality of random numbers (x). Further, a public_IGTABLE based on the private_IGTABLE, a composite number (n), and a group generator element (g) is generated, where the public_IGTABLE includes a corresponding modular exponentiation under modulo n for each of the plurality of random numbers with g as base. Further, a public key of a user is computed based on the public_IGTABLE, an identity number (ID) corresponding to the user, and n. Further, a secret key of the user is generated based on the ID, a master private key, the ?(n), and the private_IGTABLE. Thereafter, the cryptographic parameters are provided to the user for performing encryption and decryption, where the cryptographic parameters include at least one of the ID, the public key, and the secret key.
    Type: Grant
    Filed: March 28, 2014
    Date of Patent: March 7, 2017
    Assignee: TATA CONSULTANCY SERVICES LIMITED
    Inventors: Ravishankara Shastry, Barkur Suryanarayana Adiga, Rajan Mindigal Alasingara Bhattachar, Shivraj Vijayshankar Lokamathe, Balamuralidhar Purushotaman
  • Patent number: 9578450
    Abstract: The invention relates to a process to check the pairing of a Bluetooth Low Energy (BLE) transmitter with a BLE receiver, comprising the following steps: Transmitting to the BLE transmitter of a function for generating a sequence of data packets, each data packet generated in accordance with the function having at least one identification value, one major value, and/or one minor value, and at least two data packets of the sequence having different identification values, major values, and/or minor values; Sending, at intervals, by the BLE transmitter of the data packets of at least one sequence generated by the BLE transmitter in accordance with the function; Receiving, by the BLE receiver, of at least part of the sequence of data packets transmitted by the BLE transmitter; Checking, by the BLE receiver, of at least part of the received sequence for whether it correlates and/or agrees with the function; and, if it does correlate and/or agree; Generating by the BLE receiver of a pairing signal for the BLE tra
    Type: Grant
    Filed: September 1, 2015
    Date of Patent: February 21, 2017
    Assignee: P3 Communications GmbH
    Inventors: Peter Seidenberg, Marc Peter Althoff
  • Patent number: 9560693
    Abstract: Methods and apparatus for recovering access data from a malfunctioning device. In one embodiment, trained service personnel are provided a specialized apparatus for retrieving access data from a malfunctioning device. For example, in the instance the device comprises a cellular device having an unrecoverable hardware failure, trained service personnel can connect to the secure element and retrieve the one or more electronic Subscriber Identity Modules (eSIMs) stored thereon. The eSIMs are then “reclaimed” and reprogrammed/distributed to a new device. In one implementation, security and integrity measures are taken to protect and control distribution of sensitive access data.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: January 31, 2017
    Assignee: Apple Inc.
    Inventor: Stephan V. Schell
  • Patent number: 9558359
    Abstract: Described, is system for mobile proactive secret sharing. The system initializes a RobustShare protocol to distribute a block of secret data among a set of servers comprising n servers. The block of secret data comprises a plurality of shares of data, wherein each server in the set of servers holds one share of data encoding the block of secret data. At least one Block-Redistribute protocol is initialized to protect against at least one adversary that attempts to corrupt the set of servers. During a Block-Redistribute protocol, the set of servers periodically refreshes its plurality of shares of data such that each server holds a new share of data that is independent of the previous share of data. Finally, a Reco protocol is initialized to reveal the block of secret data.
    Type: Grant
    Filed: July 31, 2014
    Date of Patent: January 31, 2017
    Assignee: HRL Laboratories, LLC
    Inventors: Karim El Defrawy, Joshua W. Baron, Joshua D. Lampkins
  • Patent number: 9548972
    Abstract: A system, method, and computer-readable storage medium for protecting a set of storage devices using a secret sharing scheme. The data of each storage device is encrypted with a key, and the key is encrypted based on a shared secret and a device-specific value. Each storage device stores a share and its encrypted key, and if a number of storage devices above a threshold are available, then the shared secret can be reconstructed from the shares and used to decrypt the encrypted keys. Otherwise, the secret cannot be reconstructed if less than the threshold number of storage devices are accessible, and then data on the storage devices will be unreadable.
    Type: Grant
    Filed: April 22, 2014
    Date of Patent: January 17, 2017
    Assignee: Pure Storage, Inc.
    Inventors: Ethan Miller, John Colgrove, John Hayes
  • Patent number: 9548976
    Abstract: After an initial user sign-on with an identity provider, and in response to an intention of the user to use a third-party application executing on a client device of the user and requiring user sign-on, the identity provider provides a client script to the third-party application. The client script facilitates user and application authentication and invokes a trusted broker application that interacts with the identity provider to enable the user to use the third-party application. The use of the trusted broker application provided by the identity provider frees the authors of third-party applications from the need to modify their applications to explicitly sign in with the identify provider.
    Type: Grant
    Filed: May 4, 2015
    Date of Patent: January 17, 2017
    Assignee: Okta, Inc.
    Inventors: Thomas M. Belote, Hassen Karaa, Christine Wang, Vinoth Jayaraman
  • Patent number: 9536241
    Abstract: A thin-client access card has a card body with partial or fully emissive magnetic data tracks. An emissive element is disposed in the card body under the location of the legacy magnetic data tracks. An electronic signal conditioner converts audio signals from a mobile device into magnetic data applied to the emissive element. A swipe sensor detects when the thin-client access card is being swiped by a legacy card reader, and triggers an output of magnetic data from the emissive element while proximal to the POS reader head. A cable attaches the thin-client access card as a peripheral to the mobile device with an audio output jack.
    Type: Grant
    Filed: March 4, 2015
    Date of Patent: January 3, 2017
    Assignee: Fitbit, Inc.
    Inventor: Kerry D. Brown
  • Patent number: 9536114
    Abstract: Described is system for secure mobile proactive multi-party computation. The system securely evaluates a circuit in the presence of an adversary. The circuit receives secret inputs comprising secret values from a set of servers. Sharings of random values for the random and input gates are generated. For each input gate, a sharing of a random value associated with the input gate is opened toward a server Pi. A sum of the server Pi's secret values and the random value is broadcast to the set of servers. Each server uses the sum to adjust its sharing of the random value, generating a sharing of server Pi's secret values. The secret values are re-randomized to preserve privacy of the secret values. A sharing of the secret values is determined for each output gate, and each sharing of secret values is revealed to an intended recipient.
    Type: Grant
    Filed: September 4, 2014
    Date of Patent: January 3, 2017
    Assignee: HRL Laboratories, LLC
    Inventors: Karim El Defrawy, Joshua D. Lampkins
  • Patent number: 9515828
    Abstract: A method and system distributes shares of a secret among cooperating entities using linear interpolation. In one embodiment, a linear equation is formed using the secret and random elements. The linear equation represents a K-dimensional hyperplane, where K is the number of shares to reconstruct the secret. Shares of the secrets are created, with each share corresponding to a point on the secret hyperplane. The shares are then distributed to cooperating entities for secret sharing.
    Type: Grant
    Filed: March 17, 2014
    Date of Patent: December 6, 2016
    Assignee: Red Hat, Inc.
    Inventor: James P. Schneider
  • Patent number: 9507920
    Abstract: A novel code signing system, computer readable media, and method are provided. The code signing method includes receiving a code signing request from a requestor in order to gain access to one or more specific application programming interfaces (APIs). A digital signature is provided to the requestor. The digital signature indicates authorization by a code signing authority for code of the requestor to access the one or more specific APIs. In one example, the digital signature is provided by the code signing authority or a delegate thereof. In another example, the code signing request may include one or more of the following: code, an application, a hash of an application, an abridged version of the application, a transformed version of an application, a command, a command argument, and a library.
    Type: Grant
    Filed: August 14, 2014
    Date of Patent: November 29, 2016
    Assignee: BlackBerry Limited
    Inventors: David P. Yach, Michael Steven Brown, Herbert Anthony Little
  • Patent number: 9489522
    Abstract: Described is system for generation of elliptic curve digital signature algorithm (ECDSA) based digital signatures. A Secret-Share protocol is initialized between a client and a set of servers to share a set of shares of a private key s among the set of servers. The set of servers initializes a protocol to generate a digital signature on a message using the set of shares of the private key s without reconstructing or revealing the private key s. The set of servers periodically initializes a Secret-Redistribute protocol on each share of the private key s to re-randomize the set of shares. A Secret-Open protocol is initialized to reveal the private key s to an intended recipient, wherein the private key s is used to compute the digital signature.
    Type: Grant
    Filed: April 14, 2015
    Date of Patent: November 8, 2016
    Assignee: HRL Laboratories, LLC
    Inventors: Karim El Defrawy, Joshua D. Lampkins
  • Patent number: 9489523
    Abstract: Systems and methods for providing an auditing file system for theft-prone devices are disclosed. The auditing file system supports fine-grained file auditing: a user may obtain reliable, explicit evidence that no files have been accessed after a device's loss. A user may also disable future file access after a device's loss, even in the absence of device network connectivity. In one embodiment, files are encrypted locally but the encryption keys are stored remotely, so that an audit server is queried for encryption keys to access protected files. By configuring the audit server to refuse to return a particular file's key, the user can prevent new accesses after the device is lost.
    Type: Grant
    Filed: April 8, 2011
    Date of Patent: November 8, 2016
    Assignee: University of Washington through its Center for Commercialization
    Inventors: Tadayoshi Kohno, Roxana Geambasu, Henry Levy, Steven Gribble
  • Patent number: 9467451
    Abstract: Described is system for transforming a SHARE protocol into a proactively secure secret sharing (PSS) protocol. A PREFRESH protocol is performed that includes execution of the SHARE protocol. The PREFRESH protocol refreshes shares of secret data among multiple parties. The SHARE protocol is a non-proactively secure secret sharing protocol.
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: October 11, 2016
    Assignee: HRL Laboratories, LLC
    Inventors: Joshua W. Baron, Karim El Defrawy, Joshua D. Lampkins
  • Patent number: 9461821
    Abstract: Encryption key(s) and/or other protected material are protected on devices. A secret splitting scheme is applied to a secret, S, that protects at least one data item to obtain a plurality of secret shares. At least one secret share is encrypted to provide at least one encrypted secret share using an encryption scheme that uses at least one other secret share as the encryption key. A subset of the plurality of secret shares and encrypted secret share(s) is required to reconstruct the secret, S. One or more secret shares and/or encrypted secret shares are provided to at least one device, for example, based on a corresponding key-release policy, to allow access to the data item(s) secured by the secret, S. The secret, S, comprises, for example, a secret key used to protect at least one content item and/or a key used to protect one or more of a content container and a vault storing one or more protected data items.
    Type: Grant
    Filed: June 30, 2014
    Date of Patent: October 4, 2016
    Assignee: EMC Corporation
    Inventors: Salah Machani, Nikolaos Triandopoulos, Kevin D. Bowers, Todd A. Morneau
  • Patent number: 9448949
    Abstract: A portable electronic device is provided. The portable electronic device includes a data interface module that processes files associated with a user, the data interface module receives and validates a password from a user of the portable electronic device before the user is allowed access to files processed by the data interface module, an encryption key formed by the data interface module upon validation of the password, the encryption key further comprising the password, a hard coded private string and a serial number of the portable electronic device and a data storage area that stores files received from the data interface module the stored files are encrypted using the encryption key and where neither the encryption key or the password are stored in an unencrypted format anyplace within the portable electronic device.
    Type: Grant
    Filed: August 20, 2015
    Date of Patent: September 20, 2016
    Inventors: Richard Cousins, Linton Henderson, Graham Matthews
  • Patent number: 9448888
    Abstract: Preventing a rollback attack in a computing system that includes a primary memory bank and a backup memory bank, including during startup of the computing system: determining whether the computing system is attempting to use firmware in the backup memory bank; responsive to determining that the computing system is attempting to use firmware in the backup memory bank, determining whether the firmware in the backup memory bank is a previous version of firmware in the primary memory bank; responsive to determining that the firmware in the backup memory bank is a previous version of firmware in the primary memory bank, determining whether a system administrator has authorized the use of the firmware in the backup memory bank; and responsive to determining that the system administrator has authorized the use of the firmware in the backup memory bank, configuring the computing system to utilize the firmware in the backup memory bank.
    Type: Grant
    Filed: November 15, 2013
    Date of Patent: September 20, 2016
    Assignee: Lenovo Enterprise Solutions (Singapore) Pte. Ltd.
    Inventors: Shiva R. Dasari, Raghuswamyreddy Gundam