Public Key Patents (Class 380/30)
  • Patent number: 10693850
    Abstract: An example of a system and method implementing a live migration of a guest on a virtual machine of a host server to a target server is provided. For example, a host server may utilize a flow key to encrypt and decrypt communications with a target server. This flow key may be encrypted using a receive master key, which may result in a receive token. The receive token may be sent to the Network Interface Controller of the host server, which will then encrypt the data packet and forward the information to the target server. Multiple sender schemes may be employed on the host server, and various updates may take place on the target server as a result of the new location of the migrating guest from the host server to the target server.
    Type: Grant
    Filed: May 11, 2015
    Date of Patent: June 23, 2020
    Assignee: Google LLC
    Inventor: Benjamin Charles Serebrin
  • Patent number: 10693910
    Abstract: A destination address is processed to determine if the destination address is a fake web address or hyperlink. The destination address may be compared with a database of known domain names to see if the domain name is legitimate or illegitimate. The designation address may also be compared to other domain names to see if it is an honest or dishonest transformation of the other domain names. Appropriate action may be taken if the designation address is a dishonest transformation of another domain name.
    Type: Grant
    Filed: August 9, 2018
    Date of Patent: June 23, 2020
    Assignee: International Business Machines Corporation
    Inventor: John Michael Lake
  • Patent number: 10691447
    Abstract: Systems, methods, and software can be used to write system software on an electronic device. In some aspects, an instruction to write system software on an electronic device is received from a booting device that is different than the electronic device. In response to the instruction, a boot loader on the electronic device is invoked. A password is received from the booting device. Whether the received password matches a high level operating system (HLOS) password stored on the electronic device is determined. If the received password matches the HLOS password, the system software is written on the electronic device. If the received password does not match the HLOS password, the writing of the system software is halted.
    Type: Grant
    Filed: October 7, 2016
    Date of Patent: June 23, 2020
    Assignee: BlackBerry Limited
    Inventors: Catalin Visinescu, Byron Hummel, Zhi Jun Mo
  • Patent number: 10685140
    Abstract: A consent receipt management system is configured to: (1) automatically cause a prior, validly received consent to expire (e.g., in response to a triggering event); and (2) in response to causing the previously received consent to expire, automatically trigger a recapture of consent. In particular embodiments, the system may, for example, be configured to cause a prior, validly received consent to expire in response to one or more triggering events such as: (1) a passage of a particular amount of time since the system received the valid consent (e.g., a particular number of days, weeks, months, etc.); (2) one or more changes to a purpose of the data collection for which consent was received; (3) one or more changes to a privacy policy associated with the consent; (4) one or more changes to one or more rules that govern the collection or demonstration of validly received consent; etc.
    Type: Grant
    Filed: February 17, 2019
    Date of Patent: June 16, 2020
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Jonathan Blake Brannon, Richard A. Beaumont, John Mannix
  • Patent number: 10681035
    Abstract: A cryptographic services management engine may provide a single point of interaction for both users and administrators to manage and consume cryptographic services. Such an engine may allow centralized control over cryptography parameters, ensuring enterprise security standards are maintained while abstracting the complexity and potential for error away from users. Automating cryptographic maintenance tasks may avoid outages caused by expired or incorrect certificates, and improve reliability and predictability of critical infrastructure services.
    Type: Grant
    Filed: November 14, 2018
    Date of Patent: June 9, 2020
    Assignee: WALGREEN CO
    Inventor: Kurt Kincaid
  • Patent number: 10678509
    Abstract: An example multiply accumulate (MACC) circuit includes a multiply-accumulator having an accumulator output register, a scaler, coupled to the multiply accumulator, and a control circuit coupled to the multiply-accumulator and the scaler. The control circuit is configured to provide control data to the scaler, the control data indicative of: a most-significant bit (MSB) to least significant bit (LSB) range for selecting bit indices from the accumulator output register for implementing a first right shift; a multiplier; and a second right shift.
    Type: Grant
    Filed: August 21, 2018
    Date of Patent: June 9, 2020
    Assignee: XILINX, INC.
    Inventors: Sean Settle, Elliott Delaye, Aaron Ng, Ehsan Ghasemi, Ashish Sirasao, Xiao Teng, Jindrich Zejda
  • Patent number: 10673555
    Abstract: In an ultra-wideband (“UWB”) communication system comprising a pair of UWB transceivers, methods for securely performing channel sounding. In a first GCP Sync method, a pre-determined set of Golay Complementary Pairs is added to an 802.15.4a frame. In a second CLASS method, a cyphered low auto-correlation sum set is added to frame. In a third LCSSS method, a low cross-correlation sidelobe sum set is added to the frame. In general, these methods are adapted to transmit a pseudo-randomly generated codeset which may have inherent sidelobe distortions, and then, in the receiver, to compensate for this, and any channel-induced, distortion by selectively modifing the cross-correlation codeset.
    Type: Grant
    Filed: July 23, 2018
    Date of Patent: June 2, 2020
    Assignee: DecaWave, Ltd.
    Inventors: Ciaran McElroy, Jaroslaw Niewczas, Michael McLaughlin, Igor Dotlic, Marcas O'Duinn, Dries Neirynck
  • Patent number: 10673612
    Abstract: The present invention involves with a method of searchable public-key encryption, a system and server using the method.
    Type: Grant
    Filed: October 24, 2018
    Date of Patent: June 2, 2020
    Assignee: Huazhong University of Science and Technology
    Inventors: Hai Jin, Peng Xu, Shuanghong He, Deqing Zou
  • Patent number: 10666584
    Abstract: This invention discloses a method and apparatus for protecting message sender identity in an instant messaging system. Upon receiving an instant message via the instant messaging system, the system may withhold the identity of the sender while pushing the message to the other users in the communication channel. Identity withholding is controlled by the sender on his or her device. The disassociated message is displayed in a style that is common to users, for example, displaying in the middle, displaying in a common location, or even displaying in random locations on a screen of the message thread. Although someone can take a screenshot of a message, the screenshot does not contain any information that can be used to identify the actual sender of the message. In this case, users may generally rely on the context to appreciate the dynamics and/or flow of the conversation. The invention thus enables information sharing in an instant messaging system without the concern of screenshot.
    Type: Grant
    Filed: October 6, 2018
    Date of Patent: May 26, 2020
    Inventor: Jiazheng Shi
  • Patent number: 10657847
    Abstract: A combination of secure texts of values “a”, “b” and “c” having a relationship c=ab is efficiently generated. A secure text generation part 12 generates secure texts [xi] of xi satisfying xi=f(ki), and secure texts [yi] of yi satisfying yi=g(ki), for i=0, . . . , m. A fragment generation part 13 generates ?i decrypted from [xi]?[ai] and ?i decrypted from [yi]?[bi], for i=1, . . . , m, and calculates [ci]+?i[bi]+?i[ai]+?i?i and generates secure texts [z1], . . . , [zm]; and A random number synthesizing part 14 generates a secure text [z0] using different values k0, . . . , km and secure texts [z1], . . . , [zm].
    Type: Grant
    Filed: October 11, 2016
    Date of Patent: May 19, 2020
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Koki Hamada, Ryo Kikuchi
  • Patent number: 10659453
    Abstract: Identity authentication comprises: determining, in response to a request from a first device operated by a source user, that an identity authentication is to be performed for the source user; identifying a target user who is deemed to satisfy at least a preset condition, the target user being a user other than the source user; generating validation information to authenticate identity of the source user; sending the validation information to a second device operated by the target user; receiving a validation response from the first device operated by the source user; and performing identity authentication, including verifying whether the validation response received from the first device operated by the source user matches the validation information sent to the second device.
    Type: Grant
    Filed: June 25, 2015
    Date of Patent: May 19, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Mian Huang
  • Patent number: 10623189
    Abstract: Disclosed is an offline/online signature system including a key distribution center (KDC) and a signature end, wherein the KDC includes a key generating module, an offline signature module, and a verification module; and the signature end includes an online signature module and a verification module. The key generating module generates a temporary signature required for online signature, and transmits the result to a sensor node for storage. The online signature module generates a signature for a specific message; and the verification module includes a processor and a public key transformation component, wherein the processor transmits the signature to the public key transformation component and determines whether the signature is valid.
    Type: Grant
    Filed: December 23, 2015
    Date of Patent: April 14, 2020
    Assignee: South China University of Technology
    Inventors: Shaohua Tang, Jiahui Chen
  • Patent number: 10623188
    Abstract: A medical treatment machine, such as a dialysis machine (e.g., a home dialysis machine, such as a home hemodialysis machine or a home peritoneal dialysis machine) can receive a digital prescription file that defines parameters of a medical treatment to be administered to a patient. The digital prescription file can be prepared and delivered in such a way that the medical treatment machine can confirm that the issuer (e.g., provider) of the digital prescription file is an authorized issuer without having any a priori knowledge of the particular issuer. The digital prescription file can be delivered irrespective of the inherent security (or lack thereof) of the transmission medium in a tamper-evident format using minimal resources necessary to verify the validity of the digital prescription file and its issuer. The digital prescription file may be delivered to the dialysis machine using a network cloud-based connected health system.
    Type: Grant
    Filed: April 26, 2017
    Date of Patent: April 14, 2020
    Assignee: Fresenius Medical Care Holdings, Inc.
    Inventors: Harvey Cohen, Matthew Buraczenski, Matthew O'Reilly
  • Patent number: 10613776
    Abstract: Methods and apparatus for efficiently storing and accessing secure data are disclosed. The method of storing includes encrypting data utilizing an encryption key to produce encrypted data, performing deterministic functions on the encrypted data to produce deterministic function values, masking the encryption key utilizing the deterministic function values to produce masked keys and combining the encrypted data and the masked keys to produce a secure package. The method of accessing includes de-combining a secure package to reproduce encrypted data and masked keys, selecting a deterministic function, performing the selected deterministic function on the reproduced encrypted data to reproduce a deterministic function value, de-masking a corresponding masked key utilizing the reproduced deterministic function value to reproduce an encryption key, and decrypting the reproduced encrypted data utilizing the reproduced encryption key to reproduce data.
    Type: Grant
    Filed: November 16, 2018
    Date of Patent: April 7, 2020
    Assignee: PURE STORAGE, INC.
    Inventor: Jason K. Resch
  • Patent number: 10608828
    Abstract: Providing revocation status of at least one associated credential includes providing a primary credential that is at least initially independent of the associated credential, binding the at least one associated credential to the primary credential, and deeming the at least one associated credential to be revoked if the primary credential is revoked. Providing revocation status of at least one associated credential may also include deeming the at least one associated credential to be not revoked if the primary credential is not revoked. Binding may be independent of the contents of the credentials and may be independent of whether any of the credentials authenticate any other ones of the credentials. The at least one associated credential may be provided on an integrated circuit card (ICC). The ICC may be part of a mobile phone or a smart card.
    Type: Grant
    Filed: November 13, 2017
    Date of Patent: March 31, 2020
    Assignee: ASSA ABLOY AB
    Inventors: Eric F. Le Saint, Robert F. Dulude
  • Patent number: 10609006
    Abstract: A cryptographic key may be received or generated at a self-encrypting key management service application where the cryptographic key is received from another application provided on a server associated with the self-encrypting key management service application. The cryptographic key may be stored at a secure enclave corresponding to the self-encrypting key management service application. A request for a performance of a cryptographic operation associated with the cryptographic key may be received from the other application provided on the server. The cryptographic key at the secure enclave corresponding to the self-encrypting key management service application may be retrieved. The cryptographic operation may be performed with the cryptographic key to generate an output that is provided to the other application.
    Type: Grant
    Filed: January 13, 2017
    Date of Patent: March 31, 2020
    Assignee: Fortanix, Inc.
    Inventors: Ambuj Kumar, Anand Kashyap, Jethro Gideon Beekman, Faisal Faruqui
  • Patent number: 10608999
    Abstract: An apparatus includes a Base Station (BS) that includes an antenna array and circuitry. The antenna array is configured to transmit downlink transmissions and to receive uplink transmissions. The circuitry is configured to generate secret bits to be used for securing uplink transmissions from legitimate user devices, and to distribute the secret bits over one or more data streams destined to the legitimate user devices, to further generate one or more jamming streams, and to apply to the jamming streams beamforming that directs the jamming streams away from the legitimate user devices, to transmit the data streams and the jamming streams using the antenna array, to receive, via the antenna array, data that was encrypted by a legitimate user device based on the secret bits, and to recover the data by decoding the encrypted data using the secret bits.
    Type: Grant
    Filed: November 27, 2017
    Date of Patent: March 31, 2020
    Assignee: CELENO COMMUNICATIONS (ISRAEL) LTD.
    Inventor: Nir Shapira
  • Patent number: 10600045
    Abstract: A mobile device with a disabling feature is disclosed. The method includes activating a mobile device having a timeout feature to disable a function of the mobile device after a set period of time. The period of time may be chosen by a user of the mobile device.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: March 24, 2020
    Assignee: Visa U.S.A. Inc.
    Inventors: Gavin Shenker, David Wentker, Douglas Deibert, Erick Wong
  • Patent number: 10595040
    Abstract: Systems and methods for reducing latency through motion estimation and compensation techniques are disclosed. The systems and methods include a client device that uses transmitted lookup tables from a remote server to match user input to motion vectors, and tag and sum those motion vectors. When a remote server transmits encoded video frames to the client, the client decodes those video frames and applies the summed motion vectors to the decoded frames to estimate motion in those frames. In certain embodiments, the systems and methods generate motion vectors at a server based on predetermined criteria and transmit the generated motion vectors and one or more invalidators to a client, which caches those motion vectors and invalidators. The server instructs the client to receive input from a user, and use that input to match to cached motion vectors or invalidators. Based on that comparison, the client then applies the matched motion vectors or invalidators to effect motion compensation in a graphic interface.
    Type: Grant
    Filed: November 27, 2018
    Date of Patent: March 17, 2020
    Assignee: ZeniMax Media Inc.
    Inventor: Michael Kopietz
  • Patent number: 10579984
    Abstract: The invention relates to a method for making a transaction of a contactless application secure, said application (11) being stored in the mobile terminal (10), said transaction taking place between the mobile terminal and a contactless reader (12), said terminal including a security element (14), said method comprising the following steps carried out by the mobile terminal: the application sends (E13) a token representing a piece of sensitive data and a first authentication value relating to the token to the reader, the security element receives (E16) the token and the related first authentication value from the reader, the security element calculates (E17) a second authentication value from the received token and compares the first authentication value with the second authentication value, and sending (E18) the result of the comparison to the reader, said reader cancelling the transaction if the result is negative.
    Type: Grant
    Filed: December 17, 2015
    Date of Patent: March 3, 2020
    Assignee: Orange
    Inventors: Mouhannad Alattar, Mohammed Achemlal
  • Patent number: 10574633
    Abstract: Embodiments of the invention relate to efficient methods for authenticated communication. In one embodiment, a first computing device can generate an ephemeral key pair comprising an ephemeral public key and an ephemeral private key. The first computing device can generate a first shared secret using the ephemeral private key and a static second device public key. The first computing device can encrypt request data using the first shared secret to obtain encrypted request data. The first computing device can send a request message including the encrypted request data and the ephemeral public key to a server computer. Upon receiving a response message from the server computer, the first computing device can determine a second shared secret using the ephemeral private key and the blinded static second device public key. The first computing device can then decrypt the encrypted response data from the response message to obtain response data.
    Type: Grant
    Filed: June 18, 2015
    Date of Patent: February 25, 2020
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventors: Eric Le Saint, Upendra Mardikar, Dominique Fedronic
  • Patent number: 10574463
    Abstract: Provided is a computer implemented method for performing mutual authentication between an online service server and a service user, including: (a) generating, by an authentication server, a server inspection OTP; (b) generating, by an OTP generator, a verification OTP having the same condition as the server inspection OTP and using the same generation key as an OTP generation key and a calculation condition different from a calculation condition is applied or a generation key different from the OTP generation key is used and the same calculation condition as the calculation condition used for generating the server inspection OTP is applied to generate a user OTP; and (c) generating, by the authentication server, a corresponding OTP having the same condition as the user OTP and comparing whether the generated corresponding OTP and the user OTP match each other to authenticate the service user.
    Type: Grant
    Filed: April 7, 2019
    Date of Patent: February 25, 2020
    Assignee: eStorm Co., LTD
    Inventor: Jong Hyun Woo
  • Patent number: 10574451
    Abstract: Method and apparatus for a system to communicate via perfect forward secrecy. A deterministic hierarchy is used to generate public and private keys, offline, on distinct devices, for use with asymmetrical cryptography over an unsecure medium. Because each private key is not transmitted over the unsecure medium, but must be used to de-encrypt the communications, it is very difficult for man-in-the-middle attacks to de-encrypt the communications. Because each private key is generated according to a deterministic hierarchy, a master entity can recreate the private keys and passively monitor the communications while maintaining perfect forward secrecy.
    Type: Grant
    Filed: October 19, 2017
    Date of Patent: February 25, 2020
    Assignee: Bank of America Corporation
    Inventors: Amanda Jane Adams, Ben Lightowler
  • Patent number: 10564955
    Abstract: An embodiment method for retiring a dynamically updatable function includes receiving, by a collector-thread, a registration of the function, wherein the registration indicates to the collector-thread addresses of memory locations for counters that count a number of calls currently being made to a previous version of the function by a plurality of execution threads; reading, by the collector-thread, values of the counters; and when the values of all the counters are zero, deleting, by the collector-thread, the function from a storage medium on a device previously executing the previous version of the function.
    Type: Grant
    Filed: January 3, 2018
    Date of Patent: February 18, 2020
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Marcus Theodore Chernenko Karpoff, Jose Nelson Amaral, Kai-Ting Amy Wang, Brice Adam Dobry
  • Patent number: 10567363
    Abstract: Computer systems and methods for improving the security and efficiency of client computers interacting with server computers through an intermediary computer using one or more polymorphic protocols are discussed herein.
    Type: Grant
    Filed: March 3, 2016
    Date of Patent: February 18, 2020
    Assignee: SHAPE SECURITY, INC.
    Inventor: Michael J. Ficarra
  • Patent number: 10558812
    Abstract: A device is configured with a trusted platform module (TPM) executing in a trusted execution environment (TEE). Software/firmware updates, user data, applications, etc. are pushed to the device as a payload. The payloads contain a sealed container (e.g., the software/firmware update, user data, applications, etc.), one or more policies, and one or more provisioning code segments corresponding to the one or more policies. The policies are checked by the TPM of the device. If the measurement of the one or more provisioning code segments satisfy the one or more policies, then the sealed container is unsealed by the TPM and released to the device.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: February 11, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Torsten Stein
  • Patent number: 10558634
    Abstract: A system receives an association of first item with first system user, generates first hash value by applying first hash function associated with first system user to first item identifier associated with first item, and sets a bit corresponding to first hash value in array. The system receives an association of second item with second system user, generates second hash value by applying second hash function associated with second user to second item identifier associated with second item, and sets a bit corresponding to second hash value in array. The system receives a request to determine whether third item is associated with first system user, generates third hash value by applying first hash function to third item identifier associated with third item, and outputs message that third item is not associated with first user if a bit corresponding to third hash value is not set in array.
    Type: Grant
    Filed: September 6, 2016
    Date of Patent: February 11, 2020
    Assignee: salesforce.com, inc.
    Inventor: Matthew Fuchs
  • Patent number: 10554431
    Abstract: A method for a WLAN-enabled device to access to a network is provided, including the following steps. An intelligent terminal device acquires a key KEY1, encrypts, by using the KEY 1, access information of a wireless access device that is known by the intelligent terminal device, and then transmits the access information as well as the unique identification information. WLAN-enabled device sniffs and acquires the unique identification information and the encrypted access information, generates the KEY1 based on the unique identification information and a preset key material, and decrypts the encrypted access information by using the KEY1 to obtain the access information. The present invention further relates to a WLAN-enabled device for implementing the method and an intelligent terminal device.
    Type: Grant
    Filed: October 26, 2015
    Date of Patent: February 4, 2020
    Assignee: China IWNCOMM Co., LTD.
    Inventors: Yanan Hu, Bianling Zhang, Yuehui Wang, Weigang Tong, Manxia Tie, Zhiqiang Du
  • Patent number: 10548005
    Abstract: Disclosed herein is a method for security of an identifier of a user equipment (UE) used when a network connection is established in a wireless communication system, which may include: requesting, to a mobile network operator (MNO), a temporary key used to encrypt the identifier and a ticket for authenticating an authority to access the identifier; receiving the temporary key and the ticket from the MNO; verifying a validity of the ticket; transmitting the ticket to a pseudonym certification authority (PCA) when the ticket is valid; receiving, from the PCA, a subpool which corresponds to the ticket and is encrypted with the temporary key, wherein the encrypted subpool includes a pair of the identifier and the encryption key; and receiving, from the PCA, a subpool which corresponds to the ticket and is encrypted with the temporary key, wherein the encrypted subpool includes a pair of the identifier and the encryption key; and acquiring the identifier by decrypting the encrypted identifier subpool using the tem
    Type: Grant
    Filed: March 20, 2017
    Date of Patent: January 28, 2020
    Assignee: LG ELECTRONICS INC.
    Inventor: Joonwoong Kim
  • Patent number: 10530580
    Abstract: Disclosed herein is a system for enabling secure data storage into a third party managed electronic vault that provides users with a secure location to store important documents, information, and data including but not limited to various forms of personal identifiable information. The system features an interface that dynamically secures, encrypts, and protects data related to transmission, storage, and retrieval, as well as management components that regulate and authenticate access to the contents of the electronic safe deposit boxes (and subdivisions thereof) in the electronic vault. In addition, the system features comprehensive logic for completing and/or auto-filling forms, tracking and/or facilitating renewals of expiring credentials, providing reminders of important dates and events, managing multi-step processes, automatically adjusting security and authentication requirement based on one or more factors, and guiding and suggesting complimentary activities and considerations for detected user events.
    Type: Grant
    Filed: October 20, 2018
    Date of Patent: January 7, 2020
    Assignee: InteracVAULT Inc.
    Inventor: Laura Sibley Walker
  • Patent number: 10521791
    Abstract: A computer-based method for communicating liability acceptance for payment card transactions is provided. The method uses a computer device including a processor and a memory. The method includes receiving, by the processor, a transaction authorization request message for a payment card transaction having a default-liable party. The transaction authorization request message includes a shifted-liability acceptance indicator identifying a different party to the transaction that accepts liability for the payment card transaction. The method also includes authorizing the payment card transaction based at least in part on the shifted-liability acceptance indicator. The shifted-liability acceptance indicator changes the liability for the payment card transaction from the default-liable party to the different party accepting liability.
    Type: Grant
    Filed: May 7, 2014
    Date of Patent: December 31, 2019
    Assignee: Mastercard International Incorporated
    Inventors: Theunis J. Gerber, Peter J. Groarke, Mark B. Wiesman
  • Patent number: 10521596
    Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
    Type: Grant
    Filed: September 21, 2018
    Date of Patent: December 31, 2019
    Assignee: Apple Inc.
    Inventors: Timothy R. Paaske, Mitchell D. Adler, Conrad Sauerwald, Fabrice L. Gautier, Shu-Yi Yu
  • Patent number: 10523442
    Abstract: Secure communications between services or components of a cloud computing system, are facilitated by generating at a first service provided by a first computing entity of a cloud computing system, a request for computing resources, generating at the first computing entity a digital data signature based at least on the request, using a private key associated with the first service; and inserting the digital data signature within an HTTP header associated with the request. A computer data network is used to communicate the request to a second service. The second service extracts the digital data signature and uses a public key to validate the digital data signature.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: December 31, 2019
    Assignee: CITRIX SYSTEMS, INC.
    Inventors: Thomas Kludy, Leo C. Singleton, IV, Felipe Leon, Luis G. Menchaca
  • Patent number: 10523446
    Abstract: Upon receiving a new CRL, a device with a large storage capacity in an authentication system detects another device connected to a controller to which this device is connecting, and determines whether or not to transmit the new CRL depending on the magnitude of the storage capacity of the device that has been detected.
    Type: Grant
    Filed: November 6, 2015
    Date of Patent: December 31, 2019
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventors: Ayaka Ichijo, Manabu Maeda, Yuji Unagami
  • Patent number: 10516654
    Abstract: In one embodiment, a computing device includes at least one hardware processor to execute instructions, a network interface to enable communication with a second computing device and a third computing device, and at least one storage medium. Such medium may store instructions that when executed by the computing device enable the computing device to request delegation of a key provisioning privilege for the second computing device from the third computing device via a parent-guardian delegation protocol comprising a three-party key distribution protocol with the second computing device and the third computing device, the three-party key distribution protocol having interposed therein a two-party authenticated key exchange protocol between the computing device and the third computing device. Other embodiments are described and claimed.
    Type: Grant
    Filed: March 15, 2016
    Date of Patent: December 24, 2019
    Assignee: Intel Corporation
    Inventors: Meiyuan Zhao, Jesse Walker, Xiruo Liu, Steffen Schulz, Jianqing Zhang
  • Patent number: 10511450
    Abstract: Permission control and management for messaging application bots is described. A method can include providing a messaging application, on a first computing device associated with a first user, to enable communication between the first user and another user, and detecting, at the messaging application, a user request. The method can also include programmatically determining that an action in response to the user request requires access to data associated with the first user, and causing a permission interface to be rendered in the messaging application, the permission interface enabling the first user to approve or prohibit access to the data associated with the first user. The method can include accessing the data associated with the first user and performing the action in response to the user request, upon receiving user input from the first user indicating approval of the access to the data associated with the first user.
    Type: Grant
    Filed: September 19, 2017
    Date of Patent: December 17, 2019
    Assignee: Google LLC
    Inventors: Shelbian Fung, Richard Dunn, Anton Volkov, Adam Rodriguez
  • Patent number: 10511577
    Abstract: A registration apparatus generates shares by secret sharing of a character string with a plurality of modulus and sends the shares to a plurality of server apparatuses to be stored therein. A retrieval apparatus sends shares generated by secret sharing of a retrieval character string with the plurality of modulus to the plurality of server apparatuses. The plurality of server apparatuses execute a subroutine for shares of the each registration character string stored in a storage unit and for each of the plurality of modulus, reconstruct an execution result, and determine whether or not to return the shares of the registration character string stored in the storage unit as a retrieval result. A retrieval apparatus reconstructs shares returned from the plurality of server apparatuses and obtains a retrieval result in which the retrieval character string hits, from the reconstructed result by the Chinese remainder theorem.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: December 17, 2019
    Assignee: NEC CORPORATION
    Inventor: Isamu Teranishi
  • Patent number: 10511796
    Abstract: An image sensor system, including: an image sensor, a readout circuit, and a timing control circuit. The image sensor includes a plurality of diodes, and one of the plurality of diodes outputs a sensing current when a photon is detected. The readout circuit is coupled to the image sensor and arranged to selectively operate in at least a first mode and a second mode. The timing control circuit is coupled to the readout circuit and is arranged to determine if a coding condition is fit according to an input signal and generate a control signal when the coding condition is fit, wherein the input signal input signal includes a plurality of bits serially input to the timing control circuit, and each bit of the plurality of bits corresponds to each pulse of a clock signal respectively.
    Type: Grant
    Filed: July 26, 2018
    Date of Patent: December 17, 2019
    Assignee: TAIWAN SEMICONDUCTOR MANUFACTURING COMPANY LTD.
    Inventor: Chih-Min Liu
  • Patent number: 10505731
    Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for secure end-to-end digital communications involving mobile wallets. The result is direct, secure, in-band messaging using mobile wallets that may be used to send messages such as payments, requests for money, financial information, or messages to authorize a debit or credit.
    Type: Grant
    Filed: July 20, 2018
    Date of Patent: December 10, 2019
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Joon Maeng, Ramanathan Ramanathan, Thomas Hayes
  • Patent number: 10503913
    Abstract: Techniques for establishing mutual authentication of software layers of an application are described. During initialization of the application, the software layers execute a binding algorithm to exchange secrets to bind the software layers to one another. During subsequent runtime of the software application, the software layers execute a runtime key derivation algorithm to combine the secrets shared during initialization with dynamic time information to generate a data encryption key. The software layers can then securely transfer data with each other by encrypting and decrypting data exchanged between the software layers using the dynamically generated data encryption key.
    Type: Grant
    Filed: March 11, 2016
    Date of Patent: December 10, 2019
    Assignee: Visa International Service Association
    Inventors: Rasta Mansour, Soumendra Bhattacharya, Robert Youdale
  • Patent number: 10491573
    Abstract: A technique for hiding topological information in a message that leaves a trusted network-domain is presented. The message pertains to a subscriber session and comprises a Fully Qualified Domain Name (FQDN) of a message originator. The originator is located in a first network domain, and the message is directed towards a destination in a second network domain. A method aspect comprises the steps of receiving the message, determining the FQDN comprised in the message and determining an identifier associated with the message. The identifier comprises at least one of a subscriber identifier, a session identifier and a destination identifier. Further, the method comprises applying a cryptographic operation on the FQDN and the identifier, or on information derived therefrom, to generate a cryptographic value. The message is then processed by substituting at least a portion of the FQDN with the cryptographic value prior to forwarding the message towards the second network domain.
    Type: Grant
    Filed: December 8, 2014
    Date of Patent: November 26, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Kurt Essigmann, Gerasimos Dimitriadis, Volker Kleinfeld
  • Patent number: 10491570
    Abstract: The disclosure relates to a method for transmitting data and to a corresponding method for receiving data. According to the disclosure, in the method for transmitting data, a cryptographic processing operation is performed on the data to be transmitted, after this data has been pre-subdivided into blocks of data, and a tag representing each block of encrypted data is computed. The tag is then transmitted in such a way that a hacker in not able to reproduce a correct transmission of tags. The method of reception, for its part, ensures that when an incorrect tag is received (because of a hacking attempt), the processing of the data blocks is not immediately stopped but a differential processing is implemented in order to jam an attempt to analyze the behavior of the receiver.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: November 26, 2019
    Inventors: David Naccache, Remi Geraud, Marc Beunardeau
  • Patent number: 10484391
    Abstract: A communication system for providing secure point-to-point communication comprising a communication network, a first client device and a second client device configured to communicate with each other via communication network, wherein each of the first and second client devices is adapted to run a selected communication application using a communication service provided by the communication network to communicate with each other, wherein the communication application which provides the highest communication service security level is selected from a group of communication applications using communication services with different communication service security levels and being available on the first and second client devices.
    Type: Grant
    Filed: August 17, 2015
    Date of Patent: November 19, 2019
    Assignee: ROHDE & SCHWARZ GMBH & CO. KG
    Inventor: Christoph Koch
  • Patent number: 10484181
    Abstract: A system and method that generate digests for data transactions provide non-repudiation of collected data. Meta data based on the Data DNA modeling are collected for all data transactions in a system. The digest of the data transactions is encrypted. A digest is also generated for user sessions and time periods. The digests are recorded as part of Data DNA records and can be used for validation of data transactions in the system.
    Type: Grant
    Filed: December 12, 2016
    Date of Patent: November 19, 2019
    Assignee: Datiphy Inc.
    Inventor: Yeejang James Lin
  • Patent number: 10484184
    Abstract: A vehicle system includes a master ECU and a general ECU. The general ECU attaches a digital signature to transmission data including data (for example, a digest value of a program) and transmits the transmission data to the master ECU. The master ECU verifies the digital signature and the data and, when both the digital signature and the data are valid, determines that the general ECU is valid. The master ECU attaches a digital signature to transmission data including data of the master ECU and a session key and transmits the transmission data to the general ECU. The general ECU verifies the digital signature and the data and, when both the digital signature and the data are valid, the general ECU uses the session key included in the transmission data as a common key when performing subsequent communications.
    Type: Grant
    Filed: September 7, 2016
    Date of Patent: November 19, 2019
    Assignee: TOYOTA JIDOSHA KABUSHIKI KAISHA
    Inventors: Hisashi Oguma, Tsuyoshi Toyama
  • Patent number: 10469490
    Abstract: FIDO (“Fast IDentity Online”) authentication processes and systems are described. In an embodiment, a FIDO information systems (IS) computer system receives a FIDO authentication request for a transaction from a user device, which includes user data and user device authenticator data. The FIDO IS computer system then verifies the user data and user device authenticator data, selects a FIDO-certified server, transmits the FIDO authentication request to the selected FIDO server, and receives a challenge message from the selected FIDO-certified server. The FIDO IS computer system next transmits the challenge message to the user device, receives a FIDO authentication response, transmits the FIDO authentication response to the selected FIDO-certified server, receives an authentication result from the FIDO-certified server, and transmits the authentication result to the user device.
    Type: Grant
    Filed: October 19, 2017
    Date of Patent: November 5, 2019
    Assignee: Mastercard International Incorporated
    Inventors: Dawid Nowak, Ashley Waldron, Ashfaq Kamal
  • Patent number: 10454681
    Abstract: In a general aspect, a random seed value may be used in a key encapsulation process for multiple recipients. An error vector derivation function is applied to a combination of the random seed value and an additional value, including an identifier of a recipient, to produce an error vector. A plaintext value for the recipient is obtained based on the random seed value. The error vector and the plaintext value are used in an encryption function to produce a ciphertext for the recipient. A pseudorandom function is applied to the random seed value to produce a pseudorandom function output that includes a symmetric key, and the symmetric key is used to generate an encrypted message for the recipient based on an unencrypted message. The ciphertext for the recipient and the encrypted message are provided for transmission in a communication network.
    Type: Grant
    Filed: June 14, 2018
    Date of Patent: October 22, 2019
    Assignee: ISARA Corporation
    Inventors: Atsushi Yamada, Edward William Eaton
  • Patent number: 10455025
    Abstract: An authenticated session with a remote system is established and identified through an authentication token for the session. During that session, a resource is accessed requiring additional authentication beyond what the authentication token was originally authorized for. Out-of-band processing from the existing session performs the additional authentication and permission from the authentication token are upgraded to include permissions for accessing the resource during the session. The resource is accessed during the session with the authentication token having the upgraded permissions.
    Type: Grant
    Filed: August 2, 2016
    Date of Patent: October 22, 2019
    Assignee: Micro Focus Software Inc.
    Inventors: Lloyd Leon Burch, Gulshan Govind Vaswani, Sureshkumar Thangavel, Rik Peters
  • Patent number: 10454675
    Abstract: A method, system and computer program product for ensuring PKI key pairs are operatively installed within a secure domain of a security token prior to generating a digital certificate. The public key component of the PKI key pair is incorporated into a digital certificate which is returned to the security token for storage. The arrangement included herein incorporates the use of a critical security parameter to ensure a chain of trust with an issuing entity such as a registration authority. Furthermore, the arrangement does not require security officer or system administrator oversight during digital certificate generation as the critical security parameter provides a sufficient level of trust to ensure that digital certificate generation is being performed in conjunction with a designated security token rather than a rogue application. Lastly, separate inventive embodiments allow alternate communications and verification arrangements to be implemented.
    Type: Grant
    Filed: February 6, 2017
    Date of Patent: October 22, 2019
    Assignee: ASSA ABLOY AB
    Inventor: Eric F. Le Saint
  • Patent number: 10447674
    Abstract: A system may transmit, to a first entity, data to indicate an association between the first entity and a public key, wherein the public key is to be used to establish a cryptographically protected communications session between the first entity and a second entity, receive the data in response to a request to verify the association, and transmit, to the second entity, an indication that the data is valid. The system may be a cryptography service that is partially by the first and second entities. A partially trusted system can a computer system that is trusted in some respects but not trusted in other respects. A partially trusted cryptography service may be trusted to generate digital signatures and verify authenticity of digital signatures, but not trusted with access to a cryptographic key that can be used to access a cryptographically protected communications between a first entity and a second entity.
    Type: Grant
    Filed: July 6, 2017
    Date of Patent: October 15, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Matthew John Campagna