By Certificate Patents (Class 713/156)
  • Patent number: 11119707
    Abstract: A printing apparatus includes a transmission unit configured to transmit a request to register the printing apparatus and a signing request necessary to issue a certificate of the printing apparatus to a system upon receiving a registration instruction for registering the printing apparatus with a print service from a user. A display unit refrains from displaying third display information for identifying the signing request transmitted by the transmission unit.
    Type: Grant
    Filed: August 4, 2020
    Date of Patent: September 14, 2021
    Assignee: Canon Kabushiki Kaisha
    Inventor: Shuichi Uruma
  • Patent number: 11115819
    Abstract: A device and method for locally authenticating an accessor device to access an operable device. The method comprises receiving reservation information at a validation device from an access granting device, the reservation information identifying one or more accessor devices as having permission to utilize the operable device, where the operable device is local to (e.g., within a predetermined proximity) of the validation device. The method further comprises receiving a request from an accessor device requesting permission to utilize the operable device, the request including an identifier of the requesting accessor device, validating the request based on the reservation information and the identifier, and when validation is successful, granting to the requesting accessor device permission to utilize the operable device.
    Type: Grant
    Filed: December 30, 2019
    Date of Patent: September 7, 2021
    Assignee: Itron, Inc.
    Inventors: Bernard M. Woodland, Scott Dale Brown
  • Patent number: 11113366
    Abstract: A method and system for authenticating software licenses of a software includes a request for a software authentication received from one or more software subscribers and one or more electronic licenses distributed between one or more software vendors and the one or more software subscribers. Further, one or more tokens are validated through an authentication engine at a delivery packet delivered to the software subscriber. A license key associated with each validated token is generated and distributed through a licensing engine. The software is initiated to be enabled through the license key.
    Type: Grant
    Filed: October 26, 2017
    Date of Patent: September 7, 2021
    Assignee: INFOSYS LIMITED
    Inventors: Sudipto Shankar Dasgupta, Mayoor Rao, Gopinath Srungarapu, Vivek Sinha, Swaminathan Natarajan, Sairam Yeturi
  • Patent number: 11115204
    Abstract: Graphing services are provided to a device cooperative that includes data contributors, e.g., website hosts. Anonymized user data, provided by the data contributors, is accessed, via a blockchain, decrypted, and aggregated. A device graph is generated based on the aggregated user data. Contribution metrics are provided to the data contributors. A first contribution metric for a first data contributor indicates a contribution to the device graph of a first portion of the user data that was provided by the first data contributor. In response to receiving a request for a verification of the first contribution metric, a zero knowledge proof of the first contribution metric is generated and provided to the first data contributor. The first data contributor is enabled to evaluate the zero knowledge proof independent of access to a second portion of the user data that was provided by a second data contributor of the device cooperative.
    Type: Grant
    Filed: December 18, 2017
    Date of Patent: September 7, 2021
    Assignee: Adobe Inc.
    Inventors: Subrata Mitra, Vishal Babu Bhavani, Sunav Choudhary, Kishalay Raj, Ayush Chauhan
  • Patent number: 11101984
    Abstract: Systems, methods and apparatuses to configure a computing device for identification and authentication are described. For example, a key management server (KMS) has a certificate generator and is coupled to a registration portal. A copy of secret implemented into a secure component during its manufacture in a factory is stored in the KMS. After leaving the factory, the component can be assembled into the device. The portal receives registration of the component and a hash of software of the device. The certificate generator generates, independent of the device, public keys of the device, using the copy of the secret stored in the KMS and hashes of the software received via the registration portal, and then sign a digital certificate of the public key of the device. Authentication of the device can then be performed via the private key of the device and the certified public key.
    Type: Grant
    Filed: April 4, 2019
    Date of Patent: August 24, 2021
    Assignee: Micron Technology, Inc.
    Inventor: Olivier Duval
  • Patent number: 11102009
    Abstract: In general, embodiments of the invention relate to a method for transacting data. The method includes receiving a verification request from a data consumer, where the verification request specifies an object. The method further includes initiating servicing of the verification request using a verifiable credential, where the verifiable credential specifies a data broker service and the object, where the verifiable credential comprises a claim authorizing the data broker service to transact the object, and where the verifiable credential is issued by an owner of the object. The method further includes initiating transmission of the object to the data consumer based on the servicing of the verification request.
    Type: Grant
    Filed: October 28, 2019
    Date of Patent: August 24, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Riaz Zolfonoon, Stephen James Todd
  • Patent number: 11095459
    Abstract: Techniques for automatic generation of app-specific client certification are disclosed herein. In one embodiment, a method includes receiving, at a web server in a packaged application containing a co-packaged web client, a connection request from a web client and a first copy of a client certificate from the web client. Upon receiving the client certificate, the web server can authenticate the connection request from the web client using a second copy of a client certificate previously generated by the web server for the co-packaged web client. In response to successfully authenticating, based on both the first and second copies of the client certificate, the web server can establish a secure connection with the web client to allow the web client access to system level services on the computing device. Otherwise, the web server would refuse connection.
    Type: Grant
    Filed: May 31, 2018
    Date of Patent: August 17, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Christopher Scott Martinez, Shovon Nazmus, Matthew James Wilson, Jyotirmaya Tripathi, Rayman Aeron
  • Patent number: 11093654
    Abstract: A cryptographic ASIC and method for autonomously storing a unique internal identifier into a one-time programmable memory in isolation, by a foundry or a user. When later powered on, the ASIC calculates the value of the unique internal identifier from a predetermined input and compares the calculated identifier value to the stored identifier value. A match indicates the stored value is valid, while a mismatch indicates the stored value is invalid, whether due to natural memory component aging or damage by unauthorized access attempts. The ASIC may compare the calculated identifier to another copy or copies of the stored identifier, and disregard unreliable copies of the stored identifier. The ASIC may compare multiple copies of the stored identifier in a voting scheme to determine their validity. The confirmed valid lifetime of the ASIC thus extends far beyond the useful lifetime of a single copy of the stored identifier.
    Type: Grant
    Filed: July 16, 2019
    Date of Patent: August 17, 2021
    Assignee: Blockchain ASICs Inc.
    Inventor: Edward L. Rodriguez De Castro
  • Patent number: 11088854
    Abstract: For securing a blockchain access through a gateway (GAT) on behalf of a communication device (CD) in a wireless telecommunication network (TN), an apparatus (AM) operating with the gateway: receives a request (Req) sent from a communication device (CD) through the gateway (GAT), the request containing an identifier (IdCD) of the communication device, an identifier (IdR) of the request and a key (K), checks a distributed blockchain that includes information regarding the communication device and that is stored in a first blockchain network (BN1) and retrieving a value (V) corresponding to the key (K), creates a smart contract based on the key (K), the value (V), a timestamp (T), the identifier (IdCD) of the communication device, and the identifier (IdR) of the request, the smart contract being defined to confirm the validity of value (V) corresponding to the key (K) in the first blockchain network (BN1), appends the smart contract to a second blockchain network (BN2), the smart contract having to be execute
    Type: Grant
    Filed: January 31, 2019
    Date of Patent: August 10, 2021
    Assignee: Nokia Technologies Oy
    Inventors: Haithem El Abed, Bessem Sayadi
  • Patent number: 11086823
    Abstract: Aspects of the subject technology relate to ways to avoid file duplication in a cloud storage service. In some aspects, a method of the technology includes steps for retrieving, via a computer network, one or more files from a first memory location, identifying a first signature and a second signature for each of the files, and storing the first signature and the second signature into a duplication reference list. In some aspects, the method further includes steps for analyzing files in a second memory location to identify duplicate files using the duplication reference list. Systems and computer-readable media are also provided.
    Type: Grant
    Filed: December 28, 2017
    Date of Patent: August 10, 2021
    Assignee: Dropbox, Inc.
    Inventors: Dong-Jae Chung, Anna Geiduschek, Aakash Kambuj, Raveesh Nayar, Sam Stafford
  • Patent number: 11089433
    Abstract: A communication system with a master device configured to determine location information in real-time with respect to a portable device. The master device may direct one or more monitor devices to monitor communications that occur over a primary communication link. The monitor devices may sense characteristic information about the signal from the portable device, and communicate this characteristic information to the master device via an auxiliary communication link. The communication system may determine location of the portable device, authenticate the portable device, determine whether the portable device is authorized to allow or initiate an action, and command or enable an action with respect to equipment.
    Type: Grant
    Filed: March 27, 2020
    Date of Patent: August 10, 2021
    Assignee: DENSO CORPORATION
    Inventors: Raymond Michael Stitt, Eric Smith, Michael Stroud, Robert Hartman, Karl Jager, Antonio Fominaya, IV
  • Patent number: 11088823
    Abstract: According to an aspect, there is provided a first node for use in a system, the system comprising one or more trusted source nodes, one or more worker nodes and a verifier node, wherein the first node is configured to determine a trusted input commitment key for a trusted input to be input into a computation that is to be evaluated by the one or more worker nodes, wherein the trusted input commitment key is for use by the one or more trusted source nodes in forming a trusted input commitment of one or more trusted inputs; determine a computation evaluation key for use by the one or more worker nodes in determining a proof that a computation on one or more trusted inputs is correct and that the one or more trusted inputs were used in the computation, wherein the computation evaluation key comprises key material for one or more trusted input wires that are for inputting the one or more trusted inputs into the computation, wherein the key material is derived from a trapdoor value, one or more polynomials evaluat
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: August 10, 2021
    Assignee: Koninklijke Philips N.V.
    Inventor: Meilof Geert Veeningen
  • Patent number: 11082929
    Abstract: Methods, systems, and devices for wireless communications are described which may enable a user equipment (UE) and a base station to use outer-loop feedback support to reach a desired error rate for low latency communications. For example, a base station may transmit a proxy acknowledgement feedback configuration to a UE for communications associated with a low target error rate. In some cases, after receiving the communications from the base station, the UE may receive secondary communications from the base station. The UE may then decode the first and/or second communications according to the proxy acknowledgement feedback configuration and/or a normal acknowledgement feedback configuration and may determine a proxy acknowledgement feedback based on the decoding. Further, the UE may transmit the proxy and/or normal acknowledgement feedback to the base station, which may update outer-loop power settings for the low latency communications based on the acknowledgement feedback.
    Type: Grant
    Filed: November 25, 2019
    Date of Patent: August 3, 2021
    Assignee: QUALCOMM Incorporated
    Inventors: Seyed Ali Akbar Fakoorian, Jing Sun, Jing Jiang, Xiaoxia Zhang, Tingfang Ji
  • Patent number: 11082420
    Abstract: The present invention provides a certificate issuing system based on a block chain, the system having a means for directly generating a certificate-specific public key and a certificate-specific private key in a user terminal operated by a user, guiding the certificate-specific public key and the certificate-specific private key so as to be generated in a state in which a network in the user terminal is blocked, and eliminating the costs incurred for constructing, operating, and maintaining the certificate issuing system having a high-grade security system linked therewith so as to block hacking, which occurred in the past, as much as possible, since the certificate-specific public key requiring maintenance is stored and managed in an electronic wallet, installed in servers that hold block chains, through a peer-to-peer network (P2P)-based distributed database, not by a server run by a certificate authority (CA).
    Type: Grant
    Filed: March 7, 2016
    Date of Patent: August 3, 2021
    Assignee: Coinplug, Inc.
    Inventors: Joon Sun Uhr, Jay Wu Hong, Joo Han Song
  • Patent number: 11070355
    Abstract: A secure element (SE) determines a profile type and a privilege level. The privilege level, in some embodiments, is associated with a key used successfully by the SE to verify a cryptographic signature. In some embodiments, the privilege level is indicated by a privilege value read from an extension field of a root certificate. The SE determines, in some instances, whether to accept or reject a profile installation after comparing the profile type with the determined privilege level. Thus, a test server is allowed to provision a test profile to an SE even if the test server does not have commercial certification required of an electronic subscriber identity module (eSIM) server that provisions operational profiles. Because the test profile does not include credentials useful for network access, the lower-security test server does not create a risk of improper access to the network of a mobile network operator (MNO).
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: July 20, 2021
    Assignee: Apple Inc.
    Inventors: Li Li, Dennis D. Conway
  • Patent number: 11070537
    Abstract: A method of communication between two communicating entities, a first communicating entity generating a data message including useful data and an authentication header, the method including: generating a message identifier from a given parameter and a date and inserting the identifier into an authentication header; inserting a plurality of authentication data including at least one user identifier and one equipment identifier into the authentication header; determining and inserting a security profile into the authentication header defining the conditions: of encryption of the useful data of at least the transmission of the message by the first communicating entity; of generation of a data signature of the message and of the format of the generated signature, and inserting the useful data into the message to be transmitted.
    Type: Grant
    Filed: November 10, 2016
    Date of Patent: July 20, 2021
    Assignee: CASSIDIAN CYBERSECURITY SAS
    Inventors: Paul-Emmanuel Brun, Raphaƫl Cohen, Nicolas Petesque
  • Patent number: 11063766
    Abstract: A method for performing an electronic transaction is disclosed. The method provides authentication data and authentication software to an electronic device and preferably stored in a secure storage location or other location inaccessible to the user or the operating system of the device. When digital data is requested from a transaction party that requests a digital signature, the authentication software is activated to generate said digital signature from the authentication data. Next, the digital signature is provided to the other transaction party, which then provides the requested digital data. The digital signature may be embedded in the requested and provided digital data. Further, a method for performing a verification of legitimate use of digital data is disclosed.
    Type: Grant
    Filed: June 14, 2004
    Date of Patent: July 13, 2021
    Assignee: WARD PARTICIPATIONS B.V.
    Inventors: Scott MacDonald Ward, Teunis Tel
  • Patent number: 11063760
    Abstract: A mechanism for registering a device with an Internet of Things (IoT) edge network is disclosed. The manufacturer of the device stores credentials of the device in a secure storage of the device. The manufacturer also stores the credentials on a public blockchain with sensitive parameters hashed or encrypted. A certifying node accesses the credentials from the public blockchain to establish a secure connection with the device and to verify its credentials. The device sends the credentials to the certifying node, only if the certifying node is able to decrypt a device access parameter from the public blockchain. Upon verifying the credentials of the device, the certifying node issues a digital certificate to the new device and it is stored on a permissioned blockchain within the IoT network. Other nodes in the IoT network may use the digital certificate on the permissioned blockchain for secure communication with the device.
    Type: Grant
    Filed: June 13, 2019
    Date of Patent: July 13, 2021
    Assignee: SASKEN TECHNOLOGIES LTD
    Inventor: Girish Banavathi Venkata Subba
  • Patent number: 11062038
    Abstract: A method for distributed storage of identity data includes: receiving entity data for a plurality of entities, the data including an associated public key, associated attributes, and a geographic jurisdiction, and where one entity is a subordinate; generating a data file for each entity including the associated attributes and public key, and where the subordinate entity's data file includes a digital signature associated with a superior entity; generating an identity value for each entity via hashing the associated data file; and storing, in a distributed hash table, a key-value pair for each entity, wherein the key is the associated identity value, the value comprises the associated attributes, and the key-value pair is stored in a physical data storage device located in a geographic area corresponding to the associated geographic jurisdiction.
    Type: Grant
    Filed: November 1, 2019
    Date of Patent: July 13, 2021
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Anthony Paul Murphy, Timothy Warren Mattingly, Peter Julian Reyes Flor
  • Patent number: 11055397
    Abstract: Exemplary embodiments relate to the secure storage of security questions through an immutable log, such as a blockchain. The security questions may be stored in a centralized location, accessible from an application or browser tab running on the user's device. When a security question is required, such as to perform a password reset on a website, the website may interact with the application or browser tab, which retrieves the question(s) from the blockchain. The user may enter their answers to the question(s), which may be hashed by the application or tab. The hashed answers may be entered into the original requesting website, which may verify with the blockchain that the correct answers have been provided. Thus, the requesting website sees neither the questions nor the answers. Additional security features may include logging requests for questions, so that a user can determine if a security question may have been compromised.
    Type: Grant
    Filed: October 9, 2019
    Date of Patent: July 6, 2021
    Assignee: Capital One Services, LLC
    Inventors: Vincent Pham, Austin Grant Walters, Jeremy Edward Goodsitt, Fardin Abdi Taghi Abad, Anh Truong, Kate Key, Kenneth Taylor
  • Patent number: 11055390
    Abstract: A computer implemented system and method provide an authenticated unique digital identity through a verifying and validating an asserted identity of a user for enrollment in a secure personal dataset accessing system, wherein the personal dataset includes identifiable attributes of the user. Authenticity of an asserted user identity includes electronically verified identifiable attributes to form the personal dataset. A generated digital security element results in the user electronically receiving a password and unique electronic address assigned to the user. The digital security element is then transmitted to the user and enables electronic access to the personal dataset, the personal dataset having been authenticated through the verification and validation.
    Type: Grant
    Filed: April 8, 2019
    Date of Patent: July 6, 2021
    Inventor: James F. Kragh
  • Patent number: 11036840
    Abstract: A fingerprint recognition method and apparatus, and a touchscreen terminal with a fingerprint recognition module includes, when a fingerprint authentication module is in a disabled state, a touch operation used to trigger an application program is received, if fingerprint authentication is not required for execution of the application program, the fingerprint recognition module is kept in a disabled state, and after the application program has been executed for specific duration, the fingerprint authentication module is enabled again, to perform the fingerprint authentication.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: June 15, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Jiejing Huang, Huangwei Wu
  • Patent number: 11026085
    Abstract: Methods, apparatus, and systems for securing the interactions of a user with an application using a Bluetooth enabled authentication device are disclosed.
    Type: Grant
    Filed: February 21, 2017
    Date of Patent: June 1, 2021
    Assignee: OneSpan North America Inc.
    Inventors: Benoit Grange, Johan Verrept, Mathias Claes
  • Patent number: 11025436
    Abstract: A system and method for a self-authenticating identity. A self-authenticating identity is a digital identity created in an embodiment by aggregating a user's verified identity information and its public key, both of which are digitally signed by the user and an identity provider. This cryptographic binding allows the user to prove it is in fact the true party that the identity was issued to, without the need for a third party to be directly involved. The identity may also contain information that conveys how the identity was verified.
    Type: Grant
    Filed: February 28, 2018
    Date of Patent: June 1, 2021
    Assignee: BANCO BILBAO VIZCAYA ARGENTARIA, S.A.
    Inventor: Louis Gasparini
  • Patent number: 11025437
    Abstract: A method for post-manufacture certificate generation for an electronic device 4 comprises obtaining a public key from the electronic device 4, and enrolling the device in to a chain of trust provided by a public key infrastructure in which a child certificate is attested as valid by an attestor associated with a parent certificate in the chain. The enrolling comprises generating an electronic device certificate 30-I for the chain of trust using the public key 32 obtained from the electronic device. The enrolling is performed at an enrolment device 6 separate from the electronic device 4. The electronic device certificate 30-I is a descendant certificate of the enrolment device certificate 30-D associated with the enrolment device 6.
    Type: Grant
    Filed: August 28, 2018
    Date of Patent: June 1, 2021
    Assignee: Trustonic Limited
    Inventor: Chris Loreskar
  • Patent number: 11023875
    Abstract: A system and method for the management of electronic credentials stored on mobile devices. The system may encrypt information that is provided to a lock device and an access control system using diversification keys. The diversification keys may be generated by supplying a master key and a component identifier such as, for example, a mobile device identifier, to a diversification algorithm. The mobile device may be a conduit for the communication of information between the access control system and the lock device. The mobile device may be unable to decrypt information that has been encrypted by a diversification key. Embodiments also provide for enrolling administrative mobile devices with the access control system, the distribution and revocation of credential identifiers for user mobile device, and removing administrative mobile devices that are enrolled with lock devices.
    Type: Grant
    Filed: April 9, 2019
    Date of Patent: June 1, 2021
    Assignee: Schlage Lock Company LLC
    Inventors: Todd Eberwine, Jeffrey S. Neafsey, Jon P. Torre, Donald L. Beene, Hamid Abouhashem, Michelle Vickrey, Andrew Oliver
  • Patent number: 11025353
    Abstract: A broadcast receiving system is disclosed that verifies a current digital certificate extracted from a digital broadcast signal using a previous digital certificate previously stored as trusted. The current and previous digital certificates are associated with digital signatures with which data received with the broadcast signal has been signed. Also disclosed is a system for signing application data to be broadcast together with a digital certificate in a digital broadcast signal. A current digital certificate attesting the validity of a digital signature attached to broadcast data is in turn signed with a digital signature using one or more previous private keys associated with respective previous certificates identifying the issuer of the current digital certificate. These disclosures are in particular applicable to HbbTV.
    Type: Grant
    Filed: July 13, 2016
    Date of Patent: June 1, 2021
    Assignee: Nagravision S.A.
    Inventors: Bertrand Wendling, Jean-Philippe Aumasson
  • Patent number: 11025605
    Abstract: A system and method is disclosed for transporting application data through a communications tunnel between a host device and a guest device that each includes networked processors. The application data may be transported between the host device and the guest device through an allowed port of the host device, the communications tunnel, and a port of the guest device. Based on logon credentials, the guest device can be authenticated by a security server and a role may be determined. The role can include allowed ports and associated applications on the host that the guest is allowed to access. Remote access from the guest device to host devices or remote devices may be enabled without needing prior knowledge of their configurations. Secure access may be facilitated to remote host devices or remote devices, according to security policies that can vary on a per-session basis and takes into account various factors.
    Type: Grant
    Filed: February 4, 2019
    Date of Patent: June 1, 2021
    Assignee: Netop Solutions A/S
    Inventors: Peter Holmelin, Valentin Palade, Dragos Ivan
  • Patent number: 11025408
    Abstract: A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: June 1, 2021
    Assignee: Cable Television Laboratories, Inc.
    Inventors: Massimiliano Pala, Ronald H. Ih
  • Patent number: 11019068
    Abstract: A quorum-based access mechanism can require multiple entities to provide credentials over a determined period of time in order to obtain access to one or more resources in an electronic environment. This can include receiving a request that is signed by multiple signatories, or receiving multiple requests within a determined period that are each signed by a respective and authorized signatory. In some embodiments the receiving of a primary request causes notifications to be sent to other potential signatories, and a specified or minimum number must respond timely with a signed request to have the access granted. The quorum-based access mechanism can function as an additional authorization layer sitting in front of more conventional authorization and authentication mechanisms. In some embodiments a quorum token can be passed with the request, whereby resources in the environment can make access determinations based on the information in the token.
    Type: Grant
    Filed: May 8, 2019
    Date of Patent: May 25, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Hart Matthew Rossman, Erik Lee Swensson
  • Patent number: 11018875
    Abstract: A method for producing linkage values to be contained within pseudonym digital certificates of a security credential management system for connected vehicles, including the following steps: providing a linkage value function that expresses linkage values as a function of a number of input parameters that include a linkage seed input from a pseudonym certificate authority processor entity and a plurality of inputs from a registration authority processor entity including a vehicle identifier and at least one index relating to a time period for the linkage value; producing a Boolean circuit representative of the function for a particular combination of the number of input parameters; and executing a garbled circuit protocol on the Boolean circuit between the registration authority processor entity and the pseudonym certificate authority processor entity, whereby the pseudonym certificate authority processor entity privately derives a linkage value for the particular combination of the number of input parameters.
    Type: Grant
    Filed: August 31, 2018
    Date of Patent: May 25, 2021
    Assignee: OnBoard Security, Inc.
    Inventors: Cong Chen, Virendra Kumar
  • Patent number: 11010614
    Abstract: A total property security system may be implemented to conduct security and surveillance operations. The system includes security operations centers that are connected to one or more sensors and vehicles for collecting and transmitting surveillance data to a database hosted on cloud services. The collected surveillance data is analyzed in order to automatically deploy security measures and/or recommend courses of action using a rules engine that can be configured to client-specific or user-specific security needs. The cloud services can provide a set of application program interface services that can act on the surveillance operations center. Sensor fusion data and other surveillance data can be also transmitted to vetted monitoring service providers on a subscription basis to provide physical security services to the area within the property perimeter. During the subscription period, the selected monitoring service providers can obtain time-based encryption token for accessing surveillance data.
    Type: Grant
    Filed: January 25, 2018
    Date of Patent: May 18, 2021
    Inventor: Matias Klein
  • Patent number: 10999321
    Abstract: Service data is received by a server and from a client computing device, where the service data includes a unique identifier and a variable identifier stored in a local secure storage of the client computing device. The server parses the service data to obtain the unique identifier and the variable identifier as parsed data. The server determines whether the unique identifier and the variable identifier in the parsed data are identical to a unique identifier and a variable identifier associated with the client computing device and recorded by the server as recorded data. If the result of the determination is not identical, the server indicates that the local secure storage of the client computing device is under a copy attack, and performing a predetermined response action. If the result of the determination is identical, the server transmits a new variable identifier to the client computing device.
    Type: Grant
    Filed: November 9, 2018
    Date of Patent: May 4, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Xiaofeng Li
  • Patent number: 10986500
    Abstract: In a wireless network, a distributed ledger client maintains hardware-trust with a wireless network slice and distributed ledger nodes. The wireless network slice delivers wireless communication services to wireless user devices. When the distributed ledger client maintains hardware-trust with the wireless network slice, the wireless network slice transfers slice data to the distributed ledger client. The slice data that characterizes the delivery of the wireless communication services. The distributed ledger client transfers the slice data to the distributed ledger nodes. The distributed ledger nodes log the slice data when the distributed ledger client maintains hardware-trust with the distributed ledger nodes.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: April 20, 2021
    Assignee: Sprint Communications Company L.P.
    Inventors: Ronald R. Marquardt, Arun Rajagopal, Lyle Walter Paczkowski
  • Patent number: 10986504
    Abstract: Systems, methods, and computer-readable storage devices to enable secured data access from a mobile device executing a native mobile application that operates in connection with a server executing a headless browser are disclosed.
    Type: Grant
    Filed: March 24, 2020
    Date of Patent: April 20, 2021
    Assignee: AppBrilliance, Inc.
    Inventors: Charles Eric Smith, Sergio Gustavo Ayestaran
  • Patent number: 10977353
    Abstract: A computer-implemented method includes: receiving, by a computer device, biometric data scanned from a guardian and biometric data scanned from a ward; receiving, by the computer device, data defining a relationship between the guardian and the ward; storing, by the computer device, the biometric data scanned from the guardian, the biometric data scanned from the ward, and the data defining the relationship in a record in a secure database; receiving, by the computer device, a request for validation including scanned biometric data; determining, by the computer device, the scanned biometric data matches the record in the secure database; and transmitting, by the computer device and in response to the determining, data defining an authorization based on the relationship.
    Type: Grant
    Filed: September 18, 2018
    Date of Patent: April 13, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Michael Bender, Rhonda L. Childress, Todd R. Palmer, Manjari Roy
  • Patent number: 10979416
    Abstract: A system and method for managing a trusted connection within a public cloud comprises transmitting a first token and a second token from a cloud service manager to a public cloud controller, initializing a public cloud manager in response to receipt of the first token and the second token, and generate a cloud certificate, and transmitting the cloud certificate and the second token from the public cloud manager to a management plane. The method further comprises establishing a trusted connection between the public cloud controller and the management plane in response to receipt of the cloud certificate and the second token by the management plane.
    Type: Grant
    Filed: May 9, 2018
    Date of Patent: April 13, 2021
    Assignee: Nicira, Inc.
    Inventors: Vaibhav Kulkarni, Narendra Sharma, Aditya Gokhale, Ganesan Chandrashekhar, Vivek Agarwal, Akshay Katrekar, Rompicherla Sai Pavan Kumar
  • Patent number: 10977699
    Abstract: A device may download a session configuration file from a server over a network, obtain one or more parameters from within the session configuration file, download a content package based on the one or more parameters, and store the content package in a temporary folder. The device may also uncompressing the content package into a content folder in the temporary folder. The content folder includes resources that correspond to widgets in a template, wherein the content folder further includes the template, and wherein the template specifies a layout of the widgets on a page to be output to a display device.
    Type: Grant
    Filed: July 28, 2017
    Date of Patent: April 13, 2021
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Arvind Basra, John J Arky, Robert Kaphan, Antonio M Osorio
  • Patent number: 10972265
    Abstract: Methods, systems, and devices are described herein for delivering protected data to a trusted execution environment (TrEE) associated with a potentially untrusted requestor. In one aspect, a targeting protocol head may receive a request for protected data from a potentially untrusted requestor associated with a TrEE, and an attestation statement of the TrEE. The targeting protocol head may retrieve the protected data, and obtain a targeting key of the TrEE from, for example, the request in the case of clean room provisioning, or the attestation statement. The targeting protocol head may generate targeted protected data by encrypting the protected data with the targeting key, and provide the targeted protected data to the potentially untrusted requestor, where a private targeting key of the TrEE is required to decrypt the targeted protected data.
    Type: Grant
    Filed: January 26, 2017
    Date of Patent: April 6, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Mark F. Novak
  • Patent number: 10972290
    Abstract: In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data, including at least one of a user name, user address, user email, user phone number, user tax identification (ID), user social security number and user financial account number. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate, and matches that with the user identification data stored in a database.
    Type: Grant
    Filed: July 17, 2020
    Date of Patent: April 6, 2021
    Assignee: BEYOND IDENTITY INC.
    Inventors: Nelson Melo, Michael Clark, James Clark
  • Patent number: 10965704
    Abstract: In one embodiment, a device in a network receives traffic information regarding one or more secure sessions in the network. The device associates the one or more secure sessions with corresponding certificate validation check traffic indicated by the received traffic information. The device makes a self-signed certificate determination for an endpoint domain of a particular secure session based on whether the particular secure session is associated with certificate validation check traffic. The device causes the self-signed certificate determination for the endpoint domain to be used as input to a malware detector.
    Type: Grant
    Filed: June 20, 2019
    Date of Patent: March 30, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Martin Kopp, Martin Grill, Jan Kohout
  • Patent number: 10951594
    Abstract: Computer-implemented systems and methods for digital content protection and security in multi-computer networks are provided. In one embodiment, a system for cryptographic digital content protection and security is disclosed. The system may include at least one processor, and a storage medium comprising instructions that, when executed, configure the at least one processor to determine specifications of a computer terminal, determine a status of the computer terminal as a public terminal or a private terminal, identify sensitive information in a data transmission, generate output instructions associated with the sensitive information, and provide the data transmission and the output instructions to the computer terminal over a network.
    Type: Grant
    Filed: February 11, 2019
    Date of Patent: March 16, 2021
    Assignee: TeleTracking Technologies, Inc.
    Inventors: Rodger J Fletcher, Prabhuvel Kandaswamy, Raghuram Ramesh
  • Patent number: 10951423
    Abstract: A cryptographic system (100) is provided for distributing certificates comprising a certificate authority device (110) and multiple network nodes (140, 150, 160). A network node (140) sends a public key to the certificate authority device. The certificate authority device (110) generate a certificate comprising the public key, forms an identifier by applying an identity forming function to the certificate and generates local key material specific for the network node by applying a local key material generation algorithm of an identity based key pre-distribution scheme on the identifier, and sends the local key material encrypted to the network node. The network node may be authenticated implicitly through its access to a shared key obtainable from the local key material.
    Type: Grant
    Filed: March 28, 2017
    Date of Patent: March 16, 2021
    Assignee: Koninklijke Philips N.V.
    Inventors: Oscar Garcia Morchon, Ronald Rietman, Ludovicus Marinus Gerardus Maria Tohluizen, Maarten Peter Bodlaender
  • Patent number: 10943005
    Abstract: A computer-implemented system and method for secure authentication of IoT devices are disclosed. The method for secure authentication of IoT devices comprises establishing a network connection with a network operator server via a control channel, establishing identity of the network operator server using a pre-shared server key, establishing identity of the IoT device using a pre-shared client key and cryptographically generating a session key for a network session to allow secure data exchange between the network operator server and the IoT device. The cryptographically generated session key is used for securely authenticating application running on the authenticated IoT device.
    Type: Grant
    Filed: November 21, 2018
    Date of Patent: March 9, 2021
    Assignee: Aeris Communications, Inc.
    Inventor: Yixiang Chen
  • Patent number: 10944576
    Abstract: An authorization method using provisioned certificates is disclosed. The method includes writing security attributes to fields within a certificate and issuing the certificate to a software application on a principal node. The software application requests to perform actions on one or more resources on a resource node, sending one or more action requests along with a copy of its certificate. The resource node has an agent which verifies the permissions from the certificate and routes the request to its designated resource. The resource node returns one or more messages to the principal node, verifying whether or not complete the requests.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: March 9, 2021
    Assignee: PENSANDO SYSTEMS INC.
    Inventors: Enrico Schiattarella, Vipin Jain, Ravi Kumar Gadde
  • Patent number: 10936745
    Abstract: Methods and systems for encrypting data for a multi-tenant filesystem environment are provided. A system for encrypting data for a multitenant filesystem environment includes a file characteristics module that determines file characteristics for a file. The system also includes a user identification module that collects user identification information for one or more file operations, where a file operation in the one or more file operations is performed on a portion of the file. The system further includes a portion information module that gathers portion information about the portion of the file. Additionally, the system includes an encryption module that associates the portion information with a subtenancy encryption key in one or more subtenancy encryption keys based on the user identification information, where the one or more subtenancy encryption keys are associated with the file.
    Type: Grant
    Filed: July 20, 2018
    Date of Patent: March 2, 2021
    Assignee: International Business Machines Corporation
    Inventors: Abhishek Jain, Anil Laxman Palled, Deepak Ghuge, Sasikanth Eda
  • Patent number: 10938558
    Abstract: An apparatus and system for authenticating features for download to an image scanning apparatus has a client computing device generate an image of a symbol that encodes authentication data. The client computing device hashes a communication parameter of its transceiver, digitally signs the hash value with a private key from public-private key pair, and encodes the hash value, digital signature and the unencrypted communication parameter into the symbol. The image scanning apparatus captures an image of the symbol, decodes the symbol, verifies whether the unencrypted communication parameter corresponds to the hash of the communication parameter, and a public key stored in the memory of the barcode reader corresponds with the private key used to sign the hash value. If the communication parameter corresponds with the hash value and the signature corresponds with the public key, the barcode reader enables its transceiver to download the feature from the client computing device.
    Type: Grant
    Filed: December 17, 2018
    Date of Patent: March 2, 2021
    Assignee: Zebra Technologies Corporation
    Inventors: Kenneth S. Bhella, Mariya Wright
  • Patent number: 10936735
    Abstract: When a client requests a data import job, a remote storage service provider provisions a shippable storage device that will be used to transfer client data from the client to the service provider for import. The service provider generates security information for the data import job, provisions the shippable storage device with the security information, and sends the shippable storage device to the client. The service provider also sends client-keys to the client, separate from the shippable storage device (e.g., via a network). The client receives the device, encrypts the client data and keys, transfers the encrypted data and keys onto the device, and ships it back to the service provider. The remote storage service provider authenticates the storage device, decrypts client-generated keys using the client-keys stored at the storage service provider, decrypts the data using the decrypted client-side generated keys, and imports the decrypted data.
    Type: Grant
    Filed: August 2, 2019
    Date of Patent: March 2, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Frank Paterra, Firat Basarir
  • Patent number: 10929518
    Abstract: The present invention provides an information processing apparatus that stores digital certificates. The information processing apparatus selects a digital certificate among the digital certificates stored in the storing unit in accordance with an instruction of a user, obtains an expiration date of the selected digital certificate and revocation information on the selected digital certificate. The information processing apparatus determines validity of the selected digital certificate on a basis of the obtained expiration date and the obtained revocation information and sets the digital certificate determined to be valid as a digital certificate for communication.
    Type: Grant
    Filed: December 27, 2018
    Date of Patent: February 23, 2021
    Assignee: Canon Kabushiki Kaisha
    Inventor: Ryo Fujikawa
  • Patent number: 10909487
    Abstract: In one implementation, a workflow system can include a storage engine and a merger engine. The storage engine maintains a restricted workflow part on a first storage resource and maintains a customizable workflow part on a second storage resource. The merger engine retrieves the restricted workflow part based on the product version and merge the restricted workflow part with the customizable workflow part associated with the restricted workflow part.
    Type: Grant
    Filed: August 28, 2014
    Date of Patent: February 2, 2021
    Assignee: Micro Focus LLC
    Inventors: Rotem Chen, Yoni Roit, Hava Babay Adi, Yifat Felder