Multiple Computer Communication Using Cryptography Patents (Class 713/150)
  • Patent number: 11658943
    Abstract: Provided is a detection device which is suitable for receiving a service within a network assembly, having the following:—means for providing cryptographic security at or above the transport level of the communication protocol levels which can be used in the network assembly for at least one first existing communication connection between the detection device and a network access device which is arranged in the network assembly and which can be used to monitor data detected by the detection device and/or control an additional device within the network assembly using the data detected by the detection device,—means for generating and/or determining network access configuration data for at least one additional second communication connection, which is to be cryptographically secured below the transport level, between the detection device and the network access device,—means for providing the generated and/or determined network access configuration data to the network access device.
    Type: Grant
    Filed: October 9, 2017
    Date of Patent: May 23, 2023
    Inventors: Rainer Falk, Steffen Fries
  • Patent number: 11658953
    Abstract: Novel tools and techniques might provide for implementing secure communications for IoT devices. In various embodiments, a gateway or computing device might provide connectivity between or amongst two or more Internet of Things (“IoT”) capable devices, by establishing an IoT protocol-based, autonomous machine-to-machine communication channel amongst the two or more IoT capable devices. For sensitive and/or private communications, the gateway or computing device might establish a secure off-the-record (“OTR”) communication session within the IoT protocol-based, autonomous machine-to-machine channel, thereby providing encrypted machine-to-machine communications amongst the two or more IoT capable devices, without any content of communications that are exchanged amongst the IoT capable devices over the secure OTR communication session being recorded or logged.
    Type: Grant
    Filed: July 20, 2021
    Date of Patent: May 23, 2023
    Assignee: CenturyLink Intellectual Property LLC
    Inventor: Tom Funk
  • Patent number: 11651105
    Abstract: A system includes a user computing device with an application for removal of privacy data. The application obtains vehicle information associated with a target vehicle that has a target in-vehicle device from which privacy information of a user is to be removed. Using the vehicle information, the application determines vehicle parameters associated with the target vehicle. The application obtains a privacy information removal file comprising an instruction set associated with removing privacy data from candidate in-vehicle devices, and presents the instruction set. A user experience feedback associated with the candidate in-vehicle devices is obtained and stored in a database.
    Type: Grant
    Filed: October 13, 2021
    Date of Patent: May 16, 2023
    Assignee: Privacy4Cars, Inc.
    Inventor: Andrea Amico
  • Patent number: 11637702
    Abstract: Techniques for verifiable computation for cross-domain information sharing are disclosed. An untrusted node in a distributed cross-domain solution (CDS) system is configured to: receive a first data item and a first cryptographic proof associated with the first data item; perform a computation on the first data item including one or more of filtering, sanitizing, or validating the first data item, to obtain a second data item; generate, using a proof-carrying data (PCD) computation, a second cryptographic proof that indicates (a) validity of the first cryptographic proof and (b) integrity of the first computation on the first data item; and transmits the second data item and the second cryptographic proof to a recipient node in the distributed CDS system. Alternatively or additionally, the untrusted node may be configured to transmit a cryptographic proof to a trusted aggregator in the CDS system.
    Type: Grant
    Filed: February 10, 2021
    Date of Patent: April 25, 2023
    Assignee: Raytheon BBN Technologies Corp.
    Inventors: Joud Khoury, Michael Hassan Atighetchi, Zachary Ratliff
  • Patent number: 11626981
    Abstract: A first network device may install a receiving key for decrypting traffic on protocol hardware associated with a data plane of the first network device. The first network device may receive, from the data plane, a first notification indicating that the receiving key is installed on the protocol hardware and may provide, to a second network device, a first message identifying the receiving key. The first network device may receive, from the second network device, an acknowledgment message indicating that the receiving key is installed on the second network device and may install a transmission key for encrypting traffic on the protocol hardware. The first network device may receive, from the data plane, a second notification indicating that the transmission key is installed on the protocol hardware and may provide, to the second network device, a second message identifying the transmission key.
    Type: Grant
    Filed: December 7, 2021
    Date of Patent: April 11, 2023
    Assignee: Juniper Networks, Inc.
    Inventors: Guruprasad P N, Sumeet Mundra
  • Patent number: 11610026
    Abstract: This document describes a module and method for authenticating data transfer between a storage device and a host device. The module is configured to allow encrypted data to be exchanged between the storage device and the host device once the module has verified that the storage device has been correctly paired with an authorized host device whereby the verification step does not require a password to be manually entered or an additional external device to be attached.
    Type: Grant
    Filed: January 13, 2022
    Date of Patent: March 21, 2023
    Assignee: Flexxon PTE. LTD.
    Inventors: Chan Mei Ling, Nizar Bouguerra
  • Patent number: 11601425
    Abstract: Described is a system for maintaining dual-party authentication requirements for data retention compliance in a distributed storage environment that includes servers or nodes with remote access components. When administering a data retention policy, an operating system component may require a dual-party authentication mechanism to prevent data deletion, while a different authentication mechanism may control access to the remote access components. Access to the remote access component by a single privileged user, however, may enable overriding or compromising the retention lock compliance implemented by the operating system. Accordingly, the system may tie the dual-party authentication requirement to the authentication mechanism of the remote access components.
    Type: Grant
    Filed: December 12, 2019
    Date of Patent: March 7, 2023
    Assignee: EMC IP Holding Company LLC
    Inventors: Senthil Ponnuswamy, Marcelo Vinante, Anjali Anjali, Anurag Sharma, Rekha Sampath
  • Patent number: 11586723
    Abstract: An information processing apparatus in which a plurality of applications operate is provided. The apparatus comprises a verification unit that verifies whether or not an application can be trusted; and a controller that controls the application, wherein during the execution of a first application executed in response to a user instruction, the controller causes the verification unit to verify a second application that the first application dynamically imports, before the second application is loaded.
    Type: Grant
    Filed: March 18, 2020
    Date of Patent: February 21, 2023
    Assignee: Canon Kabushiki Kaisha
    Inventor: Kiwamu Hasegawa
  • Patent number: 11580015
    Abstract: Systems and methods for performing data protection operations including garbage collection operations and copy forward operations. For deduplicated data stored in a cloud-based storage or in a cloud tier that stores containers containing dead and live segments or dead and live regions such as compression regions, the dead compression regions are deleted by copying the live compression regions into new containers and then deleting the old containers. The copy forward is based on a recipe from a data protection system and is performed using a serverless approach.
    Type: Grant
    Filed: May 3, 2019
    Date of Patent: February 14, 2023
    Inventors: Ramprasad Chinthekindi, Philip Shilane, Abhinav Duggal
  • Patent number: 11556662
    Abstract: Method and apparatus for virtualized environment where virtual computing instances interface a service platform operated on a physical computing apparatus are disclosed. A new virtual computing instance interfacing the service platform can be created, the created new virtual computing instance belonging to a class of virtual computing instances. At least one security credential is obtained from a storage of security credentials associated with the class of the new virtual computing instance. Data communicated with at least one further computing instance is secured based on the obtained at least one security credential.
    Type: Grant
    Filed: September 1, 2021
    Date of Patent: January 17, 2023
    Assignee: SSH Communications Security OYJ
    Inventor: Tatu Ylönen
  • Patent number: 11558401
    Abstract: A computerized method for analyzing an object is disclosed. The computerized method includes performing, by a first cybersecurity system, a first malware analysis of the object, wherein a first context information is generated by the first cybersecurity system based on the first malware analysis. The first context information includes at least origination information of the object. Additionally, a second cybersecurity system, obtains the object and the first context information and performs a second malware analysis of the object to determine a verdict indicating maliciousness of the object. The second malware analysis is based at least in part on the first context information. The second cybersecurity system generates and issues a report based on the second malware analysis, the report including the verdict.
    Type: Grant
    Filed: March 14, 2019
    Date of Patent: January 17, 2023
    Assignee: FireEye Security Holdings US LLC
    Inventors: Sai Vashisht, Sumer Deshpande, Sushant Paithane, Rajeev Menon
  • Patent number: 11557011
    Abstract: A blockchain-based method for document transformation and accountability is provided. Document templates for real property transfer are maintained. Each template includes data fields. Some of the document templates are collected as transaction documents for a transaction for the property transfer. The data fields are populated with received data values. Compliance checking is performed on the populated data values. The checked transaction documents are provided to a network having a first tier of network nodes and a second tier of supernodes. One of the supernodes is selected to validate the transaction documents. The validated transaction documents are added to a ledger of transactions. A hash of the validated transaction documents is transmitted to the first tier. One of the network nodes is selected to commit the hash to a blockchain of the first tier. The hash is committed to copies of the blockchain.
    Type: Grant
    Filed: September 4, 2019
    Date of Patent: January 17, 2023
    Assignee: Side, Inc.
    Inventors: Edward Wu, Guy Gal, Christopher Dzoba, Jeffrey Judkins, Mark J. Stefik, Adriano Castro
  • Patent number: 11553254
    Abstract: Methods, systems, and media for providing dynamic media sessions with audio stream expansion features are provided. In some embodiments, the methods include: receiving an indication that audio content associated with a video content item is to be presented by a follower device synchronously with the audio content presented by the leader device; identifying candidate follower devices by determining whether devices connected to a local area network are capable of being designated as a follower device; causing a user interface to be presented that indicates each candidate follower device; receiving, via the user interface, a selection of one of the candidate follower devices; and transmitting, from the leader to the selected follower device, control instructions that cause the audio content associated with the video content item to be presented synchronously by the selected follower device with the video content item presented by the leader device.
    Type: Grant
    Filed: August 28, 2020
    Date of Patent: January 10, 2023
    Assignee: Google LLC
    Inventors: Christopher Chan, Kenneth J. MacKay, James Carroll West
  • Patent number: 11546662
    Abstract: Methods and apparatus to monitor media presentations are disclosed. Example methods disclosed herein include presenting information via a display of a media device, the information indicating that monitor software in the media device can be enabled, the monitor software to monitor media presented by the media device, the monitor software to be disabled by default. Disclosed example methods also include detecting a first user input that is to authorize the monitor software in the media device to be enabled, and in response to detection of the first user input: (i) enabling the monitor software in the media device to generate and report at least one of video fingerprints, audio fingerprints, video watermarks or audio watermarks representative of media presented by the media device, and (ii) transmitting, via a network interface, a notification to a remote monitoring entity to indicate that the monitor software in the media device has been enabled.
    Type: Grant
    Filed: January 25, 2021
    Date of Patent: January 3, 2023
    Assignee: The Nielsen Company (US), LLC
    Inventor: Mark C. Zimmerman
  • Patent number: 11546169
    Abstract: A system that provides responses to requests obtains a key that is used to digitally sign the request. The key is derived from information that is shared with a requestor to which the response is sent. The requestor derives, using the shared information, derives a key usable to verify the digital signature of the response, thereby enabling the requestor to operate in accordance with whether the digital signature of the response matches the response.
    Type: Grant
    Filed: June 13, 2019
    Date of Patent: January 3, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine
  • Patent number: 11546402
    Abstract: A method and apparatus include including, in a moving pictures experts group (MPEG) dynamic adaptive streaming over hypertext transfer protocol (DASH) media presentation description (MPD) file, an initialization presentation element that identifies an initialization presentation and one or more initialization groups included in the initialization presentation. An initialization group element that identifies an initialization group and one or more initialization sets included in the initialization group is included in the MPD file. An initialization set element that identifies an initialization set is included in the MPD file. The MPD file is transmitted to a client device.
    Type: Grant
    Filed: December 26, 2019
    Date of Patent: January 3, 2023
    Inventor: Iraj Sodagar
  • Patent number: 11544389
    Abstract: Disclosed herein are systems and method for performing secure computing while maintaining data confidentiality. In one exemplary aspect, a method receives, via an application, both data and a request to perform a secure operation on the data, wherein the secure operation is to be performed using a secure compute engine on a cloud platform such that the data is not viewable to a provider of the cloud platform. The method applies transformations to the data so that the data is not viewable to the provider. The method transmits the transformed data to the secure compute engine on the cloud platform to perform the secure operation on the transformed data, receives a result of the secure operation from the secure compute engine, and transmits the result to the application.
    Type: Grant
    Filed: March 16, 2020
    Date of Patent: January 3, 2023
    Assignee: Acronis International GmbH
    Inventors: Sivanesan Kailash Prabhu, Mark Will, Sanjeev Solanki, Aarthi Kannan, Xiaolu Hou, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11544182
    Abstract: Methods, systems, techniques, and devices for smart factory reset procedures are described. In accordance with examples as disclosed herein, a memory system may receive one or more commands associated with a reset procedure. The memory system may identify, in response to the one or more commands, a first portion of one or more memory arrays of the memory system as storing user data and a second portion of the one or more memory arrays as storing data associated with an operating system. The memory system may update a mapping of the memory system based on identifying the first portion and the second portion. The memory system may transfer the data associated with the operating system to a third portion of the one or more memory arrays and perform an erase operation on a subset of physical addresses of the set of physical addresses.
    Type: Grant
    Filed: June 30, 2020
    Date of Patent: January 3, 2023
    Assignee: Micron Technology, Inc.
    Inventor: Giuseppe Cariello
  • Patent number: 11537752
    Abstract: A request is received from a trusted application to authorize a client application that requests a service offered by the trusted application. Whether the client application is authorized to access the trusted application is determined in view of the request. An authentication of a user of the client application is caused in response to determining the client application is authorized to access the trusted application. An authorization result is returned to the trusted application in view of the determining and the authentication.
    Type: Grant
    Filed: November 18, 2019
    Date of Patent: December 27, 2022
    Assignee: Red Hat, Inc.
    Inventor: David Zeuthen
  • Patent number: 11533346
    Abstract: Aspects of the disclosure include methods, apparatuses, and non-transitory computer-readable storage mediums for receiving media data. One apparatus includes processing circuitry that receives a media presentation description (MPD) file that includes an essential property descriptor for session-based dynamic adaptive streaming over hypertext transfer protocol (DASH). The essential property descriptor indicates a session-based description (SBD) file and includes a set of keys for a part of a uniform resource locator (URL) that is used for receiving the media data. The processing circuitry determines a respective value for each of the set of keys based on whether the respective value is included in the SBD file and modifies the URL based on the set of keys and the determined values.
    Type: Grant
    Filed: September 16, 2021
    Date of Patent: December 20, 2022
    Inventor: Iraj Sodagar
  • Patent number: 11531788
    Abstract: An approach for operating at least one touch-sensitive, flat input device of a complete device, the input device being connected via a message-based bus connection to a control device of the complete device, and messages containing touch datasets describing touch data events being transmitted to the control device, which evaluates the messages for input information for an application program implemented by the control device, wherein when a security function in the control device that queries sensitive input information is accessed, the touch datasets are transmitted from the input device to the control apparatus via the bus connection in encrypted form until the associated input process has ended.
    Type: Grant
    Filed: April 18, 2019
    Date of Patent: December 20, 2022
    Assignee: Audi AG
    Inventors: Markus Klein, Kamil Zawadzki, Changsup Ahn, Tim Krämer, Mathias Bösl
  • Patent number: 11533160
    Abstract: A mobile network operator (MNO) uses a provisioning server to update or install profile content in a profile or electronic subscriber identity module (eSIM). In an exemplary embodiment, the profile is present on a secure element such as an embedded universal integrated circuit card (eUICC) in a wireless device. One or more MNOs use the provisioning server to perform profile content management on profiles in the eUICC. In some embodiments, an MNO has a trust relationship with the provisioning server. In some other embodiments, the MNO does not have a trust relationship with the provisioning server and protects payload targeted for an MNO-associated profile using an over the air (OTA) key.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: December 20, 2022
    Assignee: Apple Inc.
    Inventor: Xiangying Yang
  • Patent number: 11501632
    Abstract: Methods and systems for contingency communication are disclosed. In one embodiment, a method for providing emergency services may be performed by a base station operating in a communication system in an embodiment, the method for providing emergency services includes transmitting a beacon signal to indicate an emergency status to enable portable devices to operate in a stress mode. A distress signal may be transmitted by a mobile device in response to the beacon signal to the base station, wherein the distress signal carries information at least comprising user identity associated with the mobile device, geolocation of the mobile device, or biometrics of a user of the mobile device.
    Type: Grant
    Filed: May 20, 2021
    Date of Patent: November 15, 2022
    Assignee: Neo Wireless LLC
    Inventors: Titus Lo, Xiaodong Li
  • Patent number: 11496447
    Abstract: A system, method and computer-readable medium provide secure communication between a first and a second computer system based on supersingular isogeny elliptic curve cryptography. The first computer system and the second computer system each determine kernels KA and KB including computing mP+nQ by accessing a lookup table stored in a memory that contains a range of doubles of an end point of the respective kernels, where P and Q are points on the public elliptic curve and m and n are integers. The first computer system and the second computer system compute secret isogenies by determining a respective kernel KBA and KAB using mixed-base multiplicands with a single inversion, including computing the respective kernel KBA and KAB by converting the multiplicands to base 32, and computing scalar multiplications using the base 32 multiplicands.
    Type: Grant
    Filed: April 16, 2021
    Date of Patent: November 8, 2022
    Assignee: Umm AI-Qura University
    Inventor: Wesam Eid
  • Patent number: 11494373
    Abstract: Techniques for modifying queries in a set of nested queries are disclosed. A graphical user interface displays a query detail region alongside a nested query display region. The graphical user interface includes functionality to provide for modification of queries in the nested set of queries. Based on a selection by a user, a query modification tool promotes a query attribute from a child query to one or more parent queries. Based on another selection by a user associated with one query in the set of nested queries, the system deletes an attribute from each query in the set of nested queries. Responsive to a selection to create multiple conditions for a query rule, the system modifies the functionality of the user interface to enable entry of multiple condition characteristics. Based on a further selection, the system creates the multiple conditions for the query rule.
    Type: Grant
    Filed: September 28, 2021
    Date of Patent: November 8, 2022
    Assignee: Oracle International Corporation
    Inventors: Prashant Singh, Rasika Vaidya Kaura, Henrik Michael Ammer
  • Patent number: 11483295
    Abstract: Described embodiments provide systems and methods for establishing an end-to-end cryptographic context. A service node may be located intermediary between a client and server which provides a service to the client. At least one network device may be located intermediary between the service node and the server. The service node may obtain information for validating the service. The service node may establish an end-to-end cryptographic context between the service node and server through the network device(s). A first network device of the network device(s) may share a cryptographic context with the service node, which existed prior to establishment of the end-to-end cryptographic context. The service node may transmit a message to the network device encrypted using the first cryptographic context. The encrypted message may inform the first network device to pass through traffic that is encrypted using the end-to-end cryptographic context.
    Type: Grant
    Filed: December 5, 2018
    Date of Patent: October 25, 2022
    Assignee: Citrix Systems, Inc.
    Inventor: Viswanath Yarangatta Suresh
  • Patent number: 11477025
    Abstract: A method including determining an assigned key pair associated with a device, the assigned key pair including an assigned public key and an associated assigned private key; determining an access key pair associated with content to be encrypted, the access key pair including an access public key and an associated access private key; encrypting the access private key using a combination encryption key determined based at least in part on the access private key and the assigned public key; encrypting a randomly generated key by utilizing the access public key; and encrypting the content utilizing the randomly generated key. Various other aspects are contemplated.
    Type: Grant
    Filed: September 22, 2021
    Date of Patent: October 18, 2022
    Assignee: UAB 360 IT
    Inventor: Mindaugas Valkaitis
  • Patent number: 11455587
    Abstract: Techniques for risk evaluation include receiving, from a requesting entity, a request for monitoring target entities specifying a first identifier associated with each target entity and target entity information. The system generates a second identifier and a third identifier for each target entity and stores a mapping of the second identifiers to the first identifiers and the third identifiers, preventing the second identifiers from being provided to the requesting entity. The system monitors a periodically updated data set and determines risk metrics for the target entities, comparing each risk metric to a threshold value to identify target entities whose risk data indicates an insider threat. The system generates a third identifier for the identified target entities and provides the third identifiers to the requesting entity. Responsive to a request for a corresponding first identifier, the system identifies and provides the first and third identifiers to the requesting entity.
    Type: Grant
    Filed: April 20, 2020
    Date of Patent: September 27, 2022
    Assignee: EQUIFAX INC.
    Inventors: Michael McBurnett, Michael Reith, Terry Woodford, Patricia Bassetti, Abhinav Sinha
  • Patent number: 11444897
    Abstract: A system and method for controlling access to a message after communication. A sender sends an encrypted message to a recipient. The sender also sends an encryption key and the identity of the recipient to a services component. The recipient authenticates its access rights with the services component to obtain the encryption key. The key is held for a period of time for the recipient to access the encrypted message. The recipient may re-authenticate with the services component to again obtain the key to subsequently access the message. The sender may revoke or reinstate the receiver's access to the message by updating the service component.
    Type: Grant
    Filed: July 5, 2016
    Date of Patent: September 13, 2022
    Assignee: CRYPTOMILL INC.
    Inventors: Nandini Jolly, Chris Batty, Canute Serrao, Deepu Filji, David Dai
  • Patent number: 11438155
    Abstract: Techniques for implementing a key vault as an enclave are presented. The techniques include securely storing, in a key vault enclave, a key for an encryption system according to a key use policy; sending an vault attestation report of a key vault enclave to a vault client; and performing an operation in the key vault enclave with the key. Some embodiments further include receiving, at the key vault enclave, a client attestation report of the vault client wherein the vault client and key vault enclave are hosted on different native enclave platforms.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: September 6, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Manuel Costa
  • Patent number: 11429624
    Abstract: An assigning device (100) for assigning fixed identifiers to fuzzy identifiers, the assigning device comprising a database storing multiple fuzzy identifiers, and a matching unit (130) arranged to determine if a matching fuzzy identifier exists in the database that matches a fuzzy input identifier according to a matching criterion and to determine if a matching fuzzy identifier does not exist in the database according to an absent criterion.
    Type: Grant
    Filed: November 4, 2016
    Date of Patent: August 30, 2022
    Assignee: INTRINSIC ID B.V.
    Inventors: Geert Jan Schrijen, Derk Jan Meuleman
  • Patent number: 11425565
    Abstract: A method for Multipath Quick User Datagram Protocol (UDP) Internet Connections (MPQUIC) over Quick SOCKS (QSOCKS) in a wireless network is provided. The method includes receiving, by a QSOCKS server, a Client Hello (CHLO) message from a QSOCKS client device using a QSOCKS method tag, wherein the CHLO message comprises a plurality of client-supported SOCKS Authentication (AUTH) procedures, selecting, by the QSOCKS server, a candidate client-supported SOCKS AUTH procedure from the plurality of client-supported SOCKS AUTH procedures, and transmitting, by the QSOCKS server, a reject packet using the QSKM tag to the QSOCKS client device, wherein the reject packet includes information indicating the selected candidate client-supported SOCKS AUTH procedure.
    Type: Grant
    Filed: March 5, 2020
    Date of Patent: August 23, 2022
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Madhan Raj Kanagarathinam, Sujith Rengan Jayaseelan, Gaurav Sinha, Bhagwan Dass Swami, Gunjan Kumar Choudhary, Karthikeyan Arunachalam
  • Patent number: 11425103
    Abstract: Systems and methods for token secured routing are disclosed. An outbound routing table is maintained. A first token state is determined. A token value is determined based on the determined token state. First and second portions of the token value are identified. The first message is encrypted using the second portion of the first token value. A first packet is generated that includes the first portion as a token and includes the encrypted first message. The first packet is sent to the second node based on the second outbound routing entry in the outbound routing table.
    Type: Grant
    Filed: March 7, 2020
    Date of Patent: August 23, 2022
    Assignee: Medic, Inc.
    Inventors: David R. Hall, Jeff Campbell, Joshua Dutton, Monte Johnson, David Crismon
  • Patent number: 11424914
    Abstract: A system can control access to encrypted data shared by a group of users by the use of a vault key that is associated with a group of users. The encrypted data can include encrypted secret data generated from the secret data using a secret key, an encrypted secret key can be generated from the secret key by the use of a vault key, and an encrypted vault key generated from the vault key by the use of a public key associated with a user of the group of users. The system can allow users to store and access the encrypted data only if the user is a current member of the group. The system can verify the user's membership status from a group manager, such as a system managing a channel or chat session.
    Type: Grant
    Filed: December 3, 2019
    Date of Patent: August 23, 2022
    Inventors: Alexander Weiss, Eric Scott Albright, Dustyn J. Tubbs, Paresh Lukka, Andrew V. Spiziri, Lawrence Fubini Waldman
  • Patent number: 11418497
    Abstract: A system is provided for facilitating access to data stored in a cloud-based storage service. Data associated with a user account is stored at the cloud-based storage service. A portion of the data is associated with a heightened authentication protocol. A request for an application to receive data that is associated with the heightened authentication protocol is received at the cloud-based storage service. In response to the request, the request is authenticated based on the heightened authentication protocol. In response to authenticating the request, permission is granted for the application to receive the data that is associated with the heightened authentication protocol. In response to a locking of the data that is associated with the heightened authentication protocol, an indication that the data is unavailable is sent to the application.
    Type: Grant
    Filed: March 21, 2019
    Date of Patent: August 16, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jyotsana Rathore, Jose A. Barreto, Kevin Andrew Chan, Deepak Sreenivas Pemmaraju, Robert C. Turner, Ronakkumar Desai, Patrick Moulhaud
  • Patent number: 11411726
    Abstract: A computer implemented method of generating cryptographic keys for a hardware security module (HSM), the method including generating a plurality of cryptographic keys and storing the cryptographic keys for use by the HSM in providing cryptography functions, wherein the cryptographic keys are generated based on numerical data generated by a hardware random number generator, such that a rate of generation of the cryptographic keys unconstrained by the resources of the HSM, wherein the hardware random number generator operates based on a plurality of statistically random entropy data sources originating from natural phenomena so as to increase a degree of randomness of the numerical data.
    Type: Grant
    Filed: May 2, 2019
    Date of Patent: August 9, 2022
    Inventors: Joshua Daniel, Ali Sajjad
  • Patent number: 11409870
    Abstract: In example embodiments, systems and methods extract a model of a computer application during load time and store the model in memory. Embodiments may insert instructions into the computer application at run time to collect runtime state of the application, and analyze the collected data against the stored model to perform detection of security events. Embodiments may also instrument an exception handler to detect the security events based on unhandled memory access violations. Embodiments may, based upon the detection of the security events, dynamically respond, such as by modify a computer routine associated with an active process of the computer application. Modification may include installing or verifying an individual patch in memory associated with the computer application.
    Type: Grant
    Filed: June 16, 2017
    Date of Patent: August 9, 2022
    Assignee: Virsec Systems, Inc.
    Inventor: Satya Vrat Gupta
  • Patent number: 11405370
    Abstract: The present disclosure describes techniques for storing encrypted files in a secure file repository and transferring those encrypted files to one or more recipients. A user selects a file to upload to a secure file repository. A secure collaboration app on the user's device generates a first encryption key that is used to encrypt the file. The encrypted file is then uploaded to the secure file repository, which provides the secure collaboration app with a random file name and a location of the encrypted file. The secure collaboration app updates locally stored metadata of the first encrypted file. To securely transfer the file, the user generates a second encryption key, encrypts the metadata with the second encryption key, and transmits the encrypted metadata to one or more receivers. The one or more receivers decrypt the encrypted metadata and use the decrypted metadata to retrieve the file and decrypt it.
    Type: Grant
    Filed: February 2, 2017
    Date of Patent: August 2, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Ernest W. Grzybowski, Christopher A. Howell, Thomas Michael Leavy, David A. Sugar, Dipakkumar R. Kasabwala
  • Patent number: 11392401
    Abstract: A device-management system performs processing, such as audio processing, in an instance of a virtual machine corresponding to a functionally limited (local) device. To register the user device, the device-management system receives a registration request that includes device information, encryption data, and an indication of an associated user account. The device-management system then sends this registration data to a service-provider system, which returns a shared encryption key. The device-management system and the user device may use this shared encryption key to securely communicate. The device-management system may de-allocate the instance upon detecting a period of inactivity of the user device and may re-allocate the instance when new activity is detected. The device-management system may further determine when and if audio data to be sent to the user device is encoded using a codec not implemented by the user device.
    Type: Grant
    Filed: July 23, 2019
    Date of Patent: July 19, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Sebastian Pierce-Durance, Kenneth Edward Cecka, Adam Stevens, Sanjay Devireddy, Po-Chen Paul Yang, Naveen Kumar Devaraj, Federico Dan Rozenberg, Pete Baldridge, Rajiv Jain, Pranov Rai, Todd Greenwalt, Yusuf Goren
  • Patent number: 11392564
    Abstract: In general, embodiments of the present invention provide systems and computer readable media for implementing a single data integration platform that supports multiple data access interfaces to a single corpus of stored dynamic data collected from multiple data sources. In embodiments, the data integration platform includes a record tables layer that stores a group of data records and supports a CRUD interface for accessing the data records; a resolution mapping layer that stores a set of entities generated by a many-to-one mapping of data records to entities using entity resolution; and an entities layer that stores resolved entities which may be accessed via either a search interface based on search criteria or a hybrid search interface that supports “get via record id” queries.
    Type: Grant
    Filed: June 26, 2020
    Date of Patent: July 19, 2022
    Assignee: GROUPON, INC.
    Inventors: David Alan Johnston, Andrew James, Pradhee Tandon, Sivaramakrishnan Natarajan
  • Patent number: 11387982
    Abstract: The invention relates to an authentication method. The method comprises: collecting, based on a predetermined authentication policy, at least one context data element; constituting, based on the at least one collected context data element, a data packet; generating, by using a predetermined hash type algorithm and the data packet, as input to the predetermined hash type algorithm, a hash; sending the generated hash; generating, as a hash distance generation step, a hash distance between the generated hash and a predetermined reference hash; and authenticating successfully or not based on the generated hash distance, as an authentication step. The invention also relates to corresponding device and system.
    Type: Grant
    Filed: November 19, 2018
    Date of Patent: July 12, 2022
    Inventors: Fabrice Delhoste, Frédéric Paillart, Sébastien Petit
  • Patent number: 11387997
    Abstract: The technology disclosed herein provides an enhanced cryptographic access control mechanism that uses a cryptographic keys that are based on location data. An example method may include: determining location data of a computing device; transforming the location data in view of conversion data associated with the computing device, wherein the conversion data causes a set of alternate location data values to transform to a specific cryptographic value; creating, by a processing device, a cryptographic key in view of the transformed location data; and using the cryptographic key to enable access to a protected resource.
    Type: Grant
    Filed: February 7, 2019
    Date of Patent: July 12, 2022
    Assignee: Red Hat, Inc.
    Inventors: Nathaniel P. McCallum, Peter M. Jones
  • Patent number: 11381389
    Abstract: A method and devices for securely and privately generating a threshold vault address and distributed individual key shares reliant upon individually selected polynomial functions, without revealing the key shares and without ever reconstructing the private key. A digital asset stored at the threshold vault address may be used as an input to a transaction through generating a digital signature corresponding to the threshold vault address. Methods and devices are described for collaboratively generating the digital signature without reconstructing the private key or revealing individual key shares. Methods and devices are described for refreshing the distributed private key shares.
    Type: Grant
    Filed: August 13, 2018
    Date of Patent: July 5, 2022
    Assignee: nChain Holdings Ltd.
    Inventor: Craig Steven Wright
  • Patent number: 11381394
    Abstract: An encryption key generating engine includes a random number pool, an entangling string generator, and a control circuit. The random number pool stores a plurality of random bits, and values of the plurality of random bits are generated randomly. The entangling string generator provides an entangling string according to an input key. The control circuit is coupled to the random number pool and the entangling string generator. The control circuit retrieves a sequence of random bits from the plurality of random bits stored in the random number pool according to the input key, receive the entangling string from the entangling string generator, and entangle the entangling string with the sequence of random bits to generate a secret key.
    Type: Grant
    Filed: July 16, 2020
    Date of Patent: July 5, 2022
    Assignee: PUFsecurity Corporation
    Inventors: Meng-Yi Wu, Ching-Sung Yang
  • Patent number: 11366869
    Abstract: Systems and methods for cache optimization are disclosed. A request for a user interface is received from a first user device. The request includes a user key. An interface key corresponding to an interface template of the requested user interface is generated from the user key. The interface template of the requested user interface is loaded. The interface template includes one or more edge side include (ESI) identifiers in the interface template. An element key corresponding to a first ESI element associated with a first of the one or more ESI identifiers is generated from the user key. The first ESI element is loaded and positioned at a location within the interface template identified by the first of the one or more ESI identifiers. A complete user interface is provided to the first user device. The complete user interface includes the interface template having the first ESI element positioned therein.
    Type: Grant
    Filed: December 7, 2018
    Date of Patent: June 21, 2022
    Assignee: Walmart Apollo, LLC
    Inventors: Stephen A. Bitondo, Anthony Tang, Shriram Sharma, Girish Subramanian, Duy Le
  • Patent number: 11363006
    Abstract: Systems and methods of matching identifiers between multiple datasets are described herein. A system can transmit a first identifier vector to a third party server. The first identifier vector can include a first identifier, first parameters, and second parameters. The system can receive, from the third party server, the first identifier vector encrypted based on a third-party encryption. The system can receive, from the third party server, a second identifier vector encrypted based on the third-party encryption associated with the third party server. The second identifier vector can include a second identifier, third parameters, and fourth parameters. The system can determine a correlation count between the first identifier vector and the second identifier vector. The system can determine that the first identifier corresponds to the second identifier based on the correlation count. The system can generate one identifier key for both the first identifier and the second identifier.
    Type: Grant
    Filed: April 8, 2020
    Date of Patent: June 14, 2022
    Assignee: GOOGLE LLC
    Inventors: Mahyar Salek, Philip McDonnell, Vinod Kumar Ramachandran, Shobhit Saxena, David Owen Shanahan
  • Patent number: 11357061
    Abstract: A system and a method of connecting devices via a Wireless-Fidelity (Wi-Fi) network are provided. The method of communication-connecting an external device to an Access Point (AP) via a Wi-Fi network is performed by a device and includes operations of receiving device information of the external device from the external device that operates in an AP mode, accessing the external device that operates in the AP mode, by using the device information, and providing connection information relating to the AP to the external device, and wherein, when the connection information is provided to the external device, the external device terminates operating in the AP mode, and the external device then accesses the AP based on the connection information.
    Type: Grant
    Filed: September 24, 2018
    Date of Patent: June 7, 2022
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Hee-chul Jeon, Jung-ho Kim, Yong-gook Park, Woo-hyoung Lee, Sang-ok Cha
  • Patent number: 11354450
    Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to define a parent application executing on a secure runtime hardware resource. A state snapshot of the secure runtime hardware resource is maintained. A fork request for a child application to be derived from the parent application is received. An updated state snapshot of the state snapshot is formed. The child application is instantiated. Encrypted state is transferred from the parent application to the child application. The encrypted state is used to derive an encryption key shared by the parent application and the child application. The encrypted state in the child application is decrypted using the encryption key to spawn an independent child application operative as an additional secure runtime instance. The parent application on the secure runtime hardware resource and the child application operative as the additional secure runtime instance are executed independently.
    Type: Grant
    Filed: March 2, 2021
    Date of Patent: June 7, 2022
    Assignee: Anjuna Security, Inc.
    Inventors: Yan Michalevsky, Boris Mittelberg, Thomas Aprelev
  • Patent number: 11354419
    Abstract: Techniques are provided for identifying and encrypting fields of an application object at an application layer in a multi-tenant cloud architecture, using an object metadata structure of the application object. Accordingly, transparent, per-tenant encryption capabilities are provided, while enabling transfer of encrypted object data between the application layer and a storage layer.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: June 7, 2022
    Assignee: SAP SE
    Inventor: Vipul Gupta
  • Patent number: 11347877
    Abstract: Embodiments provide a method for facilitating sharing of digital documents between a sharing party and a relying party. The method includes receiving, by a processing system, an access request for accessing at least one attribute of a digital document. The access request is initiated at a relying party interface in a document sharing application. The method further includes sending, by the processing system, the access request to a sharing party interface in the document sharing application for approval of providing access to the at least one attribute of the digital document by the sharing party to the relying party. The method further includes, upon receiving the approval from the sharing party interface, generating a machine-readable encrypted code for the at least one attribute of the digital document. The method further includes sending the machine-readable encrypted code to the relying party interface.
    Type: Grant
    Filed: April 22, 2019
    Date of Patent: May 31, 2022
    Inventor: Rajesh Pralhadrao Mahalle