Central Trusted Authority Provides Computer Authentication Patents (Class 713/155)
  • Patent number: 11363028
    Abstract: A method for managing access privileges is disclosed. The method includes: obtaining, based on employee data received from a first client server having access to a human resources database of an organization, a first indication identifying a change in a first employee structure of the organization, the first employee structure indicating an employee status associated with each of one or more of the employees; retrieving permissions data defining access privileges associated with one or more employee statuses within the first employee structure for accessing a protected resource; and updating a user permissions database associated with the protected resource to indicate a change in access privileges for at least one employee of the organization based on the first indication and the permissions data, the user permissions database indicating access privileges for employees of the organization that are authorized to access the protected resource.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: June 14, 2022
    Assignee: The Toronto-Dominion Bank
    Inventors: Avinash Malliah, Mervin Gan, Haitian Yan
  • Patent number: 11348387
    Abstract: A smart management device identification method includes: sending, by a smart management device, an activation request to a smart lock device, wherein the activation request is used to verify validity of the smart management device; in response to information indicating that the smart management device is valid, receiving, by the smart management device, an access control key from the smart lock device, wherein the access control key is generated according to a master key of the smart lock device and an identifier of the smart management device; and requesting, by the smart management device, the smart lock device to perform a state switching operation using the access control key.
    Type: Grant
    Filed: June 23, 2020
    Date of Patent: May 31, 2022
    Assignees: BEIJING XIAOMI MOBILE SOFTWARE CO., LTD., YUNDING NETWORK TECHNOLOGY (BEIJING) CO., LTD.
    Inventors: Binghui Peng, Ming Li
  • Patent number: 11349827
    Abstract: An anonymous attestation cryptographic protocol is provided for enabling a target (device 4) to attest to a predetermined property of the device without needing to reveal its identity to a verifier (8). When obtaining a credential from an issuer (6) to attest to the predetermined property, the credential is validated by an intermediary device (2) which is a separate consumer electronics device to the target device (4) itself. This allows the relatively processor-intensive calculations required for validating the credential to be performed on a separate device (2) from the device (4) for which the attestation has been made, allowing anonymous attestation protocols to be used for lower powered target devices such as sensors in the internet of things.
    Type: Grant
    Filed: January 12, 2018
    Date of Patent: May 31, 2022
    Assignee: TRUSTONIC LIMITED
    Inventor: Alec Milne Edgington
  • Patent number: 11343243
    Abstract: A system for providing dynamic, multi-factor authentication for machine-to-machine connections using unique authentication streams of chained, cryptographic blocks or codes by generating and managing a root authentication stream of chained cryptographic blocks representing an enterprise. The root authentication stream may be utilized by deployed machine instances to instantiate the unique authentication streams for each of the deployed machine instances, thereby enabling secure and continuous authentication for the machine-to-machine connections.
    Type: Grant
    Filed: October 15, 2019
    Date of Patent: May 24, 2022
    Assignee: CORSHA, INC.
    Inventors: Anusha Iyer, Christopher Simkins
  • Patent number: 11343080
    Abstract: A system and method for insuring privacy, access control, and authentication for electronic user data submitted to social media platforms, email systems, web sites, and other electronics and software based communication and storage systems is provided. Control over user data is provided such that the user can determine which other users may have access to the data, and only such permitted users will be able to access the data. All other parties, including the operators of the system platform in use, will not be able to view the submitted data. Authentication is provided such that the viewer of the data is ensured that the author of the data is in fact the author indicated in the data, and that the data has not been modified since it was submitted. Data privacy, access control, and authentication is provided in a seamless and convenient manner for both the author and recipients of the data.
    Type: Grant
    Filed: November 13, 2020
    Date of Patent: May 24, 2022
    Inventor: Norman J Bagley
  • Patent number: 11343082
    Abstract: The technology disclosed herein enables resource sharing for trusted execution environments.
    Type: Grant
    Filed: September 28, 2020
    Date of Patent: May 24, 2022
    Assignee: Red Hat, Inc.
    Inventors: Michael Tsirkin, Michael Hingston McLaughlin Bursell
  • Patent number: 11329992
    Abstract: Techniques are provided for security measures for extended sessions. Request data for a request is received from a client computing device to a web server system. The request comprises a session identifier (ID) for a session between an authenticated user and the web server system. It is determined, based on the request data, that the client computing device is a single-user device. It is determined, based on the request data, that the client computing device is not compromised. In response to determining that the client computing device is a single-user device and that the client computing device is not compromised, extension of the session between the authenticated user on the client computing device and the web server system is caused.
    Type: Grant
    Filed: October 16, 2019
    Date of Patent: May 10, 2022
    Assignee: F5, Inc.
    Inventors: Mengmeng Chen, Sumit Agarwal, Yao Zhou
  • Patent number: 11329983
    Abstract: The present disclosure includes apparatuses, methods, and systems for validating an electronic control unit of a vehicle. An embodiment includes a memory, and circuitry configured to generate a run-time cryptographic hash based on an identification (ID) number of an electronic control unit of a vehicle and compare the run-time cryptographic hash with a cryptographic hash stored in a portion of the memory.
    Type: Grant
    Filed: March 25, 2019
    Date of Patent: May 10, 2022
    Assignee: Micron Technology, Inc.
    Inventors: Antonino Mondello, Alberto Troia
  • Patent number: 11330000
    Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.
    Type: Grant
    Filed: March 7, 2019
    Date of Patent: May 10, 2022
    Assignee: George Mason Research Foundation, Inc.
    Inventors: Angelos Stavrou, Sushil Jajodia, Anup K. Ghosh, Rhandi Martin, Charalampos Andrianakis
  • Patent number: 11323426
    Abstract: Transparently identifying users using a shared VPN tunnel uses an innovative method to detect a user of a shared VPN tunnel, after authenticating the user, using an assigned userid (that may be a virtual IP). The virtual IP is used as a cookie in each request made by the user. This cookie is an authentication token used by the gateway to detect the user behind a specific request for an Internet resource (such as an http/s request). The cookie is stripped by the gateway so the cookie is not sent to the resource.
    Type: Grant
    Filed: October 19, 2017
    Date of Patent: May 3, 2022
    Assignee: CHECK POINT SOFTWARE TECHNOLOGIES LTD.
    Inventors: Amnon Perlmutter, Lior Drihem, Yair Ziv, Jeremy Sinai, Tsemach Mizrachi
  • Patent number: 11323440
    Abstract: A secure access method performed by an authentication server includes receiving a first message from a non-3GPP access device. The method also includes performing fast re-authentication with the terminal when determining that fast re-authentication is allowed. The method further includes sending a second message to a home subscriber server. The second message carries a registration type identifier, an identifier of the terminal, and an address of the authentication server. The registration type identifier is used to indicate that current secure access of the terminal is secure access using a fast re-authentication procedure. The method additionally includes receiving a registration success indication from the home subscriber server. The method also includes sending an access success indication to the terminal based on the registration success indication.
    Type: Grant
    Filed: February 14, 2020
    Date of Patent: May 3, 2022
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Hua Li
  • Patent number: 11316679
    Abstract: A data monitoring system comprising a server communicatively coupled to a client device and a data module via a network. The server is configured to store a private key of a public-private key pair associated with the data module, receive a request from the client device for authenticated access to the data module, and generate an authentication key based at least on the private key and a time. The client device is configured to generate the request for authenticated access to the data module and transmit the request to the server. The data module is configured to store the private key of the public-private key pair associated with the data module, generate the authentication key based at least on the private key and the time, and grant access to the data module if the authentication key generated by the data module and the authentication key generated by the server match.
    Type: Grant
    Filed: September 18, 2018
    Date of Patent: April 26, 2022
    Assignee: ABIOMED, INC.
    Inventor: Alessandro Simone Agnello
  • Patent number: 11316666
    Abstract: A method, system, and non-transitory computer readable medium are described for providing a sender a plurality of ephemeral keys such that a sender and receiver can exchange encrypted communications. Accordingly, a sender may retrieve information, such as a public key and a key identifier, for the first receiver from a local storage. The retrieved information may be used to generate a key-encrypting key that is used to generate a random communication encryption key. The random communication encryption key is used to encrypt a communication, while the key-encrypting key encrypts the random communication key. The encrypted communication and the encrypted random communication key are transmitted to the first receiver.
    Type: Grant
    Filed: July 12, 2017
    Date of Patent: April 26, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Thomas Michael Leavy, Joël Alwen, Christopher Howell
  • Patent number: 11316674
    Abstract: An aggregate median is efficiently obtained while confidentiality is kept. An order computing part generates ascending order a and descending order d within a group when a table which has been stably sorted based on a desired value attribute and a key attribute is grouped based on the key attribute. A subtracting part generates shares {a-d}, {d-a} of a-d, d-a. A bit deleting part generates shares {a?}, {d?} of a?, d? obtained by excluding least significant bits from {a-d}, {d-a}. An equality determining part generates shares {a?}, {d?} of {a?}:={|a?=0|}, {d?}:={|d?=0|}. A format converting part (15) converts {a?}, {d?} into [a?], [d?]. A flag applying part generates shares [va], [vd] of [va]:=[v1a?], [vd]:=[v1d?]. A permutation generating part generates shares {{?a}}, {{?d}} of permutations ?a, ?d which sort ¬a?, ¬d?. A median computing part generates a share [x] of a vector x.
    Type: Grant
    Filed: April 22, 2019
    Date of Patent: April 26, 2022
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Dai Ikarashi, Koki Hamada
  • Patent number: 11310044
    Abstract: Disclosed is system and method for authenticating secured file transactions. Hash of transaction is stored in distributed ledger. Unencrypted intent, encrypted intent of first agent module is generated. Unencrypted consent, encrypted consent of server arrangement is generated. Encrypted consent is communicated to the first agent module along with a location of second agent module. Encrypted consent, the unencrypted intent, the hash and the first agent key are communicated to the second agent module. Encrypted consent is communicated to server arrangement. Encrypted consent is validated by comparing encrypted consent received from second agent module with two newly generated encrypted consents at server arrangement. Two new encrypted intents are generated at second agent module based on validation of encrypted consent. Encrypted intent stored at server arrangement is validated by comparing encrypted intent with two newly generated encrypted intents to authenticate transaction.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: April 19, 2022
    Assignee: Innoplexus AG
    Inventor: Abhijit Keskar
  • Patent number: 11296862
    Abstract: A method is disclosed. The method comprises receiving, from a communication device, a provisioning request message including a user device identifier and a cryptogram in a first message format, which is received from the user device by the communication device during a message exchange process between the user device and the communication device. The method also includes generating an authorization request message in a second message format, the authorization request message comprising the cryptogram, transmitting the authorization request message to an authorizing computer, and receiving an authorization response message from the authorizing computer. The method also includes providing access data to the communication device.
    Type: Grant
    Filed: August 29, 2019
    Date of Patent: April 5, 2022
    Assignee: Visa International Service Association
    Inventors: Thomas Bellenger, Barbara Patterson
  • Patent number: 11290278
    Abstract: An entertainment system to perform operations to securely pair and communicate with a user device based on multiple security controls. The operations include: Responsive to a request to pair the user device to a network interface, generating an encrypted code that includes network credentials for connecting to the network interface and a time-limited authentication credential that is unique to the user device. Responsive to a request to connect to a server of the entertainment system, generating a connection authorization decision for the user device based on two factor authentication validating (i) a second certificate of the user device, and (ii) the time-limited authentication credential that is unique to the user device. The entertainment system connects the user device to the server for secure communications when the connection authorization decision authorizes the connection based on successful two-factor authentication.
    Type: Grant
    Filed: January 15, 2019
    Date of Patent: March 29, 2022
    Assignee: Thales Avionics, Inc.
    Inventors: Arnaud Sumien, Olivier Quoit
  • Patent number: 11281752
    Abstract: When personally identifiable information (PII) is to be stored or updated, a system first seeks consent from the user for the PII store or update. If the user grants consent, then the system stores the PII in the user's personal device or updates the PII stored in the user's personal device. The system then retrieves that PII and generates a token representing that PII. Even if the token were taken by a malicious user, it would not be possible for the malicious user to determine the user's actual PII from the token. In this manner, the security of the PII is improved over conventional systems.
    Type: Grant
    Filed: March 3, 2020
    Date of Patent: March 22, 2022
    Assignee: THE PRUDENTIAL INSURANCE COMPANY OF AMERICA
    Inventors: Venkatesh Sarvottamrao Apsingekar, Sahil Vinod Motadoo, Christopher John Schille, James Francis Lavine
  • Patent number: 11281804
    Abstract: Various embodiments of apparatuses and methods for protecting data integrity in a content distribution network (“CDN”) are described. Code or data in one of the servers or instances of a CDN might sometimes become incorrect or corrupt. One corrupted server or instance can potentially impact a considerable portion of the CDN. To solve these and other problems, various embodiments of a CDN can designate one or more parameters, which are then identified in a request for content to another entity. In these embodiments, the CDN can generate an encoding of the expected values of the designated parameters. The CDN can then compare, in these embodiments, its encoding of the expected values to an encoding of the values received from the other entity in response to the request. The CDN can validate the content of the response, as well as the identity of the other entity, in some embodiments.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: March 22, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Karthik Uthaman, Ronil Sudhir Mokashi
  • Patent number: 11277394
    Abstract: Systems, methods, and computer-readable media for managing credentials of multiple users on an electronic device are provided.
    Type: Grant
    Filed: February 17, 2020
    Date of Patent: March 15, 2022
    Assignee: Apple Inc.
    Inventors: Karthik Narayanan, Navin Bindiganavile Suparna, Scott Lopatin
  • Patent number: 11276049
    Abstract: Systems and methods for mobile application integration are described. These may include receiving a payment request a mobile application, sending a payment application detection request, receiving a detection response, and sending a customized user interface to the mobile device. The customized user interfaces are determined by whether an associated payment application is present on the mobile device and whether the mobile device is authenticated with the payment processing platform. These techniques can allow for a better user experience when interacting with the payment processing platform.
    Type: Grant
    Filed: December 31, 2019
    Date of Patent: March 15, 2022
    Assignee: PayPal, Inc.
    Inventors: Prasanna Annamalai, Harish Annam, Arun Arumugam, Madar Areef Hussain Shaik
  • Patent number: 11271947
    Abstract: A method for real-time processing of data retrieval requests is disclosed. The method includes: receiving, from a client device, a first login request to log in to a service; authenticating the user for login to the service; in response to authenticating the user, generating a first data string representing at least a unique device identifier for the client device and a validity period; storing the device identifier; sending, to the client device, the first data string; receiving, from the client device, a data retrieval request to retrieve a data set from a remote server, the data retrieval request including the first data string; determining whether the first data string is valid based on checking the validity period; in response to determining that the first data string is valid: obtaining the data set from the remote server; and sending, to the client device, first data based on the obtained data set.
    Type: Grant
    Filed: July 24, 2019
    Date of Patent: March 8, 2022
    Assignee: The Toronto-Dominion Bank
    Inventors: Denny Devasia Kuruvilla, Md Abdur Razzak Chowdhury, Dani Kartikay, Ryan Wu, Andrey Petrov, Peter Horvath, Prashanth Dappula, Sivashanthan Sivapalan, Nolan Glynn-Udrow, Esli Gjini, Sarah Reeve, Matija Bosnjakovic, Guy Dagmara, Jaspal Singh Samra, Abhiney Natarajan, Haobin Li, Richard Yu
  • Patent number: 11263626
    Abstract: A method for generating cryptograms in a webservice environment includes: receiving, in a first environment of a computing system, a credential request transmitted by an external computing device using a secure communication protocol, the credential request including a transaction identifier and account identifier; transmitting, by the first environment, a data request to a second environment of the computing system, the data request including the account identifier; receiving, by the first environment, an account profile and session key from the second environment; transmitting, by the first environment, a cryptogram request to a third environment of the computing system, the cryptogram request including the account profile and session key; receiving, by the first environment, a cryptogram from the third environment generated using the account profile and session key; and transmitting, by the first environment, the cryptogram and transaction identifier to the external computing device via the secure communic
    Type: Grant
    Filed: March 12, 2019
    Date of Patent: March 1, 2022
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Mehdi Collinge, Patrik Smets
  • Patent number: 11258769
    Abstract: A device is provisioned and authorized for use on a network. The device may generate a cryptographic key and provide a digital certificate the cryptographic key, a hardware identifier, and attribute information and provide such information to an authorization host as part of the provisioning process. The authorization host may use attribute information to determine whether to authorize the device for use on the network, and whether the generated cryptographic key should be trusted for use on the network.
    Type: Grant
    Filed: June 24, 2019
    Date of Patent: February 22, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Matthew John Campagna, Derek Del Miller, Nachiketh Rao Potlapally, Gregory Branchek Roth
  • Patent number: 11251954
    Abstract: A broadcast encryption method that allows a broadcaster to send encrypted content to a set of users such that only a subset of authorized users can decrypt the content, and to perform both temporary and permanent revocation of users. Accordingly, during a Setup stage, a Key Service generates a public key and a Master Secret Key (MSK) and sends the Public Parameters PP used to generate the public key to a broadcaster and to all users. The broadcaster uses the Public Parameters PP to create a message M, with which the broadcaster encrypts the content, and further creates a Cipher Text (CT), which is sent to all users. During a Key Gen stage, whenever a user wishes to decrypt the message M for decrypting the content, the user sends a request with his ID1 to the Key Service. The Key Service generates a corresponding secret key SKID1 and the secret key SKID1 is sent to the user ID1 via a secure data channel.
    Type: Grant
    Filed: May 10, 2018
    Date of Patent: February 15, 2022
    Assignee: B. G. NEGEV TECHNOLOGIES AND APPLICATIONS LTD., AT BEN-GURION UNIVERSITY
    Inventors: Shiomi Dolev, Niv Gilboa, Dan Brownstein
  • Patent number: 11252135
    Abstract: The present invention discloses a method of processing data, comprising: sending, a first data to a first image capturing device, by the first computer, through an image output interface of the first computer; sending, the first data to the second computer, by the first image capturing device. The first data comprises a first information and a second information, the second data comprises a third information and a forth information. The second computer processes the third data or the forth data by a first method if the third information is consistent with the first information and the forth information is consistent with the second information; and the second computer processes the third data or the forth data by a second method if the third information is inconsistent with the first information and the forth information is inconsistent with the second information.
    Type: Grant
    Filed: July 29, 2020
    Date of Patent: February 15, 2022
    Inventor: Xingchang Zhou
  • Patent number: 11240213
    Abstract: A resource distribution method, when different peer nodes communicate with each other, a key pair is used for encryption. A resource is transmitted in a ciphertext form in a peer-to-peer (P2P) network. In particular, each resource may have a corresponding key pair, and different key pairs may be used to encrypt resources of different users.
    Type: Grant
    Filed: August 7, 2020
    Date of Patent: February 1, 2022
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Yishan Sun, Lei Yuan, Jiawei Zhou
  • Patent number: 11238168
    Abstract: Disclosed embodiments relate to performing secure and flexible searches of encrypted data. Operations may include maintaining a database of a plurality of sets of encrypted data; receiving a transformed search query for the database, the transformed search query having undergone a transformation process at a client including: identifying a plaintext string in a search query at the client, applying the plaintext string to a language dictionary accessible to the client, receiving, based on the language dictionary, one or more plaintext search strings, and encrypting, at the client, the one or more plaintext search strings; and returning a result based on the transformed search query, the result being based on the encrypted one or more plaintext search strings.
    Type: Grant
    Filed: April 20, 2020
    Date of Patent: February 1, 2022
    Assignee: CyberArk Software Ltd.
    Inventor: Ofer Rivlin
  • Patent number: 11240040
    Abstract: A method for importing a digitally signed assertion to a temporally sequential listing includes receiving, by an evaluating device, at least a communication including a first digitally signed assertion recorded, assigning, by the evaluating device, a confidence level to the first digitally signed assertion, authenticating, by the evaluating device, the first digitally signed assertion as a function of the confidence level, generating, by the evaluating device, a second digitally signed assertion as a function of the first digitally signed assertion, and entering, by the evaluating device, the second digitally signed assertion in at least an instance of a first temporally sequential listing.
    Type: Grant
    Filed: January 27, 2020
    Date of Patent: February 1, 2022
    Assignee: Ares Technologies, Inc.
    Inventor: Christian T Wentz
  • Patent number: 11234787
    Abstract: A method of method of manufacturing a surgical waste collection manifold with a volume collected datum and a rover type to ensure compatibility with a surgical waste collection rover is provided. The surgical waste collection rover including a vacuum pump and a receiver defining an opening. The method includes obtaining a second manifold. The second manifold having a second housing defining a surface, the housing defining a second manifold volume and a second outlet opening in fluid communication with the second manifold volume. The method may further include coupling a second circuit to the surface of the second manifold, the second circuit comprising a second memory device including a third memory bank and a fourth memory bank, the third memory bank including a fifth memory field and the fourth memory bank including a sixth memory field.
    Type: Grant
    Filed: March 8, 2021
    Date of Patent: February 1, 2022
    Assignee: Stryker Corporation
    Inventors: Andy Staats, Brian MacLachlan, Grant Westphal, Stephen J. Reasoner
  • Patent number: 11240001
    Abstract: An example operation may include one or more of connecting, by a participating node, to a blockchain configured to store user assets, receiving, by the participating node, login data from a user, receiving, by the participating node, an asset transfer request from the user identified by the login data, the asset transfer request including identification data of an asset recipient, confirming, by the participating node, that the user is an owner of the asset based on a previous asset transfer transaction associated with the user, verifying, by the participating node, integrity and validity of the asset based on blockchain records, determining, by the participating node, that the asset recipient is a registered user of the blockchain, in response to the determining, by the participating node, that the asset recipient is the registered user of the blockchain, encrypting, by the participating node, an asset transfer transaction by a public key associated with a private key of an auditor; and providing, by the par
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: February 1, 2022
    Assignee: International Business Machines Corporation
    Inventors: Kaoutar Elkhiyaoui, Elli Androulaki, Angelo De Caro, Maria Dubovitskaya, Jan L. Camenisch
  • Patent number: 11240230
    Abstract: Disclosed is an automatic authentication processing method and system using a dividing function.
    Type: Grant
    Filed: March 2, 2018
    Date of Patent: February 1, 2022
    Assignee: WAEM CO., LTD.
    Inventors: Rae Sung Cho, Dong Hyun Cho
  • Patent number: 11233632
    Abstract: In one embodiment, a method for securely distributing secret keys for hardware devices is disclosed. A distributor server transmits to a provider server an order for hardware devices. Each hardware device has a unique identifier and at least one secret key for authentication. The provider server sends a database associated with the distributor, for each of the hardware devices, the unique identifier and an unencrypted version of the at least one secret key. In response to an order received by the distributor from a customer for a portion of the hardware devices, the distributor server provides the database the unique identifiers and an associated customer order identifier, and the distributor server provides a customer server the unique identifiers. In response to the customer logging into the database and providing the order information, the database provides the customer the unencrypted keys for the hardware devices to allow authentication.
    Type: Grant
    Filed: July 2, 2021
    Date of Patent: January 25, 2022
    Inventors: Jason Michael Giuliano, Thomas Scott Rancour, II
  • Patent number: 11228609
    Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with managing hypertext transfer protocol (HTTP) requests using extended SYN cookie includes establishing a network connection with a client without allocating a plurality of computing resources to the established network connection, in response to aa request to establish a connection from a client. Presence of a digital signature in a first data packet comprising a request for a webpage is determined. The digital signature is compared to a plurality of stored signatures to determine when the client is a nefarious computing device when the determination indicates that the received request includes the signature. The established network connection is terminated with the client without allocating the plurality of computing resources when the comparison indicates the client is the nefarious computing device.
    Type: Grant
    Filed: April 27, 2020
    Date of Patent: January 18, 2022
    Assignees: F5 NETWORKS, INC., F5 NETWORKS (ISRAEL) LTD.
    Inventors: Peter Finkelshtein, Vadim Krishtal
  • Patent number: 11221763
    Abstract: A disk lock management method, apparatus, and system are disclosed. The method is performed by a first node, including: sending an obtaining request to a data storage system, where the obtaining request is used to request to obtain a disk lock; receiving a release request, where the release request is used to request the first node to release the disk lock; and sending, a release message to the data storage system, where the release message is used to release the disk lock. This method avoids frequent application and releasing operations performed on the disk lock, reduces disk IO resource occupancy caused by application and releasing of the disk lock, and improves overall system performance.
    Type: Grant
    Filed: April 9, 2019
    Date of Patent: January 11, 2022
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Jusheng Cheng, Jiufei Xue, Yiwen Jiang, Yibin Wang
  • Patent number: 11223616
    Abstract: An onboarding server uses an ultrasound token to securely onboard a new device to an organizational structure. The onboarding server obtains a registration from the new device and provides the new device with an ultrasound token. The onboarding server also obtains a notification from a user device that detected the ultrasound token broadcast from the new device. The onboarding server determines a device identity for the new device and provides cryptographic information to the new device. The cryptographic information enables the new device to connect to an organizational structure with the device identity.
    Type: Grant
    Filed: August 7, 2019
    Date of Patent: January 11, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Nicolai Grødum, Bjørn Kristian Nordlund, Magnus Aaen Holst
  • Patent number: 11223489
    Abstract: Techniques for transparently adding one or more security controls to a challenge-response-based protocol are provided. In one technique, a client device sends a request for a resource to a resource server. The client device receives a challenge as part of a challenge-response handshake and forwards, to a proxy server, the challenge as part of a cryptographic request that includes a key identifier and certain data. In response, the proxy server initiates one or more security controls and sends the key identifier and the certain data to a cryptographic device that generates output based on the certain data. The proxy server receives the output from the cryptographic device. The proxy server determines whether at least one of the security controls resulted in a success. The proxy server sends the output to the client device only in response to determining that at least one of the security controls resulted in a success.
    Type: Grant
    Filed: April 13, 2021
    Date of Patent: January 11, 2022
    Assignee: Garantir LLC
    Inventor: Kieran Miller
  • Patent number: 11218462
    Abstract: A method is performed at a gateway device including one or more processors and a non-transitory memory. The method includes, receiving, from a first wireless network, a first get authentication token request, where the first get authentication token request includes network information of a second wireless network and information of a first user equipment (UE). The method further includes forwarding the first get authentication token request to the second wireless network in response to receiving the first get authentication token request. The method additionally includes receiving a first authentication token from the second wireless network. The method also includes forwarding the first authentication token to the first UE via the first wireless network in order to associate the first UE with the second wireless network.
    Type: Grant
    Filed: November 1, 2018
    Date of Patent: January 4, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Swaminathan Anantha, Santosh Ramrao Patil, Gangadharan Byju Pularikkal, Mark Grayson, Sourav Chakraborty
  • Patent number: 11218324
    Abstract: A system for authenticating a requesting device using verified evaluators includes an authenticating device. The authenticating device is designed and configured to receive at least a first digitally signed assertion from a requesting device, the at least a first digitally signed assertion linked to at least a verification datum, evaluate at least a second digitally signed assertion, signed by at least a cryptographic evaluator, conferring a credential to the requesting device, validate the credential, as a function of the at least a second digitally signed assertion, and authenticate the requesting device based on the credential.
    Type: Grant
    Filed: May 1, 2019
    Date of Patent: January 4, 2022
    Assignee: Ares Technologies, Inc.
    Inventors: Christian T Wentz, Ilia Lebedev
  • Patent number: 11212675
    Abstract: Systems, methods, and computer readable media for performing mobile interactions using a mobile communication device and an access device without a connection to a data network. An access device can provide the mobile communication device with a value request message requesting access tokens for an interaction. The mobile communication device provides access data including a plurality of access tokens to the access device. The access device can use the access tokens to gain access to value elements stored in data lockers of the mobile communication device. Upon receipt of the value elements, the access device may provide the mobile communication device with access to a resource.
    Type: Grant
    Filed: June 20, 2019
    Date of Patent: December 28, 2021
    Assignee: Visa International Service Association
    Inventors: Girish Balakrishna Hegde, Deepak Dhiman
  • Patent number: 11212101
    Abstract: A client can be authenticated with an identity provider. The identity provider can generate an identity provider token after successful authentication. Prior to issuing a request to a service provider, the client can request a temporary (one time use) token from the identity provider. The request may include a client token to verify the client's identity. The identity provider can validate the client token using details saved in the identity provider token and issue the temporary token to the client. The client can provide the temporary token to a service provider in a request for service. The service provider can validate the temporary token with the identity provider. If the temporary token is valid (i.e., has not already been used), the service provider can respond to the request. The use of a temporary token and not sharing the identity provider token with the client can prevent security breaches.
    Type: Grant
    Filed: October 9, 2018
    Date of Patent: December 28, 2021
    Assignee: CA, INC.
    Inventor: Ravi Kumar Kanukollu
  • Patent number: 11210412
    Abstract: Systems and methods for permitting software presence/configurations to function as a factor in a multi-factor authentication scheme so that a user's access to a different software program/application is conditioned on the presence of certain pre-specified software or software configurations that would otherwise not be necessary for access and/or operation of the different software program/application. Generally, by confirming the presence/configuration of the pre-specified software on a computing device, the system ensures that a user, in one embodiment, may only access the different software program/application with the proper configuration of the pre-specified software.
    Type: Grant
    Filed: February 1, 2018
    Date of Patent: December 28, 2021
    Assignee: Ionic Security Inc.
    Inventors: Adam Ghetti, Ryan Speers, Jeffrey Howard, Robert McColl, Taylor Jay Centers, William Monte LeBlanc
  • Patent number: 11210647
    Abstract: A transaction system based on a distributed peer-to-peer computer architecture, said system involving transactions generated by users by means of wallets and allowing the transfer of units of account by feeding inputs from outputs, each transaction (called downstream transaction) having an input directly or indirectly referring to an output of an upstream transaction (or several inputs each referring to an output of a respective upstream transaction) and having an output specifying the number of units of account and an address of a recipient.
    Type: Grant
    Filed: March 12, 2015
    Date of Patent: December 28, 2021
    Inventor: Enrico Maim
  • Patent number: 11206130
    Abstract: Various embodiments relate to a method of generating a shared secret for use in a symmetric cipher, including: receiving, by a processor, an encoded key Enc(K) and a white-box implementation of the symmetric cipher, where the encoded key Enc(K) is used in the white-box implementation; selecting, by the processor, homomorphic functions ? and ? and the values c1 and c3 such that Enc(K)?c1=Enc(K?c3); and transmitting, by the processor, ? and c3 to another device.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: December 21, 2021
    Assignee: NXP B.V.
    Inventors: Joppe Willem Bos, Rudi Verslegers, Wilhelmus Petrus Adrianus Johannus Michiels
  • Patent number: 11206210
    Abstract: Disclosed is a packet processing method and system, and a device. A status value used to identify a topology status of service nodes at a specified time is preconfigured for a packet in a packet flow, so that when a service node in a next hop is selected for the packet, selection is performed not based on a topology status of current actual service nodes in the next hop, but based on the topology status, which is identified by the status value, of the service nodes at the specified time. As long as status values carried in packets in a same packet flow are the same, even if a topology status of service nodes changes, a same service node can still be selected for the packets in the same packet flow, thereby avoiding a problem of diversion of the packets in the same packet flow.
    Type: Grant
    Filed: October 24, 2019
    Date of Patent: December 21, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Yong Huang
  • Patent number: 11200549
    Abstract: Described in example embodiments herein are techniques for implementing an automated banking machine such as an ATM. An example embodiments, tracks the flow of a note through an ATM. Another embodiment corrects errors detected during a note flow. Some embodiments are in the form of security protocols for communications or other communication protocols, or techniques for monitoring devices operating in the ATM. Yet another example embodiment is directed to security of a currency cassette. Still yet another embodiment is directed to detecting tampering of the ATM's gate and/or shuttle. Yet still another embodiment determines if notes in a shuttle were delivered.
    Type: Grant
    Filed: June 27, 2016
    Date of Patent: December 14, 2021
    Assignee: Diebold Nixdorf, Incorporated
    Inventors: David Nikkel, Chris Medford, Daniel Bissler, Ricardo Barros
  • Patent number: 11201741
    Abstract: A system allows a user to store his personally identifiable information (PII) on a personal device. When a third party wants to access the user's PII (e.g., to update the PII or to retrieve the PII), a notification will be presented to the user on the personal device seeking consent to the access. The notification may inform the user as to what information is being requested and which entity is requesting the access. The requested access will be denied unless the user consents to the access. In this manner, the user is given control over the dissemination of his PII. Additionally, the system alters or adjusts the PII that is stored in third-party servers so that even if these servers are breached, the user's actual PII is not exposed.
    Type: Grant
    Filed: March 3, 2020
    Date of Patent: December 14, 2021
    Assignee: THE PRUDENTIAL INSURANCE COMPANY OF AMERICA
    Inventors: Venkatesh Sarvottamrao Apsingekar, Sahil Vinod Motadoo, Christopher John Schille, James Francis Lavine
  • Patent number: 11195207
    Abstract: Systems and methods for controlling ad delivery to mobile clients while maintaining user privacy are herein provided. One exemplary method involves a location broker service. The method includes receiving, at an ad delivery service, a location use token from a mobile client, which may be a single use token. The method includes sending, from the ad delivery service, the location use token to the location broker service for verification at the location broker service. The method includes receiving, at the ad delivery service, the mobile client location from the location broker service based on the verification. The method includes delivering, from the ad delivery service, a location-targeted ad to the mobile client at the mobile client location, where the delivering is further based on a geographic density of a plurality of mobile clients. An advertiser using the ad delivery service may be billed based on location use token history.
    Type: Grant
    Filed: May 21, 2020
    Date of Patent: December 7, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Taqi Jaffri
  • Patent number: 11192522
    Abstract: A device for providing information about a smart key for use in vehicles includes a communicator which receives information about at least one function, performed by the smart key, of controlling a vehicle; and a controller which sets a usage restriction for the at least one function. The communicator may provide information about the at least one function including the usage restriction to an external device.
    Type: Grant
    Filed: March 31, 2020
    Date of Patent: December 7, 2021
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Young-jae Kim, Myung-jin Eom
  • Patent number: 11196763
    Abstract: Aspects of the disclosure relate to edge-computing (“EC”)-based systems and methods for fraud mitigation. The systems and methods may utilize a multi-layer architecture. The architecture may include a set of N gatekeeper units, and each gatekeeper unit may be associated with an EC device. When a transaction request is received, the request may be processed at a first gatekeeper unit, and, if validated, successively processed by the set of N gatekeeper units. If any gatekeeper unit flags the request as suspicious, the unit may emit an audible alert that may be sensed by the associated EC device. The EC device may transmit a signal to one or more of the other gatekeeper units to perform additional processing for the request. When the request reaches the Nth gatekeeper unit and achieves validation, the transaction may be executed via a central server connected to a transaction network.
    Type: Grant
    Filed: July 2, 2019
    Date of Patent: December 7, 2021
    Assignee: Bank of America Corporation
    Inventor: Christopher L. Rice