By Certificate Patents (Class 713/156)
  • Patent number: 11457010
    Abstract: A sending device may send data intended for a target device. An intermediate device may intercept the data sent from the sending device and forward the communications to the target device. Security data (e.g., a security certificate for authentication) along with an encrypted version of the security data may be sent at the application layer such that it passes from the sending device, through the intermediate device, and to the target device without being analyzed or modified by the intermediate device. The target device may use the encrypted security data and the security data to verify the identity of the sending device.
    Type: Grant
    Filed: April 5, 2019
    Date of Patent: September 27, 2022
    Assignee: Comcast Cable Communications, LLC
    Inventors: Asad Haque, Ahmad Douglas, Ahmad Altamimi, Liesheng Long
  • Patent number: 11455295
    Abstract: Provided are embodiments of electronic document processing that include a workflow engine executing a workflow that includes verifying material data of an electronic document, providing a verified copy of the electronic document to a reviewer for review and, in response to receiving approval of the electronic document from the reviewer, obtaining a digital signature of material data of the electronic document from the reviewer. The workflow may include a similar process for multiple reviewers, and providing the electronic document to a processor for processing.
    Type: Grant
    Filed: July 21, 2020
    Date of Patent: September 27, 2022
    Assignee: Saudi Arabian Oil Company
    Inventor: Majid Alroqaie
  • Patent number: 11456878
    Abstract: A pseudonym certificate management method, performed by a pseudonym certificate management apparatus interworking with an external server, may comprise: receiving, from the external server, a pseudonym certificate in a state locked based on a root value identifiable only by the external server; periodically receiving an unlocking key for the pseudonym certificate from the external server; activating the pseudonym certificate with the unlocking key; and when the activated pseudonym certificate is abnormal, deactivating the pseudonym certificate.
    Type: Grant
    Filed: January 22, 2021
    Date of Patent: September 27, 2022
    Assignees: PENTA SECURITY SYSTEMS INC., AUTOCRYPT CO., LTD.
    Inventors: Myung Woo Chung, Hyun Min Choi, Sang Gyoo Sim, Eui Seok Kim, Duk Soo Kim, Seok Woo Lee
  • Patent number: 11456881
    Abstract: A method and apparatus is provided for updating certificates in a trust chain and managing versions of the trust chain. A first electronic processor determines that a first certificate in a first level of the trust chain is to be updated, updating the first certificate and each certificate in a lower level in the trust chain that is lower than the first level, creates a second version of the trust chain including an updated first certificate and an updated certificate at each lower level in the trust chain, and transmits the second version of the trust chain to one or more entities.
    Type: Grant
    Filed: June 30, 2017
    Date of Patent: September 27, 2022
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: Wojciech Kucharski, Elizeusz Musial, Andrzej Grzesik, Marcin Tomasik, Chris A. Kruegel
  • Patent number: 11451519
    Abstract: An anonymous credential authentication system receives an anonymous credential signature value indicating that setting proposition information using a credential is satisfied from a user device that has been issued the credential combined with multiple pieces of attribute information constituting personal information, generates signer authentication information that confirms a signer of the anonymous credential signature value using an opening key, and outputs the signer authentication information.
    Type: Grant
    Filed: November 25, 2020
    Date of Patent: September 20, 2022
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Jung Yeon Hwang, Seung-Hyun Kim, Sung-Hoon Lee, Soo Hyung Kim, Sangrae Cho, Seok Hyun Kim, Young Seob Cho, Youngsam Kim, Jong-Hyouk Noh, Kwantae Cho, Jin-Man Cho
  • Patent number: 11443579
    Abstract: Systems and methods are provided to allow a smart phone or any terminal to activate a lock using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes a processor and a communication module. The process has control of a lock and is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the lock when a current reservation certificate has been presented.
    Type: Grant
    Filed: April 2, 2022
    Date of Patent: September 13, 2022
    Assignee: Urban Intel, Inc.
    Inventors: Chris Outwater, William Gibbens Redmann
  • Patent number: 11436127
    Abstract: A consumer of a software module issues a module certificate that enables a testing entity to automatically validate a software module from a producer of the software module. The consumer receives a request for a module certificate from the producer of the software module. The request indicates attributes of the software module. The consumer determines whether the attributes of the software module are within predetermined limits, and if the attributes are within predetermined limits, the consumer generates and signs the module certificate including the attributes of the software module. The consumer issues the module certificate to the producer of the software module. Once the consumer obtains a software package including the software module and the module certificate from the producer, the consumer directs a testing entity to validate the software module with the module certificate.
    Type: Grant
    Filed: September 10, 2020
    Date of Patent: September 6, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Vijayakumar Raghavendran, Chockalingam Ramiah
  • Patent number: 11438179
    Abstract: A computer-implemented method, a system, and a computer program product for renewing a digital certificate. According to an embodiment of the present invention, the computer-implemented method comprises copying a digital certificate, from a first computer, onto a second computer, and requesting, from the second computer, renewal of the digital certificate by a certificate authority. The method further comprises loading a renewed digital certificate from the certificate authority, and saving the renewed digital certificate on the second computer. The renewed digital certificate is checked, on the second computer, for specified conditions, and the renewed digital certificate is copied from the second computer onto the first computer.
    Type: Grant
    Filed: May 18, 2020
    Date of Patent: September 6, 2022
    Assignee: Kyndryl, Inc.
    Inventor: Priyanka Tripathi
  • Patent number: 11431514
    Abstract: During provisioning of a biometric device, a hardware root of trust is established between the biometric device and a server. The biometric device includes a cryptographic processor with a first encryption key stored in secure storage. The first encryption key is used to establish a mutually authenticated communication channel with the server. A set of additional encryption keys between the device and the server are established via the communication channel. Biometric data generated by the biometric device is encrypted using the additional keys and digitally signed. The server receives the encrypted and signed data via the communication channel and verifies the signature. Once the signature is verified, the biometric data is then decrypted. The server then processes the decrypted biometric data. Data that does not arrive via the communication channel, that fails the verification, or that fails decryption is deleted or disregarded.
    Type: Grant
    Filed: May 5, 2020
    Date of Patent: August 30, 2022
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Sarath Geethakumar, Krutarth Mukesh Gathani, Bruce Cooper, Eric Crahen
  • Patent number: 11431512
    Abstract: Described herein is a system and method for validating media integrity using asymmetric key cryptography utilizing a public/private cryptographic key pair. The private key is kept secret and is known to an originator and/or publisher of a media file. The public key is added to the media file and is used to validate integrity of the media file, that is, that content of the media file (e.g., portion(s), frame(s)) has not been altered since publication of the media file. By validating integrity of the media file, strong proof that the media file came from an owner of the keypair (e.g., had possession of the private key) can be obtained, for example, resolving issues of trust and/or authenticity common in altered content. In some embodiments, information regarding an origin of the content can further be determined.
    Type: Grant
    Filed: January 23, 2020
    Date of Patent: August 30, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Rebecca Nicole Burke-Aguero, Samuel John Wenker, Andrew Lee Jenks, Isha Sharma
  • Patent number: 11416181
    Abstract: An information processing apparatus is provided. The apparatus performs operations comprising searching for devices connected to a network; displaying a screen for selecting a device to be used from among devices discovered through the search; when the device selected through the screen is a device which can perform encrypted communication and for which a result of processing for verifying a certificate received from the device is a failure, inquiring with a user as to whether to allow or reject communication with that device; and obtaining information of the selected device by communicating with the device when a user operation for allowing the communication has been made in response to the inquiring, and performing control for not establishing encrypted communication with the selected device when a user operation for rejecting the communication has been made.
    Type: Grant
    Filed: September 16, 2020
    Date of Patent: August 16, 2022
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Go Inoue
  • Patent number: 11410212
    Abstract: Embodiments of the present application relate to a method, apparatus, and system for verifying an identity of a user. The method includes receiving a preset key that is associated with a key carrier that is a physical object, storing the preset key in a database storing mappings between a plurality of preset keys and a plurality of users, receiving a verification key in connection with an identity verification of a user, retrieving the preset key associated with the user from the database, determining whether the verification key matches the preset key associated with the user, and causing a determination of whether the key carrier is authentic.
    Type: Grant
    Filed: June 1, 2015
    Date of Patent: August 9, 2022
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Yongdong Wei
  • Patent number: 11394564
    Abstract: A public key infrastructure (PKI) ecosystem includes a first organization computer system having a first processor, a first memory, and a first organization process including instructions that are (i) encoded in the first memory, and (ii) executable by the first processor. The ecosystem further includes a second organization computer system having a second processor and a second memory, a digital ledger, and domain name system security extensions (DNSSEC). When executed, the first instructions cause the first processor to create at least one public/private PKI keypair for a first domain name, in the DNSSEC, register the first domain name and create a certificate authority (CA), register the CA in the blockchain, using the CA, create a certificate for a first entity, register the certificate in the blockchain and/or the DNSSEC, and assert, to the second organization computer system, trust in the first entity based on the registered certificate.
    Type: Grant
    Filed: November 23, 2020
    Date of Patent: July 19, 2022
    Assignee: Cable Television Laboratories, Inc.
    Inventors: Darshak Thakore, Michael Glenn, Brian Alexander Scriber, Steven John Goeringer
  • Patent number: 11379837
    Abstract: Embodiments of the present invention provide a method, program, and apparatus that may identify a device by using a virtual code generated based on a unique value of a chip inside a device without a separate procedure for identifying the device. Furthermore, embodiments of the present invention provide a method, program, and apparatus that may generate a virtual code, which is not matched with any other code, whenever a code for identifying a device is requested. Moreover, embodiments of the present invention provide a method, program, and apparatus for identifying a device that may add and use only an algorithm without changing a conventional process.
    Type: Grant
    Filed: August 2, 2021
    Date of Patent: July 5, 2022
    Assignee: SSenStone Inc.
    Inventor: Chang Hun Yoo
  • Patent number: 11381403
    Abstract: A method, a system, and a computer program product for validating a transaction. A received request to validate a transaction in accordance with one or more validation rules in a plurality of validation rules is executed. Based on the executed validation request, a validation certificate associated with the transaction is generated. Validity of the validation certificate is determined. The transaction is stored on a blockchain network upon determining that the validation certificate is valid. Storage of the transaction on the blockchain network is prevented upon determination that the validation certificate is invalid.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: July 5, 2022
    Assignee: SAP SE
    Inventor: Huijie Zhang
  • Patent number: 11373474
    Abstract: Systems and methods are provided to allow a smart phone or any terminal to activate a door lock using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes a processor and a communication module. The process has control of a door lock and is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the door lock when a current reservation certificate has been presented.
    Type: Grant
    Filed: January 3, 2022
    Date of Patent: June 28, 2022
    Assignee: Urban Intel, Inc.
    Inventors: Chris Outwater, William Gibbens Redmann
  • Patent number: 11374736
    Abstract: This is a system and method for homomorphic encryption comprising: a key generation module configured to generate a secret key, a public key and a bootstrapping key; a private-key encryption module configured to generate a first ciphertext using the secret key; a public-key encryption module configured to generate a second cyphertext using the public key; a private-key decoding module configured to decode a first ciphertext, a second ciphertext and an encrypted analytic result; a homomorphic computational module configured to perform an analytical operation, according to an analytical operation request on the first ciphertext and the second ciphertext without decrypting the first ciphertext and the second ciphertext using the bootstrapping key; and, wherein the encrypted analytical result is provided by the homomorphic computational module and are encrypted with the secret key.
    Type: Grant
    Filed: June 20, 2019
    Date of Patent: June 28, 2022
    Assignee: Clemson University
    Inventor: Shuhong Gao
  • Patent number: 11374771
    Abstract: A system for implementing mixed protocol certificates, the system includes a subject device designed and configured to receive, from an issuing device, a first digital certificate, wherein the first digital certificate further comprises a first digital signature public and private key pair according to a first digital signature protocol and a second digital signature public key according to a second digital signature protocol, wherein the second digital signature protocol is distinct from the first digital signature protocol, to generate a second digital certificate, wherein generating the second digital certificate comprises generating a subject digital signature signing the certificate, the subject digital signature generated as a function of the second digital signature protocol and to provide the first digital certificate and the second digital certificate to a verifying device.
    Type: Grant
    Filed: March 24, 2020
    Date of Patent: June 28, 2022
    Assignee: Ares Technologies, Inc.
    Inventors: Christian T. Wentz, Mira Belenkiy, Anna Lysyanskaya, Ilia Lebedev
  • Patent number: 11361110
    Abstract: A file verification method, a file verification system and a file verification server are provided. The file verification method includes the following steps. A tree data structure is established according to a plurality of first hash values of a plurality of first electronic files. A first root hash value of the tree data structure is stored into a block of a blockchain. A verification data including block information of the block, one of the first hash values and at least one non-terminal hash value of the tree data structure is generated for one of the first electronic files. A second electronic file is verified according to the verification data.
    Type: Grant
    Filed: August 19, 2019
    Date of Patent: June 14, 2022
    Assignee: Acer Incorporated
    Inventors: Yung-Cheng Huang, Shao-Nung Huang
  • Patent number: 11362892
    Abstract: A home energy management system (HEMS) controller certifies a plurality of devices participating in an HEMS network. When a request for re-certification is issued to a given device among the plurality of devices and when a response is not available from the device, the HEMS controller suspends a re-certification process for the device and performs a re-certification process for another device first.
    Type: Grant
    Filed: April 23, 2020
    Date of Patent: June 14, 2022
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventor: Yoichi Masuda
  • Patent number: 11362844
    Abstract: Systems and methods for provisioning and operating a primary security device in a verifiable end-to-end election system are presented herein. The security device serves as a root of trust for chains of certificates that are deployed and utilized throughout the election process. These chains of certificates, originating with the device, which acts as an intermediate certification authority, are used to create a verifiable trust chain throughout the different parts of the election process, the trust chain being traceable back to the device and to the original root of trust certificate. In various embodiments the security device includes a compute module, a security chip, a connection to a human interface display device, at least one lockable transfer device port, and an air-gapped main board to house the compute module, the security chip, and the lockable transfer device port.
    Type: Grant
    Filed: August 30, 2021
    Date of Patent: June 14, 2022
    Assignee: Vidaloop, Inc.
    Inventors: Ryan Scott Cook, David Wallick
  • Patent number: 11362812
    Abstract: The aim of the invention is to strengthen the security of secure voice and/or video communications established through a network of Internet type. The security of these communications, which are based on the use of the SRTP protocol, is strengthened by the invention which makes it possible, without significantly modifying the protocols, to use better quality session keys produced by a security server of HSM type. These keys are configured by an intermediate server of SIP proxy type when establishing the communication.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: June 14, 2022
    Assignee: BULL SAS
    Inventor: Alexandre Marchese-Ribeaux
  • Patent number: 11356440
    Abstract: Automated registration of one or more IoT devices seeking connection to one or more IoT platforms using a secure provisioning service. The secured provisioning service verifies and administers connection credentials to each IoT device, ensuring legitimate devices cannot be impersonated or controlled by unauthorized personnel. The provisioning service matches the IoT devices and metadata of each IoT device to the provisioning rules. Connection credentials and/or rules defining each IoT device's access to IoT platforms are based on the provisioning rules of the rules registry. Matching each IoT device to one or more provisioning rules offers flexibility to dynamically add, delete or amend one or more rules in a complex rules-based system, allowing for automatic updates to the connection credentials of each IoT device, wherein each IoT device can be provisioned or re-provisioned using the most up to date set of new or amended rules.
    Type: Grant
    Filed: November 30, 2018
    Date of Patent: June 7, 2022
    Assignee: International Business Machines Corporation
    Inventors: Amit Mohan Mangalvedkar, Peter David Niblett, Mats Gothe, Jack Philip Boad, Swati Sinha
  • Patent number: 11356425
    Abstract: Embodiments of the present disclosure generally relate to systems, devices, and methods wherein dynamically generated symmetric keys are used for encryption and decryption of software updates for vehicles. The symmetric keys are dynamically generated using a combination of information that ties a given symmetric key to a specific combination of a vehicle and the devices installed therein. The dynamic generation of the symmetric keys also uses a piece of random data generated by an intermediary server, which allows the intermediary server to validate devices before providing the piece of random data and thereby control access to the software updates. Use of the techniques disclosed herein provide heightened security, control, safety, and reliability for over-the-air software updates for vehicles.
    Type: Grant
    Filed: November 30, 2018
    Date of Patent: June 7, 2022
    Assignee: PACCAR Inc
    Inventor: David R. Kruger
  • Patent number: 11356281
    Abstract: Embodiments described herein provide systems and methods to prevent, or provide a countermeasure, to a co-existence attack, for example, that may occur in a Security Credential Management System (SCMS) where both regular butterfly key (RBK) protocol and unified butterfly key (UBK) protocol are supported. Embodiments described herein provide, support, employ, or implement hardware acceleration for a Hardware Security Module (HSM), for example, for cryptographic operations (e.g., block ciphers, digital signature schemes, and key exchange protocols).
    Type: Grant
    Filed: May 13, 2020
    Date of Patent: June 7, 2022
    Assignees: LG ELECTRONICS, INC., UNIVERSITY OF SAO PAULO
    Inventors: Henrique S. Ogawa, Thomas E. Luther, Jefferson E. Ricardini, Helmiton Cunha, Jr., Marcos A. Simplicio, Jr., Harsh Kupwade-Patil
  • Patent number: 11350283
    Abstract: Techniques and systems are disclosed to enable location verification and tracking, for use or access of a geographic-specific phone number or similar location feature of a communications service by a mobile computing device at (or within) a geographic location or defined area. In an example, verification of a use of the device at the location or area is enabled by the receipt and collection of location verification data for a token having location verification and time data, with such location verification data being communicated via a short-range wireless network. The verification is enabled by communication of the token to a communications service for device identification and location registration, and assess to a resource based on registered use of the communications device at the geographic location. In further examples, capabilities for security, verification, and auditing of location information is enabled with use of the token and location information.
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: May 31, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Amer Aref Hassan, Hooman Shiranimehr, Ashley Ingram
  • Patent number: 11343099
    Abstract: A device, method, and computer readable storage medium generate a biometric public key for an individual based on both the individual's biometric data and a secret, in a manner that verifiably characterizes both while tending to prevent recovery of either by anyone other than the individual. The biometric public key may be later used to authenticate a subject purporting to be the individual, using a computing facility that need not rely on a hardware root of trust. Such biometric public keys may be distributed without compromising the individual's biometric data, and may be used to provide authentication in addition to, or in lieu of, passwords or cryptographic tokens. Various use cases are disclosed, including: enrollment, authentication, establishing and using a secure communications channel, and cryptographically signing a message.
    Type: Grant
    Filed: May 17, 2019
    Date of Patent: May 24, 2022
    Assignee: Badge Inc.
    Inventors: Charles H. Herder, III, Tina P. Srivastava
  • Patent number: 11343312
    Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus are provided. In certain configurations, the apparatus may connect to a mesh network that includes at least the first device and a second device. The apparatus may communicate with the second device without obtaining one or more access credentials from the second device.
    Type: Grant
    Filed: September 21, 2017
    Date of Patent: May 24, 2022
    Assignee: QUALCOMM INCORPORATED
    Inventors: Joel Linsky, Robin Heydon
  • Patent number: 11336466
    Abstract: A method, in a provisioning server, of provisioning a printer, includes: receiving a provisioning request from the printer, the provisioning request containing (i) a printer identifier, and (ii) an account identifier associated with the printer; obtaining, from a digital certificate issuer, a unique string; sending the unique string to the printer; receiving from the printer, in response to sending the unique string, a certificate signing request containing (i) the printer identifier, (ii) the account identifier, and (iii) an authentication token including the unique string signed with a private key of the printer; validating the certificate signing request; passing the validated certificate signing request to the digital certificate issuer; receiving, from the digital certificate issuer, a digital certificate encoding the printer identifier and the account identifier; and providing the digital certificate to the printer for storage.
    Type: Grant
    Filed: December 10, 2020
    Date of Patent: May 17, 2022
    Assignee: Zebra Technologies Corporation
    Inventors: Andrew J. Pekarske, James P. Van Huis, Ryan E. Brock, Jared Coy Roundy
  • Patent number: 11336692
    Abstract: Server Name Indication (SNI) hostname extraction to populate a reverse Domain Name System (DNS) listing to protect against potentially malicious domains. In some embodiments, a method may include detecting a Transport Layer Security (TLS) handshake between a first client application and a first server application, extracting an SNI hostname and an Internet Protocol (IP) address from the TLS handshake, populating the reverse DNS listing with the SNI hostname as a domain paired with the IP address, detecting communication between a second client application and the IP address, accessing the reverse DNS listing to determine the domain paired with the IP address, determining that the domain is a potentially malicious domain, and in response to determining that the domain is a potentially malicious domain, performing a remedial action to protect against the potentially malicious domain.
    Type: Grant
    Filed: May 7, 2020
    Date of Patent: May 17, 2022
    Assignee: NORTONLIFELOCK INC.
    Inventor: Bruce McCorkendale
  • Patent number: 11337066
    Abstract: A system (100) for providing a user device (102) access to a resource or data is disclosed. The system (100) comprises: the user device (102) comprising: a light detector (104) configured to detect light (130) emitted by a light source (122), which light (130) comprises an embedded code comprising a light source identifier of the light source (122), a communication unit (108) configured to communicate with a network device (112), a processor (106) configured to retrieve the light source identifier from the light (130), and to communicate the light source identifier to the network device (112).
    Type: Grant
    Filed: July 5, 2018
    Date of Patent: May 17, 2022
    Assignee: SIGNIFY HOLDING B.V.
    Inventors: Dirk Valentinus René Engelen, Bartel Marinus Van De Sluis, Dzmitry Viktorovich Aliakseyeu, Mustafa Tolga Eren
  • Patent number: 11328050
    Abstract: Trusted agents operating within a trusted execution environment (TEE) of a client computing device are configured with complex computational puzzles (e.g., hash functions or other proof of work puzzles) for a remote service to solve before the trusted agent executes an operation. The trusted agent may have a policy that the puzzle is associated with, in which the policy defines a statistically defined time period over which puzzles are solved. The statistically defined time period is effectuated through parameters which control a complexity of the puzzle. Malware or bad actors that attempt to misuse the trusted agent are throttled until the remote service solves the puzzle, which is configured with a level of complexity that takes the statistically defined time period.
    Type: Grant
    Filed: March 4, 2019
    Date of Patent: May 10, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Brian Clifford Telfer
  • Patent number: 11329833
    Abstract: The present disclosure provides systems and methods for improving provision of secret data on programmable devices. An appliance receives physical unclonable function (PUF) data pertaining to an integrated circuit. Secret data is provided to the appliance from a secret vault. Public and private PUF keys are derived based upon the PUF data. Further, ephemeral public and private keys are derived by the appliance. The public and private PUF keys, along with the ephemeral public and private keys are used to establish a secure channel for programming the secret data on the programmable device.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: May 10, 2022
    Assignee: Intel Corporation
    Inventors: Ting Lu, Robert Landon Pelt, James Ryan Kenny
  • Patent number: 11323274
    Abstract: In an embodiment, a computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by private certificate authorities. In an embodiment, a private certificate authority hosted by the computing resource service provider is able to issue signed certificates to network entities within the customer enterprise. In an embodiment, the certificate management service provides a network-accessible application programming interface to the private certificate authority that allows applications to create and deploy private certificates programmatically. In an embodiment, the system provides the flexibility to create private certificates for applications that require custom certificate lifetimes or resource names.
    Type: Grant
    Filed: June 25, 2018
    Date of Patent: May 3, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Peter Zachary Bowen, Todd Lawrence Cignetti, Preston Anthony Elder, III, Brandonn Gorman, Ronald Andrew Hoskinson, Jonathan Kozolchyk, Kenneth Lawler, Marcel Andrew Levy, Kyle Benjamin Schultheiss, Sandeep Shantharaj, Param Sharma, Jose Maria Silveira Neto
  • Patent number: 11316704
    Abstract: An enhanced certificate authority system and method allows for the enhanced security, validation and Multi-Factor Authentication of user's within a digital signature and transaction system through the creation and management of a user's Digital Identity certificate so that through an enhanced certificate authority a user's identity and bona fides may be both protected and established across a diversity of electronic devices and transactions.
    Type: Grant
    Filed: September 30, 2019
    Date of Patent: April 26, 2022
    Inventor: Urayoan Camacho
  • Patent number: 11314893
    Abstract: Systems, methods, and other embodiments described herein relate to securing personally identifiable information associated with riding in a vehicle. In one embodiment, a method includes, in response to receiving, in a mobile device from the vehicle, telematics data about a current trip of the vehicle, securing the telematics data according to at least a mobile cryptographic key associated with the mobile device to provide the telematics data as secured data that is obfuscated. The method includes generating, by the mobile device, a secure packet including at least the secured data and a signature from the vehicle associated with the secured data. The method includes communicating, by the mobile device, the secure packet to a remote computing device to cause the remote computing device to securely store the secured data without identifying a user associated with the mobile device.
    Type: Grant
    Filed: August 27, 2019
    Date of Patent: April 26, 2022
    Assignee: Toyota Motor Engineering & Manufacturing North America, Inc.
    Inventor: Vladimeros Vladimerou
  • Patent number: 11310050
    Abstract: One example provides a method for authenticating a computing device received from a manufacturer, the method including establishing a secured connection with the computing device, receiving, from the computing device, a first set of security artifacts, and retrieving, from a secure cloud storage location, a second set of security artifacts, the second set of security artifacts including the EK public key and the PCR values for the computing device obtained during manufacturing. The method further comprises, when the first set of security artifacts matches the second set of security artifacts, then verifying the computing device as trusted and permitting communication between the computing device and a secured computing environment, and when the first set of security artifacts does not match the second set of security artifacts, then not verifying the computing device as trusted and not permitting communication between the computing device and the secured computing environment.
    Type: Grant
    Filed: January 10, 2019
    Date of Patent: April 19, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Gregory J. Zavertnik, Vishwajit Tumkur Mahalingappa, Soumya Jain, Vimalraj Vasudevan Thekkoot, Karthikeyan Nagarathinam, Sampath Kumar Victor, Varsha Jagdale
  • Patent number: 11308157
    Abstract: A song may be matched with information in a song categorization database so that one or more categories associated with the song are identified. Specifically, a method and system for associating one or more advertising categories with a song includes receiving a set of child categories and receiving a wordnet graph. Synsets from the wordnet graph are assigned to function as activators for one or more categories. Next, a set of parent categories relative to the child categories are received. One or more scores are assigned to the parent categories based on their relationships to the child categories. Synsets from a work, such as a song lyric, are compared to the wordnet graph. Relevant child categories are identified based on synsets which match one or more activators. Matching activators are found by using only hypernym relationships between a synset from a work and an activator.
    Type: Grant
    Filed: July 5, 2018
    Date of Patent: April 19, 2022
    Assignee: KENZIE LANE MOSAIC, LLC.
    Inventors: Brady L. Rackley, III, Sangameswar Venkatraman, Michelle Levy Russell, Gregory Michael Rickman
  • Patent number: 11310137
    Abstract: Various systems and methods are provided for propagating information throughout a data center or other network environment. For instance, in certain embodiments, the functionality disclosed herein includes determines propagation rules, and then either stores and/or propagates those rules throughout the datacenter or other network environment. Propagation rules define various conditions or other variables that govern propagation of information throughout a system, such as those systems described herein. The propagation rules can then be used to perform various other functionality. For instance, the functionality described herein can be used to process updates to entities. The functionality described herein can also be used to process updates to propagation metadata. Additionally, the functionality described herein can be used to process the creation of new relationships. The functionality described herein can also be used to process the deletion of objects and/or relationships.
    Type: Grant
    Filed: December 28, 2017
    Date of Patent: April 19, 2022
    Assignee: Veritas Technologies LLC
    Inventors: Tushar Bandopadhyay, Bharat Dighe
  • Patent number: 11297179
    Abstract: Verification of the identities of parties participating in network-based communication, such as telephone communication, including SMS/text communication, email communication and the like is provided. Communication identifiers (IDs) (e.g., telephone numbers, email addresses or the like) are verified as being associated with one or more communication parties and, in response, a verified communication (ID) database is established. The verified communication ID database is relied upon when a user/communication is selecting a communication ID as an address for an impending communication or receiving a communication for determining whether the communication ID is verifiably associated with a known communication party. If the communication ID is determined to be verifiably associated with a known communication party, a visual or audible output may be provided on the user's device or within the communication that indicates that the communication ID is verifiably associated with the known communication party.
    Type: Grant
    Filed: April 29, 2020
    Date of Patent: April 5, 2022
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Christopher Daniel Birch, Susan R. Hart, Kelly Renee-Drop Keiter, Lisa Matthews, Cody Dean Searl
  • Patent number: 11297049
    Abstract: The invention relates to a method for linking a terminal (1) into a region (4a) of an interconnectable computer infrastructure (2) which is designed for a plurality of users (6, 6a), said region being allocated to a user (6a). A user certificate (12a) is generated for the region (4a) allocated to the user (6a) and is provided to the user (6a) and/or the interconnectable computer infrastructure (2). A terminal certificate (16a) which is compatible with the user certificate (12a) is generated, and the terminal certificate (16a) is entered into the terminal (1). The terminal (1) is registered in the interconnectable computer infrastructure (2) via a data connection (20), wherein the terminal certificate (16a) and/or a password which is encrypted using the terminal certificate (16a) is transmitted from the terminal (1) to the interconnectable computer infrastructure (2) via the data connection (20) for the registration process.
    Type: Grant
    Filed: May 16, 2019
    Date of Patent: April 5, 2022
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventor: Robert Schwarz
  • Patent number: 11296895
    Abstract: Methods and systems relating incentivizing a data provider to participate in a match making protocol between a business (second entity) to a user (first entity) are shown. Encryption techniques maintain the secrecy of the data providers data such as proprietary analytics of user information such that the data is need not be shared with users or businesses. Businesses can verify that the user has desired properties without learning the actual raw data owned by the data provider. Users initiate data sharing by explicit request but do not learn the actual raw data known to the data provider, only whether or not they satisfy the properties of interest. The data provider is incentivized because the business compensates the data provider for access to proofs of properties about user data.
    Type: Grant
    Filed: September 11, 2019
    Date of Patent: April 5, 2022
    Assignee: Bitclave Pte. Ltd.
    Inventors: Alexander Bessonov, Patrick Tague, Mark Shwartzman, Stephen Winston, Vadim Gore
  • Patent number: 11297050
    Abstract: Methods, systems, and apparatus for providing secure communication. The device includes a trusted environment having a memory that is configured to store an application. The device includes one or more processors configured to perform operations of the application that execute within the trusted environment. The operations include sending an access request to connect with a second device, receiving an authentication request from the second device that requests the application to provide a zero-knowledge password proof and obtaining the zero-knowledge password proof. The operations also include sending the zero-knowledge password proof to the second device and establishing a communication channel with the second device.
    Type: Grant
    Filed: July 16, 2018
    Date of Patent: April 5, 2022
    Assignee: THIRDWAYV, INC.
    Inventors: Nabil Wasily, Andrew P. Lentvorski
  • Patent number: 11288760
    Abstract: A recording device may record information continuously. Particular events which occur during recording may be of interest for review (e.g. audit, inspection). Events may be audited to ensure that the data gathered is not tampered with or corrupted and to provably establish an evidence chain of custody. Metadata may mark recorded data of an event, in whole or in part, for later review. Metadata may be identified as an audit tag which may identify particular occurrences during an event. An audit tag may be urgent or non-urgent. Notice of an urgent audit tag may be sent to a server prior to sending the recorded data associated with the audit tag. Recorded data may be cryptographically signed to protect the recorded data from tampering.
    Type: Grant
    Filed: August 15, 2017
    Date of Patent: March 29, 2022
    Assignee: Axon Enterprise, Inc.
    Inventors: Mark A. Hanchett, Patrick W. Smith, Tyler J. Conant, Aaron J. Kloc
  • Patent number: 11290286
    Abstract: A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.
    Type: Grant
    Filed: July 23, 2019
    Date of Patent: March 29, 2022
    Assignee: Cable Television Laboratories, Inc.
    Inventors: Massimiliano Pala, Ronald H. Ih
  • Patent number: 11290301
    Abstract: A method of communication, within a processing system of a gas turbine engine, between a first electronic component and a second electronic component, comprising: generating by the first electronic component, a request, comprising a digital certificate, intern comprising a first host public key and a first client public key, signed with a first host private key, to initiate a trusted communication session with a second electronic component; encrypting at the first electronic component, at least a portion of the request with a first client private key; transmitting the request to the second electronic component; the first host private key and the first host public key defining a first asymmetric keypair and the first client private key and the first client public key defining a second asymmetric keypair.
    Type: Grant
    Filed: November 19, 2019
    Date of Patent: March 29, 2022
    Assignees: ROLLS-ROYCE NORTH AMERICAN TECHNOLOGIES INC., ROLLS-ROYCE CORPORATION
    Inventors: Richard J. Skertic, John J. Costello, Robert T. Duge
  • Patent number: 11290434
    Abstract: A communication device capable of performing encrypted communication with other communication device with use of a common key, obtains, from the other communication device, a certificate including a public key and identification information on the other communication device, verifies validity of the certificate on a basis of the identification information on the other communication device included in the certificate, and transmits the common key encrypted by the public key to the other communication device to perform the encrypted communication in a case where the certificate is valid as a result of the verification.
    Type: Grant
    Filed: August 2, 2019
    Date of Patent: March 29, 2022
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Kazuo Moritomo
  • Patent number: 11283630
    Abstract: Embodiments herein describe providing a certificate signed by a local CA to an unauthenticated server rather than obtaining a certificated signed by a third-party CA. A server that already has a certificate that was signed by a third-party CA may want to establish secure connection with an unauthenticated server which does not have a signed certificate. The unauthenticated server needs a certificate signed by a CA trusted by the server that already has a signed certificate (referred to herein as the authenticated server). To do so, the unauthenticated server sends login credentials to the authenticated server so that this server knows it can trust the unauthenticated server. In turn, the authenticated server can send its signed certificate to the unauthenticated server so it can verify the authenticated server. Once verified, the authenticated server generates a signed certificate for the unauthenticated server using a local CA.
    Type: Grant
    Filed: November 5, 2019
    Date of Patent: March 22, 2022
    Assignee: International Business Machines Corporation
    Inventors: Erez Alexander Theodorou, Amalia Avraham, Eran Tzabari
  • Patent number: 11283791
    Abstract: A method for re-provisioning a user equipment (UE, 140) after a first digital security certificate for the UE (140) has expired includes communicating content data to a controller (130) over a first secure communication channel after verification of a validity of a first digital security certificate. Once it is realized the first digital security certificate has expired, the UE (140) sends a certificate provisioning request message over an unsecure channel to the controller (130) as a request to the controller (130) to provision a second digital security certificate. The UE (140) signs the certificate provisioning request message with the private key for the now expired first digital security certificate. A second digital security certificate is signed by the rescue-secret private key at the controller (130) and sent to the UE (140), which verifies its authenticity with the corresponding rescue-secret public key.
    Type: Grant
    Filed: February 4, 2021
    Date of Patent: March 22, 2022
    Assignee: AXIS AB
    Inventors: Magnus Eriksson, Stefan Andersson, Fredrik Hugosson, Jerry Olsson
  • Patent number: 11283623
    Abstract: Systems and methods relating to an extension of a group signature scheme certificate that allows group users to conduct anonymous transactions in public, with the ability to subsequently audit and confirm signer identity. Auditing and confirmatory functions may include group signature openers that are configured to reveal the identity of a signer that is a member of a group by their signature. Auditing and confirmatory functions may also include group signature linkers that are configured to link two signatures to the same signer using a linking key or linking base.
    Type: Grant
    Filed: June 3, 2019
    Date of Patent: March 22, 2022
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Phillip H. Griffin