By Certificate Patents (Class 713/156)
  • Patent number: 10291412
    Abstract: An information processing system is provided that includes a server, a communication terminal, and a peripheral device. The peripheral device includes a secure storage section with a secure region. The secure region is accessible by internal component of the peripheral device. Certificate data is read out from the secure region and transmitted to the server. The server performs authentication, on the basis of the certificate data, regarding whether the peripheral device is a peripheral device whose connection to the communication terminal is permissible. In response to authentication of the peripheral device, execution of a process that involves transmission and reception of encrypted data is permitted between the peripheral device and the communication terminal.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: May 14, 2019
    Assignee: NINTENDO CO., LTD.
    Inventors: Yohei Kojima, Ryoji Kuroda, Tatsuhiro Shirai
  • Patent number: 10291622
    Abstract: A quorum-based access mechanism can require multiple entities to provide credentials over a determined period of time in order to obtain access to one or more resources in an electronic environment. This can include receiving a request that is signed by multiple signatories, or receiving multiple requests within a determined period that are each signed by a respective and authorized signatory. In some embodiments the receiving of a primary request causes notifications to be sent to other potential signatories, and a specified or minimum number must respond timely with a signed request to have the access granted. The quorum-based access mechanism can function as an additional authorization layer sitting in front of more conventional authorization and authentication mechanisms. In some embodiments a quorum token can be passed with the request, whereby resources in the environment can make access determinations based on the information in the token.
    Type: Grant
    Filed: March 15, 2016
    Date of Patent: May 14, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Hart Matthew Rossman, Erik Lee Swensson
  • Patent number: 10284554
    Abstract: Systems and methods herein can provide device-specific access to an e-mail server, including an EWS-based e-mail server. In an example, a management server controlled by a system administrator provides device identification information to a user device and to a tunnel server. The management server also provides a custom request identifier to the tunnel server, and provides instructions to the e-mail server to allow access for requests including that custom request identifier. The tunnel server receives a request from the user device, rewrites the request to include the custom request identifier, and passes the request to the e-mail server.
    Type: Grant
    Filed: May 5, 2016
    Date of Patent: May 7, 2019
    Assignee: AirWatch, LLC
    Inventor: Robert Terakedis
  • Patent number: 10284684
    Abstract: The disclosed technology is generally directed to device certification in an IoT environment. For example, such technology is usable in managing relationships between IoT devices and an IoT Hub. In one example of the technology, an IoT Hub receives a registration request. Next, the IoT Hub sends a registration verification to the IoT device. Next, the IoT Hub receives a ping from the IoT device. Next, the IoT Hub sends a response to the ping to the IoT device. Next, the IoT Hub receives verification of a validation of a log file output by a device based on running a plurality of unit tests on a device with a software development kit. Next, the IoT Hub automatically sends code to the IoT device.
    Type: Grant
    Filed: September 14, 2016
    Date of Patent: May 7, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Hector Garcia Tellado, Dan Calin Cristoloveanu, Samuel John George
  • Patent number: 10277567
    Abstract: Method and server for issuing a cryptographic key. One method includes distributing a first group key to a first communication device and a second communication device. The method also includes distributing a security request to the first communication device. The method further includes receiving a security status from the first communication device responsive to transmitting the security request. The method also includes determining when security of the first communication device is compromised based on the security status. The method further includes distributing, via a server, the cryptographic key to the first communication device when the security of the first communication device is not compromised. The method also includes distributing, via the server, a second group key to the second communication device when the security of the first communication device is compromised and the first communication device cannot be fixed or deactivated.
    Type: Grant
    Filed: June 6, 2016
    Date of Patent: April 30, 2019
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: Katrin Reitsma, Michael F. Korus
  • Patent number: 10277580
    Abstract: Techniques are disclosed for generating multiple key pairs using different algorithms and similarly installing certificates signed using the different algorithms. A customer server receives a selection of algorithms for generating a public/private key pair (e.g., RSA, ECC, DSA, etc.). The customer server generates key pairs for each selection and also generates corresponding certificate signing requests (CSR). The customer server sends the CSRs to a certificate authority (CA). The CA generates certificates associated with algorithm and sends the certificates to the customer server. The customer server may prompt a user to select one or more of the certificates to install, and upon receiving the selection, the customer installs the certificates.
    Type: Grant
    Filed: September 19, 2017
    Date of Patent: April 30, 2019
    Assignee: DigiCert, Inc.
    Inventors: Michael Klieman, Perry Tancredi
  • Patent number: 10268805
    Abstract: A method for transferring digital multimedia rights, the method including but not limited to requesting permission from the destination end user to transfer the digital multimedia rights to the destination end user device; and if the permission is received from the destination end user, canceling the source set of digital multimedia rights associated with the source end user and transferring the source set of digital multimedia rights associated with the source end user to the destination end user device. A system and computer program product are disclosed for performing the method.
    Type: Grant
    Filed: November 2, 2012
    Date of Patent: April 23, 2019
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Randolph Wohlert, Paul Van Vleck
  • Patent number: 10268637
    Abstract: Introduced are systems and methods that enable modification of logs in multiple off-line databases. Multiple off-line devices can mistakenly associate different respondents with the same identification (ID) unique to the system. When the multiple off-line devices synchronize with each other, or synchronize with a server hosting the central database, the software running on the off-line devices, or on the server detects that the modified logs come from different respondents, and the software assigns two different IDs unique to system to the logs. In another embodiment, multiple off-line devices can mistakenly associate the same respondent with two different IDs unique to the system. When the multiple off-line devices synchronize with each other or with the server, the software running on the off-line devices, or the server detects that the modified logs come from the same respondent, and the software assigns the logs to the same ID unique to system.
    Type: Grant
    Filed: October 24, 2017
    Date of Patent: April 23, 2019
    Assignee: DHARMA PLATFORM, INC.
    Inventors: Stefan Anastas Nagey, Jesse Erin Berns
  • Patent number: 10270602
    Abstract: A method, system, and computer usable program product for verifying and enforcing certificate use are provided in the illustrative embodiments. A certificate is received from a sender. The certificate is validated before communicating a message associated with the certificate to a receiver. If the certificate is invalid, a policy is selected based on a type of invalidity of the certificate. An action is taken to enforce the policy for using the certificate. The certificate may be received from the sender at a proxy. The validating may further include verifying the validity of the certificate using a certificate from a certificate database accessible to the proxy over a network. the proxy may copy a part of the certificate database to a second certificate database local to the proxy. The validating may further include verifying the validity of the certificate using a certificate revocation list accessible to the proxy over a network.
    Type: Grant
    Filed: October 1, 2008
    Date of Patent: April 23, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Heather Maria Hinton
  • Patent number: 10268811
    Abstract: A system, apparatus, method, and machine readable medium are described for delegating trust to a new client device or a new authenticator on a trusted device. For example, one embodiment of a method comprises: implementing a series of trust delegation operations to transfer registration data associated with one or more trusted authenticators on a trusted client device to one or more new authenticators on a new client device or on the trusted client device.
    Type: Grant
    Filed: March 18, 2014
    Date of Patent: April 23, 2019
    Assignee: NOK NOK LABS, INC.
    Inventor: Davit Baghdasaryan
  • Patent number: 10263772
    Abstract: The smart card chip for generating a private key and public key pair in accordance with an embodiment of the present invention comprises: a communication unit for performing at least one of a contact communication with an external device and a near-field wireless communication therewith; a control unit for communicating with the external device through the communication unit and generating a private key and public key pair; and a memory unit for storing the generated private key and public key pair, wherein if receiving a command to generate a private key and public key pair from the external device, the control unit checks if a pre-generated private key and public key pair is stored in the memory unit, and if the pre-generated private key and public key pair is stored in the memory unit, the control unit reads the pre-generated private key and public key pair.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: April 16, 2019
    Assignee: KEYPAIR CO., LTD.
    Inventor: Jung-Youp Lee
  • Patent number: 10263789
    Abstract: A service provider network includes a certificate manager that auto-generates and auto-renews security certificates for customers of the provider network. The security certificates may be usable to implement a Secure Sockets Layer (SSL) protocol, or other types of security protocols. The certificate manager generates a public key, private key pair for the customer, generates the certificate signing request (CSR) on behalf of the customer, transmits the CSR to the certificate authority (CA), and binds the resulting CA-generated certificate and private key to whatever internet-facing service the customer chooses (e.g., a load balancer).
    Type: Grant
    Filed: March 28, 2016
    Date of Patent: April 16, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Stefan Popoveniuc, Nicholas James Lynch, Preston Anthony Elder, III, Param Sharma, Todd Lawrence Cignetti, Dmitry Berkovich, Iftach Ragoler
  • Patent number: 10254334
    Abstract: Described herein are various technologies pertaining to identifying counterfeit integrated circuits (ICs) by way of allowing the origin of fabrication to be verified. An IC comprises a main circuit and a test circuit that is independent of the main circuit. The test circuit comprises at least one ring oscillator (RO) signal that, when energized, is configured to output a signal that is indicative of a semiconductor fabrication facility where the IC was manufactured.
    Type: Grant
    Filed: July 24, 2018
    Date of Patent: April 9, 2019
    Assignee: National Technology & Engineering Solutions of Sandia, LLC
    Inventors: Ryan Helinski, Lyndon G. Pierson, Edward I. Cole, Tan Q. Thai
  • Patent number: 10256976
    Abstract: An information interaction method, includes: obtaining, by an encryption accessory, one or more user features, the encryption accessory including a hardware logic circuit; performing, by the hardware logic circuit, a logical operation on the one or more user features to generate a hardware function; and using the hardware function for an access authentication by a social networking service (SNS) server.
    Type: Grant
    Filed: May 6, 2015
    Date of Patent: April 9, 2019
    Assignee: I-Patrol Technology Limited
    Inventors: Yi Wang, Ching Lap Chan
  • Patent number: 10255421
    Abstract: Disclosed is a working method for a multi-seed one-time password, which falls within the field of information security. The method comprises: powering and initializing a one-time password, opening a total interrupt, initializing the state of a system, and then entering a sleep mode; when the one-time password detects the interrupt, awakening the one-time password from the sleep mode, and entering an interrupt processing flow; after the interrupt processing flow is ended, checking each awakening flag; and executing a processing flow corresponding to the set awakening flag. According to the present invention, a user can burn seed data into the one-time password by operating the one-time password, and can update the seed data in the one-time password. In addition, according to the present invention, the one-time password is capable of storing and managing a plurality of seeds.
    Type: Grant
    Filed: August 21, 2015
    Date of Patent: April 9, 2019
    Assignee: Feitian Technologies Co., Ltd.
    Inventors: Zhou Lu, Huazhang Yu, Mingji Li
  • Patent number: 10250587
    Abstract: The misuse of public key, private key, and public/private key certificates poses significant security challenges to computer networks that are addressed by certificate monitoring. Certificate monitoring allows network administrators to detect and remedy poor security practices related to public key certificates and to detect and combat the malicious use of public key certificates in a centralized environment. Best practices and detection methods and systems are developed over time via machine learning to improve network security, and any detected misuse may be brought to a network administrator's attention or automatically remedied.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: April 2, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Elad Iwanir, Gal Tamir, Shahar Weiss, Eli Koreh
  • Patent number: 10248429
    Abstract: A non-transitory storage device includes machine readable instructions that, when executed, cause a processing resource to perform various operations. One such operation, for example, is to receive a selection of a blueprint to be used for configuration purposes. Other operations may include automatically validating the selected blueprint and automatically configuring the computing device in accordance with the selected and validated blueprint. Various related apparatuses and method are provided as well.
    Type: Grant
    Filed: April 25, 2014
    Date of Patent: April 2, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Douglas L. Voigt, Dejan S. Milojicic
  • Patent number: 10250397
    Abstract: Embodiments presented herein provide a validation service used to validate a certificate chain for both public facing servers as well as internal, non-public facing servers. To validate a certificate chain, the client generates a request with the network address and sends it to the validation service. In response, the validation service attempts to establish a connection with the server at the network address. If successful, the validation service receives a certificate chain from the server and can verify that the certificate chain is complete, valid, and chains to a trusted root. If the validation service cannot connect to the network address identified in the request, then the validation service sends a local validation component to the requesting client. The local validation component executes from the client and validates the certificate chain presented by the network server.
    Type: Grant
    Filed: September 19, 2017
    Date of Patent: April 2, 2019
    Assignee: DigiCert, Inc.
    Inventors: Padam Singal, Deepa Priya Ramachandran
  • Patent number: 10243936
    Abstract: A method of automatic security parameter renewal includes determining if the security parameter satisfies a renewal condition, the determining including automatically detecting a time when a security parameter is going to expire, and automatically updating the security parameter when the renewal condition is satisfied. The automatically updating the security parameter includes modifying a certificate upon receipt of a new certificate.
    Type: Grant
    Filed: November 17, 2017
    Date of Patent: March 26, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Ashish Kundu, Ruchi Mahindru, Ajay Mohindra, Valentina Salapura, Mahesh Viswanathan
  • Patent number: 10242234
    Abstract: Systems and methods for wireless enabled security in relation to a storage drive are described. In one embodiment, the systems and methods may include receiving, at a storage drive, a request from a host of the storage drive. In some cases, the request may be received via a wired connection between the storage drive and the host. In some embodiments, the systems and methods may include determining whether the request is flagged by the host as a secure connection request, processing the request upon determining the request is not flagged as a secure connection request, and establishing a wireless connection with the host upon determining the request is flagged by the host as a secure connection request.
    Type: Grant
    Filed: July 15, 2016
    Date of Patent: March 26, 2019
    Assignee: SEAGATE TECHNOLOGY LLC
    Inventor: Christopher Nicholas Allo
  • Patent number: 10243994
    Abstract: An identity management system is augmented to provide a methodology to generate an objective measure of administrative effectiveness with respect to account certification. In the approach, erroneous account information is intentionally inserted into a recertification campaign. The erroneous account information is tracked through the recertification process and used as a measurement to evaluate whether a particular manager/administrator whose accounts are impacted is successful in recognizing the erroneous account information (e.g., as a percentage of erroneous account records located). The dummy information is tracked and used to generate a quantitative measure of the effectiveness of a particular recertification campaign or a particular manager who is responsible for recertifying accounts. The results can also be used to drive other enterprise metrics and compliance systems.
    Type: Grant
    Filed: September 2, 2015
    Date of Patent: March 26, 2019
    Assignee: International Business Machines Corporation
    Inventors: Brian Robert Matthiesen, Gee Ngoo Chia, Jean Elizabeth Hidden, Stephen James Turcol
  • Patent number: 10223848
    Abstract: Various systems and methods for providing a smart entry system are described herein. A smart entry system includes a detector to detect a person near a portal to a room; a transceiver to attempt to establish a wireless connection between the smart entry system and a user device associated with the person; and a user interface to present a notification to the person based on a state of the wireless connection.
    Type: Grant
    Filed: September 19, 2016
    Date of Patent: March 5, 2019
    Assignee: Intel Corporation
    Inventors: David W. Browning, Mark MacDonald, Yoshifumi Nishi
  • Patent number: 10210510
    Abstract: Identity certificates such as SSL certificates can be issued in such a way that their use can be disabled upon short notice. In one embodiment, private signing information associated with a certificate is used by an infrastructure service on behalf of an entity, without making the private signing information accessible to the entity. In another embodiment, short-term certificates are dynamically issued to an application based on a previous certificate authorization.
    Type: Grant
    Filed: August 31, 2017
    Date of Patent: February 19, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Eric J. Brandwine
  • Patent number: 10211992
    Abstract: Embodiments are directed to a system and method of exchanging certificate pinning information between a server and client over an unprotected network by: obtaining a server certificate fingerprint to validate the server to the client during network communication; upon receipt of a request from the client, wrapping the server certificate fingerprint in an envelope that is encrypted using a hash of a password defined by the user and transmitted for storage on the server; and transmitting the envelope as part of a payload over the network to the client to enable the client to decrypt the envelope using the password and obtain the server certificate fingerprint for pinning to data elements transmitted to the server.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: February 19, 2019
    Assignee: EMC IP Holding Company LLC
    Inventor: Izar Tarandach
  • Patent number: 10212156
    Abstract: Techniques for utilizing a trusted platform module of a host device are described. According to various embodiments, a client device that does not include a trusted platform module (TPM) may leverage a TPM of a host device to provide trust services to the client device.
    Type: Grant
    Filed: July 24, 2017
    Date of Patent: February 19, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Ronald Aigner, Merzin Kapadia, Stuart H. Schaefer, Robert Karl Spiger
  • Patent number: 10205719
    Abstract: The invention discloses a network function virtualization-based certificate configuration method, apparatus, and system. A virtualized network management entity obtains initial credential information of a virtualized network function entity; and installs the initial credential information onto the virtualized network function entity during or after instantiation of the virtualized network function entity, so that the virtualized network function entity obtains, from a certificate authority by using the initial credential information, a formal certificate issued by a network operator of the virtualized network function entity. The invention not only can apply to a network function virtualization scenario, but also can resolve a problem of a security risk in network function virtualization.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: February 12, 2019
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Chengyan Feng, Jing Chen
  • Patent number: 10205729
    Abstract: A method for providing multiple users with security access to an electronic system is provided. The method comprising: providing a plurality of parent security roles, wherein each parent security role includes a plurality of transactions authorized to be performed in the electronic system, providing a plurality of child security roles, wherein each child security role is derived from one of the plurality of parent security roles, setting up the multiple users in the electronic system and their associated user passwords, assigning one of the plurality of child security roles to each of the multiple users to provide the multiple users with security access to the electronic system at once, and providing each of the multiple users with security access to the electronic system, via the associated user password, in accordance with the child security role assigned to the user.
    Type: Grant
    Filed: September 18, 2015
    Date of Patent: February 12, 2019
    Assignee: ACCENTURE GLOBAL SERVICES LIMITED
    Inventors: Sachin Saraf, Anupam Pandey
  • Patent number: 10192375
    Abstract: The present invention relates to a two-factor authentication pattern-based door lock control method and a two-factor authentication pattern-based door lock that converts a locked state of a door lock to a released state thereof or maintains the released state of the door lock if additional authentication of a user is not performed, thereby allowing the user to have a help from an outsider (acquaintance, neighbor, security staff, guard, police officer, fire fighter, and so on) in an emergency situation where the user is trapped in an indoor space by an invader.
    Type: Grant
    Filed: November 30, 2017
    Date of Patent: January 29, 2019
    Inventor: Hae Sung Yang
  • Patent number: 10187426
    Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: January 22, 2019
    Assignee: SSH Communications Security OYJ
    Inventor: Tatu J. Ylonen
  • Patent number: 10185829
    Abstract: A machine implemented method of communication between server and remote device, the method comprising: determining an availability and address of the remote device on a network for communication with the server; obtaining a public key attributed to the remote device; signing the public key attributed to the remote device with a private key of the server and so generating a digitally signed certificate to verify the ownership of the public key as the remote device; and transmitting the digitally signed certificate to the remote device.
    Type: Grant
    Filed: August 2, 2016
    Date of Patent: January 22, 2019
    Assignee: ARM Ltd
    Inventors: Szymon Sasin, Norbert David, Yongbeom Pak
  • Patent number: 10177923
    Abstract: A network of electronic appliances includes a plurality of network units of electronic appliances. The network units include a first network unit and a plurality of second network units. The first network unit is connected to at least one of the second network units. Each of the network units includes a stem server and a plurality of peripheral devices connected to the stem server. The stem server includes at least one passcode and at least one list of a plurality of registration codes. Each list is associated to a respective passcode. Each registration code of one list associating to one passcode corresponds to a respective peripheral device. Each registration code is generated in response to a respective passcode using physical randomness of a respective peripheral device in correspondence to the passcode. An address of each identification cell is defined by several word lines and bit lines.
    Type: Grant
    Filed: July 7, 2017
    Date of Patent: January 8, 2019
    Inventor: Hiroshi Watanabe
  • Patent number: 10176344
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive untrusted input data at an enclave in an electronic device, isolate the untrusted input data from at least a portion of the enclave, communicate at least a portion of the untrusted data to an integrity verification module using an attestation channel, and receive data integrity verification of the untrusted input data from the integrity verification module. The integrity verification module can perform data integrity attestation functions to verify the untrusted data and the data integrity attestation functions include a data attestation policy and a whitelist.
    Type: Grant
    Filed: July 24, 2017
    Date of Patent: January 8, 2019
    Assignee: McAfee, LLC
    Inventors: Ned Smith, Esteban Gutierrez, Andrew Woodruff, Aditya Kapoor
  • Patent number: 10178216
    Abstract: The present invention discloses a method, a device and a mobile browser client for realizing centralized management of intelligent hardware devices by an APP, wherein the method comprising: identifying identification information of an intelligent hardware device via an identification interface provided by an APP on a mobile terminal; based on the information identifying, establishing a bluetooth connection between the mobile terminal and the intelligent hardware device; acquiring, by the APP, hardware controlling information of the intelligent hardware device through the bluetooth connection; and providing, in the APP, a display interaction interface which is based on the hardware controlling information.
    Type: Grant
    Filed: November 19, 2015
    Date of Patent: January 8, 2019
    Assignee: Beijing Qihoo Technology Company Limited
    Inventors: Baojiang Du, Wei Chen, Qianqiani Zhang, Kai Wu, Xiangzhen Zheng
  • Patent number: 10178550
    Abstract: A gateway (GW) in a wireless communication system, according to the present disclosure is provided. The GW generates self-signed authentication information, allocates the self-signed authentication information to at least one device, transmits a registration request message for requesting registration of the at least one device to a server if a certificate channel with the at least one device is generated based on the self-signed authentication information, and transmits certificate information for the at least one device to the at least one device if the certificate information for the at least one device is received from the server.
    Type: Grant
    Filed: August 1, 2014
    Date of Patent: January 8, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Dong-Ik Lee, Dae-Dong Kim, Hee-Dong Kim, Chung-Yong Eom
  • Patent number: 10172173
    Abstract: A display device includes: a first wireless communication unit which performs wireless communication in a first format with an external device; a storage unit which stores connection information used in the wireless communication in the first format; a change unit which changes the connection information stored in the storage unit; and a display unit which displays an image received via the first wireless communication unit from the external device. A first information processing device includes: a wireless reader/writer which performs wireless communication in a second format in order to read information from or write information in a wireless tag; an acquisition unit which acquires the changed connection information; and a writing unit which outputs, to the wireless reader/writer, a signal for writing the connection information acquired by the acquisition unit into a first wireless tag.
    Type: Grant
    Filed: September 16, 2015
    Date of Patent: January 1, 2019
    Assignee: Seiko Epson Corporation
    Inventor: Kenichiro Tomita
  • Patent number: 10171454
    Abstract: A method for generating a changing authentication input or password generation input for a user is provided. The method allows access to a computing device such as a smartphone or computer or using the computing device to communicate over a network to a server. Using recognizable objects displayed in positions on a graphic display, and input strings of text or alphanumeric characters the user has identified as related information relating to each recognizable object, a password or authentication can be generated by combining the input strings relating recognizable objects to paired related objects. Authentication can be varied easily for each access attempt by changing the recognizable objects displayed and/or the sequence of responses.
    Type: Grant
    Filed: August 15, 2016
    Date of Patent: January 1, 2019
    Inventor: Alejandro V. Natividad
  • Patent number: 10164778
    Abstract: One embodiment described herein provides a system and method for secure attestation. During operation, a Trusted Platform Module (TPM) of a trusted platform receives a request for an attestation key from an application module configured to run an application on the trusted platform. The request comprises a first nonce generated by the application module. The TPM computes an attestation public/private key pair based on the first nonce and a second nonce, which is generated by the TPM, computes TPM identity information based on a unique identifier of the TPM and attestation key, and transmits a public key of the attestation public/private key pair and the TPM identity information to the application module, thereby enabling the application module to verify the public key of the attestation public/private key pair based on the TPM identity information.
    Type: Grant
    Filed: December 19, 2017
    Date of Patent: December 25, 2018
    Assignee: Alibaba Group Holding Limited
    Inventor: Yingfang Fu
  • Patent number: 10158994
    Abstract: In a wireless data network, network circuitry serves a wireless user device with hardware-trusted wireless data communications. The network circuitry comprises a physically-embedded hardware trust code and maintains hardware trust with a hardware trust server based on the physically-embedded hardware trust code. The network circuitry determines when a network server has hardware trust. The network circuitry determines when a wireless user device has hardware trust. The processing circuitry then exchanges user data between the wireless user device the network server when both the wireless user device and the network server have hardware trust. The processing circuitry does not exchange the user data between the wireless user device the network server when the wireless user device or the network server lack hardware trust.
    Type: Grant
    Filed: March 28, 2018
    Date of Patent: December 18, 2018
    Assignee: Sprint Communications Company L.P.
    Inventors: Ronald R. Marquardt, Arun Rajagopal, Lyle Walter Paczkowski
  • Patent number: 10158495
    Abstract: Examples of the disclosure remotely activate a secure device for application development. A request is received at a device entitlement component for a developer kit from a secure device in a user mode via a network. A determination is made as to whether the secure device is in at least one allowed development group. In response to determining that the secure device is in the at least one allowed development group, a certificate is generated defining a permissions level associated with the developer identifier for the secure device. The certificate is transmitted to the secure device, including a key that interacts with a security processor of the secure device to convert hardware capabilities of the secure device to provide a developer mode at the secure device.
    Type: Grant
    Filed: August 30, 2016
    Date of Patent: December 18, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Vijay Gajjala, Gershom L. Payzer, Mehmet Erkilic, Caleb S. Atwood, Manuel C. Ovena, Stephan Zachwieja
  • Patent number: 10153035
    Abstract: A memory device includes a memory cell array comprising a plurality of memory cells wherein each of the plurality of memory cells is configured to be in a data state, and a physically unclonable function (PUF) generator. The PUF generator further includes a first sense amplifier, coupled to the plurality of memory cells, wherein while the plurality of memory cells are being accessed, the first sense amplifier is configured to compare accessing speeds of first and second memory cells of the plurality of memory cells, and based on the comparison, provide a first output signal for generating a first PUF signature.
    Type: Grant
    Filed: October 7, 2016
    Date of Patent: December 11, 2018
    Assignee: Taiwan Semiconductor Manufacturing Co., Ltd.
    Inventors: Chien-Chen Lin, Wei Min Chan, Chih-Yu Lin, Shih-Lien Linus Lu, Yen-Huei Chen
  • Patent number: 10147092
    Abstract: A system to sign and authenticate secure transactions with an institution through a communications network, comprising a terminal connected to a communications network; a remote server with a database that stores for each user the user data userID, a private password encrypted K?priv, userID, a first security password K?mac, userID to generate an authentication password Kmac, userID and an identifier of the mobile device, Id?cel,userID; a mobile communication device of a user comprising a security code pin; an application, a transport password Ktransporte; a public password encrypted K?pub, userID and a second security password K?mac, userID for generating said authentication password Kmac, userID; and a remote hardware security module. A method to sign and authenticate secure transactions with an institution through a communications network with said system.
    Type: Grant
    Filed: April 3, 2012
    Date of Patent: December 4, 2018
    Inventors: Mauricio Eduardo Palma Lizana, Mauricio Alejandro Gaueca Figueroa
  • Patent number: 10148422
    Abstract: Methods, systems, and computer programs for using an implicit certificate are described. In some aspects, an implicit certificate is accessed. The implicit certificate is associated with an entity and generated by a certificate authority. The implicit certificate includes a public key reconstruction value of the entity. Certificate authority public key information is accessed. The certificate authority public key information is associated with the certificate authority that issued the implicit certificate. A first value is generated based on evaluating a hash function. The hash function is evaluated based on the certificate authority public key information and the public key reconstruction value of the entity. A public key value of the entity can be generated or otherwise used based on the first value.
    Type: Grant
    Filed: May 4, 2012
    Date of Patent: December 4, 2018
    Assignee: Certicom Corp.
    Inventors: Gregory Marc Zaverucha, David William Kravitz, Daniel Richard L. Brown
  • Patent number: 10147272
    Abstract: An abstraction layer in a gaming environment intercepts calls to standard random number and user selection functions and returns data based on game operating mode and data availability. When operating as a Class 2 game, random number data may be received from a server while in a Class 3 game, random numbers may be received from a local random number generator. In a history mode or power recovery mode, calls for both random numbers and user selections may be supplied from a file storing data from a previously played or an interrupted game, respectively. Pay table testing may be accommodated by using predetermined random numbers resulting in known reel or other outcome states. The abstraction layer isolates game code from the unique requirements of the different modes of operation required for operating environment or regulatory compliance.
    Type: Grant
    Filed: June 25, 2014
    Date of Patent: December 4, 2018
    Assignee: Bally Gaming, Inc.
    Inventors: Peter Anderson, Saravanan Saravanan
  • Patent number: 10135622
    Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: November 20, 2018
    Assignee: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre
  • Patent number: 10127377
    Abstract: Managing validity status of at least one associated credential includes providing a credential manager that selectively validates associated credentials for at least one device, the device invalidating a corresponding associated credential, and the device requesting that the credential manager validate the corresponding associated credential after invalidating the associated credential. The associated credential may be invalidated based on an external event, such as a user invalidating the associated credential from a UI of the device, a user improperly entering a pin value, a user indicating that a corresponding device is lost, the device entering sleep mode, the device locking a user interface thereof, the device shutting down, and a particular time of day. The at least one associated credential may be provided on an integrated circuit card (ICC) that may be part of a mobile phone and/or a smart card.
    Type: Grant
    Filed: December 28, 2017
    Date of Patent: November 13, 2018
    Assignee: Assa Abloy AB
    Inventor: Eric F. Le Saint
  • Patent number: 10122703
    Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Components used to implement fast smart card logon may also be used to implement a federated full domain logon. A virtual smart card credential, which may be ephemeral, may be issued based on the acceptance of an external authentication event. Example external authentication events include logon at a Security Assertion Markup Language (SAML) Identity Provider, smart card authentication over TLS or SSL, and alternative authentication credentials such as biometrics or one-time password (OTP) without AD password. Moreover, the certificate operation interception components from fast smart card logon may be used to enable interaction with the virtual smart card without fully emulating a smart card at the PC/SC API level.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: November 6, 2018
    Assignee: Citrix Systems, Inc.
    Inventors: Andrew Innes, Chris Mayers
  • Patent number: 10116645
    Abstract: A computing device includes a processor and a persistent memory for storing information about a first public key associated with a first asymmetric key pair for authenticating the source of a digital certificate. The computing device also includes a second memory for storing one or more current key version indicators. Each of the current key version indicators is associated with a corresponding secondary public key, and the one or more current key version indicators are used by the processor to determine the trust of the corresponding secondary public key.
    Type: Grant
    Filed: October 20, 2016
    Date of Patent: October 30, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Derek Del Miller, Nachiketh Rao Potlapally, Rahul Gautam Patel
  • Patent number: 10116454
    Abstract: In an authentication method according to the present disclosure, (1) a device transmits device history information with a CRL added thereto (hereinafter, device history information with added CRL) to a controller, (2) the controller transmits the device history information with added CRL to a server, and (3) if the version of the CRL included in the device history information with added CRL is older than the version of the CRL stored on the server, the server judges that the controller is unauthorized.
    Type: Grant
    Filed: November 2, 2015
    Date of Patent: October 30, 2018
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventors: Tomoyuki Haga, Motoji Ohmori, Natsume Matsuzaki, Hideki Matsushima, Yuji Unagami, Manabu Maeda, Yoshihiro Ujiie
  • Patent number: 10114660
    Abstract: One embodiment allocates a first virtual memory; receives executable code of a first piece of software; writes the executable code of the first piece of software directly into the first virtual memory; marks the first virtual memory as executable; executes the executable code of the first piece of software directly from the first virtual memory; and downloads and executes executable code of a second piece of software as facilitated by the executable code of the first piece of software.
    Type: Grant
    Filed: February 22, 2011
    Date of Patent: October 30, 2018
    Inventor: Julian Michael Urbach
  • Patent number: 10104125
    Abstract: A method and apparatus for controlling document access and application usage using centrally managed rules. The rules are stored and manipulated in a central rule database via a rule server. Policy enforcers are installed on client systems and/or on servers and perform document access and application usage control for both direct user document accesses and application usage, and application program document accesses by evaluating the rules sent to the policy enforcer. The rule server decides which rules are required by each policy enforcer. A policy enforcer can also perform obligation and remediation operations as a part of rule evaluation. Policy enforcers on client systems and servers can operate autonomously, evaluating policies that have been received, when communications have been discontinued with the rule server.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: October 16, 2018
    Assignee: NextLabs, Inc.
    Inventor: Keng Lim