Public Key Patents (Class 380/30)
  • Patent number: 12124546
    Abstract: A homomorphic encryption scheme, such as Paillier encryption in combination with a bit packing process allows biometric matching at a terminal without exposing a biometric template stored at a user's device. Because such encryption schemes are data intensive, the bit packing process allows reductions in data being sent and processed so that the biometric matching process can be accomplished in near real time. The high speed of this optimized process allows the technique to be applied to many real world processes such as access control and transaction processing.
    Type: Grant
    Filed: January 5, 2022
    Date of Patent: October 22, 2024
    Assignee: Visa International Service Association
    Inventor: Peter Rindal
  • Patent number: 12105838
    Abstract: This disclosure relates to using probabilistic data structures to enable systems to detect fraud while preserving user privacy. In one aspect, a method includes obtaining a set of frequency filters. Each frequency filter defines a maximum event count for a specified event type over a specified time duration and corresponds to a respective content provider. A subset of the frequency filters are identified as triggered frequency filters for which an actual event count for the specified event type corresponding to the frequency filter exceeds the maximum event count defined by the frequency filter during a time period corresponding to a specified time duration for the frequency filter. A probabilistic data structure that represents at least a portion of the frequency filters in the subset of frequency filters is generated. A request for content is sent to multiple content providers. The request for content includes the probabilistic data structure.
    Type: Grant
    Filed: January 15, 2021
    Date of Patent: October 1, 2024
    Assignee: Google LLC
    Inventors: Gang Wang, David Bruce Turner
  • Patent number: 12099593
    Abstract: A method for authenticating an integrated circuit is provided. At an intellectual property facility, a random encryption key and a number of random input vectors are generated. For each input vector, the input vector is encrypted, based on the encryption key, to generate a corresponding output vector, and the input vector and the corresponding output vector are formed into an authentication vector pair. The encryption key is embedded into hardware description language instructions that define an integrated circuit that includes a cryptography engine. A number of authentication vector pairs is transmitted, via a secure communication link, to a semiconductor assembly and test facility. An input vector of an authentication vector pair is presented to the integrated circuit, which encrypts the input vector using the embedded encryption key. If the result matches the output vector of the authentication vector pair, the integrated circuit is determined to be authentic.
    Type: Grant
    Filed: April 30, 2021
    Date of Patent: September 24, 2024
    Assignee: Arm Limited
    Inventors: Oded Golombek, Einat Luko
  • Patent number: 12093431
    Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.
    Type: Grant
    Filed: August 1, 2023
    Date of Patent: September 17, 2024
    Assignee: Intel Corporation
    Inventors: Manoj R. Sastry, Alpa Narendra Trivedi, Men Long
  • Patent number: 12095898
    Abstract: A blockchain-based privacy protection method for a CCN includes: executing, by a trusted AAC, an initialization algorithm to generate common parameters and a master key, generating a public key and a private key for each consumer and publisher, and randomly generating, by the trusted AAC, its own public key and private key; calculating a public key, and generating ciphertext and uploading the ciphertext to a CSP; performing transaction on-chaining; and during decryption, finding, by the consumer, transaction information of the content on the consortium blockchain, sending an interest packet based on the transaction information, and obtaining ciphertext CT through a storage address in the transaction information; generating, by the consortium blockchain, an access transaction based on access information of the consumer; sending the ciphertext CT to the consumer through a data packet; and locally decrypting, by the consumer, the ciphertext CT, and verifying correctness of the content.
    Type: Grant
    Filed: July 13, 2022
    Date of Patent: September 17, 2024
    Assignee: Zhengzhou University of Light Industry
    Inventors: Jianwei Zhang, Haiyan Sun, Zengyu Cai, Liang Zhu, Shujun Liang, Erlin Tian, Huanlong Zhang, Yanhua Zhang, Xi Chen
  • Patent number: 12073839
    Abstract: In some implementations, a front-end device may receive a physical identifier associated with the user. Accordingly, the front-end device may select a plurality of images, where each image corresponds to a unique integer of integers zero through nine. The front-end device may show, on a display, the plurality of images and receive audio that includes a sequence of words that describe a subset of the plurality of images. Accordingly, the front-end device may map the sequence of words to the subset of the plurality of images and determine a first sequence of numbers corresponding to the subset of the plurality of images. Therefore, the front-end device may authenticate the user based on the first sequence of numbers matching a second sequence of numbers associated with the user.
    Type: Grant
    Filed: March 24, 2022
    Date of Patent: August 27, 2024
    Assignee: Capital One Services, LLC
    Inventors: Michael Mossoba, Joshua Edwards, Abdelkader M'Hamed Benkreira
  • Patent number: 12063290
    Abstract: An encoding method includes: receiving a plurality of messages; encoding the plurality of messages into a polynomial defined by multivariates; and encrypting the polynomial defined by the multivariates to generate a homomorphic ciphertext. The plurality of messages may be multidimensionally packed by using multivariates, and thus, an operation may be performed with low complexity in the process of matrix multiplication for ciphertexts packed with the multivariates.
    Type: Grant
    Filed: December 6, 2019
    Date of Patent: August 13, 2024
    Assignee: Crypto Lab Inc.
    Inventors: Jung Hee Cheon, Andrey Kim, Donggeon Yhee
  • Patent number: 12063512
    Abstract: Systems and methods of the present disclosure are directed to a method performed by a Wireless Communication Device (WCD) for securing wireless communication. The method includes obtaining a configuration descriptive of network entity(s) comprising (a) Legitimate Network Entity (LNE(s)); (b) or Illegitimate Network Entity (INE(s)); or (c) both LNE(s) and INE(s). The method includes determining that a trigger condition for applying the configuration has occurred. The method includes, responsive to making the determination, applying the configuration to the WCD such that connection related procedure(s) of the WCD related to connection between the WCD and the network entity(s) are adjusted in such a manner that the WCD is permitted to connect to only the LNE(s), not permitted to connect to the INE(s), both permitted to connect to only the LNE(s) and not permitted to connect to the INE(s), or not permitted to connect to any network entity.
    Type: Grant
    Filed: August 20, 2021
    Date of Patent: August 13, 2024
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Prajwol Kumar Nakarmi, Muhammad Ali Kazmi, Loay Abdelrazek, Jonathan Olsson
  • Patent number: 12056229
    Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution. A secrets management service (“SMS”) can be utilized to store, renew and distribute secrets in a distributed computing environment. The secrets are initially deployed, after which, SMS can automatically renew the secrets according to a specified rollover policy, and polling agents can fetch updates from SMS. In various embodiments, SMS can autonomously rollover client certificates for authentication of users who access a security critical service, autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored. In this manner, secrets can be automatically renewed without any manual orchestration and/or the need to redeploy services.
    Type: Grant
    Filed: November 30, 2021
    Date of Patent: August 6, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Brian S. Lounsberry, Ashok Chandrasekaran, Chetan S. Shankar, Chandan R. Reddy, Chuang Wang, Kahren Tevosyan, Mark Eugene Russinovich, Vyom P. Munshi, Pavel Zakharov, Abhishek Pratap Singh Chauhan
  • Patent number: 12052374
    Abstract: A system and method for verifying a cryptographic access code is provided. If a set of cryptographic access components are quantum-aware, the system can obtain a post-quantum encryption and/or decryption algorithm from a context-specific non-critical extension in a private OID namespace, such as SABER, Kyber, Enhanced McEliece, or RLCE. If the set of cryptographic access components are quantum-aware, the system can obtain a post-quantum signature or verification algorithm from the private OID namespace. The system can validate a root of trust specified in a TAL record; confirm that a respective certificate, CRL, or TAL is specified in at least one Manifest record; confirm that a hash of the respective certificate, CRL, or TAL matches a recorded hash in a respective Manifest listing the respective certificate, CRL, or TAL; and confirm that a respective CRL or Manifest is fresh.
    Type: Grant
    Filed: August 22, 2022
    Date of Patent: July 30, 2024
    Assignee: QuSecure, Inc
    Inventor: Mark C. Reynolds
  • Patent number: 12045852
    Abstract: Systems and methods are disclosed for traffic filtration by content providers. One method includes receiving a content request from a device of a user; determining whether one or more container tags are associated with requested content; determining, prior to responding to the content request, whether the content request is by a user based on the content request and the one or more container tags; generating, prior to responding to the content request, an ad request based on the content request and the one or more container tags; determining, prior to responding to the content request, an ad request recipient based on the generated ad request and the one or more container tags; transmitting the ad request to the determined ad request recipient; and transmitting, over the electronic network to the device, a response to the content request when the content request is determined to be by a user.
    Type: Grant
    Filed: May 17, 2022
    Date of Patent: July 23, 2024
    Assignee: Yahoo Ad Tech LLC
    Inventor: Seth Mitchell Demsey
  • Patent number: 12034849
    Abstract: A method for decoding an encrypted electromagnetic signal W encoded by a first computer with public key N_0=r×s, where N_0, r and s are integers. There is the step of obtaining the electromagnetic signal W from a telecommunications network, or a data network or an Internet or a first non-transient memory. There is the step of storing the electromagnetic signal W in a second non-transient memory. There is the step of decoding with a second computer in communication with the second non-transient memory the electromagnetic signal W in the second non-transient memory by factoring the public key N_0 in at most a time O(log^6 N_0). A non-transitory readable storage medium which includes a computer program stored on the storage medium for decoding an encrypted electromagnetic signal W.
    Type: Grant
    Filed: September 2, 2022
    Date of Patent: July 9, 2024
    Assignee: Compunetix, Inc.
    Inventors: Giorgio Coraluppi, Jonathan Holland, John E. Gilmour
  • Patent number: 12014364
    Abstract: The invention relates to efficient zero knowledge verification of composite statements that involve both arithmetic circuit satisfiability and dependent statements about the validity of public keys (key-statement proofs) simultaneously. The method enables a prover to prove this particular statement in zero-knowledge. More specifically, the invention relates to a computer-implemented method for enabling zero-knowledge proof or verification of a statement (S) in which a prover proves to a verifier that a statement is true while keeping a witness (W) to the statement a secret. The invention also relates to the reciprocal method employed by a verifier who verifies the proof.
    Type: Grant
    Filed: March 18, 2019
    Date of Patent: June 18, 2024
    Assignee: nChain Licensing AG
    Inventor: Thomas Trevethan
  • Patent number: 12010230
    Abstract: The reliability of a second public key which is part of a second key pair generated in association with a first key pair is certified. A generating apparatus 210 provides certification data to a receiving apparatus 220 (S301). The receiving apparatus 220 transmits a certification request requesting a certification that the second public key PK2 is in a parent-child relationship with the first public key PKI to a certifying apparatus 230 (S302). In this example, the certification request includes the certification data, but if the certification data is provided directly from the generating apparatus 210 to the certifying apparatus 230, the certification request does not need to include the certification data. The certifying apparatus 230 verifies the certification data by calculating a verification formula for the certification data in response to the certification request (S303).
    Type: Grant
    Filed: May 29, 2020
    Date of Patent: June 11, 2024
    Assignee: BITFLYER BLOCKCHAIN, INC.
    Inventor: Takafumi Komiyama
  • Patent number: 12003627
    Abstract: A method includes identifying connections between plural components of a time sensitive network (TSN) that are interconnected via a predetermined connection plan. The method also includes determining quantum key distribution (QKD) information of the components. Also, the method further includes scheduling flows for the TSN based on the QKD information of the components.
    Type: Grant
    Filed: September 12, 2019
    Date of Patent: June 4, 2024
    Assignee: General Electric Company
    Inventor: Stephen Francis Bush
  • Patent number: 12003488
    Abstract: Methods and systems may be associated with a cloud computing environment. A proxy platform data store may contain node data associated with nodes of the cloud computing environment. Each node might, for example, store multi-party computation information. A proxy platform, able to access the proxy platform data store, may detect that a first node needs to access a cloud application secret key and determine, based on information in the proxy platform data store, a set of nodes associated with the secret key that the first node needs to access. The proxy platform may then use a multi-party computation algorithm and information received from the set of nodes to generate the secret key.
    Type: Grant
    Filed: November 17, 2020
    Date of Patent: June 4, 2024
    Assignee: SAP SE
    Inventor: Shashank Mohan Jain
  • Patent number: 12003624
    Abstract: A quantum-cryptographic-communication system according to an embodiment includes a key-integrated-management device, quantum-cryptography devices, and key-management-inspection devices. An inspection-target-value-calculating unit calculates an inspection-target value based on quantum-cryptography-device information related to a quantum-cryptography device. An expected-value-calculating unit calculates an expected value based on at least one of wiring information of a QKD link connected to the inspection-target-quantum-cryptography device; weather information of the site installed with the inspection-target-quantum-cryptography device; and the quantum-cryptography-device information. A permissible-value-calculating unit calculates a permissible value based on at least one of the wiring information, the weather information, and the quantum-cryptography-device information.
    Type: Grant
    Filed: February 15, 2022
    Date of Patent: June 4, 2024
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Kazuaki Doi, Yoshimichi Tanizawa, Toshiki Nakashima, Mari Matsumoto
  • Patent number: 11997192
    Abstract: Technologies for establishing device locality are disclosed. A processor in a computing device generates an identifier distinct to the computing device. The processor transmits the identifier to a management controller via a hardware bus in the computing device. The processor generates a key and encrypts the key with the identifier to generate a wrapped key. The processor transmits the wrapped key to the management controller. In turn, the management controller unwraps the key using the identifier. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 25, 2020
    Date of Patent: May 28, 2024
    Assignee: INTEL CORPORATION
    Inventors: Bo Zhang, Siddhartha Chhabra, William A. Stevens, Reshma Lal
  • Patent number: 11985255
    Abstract: Systems and methods for developing a novel public/private key pair having unique properties are disclosed, whereby standard data security operations in existing data security infrastructures return a data integrity validation result—but do not provide the intended data security of such infrastructures. These novel keys are referred to as degenerate keys and may be used to replace the public and private keys in existing public/private key cryptosystems. Because degenerate key data integrity validation may leverage existing data security infrastructures that are already widely-implemented, such examples may be applied immediately and configured to seamlessly transition from integrity only modes back to secure modes. In some instances, the degenerate key examples described herein may be employed during a software testing and/or factory validation stage of product development to allow for data integrity validation before burning in a developer's active (i.e.
    Type: Grant
    Filed: May 25, 2022
    Date of Patent: May 14, 2024
    Assignee: Texas Instruments Incorporated
    Inventor: Michael John Line
  • Patent number: 11972421
    Abstract: Systems and methods for effecting secure transactions are described. A processing device, when executing computer-executable instructions: receives from a requesting entity computing system a transaction request for a payload. The transaction request is transmitted to delivery entity computing system associated with a delivery entity identifier and geographic location. An encryption key, random number and a unique request identifier are generated and transmitted to requesting and delivery entity computing systems. In response to receiving a delivery transaction confirmation from the delivery entity computing system, the processing device verifies the secure transaction. After receiving a requestor transaction confirmation from the requesting entity computing system (indicating a verified transfer of the payload), a payload reimbursement is transferred to a delivery transaction account from a requestor transaction account.
    Type: Grant
    Filed: February 5, 2020
    Date of Patent: April 30, 2024
    Assignee: The Toronto-Dominion Bank
    Inventors: Milos Dunjic, Yubing Liu, Anthony Haituyen Nguyen, Daniel David Grinberg
  • Patent number: 11966380
    Abstract: A secure storage module of a client device interacts with a set of secure storage servers to securely store data items of the client on the servers, such that no individual server has the data in readable (non-obfuscated) form. Additionally, the client secure storage module and the servers interact to allow the client device to read a given portion of the original data items from the servers, such that none of the servers can determine which portion of the original data is being requested. Similarly, the interactions of the client secure storage module and the servers allows the client device to update a given portion of the original data on the servers to a new value, such that none of the servers can determine which portion is being updated and that none of the servers can determine either the prior value or new value or the difference between the new value and the prior value.
    Type: Grant
    Filed: July 21, 2021
    Date of Patent: April 23, 2024
    Assignee: SYMPHONY COMMUNICATION SERVICES HOLDINGS LLC
    Inventors: Christian Tschudin, David M′Raihi
  • Patent number: 11968304
    Abstract: At least one proof transaction for recording on a blockchain comprises at least an s-part for an Elliptic Curve Digital Signature Algorithm, ECDSA, signature. The s-part is computed from a set of signature components, each provided by a participant of a signing subset of a set of keyshare participants. Each of keyshare participant holds an ephemeral keyshare of an unknown ephemeral key, and each of the signing components is provided by the participant of the signing subset based on their ephemeral keyshare. The at least one proof transaction indicates an r-challenge of at least one challenge transaction, and a node of a blockchain network applies signature verification to: (i) the s-part of the at least one proof transaction, and (ii) one of: (iia) an r-part of the r-challenge, (iib) an r-part of the at least one proof transaction, and in that event checks that that r-part satisfies the r-challenge.
    Type: Grant
    Filed: May 13, 2020
    Date of Patent: April 23, 2024
    Assignee: nChain Licensing AG
    Inventors: Craig Wright, Daniel Joseph
  • Patent number: 11949784
    Abstract: A system for auditing event data includes an interface and a processor. The interface is configured to receive an audit query request and a client key. The processor is configured to determine whether the audit query request is valid; determine whether a chain of events is stored in an audit store, wherein the chain of events is associated with the audit query request; and in response to determining that the chain of events is stored in the audit store, provide data for the audit query request.
    Type: Grant
    Filed: May 13, 2020
    Date of Patent: April 2, 2024
    Assignee: Ridgeline, Inc.
    Inventors: George Michael Barrameda, Joan Hyewon Hong, Hayden Ray Hudgins, Nathan Matthew Macfarlane
  • Patent number: 11936768
    Abstract: An obfuscation process is described for obfuscating a cryptographic parameter of cryptographic operations such as calculations used in elliptical curve cryptography and elliptical curve point multiplication. Such obfuscation processes may be used for obfuscating device characteristics that might otherwise disclose information about the cryptographic parameter, cryptographic operations or cryptographic operations more generally, such as information sometimes gleaned from side channel attacks and lattice attacks.
    Type: Grant
    Filed: October 30, 2020
    Date of Patent: March 19, 2024
    Assignee: Microchip Technology Incorporated
    Inventor: Huiming Chen
  • Patent number: 11924346
    Abstract: Various embodiments relate to a data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for masked sampling of polynomials for lattice-based cryptography in a processor, the instructions, including: determining a number m of random bits to be sampled based upon a sample bound parameter ?; producing a plurality of Boolean masked shares of a polynomial coefficient each having the determined number m of random bits using a uniform random function; determining that the polynomial coefficient is within a range of values based upon the sample bound parameter ?; converting the plurality of Boolean masked shares of the polynomial coefficient to a plurality of arithmetic masked shares of the polynomial coefficient; and shifting the plurality of arithmetic masked shares based upon the sample bound parameter ?.
    Type: Grant
    Filed: April 28, 2022
    Date of Patent: March 5, 2024
    Assignee: NXP B.V.
    Inventors: Markus Schoenauer, Tobias Schneider, Joost Roland Renes, Melissa Azouaoui
  • Patent number: 11909647
    Abstract: A first device transmits a first random number to a second device through a first quantum channel, and receives a second random number from the second device through a second quantum channel. The first device generates a first encryption key based on the first random number and the second random number. The second device transmits the second random number to the first device through the second quantum channel, and receives the first random number from the first device through the first quantum channel. The second device generates a second encryption key based on the first random number and the second random number.
    Type: Grant
    Filed: July 9, 2020
    Date of Patent: February 20, 2024
    Assignee: NEC CORPORATION
    Inventors: Takao Ochi, Ken-ichiro Yoshino, Akio Tajima
  • Patent number: 11909864
    Abstract: Systems and methods for generating min-increment counting bloom filters to determine count and frequency of device identifiers and attributes in a networking environment are disclosed. The system can maintain a set of data records including device identifiers and attributes associated with device in a network. The system can generate a vector comprising coordinates corresponding to counter registers. The system can identify hash functions to update a counting bloom filter. The system can hash the data records to extract index values pointing to a set of counter registers. The system can increment the positions in the min-increment counting bloom filter corresponding to the minimum values of the counter registers. The system can obtain an aggregated public key comprising a public key. The system can encrypt the counter registers using the aggregated shared key to generate an encrypted vector. The system can transmit the encrypted vector to a networked worker computing device.
    Type: Grant
    Filed: July 28, 2020
    Date of Patent: February 20, 2024
    Assignee: GOOGLE LLC
    Inventors: Craig Wright, Benjamin R. Kreuter, James Robert Koehler, Evgeny Skvortsov, Arthur Asuncion, Laura Grace Book, Sheng Ma, Jiayu Peng, Xichen Huang
  • Patent number: 11895240
    Abstract: In IaaS (Infrastructure as a Service), when it is desirable to delegate the authority to a user outside a system, a recipient of an access token is designated, thereby preventing illegal distribution of the access token. There is provided an access token system including a generator and a verifier. The generator generates, using secret information of a recipient, a recipient-designated access token for which the recipient is designated, and provides the recipient-designated access token to a user. The verifier verifies that the user who makes access using the recipient-designated access token is the designated recipient.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: February 6, 2024
    Assignee: NEC CORPORATION
    Inventors: Hikaru Tsuchida, Kengo Mori, Toshiyuki Isshiki
  • Patent number: 11888995
    Abstract: A system, method, and apparatus for carrying out a value transfer is provided. A method includes receiving, by a computing system of a financial institution, a de-signcrypted value transfer message including terms of a value transfer from an account of a sending party to an account of a merchant, wherein a receiving party desires to make a purchase from the merchant and the value transfer is a payment from the sending party account to the merchant account; and one or more spending limitations on the desired purchase, wherein the payment is contingent on the desired purchase meeting the spending limitations. The method then includes verifying the authenticity of the de-signcrypted message using a public key of the sending party and a private key of the financial institution; and dispersing funds according to the terms of the value transfer.
    Type: Grant
    Filed: October 17, 2022
    Date of Patent: January 30, 2024
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Jal Daruwalla, Phillip H. Griffin, Ashia D. Kennon, Michael Knorr, Lynnel J. Kresse, Catherine Wangari Mwangi, Joanne Strobel-Cort
  • Patent number: 11870900
    Abstract: Techniques for determining whether a public encryption key is vulnerable as the result of deficiencies in pseudorandom number generation algorithms are provided. In some embodiments, a system may compile a database of cryptographic information received from a plurality of sources, including databases, and network traffic monitoring tools. RSA public keys extracted from the cryptographic information may be stored in an organized database in association with corresponding metadata. The system may construct a product tree from all unique collected RSA keys, and may then construct a remainder tree from the product tree, wherein each output remainder may be determined to be a greatest common divisor of one of the RSA keys against all other unique RSA keys in the database. The system may then use the greatest common divisors to factor one or more of the RSA keys and to determine that the factored keys are vulnerable to being compromised.
    Type: Grant
    Filed: November 21, 2022
    Date of Patent: January 9, 2024
    Assignee: NOBLIS, INC.
    Inventor: Samuel S. Gross
  • Patent number: 11870889
    Abstract: A processor-implemented method with homomorphic encryption includes: receiving a first ciphertext corresponding to a first modulus; generating a second ciphertext corresponding to a second modulus by performing modulus raising on the first ciphertext; and performing bootstrapping by encoding the second ciphertext using a commutative property and an associative property of operations included in a rotation operation.
    Type: Grant
    Filed: November 2, 2021
    Date of Patent: January 9, 2024
    Assignees: Samsung Electronics Co., Ltd., Seoul National University R & DB Foundation, Industry Academic Cooperation Foundation, Chosun University
    Inventors: Jong-Seon No, Yongwoo Lee, Young-Sik Kim
  • Patent number: 11853445
    Abstract: In one embodiment, data at rest is securely stored. A data safe performing data plane processing operations in response to requests of received read data requests, received write data requests, and received read information responses, with the data safe being immutable to processing-related modifications resulting from said performing data plane processing operations. Performing these data plane processing operations does not expose any pilot keys outside the data safe in plaintext form nor in encrypted form. The pilot keys are used to encrypt information that is subsequently stored in a storage system. In one embodiment, the information encrypted and decrypted by the data safe includes data structure instances including feature-preserving encrypted entries generated using feature-preserving encryption on corresponding plaintext data items.
    Type: Grant
    Filed: January 4, 2022
    Date of Patent: December 26, 2023
    Assignee: Q-Net Security, Inc.
    Inventors: Jerome R. Cox, Jr., Ronald S. Indeck, William Berndt Parkinson
  • Patent number: 11853160
    Abstract: A data storage device includes a memory device and a controller coupled to the memory device. The controller is configured to receive key value (KV) pair data, determine an entropy value of the received KV pair data, select an error correction code (ECC) code rate based on the determined entropy value, and program the KV pair data to a codeword (CW). The KV pair data includes a key and a value. The programming includes encoding the KV pair data using the selected ECC code rate. The controller is further configured to aggregate a portion of another KV pair data and the KV pair data and program the aggregated KV pair data to the CW using a selected ECC code rate.
    Type: Grant
    Filed: May 27, 2022
    Date of Patent: December 26, 2023
    Assignee: Western Digital Technologies, Inc.
    Inventors: David Avraham, Alexander Bazarsky, Ran Zamir
  • Patent number: 11856083
    Abstract: In response to identifying that a Single Instruction, Multiple Data (SIMD) operation has been instructed to be performed or has been performed by a Fully-Homomorphic Encryption (FHE) software on one or more original ciphertexts, performing the following steps: Performing the same operation on one or more original plaintexts, respectively, that are each a decrypted version of one of the one or more original ciphertexts. Decrypting a ciphertext resulting from the operation performed on the one or more original ciphertexts. Comparing the decrypted ciphertext with a plaintext resulting from the same operation performed on the one or more original plaintexts. Based on said comparison, performing at least one of: (a) determining an amount of noise caused by the operation, (b) determining whether unencrypted data underlying the one or more original ciphertexts has become corrupt by the operation, and (c) determining correctness of an algorithm which includes the operation.
    Type: Grant
    Filed: January 6, 2022
    Date of Patent: December 26, 2023
    Assignee: International Business Machines Corporation
    Inventors: Ehud Aharoni, Omri Soceanu, Allon Adir, Gilad Ezov, Hayim Shaul
  • Patent number: 11836468
    Abstract: Provided is a method and system for building a compliance software service using reusable and configurable components. In one example, the method may include receiving a request to build a software in association with an identified jurisdiction from among a plurality of jurisdictions, retrieving a plurality of configurable software components which comprise built-in functionality that is generic across the plurality of jurisdictions, dynamically configuring non-generic functionality for the identified jurisdiction within the plurality of configurable software components based on inputs received from a user, and creating a software program for the identified jurisdiction based on the dynamically configured software components and storing a file including the created software program in a storage device.
    Type: Grant
    Filed: May 11, 2020
    Date of Patent: December 5, 2023
    Assignee: SAP SE
    Inventors: Karthik Thiru, Ravi Natarajan, Prateek Tripathi, Soumya Ranjan Das, Ankit Jain, Kishan Rao Ramesh Yaradi, Vijayalakshmi Mohandoss, Avinash Bhaskar, Kartik Chandra, Pavithra Thiagarajan, Yatendra Kumar Tiwari
  • Patent number: 11792012
    Abstract: A method is disclosed. An authentication node may receive a plurality of encrypted match values, wherein the plurality of encrypted match values were formed by a plurality of worker nodes that compare a plurality of encrypted second biometric template parts derived from a second biometric template to a plurality of encrypted first biometric template parts derived from a first biometric template. The authentication node may decrypt the plurality of encrypted match values resulting in a plurality of decrypted match values. The authentication node may then determine if a first biometric template matches the second biometric template using the plurality of decrypted match values. An enrollment node may be capable of enrolling a biometric template and storing encrypted biometric template parts at worker nodes.
    Type: Grant
    Filed: March 1, 2022
    Date of Patent: October 17, 2023
    Assignee: Visa International Service Association
    Inventors: Sunpreet Singh Arora, Lacey Best-Rowden, Kim Wagner
  • Patent number: 11785005
    Abstract: The disclosed technology provides for establishment of a secure tunnel with implicit device identification. The implicit device identification can be provided during establishment of a secure tunnel with a server by performing a mutual authentication with the server using a device-specific private key of the device. The device-specific private key may be provisioned during manufacturing of the device and stored by a secure hardware component of the device. Establishing the secure tunnel using implicit device identification can be helpful for operations in which a server is configured to only establish secure communications with one or more particular types of device, and can be performed without the use additional device identification communications.
    Type: Grant
    Filed: April 21, 2021
    Date of Patent: October 10, 2023
    Assignee: Apple Inc.
    Inventors: Srinivas Vedula, Joel N. Kerr
  • Patent number: 11784800
    Abstract: Systems and methods for generating min-increment counting bloom filters to determine count and frequency of device identifiers and attributes in a networking environment are disclosed. The system can maintain a set of data records including device identifiers and attributes associated with device in a network. The system can generate a vector comprising coordinates corresponding to counter registers. The system can identify hash functions to update a counting bloom filter. The system can hash the data records to extract index values pointing to a set of counter registers. The system can increment the positions in the min-increment counting bloom filter corresponding to the minimum values of the counter registers. The system can obtain an aggregated public key comprising a public key. The system can encrypt the counter registers using the aggregated shared key to generate an encrypted vector. The system can transmit the encrypted vector to a networked worker computing device.
    Type: Grant
    Filed: July 7, 2020
    Date of Patent: October 10, 2023
    Assignee: GOOGLE LLC
    Inventors: Craig Wright, Benjamin Kreuter, James Robert Koehler, Arthur Asuncion, Evgeny Skvortsov, Laura Grace Book, Sheng Ma, Jiayu Peng, Xichen Huang
  • Patent number: 11777729
    Abstract: Provided are methods and systems for performing secure analytics using term generations and a homomorphic encryption. An example method includes receiving, by at least one server from a client, a term generation function, a hash function, a public key of a homomorphic encryption scheme, and a homomorphically encrypted list of indices, wherein the list of indices is generated using the term generation function and the hash function, applying, by the server, the term generation function, the hash function, and the public key to a data set to determine a further homomorphically encrypted list of indices, extracting, by the server and using the homomorphically encrypted list of indices and the further homomorphically encrypted list of indices, data from the encrypted data set to obtain an encrypted result, and sending the encrypted result to the client to decrypt the encrypted result using a private key of the homomorphic encryption scheme.
    Type: Grant
    Filed: September 17, 2021
    Date of Patent: October 3, 2023
    Assignee: Enveil, Inc.
    Inventors: Ellison Anne Williams, Ryan Carr
  • Patent number: 11768964
    Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.
    Type: Grant
    Filed: February 23, 2022
    Date of Patent: September 26, 2023
    Assignee: INTEL CORPORATION
    Inventors: Manoj R. Sastry, Alpa Narendra Trivedi, Men Long
  • Patent number: 11758401
    Abstract: A method including receiving, by a first device from a second device in a mesh network, message data to be transmitted to a communication device, the message data being received via a first meshnet connection between the first device and the second device; and transmitting, by the first device to the second device, response data based at least in part on transmitting the message data to the communication device, the response data being transmitted via the first meshnet connection. Various other aspects are contemplated.
    Type: Grant
    Filed: February 6, 2022
    Date of Patent: September 12, 2023
    Assignee: UAB 360 IT
    Inventors: Vykintas Maknickas, Emanuelis Norbutas
  • Patent number: 11728988
    Abstract: An electronic key pre-distribution device for configuring multiple network nodes with local key information is provided. The key pre-distribution device applies at least a first hash function and a second hash function to a digital identifier of a network node. The first and second hash functions map the digital identifier to a first public point and a second public point on a first elliptic curve and second elliptic curve. A first and second secret isogeny are applied to the first and second public elliptic curve points, to obtain a first private elliptic curve point and second private elliptic curve point that are part of private key material for the network node.
    Type: Grant
    Filed: February 12, 2018
    Date of Patent: August 15, 2023
    Assignee: Koninklijke Philips N.V.
    Inventors: Oscar Garcia Morchon, Sauvik Bhattacharya, Ludovicus Marinus Gerardus Maria Tolhuizen, Ronald Rietman
  • Patent number: 11722499
    Abstract: A method including determining, by a first device in communication with a second device in a mesh network, an instant message to be transmitted to the second device; first encrypting, by the first device, the instant message based at least in part on utilizing a symmetric key negotiated between the first device and the second device; second encrypting, by the first device, the first encrypted instant message based at least in part on utilizing a public key associated with the second device; and selectively transmitting, by the first device, the second encrypted instant message to the second device. Various other aspects are contemplated.
    Type: Grant
    Filed: February 5, 2022
    Date of Patent: August 8, 2023
    Assignee: UAB 360 IT
    Inventors: Vykintas Maknickas, Emanuelis Norbutas
  • Patent number: 11722312
    Abstract: Signing data so that a signature can be verified by a verifier while preserving the privacy of a signer, the method including: generating a signature nonce; encrypting the signature nonce with a public key of the verifier to produce an encrypted signature nonce; and calculating a signature of the data of the signer by signing the data concatenated with the signature nonce using a private key of the signer.
    Type: Grant
    Filed: March 9, 2020
    Date of Patent: August 8, 2023
    Assignees: Sony Group Corporation, Sony Pictures Entertainment Inc.
    Inventor: Eric Diehl
  • Patent number: 11722468
    Abstract: A method including determining, by a first device in communication with a second device and a third device in a mesh network, a first instant message to be transmitted to the second device and a second instant message to be transmitted to the third device, the first instant message and the second instant message including instant messaging (IM) information; encrypting, by the first device, the first instant message based at least in part on utilizing a symmetric key negotiated between the first device and the second device and the second instant message based at least in part on utilizing a symmetric key negotiated between the first device and the third device; and selectively transmitting, by the first device, the encrypted first instant message over a first meshnet connection and the encrypted second instant message over a second meshnet connection. Various other aspects are contemplated.
    Type: Grant
    Filed: February 5, 2022
    Date of Patent: August 8, 2023
    Assignee: UAB 360 IT
    Inventors: Vykintas Maknickas, Emanuelis Norbutas
  • Patent number: 11722305
    Abstract: Embodiments disclosed herein are directed to methods and systems of password-based threshold authentication, which distributes the role of an authentication server among multiple servers. Any t servers can collectively verify passwords and generate authentication tokens, while no t?1 servers can forge a valid token or mount offline dictionary attacks.
    Type: Grant
    Filed: September 28, 2022
    Date of Patent: August 8, 2023
    Assignee: Visa International Service Association
    Inventors: Payman Mohassel, Shashank Agrawal, Pratyay Mukherjee, Peihan Miao
  • Patent number: 11711205
    Abstract: Systems and methods for provisioning secure terminals for secure transactions are disclosed herein. A disclosed method includes generating a key using a key generator element on a secure terminal and sending a key validation request for the key from the secure terminal to a provisioning device. The method also includes parsing the key validation request and generating a key validation for the key and a trusted time stamp on the provisioning device. The method also includes sending, from the provisioning device, the key validation and the trusted time stamp to the secure terminal. The method also includes setting a clock on the secure terminal using the trusted time stamp and storing the key validation at the secure terminal.
    Type: Grant
    Filed: September 22, 2020
    Date of Patent: July 25, 2023
    Assignee: CLOVER NETWORK, LLC.
    Inventors: Brian Jeremiah Murray, Jacob Whitaker Abrams, Arvin Carl Robert Haywood
  • Patent number: 11695549
    Abstract: Systems and methods for attesting an enclave in a network. A method includes receiving, by a first device, proof information from an application provider entity that the enclave is secure, wherein the proof information includes a public part, Ga, of information used by the enclave to derive a Diffie-Hellman key in a key generation process with the application provider entity, processing, by the first device, the proof information to verify that the enclave is secure and ensuring that Ga is authentic and/or valid, deriving, by the first device, a new Diffie-Hellman key, based on Ga and x, wherein x is a private part of information used by the first device to derive the new Diffie-Hellman key, and sending, by the first device, a message including Ga and a public part, Gx, of the information used by the first device to derive the new Diffie-Hellman key to the enclave.
    Type: Grant
    Filed: September 9, 2021
    Date of Patent: July 4, 2023
    Assignee: NEC CORPORATION
    Inventors: Ugo Damiano, Felix Klaedtke
  • Patent number: 11695567
    Abstract: Computer-implemented methods for locking a blockchain transaction based on undetermined data are described. The invention is implemented using a blockchain network. This may, for example, be the Bitcoin blockchain. A locking node may include a locking script in a blockchain transaction Node to lock a digital asset. The locking script includes a public key for a determined data source and instructions to cause a validating node executing the locking script to verify the source of data provided in an unlocking script by: a) generating a modified public key based on the public key for the determined data source and based on data defined in the unlocking script; and b) evaluating a cryptographic signature in the unlocking script based on the modified public key. The blockchain transaction containing the locking script is sent by the locking node to the blockchain network. The lock may be removed using a cryptographic signature generated from a private key modified based on the data.
    Type: Grant
    Filed: April 6, 2018
    Date of Patent: July 4, 2023
    Assignee: nChain Licensing AG
    Inventor: Ying Chan
  • Patent number: 11695545
    Abstract: A multi-scheme random selection of blockchain endorsers may preserve anonymity of nodes that participate in a blockchain network, and may assign each node an endorsement load that is proportionate to the utilization of the blockchain network by that node. Selection of one or more nodes to endorse data before recordation to the blockchain may include randomly selecting an active endorser selection scheme from a set of available endorser selection schemes, and randomly selecting one or more nodes as endorsers for the data based on the active endorser selection scheme. Each scheme may be derived based on the tracked utilization over different time scales. Exit criteria may determine when to switch the active endorser selection scheme. The exit criteria may be based on a number of times each node is selected as an endorser under the active endorser selection scheme, and utilization of the blockchain network by each node.
    Type: Grant
    Filed: December 11, 2020
    Date of Patent: July 4, 2023
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Pradeep Menon, Rahul Koneru