Central Trusted Authority Provides Computer Authentication Patents (Class 713/155)
  • Patent number: 10693868
    Abstract: In order to leverage an enterprise-hosted network (EHN) associated with an entity, a communication technique may dynamically customize an application on a portable electronic device. In particular, the portable electronic device may discover and then may connect to the EHN using a quarantine zone that restricts access to the EHN. After providing valid credentials to establish a level of trust with the EHN, the portable electronic device may receive a request for authentication and authorization information. In response to the request, the portable electronic device may provide a credential to the EHN. Next, the portable electronic device may receive provisioning information that customizes the application on the portable electronic device to a venue associated with the entity. The provisioning information may include a connection setting associated with the application on the portable electronic device, which allows the portable electronic device to connect to the EHN outside of the quarantine zone.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: June 23, 2020
    Assignee: ARRIS Enterprises LLC
    Inventors: Doron Givoni, Henry H. Tzeng, Steve A. Martin
  • Patent number: 10693854
    Abstract: A method is provided for authenticating a user's communications terminal with an authentication server connected to a gateway terminal by using a communications network. The method includes: obtaining a piece of data representing an identity of the user from the gateway terminal; configuring, by the authentication server, a data transmission link between the authentication server and the terminal, using a predefined data transmission interface of the gateway terminal and as a function of the piece of data representing the identity of the user; transmitting, by the authentication server, to the terminal, a piece of encrypted data for checking authentication, using the data transmission link; receiving, by the authentication user, coming from the terminal, a piece of encrypted data for counter-checking authentication; issuing an assertion of authentication of the user when the piece of data for the counter-checking of authentication corresponds to the piece of data for checking authentication.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: June 23, 2020
    Assignee: INGENICO GROUP
    Inventor: David Naccache
  • Patent number: 10686759
    Abstract: A firewall monitors network activity and stores information about that network activity in a network activity log. The network activity is analyzed to identify a potential threat. The potential threat is further analyzed to identify other potential threats that are related to the potential threat, and are likely to pose a future risk to a protected network. A block list is updated to include the potential threat and the other potential threats to protect the protected network from the potential threat and the other potential threats.
    Type: Grant
    Filed: June 22, 2015
    Date of Patent: June 16, 2020
    Assignee: Webroot, Inc.
    Inventors: Hal Lonas, David Dufour, Chip Witt, Patrick Kar Yin Chang
  • Patent number: 10686844
    Abstract: An example operation may include one or more of storing a unique identification code encapsulating encoded information about a trusted group of member devices within a decentralized network, the unique identification code being generated by the trusted group of member devices, decoding the stored unique identification code to generate decoded information which verifies that the user device is a member device of the trusted group of member devices and provides contact information for other member devices of the trusted group of member devices, and establishing a communication session with the trusted group of member devices based on the contact information obtained by decoding the unique identification code.
    Type: Grant
    Filed: January 17, 2018
    Date of Patent: June 16, 2020
    Assignee: International Business Machines Corporation
    Inventors: Trent Balta, Marc H. Coq, Colette Manoni, Corey McQuay, Eugene Nitka, Collin Walling
  • Patent number: 10680814
    Abstract: A device, method or server having memory configured to store cryptographic material required to execute one or more device functions. A communications interface for communicating over a network. Logic configured to receive from the server over the communications interface the cryptographic material required to execute the one or more device functions. The device is configured to delete the cryptographic material from the memory.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: June 9, 2020
    Assignee: VODAFONE IP LICENSING LIMITED
    Inventors: Nicholas Bone, Tim Snape
  • Patent number: 10681028
    Abstract: Disclosed are various embodiments for controlling access to data on a network. Upon receiving a request comprising a device identifier and at least one user credential to access a remote resource, the request may be authenticated according to at least one compliance policy. If the request is authenticated, a resource credential associated with the remote resource may be provided.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: June 9, 2020
    Assignee: VMWare, Inc.
    Inventors: John Marshall, Erich Stuntebeck
  • Patent number: 10678555
    Abstract: Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.
    Type: Grant
    Filed: October 2, 2017
    Date of Patent: June 9, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Jesper M. Johansson, Matthew T. Corddry, Tom F. Hansen, Luke F. Kearney
  • Patent number: 10681026
    Abstract: A system for auditing authorized key files associated with secure shell (SSH) servers is disclosed. In an example, the system may include a purpose-built SSH audit server. The SSH audit server may be configured to receive an authorized key file and a list of users. The SSH audit sever may generate and provide unique registration codes for each of the users in the list. The SSH audit server may associate particular users with particular public keys as each of the users accesses the SSH audit server using a public key and inputs a registration code.
    Type: Grant
    Filed: December 5, 2017
    Date of Patent: June 9, 2020
    Assignee: QUEST SOFTWARE INC.
    Inventor: Matthew Todd Peterson
  • Patent number: 10674327
    Abstract: In order to enable a dynamic handshake procedure, a device may be configured with a list of handshake contributors. Contributors with connection handshake properties may be added to the contributor list. To perform handshake, the contributor list is processed to extract the connection handshake properties of each contributor to the handshake. Handlers for handling the connection handshake properties may also be dynamically added and invoked when a handshake is received.
    Type: Grant
    Filed: September 11, 2018
    Date of Patent: June 2, 2020
    Assignee: Open Invention Network LLC
    Inventors: Qin Ye, Robert W. Peterson, Thomas T. Wheeler
  • Patent number: 10674009
    Abstract: Verifying caller identification information is described. A query to verify a first communications connection associated with an observed caller ID is received. Using a second communications channel, a message to a device associated with the observed caller ID is transmitted. A response to the message is received. The message is evaluated to perform a security determination. The security determination is provided as output.
    Type: Grant
    Filed: November 5, 2018
    Date of Patent: June 2, 2020
    Assignee: RightQuestion, LLC
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 10673633
    Abstract: Method for retrieving data entered during a server connection, the server having access to a memory including a generated hashed word of a first input data, which corresponds to the data modified by a processing function, the capacity of the hashed word being lower than a predefined capacity, a generated security key of a second input data, which corresponds to the data modified by a processing function, the capacity of the security key being equal to the difference between the predefined capacity and the hashed word capacity, the security key not being stored, method wherein: —after a request to retrieve the data, the hashed word and the security key are concatenated in order to reach the predefined capacity, and —an inverse hash function, using an algebraic solving of the hash function, is applied to the concatenation of the hashed word and security key, to retrieve the data.
    Type: Grant
    Filed: March 23, 2016
    Date of Patent: June 2, 2020
    Assignees: UNIVERSITE DE REIMS CHAMPAGNE-ARDENNE, UNIVERSITE DE PICARDIE JULES VERNE
    Inventors: Gilles Dequen, Florian Legendre, Michaël Krajecki
  • Patent number: 10671748
    Abstract: Systems and methods for securing objects in a computing environment. Objects are encrypted using keys that are also encrypted after encrypting the objects. In order to access the objects, a master key that is unknown to the service storing the objects and/or managing the keys is used to decrypt the keys so that the objects can be decrypted with the decrypted key. Thus, a key is needed to access the key needed to access the object. The master key is typically maintained separately from all of the encrypted objects and corresponding encrypted keys.
    Type: Grant
    Filed: October 31, 2018
    Date of Patent: June 2, 2020
    Assignee: EMC CORPORATION
    Inventor: Ray David Whitmer
  • Patent number: 10659232
    Abstract: Disclosed is an authentication apparatus using a public key encryption algorithm. An apparatus according to an embodiment generates a first instant public key through a random number generation process in response to an electronic signature generation request corresponding to a message. Further, the apparatus calculates and uses a first instant private key making a pair with the first instant public key, using the first instant public key.
    Type: Grant
    Filed: April 9, 2015
    Date of Patent: May 19, 2020
    Assignee: ICTK Holdings Co., Ltd.
    Inventors: Dong Kyue Kim, Byong Deok Choi, Dong Hyun Kim, Sang Seon Park
  • Patent number: 10650207
    Abstract: Embodiments are directed to methods and systems to increase flow and throughput of particular data through the use of a machine readable code with portion analysis. The machine readable code may be generated by a transaction processing network and correspond with one or more resource provider computers. When data is received by the transaction processing network that corresponds with one of the resource provider computers, a portion of the machine readable code that is proportional to a size or measurement of the data may be provided in exchange for the data. The recipient of the portion of the code and, once the recipient collects a predetermined number of machine readable code portions to complete the machine readable code, the complete machine readable code may be scanned and transmitted back to the transaction processing network to be exchanged for additional information or to initiate further processing.
    Type: Grant
    Filed: July 26, 2018
    Date of Patent: May 12, 2020
    Assignee: Visa International Service Association
    Inventors: Surendra Vyas, Som Madhab Bhattacharya
  • Patent number: 10645580
    Abstract: Methods, systems and apparatus for binding an authenticated user with a wireless device are disclosed. One method includes receiving local environment information from the wireless device, receiving local information from a computing device of the authenticated user, comparing the local environment information of the wireless device with the local information of the computing device, binding the wireless device with the computing device based on the comparison of the local environment information of the wireless device with the local information of the computing device, and communicating information to a wireless device cloud management system that indicates that the binding between the wireless device and the computing device has occurred.
    Type: Grant
    Filed: November 3, 2018
    Date of Patent: May 5, 2020
    Assignee: Cirrent, Inc.
    Inventors: Robert A. Conant, Barbara Nelson, Roshan Paiva, Stark Pister
  • Patent number: 10636232
    Abstract: Tracking, identifying and article management systems and methods for reliably and repeatedly determining one or more physically uncopiable attribute instances (of the same or varying types) from or inherent in an article of manufacture, using the selected physical uncopiable attribute(s) to produce an unforgeable identity for the article, and then integrating that unforgeable identity into computer-based tracking systems in a way that permits the tracking system to track and monitor articles for which identity information is known. Applications include documents, fashion accessories, artwork, and other objects.
    Type: Grant
    Filed: May 11, 2018
    Date of Patent: April 28, 2020
    Assignee: Siebels Asset Management Research Ltd.
    Inventors: Jane Marie Siebels, Jeffrey Guy Bonar, Karl Ginter, John Langley Rehwinkel, Derek S. Toledo-Silbert
  • Patent number: 10630655
    Abstract: A method for operating an aggregator in a private stream aggregation (PSA) system has been developed. The method includes receiving a plurality of encrypted messages from a plurality of clients, each encrypted message corresponding to a vector in a learning with errors (LWE) public key, adding, the plurality of encrypted messages to generate an aggregate data set, extracting a summation of a plurality of error vectors in the plurality of encrypted messages from the aggregate data set, decrypting the summation of the encrypted data contained in the plurality of encrypted messages using a private key stored in the memory of the aggregator to generate a plaintext sum of noisy data generated by the plurality of clients, and generating, with the processor, an output of the plaintext sum of noisy data that preserves differential privacy of each client in the plurality of clients.
    Type: Grant
    Filed: May 15, 2018
    Date of Patent: April 21, 2020
    Assignee: Robert Bosch GmbH
    Inventors: Daniela Becker, Jorge Guajardo Merchan
  • Patent number: 10623399
    Abstract: A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/or authentication service to translate the virtual request components over the first protocol to one or more second requests using the second protocol. Virtual request components may also prove the authenticity of the virtual request received by the servicer to an authentication service. Once satisfied the virtual request is valid, the authentication service may issue a credential to the servicer to send the one or more second requests to an independent service. Virtual requests may be included in various protocols, including credential-based protocols and certificate exchange-based protocols.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: April 14, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Nicholas Alexander Allen, Gregory B. Roth, Elena Dykhno
  • Patent number: 10623526
    Abstract: A method includes identifying workload performance requirements of a workload, and identifying an endpoint hardware configuration that satisfies the workload performance requirements, wherein the endpoint hardware configuration includes a selected mode of a multi-mode component. The method further includes configuring selected endpoint hardware with the identified endpoint hardware configuration including applying the selected mode to the multi-mode component included in the endpoint hardware, and placing the workload on the selected endpoint hardware having the identified endpoint hardware configuration including the multi-mode component operating in the selected mode.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: April 14, 2020
    Assignee: Lenovo Enterprise Solutions (Singapore) Pte. Ltd.
    Inventors: Nagananda Chumbalkar, Sumeet Kochar
  • Patent number: 10614456
    Abstract: Described herein is a system in which temporary aliases may be associated with, and maintained with respect to, cryptocurrency addresses. In some embodiments, the system enables a temporary alias to be used by a mobile application (e.g., a wallet application) in a cryptocurrency transaction. In some embodiments, temporary aliases may be assigned from a pool of procedurally-generated aliases. In some embodiments, the temporary alias may be valid for a predetermined amount of time or number of transactions. For example, the system may assign a new temporary alias to a cryptocurrency address for each transaction and/or after a predetermined amount of time has elapsed.
    Type: Grant
    Filed: August 18, 2016
    Date of Patent: April 7, 2020
    Assignee: Visa International Service Association
    Inventor: Gaurav Srikant Mokhasi
  • Patent number: 10615844
    Abstract: A system and method for exchanging data with a network including an authorized UE that is authorized to exchange the data with the network, and an unauthorized UE that is not authorized to exchange the data with the network. The unauthorized UE operable to receive an authorization credential, and to exchange the data with the network using the received authorization credential.
    Type: Grant
    Filed: March 13, 2017
    Date of Patent: April 7, 2020
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Ngoc Dung Dao, Xu Li
  • Patent number: 10599862
    Abstract: Systems and techniques are disclosed for detecting whether a wearable computing device is worn by a user or not. The detection can be made based on whether the device is secured to a user or based on a sensor. A device worn by a user may be operated in a private mode such that the user wearing the device is provided information that is useful while wearing the device. For example, the user may receive message notifications, news updates, telephone call information, or the like. A wearable computing device maybe operated in a public mode while not being worn by a user. While in the public mode, the device may provide non user specific information such as a current time, media items, or the like.
    Type: Grant
    Filed: April 5, 2019
    Date of Patent: March 24, 2020
    Assignee: Google LLC
    Inventors: Christopher James DiBona, Daniel Lawrence Morrill, Daniel Berlin
  • Patent number: 10587587
    Abstract: An information processing apparatus according to an embodiment includes a processing circuit configured for: acquiring information of 3D printing devices which are competent to a 3D print task, where the information includes attribute features of the 3D printing devices that can be used for an attribute-based decryption; determining, based on the acquired information, an encryption attribute set or a decryption logic setting for performing an attribute-based encryption on data of the 3D print task, where the encryption attribute set or the decryption logic setting covers a specified number of the 3D printing devices and has a low encryption overhead for the data; performing the attribute-based encryption on the data using the determined encryption attribute set or decryption logic setting to obtain encrypted data; and performing control to release the encrypted data as a 3D print task.
    Type: Grant
    Filed: March 6, 2017
    Date of Patent: March 10, 2020
    Assignee: SONY CORPORATION
    Inventor: Zhihui Zhang
  • Patent number: 10587606
    Abstract: A system and method of enabling software features on medical devices uses a local server disposed at a medical facility and a license server remote from the local server. The method includes generating a software enabling indicator at the license server, the software enabling indicator comprising a numerical code representing a number of licenses to be allocated for a software feature. The method includes providing a digitally signed electronic document based on the software enabling indicator, transmitting the electronic document from the license server to the local server, and authenticating the license server at the local server using the electronic document. The method includes generating at the local server a plurality of second digital certificates based on the software enabling code, transmitting the second digital certificates to each of the medical devices, and enabling a software feature on the medical devices based on the second digital certificates.
    Type: Grant
    Filed: April 24, 2018
    Date of Patent: March 10, 2020
    Assignee: Fenwal, Inc.
    Inventor: Witold Moskal
  • Patent number: 10586437
    Abstract: In some implementations, a system can transmit communications indicating an occurrence of a particular type of safety incident experienced by a user. Registration information that indicates that a plurality of safety devices of different types are to be registered with the user is initially obtained. Sensor data from the plurality of safety devices of different types are obtained. An occurrence of a particular type of safety incident experienced by the user is then selected from among a plurality of types of safety incidents. The selection may be based at least on the obtained sensor data and the obtained registration information. A communication is then provided to another user to indicate the occurrence of the particular type of safety incident experienced by the user in response to selecting the occurrence of the particular type of safety incident.
    Type: Grant
    Filed: December 15, 2017
    Date of Patent: March 10, 2020
    Assignee: Alarm.com Incorporated
    Inventors: Alison Jane Slavin, Aaron Lee Roberts
  • Patent number: 10582380
    Abstract: Methods And Apparatus For Direct Communication Key Establishment Methods (100, 200, 300) and apparatus (400, 500, 600, 700, 800, 900) are disclosed for establishing a key for direct communication between a User Equipment device, UE, and a device. The methods and apparatus cooperate to form a system for securing direct communication between a UE and a device over an interface. The system comprises a UE (20), a device (30) and a Direct Communication Element (40). The Direct Communication Element (40) is configured to obtain a shared session key and Generic Bootstrapping Architecture Push Information, GPI, to derive a direct communication key from at least the shared session key, and to send the direct communication key and the GPI to the device (30). The device (30) is configured to send the GPI to the UE (20). The UE (20) is configured to derive the shared session key from at least the GPI and to derive the direct communication key from the shared session key.
    Type: Grant
    Filed: November 17, 2015
    Date of Patent: March 3, 2020
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Vesa Lehtovirta, Monica Wifvesson
  • Patent number: 10581618
    Abstract: In one example, an enrollment device, such as a smart phone with an enrollment application executing thereon, obtains in situ enrollment information from at least one or more target device of a plurality of target devices in a network. The enrollment device provides the in situ enrollment information that is obtained from the at least one target device, to a security management device, such as a public key certificate generator (e.g., a certification authority) for the network, to facilitate target device configuration certificate generation for the at least one target device. The security management device uses the in situ enrollment information and other device specific information as well as operational information that is desired for a device, and issues a configuration certificate for the at least one target device. A system and methods are also set forth.
    Type: Grant
    Filed: July 9, 2015
    Date of Patent: March 3, 2020
    Assignee: Entrust, Inc.
    Inventor: Timothy Edward Moses
  • Patent number: 10574641
    Abstract: Described is a technology by which a plug-in (e.g., an ActiveX® control) instantiated by a web browser calls functions of a credential service to use a set of credential data (e.g., a card file) for logging into a website. If the credential service determines that a previously used card file for the website exists, a representation of that card file is displayed in the browser, and the data of that card file is used to obtain a token for logging in the user. If not found, an icon is presented instead, by which the user can select a user interface that allows selection of another card file that meets that meet the website's requirements.
    Type: Grant
    Filed: April 13, 2018
    Date of Patent: February 25, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: John Deurbrouck, Caleb G. Baker, Danhua Zhu, Colin Leslie Dellow, Roberto A. Franco
  • Patent number: 10567310
    Abstract: System(s) and method(s) for real-time data communication over an Internet of Things (IoT) network are described. According to the present subject matter, the system(s) implement the described method(s) for real-time data communication over the IoT network. The method includes encoding, at a source communication device, data to be exchanged between peer sub-layers of IoT entities based on a Forward Error Correction (FEC) context to generate encoded data packets, the IoT entities comprising the source communication device and a destination communication device. The method further includes identifying time delay to be maintained for transmission of the encoded data packets from the source communication device to the destination communication device to have minimal data packet drop due to queue overflow at the source communication device. The method further includes transmitting the encoded data packets over the IoT network.
    Type: Grant
    Filed: September 3, 2014
    Date of Patent: February 18, 2020
    Assignee: Tata Consultancy Services Limited
    Inventors: Hrishikesh Sharma, Aditya Sood, Purushothaman Balamuralidhar
  • Patent number: 10567168
    Abstract: An example operation may include one or more of storing a broadcast encryption tree comprising a set of cryptographic keys disposed in a hierarchical tree format, distributing a partial set of keys from the broadcast encryption tree to each respective peer from among a group of peers included in a blockchain network, receiving, from a user device, an identification of at least one peer included in the group of peers for processing a blockchain transaction, selecting a subset of keys from among the set of cryptographic keys in the broadcast encryption tree which enables at least one peer to decrypt transactions and doesn't enable the remaining peers included in the group of peers to decrypt transactions, and transmitting broadcast encryption information about the selected subset of keys to the user device for performing encryption of the transactions.
    Type: Grant
    Filed: November 16, 2017
    Date of Patent: February 18, 2020
    Assignee: International Business Machines Corporation
    Inventors: Andres Garagiola, John Geagan, III, Jeronimo Irazabal, Guillermo R. Lopez, Diego A. Masini, Dulce Ponceleon
  • Patent number: 10560879
    Abstract: Methods, systems, and devices for wireless communication are described. In one method, a wireless device may establish a connection with an access node (AN) of a local area network (LAN). The wireless device may also determine to perform an authentication. The wireless device may further receive an indication, as part of the authentication, of a protocol end point for the authentication as being a non-access stratum (NAS) layer or a radio resource control (RRC) layer. In another method, an AN may establish a connection with a wireless device. The AN may determine the wireless device determined to perform an authentication with an authenticator included in the AN. The AN may further indicate, as part of the authentication, a protocol end point for the authentication as being the NAS layer or the RRC layer.
    Type: Grant
    Filed: March 2, 2017
    Date of Patent: February 11, 2020
    Assignee: QUALCOMM Incorporated
    Inventors: Karl Georg Hampel, Vincent Douglas Park, Hong Cheng, Gavin Bernard Horn, Soo Bum Lee
  • Patent number: 10554393
    Abstract: An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.
    Type: Grant
    Filed: November 7, 2013
    Date of Patent: February 4, 2020
    Assignee: ASSA ABLOY AB
    Inventors: Eric F. Le Saint, Wu Wen
  • Patent number: 10541992
    Abstract: A system maintains a web session across multiple web resources and/or devices using a two-token model. A user agent transmits an authentication request to a login endpoint. The user agent have access to a grant token, and it will receive an access token in response to the authentication request. The grant token is relatively long-lived and the first access token is relatively short-lived. The user agent will use the access token to access the first web resource and establish a web session. When the access token expires or is about to expire, the user agent will transmit a re-authentication request with the grant token to a re-authentication endpoint. The user agent will then receive a second access token from the re-authentication endpoint. The user agent will then use the second access token to access the web resource and maintain the web session.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: January 21, 2020
    Assignee: Google LLC
    Inventors: Guibin Kong, Naveen Agarwal
  • Patent number: 10536447
    Abstract: Disclosed are various examples for single-sign on by way of managed mobile devices. For example, an identity provider service can receive a request for an identity assertion from an application executed in a client device. The identity provider service can then detect a platform associated with the client device. A response to the request can be sent based at least in part on the platform, where the response requests authentication by a management credential. Data generated by the management credential is received from the client device, and the management credential is determined to be valid for the identity assertion. The identity assertion is then sent to the client device in response to determining that the management credential is valid for the identity assertion.
    Type: Grant
    Filed: December 14, 2018
    Date of Patent: January 14, 2020
    Assignee: AIRWATCH, LLC
    Inventors: Adam Rykowski, Ashish Jain, Dale Robert Olds, Emily Hong Xu, Kabir Barday, Kyle Austin, Sridhara Babu Kommireddy, Jonathan Blake Brannon, Camilo Lotero
  • Patent number: 10528765
    Abstract: Technologies for configuring a FPGA include a computing device having a processor and an FPGA. The computing device starts a secure boot process to establish a chain of trust that includes a trusted execution environment. The trusted execution environment loads an FPGA hash from an FPGA manifest stored in secure storage, and a platform trusted execution environment determines whether the FPGA hash is allowed for launch. To determine if the FPGA hash is allowed for launch, the platform trusted execution environment may evaluate one or more launch policies from the FPGA manifest. If allowed, the trusted execution environment configures the FPGA with an FPGA image corresponding to the FPGA hash and verifies the FPGA image with the FPGA hash. The platform trusted execution environment may receive the FPGA hash from a user via a trusted I/O session or from a remote management server. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: January 7, 2020
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Rajesh Poornachandran
  • Patent number: 10530658
    Abstract: An information handling system (IHS) includes controller that performs a method of automating acquisition of link local Internet Protocol (IP) network address of servers. Controller acts as Group manager server (GMS) that maintains an inventory of a respective link local Internet Protocol (IP) network address and public key of each server that is addressable over a local area network (LAN). GMS receives an IP network address and credentials associated with a management console that are used to obtain a public key from the management console. GMS transmits to the management console a GMS IP network address and public key associated with the GMS. GMS encrypts the inventory with the public key of the management console to generate an encrypted inventory. GMS transmits the IP network address and the public key of the management console to each server. GMS forwards the encrypted inventory to the management console to enable secure communication.
    Type: Grant
    Filed: May 12, 2017
    Date of Patent: January 7, 2020
    Assignee: Dell Products, L.P.
    Inventors: Sundar Dasar, Rakesh K. Ayolasomyajula, Cyril Jose, Swapnil Keshavrao Patil, Pushkala Iyer, Swathi Prasad Neti, Anoop Kumar Alladi
  • Patent number: 10524119
    Abstract: An apparatus and method are described for sharing WiFi credentials.
    Type: Grant
    Filed: November 23, 2016
    Date of Patent: December 31, 2019
    Assignee: Afero, Inc.
    Inventors: Daniel Altin, Scott Zimmerman, Clif Liu, Stephen Sewerynek
  • Patent number: 10523646
    Abstract: A method for distributing encrypted cryptographic data includes receiving, by a key service, from a first client device, a request for a first public key. The method includes transmitting, by the key service, to the first client device, the first public key. The method includes receiving, by the key service, from an access control management system, an encryption key encrypted with the first public key and a request from a second client device for access to the encryption key. The method includes decrypting, by the key service, the encrypted encryption key, with a private key corresponding to the first public key. The method includes encrypting, by the key service, the decrypted encryption key, with a second public key received from the second computing device. The method includes transmitting, by the key service, to the second client device, the encryption key encrypted with the second public key.
    Type: Grant
    Filed: August 17, 2016
    Date of Patent: December 31, 2019
    Assignee: Virtru Corporation
    Inventor: William R. Ackerly
  • Patent number: 10523654
    Abstract: Described is a system for the implementation of biometric scanning in a user-privacy preserving fashion with respect to identification, authentication, and online credential systems. At enrollment, the user enrolls or initially registers at a physical location, where the user is provided a Fuzzy Extractor (FE) encrypted output (Enc(R)). The user is then registered with an online server, which creates an ID-Wallet for the user and stores the ID-Waller. During operation, the user sends an authentication request to the online server, which provides a corresponding authentication response. The user or user's client then extracts secret (R) for user authentication. The user can then be authenticated with the online server to retrieve credentials from the ID-Wallet, which can be used for a variety of online services.
    Type: Grant
    Filed: July 21, 2016
    Date of Patent: December 31, 2019
    Assignee: HRL Laboratories, LLC
    Inventors: Karim El Defrawy, Joshua W. Baron
  • Patent number: 10523641
    Abstract: An access platform or other network elements can include multiple line cards configured to encrypt data. The platform and/or each of the line cards may receive encryption management data that conforms to a predefined encryption management data interface. The encryption management data received by a particular line card may be generated by a conditional access system device and converted to conform to the encryption management data interface by an encryption manager. Line cards may alternatively be configured for connection to separate encryption hardware components. Line cards may include a block of field programmable gate arrays or other type of programmable hardware that can be configured to execute an encryption module.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: December 31, 2019
    Assignee: Comcast Cable Communications, LLC
    Inventors: Jorge Daniel Salinger, Kevin Taylor, James William Fahrny
  • Patent number: 10516536
    Abstract: The invention relates to a method for logging a service technician into an electrical device (20), comprising the following steps: production (3, 4) of a secret key (SKY) as an encrypted login password (LPW) by the electrical device (20), displaying (5) of the secret key (SKY) on a display unit (23) of the electrical device (20) as a QR code (QRC), optical sensing (6) of the QR code (QRC) by means of a mobile device (22), decryption (9) of the login password (LPW) from the secret key (SKY) of the sensed QR code (QRC) by the mobile device (22), displaying of the login password (LPW) on a screen unit (24) of the mobile device (22), entering of the login password (LPW) into the electrical device (20) by the service technician, comparison (10) of the entered login password (LPW) with the produced login password (LPW) by the electrical device (20), release of the login by the electrical device (20) if the two login passwords (LPW) match. The invention further relates to an associated apparatus.
    Type: Grant
    Filed: October 12, 2015
    Date of Patent: December 24, 2019
    Assignee: Siemens Healthcare GmbH
    Inventor: Michael Rommel
  • Patent number: 10515225
    Abstract: The present invention relates to a method and device for verifying data ownership. The user may verify whether the server actually owns the data to be uploaded by him, and the server may simultaneously verify whether the user actually owns the data.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: December 24, 2019
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Taek-Young Youn, Keonwoo Kim, Ku Young Chang, Nam-Su Jho
  • Patent number: 10505925
    Abstract: A layered authentication process can use a first authentication layer to filter out invalid requests. The first layer can perform a lightweight authentication to determine requests that do not meet certain authentication criteria. This can include, for example, denying requests that have invalid credentials or that are received from unapproved locations or sources, or that lack the proper format. Requests that pass the initial authentication can be directed to a more robust authentication service that is capable for performing a full authentication of the request. Such an approach prevents various invalid requests from being delivered to the robust authentication service, thereby preventing the robust authentication service from being overwhelmed by a large number of requests, such as may correspond to a coordinated attack on the service.
    Type: Grant
    Filed: September 6, 2017
    Date of Patent: December 10, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Dustin Doloff
  • Patent number: 10505914
    Abstract: Disclosed are various embodiments for sharing network site account information among multiple users. Account information for a network site account is received from a first user at a first client. An indication is received from the first user that the account information is to be shared with a second user. The second user is authenticated at a second client. The account information is transferred to the second client.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: December 10, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Daniel W. Hitchcock, Brad Lee Campbell
  • Patent number: 10496799
    Abstract: Methods and systems are disclosed for managing registrations of computers. The methods and systems provide a registration tool that may be used to automatically register the computers. For each computer to be registered, information uniquely identifying the computer is collected and sent to a remote registration server. The information is then used by the remote registration server to perform the registration on behalf of the computer. The registration may be with a software vendor, a third-party database, or with the remote registration server itself in some cases. The registration server thereafter returns a registration code or other information to the computer to complete the registration. Such an arrangement allows the registration process to be controlled from a central location.
    Type: Grant
    Filed: July 24, 2007
    Date of Patent: December 3, 2019
    Assignee: United Services Automobile Association (USAA)
    Inventor: Michael Scott McQuarrie
  • Patent number: 10498833
    Abstract: Examples described herein may include a playback device receiving, from a control device, a validation-key that includes an application identifier corresponding to a controller application. The playback device may create a session identifier and transmit the session identifier to the control device. The playback device may receive, from the control device, a playback request comprising the session identifier and a playback command. The playback device may determine that the session identifier is valid and then execute the playback command. A computing system may receive identification information related to a controller application and generate the validation-key based on the controller application meeting at least one quality-control metric. The controller application may receive the validation-key from the computing system.
    Type: Grant
    Filed: July 14, 2014
    Date of Patent: December 3, 2019
    Assignee: SONOS, INC.
    Inventor: Andrew Schulert
  • Patent number: 10489565
    Abstract: A user device operated by a user receives a compromise alert indicating a potentially compromised use of first access data associated with a user. The compromise alert enables the user to input a response to the compromise alert, where the response can indicate that the first access data is compromised along with a request to issue new access data for the user. The response is sent to a server computer, which then initiates a process to disable use of the first access data and generate the new access data. The new access data is transmitted to the user device. The user can utilize the new access data to request access to a resource.
    Type: Grant
    Filed: June 5, 2017
    Date of Patent: November 26, 2019
    Assignee: Visa International Service Association
    Inventors: Penny Jurss, George Perry, Joseph Vause, Joseph Parvis, Joseph Chouinard, Gloria Mai, Matthew Wick
  • Patent number: 10482057
    Abstract: Systems, methods and apparatus are described that offer improved performance of a sensor bus. A first command is transmitted to devices coupled to a serial bus operated in a first mode in accordance with a first protocol to cause the serial bus to be operated in a second mode. After communicating in accordance with a second protocol while the serial bus is operated in the second mode, a second command is transmitted to the plurality of devices in accordance with the first protocol to terminate the second mode. In the second mode, extra symbols inserted into a sequence of symbols transmitted on the serial bus prevent the occurrence of an unintended signaling state on the serial bus. Pulses transmitted on a wire of the serial bus in the second mode may have their duration limited such that a filter of a second device suppresses the limited-duration pulses.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: November 19, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Radu Pitigoi-Aron, Richard Dominic Wietfeldt, Douglas Wayne Hoffman
  • Patent number: 10484863
    Abstract: Processes and systems for locking a NB-IoT device to a NB-IoT SIM before connecting the NB-IoT device to a cellular network are discussed herein. The NB-IoT device may include a status flag that determines whether the NB-IoT device requires a NB-IoT SIM to access NB-IoT-specific functions provided by a cellular network. In one example, a Group Identifier Level 1 (GID1) of the IoT SIM may be queried and compared against a reference value to determine whether the IoT SIM is an NB-IoT SIM, and if confirmed, the NB-IoT device may connect to a cellular network and access the NB-IoT-specific functions. In an example, an NB-IoT device associated with a status flag indicating that the device does not require an NB-IoT SIM may connect to a cellular network, but may not access NB-IoT-specific functions.
    Type: Grant
    Filed: April 19, 2019
    Date of Patent: November 19, 2019
    Assignee: T-Mobile USA, Inc.
    Inventors: Phani Ramisetty, Kyeong Hun An, Karthik Iyer
  • Patent number: 10482397
    Abstract: A method, system or computer usable program product for managing attributes including obtaining a unique mutable identifier for storage in memory in response to a request to a service provider; utilizing a processor to provide a selected set of attributes to the service provider for association with the unique mutable identifier and storage at the service provider; and providing the unique mutable identifier to an application whereby the application can obtain the set of attributes by inquiring the service provider.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: November 19, 2019
    Assignee: TRUSTARC INC
    Inventor: Kenneth K. Okumura