Central Trusted Authority Provides Computer Authentication Patents (Class 713/155)
  • Patent number: 12106274
    Abstract: A method of secure automated communication comprises communicating by a computer with a cloud computing service having an address in a first Internet domain, the communicating performed during a first electronic commerce session using an electronic commerce web page rendered by a browser executing on the computer; communicating by the computer with a transaction server having an address in the first Internet domain via a virtual private network (VPN), the communicating performed during the first electronic commerce session using the electronic commerce web page rendered by the browser; determining when the browser is accessing a product information portion of the electronic commerce web page during the first electronic commerce session; determining when the browser is providing confidential information to the electronic commerce web page during the first electronic commerce session; and directing the confidential information to the transaction server via the virtual private network during the first electronic
    Type: Grant
    Filed: April 3, 2012
    Date of Patent: October 1, 2024
    Assignee: Blackhawk Engagement Solutions (DE), Inc.
    Inventors: Gautham K. Kudva, Benjamin Franklin Clay, Jessica Samantha Piikklia, Robert O. Morrow, Dennis Raae Mercer, Jr., Junli Yuan, Victor Alexeenko, Anthony Glenn Aylor, Mark Louis Gerard, Robert Parker Freeburg, II, Michael David Reynolds
  • Patent number: 12108249
    Abstract: A communication device that communicates with an external device performs authentication by exchanging information for authentication processing with the external device. In a case where the communication device detects a request to share unique information that is used to provide a communication parameter during the authentication processing, the communication device shares the unique information with the external device after authentication has been successfully completed.
    Type: Grant
    Filed: January 15, 2020
    Date of Patent: October 1, 2024
    Assignee: Canon Kabushiki Kaisha
    Inventor: Atsushi Minakawa
  • Patent number: 12107856
    Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that securely track, manage, and provision elements of interaction data within a computing environment in accordance with encrypted permissioning data recorded onto a permissioned distributed ledger. For example, an apparatus may obtain query data that includes an identifier of a computing system and a query term, and access one or more ledger blocks of a permissioned distributed ledger that include encrypted permissioning data and interaction data. The apparatus may decrypt the encrypted permissioning data using a master cryptographic key of a centralized authority.
    Type: Grant
    Filed: June 29, 2022
    Date of Patent: October 1, 2024
    Assignee: The Toronto-Dominion Bank
    Inventors: John Michael Collinson, Christopher William Cooney, Russell Voutour, Marie-Julie Demers, Arun Victor Jagga
  • Patent number: 12086694
    Abstract: A software based application for assessing, processing, and remediating cyber-risk in real time may comprise, without limitation, a profiling component, an analytic component, an evaluation component, a documentation component, an implementation component, a validation component, and a monitoring component which may, in conjunction therewith, operate to allow an organization to adaptively adjust an organization's network security to continuously improve and mature same. Such components may operate to: (1) determine an organization's operational baseline; (2) identify risks and hazards inherent therein; (3) generate, and verify the efficacy of, remedial controls to such risks and hazards; (4) document and audit such determinations; and (5) continually monitor the organization's network security.
    Type: Grant
    Filed: June 10, 2020
    Date of Patent: September 10, 2024
    Assignee: Conquest Technology Services Corp.
    Inventors: Jeffrey J. Engle, Thomas R. Neclerio, Ariel Posada
  • Patent number: 12088738
    Abstract: Techniques are described for enabling users of a certificate management service to create certificate issuance policies that can be applied to certificate issuance requests across both public and private certificate authorities (CAs) and other certificate-related services. According to embodiments described herein, a certificate issuance policy includes one or more certificate issuance rules to be applied to requests associated with one or more specified user accounts or roles for certificate-related resources (e.g., public certificates, private certificates, etc.). The application of a certificate issuance rule can be conditioned on a particular request context (e.g., based on a user account or role associated with a request, a type of certificate requested, a subject name identified in the request, etc.) and can specify a wide range of actions to be performed on requests matching a rule (e.g., allowing or denying a request, modifying one or more parameters of the request, etc.).
    Type: Grant
    Filed: December 3, 2021
    Date of Patent: September 10, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Josh Rosenthol, Param Sharma, Kyle Benjamin Schultheiss, Marcel Andrew Levy, Todd Cignetti
  • Patent number: 12081660
    Abstract: The present disclosure provides for a system ensuring the integrity of received data. The system includes a processor, a trusted platform module, and a memory storing instructions. Upon a request from the processor, the trusted platform module generates an asymmetric key pair including a private key and a public key. The trusted platform module provides the public key and an encrypted private key to the processor. The processor generates a checksum of received content data and sends the checksum to the trusted platform module. The processor also loads the encrypted private key into the trusted platform module. The trusted platform module decrypts the encrypted private key, encrypts the checksum with the private key, and provides the encrypted checksum to the processor. The processor sends the content data together with the encrypted checksum to an external device. The external device may decrypt the encrypted checksum with the public key.
    Type: Grant
    Filed: May 26, 2023
    Date of Patent: September 3, 2024
    Assignee: Red Hat, Inc.
    Inventors: Francisco Javier Martinez Canillas, Alberto Carlos Ruiz Ruiz
  • Patent number: 12074880
    Abstract: A permissions management system is disclosed for enabling a user to securely authorize access to user accounts and/or securely authorize execution of transactions related to user accounts via one or more application programming interfaces (“APIs”) and/or one or more authorization mechanisms.
    Type: Grant
    Filed: March 25, 2022
    Date of Patent: August 27, 2024
    Assignee: Plaid Inc.
    Inventors: Jason Pate, Paolo Bernasconi, Jan Dudek, Riley Avron, Maxwell Johnson, Sattvik Kansal, William Hockey, Alexis Hidebrandt
  • Patent number: 12074982
    Abstract: Methods, systems, and computer-readable storage media for authorizing execution of processes that access cached data of an application running in a virtualized cloud environment. A first composite encrypted value comprising a first encrypted secret and a first secure hash value of a first secret is retrieved at a first virtual machine. The first encrypted secret is decrypted using a cryptographic key to determine a second secret to be used for initiating a first process (p?) on the first virtual machine. A second secure hash value of the second secret is generated. The second secure hash value is compared with the first secure hash value to determine whether to authorize execution of the first process on the first virtual machine using the first secret. In response to determining that the second secure hash value and the first secure hash value match, the first process is initiated at the first virtual machine.
    Type: Grant
    Filed: March 16, 2022
    Date of Patent: August 27, 2024
    Assignee: SAP SE
    Inventors: Tobias Dyrba, Steffen Koenig, Tsonyo Lazkov Yonchev
  • Patent number: 12072990
    Abstract: A process includes a first tenant of a plurality of tenants communicating with a security processor of a computer platform, via a first physical request interface of the security processor, to acquire ownership of a first command execution engine of the security processor associated with the first physical request interface. The process includes a second tenant of the plurality of tenants communicating with the security processor, via a second physical request interface of the security processor, to acquire ownership of a second command execution engine of the security processor associated with the second physical request interface. The process includes the security processor receiving a first request from the first tenant in the first physical interface, and the second processor receiving a second request from the second tenant in the second physical request interface.
    Type: Grant
    Filed: October 22, 2021
    Date of Patent: August 27, 2024
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Ludovic Emmanuel Paul Noel Jacquin, Nigel J. Edwards, Thomas M. Laffey, Shiva R. Dasari
  • Patent number: 12063312
    Abstract: According to an example aspect of the present invention, there is provided an apparatus configured at least to determine whether a cryptographic signature of a token received in the apparatus from a network function consumer is valid, obtain a cryptographic signature of the apparatus of the token responsive to the cryptographic signature of the token being valid, and provide the token to a peer entity of the apparatus, wherein the cryptographic signature of the apparatus is either included into the token or provided in a header external to the token, wherein the peer entity is comprised in a second network, different from a first network where the apparatus is comprised in. The request may serve a user equipment, directly or indirectly.
    Type: Grant
    Filed: November 10, 2021
    Date of Patent: August 13, 2024
    Assignee: Nokia Technologies Oy
    Inventors: Chaitanya Aggarwal, Saurabh Khare, Anja Jerichow, Jani Ekman
  • Patent number: 12058251
    Abstract: The techniques described herein relate to a system including a simulator for instantiating a simulated device associated with a device public key and at least one generated device public key and generated device certificate. The system includes a server configured to receive the device public key, generate a server unique device secret (UDS) using the device public key and a server private key, generate at least one generated server key using the server UDS, generate at least one generated server certificate using the at least one generated server key, receive the at least one generated device key and at least one generated device certificate, and validate the at least one generated device key and generated device certificate by comparing the at least one generated device key and generated device certificate to the at least one generated server key and generated server certificate, respectively.
    Type: Grant
    Filed: February 10, 2022
    Date of Patent: August 6, 2024
    Assignee: Micron Technology, Inc.
    Inventor: Zhan Liu
  • Patent number: 12039316
    Abstract: Systems and methods are disclosed for providing a secure and assured method for updating software of a cyber-physical system (CPS) device, maintaining a CPS device, diagnosing a CPS device, and transferring of CPS data. The method may include authenticating a moment a secure maintenance device (SMD) is connected to a first device before a software-based communication is established, establishing a secure communication channel between the SMD and the first device, authenticating a user of the first device and determining access rights of the user using an identity of the first device; transmitting digitally signed updates from the SMD to the first device; receiving, at the SMD, digitally signed first data from the first device, performing diagnostic and maintenance functions at the first device, and exporting data from the first device to the SMD for mobile transfer to another platform.
    Type: Grant
    Filed: April 23, 2021
    Date of Patent: July 16, 2024
    Assignee: HONEYWELL INTERNATIONAL INC.
    Inventor: Ly Vessels
  • Patent number: 12032679
    Abstract: In a method for software attestation, an enclave including an operating system (OS) library is initialized in a trusted execution environment, wherein software attestation is performed to verify an identity of the enclave, wherein an application is executed inside the enclave using the OS library, and wherein performing the software attestation includes attestation of a content of a disk image associated with the application.
    Type: Grant
    Filed: January 7, 2022
    Date of Patent: July 9, 2024
    Assignee: HUAWEI CLOUD COMPUTING TECHNOLOGIES CO., LTD.
    Inventors: Dan Touitou, Avigail Oron, Naor Shlomo, Ayal Baron
  • Patent number: 12022001
    Abstract: A method and apparatus provides debug information and employs a central debug service in a management environment that issues, to a client debug agent in a client environment, a cryptographically secure signed request for access to debug information that is generated by code executing in the client environment. The request is signed using a private key of a public/private key pair associated with the central debug service. The central debug service receives from the client debug agent, a request that requests the public key of public/private key pair associated with the central debug service and provides the public key of the central debug service to the client debug agent, in response to the request, for verification of approval to access debug information in the client environment. The central debug service receives the requested debug information from the client debug agent, in response to a successful signature verification by the client debug agent.
    Type: Grant
    Filed: June 10, 2021
    Date of Patent: June 25, 2024
    Assignee: Palantir Technologies Inc.
    Inventors: Tony Abboud, Spencer Lake, Bradley Moylan, Andrew Bradshaw, Maximilian Najork
  • Patent number: 12021860
    Abstract: Systems and methods for multi-stage, identity-based, digital authentication are provided. Methods include a first and a second stage of authentication. The first stage may include a user profile submitting a first request to access a first digital application; the computing device receiving, as input, one or more authenticating factors; the computing device transmitting, to a central server, the one or more authenticating factors; the central server processing and authenticating the user profile to the first digital application.
    Type: Grant
    Filed: May 23, 2022
    Date of Patent: June 25, 2024
    Assignee: Bank of America Corporation
    Inventors: Trish Gillis, Taylor Farris
  • Patent number: 12010394
    Abstract: Techniques for a trusted system for secure content distribution and trusted recording of content consumption are described. In some embodiments, the trusted system transcodes and transcrypts a media content item using a key obtained from a content provider and one or more keys based on an entitlement from a service provider to generate an encrypted media content item. The trusted system further receives a request to provide the media content item to a client device. The trusted system also obtains a signed audit token recording the request upon an authorization by the service provider based on the entitlement and a confirmation by the content provider, where the signed audit token is signed by the content provider and the service provider. The trusted system additionally provides the one or more keys for decrypting the encrypted media content item and reports the signed audit token.
    Type: Grant
    Filed: November 10, 2021
    Date of Patent: June 11, 2024
    Assignee: Synamedia Limited
    Inventors: Dan Ariel Elbert, Vadim Kharitonsky, Anatoly Seldin, Zorach Reuven Wachtfogel, Ian John Bastable, Gareth John Bowen, Peter Gibbs, Moshe Elad, Max Sorkin
  • Patent number: 11991287
    Abstract: A method for a user to access resources within a secure network without inputting a username or password is presented and claimed where the method comprises inputting, by the user, login credentials into an authentication service and obtaining from the authentication service at least one secret code; inputting the at least one secret code into an OTCP to initialize the OTCP; generating within the OTCP a one-time code (OTC) utilizing the at least one secret code but not including the user's login credentials or username; supplying, by the user, the OTC to a secure web portal wherein the secure web portal confirms authenticity of the OTC with the authentication service; and the secure web portal supplying access to the user of the secure web portal resources upon receipt of authentication of the user.
    Type: Grant
    Filed: May 24, 2022
    Date of Patent: May 21, 2024
    Inventors: Guido Pellizzer, Federico Simonetti
  • Patent number: 11979743
    Abstract: One or more devices may include a credentials server. The credentials server may be configured to: receive primary Standalone Non-Public Network (SNPN) credentials for a User Equipment device (UE) and SNPN information. The primary SNPN credentials and the SNPN information are associated with the UE and an SNPN. The devices may be configured to generate temporary SNPN credentials based on the primary SNPN credentials and the SNPNN information. The devices may forward the temporary SNPN credentials to the SNPN.
    Type: Grant
    Filed: June 16, 2021
    Date of Patent: May 7, 2024
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Vinod Kumar Choyi, Samita Chakrabarti
  • Patent number: 11977760
    Abstract: Securely loading digital blocks into memory for consumption by a processor. A method includes, at a memory protection shim, receiving a digital block and a manifest for the digital block. The manifest includes a transformation key for the digital block. The transformation key is configured to be used for at least one of validating the digital block or decrypting the digital block. The manifest is encrypted. The method further includes decrypting the manifest to obtain the transformation keys. The method further includes using the transformation keys to perform at least one of validating or decrypting the digital block. The method further includes retransforming the digital block using a memory protection shim ephemeral key to perform at least one of creating an authentication tag or encrypting the digital block. The method further includes storing the retransformed digital block in memory.
    Type: Grant
    Filed: September 8, 2023
    Date of Patent: May 7, 2024
    Assignee: IDAHO SCIENTIFIC LLC
    Inventors: Andrew James Weiler, Nathan Charles Chrisman, Claude Harmon Garrett, V, Dale Weston Reese, Matthew Ryan Waltz, Jay Takeji Hirata
  • Patent number: 11977635
    Abstract: A system is provided for protecting a computer system and/or control system against manipulation and functional anomalies. The system includes a monitoring module, which has at least a first interface, a second interface, and at least one memory. The system is configured to receive information characterizing the system state of the computer system and/or control system via the first interface, receive an encrypted request for system state via the second interface and decrypt it using a request key stored in the memory, and generate a response to the request from at least a portion of the information received via the first interface. The system is also configured to encrypt the response with a response key determined using the request and output it via the second interface, determine a new request key which is a shared secret also accessible to the sender of the request, and store this new request key in the memory.
    Type: Grant
    Filed: May 21, 2021
    Date of Patent: May 7, 2024
    Assignee: Basler Aktiengesellschaft
    Inventors: Sebastian Adank, Timm Von Der Mehden, Jens Dekarz
  • Patent number: 11968227
    Abstract: A system and methods for mitigating Kerberos ticket attacks within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.
    Type: Grant
    Filed: October 18, 2023
    Date of Patent: April 23, 2024
    Assignee: QOMPLX LLC
    Inventors: Jason Crabtree, Andrew Sellers
  • Patent number: 11966886
    Abstract: The invention relates to creating a secure, decentralized, cloud-based network or physical/virtual infrastructure that enables the payments industry to redefine payment processing and information sharing. The innovative network addresses key pain points by reducing payment delays and touch points, realizing faster and comprehensive payment tracking, real-time sanctions, AML and fraud management tools.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: April 23, 2024
    Assignee: JPMORGAN CHASE BANK, N.A.
    Inventors: John Corwin Hunter, Palka S. Patel, Luciane Sant'Anna, Leticia Pui Sze Lim, Tiffany Ashley Wan, Elizabeth Polanco Aquino, Samer Falah, Sudhir Upadhyay, Tulasi Movva, Suresh Shetty
  • Patent number: 11947658
    Abstract: Some embodiments are directed to a password generation device that includes an input unit arranged to receive, from a user device, a computer address for accessing a computer resource, a user identifier indicating a user of the user device, a user password, and a password unit arranged to determine a first combined identifier from a base address system-identifier, a user system-identifier, and the user password. Moreover, the password generation device may be configured for password verification and/or validation.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: April 2, 2024
    Assignee: MINDYOURPASS HOLDING B.V.
    Inventor: Merijn De Jonge
  • Patent number: 11921860
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for rollback resistant security are disclosed. In one aspect, a method, during a boot process of a computing device, includes the actions of obtaining a secret key derived from device-specific information for the computing device. The method further includes verifying that a signature for a software module is valid. The method further includes obtaining information indicating a current version of the software module. The method further includes using the secret key to generate a first encryption key corresponding to the current version of the software module and a second encryption key corresponding to a prior version of the software module. The method further includes preventing future access to the secret key until the computing device is rebooted. The method further includes providing the software module access to the first encryption key and the second encryption key.
    Type: Grant
    Filed: February 2, 2023
    Date of Patent: March 5, 2024
    Assignee: Google LLC
    Inventor: Paul Dermot Crowley
  • Patent number: 11924353
    Abstract: A system includes a control computer that is programmed to perform an authentication based on an encryption key, upon being connected to a vehicle communication network. The computer is programmed to control vehicle operation including at least one of propulsion, braking, and steering, upon authentication by a vehicle computer that is physically attached to the communication network.
    Type: Grant
    Filed: January 25, 2017
    Date of Patent: March 5, 2024
    Assignee: Ford Global Technologies, LLC
    Inventors: Michael Talamonti, Walter Joseph Talamonti
  • Patent number: 11917097
    Abstract: Methods and systems described in this disclosure allow customers to quickly be authenticated. In some embodiments, a device and a user verifier are associated with a user profile. When a call is received from the device, the user may be requested to input the user verifier. After verifying that the device is unique to the user and that the user verifier matches the user verifier associated with the user profile, the user may be authenticated to the call or activity.
    Type: Grant
    Filed: November 1, 2021
    Date of Patent: February 27, 2024
    Assignee: United Services Automobile Association (USAA)
    Inventors: Patricio H. Garcia, Amanda Jean Segovia, Hector J. Castillo, Susan Cass Mason, Robert Craig Korom
  • Patent number: 11917054
    Abstract: Embodiments of this application disclose a network key processing system, including user equipment, a security anchor network element, and an access and mobility management network element, where the security anchor network element is configured to: obtain a first key parameter from a slice selection network element, where the first key parameter includes identifier information of N network slices; generate N slice-dedicated keys based on the first key parameter; and send the N slice-dedicated keys to the corresponding N network slices respectively; the access and mobility management network element is configured to: obtain the first key parameter, and send the first key parameter to the user equipment; and the user equipment is configured to: generate the N slice-dedicated keys for the N network slices based on the first key parameter, and access the N network slices based on the generated N slice-dedicated keys.
    Type: Grant
    Filed: August 11, 2022
    Date of Patent: February 27, 2024
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Zhongding Lei, Lichun Li, Bo Zhang, Fei Liu, Haiguang Wang, Xin Kang
  • Patent number: 11909735
    Abstract: Techniques are provided for multi-cloud authentication of data requests. One method comprises obtaining, by a first authentication entity of a first cloud environment, from a service on the first cloud environment, a request for data stored by a second cloud environment; determining a signature for the service; verifying the determined signature for the service by requesting a signature for the service registered with a second authentication entity of the second cloud environment; requesting the data from the second authentication entity of the second cloud environment in response to the determined signature being verified; and providing the requested data to the service. The requested data from the second cloud environment may be encrypted with an encryption key, and the method may further comprise decrypting the requested data with a decryption key obtained from the second cloud environment. The signature for the service may be registered as part of a deployment of the service.
    Type: Grant
    Filed: November 13, 2020
    Date of Patent: February 20, 2024
    Assignee: EMC IP Holding Company LLC
    Inventors: Tomer Shachar, Yevgeni Gehtman, Maxim Balin
  • Patent number: 11895097
    Abstract: A method including configuring, by an infrastructure device, a user device to encrypt authentication information associated with authenticating the user device with a service provider, the authentication information including first factor authentication information for determining a first factor and second factor authentication information for determining a second factor; configuring, by the infrastructure device, the user device to detect an attempt to access a service to be provided by the service provider; configuring, by the infrastructure device, the user device to determine, based on detecting the attempt, the first factor based on decrypting the first factor authentication information and the second factor based on decrypting the second factor authentication information; and configuring, by the infrastructure device, the user device to enable authentication of the user device with the service provider based on utilizing the first factor and the second factor. Various other aspects are contemplated.
    Type: Grant
    Filed: May 23, 2022
    Date of Patent: February 6, 2024
    Assignee: UAB 360 IT
    Inventor: Mindaugas Valkaitis
  • Patent number: 11886384
    Abstract: The techniques disclosed herein enable systems to centralize access to various digital items irrespective of the location of those digital items. To achieve this, items that are stored at their original location, e.g., within a cloud storage platform, can be selected by a user for storage at a centralized location such as a favorites section. These items are selected using an interface control which can be an operating system component of an item keeping system that is accessible in any context or application. The item keeping system can generate an item alias for selected items which is then stored in the centralized location. In addition, item aliases can be moved to various destinations by the user to enable customized item storage for items of varying types, origin, and location. In addition, functionality of the interface control can be modified to suite selected items.
    Type: Grant
    Filed: April 1, 2022
    Date of Patent: January 30, 2024
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Carlos German Perez, Todd S. Behrbaum, Wendy Lu, Matthew F. Gray, Daniela Dimitrova, Helen Anderson, Olga K. Dalecka, Jokko Juhana Korhonen
  • Patent number: 11887118
    Abstract: Embodiments of the present invention provide a method, program, and apparatus that may identify a device by using a virtual code generated based on a unique value of a chip inside a device without a separate procedure for identifying the device. Furthermore, embodiments of the present invention provide a method, program, and apparatus that may generate a virtual code, which is not matched with any other code, whenever a code for identifying a device is requested. Moreover, embodiments of the present invention provide a method, program, and apparatus for identifying a device that may add and use only an algorithm without changing a conventional process.
    Type: Grant
    Filed: June 2, 2022
    Date of Patent: January 30, 2024
    Assignee: SSenStone Inc.
    Inventor: Chang Hun Yoo
  • Patent number: 11888994
    Abstract: Described are automated systems and methods for providing a template design for a public-key infrastructure (PKI) system. For example, certain infrastructure information and stored PKI information can be processed to determine a PKI template, which can specify the configuration for a proposed PKI hierarchy. A configurable representation of the proposed PKI hierarchy can be generated and presented to the user, which can facilitate review, modification, and further customization of the proposed PKI hierarchy. Aspects of the present disclosure can also determine costs associated with the proposed PKI hierarchy, and can create and deploy the proposed PKI hierarchy.
    Type: Grant
    Filed: June 30, 2021
    Date of Patent: January 30, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Param Sharma, Josh Rosenthol, Todd Cignetti, Jonathan Kozolchyk
  • Patent number: 11882447
    Abstract: The invention relates to a computer-implemented method for connecting a network component to a network, in particular a mobile communications network, with an extended network access identifier. The method involves a receiving of the extended network access identifier from the network component via a network access server, wherein the extended network access identifier comprises at least one network access restriction for connecting the network component to the network. The method also involves a receiving of a requested user access profile from a user profile server via the network access server, wherein the user access profile comprises access authorisations for connecting the network component to the network. The network component is authenticated in the network via the network access server, if the received extended network access identifier fulfills thre access authorisations of the received user access profile.
    Type: Grant
    Filed: August 2, 2019
    Date of Patent: January 23, 2024
    Assignee: Siemens Aktiengesellschaft
    Inventor: Rainer Falk
  • Patent number: 11870779
    Abstract: The present disclosure includes apparatuses, methods, and systems for validating an electronic control unit of a vehicle. An embodiment includes a memory, and circuitry configured to generate a run-time cryptographic hash based on an identification (ID) number of an electronic control unit of a vehicle and compare the run-time cryptographic hash with a cryptographic hash stored in a portion of the memory.
    Type: Grant
    Filed: May 6, 2022
    Date of Patent: January 9, 2024
    Assignee: Micron Technology, Inc.
    Inventors: Antonino Mondello, Alberto Troia
  • Patent number: 11868997
    Abstract: A payment system implemented on a mobile device authenticates transactions made via the mobile device. The mobile device generates a public-private key pair and receives an authenticating input from a user of the device. The public key is sent to a secure payment system, and the authenticating input is used to generate a symmetric key that encrypts the private key. After a transaction is initiated, the mobile device receives an authenticating input from the user. The symmetric key is generated from the authenticating input and the mobile device attempts to decrypt the private key from the encrypted private key using the symmetric key generated by the user's input. The decrypted key is used to sign a transaction authorization message which is sent to the secure payment system, along with payment information, which can verify the signed message via the public key. Additional techniques related to secure payments are also disclosed.
    Type: Grant
    Filed: November 11, 2020
    Date of Patent: January 9, 2024
    Assignee: Minkasu, Inc
    Inventors: Subramanian Lakshmanan, Anbarasan P. Gounder, Naveen Doraiswamy
  • Patent number: 11863310
    Abstract: A system for aggregating a user's web browsing data which may include cookies placed on a user's computing device from various websites. The system receives authorization from a user to retrieve cookie and other data associated with the user. The system then accesses cookie data and personal data associated with the user. In some embodiments, the aggregation system communicates with websites that placed the cookie data on the user's computer to determine one or more characteristics of the user based on the cookie data (which may be understandable only by the placing website). The system may then provide the user's aggregated data or a portion thereof to requesting entities. The user may have access to a user interface which provides information about the user's aggregated data and allows the user to determine how much information to share with requesting entities.
    Type: Grant
    Filed: April 13, 2021
    Date of Patent: January 2, 2024
    Assignee: ConsumerInfo.com, Inc.
    Inventors: Mark Joseph Kapczynski, Michael John Dean
  • Patent number: 11863529
    Abstract: A method for use with a public cloud network is disclosed. The method includes setting up at least one virtual machine, at least one private cloud call-back server (PCCBS) and at least one smart device client on the side of the PCCBS to provide cloud based web services, and at least one private cloud routing server (PCRS) and at least one smart device client on the side of the PCRS in a client server relationship. The virtual machine and PCCBS usually reside in a hyperscale data center, while the PCRS resides in the client's remote premises. An internet platform owner that maintains the virtual machine, offers to a subscriber to host the PCCBS in the virtual machine, constructs and deploys a community pair of peer-to-peer communication relationship between at least one PCCBS Device Client and a PCRS Device Client.
    Type: Grant
    Filed: April 13, 2021
    Date of Patent: January 2, 2024
    Assignee: Kingston Digital, Inc.
    Inventor: Ben Wei Chen
  • Patent number: 11855972
    Abstract: The present disclosure relates to a computer-implemented method of processing a data transfer. The method comprises generating a first identifier for a first entity; linking the first identifier with a second identifier associated with a second entity; sending the first identifier and the second identifier to the first server; verifying the first entity based at least on the first identifier and the second identifier; sending a message to a second server, the message comprising at least the first identifier, the second identifier, and a name associated with the first identifier; and authenticating the data transfer for the first entity based at least on the information contained in the message.
    Type: Grant
    Filed: March 29, 2021
    Date of Patent: December 26, 2023
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventor: Manu Dharmaiah Kallugudde
  • Patent number: 11847253
    Abstract: The technology disclosed herein enables efficient launching of trusted execution environments. An example method can include: receiving, by a first computing device, a request from a second computing device to establish a set of trusted execution environments (TEEs) in the first computing device; establishing a first TEE of the set of TEEs in the first computing device, wherein the trusted execution environment comprises an encrypted memory area and executable code; receiving, by the first TEE, cryptographic key data from the first computing device; establishing, by the first TEE, a second TEE of the set of TEEs in the first computing device, wherein the second TEE comprises a copy of the executable code; providing, by the first TEE, the cryptographic key data to the second TEE; and causing the executable code of the second TEE to communicate with the first computing device using the cryptographic key data.
    Type: Grant
    Filed: November 30, 2020
    Date of Patent: December 19, 2023
    Assignee: Red Hat, Inc.
    Inventors: Michael Hingston McLaughlin Bursell, Michael Tsirkin, Nathaniel McCallum
  • Patent number: 11838348
    Abstract: A method of computation executed by a server is provided, wherein constraints on results of the computation from a group of client devices in a distributed system are used in a way that makes it unnecessary to identify the client devices. The constraints from each client device include limit amounts applicable to respective other client devices in the group in combination with the client device. The client devices each form doubly encrypted representations of the limit amounts and send messages with requests and its decryption key to the server. The server doubly decrypts the doubly encrypted representations of the limit amounts using the keys from the messages and determines which pairs of the messages include description keys that produce verified results. The server computes a solution that satisfies the requests from the messages, subject to the limit amounts from the verified results, applied in conjunction with the requests from said pairs of the messages.
    Type: Grant
    Filed: July 29, 2019
    Date of Patent: December 5, 2023
    Assignee: Synergy Solutions Group B.V.
    Inventor: Alexey Mileev
  • Patent number: 11831754
    Abstract: In some instances, a method for authenticating a user using key pair authentication is provided. The method comprises enrolling the user into key pair authentication by generating a private and public key pair for an authentication domain, accessing the content on the first domain based on enrolling the user into the key pair authentication with a key pair authentication server using the private and public key pair for the authentication domain, requesting access for different content on a second domain, based on enrolling the user into the key pair authentication for the first domain, redirecting a browser from the second domain to the authentication domain, and accessing the different content on the second domain based on performing the key pair authentication with the key pair authentication server using the private and public key pair for the authentication domain.
    Type: Grant
    Filed: April 21, 2021
    Date of Patent: November 28, 2023
    Assignee: Aetna Inc.
    Inventors: Abbie Barbir, Salil Kumar Jain, Cisa Kurian, John Poirier, Amy Ulrich, Erick Verry, Victoria Garstka, Abhishek Tennarangam
  • Patent number: 11818253
    Abstract: The present disclosure relates to a trustworthy data exchange. Embodiments include receiving, from a device, a query, wherein the query comprises a question. Embodiments include identifying particular information related to the query. Embodiments include receiving credentials from a user for retrieving the particular information related to the query. Embodiments include retrieving, using the credentials, the particular information related to the query from one or more data repositories that are part of a distributed database comprising an immutable data store that maintains a verifiable history of changes to information stored in the distributed database. Embodiments include determining, based on the particular information related to the query, an answer to the query. Embodiments include providing the answer to the device.
    Type: Grant
    Filed: February 6, 2023
    Date of Patent: November 14, 2023
    Assignee: INTUIT, INC.
    Inventors: Glenn C. Scott, Michael R. Gabriel, Parikshit Lingampally, Roger C. Meike, Ian Maya Panchevre
  • Patent number: 11818109
    Abstract: A method including encrypting, by a user device, a file based at least in part on utilizing a file symmetric key and a first encryption algorithm to determine a first-encrypted file; storing, by the user device, the first-encrypted file in a local memory; encrypting, by the user device, the file based at least in part on utilizing a synchronization key and a second encryption algorithm to determine a second-encrypted file, the second encryption algorithm being different from the first encryption algorithm; encrypting, by the user device, metadata associated with the file based at least in part on utilizing a metadata key to determine encrypted metadata; and transmitting, by the user device to a storage device, the second-encrypted file in association with the encrypted metadata is disclosed. Various other aspects are contemplated.
    Type: Grant
    Filed: August 19, 2022
    Date of Patent: November 14, 2023
    Assignee: UAB 360 IT
    Inventors: Konstantin Kolganov, Tomas Smalakys
  • Patent number: 11811929
    Abstract: Managing client access token requests is provided. It is determined whether a current time interval between a last allowed access token request matches a regular access token request interval for a client. In response to determining that the current time interval does match the regular access token request interval for the client, a current access token request is allowed. An access token is generated for the client to access a protected resource hosted by a resource server based on allowing the current access token request. The access token is issued to the client via a network.
    Type: Grant
    Filed: January 27, 2021
    Date of Patent: November 7, 2023
    Assignee: International Business Machines Corporation
    Inventors: Leo Michael Farrell, Holly Wright
  • Patent number: 11805134
    Abstract: A computer-implemented method is disclosed. The method includes: authenticating a user for login to a service for a first authenticated user session; in response to authenticating the user, generating a first data string associated with a first validity period; sending, to a client device associated with the user, the first data string; receiving, from the client device, a data access request to access a first data set at a remote data source, the data access request including the first data string; determining that the first authenticated user session has been terminated at a time of receiving the data access request; validating the first data string based on checking the first validity period; and in response to determining that the first authenticated user session has been terminated and that the first data string is valid, transmitting, to the client device, a data access response including at least a subset of the first data set.
    Type: Grant
    Filed: January 25, 2022
    Date of Patent: October 31, 2023
    Assignee: The Toronto-Dominion Bank
    Inventors: Denny Devasia Kuruvilla, Esli Gjini, Sarah Reeve, Matija Bosnjakovic, Guy Dagmara, Jaspal Singh Samra, Abhiney Natarajan, Haobin Li, Richard Yu, Md Abdur Razzak Chowdhury, Dani Kartikay, Ryan Wu, Andrey Petrov, Peter Horvath, Prashanth Dappula, Sivashanthan Sivapalan, Nolan Glynn-Udrow
  • Patent number: 11799666
    Abstract: A system for authenticating a requesting device using verified evaluators includes an authenticating device. The authenticating device is designed and configured to receive at least a first digitally signed assertion from a requesting device, the at least a first digitally signed assertion linked to at least a verification datum, evaluate at least a second digitally signed assertion, signed by at least a cryptographic evaluator, conferring a credential to the requesting device, validate the credential, as a function of the at least a second digitally signed assertion, and authenticate the requesting device based on the credential.
    Type: Grant
    Filed: January 3, 2022
    Date of Patent: October 24, 2023
    Assignee: Ares Technologies, Inc.
    Inventors: Christian T. Wentz, Ilia Lebedev
  • Patent number: 11792462
    Abstract: Apparatus and methods to manage recording of streaming packetized content (such as for example live IP packetized content) for access, retrieval and delivering thereof to one or more users. In one embodiment, the foregoing is accomplished via communication between a recording manager and a receiver/decoder device. The recording manager manages and schedules recording of content on behalf of the receiver/decoder device (and/or mobile devices) disposed at a user's premises. The recording manager runs one or more computer programs designed to receive requests to record packetized content from one or more consumer devices, and use metadata contained within the requests to cause a cloud storage entity or premises storage device to record the content at its scheduled date/time (either via the receiver/decoder device itself, or another network entity).
    Type: Grant
    Filed: October 4, 2021
    Date of Patent: October 17, 2023
    Assignee: TIME WARNER CABLE ENTERPRISES LLC
    Inventors: George Sarosi, Wilfred Jaime Miles, Chris Cholas
  • Patent number: 11784817
    Abstract: The present disclosure provides systems and methods for secure identification retrieval. The method includes retrieving a value of a periodic variable and calculating a plurality of query tokens from a corresponding plurality of client device identifiers and the value of the periodic variable. Each query token is associated with a corresponding client device identifier in a first database. The method further includes receiving a first query token calculated from a client device identifier of the first client device and the value of the periodic variable and identifying a second query token of the calculated plurality of query tokens in the first database matching the first query token. The method further includes, responsive to the identification, retrieving the associated client device identifier and retrieving one or more characteristics of the first client device according to the associated client device identifier. The method further includes transmitting the retrieved one or more characteristics.
    Type: Grant
    Filed: March 21, 2022
    Date of Patent: October 10, 2023
    Assignee: Google LLC
    Inventors: Gang Wang, Marcel M. Moti Yung
  • Patent number: 11784811
    Abstract: Fault-tolerant storage of cryptographic information maintained on a fleet of HSMs may be provided by dividing the cryptographic information into a number of stripes which are distributed and stored on individual HSMs in the HSM fleet. Parity information is generated which allows one or more stripes to be regenerated if one or more stripes becomes corrupt or is lost. The parity information may be stored on an HSM in the HSM fleet, or outside the fleet on a storage service, HSM management hub, tangible computer-readable media, or other device. If an HSM in the HSM fleet fails, resulting in the loss of a stripe, an HSM in the fleet can recover the missing stripe by re-creating the missing stripe from the remaining stripes combined with the parity information. In some examples, stripes are mirrored within the fleet of HSMs.
    Type: Grant
    Filed: August 28, 2020
    Date of Patent: October 10, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Alan Rubin, Benjamin Philip Grubin
  • Patent number: 11775621
    Abstract: At least one machine readable medium comprising a plurality of instructions that in response to being executed by a system cause the system to send a unique identifier to a license server, establish a secure channel based on the unique identifier, request a license for activating an appliance from a license server over the secure channel, receive license data from the license server over the secure channel; determine whether the license is valid, and activate the appliance in response to a determination that the license data is valid.
    Type: Grant
    Filed: November 21, 2022
    Date of Patent: October 3, 2023
    Assignee: Intel Corporation
    Inventors: Malini K. Bhandaru, Kapil Sood, Christian Maciocco, Isaku Yamahata, Yunhong Jiang