Central Trusted Authority Provides Computer Authentication Patents (Class 713/155)
-
Patent number: 11924353Abstract: A system includes a control computer that is programmed to perform an authentication based on an encryption key, upon being connected to a vehicle communication network. The computer is programmed to control vehicle operation including at least one of propulsion, braking, and steering, upon authentication by a vehicle computer that is physically attached to the communication network.Type: GrantFiled: January 25, 2017Date of Patent: March 5, 2024Assignee: Ford Global Technologies, LLCInventors: Michael Talamonti, Walter Joseph Talamonti
-
Patent number: 11921860Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for rollback resistant security are disclosed. In one aspect, a method, during a boot process of a computing device, includes the actions of obtaining a secret key derived from device-specific information for the computing device. The method further includes verifying that a signature for a software module is valid. The method further includes obtaining information indicating a current version of the software module. The method further includes using the secret key to generate a first encryption key corresponding to the current version of the software module and a second encryption key corresponding to a prior version of the software module. The method further includes preventing future access to the secret key until the computing device is rebooted. The method further includes providing the software module access to the first encryption key and the second encryption key.Type: GrantFiled: February 2, 2023Date of Patent: March 5, 2024Assignee: Google LLCInventor: Paul Dermot Crowley
-
Patent number: 11917097Abstract: Methods and systems described in this disclosure allow customers to quickly be authenticated. In some embodiments, a device and a user verifier are associated with a user profile. When a call is received from the device, the user may be requested to input the user verifier. After verifying that the device is unique to the user and that the user verifier matches the user verifier associated with the user profile, the user may be authenticated to the call or activity.Type: GrantFiled: November 1, 2021Date of Patent: February 27, 2024Assignee: United Services Automobile Association (USAA)Inventors: Patricio H. Garcia, Amanda Jean Segovia, Hector J. Castillo, Susan Cass Mason, Robert Craig Korom
-
Patent number: 11917054Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.Type: GrantFiled: August 11, 2022Date of Patent: February 27, 2024Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Zhongding Lei, Lichun Li, Bo Zhang, Fei Liu, Haiguang Wang, Xin Kang
-
Patent number: 11909735Abstract: Techniques are provided for multi-cloud authentication of data requests. One method comprises obtaining, by a first authentication entity of a first cloud environment, from a service on the first cloud environment, a request for data stored by a second cloud environment; determining a signature for the service; verifying the determined signature for the service by requesting a signature for the service registered with a second authentication entity of the second cloud environment; requesting the data from the second authentication entity of the second cloud environment in response to the determined signature being verified; and providing the requested data to the service. The requested data from the second cloud environment may be encrypted with an encryption key, and the method may further comprise decrypting the requested data with a decryption key obtained from the second cloud environment. The signature for the service may be registered as part of a deployment of the service.Type: GrantFiled: November 13, 2020Date of Patent: February 20, 2024Assignee: EMC IP Holding Company LLCInventors: Tomer Shachar, Yevgeni Gehtman, Maxim Balin
-
Patent number: 11895097Abstract: A method including configuring, by an infrastructure device, a user device to encrypt authentication information associated with authenticating the user device with a service provider, the authentication information including first factor authentication information for determining a first factor and second factor authentication information for determining a second factor; configuring, by the infrastructure device, the user device to detect an attempt to access a service to be provided by the service provider; configuring, by the infrastructure device, the user device to determine, based on detecting the attempt, the first factor based on decrypting the first factor authentication information and the second factor based on decrypting the second factor authentication information; and configuring, by the infrastructure device, the user device to enable authentication of the user device with the service provider based on utilizing the first factor and the second factor. Various other aspects are contemplated.Type: GrantFiled: May 23, 2022Date of Patent: February 6, 2024Assignee: UAB 360 ITInventor: Mindaugas Valkaitis
-
Patent number: 11888994Abstract: Described are automated systems and methods for providing a template design for a public-key infrastructure (PKI) system. For example, certain infrastructure information and stored PKI information can be processed to determine a PKI template, which can specify the configuration for a proposed PKI hierarchy. A configurable representation of the proposed PKI hierarchy can be generated and presented to the user, which can facilitate review, modification, and further customization of the proposed PKI hierarchy. Aspects of the present disclosure can also determine costs associated with the proposed PKI hierarchy, and can create and deploy the proposed PKI hierarchy.Type: GrantFiled: June 30, 2021Date of Patent: January 30, 2024Assignee: Amazon Technologies, Inc.Inventors: Param Sharma, Josh Rosenthol, Todd Cignetti, Jonathan Kozolchyk
-
Patent number: 11886384Abstract: The techniques disclosed herein enable systems to centralize access to various digital items irrespective of the location of those digital items. To achieve this, items that are stored at their original location, e.g., within a cloud storage platform, can be selected by a user for storage at a centralized location such as a favorites section. These items are selected using an interface control which can be an operating system component of an item keeping system that is accessible in any context or application. The item keeping system can generate an item alias for selected items which is then stored in the centralized location. In addition, item aliases can be moved to various destinations by the user to enable customized item storage for items of varying types, origin, and location. In addition, functionality of the interface control can be modified to suite selected items.Type: GrantFiled: April 1, 2022Date of Patent: January 30, 2024Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Carlos German Perez, Todd S. Behrbaum, Wendy Lu, Matthew F. Gray, Daniela Dimitrova, Helen Anderson, Olga K. Dalecka, Jokko Juhana Korhonen
-
Patent number: 11887118Abstract: Embodiments of the present invention provide a method, program, and apparatus that may identify a device by using a virtual code generated based on a unique value of a chip inside a device without a separate procedure for identifying the device. Furthermore, embodiments of the present invention provide a method, program, and apparatus that may generate a virtual code, which is not matched with any other code, whenever a code for identifying a device is requested. Moreover, embodiments of the present invention provide a method, program, and apparatus for identifying a device that may add and use only an algorithm without changing a conventional process.Type: GrantFiled: June 2, 2022Date of Patent: January 30, 2024Assignee: SSenStone Inc.Inventor: Chang Hun Yoo
-
Patent number: 11882447Abstract: The invention relates to a computer-implemented method for connecting a network component to a network, in particular a mobile communications network, with an extended network access identifier. The method involves a receiving of the extended network access identifier from the network component via a network access server, wherein the extended network access identifier comprises at least one network access restriction for connecting the network component to the network. The method also involves a receiving of a requested user access profile from a user profile server via the network access server, wherein the user access profile comprises access authorisations for connecting the network component to the network. The network component is authenticated in the network via the network access server, if the received extended network access identifier fulfills thre access authorisations of the received user access profile.Type: GrantFiled: August 2, 2019Date of Patent: January 23, 2024Assignee: Siemens AktiengesellschaftInventor: Rainer Falk
-
Patent number: 11868997Abstract: A payment system implemented on a mobile device authenticates transactions made via the mobile device. The mobile device generates a public-private key pair and receives an authenticating input from a user of the device. The public key is sent to a secure payment system, and the authenticating input is used to generate a symmetric key that encrypts the private key. After a transaction is initiated, the mobile device receives an authenticating input from the user. The symmetric key is generated from the authenticating input and the mobile device attempts to decrypt the private key from the encrypted private key using the symmetric key generated by the user's input. The decrypted key is used to sign a transaction authorization message which is sent to the secure payment system, along with payment information, which can verify the signed message via the public key. Additional techniques related to secure payments are also disclosed.Type: GrantFiled: November 11, 2020Date of Patent: January 9, 2024Assignee: Minkasu, IncInventors: Subramanian Lakshmanan, Anbarasan P. Gounder, Naveen Doraiswamy
-
Patent number: 11870779Abstract: The present disclosure includes apparatuses, methods, and systems for validating an electronic control unit of a vehicle. An embodiment includes a memory, and circuitry configured to generate a run-time cryptographic hash based on an identification (ID) number of an electronic control unit of a vehicle and compare the run-time cryptographic hash with a cryptographic hash stored in a portion of the memory.Type: GrantFiled: May 6, 2022Date of Patent: January 9, 2024Assignee: Micron Technology, Inc.Inventors: Antonino Mondello, Alberto Troia
-
Patent number: 11863310Abstract: A system for aggregating a user's web browsing data which may include cookies placed on a user's computing device from various websites. The system receives authorization from a user to retrieve cookie and other data associated with the user. The system then accesses cookie data and personal data associated with the user. In some embodiments, the aggregation system communicates with websites that placed the cookie data on the user's computer to determine one or more characteristics of the user based on the cookie data (which may be understandable only by the placing website). The system may then provide the user's aggregated data or a portion thereof to requesting entities. The user may have access to a user interface which provides information about the user's aggregated data and allows the user to determine how much information to share with requesting entities.Type: GrantFiled: April 13, 2021Date of Patent: January 2, 2024Assignee: ConsumerInfo.com, Inc.Inventors: Mark Joseph Kapczynski, Michael John Dean
-
Patent number: 11863529Abstract: A method for use with a public cloud network is disclosed. The method includes setting up at least one virtual machine, at least one private cloud call-back server (PCCBS) and at least one smart device client on the side of the PCCBS to provide cloud based web services, and at least one private cloud routing server (PCRS) and at least one smart device client on the side of the PCRS in a client server relationship. The virtual machine and PCCBS usually reside in a hyperscale data center, while the PCRS resides in the client's remote premises. An internet platform owner that maintains the virtual machine, offers to a subscriber to host the PCCBS in the virtual machine, constructs and deploys a community pair of peer-to-peer communication relationship between at least one PCCBS Device Client and a PCRS Device Client.Type: GrantFiled: April 13, 2021Date of Patent: January 2, 2024Assignee: Kingston Digital, Inc.Inventor: Ben Wei Chen
-
Patent number: 11855972Abstract: The present disclosure relates to a computer-implemented method of processing a data transfer. The method comprises generating a first identifier for a first entity; linking the first identifier with a second identifier associated with a second entity; sending the first identifier and the second identifier to the first server; verifying the first entity based at least on the first identifier and the second identifier; sending a message to a second server, the message comprising at least the first identifier, the second identifier, and a name associated with the first identifier; and authenticating the data transfer for the first entity based at least on the information contained in the message.Type: GrantFiled: March 29, 2021Date of Patent: December 26, 2023Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventor: Manu Dharmaiah Kallugudde
-
Patent number: 11847253Abstract: The technology disclosed herein enables efficient launching of trusted execution environments. An example method can include: receiving, by a first computing device, a request from a second computing device to establish a set of trusted execution environments (TEEs) in the first computing device; establishing a first TEE of the set of TEEs in the first computing device, wherein the trusted execution environment comprises an encrypted memory area and executable code; receiving, by the first TEE, cryptographic key data from the first computing device; establishing, by the first TEE, a second TEE of the set of TEEs in the first computing device, wherein the second TEE comprises a copy of the executable code; providing, by the first TEE, the cryptographic key data to the second TEE; and causing the executable code of the second TEE to communicate with the first computing device using the cryptographic key data.Type: GrantFiled: November 30, 2020Date of Patent: December 19, 2023Assignee: Red Hat, Inc.Inventors: Michael Hingston McLaughlin Bursell, Michael Tsirkin, Nathaniel McCallum
-
Patent number: 11838348Abstract: A method of computation executed by a server is provided, wherein constraints on results of the computation from a group of client devices in a distributed system are used in a way that makes it unnecessary to identify the client devices. The constraints from each client device include limit amounts applicable to respective other client devices in the group in combination with the client device. The client devices each form doubly encrypted representations of the limit amounts and send messages with requests and its decryption key to the server. The server doubly decrypts the doubly encrypted representations of the limit amounts using the keys from the messages and determines which pairs of the messages include description keys that produce verified results. The server computes a solution that satisfies the requests from the messages, subject to the limit amounts from the verified results, applied in conjunction with the requests from said pairs of the messages.Type: GrantFiled: July 29, 2019Date of Patent: December 5, 2023Assignee: Synergy Solutions Group B.V.Inventor: Alexey Mileev
-
Patent number: 11831754Abstract: In some instances, a method for authenticating a user using key pair authentication is provided. The method comprises enrolling the user into key pair authentication by generating a private and public key pair for an authentication domain, accessing the content on the first domain based on enrolling the user into the key pair authentication with a key pair authentication server using the private and public key pair for the authentication domain, requesting access for different content on a second domain, based on enrolling the user into the key pair authentication for the first domain, redirecting a browser from the second domain to the authentication domain, and accessing the different content on the second domain based on performing the key pair authentication with the key pair authentication server using the private and public key pair for the authentication domain.Type: GrantFiled: April 21, 2021Date of Patent: November 28, 2023Assignee: Aetna Inc.Inventors: Abbie Barbir, Salil Kumar Jain, Cisa Kurian, John Poirier, Amy Ulrich, Erick Verry, Victoria Garstka, Abhishek Tennarangam
-
Patent number: 11818109Abstract: A method including encrypting, by a user device, a file based at least in part on utilizing a file symmetric key and a first encryption algorithm to determine a first-encrypted file; storing, by the user device, the first-encrypted file in a local memory; encrypting, by the user device, the file based at least in part on utilizing a synchronization key and a second encryption algorithm to determine a second-encrypted file, the second encryption algorithm being different from the first encryption algorithm; encrypting, by the user device, metadata associated with the file based at least in part on utilizing a metadata key to determine encrypted metadata; and transmitting, by the user device to a storage device, the second-encrypted file in association with the encrypted metadata is disclosed. Various other aspects are contemplated.Type: GrantFiled: August 19, 2022Date of Patent: November 14, 2023Assignee: UAB 360 ITInventors: Konstantin Kolganov, Tomas Smalakys
-
Patent number: 11818253Abstract: The present disclosure relates to a trustworthy data exchange. Embodiments include receiving, from a device, a query, wherein the query comprises a question. Embodiments include identifying particular information related to the query. Embodiments include receiving credentials from a user for retrieving the particular information related to the query. Embodiments include retrieving, using the credentials, the particular information related to the query from one or more data repositories that are part of a distributed database comprising an immutable data store that maintains a verifiable history of changes to information stored in the distributed database. Embodiments include determining, based on the particular information related to the query, an answer to the query. Embodiments include providing the answer to the device.Type: GrantFiled: February 6, 2023Date of Patent: November 14, 2023Assignee: INTUIT, INC.Inventors: Glenn C. Scott, Michael R. Gabriel, Parikshit Lingampally, Roger C. Meike, Ian Maya Panchevre
-
Patent number: 11811929Abstract: Managing client access token requests is provided. It is determined whether a current time interval between a last allowed access token request matches a regular access token request interval for a client. In response to determining that the current time interval does match the regular access token request interval for the client, a current access token request is allowed. An access token is generated for the client to access a protected resource hosted by a resource server based on allowing the current access token request. The access token is issued to the client via a network.Type: GrantFiled: January 27, 2021Date of Patent: November 7, 2023Assignee: International Business Machines CorporationInventors: Leo Michael Farrell, Holly Wright
-
Patent number: 11805134Abstract: A computer-implemented method is disclosed. The method includes: authenticating a user for login to a service for a first authenticated user session; in response to authenticating the user, generating a first data string associated with a first validity period; sending, to a client device associated with the user, the first data string; receiving, from the client device, a data access request to access a first data set at a remote data source, the data access request including the first data string; determining that the first authenticated user session has been terminated at a time of receiving the data access request; validating the first data string based on checking the first validity period; and in response to determining that the first authenticated user session has been terminated and that the first data string is valid, transmitting, to the client device, a data access response including at least a subset of the first data set.Type: GrantFiled: January 25, 2022Date of Patent: October 31, 2023Assignee: The Toronto-Dominion BankInventors: Denny Devasia Kuruvilla, Esli Gjini, Sarah Reeve, Matija Bosnjakovic, Guy Dagmara, Jaspal Singh Samra, Abhiney Natarajan, Haobin Li, Richard Yu, Md Abdur Razzak Chowdhury, Dani Kartikay, Ryan Wu, Andrey Petrov, Peter Horvath, Prashanth Dappula, Sivashanthan Sivapalan, Nolan Glynn-Udrow
-
Patent number: 11799666Abstract: A system for authenticating a requesting device using verified evaluators includes an authenticating device. The authenticating device is designed and configured to receive at least a first digitally signed assertion from a requesting device, the at least a first digitally signed assertion linked to at least a verification datum, evaluate at least a second digitally signed assertion, signed by at least a cryptographic evaluator, conferring a credential to the requesting device, validate the credential, as a function of the at least a second digitally signed assertion, and authenticate the requesting device based on the credential.Type: GrantFiled: January 3, 2022Date of Patent: October 24, 2023Assignee: Ares Technologies, Inc.Inventors: Christian T. Wentz, Ilia Lebedev
-
Patent number: 11792462Abstract: Apparatus and methods to manage recording of streaming packetized content (such as for example live IP packetized content) for access, retrieval and delivering thereof to one or more users. In one embodiment, the foregoing is accomplished via communication between a recording manager and a receiver/decoder device. The recording manager manages and schedules recording of content on behalf of the receiver/decoder device (and/or mobile devices) disposed at a user's premises. The recording manager runs one or more computer programs designed to receive requests to record packetized content from one or more consumer devices, and use metadata contained within the requests to cause a cloud storage entity or premises storage device to record the content at its scheduled date/time (either via the receiver/decoder device itself, or another network entity).Type: GrantFiled: October 4, 2021Date of Patent: October 17, 2023Assignee: TIME WARNER CABLE ENTERPRISES LLCInventors: George Sarosi, Wilfred Jaime Miles, Chris Cholas
-
Patent number: 11784817Abstract: The present disclosure provides systems and methods for secure identification retrieval. The method includes retrieving a value of a periodic variable and calculating a plurality of query tokens from a corresponding plurality of client device identifiers and the value of the periodic variable. Each query token is associated with a corresponding client device identifier in a first database. The method further includes receiving a first query token calculated from a client device identifier of the first client device and the value of the periodic variable and identifying a second query token of the calculated plurality of query tokens in the first database matching the first query token. The method further includes, responsive to the identification, retrieving the associated client device identifier and retrieving one or more characteristics of the first client device according to the associated client device identifier. The method further includes transmitting the retrieved one or more characteristics.Type: GrantFiled: March 21, 2022Date of Patent: October 10, 2023Assignee: Google LLCInventors: Gang Wang, Marcel M. Moti Yung
-
Patent number: 11784811Abstract: Fault-tolerant storage of cryptographic information maintained on a fleet of HSMs may be provided by dividing the cryptographic information into a number of stripes which are distributed and stored on individual HSMs in the HSM fleet. Parity information is generated which allows one or more stripes to be regenerated if one or more stripes becomes corrupt or is lost. The parity information may be stored on an HSM in the HSM fleet, or outside the fleet on a storage service, HSM management hub, tangible computer-readable media, or other device. If an HSM in the HSM fleet fails, resulting in the loss of a stripe, an HSM in the fleet can recover the missing stripe by re-creating the missing stripe from the remaining stripes combined with the parity information. In some examples, stripes are mirrored within the fleet of HSMs.Type: GrantFiled: August 28, 2020Date of Patent: October 10, 2023Assignee: Amazon Technologies, Inc.Inventors: Gregory Alan Rubin, Benjamin Philip Grubin
-
Patent number: 11777717Abstract: A method for attestation of Control Flow Integrity (CFI) of an application running on an end entity whereby an asymmetric key pair is generated by a Key Management Module (KMM) comprising a private key and a public key, then the public key is signed with a device key unique to the end entity thereby generating a public key certificate which attests to the private key being in possession of the end entity. The asymmetric key pair is based on the executing code of the application and the device key. The attestation claims regarding CFI of the application are signed by the private key in a dedicated signature module.Type: GrantFiled: January 25, 2019Date of Patent: October 3, 2023Assignee: Huawei Technologies Co., Ltd.Inventors: Sampo Sovio, Jan-Erik Ekberg
-
Patent number: 11775621Abstract: At least one machine readable medium comprising a plurality of instructions that in response to being executed by a system cause the system to send a unique identifier to a license server, establish a secure channel based on the unique identifier, request a license for activating an appliance from a license server over the secure channel, receive license data from the license server over the secure channel; determine whether the license is valid, and activate the appliance in response to a determination that the license data is valid.Type: GrantFiled: November 21, 2022Date of Patent: October 3, 2023Assignee: Intel CorporationInventors: Malini K. Bhandaru, Kapil Sood, Christian Maciocco, Isaku Yamahata, Yunhong Jiang
-
Patent number: 11776543Abstract: An authentication system prevents leakage of a key-reading speech during user authentication based on the key-reading speech of a user reading an authentication key. For each user ID, a storage stores a voiceprint of a user in association with a recorded sound including speech spoken previously by the user. A specifier specifies the user ID of a user attempting to receive authorization. An outputter outputs a masking sound that includes the recorded sound recorded in association with the specified user ID. An acquirer acquires a key-reading speech of the user reading the authentication key and the output masking sound. A remover acquires a second sound by removing the masking sound from the acquired first sound. A determiner determines whether the user has authority pertaining to the specified user ID based on the acquired second sound.Type: GrantFiled: May 3, 2021Date of Patent: October 3, 2023Assignee: Passlogy Co., Ltd.Inventors: Motohiko Mitsuno, Hideharu Ogawa
-
Patent number: 11770705Abstract: Configuration methods and systems include a smart vehicle router associated with router information stored in a router file in a cloud network, and a smart mobile device comprising a camera and software application tool. The router information includes a unique authentication certificate to permit a one-to-one pairing such that another pairing is not available. The configuration system is configured to read an image of an identification component associated with the smart vehicle router and the router information, apply an authentication algorithm to the image to provision the tool with the unique authentication certificate, authenticate the smart vehicle based on the image and authentication algorithm, pair the authenticated smart vehicle with the tool in the one-to-one pairing based on the unique authentication certificate and the router information, and automatically configure the tool on the smart mobile device to retrieve data associated with the authenticated smart vehicle.Type: GrantFiled: September 10, 2021Date of Patent: September 26, 2023Assignee: Thor Tech, Inc.Inventors: Ciprian R. Sandu, Jason T. Kriesel, McKay R. Featherstone, Edward Brady, Steven Hileman
-
Patent number: 11768699Abstract: Systems and methods are provided for managing dynamic controls over access to computer resources and, even more particularly, for evaluating and re-evaluating dynamic conditions and changes associated with user sessions. The systems and methods are configured to automatically make a determination as to whether new or additional authentication credentials are required for a user that is already authorized for accessing resources in a user session, in response to triggering events such as the identification of a new or changed condition associated with the user session.Type: GrantFiled: October 5, 2019Date of Patent: September 26, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Alexander Esibov, Itamar Azulay
-
Patent number: 11770250Abstract: The present invention relates a method for ensuring search completeness of searchable public key encryption, applicable to a blockchain network formed by a plurality of computer nodes. The method at least comprises: the blockchain network receiving a keyword ciphertext and a corresponding file-identifier ciphertext generated by a transmitting end based on the public key encryption, and at least one miner storing the ciphertexts in a ciphertext table; the blockchain network receiving a search trapdoor Tw transmitted by a receiving end, generated according to a private key and a keyword w to be searched; the at least one miner in the blockchain network performing a secure search based on information of a state table and the search trapdoor Tw, and outputting a search result to the blockchain network; and the blockchain network feeding the search result back to the receiving end.Type: GrantFiled: August 2, 2021Date of Patent: September 26, 2023Assignee: HUAZHONG UNIVERSITY OF SCIENCE AND TECHNOLOGYInventors: Peng Xu, Tianyang Chen, Yubo Zheng, Hai Jin, Wei Wang
-
Patent number: 11757924Abstract: Risk assessment in an authentication service is performed where an authorization request is received from a third-party application. Risk assessment policies for the authorization request are determined based on a class of the third-party application. The risk assessment policies are applied to the authorization request to determine an action to be performed for the authorization request, such as sending an authorization message in response to the authorization request or taking a remedial action (e.g., suspending the application, limiting the available actions, or sending a notification to a trusted security application).Type: GrantFiled: October 12, 2022Date of Patent: September 12, 2023Assignee: eBay Inc.Inventors: Tatjana Vlahovic, Gail Anna Rahn Frederick
-
Patent number: 11750368Abstract: A method is disclosed. The method comprises receiving, from a communication device, a provisioning request message including a user device identifier and a cryptogram in a first message format, which is received from the user device by the communication device during a message exchange process between the user device and the communication device. The method also includes generating an authorization request message in a second message format, the authorization request message comprising the cryptogram, transmitting the authorization request message to an authorizing computer, and receiving an authorization response message from the authorizing computer. The method also includes providing access data to the communication device.Type: GrantFiled: March 3, 2022Date of Patent: September 5, 2023Assignee: Visa International Service AssociationInventors: Thomas Bellenger, Barbara Patterson
-
Patent number: 11741217Abstract: A computer-implemented method for generating multiple valid OTP (One Time Password) for a single identity using a shared logic, including using an OTP solution based on the shared logic generating and validating multiple valid OTPs that are capable of transferring additional info in a OTP validation process; changing the shared logic in a OTP client and/or in a OTP server dynamically if there is a logic overlapping in the shared logic in a moving factor value and in one or more rules addressed by a rules-based engine; and/or using the OTP solution for one or more distributed disconnected environments only if the shared logic, the moving factor value, and the one or more rules addressed by the rules-based engine are overlapping.Type: GrantFiled: November 9, 2022Date of Patent: August 29, 2023Assignee: TEN ROOT CYBER SECURITY LTD.Inventor: Dor Amit
-
Multiple simultaneous volume attachments for live migration between cloud regions and edge locations
Patent number: 11734038Abstract: This disclosure leverages multi-attach to block store volumes for more reliable live migration of virtualized resources. A block storage client of a virtualized resource operating on a source host in a first data center can be attached to a block storage volume stored on block storage hosts in the first data center. State data associated with the virtual machine can be transmitted from the source host to a target host, after which the virtual machine can run on the target host and operations of the virtualized resources may be ceased on the source host. Failure of the migration may require roll back to the source host. The source host may remain connected to the volume while the target host client connects to the volume, such that the volume may be accessed by the block storage client on the source host after rollback to provide uninterrupted operation of the virtual machine.Type: GrantFiled: November 21, 2019Date of Patent: August 22, 2023Assignee: Amazon Technologies, IncInventors: Oleksii Tsai, Nikolay Krasilnikov, Anton Valter, Alexey Gadalin -
Patent number: 11734424Abstract: Systems and methods of automatically controlling a user's data footprint are provided. Data associated with a user may be analyzed to determine an action the user is preparing to take. Based on the analysis, a potential risk associated with the action the user is preparing to take may be identified. The potential risk associated with the action the user is preparing to take may be, for example, a data security risk, a data privacy risk, a physical risk, a risk of damage to property, and/or a financial risk. A notification indicating the potential risk associated with the action the user is preparing to take may be provided to the user. The notification may include one or more suggestions for mitigating the potential risk associated with the action the user is preparing to take.Type: GrantFiled: December 7, 2022Date of Patent: August 22, 2023Assignee: BlueOwl, LLCInventors: Theobolt N. Leung, Micah Wind Russo
-
Patent number: 11722491Abstract: Cumulative risk-based scoring may be implemented for quorum controls. Requests for authorization of a proposed action may be received. Approvals from members of a quorum set authorized to approve the action may be received. Risk assessments of the members may be used to generate authorization scores. The combined authorization scores may be compared with a quorum authorization threshold to determine whether the proposed action is authorized or denied.Type: GrantFiled: June 30, 2020Date of Patent: August 8, 2023Assignee: Amazon Technologies, Inc.Inventors: Kazi Naim Al-Rashid, Dean H Saxe
-
Patent number: 11722502Abstract: Disclosed herein are systems and methods executing a security server that perform various processes using alert elements containing various data fields indicating threats of fraud or attempts to penetrate an enterprise network. Using alert elements, the security server generate integrated alerts that are associated with customers of the system and assign a risk score for the integrated alerts, which the security server uses to store and sort the integrated alerts according to a priority, based on the relative risk scores. Analyst computers may query and fetch integrated alerts from an integrate alert database, and then present the integrate alerts to be addressed by an analyst according to the priority level of the respective integrated alerts. This allows to ensure that the right customer, is worked by the right analyst, at the right time, to maximize fraud prevention and minimize customer impact.Type: GrantFiled: April 8, 2021Date of Patent: August 8, 2023Assignee: United Services Automobile Association (USAA)Inventors: Jansey Comeaux, Michael Scott McQuarrie, Gregory Sansone, Veronica Santiago
-
Patent number: 11716328Abstract: A method is disclosed. The method includes constructing a table by encrypting a plurality of unencrypted match values using a public key to produce a plurality of encrypted match values. Each unencrypted match value being an indication of a degree of match between an input biometric template and an enrollment template. The method includes arranging each row so that each row has a match value and a corresponding encrypted match value. The method also includes storing, in a database, the table comprising the plurality of encrypted match values and the plurality of unencrypted match values. The server computer can be programmed to receive an encrypted biometric template and the table is used to determine a match value using the encrypted biometric template, and the match value is used to determine if a person is enrolling a biometric template associated with the encrypted biometric template more than once.Type: GrantFiled: March 5, 2021Date of Patent: August 1, 2023Assignee: Visa International Service AssociationInventors: Kim Wagner, Sunpreet Singh Arora, Lacey Best-Rowden
-
Patent number: 11711357Abstract: Various embodiments of the present application set forth a computer-implemented method that includes receiving, by a first service operating within a computing system, a modified identity data object from a second service operating within the computing system, where the modified identity data object includes at least one identifier associated with a client of the computing system determining, by the first service, that the second service performed a first action on an identity data object to generate the modified identity data object, and validating the modified identity data object based on whether the second service is authorized to perform the first action.Type: GrantFiled: August 16, 2019Date of Patent: July 25, 2023Assignee: NETFLIX, INC.Inventors: Travis Nelson, Justin Ryan, Sunny Singh
-
Patent number: 11706304Abstract: A system for presenting a clinical process of a patient in a clinical facility having a network, a system backend communicable with the network, and at least one mobile device communicable with the system backend, the mobile device comprising a mobile processor and a display, the mobile processor configured to operate in at least one first user interface mode and at least one second user interface mode, where the mobile processor is configured to enable the operation of at least one built-in function when operating in the at least one first user interface mode and where the mobile processor is configured to disable the operation of the at least one built-in function when operating in the at least one second user interface mode.Type: GrantFiled: January 15, 2021Date of Patent: July 18, 2023Assignee: MOBILE HEARTBEAT, LLCInventors: Michael Vincent George Iwanek, Sajikumar Aravind
-
Patent number: 11683295Abstract: Certain aspects of the present disclosure provide techniques for entering user credentials through a proxy. One example method generally includes receiving, at a user device, a push request for user data from a cloud server and receiving a request file from an aggregation system. The method further includes injecting user credentials stored on the user device into the request file, wherein when injected the user credentials replace at least one dummy entry of the request file, and transmitting the request file to a data source associated with the request file. The method further includes receiving user data from the data source and transmitting the user data to the aggregation system.Type: GrantFiled: April 27, 2020Date of Patent: June 20, 2023Assignee: INTUIT, INC.Inventors: Muniyaraj Samayavel, Prashant Asthana
-
Patent number: 11671264Abstract: Techniques for validating digital certificate information before signing are described. A method of validating digital certificate information before signing may include generating a to-be-signed (TBS) certificate, providing the TBS certificate to a certificate pre-issuance validation service to perform one or more validations on the TBS certificate, and receiving a request to issue a signed certificate based on the TBS certificate following validation of the TBS certificate by the certificate pre-issuance validation service.Type: GrantFiled: September 18, 2020Date of Patent: June 6, 2023Assignee: Amazon Technologies, Inc.Inventors: Todd Cignetti, Trevoli Ponds-White, Michael S. Slaughter, Param Sharma, Kyle Benjamin Schultheiss, Chris Stoner
-
Patent number: 11663314Abstract: An embodiment device comprises a first processing unit configured to process an initial data line and deliver a first processed data line, a first delay unit coupled to the output of the first processing unit and configured to deliver a delayed first processed data line delayed by a first delay, a second delay unit configured to deliver the delayed initial data line delayed by a second delay, a second processing unit coupled to the output of the second delay unit and configured to process the delayed initial data line and deliver a delayed second processed data line, and a comparison unit configured to compare the contents of the delayed first and second processed data lines and deliver a non-authentication signal if the contents are not identical, the first and second delays being equal to a variable value.Type: GrantFiled: October 15, 2020Date of Patent: May 30, 2023Assignee: STMicroelectronics (Rousset) SASInventor: Olivier Giaume
-
Patent number: 11658822Abstract: Example methods and system for providing content are disclosed. One or more cryptographic keys may be generated. At least a portion of the one or more cryptographic keys may be used to generate a token associated with a user interface service. The token may indicate a valid origin domain. The token may be provided to a user device, which may use the token to request content from a content service. The content service may authorize the request based on a comparison of the valid origin domain and an origin identifier associated with the request.Type: GrantFiled: February 19, 2020Date of Patent: May 23, 2023Assignee: Twitch Interactive, Inc.Inventors: Ross Engers, Kai Hayashi
-
Patent number: 11652810Abstract: A method including encrypting, by a processor associated with a user device, authentication information associated with authenticating the user device with a service provider, the authentication information including first factor authentication information for determining a first factor and second factor authentication information for determining a second factor; detecting, by the processor, an attempt to access a service to be provided by the service provider; determining, by the processor based at least in part on detecting the attempt, the first factor based at least in part on decrypting the first factor authentication information and the second factor based at least in part on decrypting the second factor authentication information; and enabling, by the processor, authentication of the user device with the service provider based at least in part on utilizing the first factor and the second factor. Various other aspects are contemplated.Type: GrantFiled: May 23, 2022Date of Patent: May 16, 2023Assignee: UAB 360 ITInventor: Mindaugas Valkaitis
-
Patent number: 11646898Abstract: Techniques are disclosed to provide enforceable pseudonymous reputation through chained endorsers. In various embodiments, a request associated with a chained endorsement operation is received via a communication interface. A client identity information is extracted from the request. Data comprising or associated with the client identity information is combined with a secret value. A one-way transform of the combined value is performed. A result of the one-way transform is returned to a client with which the chained endorsement operation is associated.Type: GrantFiled: September 22, 2022Date of Patent: May 9, 2023Assignee: Digital Trust Networks Inc.Inventors: Mark Chen, Jason S. Burnett
-
Patent number: 11646878Abstract: Aspects include encrypting data based at least in part on a session key to generate encrypted data. The session key is encrypted based at least in part on a sender key to generate an encrypted session key. A request for an encrypted sender key index is transmitted to the key management system (KMS), the request includes an index of the sender key and an index of each of one or more additional keys. The encrypted sender key index is received from the KMS. An object that includes the encrypted data, the encrypted session key, the index of each of the one or more additional keys, and the encrypted sender key index is generated. Access to the data via the object is controlled based at least in part on whether a receiver has access to the sender key and to the one or more additional keys.Type: GrantFiled: July 10, 2020Date of Patent: May 9, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: Anthony Thomas Sofia
-
Patent number: 11641286Abstract: A method is disclosed. A node in a plurality of nodes can perform an identity set generation process. The node can then determine a leader node. The node may diffuse an identity set from each node of the plurality of nodes to the plurality of nodes. The node can then determine a majority set including identities occurring in at least one half of the identity sets, wherein the leader node diffuses the majority set of the leader node to the plurality of nodes. The node can verify the majority set of the leader node. The node may then update the identity set based on the majority set of the leader node.Type: GrantFiled: July 19, 2021Date of Patent: May 2, 2023Assignee: Visa International Service AssociationInventors: Mahdi Zamani, Abhinav Aggarwal