Public Key Patents (Class 380/30)
  • Patent number: 10291604
    Abstract: A system and method are described in which a document transaction management platform coordinates performance of trust actions across a plurality of trust service providers. For example, a system including one or more processors, working memory, persistent storage device and a network connect executes instructions to evaluate a policy including multiple rules controlling performance of trust actions. The instructions when executed cause the system to perform operations including processing a first transaction request including a first trust action, evaluating the first transaction request to determine a type of the first trust action, selecting, based on applying the policy against the type of the first trust action, a trust provider rule from the plurality of trust provider rules, and facilitating performance of the first trust action according to the selected trust provider rule.
    Type: Grant
    Filed: June 3, 2016
    Date of Patent: May 14, 2019
    Assignee: DocuSign, Inc.
    Inventors: David Steeves, Gregory J. Alger, Joshua D. Wise, Jayson C. McCleery, Peleg Atar, Ezer Farhi, Ryan J. Cox
  • Patent number: 10291614
    Abstract: The present invention relates to the field of identity authentication. Provided are a method, device, and system for identity authentication, solving the technical problem that existing identity authentication technologies are incapable of protecting personal privacy, and that authentication technologies comprising personal privacy must provide a traceability feature.
    Type: Grant
    Filed: March 12, 2013
    Date of Patent: May 14, 2019
    Assignee: CHINA IWNCOMM CO., LTD.
    Inventors: Zhiqiang Du, Jun Cao, Manxia Tie, Yi Li
  • Patent number: 10282532
    Abstract: The present disclosure relates to secure storage of a detailed set of elements relating to fingerprint features for a finger and to a method for authenticating a candidate fingerprint of a finger using said detailed set of elements, allowing for improved security and user convenience.
    Type: Grant
    Filed: September 7, 2017
    Date of Patent: May 7, 2019
    Assignee: Fingerprint Cards AB
    Inventor: Sebastian Weber
  • Patent number: 10277394
    Abstract: A system and method for securing information associates a party with a node that communicates messages over one or more channels based on a channel access privilege. One or more authorities sign a cryptographic authorization permit (CAP) to authorize the channel access privilege, which can be a write privilege or a read privilege. In one embodiment, the authorization for the channel access privilege is based on a public key issued by an authority and the CAP comprises a cryptographic certificate digitally signed by the authority.
    Type: Grant
    Filed: May 13, 2013
    Date of Patent: April 30, 2019
    Assignee: Objective Interface Systems, Inc.
    Inventors: Reynolds William Beckwith, Jeffrey Grant Marshall, Jeffrey William Chilton
  • Patent number: 10275498
    Abstract: A dynamic webpage that displays data in groupings. The groupings are determined by users who score the data as representative of a specific category. The system dynamically rearranges the data and re-renders the webpage in response to receiving different scores for data previously scored.
    Type: Grant
    Filed: March 17, 2016
    Date of Patent: April 30, 2019
    Inventors: Avrohom C. Rutenberg, Avorhom Shlomo Dickman
  • Patent number: 10277623
    Abstract: Processes and systems described herein enable a computing device to detect compromised accounts. The computing device may obtain a user credential including a user ID, and further modify the user ID. The computing device may transmit the modified user ID to a service including a database related to compromised accounts, receive a record corresponding to the modified user ID that includes information of a compromised account, and further determine whether an account of the user ID is compromised based on the received record.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: April 30, 2019
    Assignee: AppBugs, INC.
    Inventor: Rui Wang
  • Patent number: 10277632
    Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: April 30, 2019
    Assignee: SSH Communications Security OYJ
    Inventor: Tatu J. Ylonen
  • Patent number: 10277591
    Abstract: Authenticating a user is provided. A decryption key corresponding to an authentication account of the user of a client device and authentication credential data obtained from the user of the client device is received during authentication. Encrypted authentication credential data corresponding to the user is decrypted using the received decryption key corresponding to the authentication account of the user. The decrypted authentication credential data is compared with the received authentication credential data to authenticate the user of the client device.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: April 30, 2019
    Assignee: International Business Machines Corporation
    Inventors: Lawrence Koved, Ian M. Molloy, Gelareh Taban
  • Patent number: 10268545
    Abstract: A method begins by, for a data access request, a user computing device accessing a plurality of estimated efficiency models of a plurality of dispersed storage (DS) processing units of a dispersed storage network. The method continues by selecting one of the DS processing units from the plurality of DS processing units based on the plurality of estimated efficiency models, a type of request of the data access request, and a randomizing factor to produce a selected DS processing unit. The method continues by sending the data access request to the selected DS processing unit for execution. The method continues by determining an actual processing efficiency of the processing of the data access request by the selected DS processing unit. The method continues by updating the estimated efficiency model of the selected DS processing module based on the actual processing efficiency.
    Type: Grant
    Filed: December 13, 2017
    Date of Patent: April 23, 2019
    Assignee: International Business Machines Corporation
    Inventors: Ravi V. Khadiwala, Jason K. Resch
  • Patent number: 10263782
    Abstract: A system for authenticating a user and his local device to a secured remote service with symmetrical keys, which utilizes a PIN from the user and a unique random value from the local device in such a way that prevents the remote service from ever learning the user's PIN, or a hash of that PIN. The system also provides mutual authentication, verifying to the user and local device that the correct remote service is being used. At the same time, the system protects against PIN guessing attacks by requiring communication with the said remote service in order to verify if the correct PIN is known. Also, the system works in such a way as to change the random value stored on the user's local device after each authentication session.
    Type: Grant
    Filed: October 12, 2011
    Date of Patent: April 16, 2019
    Assignee: GOLDKEY CORPORATION
    Inventors: Roger E Billings, John A Billings
  • Patent number: 10263773
    Abstract: A method for updating a public key is provided. The method includes: acquiring, by a transmitting-end device, a first hash value calculated based on a first current public key; generating a first update public key and a first update private key; generating an update string such that a hash value of a hash function calculated based at least on the first update public key and the update string is equal to the first hash value; calculating, by a receiving-end device, a second hash value based at least on the first update public key and the update string according to the hash function; and verifying the first update public key by comparing the first hash value and the second hash value.
    Type: Grant
    Filed: June 19, 2017
    Date of Patent: April 16, 2019
    Assignee: NATIONAL CHI NAN UNIVERSITY
    Inventor: Hung-Yu Chien
  • Patent number: 10257168
    Abstract: A method and system are provided for securing telecommunications traffic data. A method is provided for transmitting messages via a telecommunications network between a number of subscribers by means of a telecommunications service, wherein the telecommunications service receives at least one first message of individual first size from at least one first subscriber to the telecommunications service that is intended for at least one second subscriber of the telecommunications service. In reaction to receiving a message, the telecommunications service sends at least one second message to the at least one second subscriber, wherein the at least one second message obtains a second size. The first size cannot be conclusively deduced from the second size.
    Type: Grant
    Filed: May 6, 2016
    Date of Patent: April 9, 2019
    Assignee: Uniscon Universal Identity Control GmbH
    Inventor: Hubert Jäger
  • Patent number: 10257230
    Abstract: Systems and methods are described for orchestrating a security object, including, for example, defining and storing a plurality of policies in a database coupled to a policy engine and receiving, by the policy engine, the security object and at least one object attribute associated with the security object. In addition, the policy engine determines the acceptability of the security object based, at least in part, on the at least one object attribute and at least one of the plurality of policies corresponding to the at least one object attribute. The security object to at least one communication device associated with the policy engine is distributed when the security object is determined to be acceptable. The at least one communication device establishes communication based, at least in part, on the security object.
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: April 9, 2019
    Assignee: FORNETIX LLC
    Inventors: Charles White, Joseph Brand, Stephen Edwards
  • Patent number: 10241649
    Abstract: The present disclosure relates to devices and device configurations. In one embodiment, a process for providing application discovery and trial includes presenting a widget element on a display of the device, wherein the widget element includes graphical elements for a plurality of trial applications, and detecting a selection of one of the trial applications in the widget element. The process also includes updating the display to present a selected trial application based on the selection, wherein presentation of the selected trial application includes display of an overlay element, detecting a selection of the overlay element, and presenting a trial application control window based on the selection of the overlay element, the trial application control window including graphical elements for one or more of terminating, continuing and conversion of the selected trial application.
    Type: Grant
    Filed: April 20, 2016
    Date of Patent: March 26, 2019
    Assignee: Qingdao Hisense Electronics Co., Ltd.
    Inventor: Sanjiv Sirpal
  • Patent number: 10243968
    Abstract: Clients within a computing environment may establish a secure communication session. Sometimes, a client may trust another client to read, but not modify, a message. Clients may utilize a cryptography service to generate a message protected against improper modification. Clients may utilize a cryptography service to verify whether a protected message has been improperly modified.
    Type: Grant
    Filed: December 11, 2015
    Date of Patent: March 26, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventor: Matthew John Campagna
  • Patent number: 10235399
    Abstract: Methods and systems for enabling sizing of storage array resources are provided. Resources of a storage array can include, for example, cache, memory, SSD cache, central processing unit (CPU), storage capacity, number of hard disk drives (HDD), etc. Generally, methods and systems are provided that enable efficient predictability of sizing needs for said storage resources using historical storage array use and configuration metadata, which is gathered over time from an install base of storage arrays. This metadata is processed to produce models that are used to predict resource sizing needs to be implemented in storage arrays with certainty that takes into account customer-to-customer needs and variability. The efficiency in which the sizing assessment is made further provides significant value because it enables streamlining and acceleration of the provisioning process for storage arrays.
    Type: Grant
    Filed: November 4, 2015
    Date of Patent: March 19, 2019
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: David Adamson, Larry Lancaster
  • Patent number: 10237272
    Abstract: An identity authentication method is provided.
    Type: Grant
    Filed: February 23, 2016
    Date of Patent: March 19, 2019
    Assignee: Alibaba Group Holding Limited
    Inventors: Mian Huang, Yan Xu
  • Patent number: 10230529
    Abstract: Techniques to secure computation data in a computing environment from untrusted code. These techniques involve an isolated environment within the computing environment and an application programming interface (API) component to execute a key exchange protocol that ensures data integrity and data confidentiality for data communicated out of the isolated environment. The isolated environment includes an isolated memory region to store a code package. The key exchange protocol further involves a verification process for the code package stored in the isolated environment to determine whether the one or more exchanged encryption keys have been compromised. If the signature successfully authenticates the one or more keys, a secure communication channel is established to the isolated environment and access to the code package's functionality is enabled. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: March 12, 2019
    Assignee: MICROSFT TECHNOLOGY LICENSING, LLC
    Inventors: Manuel Costa, Orion Tamlin Hodson, Sriram Kottarakurichi Rajamani, Marcus Peinado, Mark Eugene Russinovich, Kapil Vaswani
  • Patent number: 10229264
    Abstract: A method of protecting a modular exponentiation calculation executed by an electronic circuit using a first register and a second register, successively comprising, for each bit of the exponent: a first step of multiplying the content of one of the registers, selected from among the first register and the second register according to the state of the bit of the exponent, by the content of the other one of the first and second registers, placing the result in said one of the registers; a second step of squaring the content of said other one of the registers by placing the result in this other register, wherein the content of said other one of the registers is stored in a third register before the first step and is restored in said other one of the registers before the second step.
    Type: Grant
    Filed: February 29, 2016
    Date of Patent: March 12, 2019
    Assignee: STMICROELECTRONICS (ROUSSET) SAS
    Inventor: Yannick Teglia
  • Patent number: 10230525
    Abstract: An organizational signature authority delegates signature authority to one or more subordinate signature authorities by rolling up public keys from the subordinate signature authorities into a public key for the organization. A subordinate signature authority of the organizational signature authority generates cryptographic keys for use by the subordinate signature authority, and cryptographically derives a public key for the subordinate signature authority based at least in part on the cryptographic keys. In some examples, the subordinate signature authority acquires public keys from a lower subordinate signature authority, and the public key of the subordinate signature authority is cryptographically derived in part from the public key of the lower subordinate signature authority. The public key of the subordinate signature authority is provided to the organizational signature authority.
    Type: Grant
    Filed: December 23, 2016
    Date of Patent: March 12, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Matthew John Campagna, Eric Jason Brandwine, Andrew Kyle Driggs
  • Patent number: 10218714
    Abstract: The present invention relates to methods for verifying the integrity of data blocks and for accessing the blocks and relates more particularly to a method for verifying the integrity of a digital data block, the method comprising steps of: searching for a digital fingerprint in a data block of a reference point, calculating a digital fingerprint by applying a fingerprint calculation function to the data block, the fingerprint calculated having a value which depends on each of the bits of the data block excluding the bits of a fingerprint found in the data block, and verifying the fingerprint found in the data block by comparing it with the fingerprint calculated.
    Type: Grant
    Filed: January 15, 2014
    Date of Patent: February 26, 2019
    Assignees: UNIVERSITE D'AIX-MARSEILLE, CENTRE NATIONAL DE LA RECHERCHE SCIENTIFIQUE
    Inventor: Laurent Henocque
  • Patent number: 10216521
    Abstract: A method, computer readable medium, and system are disclosed for error coping. The method includes the steps of receiving, by a processing unit, a set of program instructions including a first program instruction that is responsive to error detection, detecting an error in a value of a first operand of the first program instruction, and determining that error coping execution is selectively enabled for the first instruction. The value for the first operand is replaced with a substitute value and the first program instruction is executed by the processing unit.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: February 26, 2019
    Assignee: NVIDIA Corporation
    Inventors: Philip Payman Shirvani, Richard Gavin Bramley, John Montrym
  • Patent number: 10211975
    Abstract: The subject disclosure is directed towards secure computations of encrypted data over a network. In response to user desired security settings with respect to the encrypted data, software/hardware library components automatically select parameter data for configuring a fully homomorphic encryption scheme to secure the encrypted data items while executing a set of computational operations. A client initiates the set of computational operations via the library components and if requested, receives secure computation results in return.
    Type: Grant
    Filed: March 7, 2016
    Date of Patent: February 19, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jacob J Loftus, Michael Naehrig, Joppe Willem Bos, Kristin Estella Lauter
  • Patent number: 10210350
    Abstract: An embodiment includes an electronic device, comprising: a control intellectual property (IP) including a plurality of first special function registers (SFRs); a basic operation IP including a plurality of second SFRs and coupled to the control IP through a first path and a second path; and a random number generator configured to generate a random signal; wherein the control IP is configured to: select one of the first path and the second path based on the random signal; and set the second SFRs using the selected path.
    Type: Grant
    Filed: July 25, 2016
    Date of Patent: February 19, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kyoung-Moon Ahn, Jong-Hoon Shin, Ki-Seok Bae
  • Patent number: 10209961
    Abstract: A method of verifying the sensitivity of an electronic circuit executing a modular exponentiation calculation in a first register and a second register, successively including, for each bit of the exponent: a first step of multiplying the content of one of the registers, selected from among the first register and the second register according to the state of the bit of the exponent, by the content of the other one of the first and second registers, placing the result in said one of the registers; a second step of squaring the content of said other one of the registers by placing the result in this other register, wherein the content of that of the first and second registers which contains the multiplier of the operation of the first step is disturbed, for each bit of the exponent, during the execution of the first step.
    Type: Grant
    Filed: February 29, 2016
    Date of Patent: February 19, 2019
    Assignee: STMICROELECTRONICS (ROUSSET) SAS
    Inventor: Yannick Teglia
  • Patent number: 10204657
    Abstract: The present invention comprises an input part for inputting image data, a receiving part for receiving production information relating to production transmitted from another apparatus, a recording part for recording the production information received by the receiving part and image data input by the input part, a detection part for detecting a recording position on a recording medium at an editing point of image data recorded by the recording part, and a transmission part for transmitting information of the recording position detected by the detection part, whereby identification information for identifying image data and voice data is recorded in a recording medium or a recording device, this relieving a burden on a photographer and an editor and facilitating extraction of image data and voice data.
    Type: Grant
    Filed: May 3, 2018
    Date of Patent: February 12, 2019
    Assignee: SONY CORPORATION
    Inventor: Noboru Yanagita
  • Patent number: 10198199
    Abstract: Methods and apparatus for efficiently storing and accessing secure data are disclosed. The method of storing includes encrypting data utilizing an encryption key to produce encrypted data, performing deterministic functions on the encrypted data to produce deterministic function values, masking the encryption key utilizing the deterministic function values to produce masked keys and combining the encrypted data and the masked keys to produce a secure package. The method of accessing includes de-combining a secure package to reproduce encrypted data and masked keys, selecting a deterministic function, performing the selected deterministic function on the reproduced encrypted data to reproduce a deterministic function value, de-masking a corresponding masked key utilizing the reproduced deterministic function value to reproduce an encryption key, and decrypting the reproduced encrypted data utilizing the reproduced encryption key to reproduce data.
    Type: Grant
    Filed: November 16, 2016
    Date of Patent: February 5, 2019
    Assignee: International Business Machines Corporation
    Inventor: Jason K. Resch
  • Patent number: 10200356
    Abstract: An information processing system performing highly secure broadcast authentication while reducing a delay until authentication, a communication amount, and a computation amount is provided. A server (100) generates authentication information for transmission data by combining a tag relating to the transmission data and a chain value associated in a chain with transmission order of the transmission data. The tag relating to the transmission data is generated by using a common key. The chain is generated by using a one-way function. A node (200) verifies whether a chain value associated with transmission order of data received in the past is generated or not by applying the one-way function to a chain value extracted by using a tag relating to the received data and authentication information for the received data. The tag relating to the received data is generated by using the common key.
    Type: Grant
    Filed: October 20, 2015
    Date of Patent: February 5, 2019
    Assignee: NEC CORPORATION
    Inventor: Toshihiko Okamura
  • Patent number: 10193953
    Abstract: Systems and methods are provided for self-describing configurations of cloud-based applications for data security providers monitoring communications between a client device and the applications. An application programming interface (API) can be provided that allows the data security provider to inspect entity objects used by the cloud-based application. Data entities can be marked to have protected fields. A token identifier can be generated by the data security provider and sent to the cloud-based application. The cloud-based application can insert the token identifier in communications between the application and a client device allowing the data security provider to protect sensitive data associated with the protected fields.
    Type: Grant
    Filed: October 21, 2016
    Date of Patent: January 29, 2019
    Assignee: Oracle International Corporation
    Inventors: Jing Wu, Blake Sullivan, Michael William McGrath, Min Lu
  • Patent number: 10181955
    Abstract: Method for converting an original paper document into an original information object, and for subsequent electronic transmission, storage, and retrieval of verifiable copies of the stored original information object without the Trusted Repository relinquishing control of the original information object. The user first converts the blue-ink-signed paper document into an electronic information object. On deposit of this information object into the Trusted Repository, the user is required to destroy or permanently designate the blue-ink-signed paper document and locally-retained files as copies. The Trusted Repository then requires the user to establish the authenticity of the electronic information object by verifying that it is now the only authoritative and original copy. The Trusted Repository then creates the original authenticated information object by appending a date-time stamp and its digital signature and certificate (signature block).
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: January 15, 2019
    Assignee: eOriginal, Inc.
    Inventors: Stephen F Bisbee, Bryan K Caporlette, Adam J Attinello, Daniel S Bender, Valerie F Daly
  • Patent number: 10176341
    Abstract: Computerized embodiments are disclosed for keeping personally identifying information within a protected domain environment when interacting with a computerized service environment. In one embodiment, user interface commands are received from a remote computerized system of the protected domain environment at the computerized service environment via computerized network communications. A data residency protection component is generated within the computerized service environment in response to the user interface commands. The data residency protection component is configured to act as a proxy for the computerized service environment, when executed in the protected domain environment by the remote computerized system, to isolate personally identifying information from visibility or storage outside of the protected domain environment.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: January 8, 2019
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Kent Arthur Spaulding, Kenneth Joseph Meltsner, Reza B′Far
  • Patent number: 10176418
    Abstract: A secure smart card is described. The smart card can include a processor, a memory and a transceiver. The smart card can communicate with various terminals and store a digital signature and other information on the card. Another terminal can validate the information stored on the smart card using the digital signature. In certain embodiments, the terminal can also validate the information by using a blockchain. The advanced design of the smart card obviates the need for a network connection.
    Type: Grant
    Filed: July 23, 2018
    Date of Patent: January 8, 2019
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Kevin Osborn, James Zarakas, Saleem Sangi, Jeffrey Rule
  • Patent number: 10177905
    Abstract: In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial fn(x), including: receiving the first polynomial v(x) modulo the second polynomial fn(x), where the second polynomial is of a form fn(x)=xn±1, where n=2k and k is an integer greater than 0; computing lowest two coefficients of a third polynomial g(z) that is a function of the first polynomial and the second polynomial, where g ? ( z ) ? = def ? ? i = 0 n - 1 ? ? ( v ? ( ? i ) - z ) , where ?0, ?1, . . . , ?n-1 are roots of the second polynomial fn(x) over a field; outputting the lowest coefficient of g(z) as the resultant; and outputting the second lowest coefficient of g(z) divided by n as the free term of the scaled inverse of the first polynomial v(x) modulo the second polynomial fn(x).
    Type: Grant
    Filed: January 2, 2015
    Date of Patent: January 8, 2019
    Assignee: International Business Machines Corporation
    Inventors: Craig B. Gentry, Shai Halevi
  • Patent number: 10178105
    Abstract: Embodiments enable a system to determine, authorize, and adjust access, writing, retrieval, and validation rights of users and entities associated with one or more distributed block chain networks. The system is capable of receiving an authorization request from a user to conduct an action associated with the block chain distributed network, determine a security level associated with the user, and either authorize or screen the user from conducting the action based on the determined security level. The system may adjust the security level of the user by requesting and receiving additional authorization credentials from the user. Furthermore, the system may adjust the security level of one or more users based on security or functionality needs of the block chain distributed network.
    Type: Grant
    Filed: February 22, 2016
    Date of Patent: January 8, 2019
    Assignee: Bank of America Corporation
    Inventors: Manu Jacob Kurian, Joseph Benjamin Castinado
  • Patent number: 10165088
    Abstract: A method is provided for providing unit of work continuity between a client device and a server when the client device initially fails to complete an ongoing unit of work. The method includes temporarily storing, in a temporary storage location in the server, in-doubt messages sent to the server for the ongoing unit of work, when the client device disconnects from the server without committing the ongoing unit of work so that the client device does not have to resend the in-doubt messages to the server. The method further includes utilizing unique hash-codes to identify the in-doubt messages the client device had earlier sent so that the server can retrieve the in-doubt messages from the temporary storage location and include the in-doubt messages as part of the ongoing unit of work to be committed by the client device. The ongoing unit of work is only part of an entire transaction.
    Type: Grant
    Filed: August 2, 2016
    Date of Patent: December 25, 2018
    Assignee: International Business Machines Corporation
    Inventors: Chethan Bhat, Rajesh Lalgowdar, Lohitashwa Thyagaraj
  • Patent number: 10157339
    Abstract: Disclosed are various embodiments for providing access control to the underlying data of a single machine-readable identifier when read by various reader devices. A client device may receive a first cryptographic key associated with a first device profile and a second cryptographic key associated with a second device profile. Data provided through an ingestion process is formatted into at least a first portion of data and a second portion of data, where the first portion of data is intended for a first reader device and the second portion of data is intended for a second reader device. The first portion of data may be encrypted using the first cryptographic key while the second portion of data is encrypted using the second cryptographic key. A machine-readable identifier may be generated using the first portion of data as encrypted and the second portion of data as encrypted.
    Type: Grant
    Filed: March 2, 2016
    Date of Patent: December 18, 2018
    Assignee: Wonderhealth, LLC
    Inventors: Kenneth Hill, Katherine S. Hill
  • Patent number: 10158607
    Abstract: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.
    Type: Grant
    Filed: September 15, 2015
    Date of Patent: December 18, 2018
    Assignee: International Business Machines Corporation
    Inventors: Richard H. Boivie, Alyson Comer, John C. Dayka, Donna N. Dillenberger, Kenneth A. Goldman, Mohit Kapur, Dimitrios Pendarakis, James A. Ruddy, Peter G. Sutton, Enriquilo Valdez
  • Patent number: 10158490
    Abstract: Disclosed is a double authentication system (“DAS”) for electronically signing a first data from a user having a smart card, where the smart card has a personal identification number (“PIN”). As an example, the DAS may include a client module, high assurance signing service (“HASS”) module, and hardware security module (“HSM”).
    Type: Grant
    Filed: August 17, 2015
    Date of Patent: December 18, 2018
    Assignee: The Boeing Company
    Inventor: Martin Schleiff
  • Patent number: 10152712
    Abstract: A user inspects at least one indicator of an event. The user enables a token corresponding to an account of an aggregating entity to be received by a transaction entity and identifies at least one type of event of interest to be reported by the transaction entity to the aggregating entity. The user obtains and inspects at least one indicator from the account of the aggregating entity, where each obtained indicator is adapted to be created by the aggregating entity based upon an event message received from the transaction entity. The event message comprises the token, which is adapted to be used by the aggregating entity to identify the account and the event message corresponds to an occurrence of an event of at least one type of event of interest to be reported by the transaction entity to the aggregating entity.
    Type: Grant
    Filed: May 10, 2006
    Date of Patent: December 11, 2018
    Assignee: PAYPAL, INC.
    Inventors: Brian C. Schimpf, Edith H. Stern, Robert C. Weir, Barry E. Willner
  • Patent number: 10148978
    Abstract: Systems and methods for reducing latency through motion estimation and compensation techniques are disclosed. The systems and methods include a client device that uses transmitted lookup tables from a remote server to match user input to motion vectors, and tag and sum those motion vectors. When a remote server transmits encoded video frames to the client, the client decodes those video frames and applies the summed motion vectors to the decoded frames to estimate motion in those frames. In certain embodiments, the systems and methods generate motion vectors at a server based on predetermined criteria and transmit the generated motion vectors and one or more invalidators to a client, which caches those motion vectors and invalidators. The server instructs the client to receive input from a user, and use that input to match to cached motion vectors or invalidators. Based on that comparison, the client then applies the matched motion vectors or invalidators to effect motion compensation in a graphic interface.
    Type: Grant
    Filed: April 20, 2018
    Date of Patent: December 4, 2018
    Assignee: ZeniMax Media Inc.
    Inventor: Michael Kopietz
  • Patent number: 10148423
    Abstract: A data security method including creating a token-including plaintext by including a predefined token into a plaintext, generating a cyphertext by encrypting the token-including plaintext using format-preserving encryption, generating a decrypted cyphertext by decrypting an input text, determining whether the decrypted cyphertext includes a first predefined token, if the decrypted cyphertext includes the first predefined token, recreating the plaintext by removing the first predefined token from the decrypted cyphertext, and if the decrypted cyphertext does not include the first predefined token, using the input text as the plaintext.
    Type: Grant
    Filed: July 20, 2015
    Date of Patent: December 4, 2018
    Assignee: International Business Machines Corporation
    Inventors: Ariel Farkash, Abigail Goldsteen, Micha Moffie
  • Patent number: 10148441
    Abstract: Embodiments relate to systems, devices, and computer-implemented methods for detecting double signing in one-time use signature schemes by receiving a first message, where the first message includes a signature generated using a one-time use private key of a one-time use public/private key pair, determining a one-time use public key of the public/private key pair based on the first message, adding the one-time use public key to a list of public keys, receiving a second message, where the second message includes a signature generated using the one-time use private key of the one-time use public/private key pair, determining the one-time use public key of the public/private key pair based on the second message, determining that the one-time use public/private key pair was used more than once based on the list of public keys; and generating an alert based on determining that the one-time use public/private key pair was used more than once.
    Type: Grant
    Filed: September 11, 2015
    Date of Patent: December 4, 2018
    Assignee: VERISIGN, INC.
    Inventor: Burton S. Kaliski, Jr.
  • Patent number: 10142105
    Abstract: A hypersphere-based multivariable public key encryption/decryption system may include an encryption module and a decryption module. The encryption module may include a processor and a public key transformation component for transforming plaintext into ciphertext. The decryption module may include a processor, a first affine transformation inversion component, a trapdoor component and a second affine transformation inversion component. The trapdoor component may include a linear equation system construction component and a linear equation system solving component. All components may execute corresponding operations, so that a set of data may be obtained finally, and the set of data may be stored and output as decrypted plaintext. If the decryption module does not produce data, the processor may output warning information about a decryption failure to a user.
    Type: Grant
    Filed: January 7, 2015
    Date of Patent: November 27, 2018
    Assignee: South China University of Technology
    Inventors: Shaohua Tang, Jiahui Chen
  • Patent number: 10140606
    Abstract: Ensuring security of electronic transactions between a personal mobile device user and a service provider involves establishing trust between a user and a transaction service provider, authenticating the personal mobile device of the user, establishing a secure communication channel between the user and the service provider, and registering the user with the service provider over the secure communications channel.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: November 27, 2018
    Assignee: MASTERCARD MOBILE TRANSACTIONS SOLUTIONS, INC.
    Inventors: Satyan G. Pitroda, Mehul Desai
  • Patent number: 10136322
    Abstract: A system and method anonymously authenticate utilizing multiple pre-shared identification keys with external visual identifier. Two keys are pre shared with a server and are integrated into memory on a controller, and external visual identifiers are affixed to the outside of the controller. The server authenticates the mobile device by checking that the external visual identifiers are appropriately linked to the pre-shared keys within a control memory structure, and a second control memory structure is initiated utilizing the shared key and no user-identifying information.
    Type: Grant
    Filed: April 20, 2018
    Date of Patent: November 20, 2018
    Assignee: Kirio Inc.
    Inventor: Franck D. Rougier
  • Patent number: 10129229
    Abstract: The present disclosure describes systems and methods for authenticating a called party during the initialization stage of establishing a secure telecommunication channel to provide assurances to the initiator that they are communicating with whom they intended. A first user issues a challenge that includes a nonce to one or more second user devices. The second user's secure collaboration application receives the challenge, signs the nonce included in the challenge, and sends the response with the signed nonce to the first user. The first user receives the response and determines whether the signature of the first nonce is valid. If the signature is not valid, the first user's secure collaboration application terminates the secure telecommunication. However, if the signature received in the response is valid, the first user's secure collaboration application begins exchanging encrypted telecommunication data with the second user over a secure telecommunication channel.
    Type: Grant
    Filed: October 21, 2016
    Date of Patent: November 13, 2018
    Assignee: Wickr Inc.
    Inventors: Thomas Michael Leavy, Dipakkumar R. Kasabwala
  • Patent number: 10121139
    Abstract: Ensuring security of electronic transactions between a user and a ticketing service provider involves establishing trust between a user and a transaction service provider, authenticating an electronic transaction facility of the user, establishing a secure communication channel between the user and the ticketing service provider, and registering the user with the ticketing service provider over the secure communications channel.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: November 6, 2018
    Assignee: MASTERCARD MOBILE TRANSACTIONS SOLUTIONS, INC.
    Inventors: Satyan G. Pitroda, Mehul Desai
  • Patent number: 10122531
    Abstract: Provided is an information processing apparatus including a message generating unit that generates messages of N times (where N?2) based on a multi-order multivariate polynomial set F=(f1, . . . , fm) defined on a ring K and a vector s that is an element of a set Kn, and calculates a first hash value based on the messages of N times, a message providing unit that provides a verifier with the first hash value, an interim information generating unit that generates third information of N times using first information randomly selected by the verifier and second information of N times, and generates a second hash value based on the third information of N times, an interim information providing unit that provides the verifier with the second hash value, and a response providing unit that provides the verifier with response information of N times.
    Type: Grant
    Filed: July 31, 2012
    Date of Patent: November 6, 2018
    Assignee: Sony Corporation
    Inventor: Koichi Sakumoto
  • Patent number: 10116450
    Abstract: In a general aspect, a Merkel signature scheme (MSS) uses subtree data. In some aspects, subtree data is loaded from a non-volatile memory into a volatile memory. The subtree data represents one or more nodes of a subtree of a cryptographic hash tree and a first authentication path portion that includes nodes outside the subtree. The subtree includes a subtree root node at a level below a root node of the cryptographic hash tree and lowest-level nodes of the cryptographic hash tree, which are based on respective verification keys for a one-time signature (OTS) scheme. An OTS is generated using a first signing key associated with a first verification key, which is associated with a lowest-level node in the subtree. The OTS, the first verification key, the first authentication path portion, and a second authentication path portion comprising one or more nodes of the subtree are sent to a recipient.
    Type: Grant
    Filed: November 2, 2016
    Date of Patent: October 30, 2018
    Assignee: ISARA Corporation
    Inventors: Michael Kenneth Brown, Anthony Chun Li Hu, Marek Paruzel, Atsushi Yamada
  • Patent number: 10114956
    Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
    Type: Grant
    Filed: January 2, 2018
    Date of Patent: October 30, 2018
    Assignee: Apple Inc.
    Inventors: Timothy R. Paaske, Mitchell D. Adler, Conrad Sauerwald, Fabrice L. Gautier, Shu-Yi Yu