Key Escrow Or Recovery Patents (Class 380/286)
  • Patent number: 10211983
    Abstract: A processor-based method for secret sharing in a computing system is provided. The method includes encrypting shares of a new secret, using a previous secret and distributing unencrypted shares of the new secret and the encrypted shares of the new secret, to members of the computing system. The method includes decrypting at least a subset of the encrypted shares of the new secret, using the previous secret and regenerating the new secret from at least a subset of a combination of the unencrypted shares of the new secret and the decrypted shares of the new secret.
    Type: Grant
    Filed: August 3, 2017
    Date of Patent: February 19, 2019
    Assignee: Pure Storage, Inc.
    Inventors: Andrew R. Bernat, Ethan L. Miller
  • Patent number: 10193690
    Abstract: Systems and methods of the present disclosure are directed to a computing system configured to provide seamless protection to data (which can include, without limitation, data files, executable files, system configuration files, program files, and other data) stored in the computing system, while making it nearly impossible for attackers to be able to access the data outside of the computing system. The computing system uses targeted encryption and decryption, in which values of one or more system attribute are used to generate a cryptographic key used for encryption and decryption of data stored in the computing system.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: January 29, 2019
    Assignee: U.S. Bancorp, National Association
    Inventors: Blake Self, David Lord
  • Patent number: 10193964
    Abstract: In a system for providing data and/or computational services, various resources are assigned a sort of points (called vouchers or IOUs) for work manager threads that are currently queued at each resource. When a resource (and its associated resource manager) has a relatively small queue, whereby the resource is holding a relatively small number of points, that resource will be assigned work manager threads for incoming services requests at a high preference, or priority. In this way, faster performing resources can more reliably be supplied with new requests, while relatively slow performing resources will tend not to unduly tie up limited work manager threads in long queues at the slow resources.
    Type: Grant
    Filed: May 6, 2014
    Date of Patent: January 29, 2019
    Assignee: International Business Machines Corporation
    Inventors: Manu T. George, Anoop G. M. Ramachandra, Murali K. Surampalli
  • Patent number: 10187385
    Abstract: Various embodiments are generally directed to techniques to form secure communications between two computing devices in which the chain of trust of those communications is extended to a particular application routine executed by one of the two computing devices. An apparatus includes a processor component; a verifying component to verify a link attestation credential received from a server to verify an ability of the server to form a secure pipeline, and to signal an application routine with an indication of a result of the verification by the verifying component; and a hash component to generate a return hash of a return signature associated with the application routine to indicate to the server that the application routine has also verified the link attestation credential to form the secure pipeline between the server and the application routine. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 26, 2013
    Date of Patent: January 22, 2019
    Assignee: INTEL CORPORATION
    Inventors: Adi Shaliv, Jesse Walker
  • Patent number: 10180806
    Abstract: An information processing apparatus is connected to a plurality of online storages through a network. The apparatus includes a circuitry to divide a file into a plurality of pieces of segment data, encrypt each of the plurality of segment data with an encryption key, and generate a plurality of final generated files, each including the encryption key and at least one piece of the plurality of segment data encrypted with the encryption key, and a transmitter to transmit each one of the plurality of final generated files to a corresponding one of the plurality of online storages. The circuitry manages folder and file management information that associates a folder path of each of the folders stored in the online storages with a virtual folder path, and associates a file path of each of the final generated files stored in the online storages with a virtual file path.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: January 15, 2019
    Assignee: Ricoh Company, Ltd.
    Inventor: Naoki Shimizu
  • Patent number: 10178181
    Abstract: An interposer is provided that is configured to interpose into an application security protocol exchange by obtaining application session security state. The interposer does this without holding any private keying material of client or server. An out-of-band Security Assistant Key Escrow service (SAS/SAKE) is also provided. The SAKE resides in the secure physical network perimeter and holds the private keying material required to derive session keys for interposing into application security protocol. During a security protocol handshake, the interposer sends SAKE security protocol handshake messages and in return receives from the SAKE session security state that allows it to participate in application security protocol.
    Type: Grant
    Filed: July 10, 2014
    Date of Patent: January 8, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Eitan Ben-Nun, Michael Zayats, Daniel G. Wing, Kirtesh Patil, Jaideep Padhye, Manohar B. Hungund, Saravanan Agasaveeran
  • Patent number: 10171452
    Abstract: A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.
    Type: Grant
    Filed: March 31, 2016
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: Dimitrios Pendarakis, Enriquillo Valdez
  • Patent number: 10158636
    Abstract: A method for setting up a secure end-to-end communication between a user terminal or a context broker server, and an object connected to the IP infrastructure through a gateway. The method uses an access authorization server and a production server. The method can generate a private and public access key pair (KF,QF) within the connected object, particularly using a cryptosystem on an elliptical curve with a small implicit certificate, the access keys being used to set up a secure end-to-end communication.
    Type: Grant
    Filed: November 22, 2016
    Date of Patent: December 18, 2018
    Assignee: COMMISSARIAT A L'ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES
    Inventor: Christine Hennebert
  • Patent number: 10142302
    Abstract: Systems and methods are disclosed for managing the resetting of online identities or accounts of users of Internet web pages. One method includes: receiving, through an electronic device, a request to reset login information to access a web page associated with the user's online account; determining that an IP address associated with the request is not identified as being suspicious; receiving user data intrinsic to the user's request; automatically verifying two or more values of the data intrinsic to the user's request as being indicative of a level of trust of the identity of the user; and transmitting, to the user over the Internet, a subset of options to reset the login information, the subset being selected based on the level of trust.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: November 27, 2018
    Assignee: Oath Inc.
    Inventor: Lachlan A. Maxwell
  • Patent number: 10142100
    Abstract: A system for managing user-controlled security keys in cloud-based scenarios is provided. In some implementations, the system performs operations comprising receiving an information request from a user device via a network, and generating a database query based at least in part upon the information request. The operations can comprise generating a request for a secret key for decrypting encrypted data when the database query requests the encrypted data and/or generating a request for a secret key for encrypting data when the database query requests to encrypt data. The operations can also comprise providing the request to a security key management entity via a network, receiving secret key information from the security key management entity via the network, and using the secret key information to form decrypted data or encrypted data. Related systems, methods, and articles of manufacture are also described.
    Type: Grant
    Filed: July 6, 2016
    Date of Patent: November 27, 2018
    Assignee: SAP SE
    Inventors: Meinolf Block, Christoph Hohner, Martin Schindewolf, Sascha Zorn
  • Patent number: 10135821
    Abstract: Systems and methods as provided herein may create a biometric model associated with a user. The created biometric model may be used to generate challenges that are presented to the user for authentication purposes. A user response to the challenge may be compared to an expected response, and if the user response matches within a predetermined error of the expected response, the user may be authenticated. The systems and methods may further generate challenges that are adaptively designed to address weaknesses or errors in the created model such that the model is more closely associated with a user and the user is more likely to be the only person capable of successfully responding to the generated challenges.
    Type: Grant
    Filed: November 27, 2017
    Date of Patent: November 20, 2018
    Assignee: PAYPAL, INC.
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 10129025
    Abstract: Implementations of the disclosure provide for binding data to a network in the presence of an entity with revocation capabilities. A cryptographic system is provided that includes a memory to store revocation information comprising a plurality of identifiers and a processing device operatively coupled to the memory. A provisioning public key is recovered in view of a first intermediate public key associated with a client device storing encrypted data. A binding identifier is generated for the client device in view of the provisioning public key. It is determined whether access to the encrypted data associated with the binding identifier is revoked or allowed in view of the revocation information. Responsive to determining that the access is allowed, provide a second intermediate public key to derive an encryption key to access the encrypted data in view of at least the provisioning public key and the first intermediate public key.
    Type: Grant
    Filed: September 19, 2016
    Date of Patent: November 13, 2018
    Assignee: Red Hat, Inc.
    Inventors: Nathaniel McCallum, Robert J. Relyea
  • Patent number: 10102570
    Abstract: Systems and methods are provided for assessing an account takeover risk for one or more accounts of an individual. The account security procedures for each of a number of services with which the user has an account may be analyzed. Publicly accessible information regarding the user may also be collected and analyzed. The collected information and security procedures may be compared in order to determine one or more vulnerabilities to hostile account takeover of one or more of the analyzed accounts. An alert may be generated regarding a determined takeover risk, which may include suggested actions for remedying the risk.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: October 16, 2018
    Assignee: ConsumerInfo.com, Inc.
    Inventors: Mark Joseph Kapczynski, Michael John Dean, Herbert Harris Hunt, III
  • Patent number: 10089028
    Abstract: A remote secure drive access method includes receiving a first message from a second server. The message may be received by a baseboard management controller (BMC) of the first server via a PCIe switch from a second server coupled to the first server via an ExpEther connection. A payload of the message may include identification information identifying the second server. The first server may send an endpoint discover message and receive endpoint device information indicative of peripheral and/or endpoint resources of the second server, including a storage controller associated with a secure drive. Secure drive key information may be obtained from the payload of the first virtual message and sent to the second server to access the secure drive. The exchanged messages may comprise proprietary PCIe transaction layer packets enclosed within an Ethernet packet that includes an ExpEther frame within an Ethernet frame.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: October 2, 2018
    Assignee: Dell Products L.P.
    Inventors: Ragendra K. Mishra, Sumanth Vidyadhara, Chandrasekhar Puthillathe
  • Patent number: 10083310
    Abstract: Described is a system for mobile proactive secure multiparty computation using commitments. The system generates, at each server, secret sharings for each of its input gates using a Secret-Share protocol. Thereafter, sharings of inputs are generated for random gates using a GenPoly protocol. Sharings of multiplication triples are then generated for multiplication gates using a Multiplication-Triple protocol. Affine gates are then evaluated. Multiplication gates can then be evaluated using the multiplication triples and implementing a Secret-Open protocol. A Secret-Redistribute protocol is used to re-randomize the secret sharing. The Secret-Open protocol is implemented after a sharing for an output gate has been computed to reveal the secret.
    Type: Grant
    Filed: March 12, 2014
    Date of Patent: September 25, 2018
    Assignee: HRL Laboratories, LLC
    Inventors: Joshua D. Lampkins, Karim El Defrawy
  • Patent number: 10069868
    Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate multi-factor authentication policy enforcement using one or more policy handlers. An example first policy handler to manage a global policy in a distributed environment includes a parser to identify a first sub-policy of the global policy that is capable of enforcement by the first policy handler, and an attester to sign the first sub-policy. The example first policy handler further includes a director to determine whether to forward the global policy to a second policy handler based on a signature status of the global policy, and to forward the global policy to the second policy handler when the signature status of the global policy is indicative of an unsigned second sub-policy.
    Type: Grant
    Filed: March 28, 2014
    Date of Patent: September 4, 2018
    Assignee: INTEL CORPORATION
    Inventors: Ned M. Smith, Abhilasha Bhargav-Spantzel, Micah James Sheller
  • Patent number: 10044703
    Abstract: A password registration method of a user device which uses a password-based authentication manner is provided. The password registration method includes combining a salt to an input password to generate a combination password; expanding the combination password to generate an expanded password of which a data length is increased; compressing the expanded password to output authentication data; and storing the authentication data in an authentication database.
    Type: Grant
    Filed: January 22, 2015
    Date of Patent: August 7, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Jesang Lee, Sunghyun Kim, Minja Han
  • Patent number: 10043166
    Abstract: Methods and systems for providing protection to an individual or party from penalties associated with late or missed payments of bills, invoices and other charges are described. The methods and systems can warn a user of possible penalties and take correction action to avoid incurring the penalty. In an example, a computerized method, and system for performing the method can include receiving data about a plurality of payments to be paid by at least one party, the data includes at least one penalty associated with at least one of the payments, ranking the payments based at least partially upon the penalty and determining an order for the payments to be paid.
    Type: Grant
    Filed: February 5, 2013
    Date of Patent: August 7, 2018
    Assignee: UNITED SERVICES AUTOMOBILE ASSOCIATION (USAA)
    Inventors: Joseph Alfred Kazenas, Teddy Joseph Edmond Voutour
  • Patent number: 10038719
    Abstract: In one embodiment, a cloud client device identifies a configuration event. The cloud client device identifies a configuration associated with the configuration event. The cloud client device stores a first security key associated with the configuration and configures the cloud client device in accordance with the configuration.
    Type: Grant
    Filed: April 29, 2014
    Date of Patent: July 31, 2018
    Assignee: Dell Products L.P.
    Inventors: Gabriel Jakobus Grosskopf, Richard Graham Cook, Leela Seshu Reddy Cheedepudi
  • Patent number: 10027717
    Abstract: Providing peer-to-peer network security includes collecting, by a local trusted network device, local trust data related to behavior of the local trusted network device, receiving, by one or more remote trusted network devices, additional trust data for the local trusted network device, calculating a combined trust score for the local trusted network device based on the local trust data and additional trust data, and modifying activity of the local trusted network device based on the combined trust score.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: July 17, 2018
    Assignee: McAfee, LLC
    Inventors: Omer Ben-Shalom, Alex Nayshtut, Oleg Pogorelik, Igor Muttik
  • Patent number: 10025597
    Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.
    Type: Grant
    Filed: January 11, 2016
    Date of Patent: July 17, 2018
    Assignee: Apple Inc.
    Inventors: Dallas Blake De Atley, Gordon Freedman, Thomas Brogan Duffy, Jr., Tahoma Madrone Toelkes, Michael John Smith, Paul William Chinn, David Rahardja
  • Patent number: 10019859
    Abstract: An identification device includes, but is not limited to, a deformable substrate configured to conform to a skin surface of a body portion of an individual subject; a sensor assembly coupled to the deformable substrate, the sensor assembly including one or more identity sensors configured to generate one or more identity sense signals associated with at least one physical characteristic of the individual subject; circuitry configured to compare the one or more identity sense signals generated by the sensor assembly to reference data indicative of one or more physical characteristics associated with an identity; circuitry configured to compare at least one of the one or more identity sense signals or the identity with one or more authorization parameters; and a reporter operably coupled to the circuitry and configured to generate one or more communication signals associated with the comparison with the one or more authorization parameters.
    Type: Grant
    Filed: January 26, 2017
    Date of Patent: July 10, 2018
    Assignee: ELWHA LLC
    Inventors: Roderick A. Hyde, Jordin T. Kare, Gary L. McKnight, Robert C. Petroski, Elizabeth A. Sweeney
  • Patent number: 10015144
    Abstract: A method for transmitting data involves receiving the data, identifying, by a sender system, a first data element in the data to protect, encrypting, by the sender system, the first data element with a sender session key, generating, by the sender system, a combined key using a receiver key value and a sender compartmentalization key (SK). The method also involves encrypting, by the sender system, the sender session key using the combined key to obtain an encrypted session key, generating, by the sender system, a data passport comprising the encrypted session key, a dictionary classification key (DK) index, a SK index, and a receiver compartmentalization key (RK) index, generating, by the sender system, protected data comprising the data passport and the encrypted first data element, and transmitting, by the sender system and across a network, the protected data to a receiver system.
    Type: Grant
    Filed: January 31, 2014
    Date of Patent: July 3, 2018
    Assignee: Schedule1 Inc.
    Inventors: Jacob Katz, Kevin Ellison
  • Patent number: 9992190
    Abstract: Even when an intermediate server exists, a plurality of servers simultaneously authenticates a user securely. A user apparatus disperses a password. The user apparatus obtains a ciphertext, which is obtained by encrypting a dispersed value. The intermediate server transmits the ciphertext to an authentication server. The authentication server decrypts the ciphertext to obtain the dispersed value. The authentication server determines a verification value. The authentication server obtains a ciphertext. The intermediate server decrypts the ciphertext to obtain the verification value. The intermediate server verifies whether a sum total of the verification values is equal to 0 or not. The authentication server determines a verification value. The authentication server obtains a ciphertext. The authentication server decrypts the ciphertext to obtain the verification value. The authentication server verifies whether a sum total of the verification values is equal to 0 or not.
    Type: Grant
    Filed: August 21, 2014
    Date of Patent: June 5, 2018
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Ryo Kikuchi, Dai Ikarashi, Koji Chida, Koki Hamada
  • Patent number: 9992170
    Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.
    Type: Grant
    Filed: June 11, 2013
    Date of Patent: June 5, 2018
    Assignee: Security First Corp.
    Inventors: Mark S. O'Hare, Rick L. Orsini, Roger S. Davenport, Steven Winick
  • Patent number: 9985932
    Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths.
    Type: Grant
    Filed: May 10, 2012
    Date of Patent: May 29, 2018
    Assignee: Security First Corp.
    Inventors: Mark S. O'Hare, Rick L. Orsini, Roger S. Davenport, Steven Winick
  • Patent number: 9979536
    Abstract: An encryption device 200 outputs a ciphertext ct including a ciphertext c and a ciphertext c˜. The ciphertext c has been set with one of attribute information x and attribute information v related to each other. The ciphertext c˜ has been set with one of attribute information y and attribute information z related to each other. A decryption device 300 outputs a re-encryption key rk including a decryption key k*rk, a decryption key k˜*rk, and encrypted conversion information ?rk. The decryption key k*rk is obtained by converting the decryption key k* which is set with the other one of attribute information x and attribute information v, with conversion information W1,t. The decryption key k˜*rk has been set with the other one of the attribute information y and the attribute information z. The encrypted conversion information ?rk is obtained by encrypting the conversion information W1,t by setting one of attribute information x? and attribute information v? related to each other.
    Type: Grant
    Filed: October 9, 2013
    Date of Patent: May 22, 2018
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Yutaka Kawai, Katsuyuki Takashima
  • Patent number: 9979546
    Abstract: The present invention provides methods of, and computer programs and systems for, controlling access to a resource via a computing device configured to perform a method that enables new encrypted versions of a key, encrypted with code values in a sequence of code values that are valid at a future time, to be provided and made available for future performance of the method. This in turn enables a method of user verification that does not require access to a remote server in order to provide one-time passcode verification, and so provides an offline one-tome passcode authentication method that is self-sustaining.
    Type: Grant
    Filed: May 29, 2015
    Date of Patent: May 22, 2018
    Assignee: BlackBerry Limited
    Inventor: Nicholas B. Van Someren
  • Patent number: 9965270
    Abstract: Systems, methods, and computer-readable storage media for updating a computer firmware. The system generates a user firmware volume within a computer firmware volume containing computer firmware used by the system during a boot process. In some cases, the user firmware volume can be a file system. The system also obtains a firmware file for updating the computer firmware used by the system during the boot process. Next, the system compares the firmware file with a content of the computer firmware volume to yield a comparison and, based on the comparison, stores the firmware file on the user firmware volume within the computer firmware volume without flashing an entire portion of the computer firmware used by the system during the boot process.
    Type: Grant
    Filed: July 1, 2015
    Date of Patent: May 8, 2018
    Assignee: QUANTA COMPUTER INC.
    Inventor: Keng-Wei Chang
  • Patent number: 9967239
    Abstract: The invention provides a method of verifiable generation of public keys. According to the method, a self-signed signature is first generated and then used as input to the generation of a pair of private and public keys. Verification of the signature proves that the keys are generated from a key generation process utilizing the signature. A certification authority can validate and verify a public key generated from a verifiable key generation process.
    Type: Grant
    Filed: January 11, 2016
    Date of Patent: May 8, 2018
    Assignee: Certicom Corp.
    Inventor: Daniel R. Brown
  • Patent number: 9954900
    Abstract: Embodiments of the present invention provide for a method, system, and apparatus for creating a publishable computer file. The method includes selecting a first computer file encapsulating a source security policy for a computing device and creating a second computer file using the source security policy of the first computer file to create a local security policy and to encapsulate the created local security policy and also an operating system security policy. The method further includes calculating a hash value for the second computer file and storing the hash value in a header for the second computer file. The method yet further includes encrypting the second computer file, wherein the encrypted second computer file once loaded into memory of the computing device is processed by the computing device.
    Type: Grant
    Filed: June 13, 2016
    Date of Patent: April 24, 2018
    Assignee: STEELCLOUD, LLC
    Inventors: Brian H. Hajost, Fredi Jaramillo
  • Patent number: 9954680
    Abstract: A master encryption key is split at a key splitting server such that three key shares are required to reconstruct it, and is then destroyed. The key shares are distributed such that an encrypted remote management server key share is stored at a remote management server, an encrypted managed device key share is stored at a managed device, and a key splitting server key share is stored on the key splitting server. Incoming communications to the key splitting server from managed devices are prevented, and outgoing communications from the key splitting server are only allowed to managed devices. The managed device obtains the master encryption key at startup by sending its managed device key share to the remote management server, which sends the managed device key share and the remote management server key share to the key splitting server. The key splitting server reconstructs the master encryption key, encrypts it using a public key of the managed device, and sends it to the managed device.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: April 24, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Salah Machani, Lawrence N. Friedman
  • Patent number: 9942051
    Abstract: The present invention provides systems and methods for supporting encrypted communications with a medical device, such as an implantable device, through a relay device to a remote server, and may employ cloud computing technologies. An implantable medical device is generally constrained to employ a low power transceiver, which supports short distance digital communications. A relay device, such as a smartphone or WiFi access point, acts as a conduit for the communications to the internet or other network, which need not be private or secure. The medical device supports encrypted secure communications, such as a virtual private network technology. The medical device negotiates a secure channel through a smartphone or router, for example, which provides application support for the communication, but may be isolated from the content.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: April 10, 2018
    Assignee: Poltorak Technologies LLC
    Inventor: Alexander Poltorak
  • Patent number: 9942044
    Abstract: A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.
    Type: Grant
    Filed: May 2, 2017
    Date of Patent: April 10, 2018
    Assignee: CLOUDFLARE, INC.
    Inventor: Nicholas Thomas Sullivan
  • Patent number: 9934409
    Abstract: A method includes receiving a plurality of data sets. Each data set includes a customer identifier field specifying a unique customer identifier associated with each entry in each data set. The plurality of data sets includes a first group of data sets and a second group of data sets. The method further includes storing the plurality of data sets, and generating a key map including the customer identifier field including unique customer identifiers of the first group of data sets of the plurality of data sets, and an anonymous identifier field including unique anonymous identifiers. Each anonymous identifier corresponds to a customer identifier of the key map. The method further includes replacing each unique customer identifier in the second group of data sets with the corresponding anonymous identifier.
    Type: Grant
    Filed: March 9, 2015
    Date of Patent: April 3, 2018
    Assignee: Datalogix Holdings, Inc.
    Inventor: Robert John Cuthbertson
  • Patent number: 9935923
    Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.
    Type: Grant
    Filed: February 10, 2012
    Date of Patent: April 3, 2018
    Assignee: Security First Corp.
    Inventors: Mark S. O'Hare, Rick L. Orsini, Roger S. Davenport, Steven Winick
  • Patent number: 9930014
    Abstract: A key delivery mechanism that delivers keys to an OS platform (e.g., iOS platform) devices for decrypting encrypted HTTP live streaming data. An HTTPS URL for a stateless HTTPS service is included in the manifest for an encrypted HTTP live stream obtained by an application (e.g., a browser) on an OS platform device. The URL includes an encrypted key, for example as a query parameter value. The application passes the manifest to the OS. The OS contacts the HTTPS service to obtain the key using the URL indicated in the manifest. Since the encrypted key is a parameter of the URL, the encrypted key is provided to the HTTPS service along with information identifying the content. The HTTPS service decrypts the encrypted key and returns the decrypted key to the OS over HTTPS, thus eliminating the need for a database lookup at the HTTPS service.
    Type: Grant
    Filed: March 13, 2015
    Date of Patent: March 27, 2018
    Assignee: Adobe Systems Incorporated
    Inventors: Viswanathan Swaminathan, Kelly Kishore, Srinivas R. Manapragada
  • Patent number: 9922063
    Abstract: A method for secure storage of secret data begins with an originating device transforming the secret data to produce a plurality of secret data shares and encrypting the plurality of secret data shares using unique encryption values of trusted agent modules of a dispersed storage network (DSN) to produce a plurality of encrypted secret data shares for storage in storage nodes of the DSN. Retrieval of the secret data begins with the originating device sending a secret data retrieval request to the trusted agent modules and recovering, by the trusted agent modules, the plurality of encrypted secret data shares from the storage nodes. The method continues with the trusted agent modules decrypting the plurality of encrypted secret data shares using a decryption function corresponding to the unique encryption values and sending the plurality of secret data shares to the originating device.
    Type: Grant
    Filed: May 6, 2013
    Date of Patent: March 20, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jason K. Resch, Wesley Leggette
  • Patent number: 9906558
    Abstract: A method sends a request for a delegated authorization grant data set, receives a delegated authorization grant data set that defines the delegated authorization grant scope, with respect to a resource. The delegated authorization grant data set includes a scope variable value having been selected by a delegator entity through a delegation grant scope user interface on the delegator device. The scope controls access to the resource in a manner limited by the scope of the delegated authorization grant defined by the delegated authorization grant data set.
    Type: Grant
    Filed: June 24, 2015
    Date of Patent: February 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: David P. Moore, Craig Pearson
  • Patent number: 9904793
    Abstract: Systems, methods, and apparatus to provide private information retrieval. A disclosed example system includes a first trusted processing unit to store a first portion of data such that entities other than the first trusted processing unit are unable to access the first portion of the data in the first trusted processing unit; a second trusted processing unit to store a second portion of the data such that entities other than the second trusted processing unit are unable to access the second portion of the data in the second trusted processing unit; and a third trusted processing unit to: determine that a data element specified in a request is stored in the first trusted processing unit; request the data element from the first trusted processing unit; send a dummy request to the second trusted processing unit; and send the data element to a requester.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: February 27, 2018
    Assignee: Intel Corporation
    Inventors: Richard Chow, Edward Wang, Vinay Phegade
  • Patent number: 9906500
    Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.
    Type: Grant
    Filed: May 12, 2015
    Date of Patent: February 27, 2018
    Assignee: Security First Corp.
    Inventors: Mark S. O'Hare, Rick L. Orsini, Roger S. Davenport
  • Patent number: 9900288
    Abstract: Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored.
    Type: Grant
    Filed: November 18, 2014
    Date of Patent: February 20, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Patent number: 9894151
    Abstract: A method begins by a module to generate a secure signature on an item by selecting a first key representation index of a set of key representation indexes, wherein a first mathematical encoding of a private key generates a first plurality of key shares as a first key representation. The method continues with the module determining whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of a first set of dispersed storage (DS) units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions and when the first plurality of signature contributions have been received, generating the secure signature on the item from the first plurality of signature contributions.
    Type: Grant
    Filed: January 6, 2014
    Date of Patent: February 13, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Greg Dhuse, Jason K. Resch, Wesley Leggette
  • Patent number: 9881145
    Abstract: An indication of a change in a right to use a service or feature is received. For example, this can be based on an administrator granting access to a previously installed service or feature. In response, a notification is sent to a user of the change of the right to use the service or feature. The notification requests the user to provide a credential to approve the change of the right to use the service or feature. For example, a link may be provided in an email or text message that the user can click on to provide a password/user name. The credential is received and verified. In response to validating the credential, access is allowed according to the change of the right to use the service or feature. The user then has access to the service/feature without the administrator having to know the user's credential.
    Type: Grant
    Filed: December 1, 2015
    Date of Patent: January 30, 2018
    Assignee: Avaya Inc.
    Inventors: Manish Dusad, Ping Lin, Gordon Brunson, Mark Mackenzie, Navjot Singh, Geoff Baskwill
  • Patent number: 9871944
    Abstract: An image forming apparatus transmits a database to an external server. The image forming apparatus includes a storage section, a replication section, an encipherment section, a transmission section, a generation section, and an acquisition section. The storage section stores a database therein. The replication section generates a replica of the database stored in the storage section as a replicated database. The encipherment section enciphers the replicated database. The transmission section transmits the enciphered database to the external server each time a predetermined time period elapses. The generation section generates a deciphering key for deciphering the enciphered database. The acquisition section acquires disaster information. Upon the acquisition section acquiring the disaster information, the transmission section transmits the deciphering key to the external server.
    Type: Grant
    Filed: November 20, 2015
    Date of Patent: January 16, 2018
    Assignee: KYOCERA Document Solutions Inc.
    Inventors: Masayoshi Hayama, Masaru Sato, Kazunori Goto, Masaki Kikuchi, Toshiya Miyai
  • Patent number: 9867042
    Abstract: Disclosed is a radio frequency identification (RFID) tag comprising: an RFID functional portion configured to enable wireless communication between the RFID tag and an RFID reader; a data processing functional portion with asymmetric cryptographic capability; and a power source configured to power the data processing functional portion.
    Type: Grant
    Filed: August 8, 2012
    Date of Patent: January 9, 2018
    Assignee: MIKOH CORPORATION
    Inventor: Peter Samuel Atherton
  • Patent number: 9843928
    Abstract: A method and apparatus is provided for connecting a communication device to a deployable system. The deployable system obtains at least one deployable key derived on a fixed system for the deployable system based on an existing key stored on a database of the fixed system, wherein the existing key is used to authenticate a communication device. The deployable system stores the derived key. Subsequent to the storing, the deployable system is activated to provide communication resources to communication devices disconnected from the fixed system. The activated deployable system is not connected to the fixed system. The activated deployable system receives an authentication request from the communication device requesting connection to the deployable system; generates authentication vectors using the at least one derived deployable key; and authenticates an authentication response received from the communication device using the authentication vectors.
    Type: Grant
    Filed: October 30, 2014
    Date of Patent: December 12, 2017
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: Steven D Upp, Isam R Makhlouf, Francesca Schuler, Gino A Scribano
  • Patent number: 9832025
    Abstract: A policy server that is associated with a secure element owner receives a request, from a service provider, to provision access, by an application, to the secure element. The policy server creates, in response to the request, a policy ticket, for the service provider, that defines privileges for the service provider to create a security domain or a new profile within the secure element. The policy server provides, to a service provider trusted service manager (TSM), the policy ticket and a signed certificate, the signed certificate corresponding to a root certificate that is inserted into a Controlling Authority Security Domain (CASD) portion of the secure element prior to receiving the request. When the CASD receives the policy ticket and signed certificate from the service provider TSM, the CASD validates based on the root certificate and provisions access to the secure element based on information in the policy ticket.
    Type: Grant
    Filed: May 19, 2015
    Date of Patent: November 28, 2017
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Manuel Enrique Caceres, Warren Hojilla Uy, Ruben Cuadrat, Taussif Khan
  • Patent number: 9811869
    Abstract: A system, method, server processing system, and computer program product for operating a registry. In one aspect, the server processing system is configured to: receive, from a user processing system in data communication with the server processing system, document data relating to an entity; receive, from the user processing system, access data indicative of an accessing party to be provided access to the document data if a defined trigger event occurs; store, in a data store associated with the server processing system, a registry for the entity indicative of the document data and the access data; determine that a defined trigger event has occurred; and in response to determining that that a defined trigger event has occurred, provide the accessing party read-only access to the document data via an access processing system in data communication with the server processing system.
    Type: Grant
    Filed: October 25, 2012
    Date of Patent: November 7, 2017
    Assignee: YDF Global Party Ltd.
    Inventors: Jamie Robert Wilson, Craig Steven Wright
  • Patent number: 9800411
    Abstract: In a general aspect, a secret generator is used in an elliptic curve cryptography (ECC) scheme. In some aspects, an elliptic curve subgroup is specified by a public generator of an ECC system, and the secret generator is an element of the elliptic curve subgroup. In some instances, the secret generator is used to generate an ECC key pair that includes a public key and a private key, and the private key is used to generate a digital signature based on a message. In some instances, the public key and the secret generator are used to verify the digital signature.
    Type: Grant
    Filed: May 5, 2016
    Date of Patent: October 24, 2017
    Assignee: ISARA Corporation
    Inventors: Michael Kenneth Brown, Gustav Michael Gutoski, Marinus Struik, Atsushi Yamada