Nbs/des Algorithm Patents (Class 380/29)
  • Patent number: 11569978
    Abstract: Methods, systems, and devices for encrypting and decrypting data. In one implementation, an encryption method includes inputting plaintext into a recurrent artificial neural network, identifying topological structures in patterns of activity in the recurrent artificial neural network, wherein the patterns of activity are responsive to the input of the plaintext, representing the identified topological structures in a binary sequence of length L and implementing a permutation of the set of all binary codewords of length L. The implemented permutation is a function from the set of binary codewords of length L to itself that is injective and surjective.
    Type: Grant
    Filed: March 18, 2019
    Date of Patent: January 31, 2023
    Assignee: INAIT SA
    Inventors: Kathryn Hess, Henry Markram
  • Patent number: 11558371
    Abstract: Authentication processing is provided which includes generating an authentication parameter as a function of a time-dependent input using a predetermined transformation having an inverse transformation. Multiple authentication modes are supported, with a bit-length of the time-dependent input of one authentication mode being different from a bit-length of the time-dependent input of another authentication mode. Generating the authentication parameter is dependent, in part, on whether the time-dependent input is of the one authentication mode or the other authentication mode, and includes performing multiple rounds of transformation of the time-dependent input. A time-dependent password including a character string is generated from the authentication parameter using another predetermined transformation having another inverse transformation. The time-dependent password is forwarded within the authentication system for authentication by an authenticator.
    Type: Grant
    Filed: February 11, 2022
    Date of Patent: January 17, 2023
    Inventors: Ross David Cooper, Michael Onghena
  • Patent number: 11523156
    Abstract: A method for distributing an audiovisual content to a terminal is disclosed. The content is received by the terminal in the form of a succession of consecutive segments, each segment being distributed to the terminal following a transmission of a request by the terminal and being obtained by an application of a workflow to a portion of the content.
    Type: Grant
    Filed: December 20, 2019
    Date of Patent: December 6, 2022
    Assignee: QUORTEX
    Inventors: Thierry Trolez, Marc Baillavoine, Julien Villeret, Jérôme Vieron
  • Patent number: 11469882
    Abstract: A receiver apparatus and method for optimized decryption and despreading of a very low frequency (VLF) bitstream is disclosed. In embodiments, the receiver includes antenna elements for receiving a transmission security (TRANSEC) encoded bitstream associated with an uncertainty window size and a spread factor. The receiver includes cryptographic processors that, when the spread factor is sufficiently large, select key section numbers A and data section numbers B based on the window size and spread factor. The cryptographic processors generate an output sequence of correlation windows, each correlation window associated with a symbol of the bitstream, via pipelined sectional mirrored-key convolution based on a key section number A and data section number B chosen to optimize performance (e.g., processor performance, memory performance).
    Type: Grant
    Filed: April 8, 2021
    Date of Patent: October 11, 2022
    Assignee: Rockwell Collins, Inc.
    Inventors: Stephen A. Ganje, Christopher M. Trebisovsky
  • Patent number: 11398897
    Abstract: A device is suggested for processing input data including a hardware accelerator generating a first hash value based on a first portion of the input data and a second hash value based on a second portion of the input data, wherein the first hash value is generated based on a first configuration of the hardware accelerator and wherein the second hash value is generated based on a second configuration of the hardware accelerator. Also, a method for operating such device is provided.
    Type: Grant
    Filed: September 30, 2020
    Date of Patent: July 26, 2022
    Inventors: Alexander Zeh, Laurent Heidt, Stefan Koeck
  • Patent number: 11354427
    Abstract: The present invention relates to an encrypting/decrypting method for a multi-digit number and an encrypting/decrypting server.
    Type: Grant
    Filed: January 17, 2018
    Date of Patent: June 7, 2022
    Inventors: Rongcun Huang, Hanquan Liang, Hui Yang
  • Patent number: 11340798
    Abstract: A method includes receiving, by a first microprocessor, a request of modification of a content of a first memory of the first microprocessor, the first memory being accessible only by the first microprocessor. The method includes accessing, by the first microprocessor, first data associated with the request and a signature generated from the first data with an asymmetric cipher algorithm. The first data and the signature are available in a second memory of a second microprocessor, and the first data is representative of a modification to be applied to the content of the first memory. The modification is representative of a modification of a set of services exposed by the first microprocessor. The method includes verifying, by the first microprocessor, authenticity of the first data based on the signature; and modifying the content of the first memory according to the first data, the modifying being conditioned by the verifying.
    Type: Grant
    Filed: June 11, 2020
    Date of Patent: May 24, 2022
    Inventors: William Orlando, Julien Couvrand, Pierre Guillemin
  • Patent number: 11336425
    Abstract: Digital n-state switching devices are characterized by n-state switching tables with n greater than 4. N-state switching tables are transformed by a Finite Lab-transform (FLT) into an FLTed n-state switching table. Memory devices, processors and combinational circuits with inputs and an output are characterized by an FLTed n-state switching table and perform switching operations between physical states in accordance with an FLTed n-state switching table. The devices characterized by FLTed n-state switching tables are applied in cryptographic devices. The cryptographic devices perform standard cryptographic operations or methods that are modified in accordance with an FLT. One or more standard cryptographic methods are specified in Federal Information Processing Standard (FIPS) Publications. Security is improved by at least a factor n2.
    Type: Grant
    Filed: December 17, 2019
    Date of Patent: May 17, 2022
    Assignee: Ternarylogic LLC
    Inventor: Peter Lablans
  • Patent number: 11335213
    Abstract: The disclosure discloses a method and apparatus for encrypting data, and a method and apparatus for decrypting data. The method for encrypting data includes: acquiring a to-be-encrypted data block; executing a first encryption on the to-be-encrypted data block to obtain a data ciphertext; executing a hash operation on the to-be-encrypted data block to obtain an index key; designating a last ciphertext block as a first target ciphertext block, and decrypting the first target ciphertext block to acquire an index value of the first target ciphertext block; executing a preset operation on the index value of the first target ciphertext block to obtain the index value of the to-be-encrypted data block, and executing a second encryption on the index value of the to-be-encrypted data block based on the index key to generate an index ciphertext; and combining the data ciphertext and the index ciphertext to generate a ciphertext block.
    Type: Grant
    Filed: September 18, 2020
    Date of Patent: May 17, 2022
    Inventors: Yuepeng Liu, Peng Yun
  • Patent number: 11323239
    Abstract: A system and method for determining whether a cryptographic system is being observed for power consumption analysis in an attempt to decipher secret keys. The system comprises a first external connection to receive an input voltage, an internal voltage regulator with an external capacitor to produce the desired voltage for the cryptographic system. The internal voltage regulator typically includes a switch that passes current from the first external connection to the external capacitor. By monitoring the frequency at which the switch is activated, it is possible to detect that an external voltage is being applied to the external capacitor. This external voltage is typically used to perform SPA or DPA operations. Thus, the cryptographic system may cease performing any encryption or decryption operations if an external voltage is detected.
    Type: Grant
    Filed: August 20, 2020
    Date of Patent: May 3, 2022
    Assignee: Silicon Laboratories Inc.
    Inventor: Dewitt Clinton Seward, IV
  • Patent number: 11315013
    Abstract: Techniques are provided for implementing a parameter server within a networking infrastructure of a computing system to reduce the communication bandwidth and latency for performing communication synchronization operations of the parameter server. For example, a method includes executing a distributed deep learning (DL) model training process to train model parameters of a DL model using a plurality of worker nodes executing on one or more server nodes of a computing system, and executing a parameter server within a networking infrastructure of the computing system to aggregate local model parameters computed by the plurality of worker nodes and to distribute aggregated model parameters to the plurality of worker nodes using the networking infrastructure of the computing system.
    Type: Grant
    Filed: April 23, 2018
    Date of Patent: April 26, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Dragan Savic, Junping Zhao
  • Patent number: 11294676
    Abstract: Memory access circuitry enforces ownership rights for memory regions. A given memory region is associated with an owner realm specified from multiple realms, each realm corresponding to a portion of at least one software process executed by processing circuitry. In response to a first variant of an exception return instruction the processing circuitry returns from processing of an exception while staying within the same realm. In response to a second variant of the exception return instruction the processing circuitry switches processing from a current realm to a destination realm.
    Type: Grant
    Filed: June 8, 2018
    Date of Patent: April 5, 2022
    Assignee: Arm Limited
    Inventors: Matthew Lucien Evans, Jason Parker, Gareth Rhys Stockwell, Martin Weidmann
  • Patent number: 11265146
    Abstract: An electronic apparatus for managing data based on a block chain and a method therefor are provided. The electronic apparatus includes a communication interface, a memory, and a processor to receive a request for accessing data from an authenticated user, generate first block information regarding the request by including information on the request and at least one second block information related to the request from among a plurality of second block information stored in the memory, transmit the generated first block information to at least one of a plurality of external apparatuses constituting a block chain, and update the plurality of second block information stored in the memory based on the generated first block information. The plurality of second block information includes information on a block regarding a latest access history by category among a plurality of blocks included in block chain data shared by the plurality of external apparatuses.
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: March 1, 2022
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Sangbok Han, Hyuncheol Park, Sangmin Kim, Seonjae Kim, Donghyun Lee, Changhoon Lee, Isak Choi, Kyungwan Han
  • Patent number: 11223692
    Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing service execution. One of the methods includes receiving a service request sent by a user by a service device. The service device determines a service execution policy that matches the service request based on a predetermined data analysis model and the service request by performing data analysis on a first-type blockchain transaction in a blockchain of each first-type blockchain network of at least two first-type blockchain networks. A service is executed by the service device for the service request based on the service execution policy.
    Type: Grant
    Filed: January 25, 2021
    Date of Patent: January 11, 2022
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Xinying Yang
  • Patent number: 11218292
    Abstract: A method for secure transmission of a data stream between at least one sender and at least one recipient comprises packetizing the data stream into a plurality of data packets of data bits. Each data packet is split into at least two subpackets and the subpackets are encrypted with a one-time pad stored at the sender. The encrypted subpackets are transmitted to the receiver by transmitting one of the two encrypted subpackets over a first transmission path and transmitting another one of the two encrypted subpackets over a second transmission path wherein the first transmission path is different from the second transmission path. At the receiver, the encrypted subpackets are decrypted using an identical copy of the one-time pad stored at the receiver and the information of the data packet is restored from the at least two subpackets. Furthermore, a system for secure transmission is provided.
    Type: Grant
    Filed: September 5, 2017
    Date of Patent: January 4, 2022
    Assignee: Multitiv GmbH
    Inventors: Mohammad Shefaat, Vladimir Beliavski, Tatjana Carle
  • Patent number: 11200348
    Abstract: A side-channel attack resistant circuit topology for performing logic functions. This topology includes combinatorial logic to perform the at least one logic function. A logic input selector alternately supplies, in response to a first timing reference signal, an input to the combinatorial logic with noise generating input values and valid input values. A first latch input selector alternately supplies, in response to the first timing reference signal, a first memory element input with noise generating input values and valid logic output values. The valid logic output values are received from the combinatorial logic. A first memory element latches the valid logic output values in response to a second timing reference signal.
    Type: Grant
    Filed: October 24, 2019
    Date of Patent: December 14, 2021
    Assignee: Cryptography Research, Inc.
    Inventors: Roberto Rivoir, Elke De Mulder, Jean-Michel Cioranesco
  • Patent number: 11177936
    Abstract: A message authenticator generation apparatus (10) generates a message authenticator using a block cipher E having a block size n. A hash function unit (21) calculates a hash value w with a hash function h having an output length longer than n bits, taking as input a message M. A post-processing unit (22) performs calculations using the block cipher E on the hash value w calculated by the hash function unit (21), so as to calculate a message authenticator T not larger than the block size n for the message M.
    Type: Grant
    Filed: February 22, 2017
    Date of Patent: November 16, 2021
    Inventor: Yusuke Naito
  • Patent number: 11163469
    Abstract: Provided is a data management system capable of properly managing data to undergo masking processing in the secondary use of data. This data storage management system is equipped with a storage unit which stores masked data of real data at a first point in time, and a data control unit which extracts data of a storage area that has not been masked from update data based on first information representing a masked storage area in the masked data and second information representing a masked storage area in the masked data of update data, which is data obtained by updating the real data from the first point in time to a second point in time, extracts data of the masked storage area, from which the same masked data has been removed, from the masked data of the update data, and generates the extracted data as difference data.
    Type: Grant
    Filed: September 10, 2019
    Date of Patent: November 2, 2021
    Assignee: HITACHI, LTD.
    Inventors: Kazuhiko Mizuno, Tsuyoshi Tanaka, Yohsuke Ishii
  • Patent number: 11159940
    Abstract: A method for mutual authentication between user equipment and a communications network. The network includes a mobility management entity and a home subscriber server. The method, implemented by the user equipment, includes: receiving an authentication challenge having an token based on a first index and a first authentication message calculated by the home subscriber server and based on a first sequence number; checking that a condition of a set is true, the set including: the first sequence number is the same as a second sequence number stored in the user equipment, and the first sequence number is the same as a preceding value of the second sequence number and the first index is higher than a second index stored in the client equipment; and calculating and sending, when a condition is true, an authentication result and an authentication message, based on the preceding value of the second sequence number.
    Type: Grant
    Filed: October 2, 2017
    Date of Patent: October 26, 2021
    Assignee: ORANGE
    Inventors: Benjamin Richard, Todor Gamishev, Gilles Macario-Rat
  • Patent number: 11108552
    Abstract: Plaintext data is encrypted and decrypted using a symmetric encryption algorithm that generates a sequence of pseudorandom values from a cryptographic key. A portion of the sequence of pseudorandom values is discarded. For example, in an embodiment, each value in the sequence of pseudorandom values is truncated by a number of bits. Encryption and decryption is performed by combining plaintext or ciphertext with the truncated sequence of pseudorandom values. In an embodiment, the combination is made by performing a bitwise exclusive or operation between the truncated pseudorandom values and the plaintext or ciphertext. In an embodiment, a number of bits discarded from each value is encoded into a message authentication code which is provided with any resulting ciphertext.
    Type: Grant
    Filed: May 2, 2018
    Date of Patent: August 31, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Shay Gueron, Matthew John Campagna
  • Patent number: 11093213
    Abstract: Operational n-state digital gates execute Finite Lab-transformed (FLT) n-state switching functions or n-state switching function tables to process n-state signals provided on at least 2 inputs to generate an n-state signal on an output, with n>2, n>3 and n>64. The FLT is an enhancement of a computer architecture. Cryptographic apparatus and methods apply circuits that are characterized by FLT-ed addition and multiplication over finite field GF(n) or by addition and multiplication modulo-n that are modified in accordance with reversible n-state inverters, and are no longer characterized by known operations. Known cryptographic methods executed with novel n-state digital gates include encryption/decryption, public key generation, message digest and Elliptic Curve Cryptography wherein one n-state switching function is replaced by an FLT'ed n-state switching function.
    Type: Grant
    Filed: October 26, 2018
    Date of Patent: August 17, 2021
    Assignee: Ternarylogic LLC
    Inventor: Peter Lablans
  • Patent number: 11030278
    Abstract: A novel code signing system, computer readable media, and method are provided. The code signing method includes receiving a code signing request from a requestor in order to gain access to one or more specific application programming interfaces (APIs). A digital signature is provided to the requestor. The digital signature indicates authorization by a code signing authority for code of the requestor to access the one or more specific APIs. In one example, the digital signature is provided by the code signing authority or a delegate thereof. In another example, the code signing request may include one or more of the following: code, an application, a hash of an application, an abridged version of the application, a transformed version of an application, a command, a command argument, and a library.
    Type: Grant
    Filed: August 16, 2019
    Date of Patent: June 8, 2021
    Assignee: BlackBerry Limited
    Inventors: David Paul Yach, Herbert Anthony Little, Michael Stephen Brown
  • Patent number: 11023567
    Abstract: Presented are software intellectual property (IP) protection systems and methods that prevent potential attackers as well as customers from having access to plain text versions of both library source code and binary code. Potential attackers are prevented from reusing the software on other platforms. The protection mechanism does not impact the functionality or the performance of the library itself and does not interfere with existing software update mechanisms or application developer tools, such as Joint Test Action Group (JTAG).
    Type: Grant
    Filed: July 18, 2018
    Date of Patent: June 1, 2021
    Assignee: Maxim Integrated Products, Inc.
    Inventors: Yann Yves Rene Loisel, Frank Lhermet, Stephane Di Vito, Vincent Albanese
  • Patent number: 11017393
    Abstract: Embodiments of the invention are directed to passing a plurality of communications directly from a merchant to a payment processing network. A first communication may include payment information in an authorization request, while a second transaction may include non-payment transaction data. The communications may be linked with a transaction identifier. In other embodiments, a capture file process is disclosed where capture files are generated by the payment processing network, and transactions are subsequently cleared and settled.
    Type: Grant
    Filed: April 20, 2018
    Date of Patent: May 25, 2021
    Assignee: Visa International Service Association
    Inventors: Phil Kumnick, Krishna Koganti, Davidson Wuichet, Lloyd Cato, Jeffrey Kusheba
  • Patent number: 10997272
    Abstract: A method of manufacturing an apparatus and a method of constructing an integrated circuit are provided. The method of manufacturing an apparatus includes forming the apparatus on a wafer or a package with at least one other apparatus, wherein the apparatus comprises a polynomial generator, a first matrix generator, a second matrix generator, a third matrix generator, and a convolution generator; and testing the apparatus, wherein testing the apparatus comprises testing the apparatus using one or more electrical to optical converters, one or more optical splitters that split an optical signal into two or more optical signals, and one or more optical to electrical converters.
    Type: Grant
    Filed: July 2, 2019
    Date of Patent: May 4, 2021
    Inventors: Weiran Deng, Zhengping Ji
  • Patent number: 10984420
    Abstract: A transaction system performs a transaction for a purchase of goods or services. Information about a purchase of goods or services is displayed on a display of a transaction device. The transaction device receives from a user, primary identification data which comprises biometric data that identifies the user. The transaction device receives from the user, secondary identification data which identifies the user. The secondary identification data is in addition to the primary identification data, and the secondary identification is of a different type than the primary identification data. A primary biometric identification parameters database is accessed to verify identification of the user. A secondary identification parameters database is accessed to confirm identification of the user.
    Type: Grant
    Filed: March 15, 2017
    Date of Patent: April 20, 2021
    Inventors: Sujay Abhay Phadke, Binata Abhay Phadke
  • Patent number: 10972268
    Abstract: A Cryptographic Unit (CU) of a microcontroller, the CU including a first accelerator configured to generate first encrypted output data based on input data; and a second accelerator which is configured to be diversely implemented with respect to the first accelerator, and is configured to generate second encrypted output data based on the input data; and a comparator configured to compare a first comparator data obtained from the generation of the first encrypted output data with a second comparator data obtained from the generation of the second encrypted output data, and if the comparison indicates that the first and second comparator data differ, output an event signal pertaining to an event in a safety domain or a security domain.
    Type: Grant
    Filed: September 18, 2018
    Date of Patent: April 6, 2021
    Assignee: Infineon Technologies AG
    Inventors: Alexander Zeh, Viola Rieger
  • Patent number: 10943020
    Abstract: A system includes at least two buses including a first bus and a second bus, an encryption and decryption system corresponding to each bus, at least one signal processing module corresponding to each bus, and a bus converter coupled between the first bus and the second bus. According to the system provided in embodiments of the present invention, because data transmitted on a bus is encrypted data, even though an attacker obtains bus data by means of a probe attack, it is quite difficult to break a key, and an anti-attack capability of the system can be improved.
    Type: Grant
    Filed: August 24, 2018
    Date of Patent: March 9, 2021
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Cui Hu, ZhuFeng Tan, Shaojie Sun
  • Patent number: 10944544
    Abstract: A method and apparatus for reducing a variable number of pre-key bits to a fix key size is disclosed. The resulting key is used with a symmetric block cipher to descramble content. By being able to directly adapt a large and variable number of bits, it is possible to use cryptographic algorithms that were not thought possible, such as the output of modem public key and hashing functions, in order to create a key to directly use with a symmetric block cipher. Some or all of the pre-key bits may be used in the creation of the key.
    Type: Grant
    Filed: November 7, 2018
    Date of Patent: March 9, 2021
    Assignee: Sony Corporation
    Inventor: Brant Candelore
  • Patent number: 10936703
    Abstract: A method for compiling a matrix-product program into an obfuscated-matrix-product program includes receiving a plurality of matrices that form the matrix-product program, randomly generating a set of independent and invertible tensor-product matrices, randomly generating a set of independent and invertible linear-transform matrices, and generating a dynamic-fence-generation gadget by processing at least one of the plurality of matrices, the set of tensor-product matrices and the set of linear-transform matrices. The dynamic-fence-generation gadget is an obfuscated version of computer program represented by the plurality of matrices.
    Type: Grant
    Filed: August 2, 2018
    Date of Patent: March 2, 2021
    Inventors: Craig Broadwell Gentry, Charanjit Singh Jutla
  • Patent number: 10931658
    Abstract: Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to “detokenize” encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing.
    Type: Grant
    Filed: August 6, 2019
    Date of Patent: February 23, 2021
    Assignee: Jonetix Corporation
    Inventors: Paul Ying-Fung Wu, Richard J. Nathan, Harry Leslie Tredennick
  • Patent number: 10903995
    Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.
    Type: Grant
    Filed: May 16, 2019
    Date of Patent: January 26, 2021
    Assignee: International Business Machines Corporation
    Inventors: Pedro M. Barbas, Joseph Duffy, Ken Maycock, David M. Tilson
  • Patent number: 10896267
    Abstract: Examples relate to Input/Output (I/O) data encryption and decryption. In an example, an encryption/decryption engine on an Integrated Circuit (IC) of a computing device obtains at least one plaintext data. Some examples determine, by the encryption/decryption engine, whether the at least one plaintext data is to be sent to a memory in the computing device or to an I/O device. Some examples apply, when the at least one plaintext data is to be sent to the I/O device and by the encryption/decryption engine, an encryption primitive of a block cipher encryption algorithm to the at least one plaintext data to create output encrypted data, wherein an initialization vector that comprises a random number is applied to the encryption primitive.
    Type: Grant
    Filed: January 31, 2017
    Date of Patent: January 19, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Geoffrey Ndu, Pratyusa K Manadhata, Christopher L. Dalton, Adrian Shaw, Stuart Haber
  • Patent number: 10860997
    Abstract: A secure point-of-sale (POS) portal architecture for delivering multiple services is provided. According to one exemplary aspect of the architecture, a number of services offered by various parties are integrated for delivery to merchants. The parties offering the services include, for example, payment processors and merchant acquirers and other external value-added service providers. The integrated services, in turn, are offered to merchants and/or their respective customers via one or more POS devices and its supporting system infrastructure at the merchant locations. The integrated services include, for example, acceptance of multiple payment instruments, payment processing, user dialog management, sales promotion and customer support, loyalty programs, back office processing, receipt capture, employee training, risk management, dispute resolution, system security, system administration etc.
    Type: Grant
    Filed: January 11, 2016
    Date of Patent: December 8, 2020
    Assignee: Visa U.S.A. Inc.
    Inventors: Eric Redmond, Jean Huang, Pete Heisinger
  • Patent number: 10834649
    Abstract: The present disclosure relates to a method, in a mobility function (MF) node. The method comprises receiving (S1) information about a mapping to a property, of each of a plurality of radio bearers of a radio device for carrying data traffic between the radio device and a first radio access network (RAN). The method also comprises determining (S2) based on the received (S1) information, that at least one of the radio bearers can be handed over to a second RAN. The method also comprises initiating (S3) a handover command to the radio device instructing the radio device to hand over the at least one radio bearer to the second RAN.
    Type: Grant
    Filed: May 28, 2014
    Date of Patent: November 10, 2020
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Dinand Roeland, Stefan Rommer, Mattias Bergström, Oumer Teyeb
  • Patent number: 10819502
    Abstract: The present invention relates to a method for symmetrical encryption or decryption of a data block from a secret key (K), the method comprising steps of: permutation (100) of at least one portion of the secret key (K) by means of a first permutation table (PC1?) so as to produce initial data, execution of several iterations, an iteration comprising steps of: rotation (102) of data dependent on the initial data so as to produce shifted data, permutation (104) of the shifted data by means of a second permutation table (PC2?) so as to produce a round key, execution of a plurality of encryption rounds (200) from the data block, an encryption round (200) using one of the round keys, generation of at least one of the permutation tables (PC1?, PC2?), the generation comprising determination of at least one function (F, G) variable from one encryption or decryption to another, composition of said function (F, G) with a predetermined permutation table (PC1, PC2), application of the inverse of said function (F,
    Type: Grant
    Filed: September 26, 2017
    Date of Patent: October 27, 2020
    Inventors: Houssem Maghrebi, Guillaume Dabosville, Emmanuel Prouff
  • Patent number: 10810314
    Abstract: Embodiments for a database connector are disclosed. The database connector can encrypt data from an application before storing the data in the database using attribute-based encryption (ABE). The database connector can also decrypt data retrieved from the database using an ABE private key before sending the data to the application. The database connector can generate a logical attribute statement for encryption of data from the application based on attributes, logical relations, and/or relational operators received from the application, directly from a user, or imbedded within rules governing logical attribute statement genesis.
    Type: Grant
    Filed: December 22, 2017
    Date of Patent: October 20, 2020
    Inventors: Ryan C. Marotz, Barry A. Trent
  • Patent number: 10756892
    Abstract: Methods and apparatus, including computer program products, are provided for securing data in a multi-tenant cloud-based system. In some implementations, there is provided a method. The method may include requesting access to at least one encrypted data element; obtaining, in response to the requesting, a long bit stream assigned to a client associated with the requested access; generating a key to decrypt the at least one data element, the key generated by selecting, based on a permutation, portions of the long bit stream; and decrypting, based on the generated key, the at least one data element. Related systems, methods, and articles of manufacture are also disclosed.
    Type: Grant
    Filed: February 9, 2017
    Date of Patent: August 25, 2020
    Assignee: SAP SE
    Inventor: Vipul Gupta
  • Patent number: 10742419
    Abstract: A method for validating an interaction is disclosed. A first interaction cryptogram can be generated by a first device using information about a first party to the interaction and a second party to the interaction. A second interaction cryptogram can be generated by a second device also using information about the first party to the interaction and the second party to the interaction. Verifying each cryptogram can validate that the interaction details have not been changed, and that both the first party and second party legitimately authorized the interaction.
    Type: Grant
    Filed: March 10, 2017
    Date of Patent: August 11, 2020
    Inventors: Phillip Lavender, Vikram Modi, Glenn Leon Powell
  • Patent number: 10742405
    Abstract: System and methods for generating round keys for a cryptographic operation are disclosed. The systems and method can use logic circuits that are operable to: obtain first inputs and second inputs; perform a bit-mixer operation on each of the first inputs and the second inputs; and generate round keys based on the performing the bit-mixer operation. The first inputs include a plurality of equal sized subkeys from a key material that is divided into a plurality of equal sized key material sub-blocks, a cipher key and the second inputs include a random input, one or more previous round keys, a round number. The cryptographic operation includes a cipher, a hash function, or a stream generator. The bit-mixer operation includes an exclusive-OR (XOR) tree, a substitution-permutation network, or a double-mix Feistel network, or a Rotate-Add-XOR (RAX) construction.
    Type: Grant
    Filed: December 16, 2016
    Date of Patent: August 11, 2020
    Inventor: Laszlo Hars
  • Patent number: 10721067
    Abstract: A CPU package includes an encryption and decryption module disposed in a communication path between an instruction path of a processor core and a data register that is externally accessible through a debug port, and a key store accessible to the module. The module is configured to encrypt and store data in the data register for each of a plurality of processes being handled in the instruction path, wherein data owned by each process is encrypted and decrypted by the module using an encryption key assigned to the process. The key store is configured to store the encryption key assigned to each of a plurality of processes, wherein the key store is inaccessible outside the CPU package. The data is only decrypted for a requesting process having a process identifier that matches the process identifier stored in the processor data structure along with the requested data.
    Type: Grant
    Filed: August 10, 2016
    Date of Patent: July 21, 2020
    Inventors: Fred A. Bower, III, William G. Holland, Scott Kelso, Christopher L. Wood
  • Patent number: 10706159
    Abstract: Technologies for dynamically protecting memory of the mobile compute device include a main memory, a location sensor that produces sensor data indicative of a present location of the mobile compute device, a sensor hub communicatively coupled to the location sensor, and a security engine communicatively coupled to the sensor hub. The sensor hub determines a present location security zone of the mobile compute device based on the present location of the mobile compute device and a geofence policy, which maps locations to location security zones. The security engine encrypts the main memory of the mobile compute device and determines whether the present location security zone has changed relative to a most-previous location security zone of the mobile compute device. If the present location security zone has changed to a safe zone, the security engine decrypts the main memory.
    Type: Grant
    Filed: June 14, 2017
    Date of Patent: July 7, 2020
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan
  • Patent number: 10686764
    Abstract: The disclosure provides for two or more devices that securitize transmission(s) transmitted to and received from these devices comprising at least one executable coded cipher key(s), at least one executable coded encryption key (ECEK) device that encrypts transmission(s) that uses executable cipher coded key(s), and at least one executable coded decryption key (ECDK) device that decrypts transmission(s) and that also uses at least one executable coded cipher key(s), such that transmission(s) are sent to an encrypter/decrypter memory that stores transmission(s) while the transmission(s) is encrypted and/or decrypted. When encryption/decryption is completed, the transmission(s) is sent to at least one transmitter such that encryption/decryption of the transmission(s) is controlled and manipulated by the executable coded cipher key(s), wherein the executable coded cipher key(s) remain in the computer memory long enough to achieve encryption/decryption completion.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: June 16, 2020
    Inventor: Daniel Maurice Lerner
  • Patent number: 10680798
    Abstract: A secure computing device, including: a processor configured to carry out a secure operation; a memory in communication with the processer configured to store secure data; and a memory controller configured control storage of data in the memory and reading data from the memory, wherein the secure data is split into shares before being stored in the memory and wherein the memory controller is configured to: apply a masking storage transform (MST) to one of the shares to produce a masked share before storing the shares in the memory, wherein the MST is a permutation without a fixed point; apply an inverse MST to the masked share when reading the shares from the memory; and combine the read shares to reconstruct the secure data.
    Type: Grant
    Filed: February 15, 2017
    Date of Patent: June 9, 2020
    Assignee: NXP USA, Inc.
    Inventors: Miroslav Knezevic, Ventzislav Nikov
  • Patent number: 10680802
    Abstract: Various embodiments relate to a method of hashing a message M using a block cipher, including: producing N block cipher inputs by XORing message indices i, . . . i+N?1 respectively with state values S0, . . . SN?1, wherein N is an integer greater than 1; producing N block cipher keys by XORing N different blocks of message M and at least one of state values S0, . . . SN?1 for each of the N block cipher keys; encrypting the N block cipher inputs using the respective N block cipher keys to produce N block cipher outputs; combining the N block cipher outputs with N block cipher inputs to produce N block cipher combined outputs Tt, for t=0, . . . , N?1; calculating Y0=T0; calculating Yt=Yt?1?Tt, for t=1, . . . , N?1, calculating SN?1?=YN?1<<<a, where a is a number of bits to rotate where S0?, . . . , SN?1? are new state values; and calculating St?=Yt?SN?1?, for t=0, . . . , N?2.
    Type: Grant
    Filed: May 31, 2018
    Date of Patent: June 9, 2020
    Assignee: NXP B.V.
    Inventor: Bjorn Fay
  • Patent number: 10645070
    Abstract: An access control system and associated devices are described that conceal and securitize data transmissions between one or more secure databases for various user devices to ensure proper entrance or access into secure locations by approved personnel only. Specific methods and devices for securing (primarily digital and normally two-way) communications using applications that combine securing communications for wireless/cellular phones with personnel access card readers for entry into secure locations are also described. These combined communication and access devices require using specific encryption techniques that cannot be corrupted and are essential to denying fraudulent or otherwise unauthorized personnel the ability to enter or access security protected devices or locations.
    Type: Grant
    Filed: November 28, 2018
    Date of Patent: May 5, 2020
    Inventor: Daniel Maurice Lerner
  • Patent number: 10616192
    Abstract: The disclosure provides for one or more devices and associated system that securitize and conceal data transmitted to and/or data received from the devices that utilize one or more master keys comprising at least one device that conceals and reveals such that the data and/or associated data files utilize both master keys and one or more key selectors, wherein the master keys and key selectors produce a specific set of one or more keys that conceal the data and/or associated data files such that one or more key selectors coincide with at least one value that directly corresponds with created cipher data and/or cipher data files. The key selectors can also be concealed and revealed as required. Produced concealed data and concealed data files can only be concealed and revealed with one or more master keys and one or more key selectors.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: April 7, 2020
    Inventor: Daniel Maurice Lerner
  • Patent number: 10608822
    Abstract: A method of computing a message authentication code (MAC) for a message having a common part and an independent part using a constrained processor, including: performing a MAC function on the common part of the message using a first secret key to produce a first output; performing a pseudorandom function on the independent part of the message using a second key to produce a second output, wherein the computation time of the pseudorandom function is significantly less than the computation time of the MAC function; and combining the first output and the second output to produce a computed MAC for the message.
    Type: Grant
    Filed: April 26, 2017
    Date of Patent: March 31, 2020
    Assignee: NXP B.V.
    Inventors: Florian Boehl, Simon Johann Friedberger, Thierry G. C. Walrant
  • Patent number: 10601805
    Abstract: One more devices and/or access control systems are described that securitize data and data transmissions using three sets of computing operations including authentication, validation, and securitization that allows or denies access to the data and/or the data transmissions. The system includes securitization of signals between one or more secure master and/or partial DASA databases for various user devices. Specific methods and devices for securing (primarily digital and normally two-way) communications using applications that offer the combination of securing communications from user devices with reader devices, are also is provided.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: March 24, 2020
    Inventor: Daniel Maurice Lerner
  • Patent number: 10572271
    Abstract: Efficient instantiation of encrypted guests is disclosed. In an example, a first host with a first hypervisor is separated from a second host with a second hypervisor by a network. The first hypervisor executes to allocate a requested amount of memory associated with a first guest on the first host. Pages of the requested amount of memory written to by a boot process of the first guest are tracked. The second hypervisor is requested to allocate the requested amount of memory on the second host. All tracked pages written to by the boot process are transferred to the second host. In response to transferring all of the tracked pages, a transfer completion confirmation is sent to the second hypervisor and a second guest that is a migrated copy of the first guest is instantiated on the second host with the transferred pages from the first guest.
    Type: Grant
    Filed: August 29, 2018
    Date of Patent: February 25, 2020
    Assignee: RED HAT, INC.
    Inventors: Michael Tsirkin, David Hildenbrand