Central Trusted Authority Provides Computer Authentication Patents (Class 713/155)
  • Patent number: 11030617
    Abstract: An attempted transaction is identified involving a customer device and the first customer device is redirected to a security broker. A security report for the first customer device is received from the security broker. The security report is based on security data transmitted from the customer device to the security broker. An action can be performed in association with the attempted transaction based at least in part on the received security report. In some aspects, the security broker receives security data describing security conditions on the customer device in connection with the transaction between the customer device and a transaction partner. A risk tolerance policy is identified that corresponds to the transaction partner, such as an ecommerce provider. A security report is generated based on a comparison of the risk tolerance policy and the security data and the security report.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: June 8, 2021
    Assignee: McAfee, LLC
    Inventors: Michael Condry, Sven Schrecker
  • Patent number: 11026084
    Abstract: This application discloses a mobile network authentication method, a terminal device, a server, and a network authentication entity. The method includes: receiving, by a first terminal device, a DH public key and a first ID that are sent by at least one second terminal device; sending a first message to a server, where the first message includes a DH public key of each second terminal device of the at least one second terminal device and a first ID of the second terminal device; receiving a second message sent by the server, where the second message includes a DH public key of the server and a second ID of the second terminal device that is generated by the server; and sending, by the first terminal device, the second ID of the second terminal device and the DH public key of the server to the second terminal device.
    Type: Grant
    Filed: March 8, 2019
    Date of Patent: June 1, 2021
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Xin Kang, Haiguang Wang, Yanjiang Yang, Zhongding Lei
  • Patent number: 11025596
    Abstract: Data items such as files or database records associated with particular applications (such as messaging applications and other applications) can be stored in one or more remote locations, such as a cloud storage system, and synchronized with other devices. The remote storage can be configured such that each application executing on a client device can only view data items stored at the remote location to which the application has permission to access. An access manager on each client device enforces application specific access policies. Storage at the remote location can be secured for each application associated with a user or user account, for example, using isolated containers. The cloud storage of data can be anonymized and anonymous group data can be stored in the cloud storage.
    Type: Grant
    Filed: February 28, 2018
    Date of Patent: June 1, 2021
    Assignee: Apple Inc.
    Inventors: Benoit Chevallier-Mames, Thomas Icart, Mathieu Ciet, Oliver J. Hunt, Yannick Sierra, Gokul Thirumalai, Roberto Garcia
  • Patent number: 11018874
    Abstract: A client obtains, in response to a request to a server, a response that includes data for fulfillment of the request, a digital signature that can be verified using a digital certificate, and location information that specifies a location where the digital certificate can be obtained. The client uses the location information to access the location and obtains the digital certificate. Using the digital certificate, the client evaluates the digital signature provided in the response to determine whether the digital signature is valid. If the digital signature is valid, the client accepts the data included in the response for fulfillment of the request.
    Type: Grant
    Filed: July 29, 2019
    Date of Patent: May 25, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Arjun Dasarakothapalli, Morgan Akers, David Alan Blunt, Darin Keith McAdams
  • Patent number: 11010200
    Abstract: Disclosed herein are embodiments for providing finite state machine driven workflows. In an embodiment, a workflow template is defined for a type of task. The workflow template may represent a finite state machine. The workflow template may be linked to an external party and an asset type, which may be stored in a workflow database. An asset may be received from the external party including an external party attribute identifying the external party, an asset type attribute, and an owner attribute. The owner attribute may be associated with an application end user. A determination may be made whether the external party attribute and the asset type attribute of the asset match the external party and the asset type linked to the workflow template. If a match is determined, instances of the task and the one or more actions of the workflow template may be created.
    Type: Grant
    Filed: November 6, 2019
    Date of Patent: May 18, 2021
    Assignee: Capital One Services, LLC
    Inventors: Rocky Gray, Justin Bachorik, Randall Randall
  • Patent number: 11012898
    Abstract: A system and method of allowing a new device to join an existing network are disclosed. A configuration tool is used to communicate relevant information from the new network device to the gateway in the existing network using a secondary network protocol different from that used by the primary network. For example, in one embodiment, messages are exchanged between the configuration tool and the new device and between the configuration tool and the gateway using BLUETOOTH®. Once all of the pertinent information has been exchanged, the new device is able to securely join the primary network, which may be based on the IEEE802.15.4 standard.
    Type: Grant
    Filed: October 27, 2016
    Date of Patent: May 18, 2021
    Assignee: Silicon Laboratories, Inc.
    Inventors: Wing Ming Cheung, DeWitt Clinton Seward, IV, Gregory Allan Hodgson, Rasmus Christian Larsen, Bernt Georg Breivik
  • Patent number: 11005656
    Abstract: A method and system are provided for updating an elliptic curve (EC) base point G, with the EC basepoint used in encryption and coding of video data. A candidate base point G is generated that includes additional data used for validation purposes and checked as a valid base point before transmission and use.
    Type: Grant
    Filed: December 7, 2018
    Date of Patent: May 11, 2021
    Assignee: ARRIS Enterprises LLC
    Inventors: Tat Keung Chan, Alexander Medvinsky, Eric J. Sprunk
  • Patent number: 11005989
    Abstract: Verifying caller identification information is described. A query to verify a first communications connection associated with an observed caller ID is received. Using a second communications channel, a message to a device associated with the observed caller ID is transmitted. A response to the message is received. The message is evaluated to perform a security determination. The security determination is provided as output.
    Type: Grant
    Filed: February 7, 2020
    Date of Patent: May 11, 2021
    Assignee: RightQuestion, LLC
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 11005809
    Abstract: Methods, devices, and systems for generating a plurality of network addresses for a plurality of communication devices communicating over a network. One method includes receiving, with an electronic processor included in a server, geographical coordinates of the network, generating, with the electronic processor, a first set of bits based on the geographical coordinates, generating, with the electronic processor, a second set of bits based on a random number, and generating, with the electronic processor, a baseline address including the first set of bits and the second set of bits. The method also includes generating the plurality of network addresses, wherein each of the plurality of network addresses includes the baseline address and a unique offset. In addition, the method includes assigning one of the plurality of network addresses to one of the plurality of communication devices.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: May 11, 2021
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: Kiril Danilchenko, Baruh Hason, Guy Holtzman
  • Patent number: 11004072
    Abstract: An authentication technique is disclosed that uses a distributed secure listing of transactions that includes encrypted data that can be used to authenticate a principal to a verifier.
    Type: Grant
    Filed: November 10, 2017
    Date of Patent: May 11, 2021
    Assignee: PRIV8PAY, INC.
    Inventors: Ioannis Georgiadis, Gopalakrishnan Hariharan, John K. Thomas
  • Patent number: 11005883
    Abstract: Disclosed is a system for recommending content of a predefined category to an account holder, detecting spam applications, or account holders based on the account holder application graphs. The system receives information corresponding to applications executing on the client device of the account holders and generates an application graph for each account holder that includes a list of predefined application categories that are preferred by the account holder. For each predefined category, a list of account holders preferring content relevant to that category is predicted based on the set of generated application graphs. Some application graphs may be detected as spam application graphs by comparing the generated application graphs with a set of predefined spam application graphs. Alternatively, if the generated application graph does not match the predefined spam application graphs, they are compared to a set of application graphs from a database to find similar application graphs.
    Type: Grant
    Filed: October 19, 2017
    Date of Patent: May 11, 2021
    Assignee: Twitter, Inc.
    Inventors: Deepak Rao, Argyrios Zymnis, Kelton Lynn, Michael Ducker, Sean Cook
  • Patent number: 10992593
    Abstract: Embodiments of the present invention provide a persistent integration platform for conducting a multichannel resource transfer. In particular, the system may utilize a multi-step and multilayered authentication process across multiple disparate computing systems to complete the resource transfer process. In some embodiments, the system may utilize a persistent element which may be accessed by the user across multiple devices which aids in the resource transfer. For instance, the resource transfer process may be started on a first computing system, which may be a stationary networked terminal. At this point, a record of the resource transfer may be created within the persistent element. The user may thereafter access the persistent element through a second computing system, such as a user device, to resume the resource transfer and complete the remaining steps as necessary.
    Type: Grant
    Filed: October 5, 2018
    Date of Patent: April 27, 2021
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Brent David Reston, Margaret Winston, Kevin Clark May, Jeremiah Fairbairn Williams, Ryan Michael Furey, Michelle Nanette Downie
  • Patent number: 10984088
    Abstract: Systems and methods for authenticating a user to access a public terminal are described. Disclosed embodiments may include reading, using the physical credential reader, a user identifier from the physical credential device. Disclosed embodiments may also include transmitting the public terminal identifier and the user identifier to a secure server. Further, disclosed embodiments may include receiving, after completing the transmission, a unique code from the secure server. Disclose embodiments may additionally include displaying the unique code on the display device. Disclosed embodiments may include receiving, after displaying the unique code, an authentication message from the secure server. Disclosed embodiments may further include, responsive to receiving the authentication message, authorizing the user to use a terminal command at the public terminal.
    Type: Grant
    Filed: July 10, 2018
    Date of Patent: April 20, 2021
    Assignee: Capital One Services, LLC
    Inventors: Jeremy Goodsitt, Fardin Abdi Taghi Abad, Austin Walters
  • Patent number: 10979407
    Abstract: A communications system comprises a client device and a server device; the server device comprising server communication circuitry configured to establish a server-authenticated first encrypted data path between the client device and the server device; and the client device comprising client communication circuitry configured to provide client-specific information to the server device using the first encrypted data path; the server communication circuitry being configured to use the client-specific information provided by the client device to establish a second encrypted data path between the server device and the client device, the second encrypted data path being authenticated by at least the client device.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: April 13, 2021
    Assignee: Sony Corporation
    Inventors: Nigel Stuart Moore, Huw Hopkins
  • Patent number: 10979903
    Abstract: A key generation and distribution method is disclosed. The method includes receiving a first request from a first requestor, the first requestor comprising an identity of the first requestor; generating a new identity (ID) based on the identity of the first requestor; generating a secret key for the new ID with a predetermined pair of global keys, namely a Global Secret Key (GSK) and a Global Public Key (GPK); transmitting the new ID, secret key and the GPK to the first requestor; receiving a request from a second requestor, the request comprising a plurality of identities; generating an new ID for each of the plurality of identities; generating a secret key based on the IBC key generation algorithm for each of the plurality of new IDs; and transmitting the plurality of new IDs, secret keys corresponding to each of the plurality of IDs and the GPK to the second requestor.
    Type: Grant
    Filed: January 25, 2019
    Date of Patent: April 13, 2021
    Assignee: Huawei International Pte. Ltd.
    Inventors: Haiguang Wang, Jie Shi, Xin Kang
  • Patent number: 10977362
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media for program execution and data proof scheme to prove that sub-logic code that was expected to be executed within a TEE was indeed executed, and that the resulting data is trustworthy. In some implementations, each sub-logic code of a plurality of sub-logic code is registered, and stored within the TEE, and a key pair (private key, public key) corresponding to the sub-logic code is generated. The client receives and stores the public key, sends requests to the TEE with an identifier of the sub-logic that is to be executed. The sub-logic code corresponding to the identifier is executed within the TEE, which signs the result using a digital signature that is generated using the private key of the sub-logic code. The client verifies the result based on the digital signature and the public key of the sub-logic code.
    Type: Grant
    Filed: July 20, 2020
    Date of Patent: April 13, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Yirong Yu, Honglin Qiu
  • Patent number: 10979482
    Abstract: Methods and systems anchor hypertext transfer protocol (HTTP) level communication in an information-centric networking (ICN) network. Both content requests and responses to servers within the ICN network and to servers located outside the ICN network, in an IP network for example, are disclosed. Communication may be between two IP capable only devices at the HTTP level, one connected to an ICN network while the other one is connected either to an ICN or IP network. The disclosed namespace 200 enables IP based HTTP communication within the ICN network. An information-centric networking (ICN) network attachment point (NAP) or border gateway (BGW) may receive an HTTP request packet and encapsulate the received HTTP request packet. The ICN NAP/BGW may then forward the HTTP request packet towards the local ICN network servers. The HTTP request packet may be published to a named content identifier (CID) that may be determined through a hash function of a fully qualified domain name (FQDN).
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: April 13, 2021
    Assignee: IDAC HOLDINGS, INC.
    Inventor: Dirk Trossen
  • Patent number: 10970375
    Abstract: Methods, systems, and devices are provided for generating biometric signatures. The system can detect, at an electronic device, one or more biometric acoustic signals. The system can generate a biometric signal input of the one or more biometric acoustic signals. The system can apply a machine learning model to conduct feature extraction of the biometric signal input having one or more biometric acoustic signals. The system can generate a biometric user signature of the user from the machine learning model. The system can perform one or more privacy preserving hashing functions to the biometric user signature to generate a hashed biometric user signature. The system can determine whether the hashed biometric user signature satisfies a predetermined threshold with an enrollment hashed signature of the user. And the system can authenticate an identity of the user upon detecting that the hashed biometric user signature satisfies the predetermined threshold.
    Type: Grant
    Filed: September 26, 2019
    Date of Patent: April 6, 2021
    Assignee: Unknot.id Inc.
    Inventors: Devu Manikantan Shila, Adriaan Joris H. Larmuseau
  • Patent number: 10970384
    Abstract: In authenticating a first circuit by a second circuit, the second circuit selects one of a set of public values and sends to the first circuit a request for a secret value corresponding to the selected one of the set of public values. The first circuit derives the secret value from the selected one of the set of public values using a seed from set of seeds that is stored in a destructive fashion such that each use of a seed destroys that seed. The set of seeds is smaller in number than the set of public values. The second circuit determines whether the secret value matches the selected one of the set of public values using a one-way function. A positive authentication is generated based upon the determination of a match.
    Type: Grant
    Filed: May 1, 2019
    Date of Patent: April 6, 2021
    Assignee: Proton World International N.V.
    Inventors: Jean-Louis Modave, Michael Peeters
  • Patent number: 10972907
    Abstract: The invention provides a method and system for Bluetooth-based multi-end-to-multi-end communication, including: obtaining, through a short-term connection-oriented communication, a UUID of a device that needs to receive private data, corresponding the UUID to a private label according to a private label allocation table and storing the UUID in a mapping table within a broadcast host; and looking-up the mapping table, if data to be sent contains private information targeted for a specific receiving object group, then determining whether encryption is required; if encryption is required, then performing dynamical encryption based on the private label and proceeding to a step of Bluetooth broadcast payload sending; and performing corresponding non-private data hosting encapsulation or private data hosting encapsulation for the data to be sent and broadcasting the data.
    Type: Grant
    Filed: July 27, 2020
    Date of Patent: April 6, 2021
    Inventor: Fengping Zhao
  • Patent number: 10972462
    Abstract: A method for managing account data and handling account recovery requests are disclosed. The method comprises a multi-level identity verification process, including a first level where a specific computing device requesting recovery of an electronic account is requested to identify a trusted contact for the electronic account and a second level where the specific computing device is requested to provide a dynamically generated security code that has been communicated to a trusted contact identified by the specific computing device.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: April 6, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Juanjuan Hu, Kirsten Rauffer, Derek Koh, Yi Qun Zhou
  • Patent number: 10963550
    Abstract: A method and apparatus for person identification by a smart device, wherein the method comprises: establishing a registration information base that corresponds to the new user, and completing registration information base that corresponds to each valid user, and the registration information base comprises a name, a characteristic and person relation structure data, and the person relation structure data record each person relation appellation and respective person name; receiving an interaction command inputted by a current user, and collecting characteristic information of the current user; searching the registration information base of each valid user, judging whether a valid user that matches the characteristic information exists, and if yes, determining the user name of the current user; searching the registration information base that corresponds to the determined user name, and identifying a corresponding target person.
    Type: Grant
    Filed: July 20, 2017
    Date of Patent: March 30, 2021
    Assignee: GOERTEK INC.
    Inventors: Chuan Chen, Cui Liu, Honglong Ma
  • Patent number: 10965673
    Abstract: Methods and systems for establishing a chain of relationships are disclosed. An identity verification platform receives a first request for registration comprising an identification of a first user, identification of an entity, and a relationship between the first user and the entity; verifies the identity of the first user and the relationship between the first user and the entity; and verifies that the entity is legitimate. Once a relationship between a first individual, invited by the first user, and the entity is confirmed, the platform creates a custom badge representing the relationship between the first individual and the entity for display on the entity's website. The platform receives an identification of a selection by an end user of the custom badge and, responsive to receiving the identification of the selection, renders, on a domain controlled by the identity verification platform, a verification that the relationship between the first individual and the entity is valid.
    Type: Grant
    Filed: August 30, 2018
    Date of Patent: March 30, 2021
    Assignee: CIVIC TECHNOLOGIES, INC.
    Inventors: Jonathan Smith, Vinodan Lingham, Zachary Bush, Juan Pablo Bedoya
  • Patent number: 10951633
    Abstract: Systems and methods involve an input layer function of a function-as-a-service (FaaS) pipeline that receives trigger data from a trigger layer function of one or more processors of enterprise processing systems, calls one or more processors of an enrich layer function of the FaaS pipeline that adds enriching context to the trigger data, and creates an event based at least in part on the enriched trigger data. A route layer function of the FaaS pipeline invoked by the input layer function creates an action based on the event created by the input layer function. An action layer function of the FaaS pipeline invoked by the route layer function creates a command based on the action created by the route layer function, and the action layer function sends a remediation action to a command layer function of the enterprise processor based on the action created by the route layer function.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: March 16, 2021
    Assignee: CITIGROUP TECHNOLOGY, INC.
    Inventors: Alexandra Shulman-Peleg, Daniel Tylman
  • Patent number: 10944738
    Abstract: Disclosed are various examples for single-sign on by way of managed mobile devices using Kerberos. For example, a certificate is received from a client device. In response, a Kerberos ticket-granting ticket is generated and sent to the client device. A request for a service ticket is later received from the client device. The request for the service ticket can include the ticket-granting ticket. The service ticket is then generated and sent to the client device. Subsequently, the service ticket is received from the client device and a security assertion markup language (SAML) response is sent to the client device in reply. The SAML response can provide authentication credentials for a service provider associated with the service ticket.
    Type: Grant
    Filed: February 9, 2017
    Date of Patent: March 9, 2021
    Assignee: AIRWATCH, LLC.
    Inventors: Adam Rykowski, Kabir Barday, Jonathan Blake Brannon
  • Patent number: 10938555
    Abstract: The invention relates to a method for establishing a secure communication between a first network device (initiator) and a second network device (responder) in a communication network and to an arrangement of network device suitable for this purpose, which are distinguished by using a symmetric cryptosystem in which both network devices each use the same secrets as keys for encrypting and decrypting data sets for performing a respective separate authentication with respect to the first and second network devices before generating a secret to be used as a shared key for the secure communication.
    Type: Grant
    Filed: March 22, 2017
    Date of Patent: March 2, 2021
    Assignee: Phoenix Contact GmbH & Co. KG
    Inventor: Torsten Foerder
  • Patent number: 10931663
    Abstract: Two-factor authentication is processed on a transaction terminal before access is provided to a secure resource of the transaction terminal. A first factor authentication is performed to authenticate an identifier and a credential of a user. A unique challenge is sent, in response to a successful first factor authentication, to a secure device interfaced to the transaction terminal. A one-time unique signed response is received from the secure device in response to the unique challenge and a user action that depresses a button on the secure device. The one-time unique signed response is compared against what is expected from the secure device. When the comparison is successful, a user identity for the user is set, a security role is set for the user identity, and the user is granted access to the secure resource with the set security role.
    Type: Grant
    Filed: February 26, 2018
    Date of Patent: February 23, 2021
    Assignee: NCR Corporation
    Inventors: Anthony Edward Roper, Colin George Herkes
  • Patent number: 10929522
    Abstract: A method for authentication related to a software client application within a client computing device includes: in a first step, an authentication-related command and/or module is invoked by the software client application, and a first group of application protocol data units is exchanged between the client computing device and a subscriber identity module entity; in a second step, a subscriber identity module applet is triggered—via the first group of application protocol data units—to contact a subscriber identity module toolkit and/or to trigger an event, so as to invoke a command of the subscriber identity module toolkit; and in a third step, a second group of application protocol data units are exchanged between the client computing device and the subscriber identity module entity, wherein the subscriber identity module toolkit thereby triggers the client computing device to request a user action from the user of the client computing device.
    Type: Grant
    Filed: July 26, 2017
    Date of Patent: February 23, 2021
    Assignee: DEUTSCHE TELEKOM AG
    Inventors: Ruediger Jaensch, Michael Dupre
  • Patent number: 10931452
    Abstract: A method of enabling single sign-on (SSO) access to an application executing in an enterprise, wherein authorized, secure access to specific enterprise applications are facilitated via an enterprise-based connector. In response to successful authentication of an end user via a first authentication method, a credential associated with the successful authentication is encrypted to generate an encrypted user token. The encrypted user token is then forwarded for storage in a database accessible by the enterprise-based connector. Following a redirect (e.g., from a login server instance) that returns the end user to the enterprise-based connector, the encrypted user token is fetched and decrypted to recover the credential. The credential so recovered is then used to attempt to authenticate the user to an application via a second authentication method distinct from the first authentication method.
    Type: Grant
    Filed: August 22, 2017
    Date of Patent: February 23, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Seetharama Ayyadevara, Seemant Choudhary, Stephan Benny, Punit Kandoi, Pravin Tatti
  • Patent number: 10915354
    Abstract: Transaction scheduling is described for a user data cache by assessing update criteria. In one example an event records memory stores a list of events each corresponding to performance of a transaction at a remote resource for a user. The memory has criteria for each event and a criterion value for each criterion and event combination. An event manager assesses criteria for each event by performing an operation on the stored criterion value for each criterion and event combination, assigning a score for each criterion and event combination, and compiling the assigned scores to generate a composite score for each event. The events are ordered based on the respective composite scores and executed in the ordered sequence by performing a corresponding transaction at remote resource. Updated criterion values are stored for executed events.
    Type: Grant
    Filed: July 20, 2018
    Date of Patent: February 9, 2021
    Assignee: BILLGO, INC.
    Inventors: Stephen Ryan Gordon, Terry Lentz, Jr., Kalyanaraman Ganesan, Richard Yiu-Sai Chung
  • Patent number: 10909270
    Abstract: According to an embodiment, an information processing device switching between a secure mode and a non-secure mode to operate, includes one or more processors configured to perform: implementing a secure OS which operates in the secure mode; implementing a non-secure OS which operates in the non-secure mode; acquiring initialization process information autonomously in the secure mode, the initialization process information relating to an initialization process which the non-secure OS executes for a shared resource shared by the secure OS and the non-secure OS; and enabling, based on the initialization process information, the shared resource to be shared and used by the secure OS and the non-secure OS.
    Type: Grant
    Filed: February 26, 2019
    Date of Patent: February 2, 2021
    Assignee: KABUSHIKI KAISHA TOSHIBA
    Inventors: Ryuta Nara, Takeshi Kawabata
  • Patent number: 10904759
    Abstract: A method for the initial operation and personalization of a subscriber identity module in a mobile radio network, prior to its first initial operation in the mobile radio network, the subscriber identity module does not yet include an individual secret key and is being equipped with an individual, unique parameter data set only after its first initial operation in the mobile radio network. A mobile radio server takes on, from the subscriber identity module, an authentication message formed with a preliminary parameter data set comprising an individual, unique subscriber identification and a non-individual, non-unique preliminary secret key, and sends, after a verification, in response thereto an individual, unique final secret key to the subscriber identity module for programming into the subscriber identity module. The preliminary parameter data set is introduced into the subscriber identity module selectively during production or by an initializing step based on an initial parameter data set.
    Type: Grant
    Filed: August 16, 2018
    Date of Patent: January 26, 2021
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventor: Lars Hoffmann
  • Patent number: 10904751
    Abstract: Described are methods that allow credentials of a first client station to authenticate a second client station. An exemplary method includes associating a first client station with a second client station, the first client station including credential information, the associating authorizing the second client station to use the credential information, transmitting, by the second client station, an association request to a network, the network utilizing the credential information to authorize a connection, the second client station configured to perform a proxy functionality for requests received from the network to be forwarded to the first client station and responses received from the first client station to be forwarded to the network, determining, by the network, whether the credential information received from the second client station is authenticated and establishing a connection between the second client station and the network using the credential information of the first client station.
    Type: Grant
    Filed: July 27, 2016
    Date of Patent: January 26, 2021
    Assignee: Apple Inc.
    Inventors: Najeeb M. Abdulrahiman, Thomas F. Pauly, Vikram B. Yerrabommanahalli
  • Patent number: 10904333
    Abstract: System and method for for associating general data with an end-user based on the domain name system (DNS) resolver that the end-user uses to map the canonical domain names of internet services to their associated network addresses. The present invention elegantly addresses concerns of scale regarding the key-space, for example the global number of distinct DNS resolvers, and the data-space, for example the number of distinct geographical areas to associate.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: January 26, 2021
    Assignee: Pavlov Media, Inc.
    Inventors: Bartow Wyatt, Robert Saska
  • Patent number: 10897360
    Abstract: Methods, systems, and devices are described herein for delivering protected data to a trusted execution environment (TrEE) associated with an untrusted requestor. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data may register a public encryption key of a TrEE that corresponds to a private encryption key held by the TrEE or a symmetric key of the TrEE. The targeting protocol head may receive a request for protected data from a requestor associated with the TrEE, and retrieve the protected data for example, from a key management system or store of protected data. The targeting protocol head may generate targeted protected data by encrypting the protected data with the public encryption key or symmetric key of the TrEE. The targeting protocol head may then send the targeted protected data to the requestor.
    Type: Grant
    Filed: January 26, 2017
    Date of Patent: January 19, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Mark F. Novak
  • Patent number: 10897707
    Abstract: Methods And Apparatus For Direct Communication Key Establishment Methods, apparatuses and system are disclosed for establishing a key for secure direct communication between a User Equipment device, UE, and a device. The system comprises a UE (20), a device (30) and a Direct Communication Element (40). The UE establishes a UE shared key with a Bootstrapping Server Function, BSF (50), using a Generic Bootstrapping Architecture, GBA, procedure. The device receives a transaction identifier associated with the UE shared key from the UE, and sends the transaction identifier to the Direct Communication Element. The Direct Communication Element receives the transaction identifier from the device, obtains a shared session key from the BSF, derives the UE delivery key, generates the direct communication key, encrypts the direct communication key with the UE delivery key, and sends the direct communication key and the encrypted direct communication key to the device.
    Type: Grant
    Filed: November 18, 2015
    Date of Patent: January 19, 2021
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventors: Monica Wifvesson, Vesa Lehtovirta, Katharina Pfeffer
  • Patent number: 10885160
    Abstract: A computer-implemented user classification method includes: obtaining, by a target terminal device, an initial user classification model from a server, in which the initial user classification model is provided by the server to multiple terminal devices, the multiple terminal devices including the target terminal device; obtaining first operation data of a registered user of the target terminal device; updating the initial user classification model based on the first operation data, to obtain an updated user classification model that is personalized for the registered user; and classifying, based on the updated user classification model, an identity of a current user of the target terminal device.
    Type: Grant
    Filed: February 26, 2020
    Date of Patent: January 5, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Long Guo
  • Patent number: 10885096
    Abstract: A computer system for automating dynamic multi-user communication is configured to receive a first user dataset associated with a first user. The computer system can communicate first user interface elements to a first user. The computer system then receives, from the first user, a user data response based upon the first user interface elements. Upon receiving the user data response, the computer system identifies, using a correlating function, a second user from. The computer system communicates at least a portion of the user data response to the second user. The computer system then receives, from the second user, a first user data response ranking. The computer system updates a first user ranking with the first user data response ranking. The computer system then communicates the first user data response ranking to the first user.
    Type: Grant
    Filed: March 22, 2019
    Date of Patent: January 5, 2021
    Inventor: Jon Matthew Wickizer
  • Patent number: 10885525
    Abstract: A method and system for employing biometric data includes first and second user computing systems coupled to respective first and second biometric devices for generating biometric data. A first user of the first user computing system uses the first biometric device, thus causing a generation of first biometric data which is then used as a database index to locate and authorize access to a database zone exclusively dedicated to the first user. The first user can further access the database zone on the second user computing system, and authorize access to a portion of data within the database zone to a second user of the second user computing system.
    Type: Grant
    Filed: September 20, 2017
    Date of Patent: January 5, 2021
    Inventor: Faraz Sharafi
  • Patent number: 10887412
    Abstract: A method is disclosed. The method includes: obtaining, by an authoritative directory router in an information centric network (ICN), a publish message associated with a publisher node and including: an identifier associated with a content item; and a first anchor prefix for a first anchor directory router for the publisher node; determining that a bidirectional code for the identifier falls within an authoritative code range assigned to the authoritative directory router; and updating, in response to the bidirectional code falling within the authoritative code range, a local code repository associated with the authoritative directory router with the first anchor prefix and the identifier.
    Type: Grant
    Filed: June 5, 2019
    Date of Patent: January 5, 2021
    Assignee: Gramboo Inc.
    Inventor: Nitish John
  • Patent number: 10885163
    Abstract: The present disclosure provides a computer-implemented method, computer system and computer program product for user authentication. According to the method, identity information can be received from a user, and a plurality of questions can be presented to the user, the plurality of questions comprising one or more valid questions generated based on a password related to the identity information and one or more invalid questions. Then, an input can be received from the user, and in response to the input corresponding to the one or more valid questions, the user can be authenticated based on the input.
    Type: Grant
    Filed: July 19, 2018
    Date of Patent: January 5, 2021
    Assignee: International Business Machines Corporation
    Inventors: He Huang, Shi Peng Li, Jin Hong Fu, Shi Chong Ma
  • Patent number: 10880295
    Abstract: The disclosure relates to apparatuses and methods for a computer network comprising hosts accessible by directory users whose user identity information is maintained in a user information directory. The apparatus comprises at least one processor, and at least one memory for storing instructions that, when executed, cause the apparatus to manage information of configurations for attribute based filtering of access requests by the directory users for a plurality of hosts and separately from the user information directory.
    Type: Grant
    Filed: March 6, 2017
    Date of Patent: December 29, 2020
    Assignee: SSH Communications Security OYJ
    Inventors: Marko Teiste, Tero Mononen, Tommi Linnakangas, Jussi Pakkanen, Tatu J. Ylönen, Kalle Jääskeläinen, Markku Rossi
  • Patent number: 10873450
    Abstract: The present disclosure relates to deriving cryptographic keys for use in encrypting data based on a plaintext to be encrypted. An example method generally includes receiving, from a querying device, a request for a cryptographic key. The request generally includes data derived from a plaintext value to be encrypted and an indication of a type of the plaintext value to be encrypted. A cryptographic key is generated based, at least in part, on the derived data and the type of the plaintext value to be encrypted. The key deriver transmits the generated cryptographic key to the querying device.
    Type: Grant
    Filed: November 16, 2017
    Date of Patent: December 22, 2020
    Assignee: INTUIT INC.
    Inventors: Gleb Keselman, Ernesto Nebel, Jeffery Weber, Noah Kauhane, Vinu Somayaji, Yaron Sheffer
  • Patent number: 10867047
    Abstract: Example implementations relate to custom operating system (OS) images. For example, booting a user device to a custom OS image includes presenting a user interface (UI) for creating a custom OS image for portable use, storing the custom OS image on a database for information technology (IT) management purposes, sending, based on a request, the custom OS image from the database to an secure external device, and authenticating, based on a policy, the custom OS image on the secure external device for use on a user device without an OS image or a hard drive disk (HDD).
    Type: Grant
    Filed: March 11, 2015
    Date of Patent: December 15, 2020
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Syed S Azam, Juan Martinez, Chi So
  • Patent number: 10855644
    Abstract: In some embodiments, a method receives one or more address resolution mappings and sends the one or more first address resolution mappings to a manager for verification of the one or more first address resolution mappings. The method receives one or more responses based on the verification of the one or more first address resolution mappings and allows or disallows use of the one or more address resolution mappings based on the one or more responses. A list of verified address resolution mappings is received from the manager based on the verification of the one or more first address resolution mappings. Then, the method receives a second address resolution mapping and verifies the second address resolution mapping using the list of verified address resolution mappings.
    Type: Grant
    Filed: October 23, 2019
    Date of Patent: December 1, 2020
    Assignee: VMWARE, INC.
    Inventors: Shirish Vijayvargiya, Sachin Shinde, Nakul Ogale, Vasantha Kumar Dhanasekar
  • Patent number: 10855802
    Abstract: Computing systems and processes of creating provisional account profiles of users are disclosed herein. In one embodiment, a computing system is configured to detect at least one ingoing or outgoing communication to or from a first globally unique identifier of a first user that has not already linked to an account of said service. In response to said detection, the computing system is configured to create a provisional user profile for the first user linked to the first globally unique identifier and gather public information associated with the first user from one or more third-party sources outside said service. When the first user joins said service, the computing system can be configured to allocate the provisional user profile to an account belonging to the first user linked to the first globally unique identifier.
    Type: Grant
    Filed: June 8, 2018
    Date of Patent: December 1, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Kevin Bellinger, Paul Elliott, Fernando Garcia Valenzuela, Kjetil Bergstrand
  • Patent number: 10846663
    Abstract: An apparatus in one embodiment comprises a processing platform having at least one processing device. The processing platform implements a database configured to store bindings between user identity information and respective cryptocurrency addresses for users of an address-based cryptocurrency, and an account-identity service system accessible to at least one cryptocurrency vendor. The account-identity service system is configured to utilize the stored bindings to respond to queries from the cryptocurrency vendor. A given one of the queries from the cryptocurrency vendor identifies a particular one of the users and a corresponding cryptocurrency address for which the particular user has requested to purchase an amount of the address-based cryptocurrency.
    Type: Grant
    Filed: October 28, 2016
    Date of Patent: November 24, 2020
    Assignee: Cornell University
    Inventors: Ari Juels, Faiyam Rahman
  • Patent number: 10846389
    Abstract: Embodiments of the disclosure provide a method for enhancing standard authentication systems to include risk-based decisions. Risk-based decisions can be selectively implemented within existing authentication systems to strategically modify and supplement security if an unacceptable risk is detected. Embodiments capture information pertaining to a user and user device. Information is stored to create a profile for the user and user device. A comparison between the stored information and live data can be performed within authentication systems to optimize security. If the results of the comparison demonstrate the presence of an acceptable risk, then the need for subsequent authentication can be reduced or eliminated, which improves a user experience.
    Type: Grant
    Filed: July 19, 2017
    Date of Patent: November 24, 2020
    Assignee: Aetna Inc.
    Inventors: Salil Kumar Jain, Abbie Barbir, Derek Swift
  • Patent number: 10846154
    Abstract: Embodiments describe receiving a user input identifying a name associated with the website. A directory server receives a request for application programming interface (API) fingerprint data associated with the name. In response to receiving, from the directory server, a response indicating that no API fingerprint data has been found for the name, a secured connection is initiated via the wireless transceiver from a headless browser of the native application to the remote server. First web page data of the website is received from the remote server via the secured connection and the first web page data parsed to identify first locations of one or more elements of the website. A first application programming interface (API) fingerprint data is generated indicating a mapping between the one or more elements of the website and the native application and the first API fingerprint data is sent to the directory server.
    Type: Grant
    Filed: May 23, 2018
    Date of Patent: November 24, 2020
    Assignee: AppBrilliance, Inc.
    Inventors: Charles Eric Smith, Sergio Gustavo Ayestaran
  • Patent number: 10841307
    Abstract: Methods and systems for establishing a chain of relationships are disclosed. An identity verification platform receives a first request for registration comprising an identification of a first user, identification of an entity, and a relationship between the first user and the entity; verifies the identity of the first user and the relationship between the first user and the entity; and verifies that the entity is legitimate. Once a relationship between a first individual, invited by the first user, and the entity is confirmed, the platform creates a custom badge representing the relationship between the first individual and the entity for display on the entity's website. The platform receives an identification of a selection by an end user of the custom badge and, responsive to receiving the identification of the selection, renders, on a domain controlled by the identity verification platform, a verification that the relationship between the first individual and the entity is valid.
    Type: Grant
    Filed: August 7, 2019
    Date of Patent: November 17, 2020
    Assignee: CIVIC TECHNOLOGIES, INC.
    Inventors: Jonathan Smith, Vinodan Lingham, Zachary Bush, Juan Pablo Bedoya