By Certificate Patents (Class 713/156)
  • Patent number: 11729167
    Abstract: A computer-implemented method includes a proxy receiving an authorization message from a load balancer and the proxy selecting an authorization cell from a plurality of authorization cells designated for the proxy in response to receiving the authorization message. The proxy sending a second authorization message to the selected authorization cell and the proxy receiving a response message from the selected cell, wherein the response message corresponds to the second authorization message. The proxy then sending a second response message to the load balancer in response to receiving the response message.
    Type: Grant
    Filed: February 12, 2021
    Date of Patent: August 15, 2023
    Assignee: Target Brands, Inc.
    Inventors: Ryan Michael Gregus, Emma Matthies, Gokulnath Baskaran, Andrew Thomas Guck
  • Patent number: 11722865
    Abstract: Various embodiments include method performed by a processor of a vehicle processing system for misbehavior detection, including receiving first vehicle-to-everything (V2X) information from a first vehicle, receiving second V2X information from neighbor vehicles of the first vehicle, determining a distribution of information in the second V2X information, and performing a security action in response to determining that information in the first V2X information is outside a confidence threshold of the distribution of information in the second V2X information.
    Type: Grant
    Filed: October 11, 2021
    Date of Patent: August 8, 2023
    Assignee: QUALCOMM Incorporated
    Inventors: Mohammad Raashid Ansari, Jean-Philippe Monteuuis, Jonathan Petit, Cong Chen
  • Patent number: 11716208
    Abstract: A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.
    Type: Grant
    Filed: March 28, 2022
    Date of Patent: August 1, 2023
    Assignee: Cable Television Laboratories, Inc.
    Inventors: Massimiliano Pala, Ronald H. Ih
  • Patent number: 11716207
    Abstract: Dynamic-PKI social Certificate Authority (CA) systems and methods are provided, which generate and issue certificates at time of device deployment instead of time of manufacture. The provided systems and methods utilize an interface to initiate a Certificate Signing Request (CSR), and which then generates and signs the CSR with a public key. The signed CSR is then securely transmitted to a Certificate Signing Request Processor (CSRP), which undergoes an optional verification process and is then processed to return a signed certificate. The signed certificate is then directly or indirectly provided to the device for provisioning into the network.
    Type: Grant
    Filed: November 1, 2021
    Date of Patent: August 1, 2023
    Assignee: Cable Television Laboratories, Inc.
    Inventor: Darshak Thakore
  • Patent number: 11711692
    Abstract: A wireless communication network serves a wireless user device with a wireless communication service from a wireless network slice that includes a Virtual Network Function (VNF). The VNF maintains hardware-trust with a distributed ledger. The distributed ledger maintains hardware-trust with the VNF. The VNF delivers the wireless communication service to the wireless user device from the wireless network slice. The VNF generates slice data that characterizes the service delivery. When the VNF maintains the hardware-trust with the distributed ledger, the VNF transfers the slice data to the distributed ledger. When the distributed ledger maintains the hardware-trust with the VNF, the distributed ledger stores the slice data.
    Type: Grant
    Filed: March 8, 2021
    Date of Patent: July 25, 2023
    Assignee: T-MOBILE INNOVATIONS LLC
    Inventors: Ronald R. Marquardt, Arun Rajagopal, Lyle Walter Paczkowski
  • Patent number: 11706038
    Abstract: A public key infrastructure (PKI) ecosystem includes a first organization computer system having a first processor, a first memory, and a first organization process including instructions that are (i) encoded in the first memory, and (ii) executable by the first processor. The ecosystem further includes a second organization computer system having a second processor and a second memory, a digital ledger, and domain name system security extensions (DNSSEC). When executed, the first instructions cause the first processor to create at least one public/private PKI keypair for a first domain name, in the DNSSEC, register the first domain name and create a certificate authority (CA), register the CA in the blockchain, using the CA, create a certificate for a first entity, register the certificate in the blockchain and/or the DNSSEC, and assert, to the second organization computer system, trust in the first entity based on the registered certificate.
    Type: Grant
    Filed: July 18, 2022
    Date of Patent: July 18, 2023
    Assignee: Cable Television Laboratories, Inc.
    Inventors: Darshak Thakore, Michael Glenn, Brian Alexander Scriber, Steven John Goeringer
  • Patent number: 11698031
    Abstract: A communication adapter of a gas turbine engine of an aircraft includes a communication interface configured to wirelessly communicate with an offboard system and to communicate with an engine control of the gas turbine engine, a memory system, and processing circuitry. The processing circuitry is configured to receive an engine control dynamic data recording request from the offboard system, confirm an authentication between the communication adapter and the engine control, transfer the engine control dynamic data recording request received at the communication adapter from the offboard system to the engine control based on the authentication, and transmit an update completion confirmation of the engine control from the communication adapter to the offboard system based on a confirmation message from the engine control.
    Type: Grant
    Filed: April 3, 2020
    Date of Patent: July 11, 2023
    Assignee: RAYTHEON TECHNOLOGIES CORPORATION
    Inventors: William C. Lamberti, Paul Raymond Scheid, Jason E. Posniak
  • Patent number: 11693716
    Abstract: Systems, methods, and devices for offloading network data to a datastore. A system includes a publisher device in a network computing environment. The system includes a subscriber device in the network computing environment. The system includes a datastore independent of the publisher device and the subscriber device, the datastore comprising one or more processors in a processing platform configurable to execute instructions stored in non-transitory computer readable storage media. The instructions includes receiving data from the publisher device. The instructions include storing the data across one or more of a plurality of shared storage devices. The instructions include providing the data to the subscriber device.
    Type: Grant
    Filed: September 8, 2021
    Date of Patent: July 4, 2023
    Assignee: ARRCUS INC.
    Inventors: Pushpasis Sarkar, Keyur Patel, Derek Man-Kit Yeung, Alpesh Patel, Lawrence Rolfe Kreeger
  • Patent number: 11695569
    Abstract: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
    Type: Grant
    Filed: March 25, 2021
    Date of Patent: July 4, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: William Frederick Hingle Kruse, Conor Patrick Cahill, Jeffrey Cicero Canton, Dmitry Frenkel, Harshad Vasant Kulkarni, Colin Watson, Andrew Paul Mikulski
  • Patent number: 11695574
    Abstract: A method at an Intelligent Transportation System (ITS) Transmitting Entity, the method including: generating an ITS message; augmenting the ITS message with an Integrity Report generated by an integrity detection function at the ITS Transmitting Entity to create an augmented ITS message; signing the augmented ITS message with an Authorization Certificate or Ticket, the Authorization Certificate or Ticket including an assurance indication from an Audit Certificate Authority for the integrity detection function; and sending the signed, augmented ITS message to an ITS Receiving Entity.
    Type: Grant
    Filed: April 29, 2020
    Date of Patent: July 4, 2023
    Assignee: BlackBerry Limited
    Inventors: Stephen John Barrett, Nicholas James Russell, John Octavius Goyo
  • Patent number: 11695543
    Abstract: A blockchain network control system and method is disclosed. The system includes a processor coupled to a storage comprising a plurality of network entity definitions each defining a different network entity that make up a target network architecture for a permissioned blockchain network. The system also includes a control object communicatively coupled to an ordering service and a plurality of organizations. The plurality of organizations was established by the blockchain network control system by instantiating the organizational membership service provider, registering and enrolling each peer node within each organization, storing the cryptographic identity generated for the peer node, and then instantiating the plurality of peer nodes.
    Type: Grant
    Filed: August 20, 2020
    Date of Patent: July 4, 2023
    Assignee: Myndshft Technologies, Inc.
    Inventors: Stephen J. Meyers, Alec D Iverson
  • Patent number: 11689918
    Abstract: A method is provided that includes receiving, at a first access point in a local area network, a request from a client device to access a wireless local area network. The method also includes creating authentication credentials for the client device based on an identification of the client device, and transmitting the authentication credentials for the client device to a second access point, wherein the first access point and the second access point share a secure block chain application. The method also includes allowing the client device to roam from the first access point to the second access point without requesting new authentication credentials. A system and a non-transitory, computer-readable medium storing instructions to perform the above method are also provided.
    Type: Grant
    Filed: March 1, 2019
    Date of Patent: June 27, 2023
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Aseem Sethi, Manoj Wagle
  • Patent number: 11689371
    Abstract: Techniques for securing digital signatures using multi-party computation. A method includes generating at least one first secret share by a first system, wherein at least one second secret share is generated by one of at least one second system; signing data based on the at least one first secret share when a signing policy is met, wherein the signing is part of an interactive signing process including running a multi-party computation protocol by the first system and the at least one second system, wherein the signed data corresponds to a public key generated based on the plurality of secret shares, wherein the signing policy requires a minimum number of secret shares, wherein shares of one system alone are not sufficient to meet the signing policy, wherein no portion of shares of one system are revealed to the other system during the interactive signing process.
    Type: Grant
    Filed: July 29, 2019
    Date of Patent: June 27, 2023
    Assignee: PAYPAL, INC.
    Inventors: Dan Yadlin, Ben Riva, Alon Navon, Lev Pachmanov, Jonathan Katz
  • Patent number: 11681889
    Abstract: RFID technology may be used to provide digital identities for physical items. An RFID IC attached to or integrated into a physical item contains an identifier for the physical item. Digital identity information associated with the item, such as ownership information, history, properties, and the like, may be located on one or more networks. An entity, after authenticating itself and/or the item, may use the identifier to locate, retrieve, and/or update the item's digital identity information on the network.
    Type: Grant
    Filed: January 21, 2022
    Date of Patent: June 20, 2023
    Assignee: Impinj, Inc.
    Inventors: Christopher J. Diorio, Matthew Robshaw, Tan Mau Wu
  • Patent number: 11671829
    Abstract: Techniques for a server-based association of a device with a user account are described. In an example, a computer system receives, from a second device, first data of a first device. The first data indicates a request for a first association between the first device and a user account. The computer system determines that the first data is valid based on second data associated with the first device. Based on the first data being valid, the computer system sends, to the second device, third data to initiate a user authentication. The computer system then receives, from the second device, a user identifier based on the user authentication and determines that a second association between the user identifier and the user account already exists. The computer system causes the first association between the first device and the user account to be generated based on the second association.
    Type: Grant
    Filed: December 4, 2019
    Date of Patent: June 6, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: Rashmesh Radhakrishnan, Abraham Martin Passaglia, Quentin N. Robinson
  • Patent number: 11665240
    Abstract: A data linkage system includes a data accumulation system that collects and accumulates data held by an information system; and a control service section that manages access information used by the data accumulation system to connect to the information system. The control service section asks the data accumulation system to test the connection to the information system by using the access information managed by the control service section.
    Type: Grant
    Filed: August 23, 2021
    Date of Patent: May 30, 2023
    Assignee: KYOCERA DOCUMENT SOLUTIONS INC.
    Inventor: Koki Nakajima
  • Patent number: 11665001
    Abstract: Disclosed are systems, methods, and non-transitory computer-readable media for network security using Root of Trust (RoT). A node in the vehicle networking system receives an authentication message from an adjacent node in the vehicle networking system. The authentication message included identifying information of the adjacent node that is digitally signed with a digital signature having been generated using a private key. The adjacent node accessed the identifying information of the second node from a source image authenticated during a secure boot of the adjacent node. The node accesses a public key available to the node and authenticates the adjacent node based on the public key and the digital signature included in the authentication message.
    Type: Grant
    Filed: February 11, 2020
    Date of Patent: May 30, 2023
    Assignee: Ethernovia Inc.
    Inventors: Darren S. Engelkemier, Roy T. Myers, Jr., Poon-Kuen Leung, Hossein Sedarat, Ramin Shirani
  • Patent number: 11665006
    Abstract: In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data, including at least one of a user name, user address, user email, user phone number, user tax ID, user social security number and user financial account number. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate, and matches that with the user identification data stored in a database.
    Type: Grant
    Filed: February 26, 2021
    Date of Patent: May 30, 2023
    Assignee: Beyond Identity Inc.
    Inventors: Nelson Melo, Michael Clark, James Clark
  • Patent number: 11657392
    Abstract: An on-boarding server is configured to receive a data set and a manufacturer identifier from a communications device, validate an identity from the data set, and locate a first terminal cryptographic key associated with the manufacturer identifier in a terminal database. The on-boarding server is configured to confirm, using the located first terminal cryptographic key, that the manufacturer identifier received from the communications device was signed with a second terminal cryptographic key. The located first terminal cryptographic key and the second terminal cryptographic key are an asymmetric cryptographic key pair. The on-boarding server is configured to determine an acquirer server from the data set, provide the acquirer server with a merchant identifier, and download to the communications device a payload that includes the merchant identifier.
    Type: Grant
    Filed: June 8, 2020
    Date of Patent: May 23, 2023
    Assignee: The Toronto-Dominion Bank
    Inventors: Robert Hayhow, Jeffrey Aaron Ecker, Igor Elkhinovich, Keith Willard
  • Patent number: 11659384
    Abstract: A data center 5th-Generation (5G) network encrypted multicast-based authority authentication method, system, and device, and a medium. In the present disclosure, authority authentication and data connection are performed on each platform of a data center by 5G network encrypted multicast, and a network encrypted multicast component is configured on the platform of the data center. An encrypted multicast packet is sent to a network by the platform. Connection is completed by handshaking and mutual heartbeat transmission between the platforms. Authority verification is performed through the multicast packet. In this manner, the problem of security risk of traditional authority authentication may be reduced, and the intercommunication speed and efficiency of each platform of the data center may be improved greatly.
    Type: Grant
    Filed: February 19, 2021
    Date of Patent: May 23, 2023
    Assignee: INSPUR SUZHOU INTELLIGENT TECHNOLOGY CO., LTD.
    Inventors: Xin Zhang, Xiaotong Wang, Wanxian He
  • Patent number: 11658816
    Abstract: An example operation includes one or more of initiating a transaction of a blockchain by a contributing member of a group to assign a digital data based document to itself or to at least one other member of the group, validating a block of the blockchain associated with the transaction by the contributing member or the at least one other member that are verified, sending an ephemeral location of the document to the contributing member or the at least one other member that are verified, and modifying the document in the ephemeral location by the contributing member or the at least one other member that is verified.
    Type: Grant
    Filed: April 14, 2021
    Date of Patent: May 23, 2023
    Assignee: Philips North America LLC
    Inventor: David Gerard Ledet
  • Patent number: 11646892
    Abstract: A method, a device, and a non-transitory storage medium are described in which an blockchain-based network information management service is provided. The service provides blockchain mechanisms that allows for the management and disbursement of network information among network devices of a RAN, a core network, and an application layer network. The service may define a structure for the network information that may be used by RAN devices, core devices, and application layer devices of different vendors and third parties.
    Type: Grant
    Filed: October 29, 2020
    Date of Patent: May 9, 2023
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Kalyani Bogineni, Mohan Palat, Ratul K. Guha, Sudhakar Reddy Patil, Jignesh S. Panchal, Kristen Sydney Young, Hans Raj Nahata
  • Patent number: 11640374
    Abstract: An operations server synchronizes updates to a cloud-based shared versioned file system. The shared versioned file system includes directories and sub-directories that are divided into shards. The operations server coordinates requests from local filer servers, each running a respective local version of the shared versioned file system, to update a shard in the cloud-based shared versioned file system. The operations server can provide a global lock on the shard to a local filer server before it updates the shard in the cloud-based shared versioned file system.
    Type: Grant
    Filed: June 22, 2017
    Date of Patent: May 2, 2023
    Assignee: Nasuni Corporation
    Inventors: David M. Shaw, Matthew M. McDonald, Russell A. Neufeld, Christopher S. Lacasse
  • Patent number: 11636472
    Abstract: A terminal configuration server is configured to associate a terminal identifier with a cryptographic key set, and to provide a communications device with the terminal identifier and the cryptographic key set. The terminal configuration server is configured to receive the terminal identifier from the communications device via a communications network, and establish an encrypted tunnel with a terminal via the communications device and the cryptographic key set. The encrypted tunnel is encrypted end-to-end between the terminal configuration server and the terminal. The terminal configuration server is configured to receive a payload request from the terminal via the encrypted tunnel, locate a payload that is associated with the terminal identifier in the payload database, and download the located payload to the terminal via the encrypted tunnel.
    Type: Grant
    Filed: June 8, 2020
    Date of Patent: April 25, 2023
    Assignee: The Toronto-Dominion Bank
    Inventors: Robert Hayhow, Jeffrey Aaron Ecker, Igor Elkhinovich, Keith Willard
  • Patent number: 11632806
    Abstract: A communications device transmits data in preconfigured resources of an uplink of a wireless communications network by performing a procedure to determine whether the communications device can transmit signals in the preconfigured resources of the uplink, and if the communications device determines that it can transmit signals in the preconfigured resources, transmitting signals representing the data in the preconfigured resources. The procedure to determine whether the communications device can transmit signals in the preconfigured resources of the uplink includes a transmission parameter confirmation procedure which confirms that a value of one or more transmission parameters to be used for transmitting the signals representing the data can be used for the signals representing the data to be detected by an infrastructure equipment of the wireless communications network.
    Type: Grant
    Filed: August 8, 2019
    Date of Patent: April 18, 2023
    Assignees: SONY CORPORATION, SONY MOBILE COMMUNICATIONS, INC
    Inventors: Martin Warwick Beale, Shin Horng Wong, Basuki Priyanto
  • Patent number: 11631063
    Abstract: A system and a method for creating a holistic, flexible, scalable, confidential, low-latency, high-volume, immutable distributed ledger for the financial services and other industries. The system allows a scalable blockchain solution with respect to accessible memory requirements of distributed ledgers or distributed databases with confidentiality in the shared records as well as accommodating low-latency, high-capacity transaction capabilities. The method includes a fundamental, generic, logical representation of financial services life-cycles transactions in terms of variable sets of four simple, sequential components. The optimal process generates a self-validating, variable n-dimensional, multi-hash-linked, interdependent distributed ledger that allows the individual network participants to recreate the ledger without having to refer to or confirm with other network participants.
    Type: Grant
    Filed: December 4, 2020
    Date of Patent: April 18, 2023
    Assignee: L4S Corp.
    Inventor: Paul F. Dowding
  • Patent number: 11630921
    Abstract: Methods, systems, and apparatuses, including computer storage media and hardware security modules, for performing batch cryptography on hardware security modules. A hardware security module can receive a request to perform one or more cryptographic operations. The request can include a batch data structure storing a plurality of data elements. The hardware security module can unbatch the plurality of data elements, perform one or more cryptographic operations on the plurality of data elements to generate a plurality of outputs, generate an output batch data structure storing the plurality of outputs, and transmit the output batch data structure in response to the request. The request and the batch data structure can be formed in accordance with a batch hardware security module application program interface (API) implemented by the hardware security module.
    Type: Grant
    Filed: December 11, 2020
    Date of Patent: April 18, 2023
    Assignee: Google LLC
    Inventors: Aditya Sinha, Vanessa Reimer
  • Patent number: 11625211
    Abstract: A printer may include a controller configured to: in a case where a predetermined instruction is obtained from a user under a situation where a service state of the printer for receiving a print job providing service from a server is a disabled state, shift the service state from the disabled state to an enabled state; in a case where a registration instruction to register printer information related to the printer in the server is obtained, send the printer information to the server; in a case where the registration instruction is obtained under the situation where the service state is the disabled state, shift the service state from the disabled state to the enabled state without obtaining the predetermined instruction from the user.
    Type: Grant
    Filed: December 15, 2021
    Date of Patent: April 11, 2023
    Assignee: Brother Kogyo Kabushiki Kaisha
    Inventor: Ryo Yamamoto
  • Patent number: 11621859
    Abstract: A proxy revocation service provides a reliable service for performing revocation checks. The proxy revocation service queries public certificate authorities for the revocation status of a set of digital certificates and maintains a database of the revocation statuses. The proxy revocation service provides a singular endpoint that is Application Protocol Interface (API) accessible to web clients. Web clients communicate with the proxy revocation service through use of API message to perform revocation checks, rather than communicating with the public certificate authorities using an online certificate status protocol (OCSP). Use of the proxy revocation service provides both a reliable service for performing revocation checks as well as shifts the complexity away from the web clients.
    Type: Grant
    Filed: August 31, 2022
    Date of Patent: April 4, 2023
    Assignee: Snowflake Inc.
    Inventors: Harsh Chaturvedi, Harsha S. Kapre, Srinath Shankar
  • Patent number: 11621846
    Abstract: A system includes a binary tree having leaf hashes. The leaf hashes include a device privacy protected index and a set of zero-knowledge commitments relating to a computer device. The system calculates the device privacy protected index using a verifiable random function such that a device entity path in the binary tree cannot reveal any information about any other device in the binary tree, and associates the set of zero-knowledge commitments with the device privacy protected index. The system then generates a privacy-protected attestation for the computer device using the device privacy protected index and the set of zero-knowledge commitments.
    Type: Grant
    Filed: March 25, 2021
    Date of Patent: April 4, 2023
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Igor Stolbikov, Rod D Waltermann, Scott Wentao Li, Ratan Ray
  • Patent number: 11616654
    Abstract: Methods and systems for configuring a security device, such as an electronic lock, are disclosed. In particular, the present disclosure describes methods and systems for provisioning a lock with a certificate such that any change to the lock, or changes to lock-server communication characteristics, can be detected and (optionally) prevented. As such, security of such devices is improved.
    Type: Grant
    Filed: April 24, 2019
    Date of Patent: March 28, 2023
    Assignee: Spectrum Brands, Inc.
    Inventor: James Creighton Hart
  • Patent number: 11616782
    Abstract: As a default, a global permissions model is established. The global permissions model serves for applying a first set of resource access permissions to shared content objects. Additionally, a set of context-aware access policies that govern user interactions over the shared content object is established. When a particular user requests an interaction over a shared content object, then interaction attributes associated with the request are gathered. The context-aware access policies are applied to the request by determining a set of extensible access permissions that are derived from the interaction attributes. The context-aware access policies are enforced by overriding the first set of resource access permissions with dynamically-determined access permissions. When a particular access request is denied, a response is generated in accordance with the set of extensible access permissions and the user is notified. In some cases, the access request is permitted, but only after the user provides a justification.
    Type: Grant
    Filed: October 1, 2020
    Date of Patent: March 28, 2023
    Assignee: Box, Inc.
    Inventors: Alok Ojha, Sivaramakrishnan Subramanian, Kechen Huang, Pal Ramanathan, Varun Parmar, Yi Zhao
  • Patent number: 11611442
    Abstract: Systems and applications are described that use group signature technology to allow for anonymous and/or semi-anonymous feedback while allowing for the application of rules and parameters. The use of group signature technology may serve to potentially mitigate or prevent malicious identification of individuals or entities providing a communication such as feedback. Feedback may range from constructive feedback all the way to the ‘whistleblower’ variety. It may be desirable to identify the individuals as belonging to a particular group or having a particular status or position while maintaining the anonymity of the individuals within the particular group.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: March 21, 2023
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Phillip H. Griffin
  • Patent number: 11606424
    Abstract: As described herein, a system, method, and computer program are provided for blockchain-based entity group management. An instance of a blockchain is maintained for each entity group of a plurality of defined entity groups. Further, the instance of the blockchain maintained for each entity group of the plurality of defined entity groups is utilized to manage group membership for the entity group, and control access by members of the entity group to a plurality of services having functionality configured for the plurality of defined entity groups.
    Type: Grant
    Filed: April 23, 2021
    Date of Patent: March 14, 2023
    Assignee: AMDOCS DEVELOPMENT LIMITED
    Inventors: Pavel Yefim May, Sergey Podalov, Vladimir Tkach
  • Patent number: 11606388
    Abstract: Provided is a method for assigning a time-to-live (“TTL”) value for a domain name system (“DNS”) record at a recursive DNS server. The method comprises obtaining, from a client, the TTL value for the DNS record; and storing, in a memory of the recursive DNS server, the TLL value, an identifier of the client, and the DNS record.
    Type: Grant
    Filed: July 31, 2020
    Date of Patent: March 14, 2023
    Assignee: VeriSign, Inc.
    Inventor: Denis Phillips
  • Patent number: 11601289
    Abstract: The present disclosure relates to systems, methods, and computer-readable media for enhancing security of communications between instances of clients and servers while enabling rotation of server certificates (e.g., X.509 certificates). The systems described herein involve updating a client list of server certificates (e.g., a certificate thumbprint) without reconfiguring or re-installing a client and/or server application, starting a new session (e.g., a hypertext transfer protocol secure (HTTPS) session), or deploying new code. The systems described herein may passively or actively update a client list of certificates to enable a client to security verify an identity of a server instance in a non-invasive way that boosts security from man-in-the-middle types of attacks.
    Type: Grant
    Filed: January 7, 2020
    Date of Patent: March 7, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jeromy Scott Statia, Chunsheng Yang, Priyanka Vilas Deo, Elizabeth Anne Phippen, Bradley Scott Turner
  • Patent number: 11601290
    Abstract: A system and method for preventing use of invalid digital certificates is disclosed. The method comprises receiving, in a validation service from a requesting entity, a cryptographic asset and a request to evaluate the cryptographic asset, the cryptographic asset uniquely assigned to one of the plurality of devices by an associated one of the commercially distinct entities, the request comprising the cryptographic asset, determining an evaluation state of the cryptographic asset at least in part from a database derived from a plurality of public keys currently assigned to the plurality of devices and previously received by the validation service, determining a disposition of the cryptographic asset according to a disposition policy associated with the determined evaluation state and the device and effecting the determined disposition of the cryptographic asset.
    Type: Grant
    Filed: April 22, 2022
    Date of Patent: March 7, 2023
    Assignee: ARRIS Enterprises LLC
    Inventors: Xin Qiu, Christopher Poli, Alexander Medvinsky, Ting Yao, Jinsong Zheng
  • Patent number: 11595358
    Abstract: Two-way secure channels are provided between two parties to a communication with certification being provided by one party. One method comprises providing, by a first entity that provides a certificate authority, a first signed certificate to a second entity, wherein the first signed certificate is signed by the certificate authority and wherein the second entity generates a first request to sign a second certificate generated by the second entity, wherein the first request is generated by the second entity using a first credential generated by the second entity; receiving, from the second entity, (i) the first request to sign the second certificate, and (ii) the first signed certificate; and providing, in response to the certificate authority verifying the first signed certificate, a second signed certificate, signed by the certificate authority, to the second entity; wherein one or more additional communications between the first entity and the second entity use the two-way channel.
    Type: Grant
    Filed: April 7, 2021
    Date of Patent: February 28, 2023
    Assignee: EMC IP Holding Company LLC
    Inventors: Anurag Sharma, Yedidia Atzmony, Shoham Levy, Joji John, Eric Dequin
  • Patent number: 11588638
    Abstract: A system performs digital notarization using a biometric identification service. A signature requesting service receives a request to validate a digital item with a signature for a person. The signature requesting service provides a payload that identifies the digital item and/or the person to an identity service. The identity service obtains one or more digital representations of biometrics for the person, determines an identity for the person, and returns a data structure including the payload and one or more identity attestations regarding the determined identity. The identity service encrypts at least a portion of the data structure using a private encryption key. A public encryption key for the identity service can then be used to decrypt the portion to verify that the data structure was generated by the identity service after determining the identity. In this way, validation can be verified to the full trust level of the identification service.
    Type: Grant
    Filed: September 24, 2021
    Date of Patent: February 21, 2023
    Assignee: ALCLEAR, LLC
    Inventor: Rob Wisniewski
  • Patent number: 11582218
    Abstract: Various embodiments include computing devices and methods for management of access credentials. A processor of a computing device may receive an authentication request from a client application support service to authenticate a client application. The processor may send a response comprising an authentication token to the client application support service. The processor may receive from the client application support service a request for an access token to access a target system. The processor may send a response comprising the access token to the client application support service to enable the client application support service to access the target system using the access token on behalf of the client application.
    Type: Grant
    Filed: June 15, 2020
    Date of Patent: February 14, 2023
    Assignee: Charter Communications Operating, LLC
    Inventors: Jon Svede, Colin B. Holm
  • Patent number: 11576037
    Abstract: Method and system for issuing public key infrastructure (PKI) certificates in a peer-to-peer wireless communication network, comprising generating, at a first certificate authority (CA) node in the peer-to-peer communication network, a PKI certificate based on public key information received from an applicant node in the peer-to-peer wireless communication network; and transmitting the PKI certificate generated by the first CA node to the applicant node using the peer-to-peer wireless communication network.
    Type: Grant
    Filed: October 18, 2019
    Date of Patent: February 7, 2023
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Sheng Sun, Wen Tong
  • Patent number: 11570611
    Abstract: Disclosed according to various embodiments are an electronic device for opening a communication service and a method for an operation of the electronic device.
    Type: Grant
    Filed: May 17, 2019
    Date of Patent: January 31, 2023
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Taikuin Mun, Bongsoo Jeong, Jiah Choi, Junbeom Kim, Donghyoun Son, Siyoul Choi
  • Patent number: 11563731
    Abstract: A system for communicating with multiple vehicles or other electronic devices that share a common media access control (MAC) or other address is disclosed. Upon receiving a certificate signing request (CSR) from a connected device and determining that the device does not have a unique address, the system will generate a unique address for the device and embedding the unique addresses in a certificate, sign the certificate, and transfer the certificate to the device. Then, when the system communicates with the device, the system may use that unique address to identify the device.
    Type: Grant
    Filed: December 17, 2020
    Date of Patent: January 24, 2023
    Assignee: ARGO AI LLC
    Inventors: Christopher Scott Taylor, Brian Margosian, Alexander Cline
  • Patent number: 11546156
    Abstract: The present embodiments relate to establishing secure data communication using an Elliptic-curve Diffie-Hellman ephemeral (ECDHE) key agreement procedure. Devices in a network environment can utilize a key agreement procedure to establish secure communication between multiple application layers in a micro service architecture. Particularly, a tunnel can be established between a mobile device and an encryption service by transmitting key information between the mobile device and the encryption service. This can allow for encryption keys to only be accurately generated by the mobile device and encryption service. Accordingly, intermediary nodes may be unable to decrypt the data, allowing for safe and secure transport of sensitive data.
    Type: Grant
    Filed: May 27, 2020
    Date of Patent: January 3, 2023
    Assignee: United Services Automobile Association (USAA)
    Inventors: Jason Paul Hendry, Zachary Curtis Wade, Daniel Thane Davidson, Patrick Joseph O'Neal, Justin Armstrong Leonard
  • Patent number: 11546319
    Abstract: A method for using a self-signed digital certificate for establishing a secure connection between an Extensible Provisioning Protocol (EPP) client and a server on a communications network, including: receiving a communicated self-signed certificate from the EPP client; obtaining a unique identifier of the EPP client, the unique identifier associated with a domain name stored in a Domain Name System (DNS); using the unique identifier to access a designated DNS record in a DNS zone of the DNS associated with the domain name; retrieving the copy of the digital certificate from the designated DNS record, the copy of the digital certificate containing a public key of the EPP client bound to the domain name; authenticating the copy of the digital certificate with the communicated self-signed certificate; and receiving a generated session key from the EPP client to establish the secure connection over the communications network with the EPP client.
    Type: Grant
    Filed: December 31, 2020
    Date of Patent: January 3, 2023
    Assignee: AFILIAS LIMITED
    Inventors: James Galvin, Ashish Luthra, Michael Runcieman
  • Patent number: 11540350
    Abstract: Disclosed herein are a number of example embodiments where a proxy node is used in a wireless network to expand the functionality of one or more wireless nodes on the network. The proxy node can include a circuit whose function is made available to an associated wireless node in the wireless network via proxy. The wireless nodes and one or more such proxy nodes can be arranged in a wirelessly connected environment to support a variety of remote management operations, including location tracking, status monitoring, and remote control. In an example embodiment, the wireless nodes can be deployed in a retail store and provide remote management and control over any combination of product display assemblies, locks, power strips, display shelves, display hooks, and other node types.
    Type: Grant
    Filed: October 23, 2019
    Date of Patent: December 27, 2022
    Assignee: Mobile Tech, Inc.
    Inventors: Robert Logan Blaser, Matthew Arthur Vallone
  • Patent number: 11537706
    Abstract: A service provider receives a set of credentials from a customer and a request to access one or more services provided by the service provider. An authentication service of the service provider receives the set of credentials and, based at least in part on the received set of credentials, one or more activities performed by the customer, the customer's user profile, and the system configuration of the customer's computing device, calculates a risk score. The authentication service subsequently utilizes the calculated risk score to determine a credential rotation schedule for the set of credentials. The authentication service updates one or more servers to enforce the new credential rotation schedule and enables the customer to utilize the set of credentials to access the one or more services.
    Type: Grant
    Filed: December 19, 2014
    Date of Patent: December 27, 2022
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 11533626
    Abstract: A system and method includes mobile device, a SIM associated with mobile device, an MNO computer, a computer associated with an owner of the mobile device, a first set of keys stored in the SIM for securely communicating with the MNO computer, and a second set of keys for securely communicating with the computer associated with the owner of the mobile device, to exchange application information. The SIM can be configured to determine when updated information related to the second set of keys is required, securely send a request to the MNO computer for updated information related to the second set of keys using the first set of keys, and responsively receive the updated information related to the second set of keys from the MNO computer, the updated information being provisioned by the computer associated with the owner of the mobile device.
    Type: Grant
    Filed: May 7, 2019
    Date of Patent: December 20, 2022
    Assignee: Tata Communications (America) Inc.
    Inventors: Ron Grippo, Luke Kiernan, William Buchanan, Brian Peebles
  • Patent number: 11533169
    Abstract: A method includes encrypting a first message that contains a first public key of a first peer, by using a second public key of a second peer; and decrypting a second message sent from the second peer by using a first private key paired with the first public key. The second message includes a write command and is encrypted at the second peer by using the first public key, and contains an encrypted data encrypted by the second peer using the second public key and hashed by using a secret key of the first peer. The first public key, the second public key, the first private key and the secret key are physically unclonable function (PUF)-based keys.
    Type: Grant
    Filed: December 8, 2020
    Date of Patent: December 20, 2022
    Assignee: TAIWAN SEMICONDUCTOR MANUFACTURING COMPANY LTD.
    Inventor: Mei-Chien Liu
  • Patent number: 11533161
    Abstract: One embodiment of the present application sets forth a computer-implemented method for establishing trust for handles used to identify digital objects in a digital object architecture (DOA) by associating a first attester identifier with a first attester from a trusted public key infrastructure (PKI), identifying a first digital object public key for a first digital object, generating, by the first attester, a first digital object identity attestation that associates the first digital object public key with a handle identifier for the first digital object, wherein the handle identifier is external to the trusted PKI, and generating a first attester identity attestation attesting that the first attester is authentic, where the first attester identity attestation includes the first attester identifier.
    Type: Grant
    Filed: November 18, 2020
    Date of Patent: December 20, 2022
    Assignee: VeriSign, Inc.
    Inventors: Andrew Fregly, Najmehalsadat Miramirkhani, Swapneel Sheth