Key Escrow Or Recovery Patents (Class 380/286)
  • Patent number: 10742404
    Abstract: Described is a system for verifiable secret sharing amongst a plurality of servers, including a dealer server and one or more recipient servers. In operation, the dealer server encrypts a secret s using a polynomial and a hash tree with points on the polynomial as leaves. The dealer broadcasts to recipient servers hash tree data, root of the hash tree, and shares of the secret. Through an evaluation process the recipient servers are verified such that upon verification, the recipient servers reconstruct the secret s.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: August 11, 2020
    Assignee: HRL Laboratories, LLC
    Inventor: Joshua D. Lampkins
  • Patent number: 10735186
    Abstract: Encryption of data across an environment, such as a shared resource environment, can be updated using keys generated using one or more revocable stream cipher algorithms. Data stored in the environment can be encrypted under a first key, or other such secret. When it is desired to update the encryption, a second key can be generated under which the data is to be re-encrypted. Instead of distributing the second key, a revocable stream cipher generator can generate an intermediate key based on the first and second keys, that when processed with the first key will produce the second key. Such an approach enables data to be re-encrypted under the second key without distributing the second key. Further, the unencrypted data will not be exposed in the process. In some embodiments, the re-encryption can be performed on an as-needed basis in order to reduce processing requirements.
    Type: Grant
    Filed: November 29, 2018
    Date of Patent: August 4, 2020
    Assignee: Amazon Technologies, Inc.
    Inventor: Gregory Branchek Roth
  • Patent number: 10693639
    Abstract: The present disclosure describes methods and systems, including computer-implemented methods, computer program products, and computer systems, for distributing recovery keys. One method includes: transmitting, from a first user device to a secure community server, a key distribution request, wherein the key distribution request identifies a second user device, and the first user device and the second user device are members of a same secure community managed by the secure community server; transmitting a first portion of a recovery key to secure community server for forwarding to the second user device; transmitting a second portion of the recovery key to the secure community server; and discarding the first portion and the second portion of the recovery key at the first user device.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: June 23, 2020
    Assignee: BlackBerry Limited
    Inventors: Roger Paul Bowman, Neil Patrick Adams
  • Patent number: 10686597
    Abstract: Described is a system for secure multiparty computation. The system uses a secret sharing protocol to share secrets among servers of a synchronous network. An Open-Semi-Robust protocol or an Open Robust protocol is used to allow the servers to open their shares of secret data. If a server is corrupt, the Open-Robust protocol is used, otherwise, the Open-Semi-Robust protocol is used. A Deal-Semi-Robust protocol or a Deal-Robust protocol is utilized by a server to distribute its shares of secret data among the other servers. If a server is corrupt, the Deal-Robust protocol is used, otherwise, the Deal-Semi-Robust protocol is used. A Recover-Semi-Robust protocol or a Recover-Robust protocol is used to allow servers that were previously corrupted to recover their shares of secret data, such that each uncorrupted server holds correct shares of secret data. If a server is corrupt, the Recover-Robust protocol is used, otherwise, the Recover-Semi-Robust protocol is used.
    Type: Grant
    Filed: March 5, 2018
    Date of Patent: June 16, 2020
    Assignee: HRL Laboratories, LLC
    Inventors: Joshua D. Lampkins, Karim El Defrawy, Benjamin Terner, Aleksey Nogin
  • Patent number: 10679212
    Abstract: A method of remotely configuring a pin-pad terminal involves a computer server receiving a merchant identifier over a network from a communications device associated with the pin-pad terminal. The computer server confirms from the merchant identifier that an entity associated with the communications device is authorized to use the pin-pad terminal, and authenticates the pin-pad terminal from a cryptographically-signed datum received from the communications device. The computer server then transmits to the pin-pad terminal via the communications device a configuration payload for installation in the pin-pad terminal. The configuration payload includes at least a payment symmetric cryptographic key set uniquely associated with the pin-pad terminal. The payment symmetric key set configures the pin-pad terminal to effect secure electronic payment via the communications device.
    Type: Grant
    Filed: May 26, 2015
    Date of Patent: June 9, 2020
    Assignee: The Toronto-Dominion Bank
    Inventors: Robert Hayhow, Jeffrey Aaron Ecker, Igor Elkhinovich, Keith Willard
  • Patent number: 10666649
    Abstract: Systems, apparatuses and methods may provide for generating, in response to a decrease in trustworthiness with respect to a controller, a notification message and generating a message authentication code (MAC) based on the notification message and one or more locally stored keys. Additionally, the notification message and the MAC may be sent to the controller, wherein the notification message is directed to one or more peers in a network associated with the controller. In one example, the notification message includes one or more of an indication that the controller is compromised or an indication that the controller is suspected to be compromised.
    Type: Grant
    Filed: April 1, 2016
    Date of Patent: May 26, 2020
    Assignee: Intel Corporation
    Inventors: Mike Bursell, Timothy Verrall
  • Patent number: 10666436
    Abstract: A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system. Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches.
    Type: Grant
    Filed: December 12, 2016
    Date of Patent: May 26, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Matthew James Wren, Eric Jason Brandwine, Brian Irl Pratt
  • Patent number: 10614914
    Abstract: A patient care environment includes a monitoring device and a vital sign device, where the vital sign device communicates patient vital sign data to the monitoring device. A site key, entity keys, and key combining algorithms are used to secure communications in the patient care environment. Neither the site key nor the entity keys are communicated between the monitoring device and the vital sign device. The monitoring device may use the site key and entity keys to decrypt encrypted messages that have been previously stored in the vital sign device and transmitted back to any monitoring device containing the correct set of site and entity keys. The site key and entity key may also be used during the discovery and/or connection operations between the monitoring device and the vital sign device to associate a wirelessly connected vital sign device with a patient record.
    Type: Grant
    Filed: October 27, 2017
    Date of Patent: April 7, 2020
    Assignee: WELCH ALLYN, INC.
    Inventors: Cory R. Gondek, Song Y. Chung, Kenzi Mudge, Steven D. Baker
  • Patent number: 10594713
    Abstract: Systems/method of securely propagating analytical models for detection of security threats and/or malicious actions among a threat intelligence community can be provided. Attributes of security data accessed members of the threat intelligence community can be determined and encoded. Analytical model(s) can be developed for detection of potential malicious actions using the encoded attributes of the security data and a derivation data schema, and this derivation data schema can be encrypted. The model(s) can be translated into common exchange formats for sharing the model with community members. The encrypted derivation data schema can be transmitted to the community members. After receipt, the derivation data schema can be decoded by the community members, and the derivation data schema can be applied to security data to determine if the encoded attributes are found. If the encoded attributes are derived, remedial or mitigating action can be taken.
    Type: Grant
    Filed: November 10, 2017
    Date of Patent: March 17, 2020
    Assignee: SECUREWORKS CORP.
    Inventor: Lewis McLean
  • Patent number: 10572654
    Abstract: Method for repeatable creation of random file enables to create and recreate random files at different places, different times and on different devices. Random files are based on aliases, which can contain any text, including specific information, such as serial number, start date, expiry date, etc. Random files can be used for generations of strong and unique passwords. The strength of the password doesn't depend on alias, so any alias will result in equally strong and unique password. Browser, using the method, would be able to register the user to any resource, by generating a password, using resource's URL as alias, and afterwards automatically log user in using same URL for generating the password again. Users can communicate securely by sending alias in plaintext together with ciphertext encrypted with password. IoT devices can establish master, slave, partner, alien relationship and communicate securely without human introduction.
    Type: Grant
    Filed: January 10, 2017
    Date of Patent: February 25, 2020
    Inventor: Vadim Zaver
  • Patent number: 10574459
    Abstract: A facility for enrolling a software implementer in a code signing. In one example facility, the facility receives information identifying the implementer, and credentials authenticating the implementer. The facility generates secret state for the implementer. Based on at least one or both of (1) at least a portion of the received credentials and (2) at least a portion of the generated secret state, the facility generates for the implementer a key pair comprising a private key and a public key, and persistently stores the secret state.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: February 25, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Prabu Raju, Fengfen Liu, Christopher Leonard Walstad, Levi P. Broderick, Himanshu Soni, Reed Molbak, Klaudia Leja
  • Patent number: 10546142
    Abstract: Systems and methods for zero-knowledge enterprise collaboration are provided herein. In some embodiments, the method may comprise receiving, at a host server, a request to store a file, wherein the file is encrypted with a data key prior to being received at the host server; receiving a request to perform a first service; determining whether the first service is authorized to access the file, wherein determining comprises unwrapping the data key with the private key of the first service; providing access to the first service when the private key of the first service successfully unwraps the data key for the file; and storing the encrypted file.
    Type: Grant
    Filed: August 23, 2017
    Date of Patent: January 28, 2020
    Assignee: Intralinks, Inc.
    Inventor: Mushegh Hakhinian
  • Patent number: 10523716
    Abstract: A computing resource service receives a request to perform a change to a configuration of a service provider account. In response to the request, the computing resource service determines if the service provider account has been designated as being immutable. If the service provider account is designated as being immutable, the computing resource service causes an account security service to transmit a notification to administrators of the service provider account to determine whether the administrators authorize the change to the service provider account. If the administrators approve of the requested change, the computing resource service fulfills the request.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: December 31, 2019
    Assignee: Amazon Technologies Inc.
    Inventors: Thomas Charles Stickle, Joshua Swaney, Blake Whaley
  • Patent number: 10523659
    Abstract: A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.
    Type: Grant
    Filed: December 13, 2018
    Date of Patent: December 31, 2019
    Assignee: International Business Machines Corporation
    Inventors: Dimitrios Pendarakis, Enriquillo Valdez
  • Patent number: 10511581
    Abstract: First and second computer systems exchange randomness and the first computer system derives a uniformly random key from the randomness. The first computer system encrypts a multitude of blocks of plaintext using the uniformly random key to create a corresponding multitude of blocks of ciphertexts. The exchanging, deriving, and encrypting each uses a public random permutation. The first computer system transmits the multitude of blocks of ciphertexts to the second computer system. Another example includes the first computer system exchanging randomness and deriving the uniformly random key. The first computer system generates an authentication tag on a multitude of blocks of plaintexts. The exchanging, deriving, and generating each uses a public random permutation. The first computer system sends the authentication tag and the multitude of blocks of plaintext to the second computer system for authentication of the plaintext by the second computer system. Systems, methods, and program products are disclosed.
    Type: Grant
    Filed: November 17, 2015
    Date of Patent: December 17, 2019
    Assignee: International Business Machines Corporation
    Inventor: Charanjit S. Jutla
  • Patent number: 10511742
    Abstract: In some embodiments, a method is provided for storing data in a storage device associated with a first electronic device. The first electronic device can receive a request for data from a remote electronic device. The request for data can include pairing information, which can be used to confirm the remote electronic device as an approved paired device. The request for data can also include authentication information, which can be used to authenticate the request for data. The first electronic device can retrieve the data from the storage device and transmit the data in encrypted form to the remote electronic device.
    Type: Grant
    Filed: February 11, 2016
    Date of Patent: December 17, 2019
    Assignee: DISH Technologies L.L.C.
    Inventor: Samuel Eber
  • Patent number: 10489576
    Abstract: Generating verification codes includes selecting at least two verification code generators from a verification code generator set comprising a plurality of verification code generators to compose a current use set, executing each verification code generator in the current use set to obtain corresponding partial verification codes, composing a current verification code from the partial verification codes, outputting the current verification code to a user, receiving a user response that is made in response to the current verification code, and comparing the current verification code and the user response to determine whether the user is verified.
    Type: Grant
    Filed: May 5, 2015
    Date of Patent: November 26, 2019
    Assignee: Alibaba Group Holding Limited
    Inventors: Jiajia Li, Xinlin Yu
  • Patent number: 10491387
    Abstract: A method for protecting an encryption key for a block storage device is provided. The includes reading from a superblock of the block storage device a secure key, referring to a clear key only accessible by a hardware security module, and a type indicator indicating that the secure key refers to the clear key which is only accessible by the hardware security module. The method also includes associating the block storage device with the hardware security module and converting the secure key into a protected clear key using the hardware security module, wherein the protected key refers to the clear key accessible by a central processing unit of a related computer system.
    Type: Grant
    Filed: November 15, 2016
    Date of Patent: November 26, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Hendrik S. Brueckner, Reinhard T. Buendgen, Harald Freudenberger
  • Patent number: 10484339
    Abstract: A method and system of securing data. A security client program stored in a memory of a user device intercepts an operating system call performed by a calling application of the user device for an unencrypted asset. A first key for the unencrypted asset from a server is requested. Upon receiving the first key for the unencrypted asset from a server, a secure resource is created by encrypting the unencrypted asset. Then, the operating system call is completed and an update message is sent to the server.
    Type: Grant
    Filed: March 24, 2016
    Date of Patent: November 19, 2019
    Assignee: Global Data Sentinel, Inc.
    Inventors: John-Philip Galinski, Nigel Walker
  • Patent number: 10469457
    Abstract: A computer-implemented method for securely sharing cloud-service credentials within a network of computing devices may include (i) identifying, by a central computing device, a set of networked devices, (ii) encrypting, by the central computing device, at least one user credential for a cloud service, (iii) dividing, by the central computing device, a decryption key for decrypting the user credential into a set of fragments such that a minimum number of fragments, as defined by a security policy, is required to decrypt the user credential, and (iv) securing the user credential by distributing the set of fragments of the decryption key from the central computing device to the set of networked devices in compliance with the security policy. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 26, 2016
    Date of Patent: November 5, 2019
    Assignee: Symantec Corporation
    Inventors: Ilya Sokolov, Keith Newstadt
  • Patent number: 10461932
    Abstract: The present teaching relates to adjustable one-time password (OTP) setup, sign-in, and verification. In one example, a first length of a signature is determined. The signature has been used previously by a first user to initially sign in a second device. A second length that is different from the first length is determined. A signing key is generated based at least partially on the second length. A new signature having the second length is generated based on the signing key. The new signature is provided to a second user so that the second user can input at least a portion of the new signature into the second device for a subsequent sign in. The verification key is generated based at least partially on the new signature. The new signature input by the second user into the second device is transmitted from the second device to the third device.
    Type: Grant
    Filed: March 8, 2016
    Date of Patent: October 29, 2019
    Assignee: Oath Inc.
    Inventors: Payman Mohassel, Juan Garay, Xiong Fan
  • Patent number: 10447671
    Abstract: The disclosed computer-implemented method for recovering encrypted information may include (i) identifying an untrusted application that uses a known cryptographic function, (ii) hooking the known cryptographic function used by the untrusted application to execute decryption-facilitation code when the untrusted application attempts to encrypt data, where the decryption-facilitation code reduces the difficulty of later decrypting data encrypted by the untrusted application, (iii) detecting encrypted data produced by the untrusted application, and (iv) recovering unencrypted data from the encrypted data produced by the untrusted application using a decryption technique facilitated by having executed the decryption-facilitation code that reduced the difficulty of later decrypting the encrypted data encrypted by the untrusted application. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 29, 2017
    Date of Patent: October 15, 2019
    Assignee: Symantec Corporation
    Inventor: Steve Meckl
  • Patent number: 10444743
    Abstract: Data communications are enabled between a machine and a remote service application. When user-based credential data is valid, an authorization code is provided from an authorization service application to the machine. The authorization code and a request for a first access token are received and in response, the first access token is sent from the authorization service application to the first machine. The first machine responsively sends the first access token and an enrollment request to an enrollment service application. The enrollment service application sends machine credential data to the first machine to permit the first machine later access to cloud-based applications.
    Type: Grant
    Filed: November 13, 2018
    Date of Patent: October 15, 2019
    Assignee: General Electric Company
    Inventors: Jiaqi Wu, Greg Lammers
  • Patent number: 10447669
    Abstract: Disclosed are a system and method for key exchange based on user authentication information. The system for key exchange based on user authentication information includes a client configured to generate ciphertext corresponding to authentication information of a user of the client using a random number for the client and server identification information, and a server configured to decrypt the ciphertext received from the client using a private key for the server corresponding to the server identification information to restore the authentication information, authenticate the client using the restored authentication information, and generate a session key for the server corresponding to the authenticated client.
    Type: Grant
    Filed: April 28, 2016
    Date of Patent: October 15, 2019
    Assignee: SAMSUNG SDS CO., LTD.
    Inventors: Kyu-Young Choi, Ji-Hoon Cho, Hyo-Jin Yoon
  • Patent number: 10439812
    Abstract: In an example system for private key recovery performed by a processor of a key recovery computing system, a key recovery computing system is configured to provide an original private key. The original private key is associated with a storage location of a blockchain-based asset. The key recovery computing system is configured to receive supplemental recovery information provided by a user via a user computing device. A recovery seed is derived from at least a subset of the supplemental recovery information, wherein the recovery seed is non-invertible. The original private key and the recovery seed are stored relationally to the supplemental recovery information. In some embodiments, the processor is further configured to cryptographically protect at least one of the original private key and the recovery seed via a universal second-factor authentication (U2F) device.
    Type: Grant
    Filed: May 9, 2018
    Date of Patent: October 8, 2019
    Assignee: SquareLink, Inc.
    Inventor: Alexander Patin
  • Patent number: 10432589
    Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: October 1, 2019
    Assignee: Symphony Communication Services Holdings LLC
    Inventors: David M'Raihi, David Gurle, Michael Harmon, Jon McLachlan, Ivan Rylach, Sergey Stelmakh
  • Patent number: 10419928
    Abstract: A mobile commissioning device for assisting in the commissioning of wireless public-key encrypted networks, the device being provided with: means for reading the public key from a network node to be integrated in the wireless network, the channel for reading the public key being physically different to the wireless network channel for which the node is to be commissioned, means for at least temporarily storing the read public key in the device, means for transferring a public key of the commissioning device to the network node to be commissioned, the channel for transferring the public key preferably being the wireless channel for which the node is to be commissioned, and means for transferring the read public key to a trust center.
    Type: Grant
    Filed: March 3, 2017
    Date of Patent: September 17, 2019
    Assignee: Tridonic GmbH & Co KG
    Inventor: Edgar Holleis
  • Patent number: 10419214
    Abstract: A device manager establishes a mobile device and a gateway as managed devices. The device manager generates management metadata and a split cryptographic key. The management metadata may include information identifying the mobile device. The metadata may include a gateway key part and a mobile key part which, in combination, are sufficient to decrypt information encrypted with the management split key. The device manager may encrypt the management metadata using the management split key. The device manager may send the gateway key part and the encrypted management metadata to the gateway and the mobile key part to the mobile device. Subsequent delivery of the mobile key part to the gateway, by the mobile device, enables the gateway to decrypt the encrypted management metadata and recognize the mobile device as a management device delegate sanctioned by the device manager to perform delegated management of the gateway.
    Type: Grant
    Filed: December 28, 2015
    Date of Patent: September 17, 2019
    Assignee: Dell Products L.P.
    Inventors: Carlton A. Andrews, Warren W. Robbins, Yuan-Chang Lo
  • Patent number: 10411886
    Abstract: Systems and processes are described for establishing and using a secure channel. A shared secret may be used for authentication of session initiation messages as well as for generation of a private/public key pair for the session. A number of ways of agreeing on the shared secret are described and include pre-sharing the keys, reliance on a key management system, or via a token mechanism that uses a third entity to manage authentication, for example. In some instances, the third party may also perform endpoint selection by providing a particular endpoint along with the token. The particular cipher suite applied in a particular implementation may be configurable. The process is applicable to either implicit key confirmation (e.g., handshake negotiation) or explicit key confirmation (e.g., full negotiation).
    Type: Grant
    Filed: December 29, 2015
    Date of Patent: September 10, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Allan Henry Vermeulen, Matthew John Campagna, Colm Gearóid MacCárthaigh
  • Patent number: 10411902
    Abstract: According to certain embodiments, a method receives a certificate that identifies a sender system as owning a domain. The method sends an electronic message to the domain identified in the certificate. The electronic message is sent via a mail exchange network that correlates the domain to an address that a true owner of the domain has registered with a mail exchange authority. The method receives a response from the address that the mail exchange network correlates to the domain. The response indicates that the certificate is associated with the true owner of the domain. The method authenticates the sender system as the true owner of the domain based on the response.
    Type: Grant
    Filed: December 13, 2016
    Date of Patent: September 10, 2019
    Assignee: ZixCorp Systems, Inc.
    Inventors: John Kalan, Charles A. Rego, Deryk Shane Agnew, David Joseph Robertson
  • Patent number: 10389520
    Abstract: A first share value and a second share value may be received. A combination of the first share value and the second share value may correspond to an exponent value. The value of a first register is updated using a first equation that is based on the first and second share values and the value of a second register is updated using a second equation that is based on the second share value. One of the value of the first register or the value of the second register is selected based on a bit value of the second share value.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: August 20, 2019
    Assignee: Cryptography Research, Inc.
    Inventor: Michael Tunstall
  • Patent number: 10387122
    Abstract: Arithmetic circuits and methods that perform efficient matrix multiplication for hardware acceleration of neural networks, machine learning, web search and other applications are disclosed herein. Various arrays of multiplier-accumulators may be coupled to form a matrix multiplier which processes data using high precision, fixed point residue number arithmetic.
    Type: Grant
    Filed: May 4, 2018
    Date of Patent: August 20, 2019
    Assignee: Olsen IP Reserve, LLC
    Inventor: Eric B. Olsen
  • Patent number: 10372940
    Abstract: A system and method for pseudonymizing digital data records sent from a source system to a destination system, using an identity protector client system and an identity protector master system, includes the steps of receiving, at the identity protector client, person-specific data from a source system provided with a source identifier. The digital data records are pre-pseudonymized by the identity protector client, and the processed digital data records are marked with a source identifier which references the source file in the source system. The pre-pseudonymized digital data records are transmitted to the identity protector master. For every data record, a pseudonym is created by the identity protector master from the pre-pseudonym, the source identifier, and at least one other value generated from an erratic value and a time value. The pseudonym is transmitted to the destination system.
    Type: Grant
    Filed: March 14, 2007
    Date of Patent: August 6, 2019
    Assignee: DEUTSCHE TELEKOM AG
    Inventors: Dieter Ehrenschwender, Gerhard Henkel, Stefan Kalck, Heiko Kern
  • Patent number: 10360558
    Abstract: A method for two factor authentication is described. The method comprises sending an activation code stored on a mobile device to a server for verification. An encrypted secret key generated by the server using the activation code is received. The secret key is decrypted using the activation code stored on the mobile device. The mobile device encrypts the secret key using a predetermined PIN. As a result of a user inputting the predetermined PIN, the secret key is decrypted, the mobile device generates a first token using the secret key and transmits the first token to the server to authenticate the user. After receiving authentication from the server, the information on the mobile device is synced with the server.
    Type: Grant
    Filed: March 17, 2015
    Date of Patent: July 23, 2019
    Assignee: CA, Inc.
    Inventors: Mohammed Mujeeb Kaladgi, Mahesh Malatesh Chitragar, Vishwanatha Salian
  • Patent number: 10355854
    Abstract: An embodiment includes a method executed by at least one processor of a first computing node comprising: form a first group of computing nodes, wherein forming the first group comprises providing (a)(i) a public key and a first seed value to each of second and third nodes, (a)(ii) second and third private keys, which both correspond to the public key and are unequal to each other, respectively to the second and third nodes; determine a first key encryption key (KEK) pair based on the first seed value; determine a second KEK pair based on (b)(i) a second seed value that is derived from the first seed value, and (b)(ii) determining a predetermined time period has expired; and receive a symmetric key encrypted with a public key of the second KEK and decrypting the encrypted symmetric key with a private key of the second KEK. Other embodiments are described herein.
    Type: Grant
    Filed: December 17, 2015
    Date of Patent: July 16, 2019
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Rajesh Poornachandran
  • Patent number: 10355859
    Abstract: A method for a Diffie Hellman key exchange, the method including selecting a field size p in the form p=hq+1, where q is a prime number that is one plus a factorial number b, such that q=(b!+1), and h is a cofactor, such that p=hq+1 is prime; selecting a generator integer g whose order modulo p is the prime q or is divisible by q; choosing a private key x; computing a public key gx mod p by raising said generator g to the power of said private key x, using arithmetic modulo said prime field size p; sending said public key gx mod p to a correspondent; receiving, from the correspondent, a second public key B comprising g raised to a second private key y selected by the correspondent, in the form gy; and creating a key Bx from the received second public key B, by raising said second public key B to the power of said private key x, using arithmetic modulo said prime field size p.
    Type: Grant
    Filed: March 27, 2017
    Date of Patent: July 16, 2019
    Assignee: Certicom Corp.
    Inventor: Daniel Richard Brown
  • Patent number: 10356066
    Abstract: A system includes circuitry for wrapping up blockchains into blockchain loops. A blockchain may include a series of blocks extending from an initial block to a terminal block. The circuitry may wrap-up the blockchain by storing an integrity output coding-consistent with the terminal block within the initial block. In some cases, when the terminal block and initial block include end blocks for the blockchain, wrapping-up the series may form a closed-loop.
    Type: Grant
    Filed: October 5, 2017
    Date of Patent: July 16, 2019
    Assignees: Accenture Global Solutions Limited, GSC Secrypt, LLC
    Inventors: Giuseppe Ateniese, Michael T. Chiaramonte, David Treat, Bernardo Magri, Daniele Venturi
  • Patent number: 10356053
    Abstract: A system and method allows a user to register one or more PINs on one or more user devices, and then authenticates the user to a server via the PIN and a token deposited on the user device being used by the user to allow access to an application on the user device. Individual tokens, or all tokens deposited on the user devices for a user account, may be invalidated, and the user is prevented from authenticating himself or herself via a PIN to allow access to an application on any device for which the last token deposited was invalidated, until the same or different PIN is registered for that device.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: July 16, 2019
    Assignee: Charles Schwab & Co., Inc.
    Inventor: Valery Zubovsky
  • Patent number: 10341327
    Abstract: Embodiments provide a system for managing security certificates, thereby enabling secure connections between systems. Embodiments collect data; authenticate to a server comprising a keystore comprising a plurality of certificates and having a server configuration; determine keystore characteristics from the server configuration; and, using the keystore characteristics, verify certificate expiration details. The system may determine that at least one certificate in the keystore has expired; and, in response, remove the at least one expired certificate from the keystore of the server. The system may determine that a certificate has expired; receives expired certificate serial number identifying expired certificate; searches for servers storing copies of the expired certificate; determines servers storing copies of the expired certificate; selects one or more of the servers storing copies of the expired certificate; and removes the expired certificate from the selected servers.
    Type: Grant
    Filed: December 6, 2016
    Date of Patent: July 2, 2019
    Assignee: Bank of America Corporation
    Inventors: Bhanu Kumar Kola, Nikhil Reddy Kodari, Dharmalingam Ramasamy
  • Patent number: 10313119
    Abstract: A data management device according to an embodiment stores first encrypted data obtained by encrypting plain text data with a first public key of a first user device. The data management device stores a first re-encryption key for re-encrypting the first encrypted data without decrypting to obtain first re-encrypted data decryptable with a private key of a second user device. The data management device stores a conversion key generated from a first private key corresponding to the first public key and a second private key of the first user device. The data management device converts the first encrypted data into second encrypted data with the conversion key. The data management device The data management device converts the first re-encryption key into a second re-encryption key with the conversion key.
    Type: Grant
    Filed: September 7, 2016
    Date of Patent: June 4, 2019
    Assignees: KABUSHIKI KAISHA TOSHIBA, TOSHIBA SOLUTIONS CORPORATION
    Inventors: Masanobu Koike, Yoshihiro Fujii
  • Patent number: 10277395
    Abstract: Generation of a cryptographic key is deterministically derived from client data of which a client computer proves knowledge in order to obtain the key. A client computer provides client data and is adapted to define a vector, having a plurality of data blocks with indices, corresponding to the client data. The client computer is further adapted to generate a first non-hiding vector commitment and a second hiding vector commitment, to the vector, and to generate a third commitment to the first commitment. The client computer sends the second and third commitments to the key server, and provides to the key server a first proof of knowledge, for a subset of the indices, of the corresponding data blocks of the vector in the second and third commitments. The key server stores a secret server key and is adapted to engage with the client computer in a key-generation protocol.
    Type: Grant
    Filed: May 19, 2017
    Date of Patent: April 30, 2019
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Angelo De Caro, Esha Ghosh, Alessandro Sorniotti
  • Patent number: 10250576
    Abstract: A method is provided for communicating messages between sender and receiver computers, connectable via a network to a system of servers, based on authentication of receiver passwords, associated with respective receiver IDs, by the system. A method is also provided for receiving a message from a sender based on authentication of a receiver password, associated with a receiver ID, by a system of servers, in a network, wherein each server stores for the ID a ciphertext produced by encrypting the receiver password under a public key via a homomorphic threshold encryption scheme having a threshold, and a key-share of a secret key corresponding to that public key, and stores an encrypted message from the sender encrypted under the public key. Systems are provided including servers, for communicating messages between sender and receiver computers based on authentication of receiver passwords, associated with respective receiver IDs, by the system.
    Type: Grant
    Filed: February 8, 2017
    Date of Patent: April 2, 2019
    Assignee: International Business Machines Corporation
    Inventors: Jan Leonhard Camenisch, Kai Samelin
  • Patent number: 10243742
    Abstract: A system for authenticating a user accessing a device includes an authentication server and a ticket granting server. The authentication server is configured to generate a part of an authentication ticket which is combinable with at least one other part generated by at least one other authentication server to produce a complete authentication ticket, and to generate a part of a user session key which is combinable with at least one other part generated by the at least one other authentication server to produce a combined user session key. The ticket granting server is configured to authenticate the user by collaboratively, with at least one other ticket granting server, decrypting user request information using the combined user session key and comparing content of the decrypted user request information with the complete authentication ticket.
    Type: Grant
    Filed: December 1, 2017
    Date of Patent: March 26, 2019
    Assignee: NEC CORPORATION
    Inventors: Jens-Matthias Bohli, Wenting Li, Jan Seedorf
  • Patent number: 10211983
    Abstract: A processor-based method for secret sharing in a computing system is provided. The method includes encrypting shares of a new secret, using a previous secret and distributing unencrypted shares of the new secret and the encrypted shares of the new secret, to members of the computing system. The method includes decrypting at least a subset of the encrypted shares of the new secret, using the previous secret and regenerating the new secret from at least a subset of a combination of the unencrypted shares of the new secret and the decrypted shares of the new secret.
    Type: Grant
    Filed: August 3, 2017
    Date of Patent: February 19, 2019
    Assignee: Pure Storage, Inc.
    Inventors: Andrew R. Bernat, Ethan L. Miller
  • Patent number: 10193964
    Abstract: In a system for providing data and/or computational services, various resources are assigned a sort of points (called vouchers or IOUs) for work manager threads that are currently queued at each resource. When a resource (and its associated resource manager) has a relatively small queue, whereby the resource is holding a relatively small number of points, that resource will be assigned work manager threads for incoming services requests at a high preference, or priority. In this way, faster performing resources can more reliably be supplied with new requests, while relatively slow performing resources will tend not to unduly tie up limited work manager threads in long queues at the slow resources.
    Type: Grant
    Filed: May 6, 2014
    Date of Patent: January 29, 2019
    Assignee: International Business Machines Corporation
    Inventors: Manu T. George, Anoop G. M. Ramachandra, Murali K. Surampalli
  • Patent number: 10193690
    Abstract: Systems and methods of the present disclosure are directed to a computing system configured to provide seamless protection to data (which can include, without limitation, data files, executable files, system configuration files, program files, and other data) stored in the computing system, while making it nearly impossible for attackers to be able to access the data outside of the computing system. The computing system uses targeted encryption and decryption, in which values of one or more system attribute are used to generate a cryptographic key used for encryption and decryption of data stored in the computing system.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: January 29, 2019
    Assignee: U.S. Bancorp, National Association
    Inventors: Blake Self, David Lord
  • Patent number: 10187385
    Abstract: Various embodiments are generally directed to techniques to form secure communications between two computing devices in which the chain of trust of those communications is extended to a particular application routine executed by one of the two computing devices. An apparatus includes a processor component; a verifying component to verify a link attestation credential received from a server to verify an ability of the server to form a secure pipeline, and to signal an application routine with an indication of a result of the verification by the verifying component; and a hash component to generate a return hash of a return signature associated with the application routine to indicate to the server that the application routine has also verified the link attestation credential to form the secure pipeline between the server and the application routine. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 26, 2013
    Date of Patent: January 22, 2019
    Assignee: INTEL CORPORATION
    Inventors: Adi Shaliv, Jesse Walker
  • Patent number: 10180806
    Abstract: An information processing apparatus is connected to a plurality of online storages through a network. The apparatus includes a circuitry to divide a file into a plurality of pieces of segment data, encrypt each of the plurality of segment data with an encryption key, and generate a plurality of final generated files, each including the encryption key and at least one piece of the plurality of segment data encrypted with the encryption key, and a transmitter to transmit each one of the plurality of final generated files to a corresponding one of the plurality of online storages. The circuitry manages folder and file management information that associates a folder path of each of the folders stored in the online storages with a virtual folder path, and associates a file path of each of the final generated files stored in the online storages with a virtual file path.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: January 15, 2019
    Assignee: Ricoh Company, Ltd.
    Inventor: Naoki Shimizu
  • Patent number: 10178181
    Abstract: An interposer is provided that is configured to interpose into an application security protocol exchange by obtaining application session security state. The interposer does this without holding any private keying material of client or server. An out-of-band Security Assistant Key Escrow service (SAS/SAKE) is also provided. The SAKE resides in the secure physical network perimeter and holds the private keying material required to derive session keys for interposing into application security protocol. During a security protocol handshake, the interposer sends SAKE security protocol handshake messages and in return receives from the SAKE session security state that allows it to participate in application security protocol.
    Type: Grant
    Filed: July 10, 2014
    Date of Patent: January 8, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Eitan Ben-Nun, Michael Zayats, Daniel G. Wing, Kirtesh Patil, Jaideep Padhye, Manohar B. Hungund, Saravanan Agasaveeran
  • Patent number: 10171452
    Abstract: A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.
    Type: Grant
    Filed: March 31, 2016
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: Dimitrios Pendarakis, Enriquillo Valdez