Multiple Key Level Patents (Class 380/45)
  • Patent number: 10671764
    Abstract: A lock node for storing data and a protected storage unit. The lock node includes an input section which provides a plurality of key maps, each corresponding to one of a plurality of primary keys, respectively, applied to the input section, each key map including at least one main key, a variable lock section producing a derived key from a logical operation on the main keys corresponding to the primary keys applied to the input section, and an output section producing the data in response to the derived key.
    Type: Grant
    Filed: August 31, 2017
    Date of Patent: June 2, 2020
    Assignee: NUTS HOLDINGS, LLC
    Inventor: Yoon Ho Auh
  • Patent number: 10614236
    Abstract: Embodiments for performing self-contained, consistent data masking in a distributed computing environment by a processor. A data masking operation is performed on one or more datasets in one of a plurality of data formats such that a key of each value of each key-value pair representing a common set of columns or paths for the one or more datasets is masked.
    Type: Grant
    Filed: March 1, 2017
    Date of Patent: April 7, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Spyridon Antonatos, Stefano Braghin, Ioannis Gkoufas, Pol Mac Aonghusa
  • Patent number: 10528290
    Abstract: A multi-platform data storage system configured to maintain containers including one or more virtual storage resources. The multi-platform data storage system can, for example, include a storage interface configured to enable access to a plurality of storage platforms that use different storage access and/or management protocols, the plurality of storage platforms storing data objects in physical data storage; and a storage mobility and management layer providing virtual management of virtual storage resources corresponding to one or more data objects stored in the plurality of storage platforms, the storage mobility and management layer including at least a container management sub-system that manages logical containers that contain one or more of the virtual storage resources.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: January 7, 2020
    Assignee: Arrikto Inc.
    Inventors: Konstantinos Venetsanopoulos, Evangelos Koukis, Christos Stavrakakis, Ilias Tsitsimpis, Dimitrios Aragiorgis, Alexios Pyrgiotis
  • Patent number: 10423953
    Abstract: A system, method, and computer readable medium (collectively, the “system”) are provided. The system may include a processor configured to perform operations and/or steps comprising storing, by a processor, a session key on a mobile device, wherein the session key is encrypted. The system receiving a transaction request, decrypting the session key, and broadcasting a signal configured for being received by a magnetic stripe reader. Track 1 data and/or track 2 data may be encoded in the signal. The track 1 data and/or the track 2 data may also comprise a dynamically generated value that is generated based on the session key.
    Type: Grant
    Filed: April 11, 2018
    Date of Patent: September 24, 2019
    Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.
    Inventors: Manish K. Deliwala, Jonathan Lupton, Ajay B. Maddukuri, John G. McDonald
  • Patent number: 10395230
    Abstract: The present disclosure relates to systems and method for securely entering a confidential access code into a user device. A system for allowing secure entry of a confidential access code into a user device may include one or more memories storing instructions and one or more processors configured to execute instruction to perform operations. The operations may include receiving a request for confidential access, prompting the user, via the user interface, to enter a group of inputs into a single-entry field, receiving a dummy sequence of inputs, receiving or providing an indicator signal, receiving an access sequence of inputs, parsing the group of inputs received to identify the access sequence of inputs based on the location of the indicator signal, comparing the access sequence of inputs to the confidential access code associated with the user, and granting or denying access to the confidential information based on the results.
    Type: Grant
    Filed: July 9, 2018
    Date of Patent: August 27, 2019
    Assignee: Capital One Services, LLC
    Inventors: Abdelkader M'Hamed Benkreira, Michael Mossoba, Joshua Edwards
  • Patent number: 10326597
    Abstract: A system that provides responses to requests obtains a key that is used to digitally sign the request. The key is derived from information that is shared with a requestor to which the response is sent. The requestor derives, using the shared information, derives a key usable to verify the digital signature of the response, thereby enabling the requestor to operate in accordance with whether the digital signature of the response matches the response.
    Type: Grant
    Filed: June 27, 2014
    Date of Patent: June 18, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine
  • Patent number: 10298551
    Abstract: An apparatus in one embodiment comprises at least one processing device having a processor coupled to a memory. The processing device implements a messaging policy enforcement server that receives from a first client device metadata of an encrypted message to be sent from the first client device to a second client device. The received metadata comprises a first key utilized by the first client device to encrypt the message with the first key being encrypted utilizing a second key associated with the second client device. The messaging policy enforcement server processes the received metadata to determine one or more policies applicable to the encrypted message and to generate a further encrypted version of the encrypted first key utilizing one or more additional keys corresponding to the one or more policies. The further encrypted version of the encrypted first key is sent to the second client device in modified metadata of the encrypted message.
    Type: Grant
    Filed: December 14, 2016
    Date of Patent: May 21, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Radia Perlman, Xuan Tang, Charles Kaufman
  • Patent number: 10291396
    Abstract: The positions in a text in which partial character strings in a pattern appear are efficiently detected. A partial-character-string position detecting device 1 takes inputs of a secret text [t] of a text t, a secrete text <p> of a pattern p, a secret text <c> of a vector c, and a secret text <E> of a matrix E and outputs a secret text <H> of a matrix H. A first matrix generating part 20 generates a secret text <F> of a matrix F, in which F[i][j]=E[i][j+i mod n+1] (where it is assumed that E[i][n]=¬c[i]). A second matrix generating part 30 generates a secret text <F?> of a matrix F?, in which F[i][j]=1 is set if c[i]=0 or if c[i]=1 and F[k][j]=1 for every k that is successively c[k]=1, otherwise F[i][j]=0 is set, where k=i, . . . , n?1. A third matrix generating part 40 computes <H[i][j]>=<F[i][j?i mod n+1]>?<c[i]>?¬<c[i?1]> to generate the secrete text <H>.
    Type: Grant
    Filed: October 5, 2015
    Date of Patent: May 14, 2019
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Koki Hamada, Dai Ikarashi, Naoto Kiribuchi
  • Patent number: 10237066
    Abstract: A scalable and efficient cryptographic architecture is provided for processing data using deeply-pipelined algorithms and circuitries. The architecture can be implemented as circuitry in a fixed logic device, or can be configured into a programmable integrated circuit device. The same top-level design may be used for different choices of data channels, processing depth, parallelism level, and/or system throughput. An encryption pipeline processing block performs rounds of processing upon a block of said data using an encryption process and receives a respective round encryption key for each round of processing. An encryption key pipeline block provides the respective round encryption key for each round of processing by selecting, for each round of processing, the respective round encryption key from at least a first round encryption key corresponding to a first channel and a second round encryption key corresponding to a second channel.
    Type: Grant
    Filed: April 8, 2014
    Date of Patent: March 19, 2019
    Assignee: ALTERA CORPORATION
    Inventors: Martin Langhammer, Shawn Nicholl, Cheng Wang
  • Patent number: 10185836
    Abstract: Encrypting data without losing their format is important in computing systems, because many parties using confidential data rely on systems that require specific formatting for data. Information security depends on the systems and methods used to store and transmit data as well as the keys used to encrypt and decrypt those data. A policy broker is disclosed that maintains keys for clients in confidence, while providing cryptographically secure ciphertext as tokens that the clients may use in their systems as though they were the unencrypted data. Tokens are uniquely constructed for each client by the policy broker based on policies set by a receiving client detailing the formatting needs of their systems. Each client may communicate with other clients via the policy broker with the tokens and will send tokens unique to their system that the policy broker will translate into the tokens of the other party.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: January 22, 2019
    Assignee: Passport Health Communications, Inc.
    Inventor: Christopher Gerhard Busch
  • Patent number: 10181166
    Abstract: A user selection of one or more of a plurality of content is received. The selected content is encrypted by a first encryption key that is remote and unknown to the distribution server. Payment information associated with the user selection is also received and verified. The selected content from is retrieved from a remote database. The first encryption key corresponding to the selected content to decrypt the encrypted content corresponding to the user selection is obtained. Decryption is performed by a hardware-based engine of the distribution server that is isolated from a host processor of the distribution server. The content corresponding to the user selection is encrypted according to a second encryption key that is known to the distribution server.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: January 15, 2019
    Assignee: Adobe Systems Incorporated
    Inventors: David L. Blankenbeckler, William Almon, Jr.
  • Patent number: 10037317
    Abstract: Techniques for creating a template to be used in connection with automatically generating text. Techniques include creating a template to include human language text and at least a first tag that serves as a placeholder for a text portion referring to at least one referent; and allowing a user to specify multiple options to be used in place of the first tag when generating output text using the created template, the options comprising at least a first referential expression for the at least one referent and at least a first anaphoric expression for the at least one referent.
    Type: Grant
    Filed: July 17, 2013
    Date of Patent: July 31, 2018
    Assignee: YSEOP SA
    Inventors: Alain Kaeser, Emmanuel Vignon, Ludan Stoecklé
  • Patent number: 9992015
    Abstract: An approach is provided for building a scalable service platform by initiating transmission of encrypted data from a public network cache. An access control server platform determines a first authorization key for a user and a second authorization key for a resource, and then encrypts the resource with the second authorization key, and encrypts the second authorization key with the first authorization key. The access control server platform initiates distribution of the encrypted second authorization key with the encrypted resource over a network. The access control server platform further initiates caching the encrypted second authorization key with the encrypted resource that meets a predefined threshold value (e.g., a data size, an access frequency, a modification frequency, or an auditing requirement) in a cache in the network, and initiates transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.
    Type: Grant
    Filed: April 30, 2013
    Date of Patent: June 5, 2018
    Assignee: Nokia Technologies Oy
    Inventors: Yan Fu, Ari M. Vepsalainen, Ari Antero Aarnio, Markku Kalevi Vimpari, Pekka Johannes Laitinen
  • Patent number: 9984236
    Abstract: A client hosted virtualization system (CHVS) includes a processor to execute code, a component, and a non-volatile memory. The non volatile memory includes BIOS code and code to implement a virtualization manager. The virtualization manager is operable to initialize the CHVS, launch a virtual machine on the CHVS, and assign the component to the virtual machine, such that the virtual machine has control of the component. The CHVS is configurable to execute the BIOS and not the virtualization manager, or to execute the virtualization manager and not the BIOS.
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: May 29, 2018
    Assignee: DELL PRODUCTS, LP
    Inventors: Yuan-Chang Lo, Shree Dandekar
  • Patent number: 9959583
    Abstract: A user selection of one or more of a plurality of content is received. The selected content is encrypted by a first encryption key that is remote and unknown to the distribution server. Payment information associated with the user selection is also received and verified. The selected content from is retrieved from a remote database. The first encryption key corresponding to the selected content to decrypt the encrypted content corresponding to the user selection is obtained. Decryption is performed by a hardware-based engine of the distribution server that is isolated from a host processor of the distribution server. The content corresponding to the user selection is encrypted according to a second encryption key that is known to the distribution server.
    Type: Grant
    Filed: May 24, 2016
    Date of Patent: May 1, 2018
    Assignee: Adobe Systems Incorporated
    Inventors: David L. Blankenbeckler, William Almon, Jr.
  • Patent number: 9942211
    Abstract: Performing cryptographic operations such as encryption and decryption may be computationally expensive. In some contexts, initialization vectors and keystreams operable to perform encryption operations are generated and stored in a repository, and later retrieved for use in performing encryption operations. Multiple devices in a distributed system can each generate and store a subset of a larger set of keystreams.
    Type: Grant
    Filed: December 11, 2014
    Date of Patent: April 10, 2018
    Assignee: Amazon Technologies, Inc.
    Inventor: Matthew John Campagna
  • Patent number: 9891823
    Abstract: A system for securely entering particular information includes a mobile device and a background server. The mobile device includes a first area which is a non-secure environment, a second area which is a secure environment and a switching module implementing switchings between the first and second areas. At least one first application module for executing a business function application is provided in the first area. A second application module for executing a particular information entering application and an encryption module for encrypting entered particular information are provided in the second area. If a particular information entering is required by the first application module, the switching module triggers the second application module to perform the particular information entering, and returns, to the first application module, an encryption result obtained by encrypting the entered particular information.
    Type: Grant
    Filed: October 29, 2014
    Date of Patent: February 13, 2018
    Assignee: NEUSOFT CORPORATION
    Inventors: Xishun Feng, Zhijian Zhang, Jun Li, Jun Wang, Qingyang Meng, Fuyang Liu
  • Patent number: 9870559
    Abstract: Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers.
    Type: Grant
    Filed: June 24, 2011
    Date of Patent: January 16, 2018
    Assignee: MASTERCARD MOBILE TRANSACTIONS SOLUTIONS, INC.
    Inventors: Satyan G. Pitroda, Mehul Desai
  • Patent number: 9864853
    Abstract: A method and structure for authenticating users of a system that prevents theft of passwords and re-use of passwords. The method and structure use one-time passwords and a Secure CPU technology that cryptographically protects a software module known as a Secure Object from other software on a system. The method and structure generate and validate one-time passwords within Secure Objects and use a communications mechanism to securely communicate passwords or information used to generate passwords that makes use of cryptography and the protected and unprotected regions of a Secure Object to provide strong end-to-end security.
    Type: Grant
    Filed: November 30, 2015
    Date of Patent: January 9, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Richard Harold Boivie
  • Patent number: 9830464
    Abstract: Encrypting data without losing their format is important in computing systems, because many parties using confidential data rely on systems that require specific formatting for data. Information security depends on the systems and methods used to store and transmit data as well as the keys used to encrypt and decrypt those data. A policy broker is disclosed that maintains keys for clients in confidence, while providing cryptographically secure ciphertext as tokens that the clients may use in their systems as though they were the unencrypted data. Tokens are uniquely constructed for each client by the policy broker based on policies set by a receiving client detailing the formatting needs of their systems. Each client may communicate with other clients via the policy broker with the tokens and will send tokens unique to their system that the policy broker will translate into the tokens of the other party.
    Type: Grant
    Filed: January 21, 2016
    Date of Patent: November 28, 2017
    Assignee: PASSPORT HEALTH COMMUNICATIONS, INC.
    Inventor: Christopher Gerhard Busch
  • Patent number: 9768959
    Abstract: Static security credentials are replaced by pseudonyms and session-specific passwords to increase security associated with user login attempts, and specifically to defeat keylogging attacks. For each login event, the system generates unique, session-specific credentials by randomly replacing characters within a given username and password. The random character generation ensures that system login attempts use different combinations of characters, thereby producing a new username and password for every user session. The client side of the system requires only the capability to display an image file, with specialized software/hardware limited to the server side, thereby facilitating the use of the system by a wide range of client devices.
    Type: Grant
    Filed: March 10, 2015
    Date of Patent: September 19, 2017
    Assignee: Acxiom Corporation
    Inventors: Gon Yi, William C. Smith, Connie Marie Ardwin
  • Patent number: 9729941
    Abstract: A system and method to watermark a compressed content encrypted by at least one content key, said content key as well as pre-marking data forming Conditional Access System (CAS) data, said CAS Data being encrypted by a transmission key and comprising at least one signature to authenticate all or part of the CAS Data, said compressed content being received by a client device comprising: a Descrambler having an input to receive the encrypted compressed content and an output to produce an compressed content, a Watermark (WM) inserter directly connected to the output of the Descrambler, said Descrambler and said WM inserter being connected with a Conditioner, said Conditioner executing the following steps: receiving the CAS Data, decrypting the CAS Data with the transmission key, verifying the signature of the CAS Data, and if the signature is valid, transferring the content key to the descrambler and the pre-marking data to the WM inserter, and watermarking by the WM inserter, the decrypted content received by t
    Type: Grant
    Filed: April 28, 2014
    Date of Patent: August 8, 2017
    Assignee: NAGRAVISION S.A.
    Inventors: Didier Hunacek, Patrick Servet, Minh Son Tran, Pierre Sarda
  • Patent number: 9716696
    Abstract: An encryption key management system and method implements enterprise managed encryption key for an enterprise using encryption for cloud-based services. In some embodiments, the enterprise deploys a key agent on the enterprise data network to distribute encryption key material to the network intermediary on a periodic basis. The network intermediary receives the encryption key material from the enterprise and stores the encryption key material in temporary storage and uses the received encryption key material to derive a data encryption key to perform the encryption of the enterprise's data. In this manner, the enterprise can be provided with the added security assurance of maintaining and managing its own encryption key while using cloud-based data storage services. The encryption key management system and method can be applied to ensure that the enterprise's one or more encryption keys do not leave the enterprise's premises.
    Type: Grant
    Filed: July 7, 2016
    Date of Patent: July 25, 2017
    Assignee: Skyhigh Networks, Inc.
    Inventors: Kaushik Narayan, Paul Grubbs
  • Patent number: 9697512
    Abstract: Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers.
    Type: Grant
    Filed: June 24, 2011
    Date of Patent: July 4, 2017
    Assignee: MASTERCARD MOBILE TRANSACTIONS SOLUTIONS, INC.
    Inventors: Satyan G. Pitroda, Mehul Desai
  • Patent number: 9697359
    Abstract: A first time software is loaded for execution by a device, the software stored in non-secure storage is authenticated. Authenticating the software may involve a cryptographic operation over the software and a digital signature of the software. A verification tag may be generated for the software if authentication of the software is successful, the verification tag based on the software and at least a device-specific secret data. The verification tag may be stored within the device. Each subsequent time the software is loaded for execution it may be verified (not authenticated) by using the verification tag to confirm that the software being loaded is the same as the one used to generate the verification tag while avoiding authentication of the software.
    Type: Grant
    Filed: April 15, 2015
    Date of Patent: July 4, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Alexander Gantman, David Merrill Jacobson
  • Patent number: 9684781
    Abstract: Embodiments disclosed herein relate to determining authorization of a software product based on a first authorization item and a second authorization item. Each authorization item may be a file or a registry key. A processor 104 may determine whether use of the software product is authorized at a particular time period by comparing a first authorization item and a second authorization item.
    Type: Grant
    Filed: November 12, 2010
    Date of Patent: June 20, 2017
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Calvin L. Selig
  • Patent number: 9635004
    Abstract: System and method embodiments are provided for segment integrity and authenticity for adaptive streaming. In an embodiment, the method includes receiving at a data processing system a segment of a media stream, determining, with the data processing system, a digest or a digital signature for the segment, and comparing, with the data processing system, the digest/digital signature to a correct digest or a correct digital signature to determine whether the segment has been modified.
    Type: Grant
    Filed: April 25, 2013
    Date of Patent: April 25, 2017
    Assignee: Futurewei Technologies, Inc.
    Inventors: Alexander Giladi, Xin Wang, Shaobo Zhang, Yongliang Liu
  • Patent number: 9594769
    Abstract: A computing device configured to compute a data function on a function-input value, the device comprising an electronic storage storing a first table network configured for the data function and a second table network configured to cooperate with the first table network for countering modifications made to the first table network, an electronic processor coupled to the storage and configured to obtain first table inputs for the first table network, the first table inputs including the function-input value, and to compute the data function by applying the first table network to the first table inputs to produce first table outputs, the first table outputs including a function-output value corresponding to the result of applying the data function to the function-input value.
    Type: Grant
    Filed: December 19, 2013
    Date of Patent: March 14, 2017
    Assignee: KONINKLIJKE PHILIPS N.V.
    Inventors: Ludovicus Marinus Gerardus Maria Tolhuizen, Paulus Mathias Hubertus Mechtildis Antonius Gorissen, Alphons Antonius Maria Lambertus Bruekers, Mina Deng
  • Patent number: 9576411
    Abstract: An apparatus and method for providing a security keypad are provided. The apparatus for providing a security keypad includes a coordinate generation unit, a keypad output unit, and a key value processing unit. The coordinate generation unit computes a displacement by which a security keypad is to be shifted, and rearranges at least some of keys included in the security keypad by shifting the at least some keys so that the central axis of the security keypad is translated by the displacement. The keypad output unit displays the rearranged security keypad to a user. The key value processing unit processes key values in response to the user's input to the rearranged security keypad, and transfers the processed key values to an application for which the rearranged, security keypad is used.
    Type: Grant
    Filed: August 6, 2014
    Date of Patent: February 21, 2017
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Eunchan Kim, Jae Min Park, Cheol Oh Kang
  • Patent number: 9569597
    Abstract: There is provided an information processing apparatus, including a storage section which stores a first image, which is an image of a format requiring license information in reproduction, to which reproduction is performed by a reproduction apparatus after being acquired, a conversion section which converts the first image into a second image of a format not requiring license information in reproduction, which is an image with content the same as content of the first image, and a distribution section which distributes the second image to the reproduction apparatus to be reproduced, during acquisition of the first image.
    Type: Grant
    Filed: April 10, 2013
    Date of Patent: February 14, 2017
    Assignee: SONY CORPORATION
    Inventors: Tsukuru Yamada, Masatoshi Yamagiwa, Yoshitaka Nakamura, Hakuhei Ryou, Akihiro Kawachino, Takehisa Gokaichi, Koichi Uchida
  • Patent number: 9525553
    Abstract: Provided are a system and method for providing a digital signature based on a mobile trusted module (MTM). The system includes a control unit configured to activate a mobile application and receive selection of one certificate in a previously set certificate list from a user through the activated mobile application, an MTM configured to generate based on the selected certificate a keypad image in which buttons are irregularly arranged, an MTM table for converting keypad touch information into an actual value, and a terminal table for converting keypad image coordinates into an area, and put a digital signature on the certificate using a certificate password input by the user based on the keypad image, the MTM table, and the terminal table to generate a digital signature value, and a communication unit configured to encrypt the generated digital signature value and transmit the encrypted digital signature to an authentication server.
    Type: Grant
    Filed: March 25, 2014
    Date of Patent: December 20, 2016
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventor: Dae-Won Kim
  • Patent number: 9515818
    Abstract: Some embodiments provide a method for performing a block cryptographic operation that includes a plurality of rounds. The method receives a message that includes several blocks. The method selects a set of the blocks. The set has a particular number of blocks. The method applies a cryptographic operation to the selected set of blocks. A particular round of the cryptographic operation for a first block in the set is performed after a later round than the particular round for a second block in the set, while a different particular round for the first block is performed before an earlier round than the different particular round for the second block. In some embodiments, at least two rounds for the first block are performed one after the other without any intervening rounds for any other blocks in the set.
    Type: Grant
    Filed: September 16, 2014
    Date of Patent: December 6, 2016
    Assignee: APPLE INC.
    Inventors: Bruno Kindarji, Mathieu Ciet, Benoit Chevallier-Mames, Thomas Icart, Augustin J. Farrugia
  • Patent number: 9445262
    Abstract: A method of for issuing a radio frequency (RF) card key of an authentication server is disclosed. The method includes receiving an encrypted serial number of a smart card from a mobile terminal, decrypting the encrypted serial number, extracting an RF card key corresponding to the decrypted serial number, encrypting the RF card key, and transmitting the encrypted RF card key to the mobile terminal.
    Type: Grant
    Filed: December 6, 2013
    Date of Patent: September 13, 2016
    Assignee: LG UPLUS CORP.
    Inventors: Yeong Joon Yang, Nam Su Ha
  • Patent number: 9413730
    Abstract: An encryption key management system and method implements enterprise managed encryption key for an enterprise using encryption for cloud-based services. In some embodiments, the enterprise deploys a key agent on the enterprise data network to distribute encryption key material to the network intermediary on a periodic basis. The network intermediary receives the encryption key material from the enterprise and stores the encryption key material in temporary storage and uses the received encryption key material to derive a data encryption key to perform the encryption of the enterprise's data. In this manner, the enterprise can be provided with the added security assurance of maintaining and managing its own encryption key while using cloud-based data storage services. The encryption key management system and method can be applied to ensure that the enterprise's one or more encryption keys do not leave the enterprise's premises.
    Type: Grant
    Filed: November 7, 2014
    Date of Patent: August 9, 2016
    Assignee: Skyhigh Networks, Inc.
    Inventors: Kaushik Narayan, Paul Grubbs
  • Patent number: 9400980
    Abstract: Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers.
    Type: Grant
    Filed: June 24, 2011
    Date of Patent: July 26, 2016
    Assignee: MasterCard Mobile Transactions Solutions, Inc.
    Inventors: Satyan G. Pitroda, Mehul Desai
  • Patent number: 9384484
    Abstract: A user selection of one or more of a plurality of content is received. The selected content is encrypted by a first encryption key that is remote and unknown to the distribution server. Payment information associated with the user selection is also received and verified. The selected content from is retrieved from a remote database. The first encryption key corresponding to the selected content to decrypt the encrypted content corresponding to the user selection is obtained. Decryption is performed by a hardware-based engine of the distribution server that is isolated from a host processor of the distribution server. The content corresponding to the user selection is encrypted according to a second encryption key that is known to the distribution server.
    Type: Grant
    Filed: May 3, 2014
    Date of Patent: July 5, 2016
    Assignee: Adobe Systems Incorporated
    Inventors: David L. Blankenbeckler, William Almon, Jr.
  • Patent number: 9337999
    Abstract: A system for application usage continuum across client devices and platforms includes a first client device configured to execute a first instance of an application and a second client device configured to execute a second instance of the application. The first client device is configured to receive an indication to transfer operation of the first instance of the application running on the first client device to the second instance of the application on the second client device. The first client device is further configured to generate state information and data associated with execution of the first instance of the application on the first client device and cause the state information to be sent to the second client device to enable the second instance of the application on the second client device to continue operation of the application on the second client device using the state information from the first client device.
    Type: Grant
    Filed: April 1, 2011
    Date of Patent: May 10, 2016
    Assignee: Intel Corporation
    Inventors: Naveed Iqbal, Mousumi M. Hazra, Jiphun C. Satapathy, Mojtaba Mirashrafi, Walter Gintz
  • Patent number: 9330389
    Abstract: Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers.
    Type: Grant
    Filed: June 24, 2011
    Date of Patent: May 3, 2016
    Assignee: MasterCard Mobile Transactions Solutions, Inc.
    Inventors: Satyan G. Pitroda, Mehul Desai
  • Patent number: 9330390
    Abstract: Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers.
    Type: Grant
    Filed: June 24, 2011
    Date of Patent: May 3, 2016
    Assignee: MasterCard Mobile Transactions Solutions, Inc.
    Inventors: Satyan G. Pitroda, Mehul Desai
  • Patent number: 9330388
    Abstract: Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers.
    Type: Grant
    Filed: June 24, 2011
    Date of Patent: May 3, 2016
    Assignee: MasterCard Mobile Transactions Solutions, Inc.
    Inventors: Satyan G. Pitroda, Mehul Desai
  • Patent number: 9317849
    Abstract: Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers.
    Type: Grant
    Filed: November 9, 2011
    Date of Patent: April 19, 2016
    Assignee: MasterCard Mobile Transactions Solutions, Inc.
    Inventors: Satyan G. Pitroda, Mehul Desai
  • Patent number: 9298924
    Abstract: A computer implemented method for automatically fixing a security vulnerability in a source code is disclosed. The method includes obtaining identification of code that sends tainted data to corresponding sink code in the source code; and automatically fixing the vulnerability by automatically performing code modification which is selected from the group of code modifications consisting of: code motion and code duplication.
    Type: Grant
    Filed: January 22, 2013
    Date of Patent: March 29, 2016
    Assignee: International Business Machines Corporation
    Inventors: Aharon Abadi, Yishai Abraham Feldman, Ran Ettinger, Jonathan Bnayahu, Omer Tripp, Yinnon Haviv, Adi Sharabani, Omri Weisman
  • Patent number: 9286481
    Abstract: A first code is read from a user carried device useable in an access control system. The first code is an encoded form of at least an ID of a user carrying the device and at least one privilege. The privilege defines the user's access to a resource. The first code is compared to a second code, and access is permitted only if the first code compares favorably to the second code. A reader of the access control system computes the second code based on the user ID and the privilege. The first and second codes may be also based on a secret key applicable only to the user.
    Type: Grant
    Filed: January 18, 2007
    Date of Patent: March 15, 2016
    Assignee: Honeywell International Inc.
    Inventor: Subhas Kumar Ghosh
  • Patent number: 9270655
    Abstract: Configurable one-time authentication tokens are provided with improved resilience to attacks. A one-time authentication token is configured by providing a plurality of token features that may be selectively incorporated into the configurable one-time authentication token, wherein the plurality of token features comprise at least two of the features; obtaining a selection of at least a plurality of the token features: and configuring the one-time authentication token based on the selected token features, wherein the configuration must always enable forward security for the one-time authentication token and at least one additional selected token feature. A configurable one-time authentication token is provided that comprises a plurality of selectable token features that may be selectively incorporated into the configurable one-time authentication token, wherein the configurable one-time authentication token is always configured with the forward security and at least one additional token feature.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: February 23, 2016
    Assignee: EMC Corporation
    Inventors: Ari Juels, Nikolaos Triandopoulos, Marten van Dijk, John Brainard, Ronald Rivest, Kevin Bowers
  • Patent number: 9270673
    Abstract: The terminal device 600 comprises: a read unit configured to read encrypted content and a content signature from a regular region of a recording medium device 700, and to read a converted title key from an authorized region of the recording medium device 700, the converted title key having been converted from a title key with use of a content signature generated by an authorized signature device 500; a title key reconstruction unit configured to generate a reconstructed title key by reversely converting the converted title key with use of the content signature read by the read unit; and a playback unit configured to decrypt the encrypted content with use of the reconstructed title key to obtain decrypted content, and to play back the decrypted content.
    Type: Grant
    Filed: September 24, 2014
    Date of Patent: February 23, 2016
    Assignee: PANASONIC CORPORATION
    Inventors: Takahiro Yamaguchi, Yuichi Futa, Toshihisa Nakano
  • Patent number: 9264227
    Abstract: The present disclosure relates to systems and methods for secure communications. In some aspects, an initiator KMS receives, from an initiator UE, one or more values used in generation of an encryption key, which includes obtaining at least one value associated with a RANDRi. The initiator KMS sends the at least one value associated with the RANDRi to a responder KMS. The responder KMS generates the encryption key using the one or more values.
    Type: Grant
    Filed: January 11, 2013
    Date of Patent: February 16, 2016
    Assignees: BlackBerry Limited, Certicom Corp.
    Inventors: Michael Eoin Buckley, Gregory Marc Zaverucha, Matthew John Campagna
  • Patent number: 9262600
    Abstract: System and method is disclosed for protecting client software running on a client computer from tampering using a secure server. Prior to or independent of executing the client software, the system integrates self-protection into the client software; removes functions from the client software for execution on the server; develops client software self-protection updates; and periodically distributes the updates. During execution of the client software, the system receives an initial request from the client computer for execution of the removed function; verifies the initial request; and cooperates with the client computer in execution of the client software if verification is successful. If verification is unsuccessful, the system can attempt to update the client software on the client computer; and require a new initial request. Client software can be updated on occurrence of a triggering event. Communications can be encrypted, and the encryption updated. Authenticating checksums can be used for verification.
    Type: Grant
    Filed: August 22, 2012
    Date of Patent: February 16, 2016
    Assignee: Arxan Technologies, Inc.
    Inventor: Kevin Dale Morgan
  • Patent number: 9251378
    Abstract: A processing apparatus 2 has a secure domain 90 and a less secure domain 80. Security protection hardware 40 performs security checking operations when the processing circuitry 2 calls between domains. A data store 6 stores several software libraries 100 and library management software 110. The library management software 110 selects at least one of the libraries 100 as an active library which is executable by the processing circuitry 4 and at least one other library 100 as inactive libraries which are not executable. In response to an access to an inactive library, the library management software 110 switches which library is active.
    Type: Grant
    Filed: March 20, 2014
    Date of Patent: February 2, 2016
    Assignee: ARM Limited
    Inventor: Thomas Christopher Grocutt
  • Patent number: 9219606
    Abstract: Method and System for encrypting plaintext digital data divided into a sequence comprising successive plaintext blocks of a same length of bits each and a residual plaintext block having a length of bits lower than the length of one of the successive plaintext blocks. The successive plaintext blocks are ciphered with the main encryption key by using a ciphering algorithm based on a cipher block chaining mode to obtain a sequence of successive ciphered blocks having the same length as the successive plaintext blocks. A set of round keys having a same length, are generated by applying a key schedule function on a string obtained by adding the last ciphered block to the main encryption key. The round keys of the set are added together to obtain a resulting string having a length equal to the length of a block of the sequence.
    Type: Grant
    Filed: October 3, 2013
    Date of Patent: December 22, 2015
    Assignee: NAGRAVISION S.A.
    Inventor: Jean-Philippe Aumasson
  • Patent number: 9208490
    Abstract: Methods and systems are provided for supporting electronic transactions, including transactions that are provided with per-user, per-device and per-domain security across domains of multiple service providers.
    Type: Grant
    Filed: June 23, 2011
    Date of Patent: December 8, 2015
    Assignee: MasterCard Mobile Transactions Solutions, Inc.
    Inventors: Satyan G. Pitroda, Mehul Desai