Central Trusted Authority Provides Computer Authentication Patents (Class 713/155)
  • Patent number: 12278915
    Abstract: The present disclosure provides a provisioning method and a terminal device. The provisioning method is applied to the terminal device, including: the security module establishes a secure channel with the certificate authority CA server through one or more session keys shared by the security module and the CA server; and obtains one or more digital certificates from the CA server; wherein, the security module is to implement Universal Subscriber Identity Module (USIM) functions.
    Type: Grant
    Filed: November 30, 2020
    Date of Patent: April 15, 2025
    Assignees: CHINA MOBILE COMMUNICATIONS CO., LTD RESEARCH INSTITUTE, CHINA MOBILE COMMUNICATIONS GROUP CO., LTD.
    Inventors: Ye Tian, Xiaoming Ren
  • Patent number: 12273468
    Abstract: In some aspects, the techniques described herein relate to a device including: a processor; and a storage medium for tangibly storing thereon logic for execution by the processor, the logic including instructions for: storing a group digital certificate, the group digital certificate including a plurality of unique identifier (UID) values and a plurality of corresponding public keys; receiving onboarding data and a digital signature from a client device, the onboarding data including a UID of the client device and a public key of the client device and the digital signature generated using the onboarding data and a private key corresponding to the public key; validating the digital signature using the public key; confirming that the UID matches at least one UID in the group digital certificate; and onboarding the client device.
    Type: Grant
    Filed: August 25, 2022
    Date of Patent: April 8, 2025
    Assignee: Micron Technology, Inc.
    Inventor: Zhan Liu
  • Patent number: 12260690
    Abstract: The system includes an electronically controllable access point device and a server. The server includes one or more processors, which are communicatively coupled to the access point device and a portable device. The one or more processors are configured to determine whether a user of the portable device is authorized to access the access point device based on one or more credentials received from the portable device and retrieve a location of the portable device. The one or more processors are further configured to determine whether the location of the portable device is within a pre-defined geographical area. Upon determination of user authorization to the access point device and that the location of the portable device is within the pre-defined geographical area, the one or more processors direct the access point device to provide access to the user.
    Type: Grant
    Filed: August 15, 2023
    Date of Patent: March 25, 2025
    Assignee: Geokey, Inc.
    Inventors: Kurtis A. Charling, Derick Frauendorfer, Brandon Peterson
  • Patent number: 12251218
    Abstract: A base unit of a wearable device for continuous analyte monitoring includes a cup configured to receive a power source. A first power source contact is at least partially located in the cup and configured to electrically contact a first terminal of the power source in response to the power source being received in the cup. At least one base contact is electrically coupled to the first power source contact, the at least one base contact configured to electrically contact at least one transmitter contact of a transmitter unit in response to the transmitter unit and the base unit being coupled together. Numerous other embodiments are provided.
    Type: Grant
    Filed: January 21, 2022
    Date of Patent: March 18, 2025
    Assignee: Ascensia Diabetes Care Holdings AG
    Inventors: Dragan Avirovikj, Igor Y. Gofman, Cameron M. Young, Ji Li, Thomas A. J. Mayer, Jr.
  • Patent number: 12245024
    Abstract: Disclosed is a method for ultra-wide band (UWB) security ranging and a UWB device configured to perform secure ranging. The method includes obtaining, from a UWB sub-system of the UWB device, first encryption data including a symmetric key encrypted with a public key of a secure application of the UWB device; transferring the first encryption data to the secure application; obtaining, from the secure application, second encryption data including a ranging data set (RDS) encrypted with the symmetric key; and transferring the second encryption data to the UWB sub-system. In this case, the RDS may include a ranging session key configured to secure a UWB ranging session, and the secure application may be included in a trusted execution environment area.
    Type: Grant
    Filed: May 17, 2022
    Date of Patent: March 4, 2025
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Sehee Han, Sungkyu Cho
  • Patent number: 12245034
    Abstract: A peer-to-peer offline communication method, including: at a mobile device executing a mobile device communication application, generating a mobile device certificate signing request and sending the mobile device certificate signing request to a cloud server; at the mobile device communication application, receiving a signed mobile device certificate from the cloud server; at a vehicle executing a vehicle communication application, generating a vehicle certificate signing request and sending the vehicle certificate signing request to the cloud server; at the vehicle communication application, receiving a signed vehicle certificate from the cloud server; broadcasting the presence of the mobile device and discovering the presence of the mobile device at the vehicle; exchanging and verifying the signed certificate signing requests between the mobile device communication application and the vehicle communication application; and encrypting and decrypting data exchanged between the mobile device and the vehicle.
    Type: Grant
    Filed: May 13, 2022
    Date of Patent: March 4, 2025
    Assignee: Volvo Car Corporation
    Inventors: Petar Mataic, Soeren Reimler, Niclas Gyllenram, Jeremy White
  • Patent number: 12229666
    Abstract: A consumer device is described, comprising a sensor which is adapted to register sensor data that describe a physical behavior of an authentication chip of a consumable component, an authentication circuit which is adapted to implement a machine learning model that is trained to classify consumable components with the aid of sensor data that describe the physical behavior of authentication chips of the consumable components into originals and copies, to deliver the registered sensor data to the machine learning model, and to authorize the use of the consumable component by the consumer device depending on whether the machine learning model classifies the consumable component as original.
    Type: Grant
    Filed: February 26, 2021
    Date of Patent: February 18, 2025
    Assignee: Infineon Technologies AG
    Inventors: Juergen Guthart, Berndt Gammel
  • Patent number: 12225132
    Abstract: When a network element attempts to establish a session with another network element, a security verification agent may be activated in one or both network elements. The security verification agents, such as front-end processors, virtual network functions, or other software agents, may reside in each of the network elements.
    Type: Grant
    Filed: April 12, 2023
    Date of Patent: February 11, 2025
    Assignee: AT&T Mobility II LLC
    Inventor: Arturo Maria
  • Patent number: 12225000
    Abstract: A Certification Authority (CA) server for issuing digital certificates generates a first digital certificate associated with a first public key of the device and calculates an update factor for the first private key. Based on the first public key, the calculated update factor, and a predefined public system parameter, the CA server calculates a second public key for a determined time period for the device. The CA server generates a second digital certificate valid at the determined time period and associated with the second public key and sends the second digital certificate to the device. A device may calculate an update factor for a stored first private key, calculates a second private key based on the calculated update factor and the first private key, receives from the CA server a second digital certificate associated with a second public key, and validates the device based on the second digital certificate.
    Type: Grant
    Filed: June 10, 2022
    Date of Patent: February 11, 2025
    Assignee: Huawei Technologies Duesseldorf GmbH
    Inventors: Lijun Liao, Yong Li, Li Duan, Qing Han
  • Patent number: 12218929
    Abstract: A system can receive a request from a user device to disable a password-based mode of authentication associated with a user account. The user account can have a password usable for accessing account data associated with the user account and account functions associated with the user account. The system can receive verification from the user device for the request. The system can disable the password-based mode of authentication associated with the user account. The system can enable a password-less mode of authentication associated with the user account. The password-less mode of authentication can enable the user device to access account data associated with the user account and account functions associated with the user account without requiring the user to enter the password.
    Type: Grant
    Filed: June 17, 2022
    Date of Patent: February 4, 2025
    Assignee: Truist Bank
    Inventors: Sudhakar Swaminathan, Madhusudan Panda
  • Patent number: 12200102
    Abstract: The codebook-based homomorphic compression system is a novel approach that combines data compression and homomorphic encryption to enable efficient and secure computation on compressed data. It involves quantizing the input data, generating an optimized codebook using techniques like Huffman coding or deep learning, and compressing the data by replacing each value with its corresponding codeword. The compressed data is then encrypted using a homomorphic encryption scheme, such as the Paillier cryptosystem, allowing computations to be performed directly on the encrypted compressed data without decryption. Homomorphic properties of the encryption scheme enable operations like addition and multiplication on the ciphertexts, while preserving the confidentiality of the underlying data. The system also incorporates error correction techniques to mitigate the impact of quantization and encryption on the accuracy of the computations.
    Type: Grant
    Filed: June 26, 2024
    Date of Patent: January 14, 2025
    Assignee: ATOMBEAM TECHNOLOGIES INC
    Inventor: Brian Galvin
  • Patent number: 12197569
    Abstract: Systems and methods of automatically controlling a user's data footprint are provided. Data associated with a user may be analyzed to determine an action the user is preparing to take. Based on the analysis, a potential risk associated with the action the user is preparing to take may be identified. The potential risk associated with the action the user is preparing to take may be, for example, a data security risk, a data privacy risk, a physical risk, a risk of damage to property, and/or a financial risk. A notification indicating the potential risk associated with the action the user is preparing to take may be provided to the user. The notification may include one or more suggestions for mitigating the potential risk associated with the action the user is preparing to take.
    Type: Grant
    Filed: July 11, 2023
    Date of Patent: January 14, 2025
    Assignee: QUANATA, LLC
    Inventors: Theobolt N. Leung, Micah Wind Russo
  • Patent number: 12192878
    Abstract: A method for identifying alternate delivery endpoints for mobile originated data and monitoring reports in a communications network includes establishing, by a network exposure function (NEF) in a communications network, priority rules in a priority configuration database that define routing priority indicators corresponding to a plurality of applications functions (AFs) and receiving a service request or notification request message directed to one of the plurality of AFs from a consumer network function (NF) in the communications network. The NEF accesses a context database to validate context information associated with a destination AF belonging to the plurality of AFs. If the destination AF is unavailable or is not in proximity to the NEF, an event notification request message associated with the service request or notification request message is directed to a prioritized AF specified in the priority configuration database, wherein the prioritized AF is a peer of the destination AF.
    Type: Grant
    Filed: September 29, 2021
    Date of Patent: January 7, 2025
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventor: Rajiv Krishan
  • Patent number: 12184798
    Abstract: There are provided systems and methods for a dynamic value appended to cookie data for fraud detection and step-up authentication. A service provider, such as an electronic transaction processor for digital transactions, may utilize computer cookies for authentication and/or login for a user account. In order to further secure cookies from being compromised and used by malicious parties for fraudulent account access, the service provider may add or append a dynamic value that changes at each subsequent login to the computer cookie. The dynamic value may be used so that if a computer cookie is misappropriated, only one device may use the cookie once without the cookie updating and invalidating the cookie with another device or application on the device. Thereafter, when a login is requested, the dynamic value is matched to an expected value by the service provider when determining whether to authenticate the device.
    Type: Grant
    Filed: June 30, 2021
    Date of Patent: December 31, 2024
    Assignee: PAYPAL, INC.
    Inventors: Adam Cohen, Yuval Bercovich
  • Patent number: 12177204
    Abstract: Techniques for certificate authority (CA) selection are described. A certificate management service of a cloud provider network receives a first request to generate a certificate from an electronic device, the first request including an indication of an identity of a user and an identification of a domain name to associate with the certificate. A CA selection policy applicable to the first request is identified, the CA selection policy including a CA selection rule. A CA to generate the certificate is identified by evaluating the CA selection rule, the CA selection rule associates at least a portion of the domain name with the CA. A second request to generate the certificate is sent to the identified CA. The certificate or an identification of the certificate from the CA is returned to the electronic device.
    Type: Grant
    Filed: March 21, 2022
    Date of Patent: December 24, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Manikandan Subramanian, Marcel Andrew Levy, Blake P Hess
  • Patent number: 12166801
    Abstract: A method performed by a security system of a 5G network to protect against cyberattacks on a personalized basis. The security system can identify a cybersecurity threat to a wireless device based on contextual information relating to the wireless device, a user preference, or a call detail record. The security system can determine a one-time fee to charge the user in exchange for protecting the wireless device against the cybersecurity threat, generate an coupon to protect the wireless device against the cybersecurity threat, and send the coupon to the wireless device based at least in part on the contextual information relating to the wireless device and the user preference. When the security system receives an indication that the coupon was redeemed, responds by deploying a network asset to protect the wireless device against the cybersecurity threat.
    Type: Grant
    Filed: October 6, 2022
    Date of Patent: December 10, 2024
    Assignee: T-Mobile USA, Inc.
    Inventor: Venson Shaw
  • Patent number: 12155753
    Abstract: A method is described of managing service events in a distributed computing system. The distributed computing system comprises a plurality of computing nodes able to perform a service using a service process. The method takes place at one of the computing nodes. A service event is received or created. This service event is identified by a combination of a node identifier, a time element, and a local counter value. The local counter value represents a number of service events performed by a service process for a user since a last reset. The identified service event is then stored in a service process database according to node identifier and local counter values. The service process database is used to manage service events in the distributed system. Service events are removed from the service process database when no longer valid using the time element.
    Type: Grant
    Filed: April 22, 2020
    Date of Patent: November 26, 2024
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Mehdi Collinge, Omar Laazimani, Cristian Radu
  • Patent number: 12143371
    Abstract: A method including configuring, by an infrastructure device, a first user device to select an encryption key, from among a plurality of encryption keys available to the first user device, for encrypting a metadata key that is utilized to encrypt metadata associated with a file; receiving, by the infrastructure device from the first user device, an encrypted metadata key; transmitting, by the infrastructure device to a second user device, the encrypted metadata key; and configuring, by the infrastructure device, the second user device to select a decryption key, from among a plurality of decryption keys available to the second user device, for decrypting the encrypted metadata key, the decryption key being associated with the encryption key is disclosed. Various other aspects are contemplated.
    Type: Grant
    Filed: August 23, 2022
    Date of Patent: November 12, 2024
    Assignee: UAB 360 IT
    Inventors: Konstantin Kolganov, Tomas Smalakys
  • Patent number: 12141287
    Abstract: Disclosed methods for enabling flexible policies for user access to BIOS attribute settings perform operations including creating a BIOS attribute map encompassing one or more configurable BIOS attributes, generating a role-based authorization table associating an authorization role to each of the configurable BIOS attributes, and deploying the role-based authorization table to an information handling system. Responsive to a user launching a BIOS attribute configuration tool, a user role associated with the user is detected and the role-based authorization table is retrieved. Based on the role-based authorization table and the user role, configurable BIOS attributes for the user are identified. The configurable BIOS attributes may then be presented to the BIOS configuration to enable the user to perform configuration operations for the configurable BIOS attributes.
    Type: Grant
    Filed: July 28, 2022
    Date of Patent: November 12, 2024
    Assignee: Dell Products L.P.
    Inventors: Vivekanandh Narayanasamy Rajagopalan, Balasingh Ponraj Samuel
  • Patent number: 12143911
    Abstract: Broadly speaking, the present techniques relate to a computer implemented method for establishing a secure communication session between a client device and a server resource.
    Type: Grant
    Filed: May 4, 2020
    Date of Patent: November 12, 2024
    Assignees: ARM LIMITED, ARM IP LIMITED
    Inventors: Hannes Tschofenig, Mikko Johannes Saarnivala, Szymon Sasin, Hanno Becker, Manuel Pegourie-Gonnard
  • Patent number: 12137114
    Abstract: Risk assessment in an authentication service is performed where an authorization request is received from a third-party application. Risk assessment policies for the authorization request are determined based on a class of the third-party application. The risk assessment policies are applied to the authorization request to determine an action to be performed for the authorization request, such as sending an authorization message in response to the authorization request or taking a remedial action (e.g., suspending the application, limiting the available actions, or sending a notification to a trusted security application).
    Type: Grant
    Filed: July 28, 2023
    Date of Patent: November 5, 2024
    Assignee: EBAY INC.
    Inventors: Tatjana Vlahovic, Gail Anna Rahn Frederick
  • Patent number: 12126610
    Abstract: A system implemented on a server computer for managing digital certificates includes a certificate management agent module, a digital certificate processing module and a configuration module. The certificate management agent module processes requests to create a plurality of certificate management agents. Each of the certificate management agents is configured to manage a lifecycle of a digital certificate for a client electronic device. The digital certificate processing module processes requests from the certificate management agent module for digital certificates for the plurality of certificate management agents. The configuration module receives and processes configuration parameters for the certificate management agents and for the digital certificates.
    Type: Grant
    Filed: November 18, 2021
    Date of Patent: October 22, 2024
    Assignee: Wells Fargo Bank N.A.
    Inventors: Andrei Stoica, Sumit Murarka, Michael Peter Ridilla, Samir Rameshchandra Sanghvi, Jerome Pradier
  • Patent number: 12113892
    Abstract: Device access authorization via connected user equipment is performed with a device including a controller, a memory in communication with the controller, the memory storing a device identifier, a registration service, and a limited access service, and a secure element in communication with the controller, the secure element storing a device authentication key and a registry certificate.
    Type: Grant
    Filed: November 25, 2021
    Date of Patent: October 8, 2024
    Assignee: RAKUTEN MOBILE, INC.
    Inventors: Julian Desvignes, Luiz Guilherme Mesquita Kimel Dos Santos
  • Patent number: 12113895
    Abstract: A method of operating the physically unclonable function (PUF)-based key management system includes upon receiving a key generation request including a parameter, a load balancer dispatching a key generation request including a parameter from an external device according to workloads of a plurality of key management components (KMCs). A KMC having minimum workload among the plurality of KMCs is designated as the key-generation KMC and the key generation request is dispatched thereto, and remaining KMCs of the plurality of KMCs are designated as backup KMCs. The method further includes the key-generation KMC generating a key according to the parameter and a first PUF sequence, transmitting the key and an identifier associated therewith to the backup KMC via a backup channel, and the backup KMC generating a wrapped key according to the key and a second PUF sequence.
    Type: Grant
    Filed: December 3, 2021
    Date of Patent: October 8, 2024
    Assignee: PUFsecurity Corporation
    Inventors: Yung-Hsiang Liu, Meng-Yi Wu, Ching-Sung Yang
  • Patent number: 12106274
    Abstract: A method of secure automated communication comprises communicating by a computer with a cloud computing service having an address in a first Internet domain, the communicating performed during a first electronic commerce session using an electronic commerce web page rendered by a browser executing on the computer; communicating by the computer with a transaction server having an address in the first Internet domain via a virtual private network (VPN), the communicating performed during the first electronic commerce session using the electronic commerce web page rendered by the browser; determining when the browser is accessing a product information portion of the electronic commerce web page during the first electronic commerce session; determining when the browser is providing confidential information to the electronic commerce web page during the first electronic commerce session; and directing the confidential information to the transaction server via the virtual private network during the first electronic
    Type: Grant
    Filed: April 3, 2012
    Date of Patent: October 1, 2024
    Assignee: Blackhawk Engagement Solutions (DE), Inc.
    Inventors: Gautham K. Kudva, Benjamin Franklin Clay, Jessica Samantha Piikklia, Robert O. Morrow, Dennis Raae Mercer, Jr., Junli Yuan, Victor Alexeenko, Anthony Glenn Aylor, Mark Louis Gerard, Robert Parker Freeburg, II, Michael David Reynolds
  • Patent number: 12107856
    Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that securely track, manage, and provision elements of interaction data within a computing environment in accordance with encrypted permissioning data recorded onto a permissioned distributed ledger. For example, an apparatus may obtain query data that includes an identifier of a computing system and a query term, and access one or more ledger blocks of a permissioned distributed ledger that include encrypted permissioning data and interaction data. The apparatus may decrypt the encrypted permissioning data using a master cryptographic key of a centralized authority.
    Type: Grant
    Filed: June 29, 2022
    Date of Patent: October 1, 2024
    Assignee: The Toronto-Dominion Bank
    Inventors: John Michael Collinson, Christopher William Cooney, Russell Voutour, Marie-Julie Demers, Arun Victor Jagga
  • Patent number: 12108249
    Abstract: A communication device that communicates with an external device performs authentication by exchanging information for authentication processing with the external device. In a case where the communication device detects a request to share unique information that is used to provide a communication parameter during the authentication processing, the communication device shares the unique information with the external device after authentication has been successfully completed.
    Type: Grant
    Filed: January 15, 2020
    Date of Patent: October 1, 2024
    Assignee: Canon Kabushiki Kaisha
    Inventor: Atsushi Minakawa
  • Patent number: 12086694
    Abstract: A software based application for assessing, processing, and remediating cyber-risk in real time may comprise, without limitation, a profiling component, an analytic component, an evaluation component, a documentation component, an implementation component, a validation component, and a monitoring component which may, in conjunction therewith, operate to allow an organization to adaptively adjust an organization's network security to continuously improve and mature same. Such components may operate to: (1) determine an organization's operational baseline; (2) identify risks and hazards inherent therein; (3) generate, and verify the efficacy of, remedial controls to such risks and hazards; (4) document and audit such determinations; and (5) continually monitor the organization's network security.
    Type: Grant
    Filed: June 10, 2020
    Date of Patent: September 10, 2024
    Assignee: Conquest Technology Services Corp.
    Inventors: Jeffrey J. Engle, Thomas R. Neclerio, Ariel Posada
  • Patent number: 12088738
    Abstract: Techniques are described for enabling users of a certificate management service to create certificate issuance policies that can be applied to certificate issuance requests across both public and private certificate authorities (CAs) and other certificate-related services. According to embodiments described herein, a certificate issuance policy includes one or more certificate issuance rules to be applied to requests associated with one or more specified user accounts or roles for certificate-related resources (e.g., public certificates, private certificates, etc.). The application of a certificate issuance rule can be conditioned on a particular request context (e.g., based on a user account or role associated with a request, a type of certificate requested, a subject name identified in the request, etc.) and can specify a wide range of actions to be performed on requests matching a rule (e.g., allowing or denying a request, modifying one or more parameters of the request, etc.).
    Type: Grant
    Filed: December 3, 2021
    Date of Patent: September 10, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Josh Rosenthol, Param Sharma, Kyle Benjamin Schultheiss, Marcel Andrew Levy, Todd Cignetti
  • Patent number: 12081660
    Abstract: The present disclosure provides for a system ensuring the integrity of received data. The system includes a processor, a trusted platform module, and a memory storing instructions. Upon a request from the processor, the trusted platform module generates an asymmetric key pair including a private key and a public key. The trusted platform module provides the public key and an encrypted private key to the processor. The processor generates a checksum of received content data and sends the checksum to the trusted platform module. The processor also loads the encrypted private key into the trusted platform module. The trusted platform module decrypts the encrypted private key, encrypts the checksum with the private key, and provides the encrypted checksum to the processor. The processor sends the content data together with the encrypted checksum to an external device. The external device may decrypt the encrypted checksum with the public key.
    Type: Grant
    Filed: May 26, 2023
    Date of Patent: September 3, 2024
    Assignee: Red Hat, Inc.
    Inventors: Francisco Javier Martinez Canillas, Alberto Carlos Ruiz Ruiz
  • Patent number: 12074982
    Abstract: Methods, systems, and computer-readable storage media for authorizing execution of processes that access cached data of an application running in a virtualized cloud environment. A first composite encrypted value comprising a first encrypted secret and a first secure hash value of a first secret is retrieved at a first virtual machine. The first encrypted secret is decrypted using a cryptographic key to determine a second secret to be used for initiating a first process (p?) on the first virtual machine. A second secure hash value of the second secret is generated. The second secure hash value is compared with the first secure hash value to determine whether to authorize execution of the first process on the first virtual machine using the first secret. In response to determining that the second secure hash value and the first secure hash value match, the first process is initiated at the first virtual machine.
    Type: Grant
    Filed: March 16, 2022
    Date of Patent: August 27, 2024
    Assignee: SAP SE
    Inventors: Tobias Dyrba, Steffen Koenig, Tsonyo Lazkov Yonchev
  • Patent number: 12072990
    Abstract: A process includes a first tenant of a plurality of tenants communicating with a security processor of a computer platform, via a first physical request interface of the security processor, to acquire ownership of a first command execution engine of the security processor associated with the first physical request interface. The process includes a second tenant of the plurality of tenants communicating with the security processor, via a second physical request interface of the security processor, to acquire ownership of a second command execution engine of the security processor associated with the second physical request interface. The process includes the security processor receiving a first request from the first tenant in the first physical interface, and the second processor receiving a second request from the second tenant in the second physical request interface.
    Type: Grant
    Filed: October 22, 2021
    Date of Patent: August 27, 2024
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Ludovic Emmanuel Paul Noel Jacquin, Nigel J. Edwards, Thomas M. Laffey, Shiva R. Dasari
  • Patent number: 12074880
    Abstract: A permissions management system is disclosed for enabling a user to securely authorize access to user accounts and/or securely authorize execution of transactions related to user accounts via one or more application programming interfaces (“APIs”) and/or one or more authorization mechanisms.
    Type: Grant
    Filed: March 25, 2022
    Date of Patent: August 27, 2024
    Assignee: Plaid Inc.
    Inventors: Jason Pate, Paolo Bernasconi, Jan Dudek, Riley Avron, Maxwell Johnson, Sattvik Kansal, William Hockey, Alexis Hidebrandt
  • Patent number: 12063312
    Abstract: According to an example aspect of the present invention, there is provided an apparatus configured at least to determine whether a cryptographic signature of a token received in the apparatus from a network function consumer is valid, obtain a cryptographic signature of the apparatus of the token responsive to the cryptographic signature of the token being valid, and provide the token to a peer entity of the apparatus, wherein the cryptographic signature of the apparatus is either included into the token or provided in a header external to the token, wherein the peer entity is comprised in a second network, different from a first network where the apparatus is comprised in. The request may serve a user equipment, directly or indirectly.
    Type: Grant
    Filed: November 10, 2021
    Date of Patent: August 13, 2024
    Assignee: Nokia Technologies Oy
    Inventors: Chaitanya Aggarwal, Saurabh Khare, Anja Jerichow, Jani Ekman
  • Patent number: 12058251
    Abstract: The techniques described herein relate to a system including a simulator for instantiating a simulated device associated with a device public key and at least one generated device public key and generated device certificate. The system includes a server configured to receive the device public key, generate a server unique device secret (UDS) using the device public key and a server private key, generate at least one generated server key using the server UDS, generate at least one generated server certificate using the at least one generated server key, receive the at least one generated device key and at least one generated device certificate, and validate the at least one generated device key and generated device certificate by comparing the at least one generated device key and generated device certificate to the at least one generated server key and generated server certificate, respectively.
    Type: Grant
    Filed: February 10, 2022
    Date of Patent: August 6, 2024
    Assignee: Micron Technology, Inc.
    Inventor: Zhan Liu
  • Patent number: 12039316
    Abstract: Systems and methods are disclosed for providing a secure and assured method for updating software of a cyber-physical system (CPS) device, maintaining a CPS device, diagnosing a CPS device, and transferring of CPS data. The method may include authenticating a moment a secure maintenance device (SMD) is connected to a first device before a software-based communication is established, establishing a secure communication channel between the SMD and the first device, authenticating a user of the first device and determining access rights of the user using an identity of the first device; transmitting digitally signed updates from the SMD to the first device; receiving, at the SMD, digitally signed first data from the first device, performing diagnostic and maintenance functions at the first device, and exporting data from the first device to the SMD for mobile transfer to another platform.
    Type: Grant
    Filed: April 23, 2021
    Date of Patent: July 16, 2024
    Assignee: HONEYWELL INTERNATIONAL INC.
    Inventor: Ly Vessels
  • Patent number: 12032679
    Abstract: In a method for software attestation, an enclave including an operating system (OS) library is initialized in a trusted execution environment, wherein software attestation is performed to verify an identity of the enclave, wherein an application is executed inside the enclave using the OS library, and wherein performing the software attestation includes attestation of a content of a disk image associated with the application.
    Type: Grant
    Filed: January 7, 2022
    Date of Patent: July 9, 2024
    Assignee: HUAWEI CLOUD COMPUTING TECHNOLOGIES CO., LTD.
    Inventors: Dan Touitou, Avigail Oron, Naor Shlomo, Ayal Baron
  • Patent number: 12021860
    Abstract: Systems and methods for multi-stage, identity-based, digital authentication are provided. Methods include a first and a second stage of authentication. The first stage may include a user profile submitting a first request to access a first digital application; the computing device receiving, as input, one or more authenticating factors; the computing device transmitting, to a central server, the one or more authenticating factors; the central server processing and authenticating the user profile to the first digital application.
    Type: Grant
    Filed: May 23, 2022
    Date of Patent: June 25, 2024
    Assignee: Bank of America Corporation
    Inventors: Trish Gillis, Taylor Farris
  • Patent number: 12022001
    Abstract: A method and apparatus provides debug information and employs a central debug service in a management environment that issues, to a client debug agent in a client environment, a cryptographically secure signed request for access to debug information that is generated by code executing in the client environment. The request is signed using a private key of a public/private key pair associated with the central debug service. The central debug service receives from the client debug agent, a request that requests the public key of public/private key pair associated with the central debug service and provides the public key of the central debug service to the client debug agent, in response to the request, for verification of approval to access debug information in the client environment. The central debug service receives the requested debug information from the client debug agent, in response to a successful signature verification by the client debug agent.
    Type: Grant
    Filed: June 10, 2021
    Date of Patent: June 25, 2024
    Assignee: Palantir Technologies Inc.
    Inventors: Tony Abboud, Spencer Lake, Bradley Moylan, Andrew Bradshaw, Maximilian Najork
  • Patent number: 12010394
    Abstract: Techniques for a trusted system for secure content distribution and trusted recording of content consumption are described. In some embodiments, the trusted system transcodes and transcrypts a media content item using a key obtained from a content provider and one or more keys based on an entitlement from a service provider to generate an encrypted media content item. The trusted system further receives a request to provide the media content item to a client device. The trusted system also obtains a signed audit token recording the request upon an authorization by the service provider based on the entitlement and a confirmation by the content provider, where the signed audit token is signed by the content provider and the service provider. The trusted system additionally provides the one or more keys for decrypting the encrypted media content item and reports the signed audit token.
    Type: Grant
    Filed: November 10, 2021
    Date of Patent: June 11, 2024
    Assignee: Synamedia Limited
    Inventors: Dan Ariel Elbert, Vadim Kharitonsky, Anatoly Seldin, Zorach Reuven Wachtfogel, Ian John Bastable, Gareth John Bowen, Peter Gibbs, Moshe Elad, Max Sorkin
  • Patent number: 11991287
    Abstract: A method for a user to access resources within a secure network without inputting a username or password is presented and claimed where the method comprises inputting, by the user, login credentials into an authentication service and obtaining from the authentication service at least one secret code; inputting the at least one secret code into an OTCP to initialize the OTCP; generating within the OTCP a one-time code (OTC) utilizing the at least one secret code but not including the user's login credentials or username; supplying, by the user, the OTC to a secure web portal wherein the secure web portal confirms authenticity of the OTC with the authentication service; and the secure web portal supplying access to the user of the secure web portal resources upon receipt of authentication of the user.
    Type: Grant
    Filed: May 24, 2022
    Date of Patent: May 21, 2024
    Inventors: Guido Pellizzer, Federico Simonetti
  • Patent number: 11979743
    Abstract: One or more devices may include a credentials server. The credentials server may be configured to: receive primary Standalone Non-Public Network (SNPN) credentials for a User Equipment device (UE) and SNPN information. The primary SNPN credentials and the SNPN information are associated with the UE and an SNPN. The devices may be configured to generate temporary SNPN credentials based on the primary SNPN credentials and the SNPNN information. The devices may forward the temporary SNPN credentials to the SNPN.
    Type: Grant
    Filed: June 16, 2021
    Date of Patent: May 7, 2024
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Vinod Kumar Choyi, Samita Chakrabarti
  • Patent number: 11977760
    Abstract: Securely loading digital blocks into memory for consumption by a processor. A method includes, at a memory protection shim, receiving a digital block and a manifest for the digital block. The manifest includes a transformation key for the digital block. The transformation key is configured to be used for at least one of validating the digital block or decrypting the digital block. The manifest is encrypted. The method further includes decrypting the manifest to obtain the transformation keys. The method further includes using the transformation keys to perform at least one of validating or decrypting the digital block. The method further includes retransforming the digital block using a memory protection shim ephemeral key to perform at least one of creating an authentication tag or encrypting the digital block. The method further includes storing the retransformed digital block in memory.
    Type: Grant
    Filed: September 8, 2023
    Date of Patent: May 7, 2024
    Assignee: IDAHO SCIENTIFIC LLC
    Inventors: Andrew James Weiler, Nathan Charles Chrisman, Claude Harmon Garrett, V, Dale Weston Reese, Matthew Ryan Waltz, Jay Takeji Hirata
  • Patent number: 11977635
    Abstract: A system is provided for protecting a computer system and/or control system against manipulation and functional anomalies. The system includes a monitoring module, which has at least a first interface, a second interface, and at least one memory. The system is configured to receive information characterizing the system state of the computer system and/or control system via the first interface, receive an encrypted request for system state via the second interface and decrypt it using a request key stored in the memory, and generate a response to the request from at least a portion of the information received via the first interface. The system is also configured to encrypt the response with a response key determined using the request and output it via the second interface, determine a new request key which is a shared secret also accessible to the sender of the request, and store this new request key in the memory.
    Type: Grant
    Filed: May 21, 2021
    Date of Patent: May 7, 2024
    Assignee: Basler Aktiengesellschaft
    Inventors: Sebastian Adank, Timm Von Der Mehden, Jens Dekarz
  • Patent number: 11968227
    Abstract: A system and methods for mitigating Kerberos ticket attacks within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.
    Type: Grant
    Filed: October 18, 2023
    Date of Patent: April 23, 2024
    Assignee: QOMPLX LLC
    Inventors: Jason Crabtree, Andrew Sellers
  • Patent number: 11966886
    Abstract: The invention relates to creating a secure, decentralized, cloud-based network or physical/virtual infrastructure that enables the payments industry to redefine payment processing and information sharing. The innovative network addresses key pain points by reducing payment delays and touch points, realizing faster and comprehensive payment tracking, real-time sanctions, AML and fraud management tools.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: April 23, 2024
    Assignee: JPMORGAN CHASE BANK, N.A.
    Inventors: John Corwin Hunter, Palka S. Patel, Luciane Sant'Anna, Leticia Pui Sze Lim, Tiffany Ashley Wan, Elizabeth Polanco Aquino, Samer Falah, Sudhir Upadhyay, Tulasi Movva, Suresh Shetty
  • Patent number: 11947658
    Abstract: Some embodiments are directed to a password generation device that includes an input unit arranged to receive, from a user device, a computer address for accessing a computer resource, a user identifier indicating a user of the user device, a user password, and a password unit arranged to determine a first combined identifier from a base address system-identifier, a user system-identifier, and the user password. Moreover, the password generation device may be configured for password verification and/or validation.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: April 2, 2024
    Assignee: MINDYOURPASS HOLDING B.V.
    Inventor: Merijn De Jonge
  • Patent number: 11921860
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for rollback resistant security are disclosed. In one aspect, a method, during a boot process of a computing device, includes the actions of obtaining a secret key derived from device-specific information for the computing device. The method further includes verifying that a signature for a software module is valid. The method further includes obtaining information indicating a current version of the software module. The method further includes using the secret key to generate a first encryption key corresponding to the current version of the software module and a second encryption key corresponding to a prior version of the software module. The method further includes preventing future access to the secret key until the computing device is rebooted. The method further includes providing the software module access to the first encryption key and the second encryption key.
    Type: Grant
    Filed: February 2, 2023
    Date of Patent: March 5, 2024
    Assignee: Google LLC
    Inventor: Paul Dermot Crowley
  • Patent number: 11924353
    Abstract: A system includes a control computer that is programmed to perform an authentication based on an encryption key, upon being connected to a vehicle communication network. The computer is programmed to control vehicle operation including at least one of propulsion, braking, and steering, upon authentication by a vehicle computer that is physically attached to the communication network.
    Type: Grant
    Filed: January 25, 2017
    Date of Patent: March 5, 2024
    Assignee: Ford Global Technologies, LLC
    Inventors: Michael Talamonti, Walter Joseph Talamonti
  • Patent number: 11917097
    Abstract: Methods and systems described in this disclosure allow customers to quickly be authenticated. In some embodiments, a device and a user verifier are associated with a user profile. When a call is received from the device, the user may be requested to input the user verifier. After verifying that the device is unique to the user and that the user verifier matches the user verifier associated with the user profile, the user may be authenticated to the call or activity.
    Type: Grant
    Filed: November 1, 2021
    Date of Patent: February 27, 2024
    Assignee: United Services Automobile Association (USAA)
    Inventors: Patricio H. Garcia, Amanda Jean Segovia, Hector J. Castillo, Susan Cass Mason, Robert Craig Korom