Key Escrow Or Recovery Patents (Class 380/286)
  • Patent number: 11438147
    Abstract: Technologies for providing multiple device authentication in a heterogeneous network include a gateway node. The gateway node includes a network communicator to receive a request from a terminal node to authenticate a user of a set of heterogeneous nodes connected to the gateway node and broadcast a credential request to the nodes. Additionally, the gateway node includes a response combiner to combine responses from the set of nodes to generate a combined authentication message. The network communicator is further to send the combined authentication message to the terminal node for authentication. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: September 6, 2022
    Assignee: Intel Corporation
    Inventors: Alexandra Afanasyeva, Sergey Bezzateev, Vitaly Petrov, Konstantin Zhidanov, Natalia Voloshina, Vladimir Zybin, Anna Bakunova
  • Patent number: 11405201
    Abstract: Methods and apparati for securely transferring application storage keys in an application in a trusted computing environment, when the trusted computing base is modified. In an apparatus embodiment of the present invention, a computing device comprises: a protected partition in which an application can execute without attack from outside a trusted computing base of the partition; and a storage key derivation module which provides a first storage key to said application, where the value of the first storage key is derived from a computation dependent upon a first version of the trusted computing base that is launched on the platform.
    Type: Grant
    Filed: December 7, 2021
    Date of Patent: August 2, 2022
    Assignee: Brickell Cryptology LLC
    Inventor: Ernest Brickell
  • Patent number: 11398906
    Abstract: Methods and apparati for auditing uses of audited cryptographic keys.
    Type: Grant
    Filed: December 17, 2021
    Date of Patent: July 26, 2022
    Assignee: BRICKELL CRYPTOLOGY LLC
    Inventor: Ernest Brickell
  • Patent number: 11362816
    Abstract: A layered secret sharing scheme in which a trust set of each of the parties receiving a share of the secret is received and used to generate an authorized set and an adversary set for reconstruction of a secret. In this regard, an access structure defining an authorized subset of participants may be based, at least in part, on the encoded trust subsets of the shares. The secret sharing scheme includes a secret generator that generates the shares distributed to the parties. In turn, an authorized subset of participants as defined by the access structure may provide shares to a dealer for reconstruction of the secret. However, if the participants requesting secret reconstruction are not an authorized subset of participants or if participants define an adversary subset, the secret reconstruction fails. In this regard, even if an authorized subset is present, if an adversary subset is present, the reconstruction may be “killed.
    Type: Grant
    Filed: September 11, 2020
    Date of Patent: June 14, 2022
    Assignee: SEAGATE TECHNOLOGY LLC
    Inventors: Vipin Singh Sehrawat, Foo Yee Yeo
  • Patent number: 11343096
    Abstract: A system, method, and computer program product are provided for performing hardware-backed password-based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: May 24, 2022
    Assignee: DIGITAL 14 LLC
    Inventors: Michael Matovsky, Ravi Singh, Alexander Sherkin
  • Patent number: 11343085
    Abstract: An example operation may include one or more of splitting a session key into a plurality of partial shares, distributing the plurality partial shares to a plurality of content providers, respectively, where each content provider receives a different partial share of the session key, encrypting a stream of media content based on the session key, and transmitting the encrypted stream of digital content to a user device which has one or more partial shares among the plurality of partial shares.
    Type: Grant
    Filed: September 19, 2020
    Date of Patent: May 24, 2022
    Assignee: International Business Machines Corporation
    Inventors: Jeronimo Irazabal, Luis Angel Bathen, Dulce B. Ponceleon
  • Patent number: 11328080
    Abstract: Sensitive electronic data may be encrypted using multiple identity credentials from multiple parties. Before the sensitive electronic data is encrypted, the multiple N identity credentials are input to a software application. Moreover, a minimum number Nmin of the N of the identity credentials are selected for decryption. The software application thus generates at least one of an encryption key and a decryption key as a keypair based on the N identity credentials and the minimum number Nmin of the identity credentials. The software application encrypts the sensitive electronic data using the encryption key to generate an encrypted version. Before decryption of the encrypted version, though, the software application may require input of the minimum number Nmin of the identity credentials. If the minimum number Nmin of the identity credentials are correctly input, the correct decryption key is generated and may be used to decrypt the encrypted version.
    Type: Grant
    Filed: February 24, 2020
    Date of Patent: May 10, 2022
    Assignee: FrostByte, LLC
    Inventors: Ransom Christofferson, Nathan Johnston, Vikram Nagrani, Saul Schwartzbach
  • Patent number: 11316673
    Abstract: A secret sharing scheme in which a trust structure of the parties receiving a share of the secret is encoded in the shares. In this regard, an access structure defining an authorized set of participants may be based, at least in part, on the encoded trust structures. The secret sharing scheme includes a secret generator that generates the shares distributed to the parties. In turn, an authorized set of participants as defined by the access structure may provide shares to a dealer for reconstruction of the secret. However, if the participants requesting secret reconstruction are not an authorized set of participants, the secret reconstruction fails. In this regard, secret sharing with asymmetrical trust structures may be provided in which the trust structures are not known by other parties in the scheme.
    Type: Grant
    Filed: September 11, 2020
    Date of Patent: April 26, 2022
    Assignee: SEAGATE TECHNOLOGY LLC
    Inventors: Vipin Singh Sehrawat, Foo Yee Yeo
  • Patent number: 11270303
    Abstract: A method of participation verification includes generating sets of cryptocurrency coins (coin sets). The coin sets have cryptocurrency coins and correlate to events for which participation is verified. The method includes generating user keys including unique public keys for each user and user secret keys. The method includes assigning a public key to a user, communicating the assigned public key to a user device and enabling download of a verification application. The method includes receiving a first coin request that includes identification of a first coin set, the assigned public key, and a data set. The method includes verifying user participation in an event based on the data set. The method includes executing a cryptocurrency transaction with the user device. The cryptocurrency transaction including public validation of a transfer of a cryptocurrency coin from the identified coin set to the user device via an append-only ledger.
    Type: Grant
    Filed: May 20, 2016
    Date of Patent: March 8, 2022
    Assignee: FUJITSU LIMITED
    Inventors: Avradip Mandal, Arnab Roy, Hart Montgomery
  • Patent number: 11252161
    Abstract: A system of peer identity verification that reduces the risk of identity theft in case of a data breach. The system does not require a vendor to maintain a database of sensitive customer-related data. Cryptographic keys are used. The system creates a one-time encryption keypair. The public and private keys of each user are saved securely on each user's device. While the public key for each user is stored remote from each user's device (such as in a cloud), the private key for a given user is not stored anywhere other than securely on that user's device. Thereafter, a user (i.e., the main user) requests another user to act as their “trusted peer” to be added to their “trust cluster.” If that other user accepts the request, the main user's private key is encrypted with that other user's public key and this encrypted data gets stored remotely, such as in a cloud.
    Type: Grant
    Filed: April 18, 2019
    Date of Patent: February 15, 2022
    Assignee: PIV SECURITY LLC
    Inventor: Joshua D. Holton
  • Patent number: 11245527
    Abstract: Secure distribution of data objects using a unique quantum-safe cryptographic key provided to a user requesting the data object that has been authenticated using a zero-knowledge authentication. A user may access the system by way of the zero-knowledge authentication to request access to a data object of a data library. The system may generate and associate a unique quantum-safe cryptographic key for the instance of the data library to be provided to the authenticated user. The data object is encrypted using the unique quantum-safe cryptographic key. The encrypted data object and the unique quantum-safe cryptographic key are provided to the authenticated user. Other instances of the data object may also be encrypted with other unique quantum-safe cryptographic keys. In turn, access to a unique quantum-safe cryptographic key may not be useful in decrypting other instances of the data object, and other data objects may not be decrypted using a given unique key for a given data object instance.
    Type: Grant
    Filed: October 30, 2019
    Date of Patent: February 8, 2022
    Assignee: SEAGATE TECHNOLOGY LLC
    Inventors: Vincent Uy, Nino Wicaksono, Saravanan Nagarajan, Kwong Heng Alphonsus John Kwok, Kian Beng Lim
  • Patent number: 11240222
    Abstract: A registry apparatus is provided for maintaining a device registry of agent devices for communicating with application providing apparatus. The registry comprises authentication information for uniquely authenticating at least one trusted agent device. In response to an authentication request from an agent device, the authentication information for that device is obtained from the registry, and authentication of the agent device is performed. If the authentication is successful, then application key information is transmitted to at least one of the agent device and the application providing apparatus.
    Type: Grant
    Filed: July 24, 2019
    Date of Patent: February 1, 2022
    Assignee: ARM IP Limited
    Inventors: William Allen Curtis, Douglas Miles Anson, Kerry Balanza
  • Patent number: 11216899
    Abstract: An Iconsent application allows a party to consent to a transaction or to a romantic advance. The party is given a request, and if accepted, the acceptance is stored along with the biometric indicating that the authorized user did in fact carry out the acceptance.
    Type: Grant
    Filed: August 13, 2019
    Date of Patent: January 4, 2022
    Inventor: Connie Jordan Carmichael
  • Patent number: 11210678
    Abstract: A security component according to an example embodiment includes: a user authentication processor configured to authenticate the input data by determining whether the input data is provided by an authorized user of the security component based on component user data of the input data; a master key generator configured to generate a master key based on the component user data of the input data in response to the user authentication processor authenticating the input data; a decryption processor configured to generate security data by decrypting encrypted data of the input data based on the master key; and a security storage configured to store the security data.
    Type: Grant
    Filed: October 26, 2017
    Date of Patent: December 28, 2021
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Jeong-tae Kim, Bo-gyeong Kang
  • Patent number: 11212095
    Abstract: Methods and apparatus for auditing uses of cryptographic keys. In a method embodiment of the present invention, a set of audited uses for a cryptographic key is defined; the key is generated inside a protected execution environment of a digital computer; all software and firmware that is usable in the execution environment to access the key is demonstrated to an auditor; and, for each audited use of the key, a non-tamperable audit record describing said use is released.
    Type: Grant
    Filed: July 23, 2021
    Date of Patent: December 28, 2021
    Inventor: Ernest Brickell
  • Patent number: 11210422
    Abstract: A system and methods for identifying personal identifiable information in a data container are disclosed. The system and methods interrogate data at its most fundamental level, thereby allowing complex rule matching to occur. This can be coupled with a data in transit analysis mechanism, or be integrated into a data store search mechanism, to ensure maximum awareness of any potential issues with the security of the qualified data elements.
    Type: Grant
    Filed: February 19, 2021
    Date of Patent: December 28, 2021
    Inventor: Lee David Buckland
  • Patent number: 11212082
    Abstract: Methods are described for constructing a secret key by multiple participants from multiple ciphertexts such that any quorum combination of participants can decrypt their respective ciphertexts and so generate a fixed number of key fragments that can be combined by a recipient to generate the secret key. Worked examples are described showing how the encryption keys for the ciphertexts may be key wrapped using a key encapsulation mechanism for which ciphers that are resistant to attack by a quantum computer may be used. In these cases, a post-quantum quorum system is realised. Methods are described by which the quorum key fragment ciphertexts may be updated so that the original key fragments become invalid without necessitating any change to the secret key.
    Type: Grant
    Filed: September 30, 2019
    Date of Patent: December 28, 2021
    Assignee: PQ SOLUTIONS LIMITED
    Inventors: Martin Tomlinson, Cen Jung Tjhai
  • Patent number: 11206134
    Abstract: For protection of multipart system applications using a cryptographically protected package, a package map and a package object store for decryption and verification at runtime on the target device platform, a method including associating a device class with a set of content signing and encryption keys; signing application files based on the device class of the target device platform; aggregating application files into a file container based on a structured construct; encrypting application files/file containers with an encryption key associated with the device class; generating a package map and object stores for cryptographic artifacts and detached package metadata for passwords associated with the device package; building, the device package and update packages of the device package, detached package metadata, and package install scripts for the target device platform; publishing, the update packages signed with update package provider and update package publisher signing keys, and encrypted with target de
    Type: Grant
    Filed: November 22, 2019
    Date of Patent: December 21, 2021
    Assignee: MOCANA CORPORATION
    Inventors: Srinivas Kumar, Shreya Uchil, Srikesh Amrutur Srinivas
  • Patent number: 11206129
    Abstract: The invention relates to a method for setting up a secure session between a first entity and a second entity. In an embodiment, the first entity is a user authentication device and the second entity is an application running on a platform. The method comprises generating a first random number. A user enters a first string, derived from said first number, into the second entity. Further, the method includes applying a one-way function to the first string or to a derivative thereof, obtaining an encoded string. The method also comprises transmitting the encoded string to an intermediate node that is in connection to the first entity and the second entity. Further, the method comprises the step of sharing a second random number with the second entity. The method also comprises a step of deriving a secret key from the first and the second string.
    Type: Grant
    Filed: April 29, 2016
    Date of Patent: December 21, 2021
    Assignee: Ubiqu B.V.
    Inventor: Boris Petrov Dokov Goranov
  • Patent number: 11205006
    Abstract: Data storage nodes that participate in a requested data statistical analysis as participant data storage nodes are determined and divided into a plurality of node sets. Data stored in each participant data storage node associated with a particular node set is encrypted, where the encrypted data is divided into a number of fragments at least equal to a number of participant data storage nodes associated with the particular node set. Each participant data storage node sends a portion of the encrypted data to each of the other participant data storage nodes within the particular node set. Each participant data storage node processes received encrypted data and data remaining on the particular participant data storage node to obtain a processing result. Each participant data storage node sends the processing result to a proxy node, wherein the proxy node performs data statistical analysis based on the processing result.
    Type: Grant
    Filed: October 30, 2018
    Date of Patent: December 21, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Wenzhen Lin
  • Patent number: 11177945
    Abstract: Enabling access to encrypted information by providing a master key and a public key to a partial content owner, generating a ciphertext of content according to a complete content data, at least one content data partition and the public key, wherein the content data partition comprises a portion of the complete content data, providing the ciphertext of the content data and the public key to a validator, receiving a validation result from the validator, and acting upon the validation result.
    Type: Grant
    Filed: July 24, 2020
    Date of Patent: November 16, 2021
    Assignee: International Business Machines Corporation
    Inventor: Chun Lei Xu
  • Patent number: 11178116
    Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.
    Type: Grant
    Filed: May 11, 2018
    Date of Patent: November 16, 2021
    Assignee: Security First Corp.
    Inventors: Mark S. O'Hare, Rick L. Orsini, Roger S. Davenport, Steven Winick
  • Patent number: 11128452
    Abstract: A data set shared by multiple nodes is encrypted. The data set can be split into independent records. The records can be encrypted and shared independently, without the need to modify and transmit the full data set. Although the records are encrypted with their own encryption key, they are all accessible by a single authentication method.
    Type: Grant
    Filed: March 22, 2018
    Date of Patent: September 21, 2021
    Assignee: Avast Software s.r.o.
    Inventors: Petr Van{hacek over (e)}k, Jan Schwarz, Pavel Studený
  • Patent number: 11115196
    Abstract: Methods and apparatus are provided for secret sharing with a verifiable reconstruction type. An exemplary method comprises receiving a plurality of shares of a secret generated using a secret splitting scheme; reconstructing the secret if the plurality of shares satisfies a predefined reconstruction threshold; and generating a proof identifying at least one of the plurality of shares used in the reconstruction. The proof is optionally verified by a verifier and the verification is optionally based on auxiliary information derived by the secret splitting scheme used to share the secret. The verifier optionally implements layered access control, for example, based on a rank of the shares used for reconstruction. The reconstructed secret is optionally provided to the verifier. A user can be granted a level of access to a protected resource based on the proof, the reconstructed secret and one or more predefined policies. One or more steps can be proactivized to maintain share freshness.
    Type: Grant
    Filed: December 8, 2015
    Date of Patent: September 7, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Nikolaos Triandopoulos, Kevin D. Bowers, Yupeng Zhang
  • Patent number: 11106549
    Abstract: Secure logging systems and methods using cryptography and/or encryption with crash recovery. In some embodiments, the secure logging system includes an initialization module to initialize cells of a logging database, including inserting a pseudorandom number into each cell of the logging database. In some embodiments, the secure logging system includes an addition module to encrypt new log messages and add them to the logging database in a given number of pseudorandom cells of the logging database. In some embodiments, the secure logging system includes a listing module to determine where in the logging database the log message was stored and then to decrypt the encrypted log messages. These systems and methods improve computer related technology including by improving crash reconstruction, root cause analysis, network systems security, and logging system encryption and security.
    Type: Grant
    Filed: February 18, 2019
    Date of Patent: August 31, 2021
    Assignees: Airbus Defence and Space GmbH, Northeastern University
    Inventors: Erik-Oliver Blass, Guevara Noubir
  • Patent number: 11095635
    Abstract: A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: August 17, 2021
    Assignee: International Business Machines Corporation
    Inventors: Dimitrios Pendarakis, Enriquillo Valdez
  • Patent number: 11095455
    Abstract: The present disclosure describes techniques that improve upon the use of authentication tokens as a means of verifying a user identity. Rather than facilitating the issuance of authentication tokens as bearer tokens, whereby any user may present an authentication token to a secure service provider for access to secure service, this disclosure describes techniques for generating recursive authentication tokens that are digitally signed by an Identity Service Provider (IDP) and the entity that purports to present the authentication token to the service provider. Additionally, a recursive token application is described that is configured to nest preceding authentication tokens that trace back to an initial secure service request. For example, a recursive authentication token received by a second service provider may include, nested therein, the first service provider recursive authentication token and a preceding client recursive authentication token that is associated with the initial secure service request.
    Type: Grant
    Filed: March 27, 2019
    Date of Patent: August 17, 2021
    Assignee: T-Mobile USA, Inc.
    Inventors: Michael Engan, Douglas McDorman, James Latham, Vikash Kodati
  • Patent number: 11057210
    Abstract: A user device can segment a secret (e.g., a data recovery key) into a master segment and a shared segment such that possession of both segments is necessary and sufficient to reconstruct the secret. The user device can provide the master segment to a server system. The user device can further segment the shared segment to generate a set of M shares such that any subset of the shares that includes at least a threshold number t of the shares can be used to reconstruct the shared segment, while fewer than t shares provide no information about the shared segment. The M shares can be distributed to shareholder devices. To reconstruct the secret, a recovery device can obtain the master segment and at least t of the M shares, then reconstruct the secret.
    Type: Grant
    Filed: August 26, 2019
    Date of Patent: July 6, 2021
    Assignee: Apple Inc.
    Inventors: Yannick L. Sierra, Mitchell D. Adler
  • Patent number: 11057198
    Abstract: In one or more embodiments, an encryption key of a device may be split into multiple segments. One of the segments may be retained by an owner of the device, and some of the segments may be distributed to multiple entities. For example, one of the segments may be provided to a service provider, and one of the segments may be provided to an escrow agent. The escrow agent may process its segment, provide information based on its segment to a public ledger, and destroy its segment. A proxy agent may retrieve, from the public ledger, the information based on the segment provided to the escrow agent and obtain compensation. When the proxy agent obtains the compensation, the public ledger exhibits information utilizable to obtain the segment provided to the escrow agent. With the segments provided to the escrow agent and the service provider, the encryption key may be obtained.
    Type: Grant
    Filed: March 1, 2017
    Date of Patent: July 6, 2021
    Assignee: Assured Enterprises, Inc.
    Inventor: Peter Robert Linder
  • Patent number: 11050762
    Abstract: A system for identifying one or more malicious parties participating in a secure multi-party computation (MPC), comprising one of a plurality of computing nodes communicating with the plurality of computing nodes through a network(s). The computing node is adapted for participating in an MPC with the plurality of computing nodes using secure protocol(s) established over the network(s), the secure protocol(s) support transmittal of private messages to each of the other computing nodes and transmittal of broadcast messages to all of the computing nodes, detecting invalid share value(s) of a plurality of share values computed and committed by the computing nodes during the MPC, verifying each of the share values according to a plurality of agreed share values valid for the MPC which are determined through a plurality of broadcast private messages, identifying identity of malicious computing node(s) which committed the invalid share value(s) failing the verification and outputting the identity.
    Type: Grant
    Filed: July 6, 2018
    Date of Patent: June 29, 2021
    Assignees: NEC Corporation Of America, Bar-Iian University
    Inventors: Jun Furukawa, Yehuda Lindell
  • Patent number: 11036620
    Abstract: Apparatuses and techniques to utilize a scratch organization as a unit of virtualization. Potential hosts for a scratch organization are evaluated. The potential hosts include at least the first group of hardware processing devices and a second group of the plurality of hardware processing devices to provide remote client computing environments. A target host is selected from the potential hosts. The scratch organization to be hosted by the target host is generated. Data is loaded from a test source that is not the subject organization into the scratch organization. One or more test operations are performed on the scratch organization using the loaded data with the target host. The scratch organization is destroyed on the selected host after the one or more test operations have been performed.
    Type: Grant
    Filed: July 2, 2019
    Date of Patent: June 15, 2021
    Assignee: salesforce.com, inc.
    Inventors: James Bock Wunderlich, George Murnock, Josh Kaplan, Michael Dwayne Miller, Mark Wilding
  • Patent number: 11032060
    Abstract: A first share value and a second share value may be received. A combination of the first share value and the second share value may correspond to an exponent value. The value of a first register is updated using a first equation that is based on the first and second share values and the value of a second register is updated using a second equation that is based on the second share value. One of the value of the first register or the value of the second register is selected based on a bit value of the second share value.
    Type: Grant
    Filed: August 7, 2019
    Date of Patent: June 8, 2021
    Assignee: Cryptography Research, Inc.
    Inventor: Michael Tunstall
  • Patent number: 11025423
    Abstract: In an example system for private key recovery performed by a processor of a key recovery computing system, a key recovery computing system is configured to provide an original private key. The original private key is associated with a storage location of a blockchain-based asset. The key recovery computing system is configured to receive supplemental recovery information provided by a user via a user computing device. A recovery seed is derived from at least a subset of the supplemental recovery information, wherein the recovery seed is non-invertible. The original private key and the recovery seed are stored relationally to the supplemental recovery information. In some embodiments, the processor is further configured to cryptographically protect at least one of the original private key and the recovery seed via a universal second-factor authentication (U2F) device.
    Type: Grant
    Filed: October 3, 2019
    Date of Patent: June 1, 2021
    Assignee: SquareLink, Inc.
    Inventor: Alexander Patin
  • Patent number: 11023591
    Abstract: A data processing system includes a plurality of subsystems, a plurality of local security controllers, and a central security controller. Each subsystem of the plurality of subsystems has a security component for providing a security function. A local security controller corresponds to each one of the subsystems. Each local security controller ensures compliance of the security component with local security policies of the subsystem to which the local security controller corresponds. The central security controller is coupled to the local security controller of each of the plurality of subsystems. The central security controller ensures data processing system compliance with system wide security policies. In the event of a detected security violation, the local security controller may respond automatically, without involvement of the central security controller. A method for securing the data processing system is also provided.
    Type: Grant
    Filed: January 14, 2019
    Date of Patent: June 1, 2021
    Assignee: NXP B.V.
    Inventors: Lawrence Loren Case, Mark Norman Fullerton, Thomas Ernst Friedrich Wille, Sebastian Stappert
  • Patent number: 10999306
    Abstract: A network monitoring “sensor” is built on initial startup by checking the integrity of the bootstrap system and, if it passes, downloading information from which it builds the full system including an encrypted and an unencrypted portion. Later, the sensor sends hashes of files, configurations, and other local information to a data center, which compares the hashes to hashes of known-good versions. If they match, the data center returns information (e.g., a key) that the sensor can use to access the encrypted storage. If they don't, the data center returns information to help remediate the problem, a command to restore some or all of the sensor's programming and data, or a command to wipe the encrypted storage. The encrypted storage stores algorithms and other data for processing information captured from a network, plus the captured/processed data itself.
    Type: Grant
    Filed: January 31, 2020
    Date of Patent: May 4, 2021
    Assignee: Vigilant IP Holdings LLC
    Inventors: Christopher M. Nyhuis, Michael Pananen
  • Patent number: 10958447
    Abstract: An apparatus, a security device, a security system comprising the security device and the apparatus, and a method for generating an apparatus-specific apparatus certificate for the apparatus includes coupling the security device to the apparatus, a one-time useable private signing key being stored in the security device, storing apparatus-specific identification information in the security device, accessing the private signing key in the security device, generating the apparatus-specific apparatus certificate depending on the stored identification information in the security device, the apparatus-specific apparatus certificate being signed using the private signing key, and preventing a further access to the private signing key such that it becomes possible to generate an apparatus-specific apparatus certificate for an apparatus with little complexity, in particular without using a public key infrastructure.
    Type: Grant
    Filed: June 27, 2018
    Date of Patent: March 23, 2021
    Assignee: Siemens Aktiengesellschaft
    Inventor: Rainer Falk
  • Patent number: 10958448
    Abstract: In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data. The user migrates trust to another device by providing the root certificate and intermediate certificate as a certificate chain to a second device, which then adds a new intermediate certificate to create a longer certificate chain with the same root certificate. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate from the second user device, and matches that with the user identification data stored in a database.
    Type: Grant
    Filed: June 18, 2020
    Date of Patent: March 23, 2021
    Assignee: BEYOND IDENTITY INC.
    Inventors: Nelson Melo, Michael Clark, James Clark
  • Patent number: 10943028
    Abstract: A computer-implemented method includes producing medical information that characterizes a group of individuals from a set of private data representing pre or post-encounter characteristics of the individuals, wherein the individuals have had encounters with a healthcare facility. The identity of the individuals is unattainable from the produced medical information. The method also includes providing the produced medical information to report the pre or post-encounter characteristics of the group.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: March 9, 2021
    Assignee: Vigilytics LLC
    Inventor: Andrew L. Paris, III
  • Patent number: 10936510
    Abstract: A locking key secondary access system includes a key management system coupled to a secondary locking key access device and a server device via a network. The server device includes a managed device. The server device receives a request to unlock the managed device, and determines that a first access path via a first communication subsystem and through the network to the key management system is unavailable. In response, the server device provides locking key request information via a second communication subsystem to the secondary locking key access device. The secondary locking key access device may use the locking key information to retrieve a locking key for the managed device from the key management system. The secondary locking key access device sends the locking key to the server device via the second communication subsystem, and the server device uses the locking key to unlock the managed device.
    Type: Grant
    Filed: January 25, 2019
    Date of Patent: March 2, 2021
    Assignee: Dell Products L.P.
    Inventors: Chitrak Gupta, Sushma Basavarajaiah, Rama Rao Bisa, Mukund P. Khatri
  • Patent number: 10931444
    Abstract: Some embodiments relate to a data processing method comprising selecting a key from a plurality of previously stored keys, depending on at least on predefined criterion relating to at least one current value of at least one given repository. Other embodiments relate to a reception method comprising receiving second data obtained by applying, to first obtained data, a first cryptographic function using a key selected from a plurality of previously stored keys, depending on at least one predefined criterion relating to a current value of at least one given repository and for obtaining the first data by applying, to the second received data, a second cryptographic function using a second key associated with the selected key. Further embodiments relate to a processing device and a reception device that respectively implement the processing method and the reception method.
    Type: Grant
    Filed: March 27, 2015
    Date of Patent: February 23, 2021
    Assignee: ORANGE
    Inventors: Apostolos Kountouris, Francis Klay, Giyyarpuram Madhusudan
  • Patent number: 10931453
    Abstract: Authentication of tokens and associated are used to provide a just-in-time key synchronization for user access to a service in a cloud computing environment which includes a plurality of availability zones with an identity service, a storage system, and a keystore. The encryption keys are distributed by the storage system based on a user access request containing a token with a payload and a current user cryptographic key. The token is then sent to the keystore to authenticate the user. The keystore authenticates the user and sends the token with the current cryptographic key to the storage system. The storage system receives the token with the current cryptographic key and grants access to the user for the service.
    Type: Grant
    Filed: March 5, 2018
    Date of Patent: February 23, 2021
    Assignee: International Business Machines Corporation
    Inventors: Fernando J. Diaz, Shawn P. Mullen, Michael Perng, Karen Mariela Siles, Elvin Dalipe Tubillara
  • Patent number: 10911424
    Abstract: A registry apparatus is provided for maintaining a device registry of agent devices for communicating with application providing apparatus. The registry comprises authentication information for uniquely authenticating at least one trusted agent device. In response to an authentication request from an agent device, the authentication information for that device is obtained from the registry, and authentication of the agent device is performed. If the authentication is successful, then application key information is transmitted to at least one of the agent device and the application providing apparatus.
    Type: Grant
    Filed: July 16, 2018
    Date of Patent: February 2, 2021
    Assignee: ARM IP Limited
    Inventors: William Allen Curtis, Douglas Miles Anson, Kerry Balanza
  • Patent number: 10904001
    Abstract: Embodiments of the present disclosure relate to vaultless format-preserving tokenization systems and methods. Some methods include encoding a first data set to produce encoded input data; generating a secure tweak for the encoded input data based on a token format schema by: encoding a tweak input to produce an encoded tweak input; and hashing the encoded tweak input along with a unique hashing key to generate the secure tweak; applying a format preserving encryption algorithm that utilizes the encoded input data, the secure tweak, and a unique encryption key to generate ciphertext output; and generating a token from the ciphertext output.
    Type: Grant
    Filed: May 24, 2019
    Date of Patent: January 26, 2021
    Assignee: TOKENEX, INC.
    Inventors: Justin Stanley, Jacob Burcham, Ulf Mattsson
  • Patent number: 10903991
    Abstract: System and method for digitally signing messages using multi-party computation.
    Type: Grant
    Filed: August 3, 2020
    Date of Patent: January 26, 2021
    Assignee: Coinbase, Inc.
    Inventors: Jake Craige, Jesse Posner, Adam Everspaugh
  • Patent number: 10878080
    Abstract: Disclosed are various embodiments for replicating authentication data between computing devices. A computing device detects a change to a user account made by a first client device associated with the user account. The computing device then determines that a second client device associated with the user account comprises locally stored authentication data that fails to reflect the change. The computing device then sends an update to the second client device.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: December 29, 2020
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Daniel Wade Hitchcock, Darren Ernest Canavor, Jesper Mikael Johansson
  • Patent number: 10860728
    Abstract: Data storage nodes that participate in a requested data statistical analysis as participant data storage nodes are determined and divided into a plurality of node sets. Data stored in each participant data storage node associated with a particular node set is encrypted, where the encrypted data is divided into a number of fragments at least equal to a number of participant data storage nodes associated with the particular node set. Each participant data storage node sends a portion of the encrypted data to each of the other participant data storage nodes within the particular node set. Each participant data storage node processes received encrypted data and data remaining on the particular participant data storage node to obtain a processing result. Each participant data storage node sends the processing result to a proxy node, wherein the proxy node performs data statistical analysis based on the processing result.
    Type: Grant
    Filed: December 19, 2019
    Date of Patent: December 8, 2020
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Wenzhen Lin
  • Patent number: 10855465
    Abstract: Methods and apparati for auditing uses of cryptographic keys. In a method embodiment of the present invention, a set of audited uses for a cryptographic key is defined; the key is generated inside a protected execution environment of a digital computer; all software and firmware that is usable in the execution environment to access the key is demonstrated to an auditor; and, for each audited use of the key, a non-tamperable audit record describing said use is released.
    Type: Grant
    Filed: November 11, 2019
    Date of Patent: December 1, 2020
    Inventor: Ernest Brickell
  • Patent number: 10848324
    Abstract: An HEMS controller receives a certificate revocation list distributed from a certificate authority server and listing serial numbers of revoked electronic certificates. The serial number of the electronic certificate includes a first identifying part that indicates a value for identifying a type of a participation node maintaining the electronic certificate and a second identifying part that indicates a value for identifying an individual participation node. In the case the certificate revocation list includes a serial number in which the second identifying part is a predetermined value, the HEMS controller determines that the electronic certificate of a participation node that meets the type indicated by the first identifying part of the serial number is invalid.
    Type: Grant
    Filed: April 11, 2018
    Date of Patent: November 24, 2020
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventors: Yoichi Masuda, Tomoki Takazoe
  • Patent number: 10846411
    Abstract: Methods and systems are provided for selectively employing storage engines in a distributed database environment. The methods and systems can include a processor configured to execute a plurality of system components, that comprise an operation prediction component for determining an expected set of operations to be performed on a portion of the database; a data format selection component for selecting, based on at least one characteristic of the expected set of operations, and at least one storage engine for writing the portion of the database in a selected data format. According to one embodiment, the system includes an encryption API configured to initialize callback functions for encrypting and decrypting database data, a storage API for executing the call back functions, a database API configured to manage database operations (e.g., read and write requests), wherein the database API calls the storage API to access data on a stable storage medium.
    Type: Grant
    Filed: May 25, 2017
    Date of Patent: November 24, 2020
    Assignee: MongoDB, Inc.
    Inventors: Eliot Horowitz, Per Andreas Nilsson
  • Patent number: 10841102
    Abstract: To easily identify an invalid device certificate by means of a validity check when signing keys that are used to create device certificates are compromised, a piece of status information is provided for device certificates that comprises positive evidence of the existence and validity of the device certificate, and alternatively or additionally to apply a special validity model for device certificates, wherein the time of issue of the device certificate is documented by means of a signed electronic timestamp, and wherein a different signing key is used for signing the timestamp than for signing the device certificate. Additionally, all information that is required for the validity check of a device certificate is stored in a memory of the device or in a memory associated with the device, so that an identity check on the device can be performed at any time without fetching additional data.
    Type: Grant
    Filed: February 20, 2015
    Date of Patent: November 17, 2020
    Assignee: Phoenix Contact GmbH & Co. KG
    Inventor: Torsten Nitschke