By Certificate Patents (Class 713/156)
-
Patent number: 11381403Abstract: A method, a system, and a computer program product for validating a transaction. A received request to validate a transaction in accordance with one or more validation rules in a plurality of validation rules is executed. Based on the executed validation request, a validation certificate associated with the transaction is generated. Validity of the validation certificate is determined. The transaction is stored on a blockchain network upon determining that the validation certificate is valid. Storage of the transaction on the blockchain network is prevented upon determination that the validation certificate is invalid.Type: GrantFiled: December 9, 2019Date of Patent: July 5, 2022Assignee: SAP SEInventor: Huijie Zhang
-
Patent number: 11373474Abstract: Systems and methods are provided to allow a smart phone or any terminal to activate a door lock using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes a processor and a communication module. The process has control of a door lock and is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the door lock when a current reservation certificate has been presented.Type: GrantFiled: January 3, 2022Date of Patent: June 28, 2022Assignee: Urban Intel, Inc.Inventors: Chris Outwater, William Gibbens Redmann
-
Patent number: 11374771Abstract: A system for implementing mixed protocol certificates, the system includes a subject device designed and configured to receive, from an issuing device, a first digital certificate, wherein the first digital certificate further comprises a first digital signature public and private key pair according to a first digital signature protocol and a second digital signature public key according to a second digital signature protocol, wherein the second digital signature protocol is distinct from the first digital signature protocol, to generate a second digital certificate, wherein generating the second digital certificate comprises generating a subject digital signature signing the certificate, the subject digital signature generated as a function of the second digital signature protocol and to provide the first digital certificate and the second digital certificate to a verifying device.Type: GrantFiled: March 24, 2020Date of Patent: June 28, 2022Assignee: Ares Technologies, Inc.Inventors: Christian T. Wentz, Mira Belenkiy, Anna Lysyanskaya, Ilia Lebedev
-
Patent number: 11374736Abstract: This is a system and method for homomorphic encryption comprising: a key generation module configured to generate a secret key, a public key and a bootstrapping key; a private-key encryption module configured to generate a first ciphertext using the secret key; a public-key encryption module configured to generate a second cyphertext using the public key; a private-key decoding module configured to decode a first ciphertext, a second ciphertext and an encrypted analytic result; a homomorphic computational module configured to perform an analytical operation, according to an analytical operation request on the first ciphertext and the second ciphertext without decrypting the first ciphertext and the second ciphertext using the bootstrapping key; and, wherein the encrypted analytical result is provided by the homomorphic computational module and are encrypted with the secret key.Type: GrantFiled: June 20, 2019Date of Patent: June 28, 2022Assignee: Clemson UniversityInventor: Shuhong Gao
-
Patent number: 11361110Abstract: A file verification method, a file verification system and a file verification server are provided. The file verification method includes the following steps. A tree data structure is established according to a plurality of first hash values of a plurality of first electronic files. A first root hash value of the tree data structure is stored into a block of a blockchain. A verification data including block information of the block, one of the first hash values and at least one non-terminal hash value of the tree data structure is generated for one of the first electronic files. A second electronic file is verified according to the verification data.Type: GrantFiled: August 19, 2019Date of Patent: June 14, 2022Assignee: Acer IncorporatedInventors: Yung-Cheng Huang, Shao-Nung Huang
-
Patent number: 11362812Abstract: The aim of the invention is to strengthen the security of secure voice and/or video communications established through a network of Internet type. The security of these communications, which are based on the use of the SRTP protocol, is strengthened by the invention which makes it possible, without significantly modifying the protocols, to use better quality session keys produced by a security server of HSM type. These keys are configured by an intermediate server of SIP proxy type when establishing the communication.Type: GrantFiled: December 21, 2018Date of Patent: June 14, 2022Assignee: BULL SASInventor: Alexandre Marchese-Ribeaux
-
Patent number: 11362844Abstract: Systems and methods for provisioning and operating a primary security device in a verifiable end-to-end election system are presented herein. The security device serves as a root of trust for chains of certificates that are deployed and utilized throughout the election process. These chains of certificates, originating with the device, which acts as an intermediate certification authority, are used to create a verifiable trust chain throughout the different parts of the election process, the trust chain being traceable back to the device and to the original root of trust certificate. In various embodiments the security device includes a compute module, a security chip, a connection to a human interface display device, at least one lockable transfer device port, and an air-gapped main board to house the compute module, the security chip, and the lockable transfer device port.Type: GrantFiled: August 30, 2021Date of Patent: June 14, 2022Assignee: Vidaloop, Inc.Inventors: Ryan Scott Cook, David Wallick
-
Patent number: 11362892Abstract: A home energy management system (HEMS) controller certifies a plurality of devices participating in an HEMS network. When a request for re-certification is issued to a given device among the plurality of devices and when a response is not available from the device, the HEMS controller suspends a re-certification process for the device and performs a re-certification process for another device first.Type: GrantFiled: April 23, 2020Date of Patent: June 14, 2022Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.Inventor: Yoichi Masuda
-
Patent number: 11356425Abstract: Embodiments of the present disclosure generally relate to systems, devices, and methods wherein dynamically generated symmetric keys are used for encryption and decryption of software updates for vehicles. The symmetric keys are dynamically generated using a combination of information that ties a given symmetric key to a specific combination of a vehicle and the devices installed therein. The dynamic generation of the symmetric keys also uses a piece of random data generated by an intermediary server, which allows the intermediary server to validate devices before providing the piece of random data and thereby control access to the software updates. Use of the techniques disclosed herein provide heightened security, control, safety, and reliability for over-the-air software updates for vehicles.Type: GrantFiled: November 30, 2018Date of Patent: June 7, 2022Assignee: PACCAR IncInventor: David R. Kruger
-
Patent number: 11356440Abstract: Automated registration of one or more IoT devices seeking connection to one or more IoT platforms using a secure provisioning service. The secured provisioning service verifies and administers connection credentials to each IoT device, ensuring legitimate devices cannot be impersonated or controlled by unauthorized personnel. The provisioning service matches the IoT devices and metadata of each IoT device to the provisioning rules. Connection credentials and/or rules defining each IoT device's access to IoT platforms are based on the provisioning rules of the rules registry. Matching each IoT device to one or more provisioning rules offers flexibility to dynamically add, delete or amend one or more rules in a complex rules-based system, allowing for automatic updates to the connection credentials of each IoT device, wherein each IoT device can be provisioned or re-provisioned using the most up to date set of new or amended rules.Type: GrantFiled: November 30, 2018Date of Patent: June 7, 2022Assignee: International Business Machines CorporationInventors: Amit Mohan Mangalvedkar, Peter David Niblett, Mats Gothe, Jack Philip Boad, Swati Sinha
-
Patent number: 11356281Abstract: Embodiments described herein provide systems and methods to prevent, or provide a countermeasure, to a co-existence attack, for example, that may occur in a Security Credential Management System (SCMS) where both regular butterfly key (RBK) protocol and unified butterfly key (UBK) protocol are supported. Embodiments described herein provide, support, employ, or implement hardware acceleration for a Hardware Security Module (HSM), for example, for cryptographic operations (e.g., block ciphers, digital signature schemes, and key exchange protocols).Type: GrantFiled: May 13, 2020Date of Patent: June 7, 2022Assignees: LG ELECTRONICS, INC., UNIVERSITY OF SAO PAULOInventors: Henrique S. Ogawa, Thomas E. Luther, Jefferson E. Ricardini, Helmiton Cunha, Jr., Marcos A. Simplicio, Jr., Harsh Kupwade-Patil
-
Patent number: 11350283Abstract: Techniques and systems are disclosed to enable location verification and tracking, for use or access of a geographic-specific phone number or similar location feature of a communications service by a mobile computing device at (or within) a geographic location or defined area. In an example, verification of a use of the device at the location or area is enabled by the receipt and collection of location verification data for a token having location verification and time data, with such location verification data being communicated via a short-range wireless network. The verification is enabled by communication of the token to a communications service for device identification and location registration, and assess to a resource based on registered use of the communications device at the geographic location. In further examples, capabilities for security, verification, and auditing of location information is enabled with use of the token and location information.Type: GrantFiled: April 2, 2019Date of Patent: May 31, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Amer Aref Hassan, Hooman Shiranimehr, Ashley Ingram
-
Patent number: 11343099Abstract: A device, method, and computer readable storage medium generate a biometric public key for an individual based on both the individual's biometric data and a secret, in a manner that verifiably characterizes both while tending to prevent recovery of either by anyone other than the individual. The biometric public key may be later used to authenticate a subject purporting to be the individual, using a computing facility that need not rely on a hardware root of trust. Such biometric public keys may be distributed without compromising the individual's biometric data, and may be used to provide authentication in addition to, or in lieu of, passwords or cryptographic tokens. Various use cases are disclosed, including: enrollment, authentication, establishing and using a secure communications channel, and cryptographically signing a message.Type: GrantFiled: May 17, 2019Date of Patent: May 24, 2022Assignee: Badge Inc.Inventors: Charles H. Herder, III, Tina P. Srivastava
-
Patent number: 11343312Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus are provided. In certain configurations, the apparatus may connect to a mesh network that includes at least the first device and a second device. The apparatus may communicate with the second device without obtaining one or more access credentials from the second device.Type: GrantFiled: September 21, 2017Date of Patent: May 24, 2022Assignee: QUALCOMM INCORPORATEDInventors: Joel Linsky, Robin Heydon
-
Patent number: 11337066Abstract: A system (100) for providing a user device (102) access to a resource or data is disclosed. The system (100) comprises: the user device (102) comprising: a light detector (104) configured to detect light (130) emitted by a light source (122), which light (130) comprises an embedded code comprising a light source identifier of the light source (122), a communication unit (108) configured to communicate with a network device (112), a processor (106) configured to retrieve the light source identifier from the light (130), and to communicate the light source identifier to the network device (112).Type: GrantFiled: July 5, 2018Date of Patent: May 17, 2022Assignee: SIGNIFY HOLDING B.V.Inventors: Dirk Valentinus René Engelen, Bartel Marinus Van De Sluis, Dzmitry Viktorovich Aliakseyeu, Mustafa Tolga Eren
-
Patent number: 11336692Abstract: Server Name Indication (SNI) hostname extraction to populate a reverse Domain Name System (DNS) listing to protect against potentially malicious domains. In some embodiments, a method may include detecting a Transport Layer Security (TLS) handshake between a first client application and a first server application, extracting an SNI hostname and an Internet Protocol (IP) address from the TLS handshake, populating the reverse DNS listing with the SNI hostname as a domain paired with the IP address, detecting communication between a second client application and the IP address, accessing the reverse DNS listing to determine the domain paired with the IP address, determining that the domain is a potentially malicious domain, and in response to determining that the domain is a potentially malicious domain, performing a remedial action to protect against the potentially malicious domain.Type: GrantFiled: May 7, 2020Date of Patent: May 17, 2022Assignee: NORTONLIFELOCK INC.Inventor: Bruce McCorkendale
-
Patent number: 11336466Abstract: A method, in a provisioning server, of provisioning a printer, includes: receiving a provisioning request from the printer, the provisioning request containing (i) a printer identifier, and (ii) an account identifier associated with the printer; obtaining, from a digital certificate issuer, a unique string; sending the unique string to the printer; receiving from the printer, in response to sending the unique string, a certificate signing request containing (i) the printer identifier, (ii) the account identifier, and (iii) an authentication token including the unique string signed with a private key of the printer; validating the certificate signing request; passing the validated certificate signing request to the digital certificate issuer; receiving, from the digital certificate issuer, a digital certificate encoding the printer identifier and the account identifier; and providing the digital certificate to the printer for storage.Type: GrantFiled: December 10, 2020Date of Patent: May 17, 2022Assignee: Zebra Technologies CorporationInventors: Andrew J. Pekarske, James P. Van Huis, Ryan E. Brock, Jared Coy Roundy
-
Patent number: 11328050Abstract: Trusted agents operating within a trusted execution environment (TEE) of a client computing device are configured with complex computational puzzles (e.g., hash functions or other proof of work puzzles) for a remote service to solve before the trusted agent executes an operation. The trusted agent may have a policy that the puzzle is associated with, in which the policy defines a statistically defined time period over which puzzles are solved. The statistically defined time period is effectuated through parameters which control a complexity of the puzzle. Malware or bad actors that attempt to misuse the trusted agent are throttled until the remote service solves the puzzle, which is configured with a level of complexity that takes the statistically defined time period.Type: GrantFiled: March 4, 2019Date of Patent: May 10, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Stefan Thom, Brian Clifford Telfer
-
Patent number: 11329833Abstract: The present disclosure provides systems and methods for improving provision of secret data on programmable devices. An appliance receives physical unclonable function (PUF) data pertaining to an integrated circuit. Secret data is provided to the appliance from a secret vault. Public and private PUF keys are derived based upon the PUF data. Further, ephemeral public and private keys are derived by the appliance. The public and private PUF keys, along with the ephemeral public and private keys are used to establish a secure channel for programming the secret data on the programmable device.Type: GrantFiled: September 28, 2017Date of Patent: May 10, 2022Assignee: Intel CorporationInventors: Ting Lu, Robert Landon Pelt, James Ryan Kenny
-
Patent number: 11323274Abstract: In an embodiment, a computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by private certificate authorities. In an embodiment, a private certificate authority hosted by the computing resource service provider is able to issue signed certificates to network entities within the customer enterprise. In an embodiment, the certificate management service provides a network-accessible application programming interface to the private certificate authority that allows applications to create and deploy private certificates programmatically. In an embodiment, the system provides the flexibility to create private certificates for applications that require custom certificate lifetimes or resource names.Type: GrantFiled: June 25, 2018Date of Patent: May 3, 2022Assignee: Amazon Technologies, Inc.Inventors: Peter Zachary Bowen, Todd Lawrence Cignetti, Preston Anthony Elder, III, Brandonn Gorman, Ronald Andrew Hoskinson, Jonathan Kozolchyk, Kenneth Lawler, Marcel Andrew Levy, Kyle Benjamin Schultheiss, Sandeep Shantharaj, Param Sharma, Jose Maria Silveira Neto
-
Patent number: 11316704Abstract: An enhanced certificate authority system and method allows for the enhanced security, validation and Multi-Factor Authentication of user's within a digital signature and transaction system through the creation and management of a user's Digital Identity certificate so that through an enhanced certificate authority a user's identity and bona fides may be both protected and established across a diversity of electronic devices and transactions.Type: GrantFiled: September 30, 2019Date of Patent: April 26, 2022Inventor: Urayoan Camacho
-
Patent number: 11314893Abstract: Systems, methods, and other embodiments described herein relate to securing personally identifiable information associated with riding in a vehicle. In one embodiment, a method includes, in response to receiving, in a mobile device from the vehicle, telematics data about a current trip of the vehicle, securing the telematics data according to at least a mobile cryptographic key associated with the mobile device to provide the telematics data as secured data that is obfuscated. The method includes generating, by the mobile device, a secure packet including at least the secured data and a signature from the vehicle associated with the secured data. The method includes communicating, by the mobile device, the secure packet to a remote computing device to cause the remote computing device to securely store the secured data without identifying a user associated with the mobile device.Type: GrantFiled: August 27, 2019Date of Patent: April 26, 2022Assignee: Toyota Motor Engineering & Manufacturing North America, Inc.Inventor: Vladimeros Vladimerou
-
Patent number: 11310050Abstract: One example provides a method for authenticating a computing device received from a manufacturer, the method including establishing a secured connection with the computing device, receiving, from the computing device, a first set of security artifacts, and retrieving, from a secure cloud storage location, a second set of security artifacts, the second set of security artifacts including the EK public key and the PCR values for the computing device obtained during manufacturing. The method further comprises, when the first set of security artifacts matches the second set of security artifacts, then verifying the computing device as trusted and permitting communication between the computing device and a secured computing environment, and when the first set of security artifacts does not match the second set of security artifacts, then not verifying the computing device as trusted and not permitting communication between the computing device and the secured computing environment.Type: GrantFiled: January 10, 2019Date of Patent: April 19, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Gregory J. Zavertnik, Vishwajit Tumkur Mahalingappa, Soumya Jain, Vimalraj Vasudevan Thekkoot, Karthikeyan Nagarathinam, Sampath Kumar Victor, Varsha Jagdale
-
Patent number: 11310137Abstract: Various systems and methods are provided for propagating information throughout a data center or other network environment. For instance, in certain embodiments, the functionality disclosed herein includes determines propagation rules, and then either stores and/or propagates those rules throughout the datacenter or other network environment. Propagation rules define various conditions or other variables that govern propagation of information throughout a system, such as those systems described herein. The propagation rules can then be used to perform various other functionality. For instance, the functionality described herein can be used to process updates to entities. The functionality described herein can also be used to process updates to propagation metadata. Additionally, the functionality described herein can be used to process the creation of new relationships. The functionality described herein can also be used to process the deletion of objects and/or relationships.Type: GrantFiled: December 28, 2017Date of Patent: April 19, 2022Assignee: Veritas Technologies LLCInventors: Tushar Bandopadhyay, Bharat Dighe
-
Patent number: 11308157Abstract: A song may be matched with information in a song categorization database so that one or more categories associated with the song are identified. Specifically, a method and system for associating one or more advertising categories with a song includes receiving a set of child categories and receiving a wordnet graph. Synsets from the wordnet graph are assigned to function as activators for one or more categories. Next, a set of parent categories relative to the child categories are received. One or more scores are assigned to the parent categories based on their relationships to the child categories. Synsets from a work, such as a song lyric, are compared to the wordnet graph. Relevant child categories are identified based on synsets which match one or more activators. Matching activators are found by using only hypernym relationships between a synset from a work and an activator.Type: GrantFiled: July 5, 2018Date of Patent: April 19, 2022Assignee: KENZIE LANE MOSAIC, LLC.Inventors: Brady L. Rackley, III, Sangameswar Venkatraman, Michelle Levy Russell, Gregory Michael Rickman
-
Patent number: 11297050Abstract: Methods, systems, and apparatus for providing secure communication. The device includes a trusted environment having a memory that is configured to store an application. The device includes one or more processors configured to perform operations of the application that execute within the trusted environment. The operations include sending an access request to connect with a second device, receiving an authentication request from the second device that requests the application to provide a zero-knowledge password proof and obtaining the zero-knowledge password proof. The operations also include sending the zero-knowledge password proof to the second device and establishing a communication channel with the second device.Type: GrantFiled: July 16, 2018Date of Patent: April 5, 2022Assignee: THIRDWAYV, INC.Inventors: Nabil Wasily, Andrew P. Lentvorski
-
Patent number: 11297049Abstract: The invention relates to a method for linking a terminal (1) into a region (4a) of an interconnectable computer infrastructure (2) which is designed for a plurality of users (6, 6a), said region being allocated to a user (6a). A user certificate (12a) is generated for the region (4a) allocated to the user (6a) and is provided to the user (6a) and/or the interconnectable computer infrastructure (2). A terminal certificate (16a) which is compatible with the user certificate (12a) is generated, and the terminal certificate (16a) is entered into the terminal (1). The terminal (1) is registered in the interconnectable computer infrastructure (2) via a data connection (20), wherein the terminal certificate (16a) and/or a password which is encrypted using the terminal certificate (16a) is transmitted from the terminal (1) to the interconnectable computer infrastructure (2) via the data connection (20) for the registration process.Type: GrantFiled: May 16, 2019Date of Patent: April 5, 2022Assignee: SIEMENS AKTIENGESELLSCHAFTInventor: Robert Schwarz
-
Patent number: 11297179Abstract: Verification of the identities of parties participating in network-based communication, such as telephone communication, including SMS/text communication, email communication and the like is provided. Communication identifiers (IDs) (e.g., telephone numbers, email addresses or the like) are verified as being associated with one or more communication parties and, in response, a verified communication (ID) database is established. The verified communication ID database is relied upon when a user/communication is selecting a communication ID as an address for an impending communication or receiving a communication for determining whether the communication ID is verifiably associated with a known communication party. If the communication ID is determined to be verifiably associated with a known communication party, a visual or audible output may be provided on the user's device or within the communication that indicates that the communication ID is verifiably associated with the known communication party.Type: GrantFiled: April 29, 2020Date of Patent: April 5, 2022Assignee: BANK OF AMERICA CORPORATIONInventors: Christopher Daniel Birch, Susan R. Hart, Kelly Renee-Drop Keiter, Lisa Matthews, Cody Dean Searl
-
Patent number: 11296895Abstract: Methods and systems relating incentivizing a data provider to participate in a match making protocol between a business (second entity) to a user (first entity) are shown. Encryption techniques maintain the secrecy of the data providers data such as proprietary analytics of user information such that the data is need not be shared with users or businesses. Businesses can verify that the user has desired properties without learning the actual raw data owned by the data provider. Users initiate data sharing by explicit request but do not learn the actual raw data known to the data provider, only whether or not they satisfy the properties of interest. The data provider is incentivized because the business compensates the data provider for access to proofs of properties about user data.Type: GrantFiled: September 11, 2019Date of Patent: April 5, 2022Assignee: Bitclave Pte. Ltd.Inventors: Alexander Bessonov, Patrick Tague, Mark Shwartzman, Stephen Winston, Vadim Gore
-
Patent number: 11288760Abstract: A recording device may record information continuously. Particular events which occur during recording may be of interest for review (e.g. audit, inspection). Events may be audited to ensure that the data gathered is not tampered with or corrupted and to provably establish an evidence chain of custody. Metadata may mark recorded data of an event, in whole or in part, for later review. Metadata may be identified as an audit tag which may identify particular occurrences during an event. An audit tag may be urgent or non-urgent. Notice of an urgent audit tag may be sent to a server prior to sending the recorded data associated with the audit tag. Recorded data may be cryptographically signed to protect the recorded data from tampering.Type: GrantFiled: August 15, 2017Date of Patent: March 29, 2022Assignee: Axon Enterprise, Inc.Inventors: Mark A. Hanchett, Patrick W. Smith, Tyler J. Conant, Aaron J. Kloc
-
Patent number: 11290301Abstract: A method of communication, within a processing system of a gas turbine engine, between a first electronic component and a second electronic component, comprising: generating by the first electronic component, a request, comprising a digital certificate, intern comprising a first host public key and a first client public key, signed with a first host private key, to initiate a trusted communication session with a second electronic component; encrypting at the first electronic component, at least a portion of the request with a first client private key; transmitting the request to the second electronic component; the first host private key and the first host public key defining a first asymmetric keypair and the first client private key and the first client public key defining a second asymmetric keypair.Type: GrantFiled: November 19, 2019Date of Patent: March 29, 2022Assignees: ROLLS-ROYCE NORTH AMERICAN TECHNOLOGIES INC., ROLLS-ROYCE CORPORATIONInventors: Richard J. Skertic, John J. Costello, Robert T. Duge
-
Patent number: 11290286Abstract: A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.Type: GrantFiled: July 23, 2019Date of Patent: March 29, 2022Assignee: Cable Television Laboratories, Inc.Inventors: Massimiliano Pala, Ronald H. Ih
-
Patent number: 11290434Abstract: A communication device capable of performing encrypted communication with other communication device with use of a common key, obtains, from the other communication device, a certificate including a public key and identification information on the other communication device, verifies validity of the certificate on a basis of the identification information on the other communication device included in the certificate, and transmits the common key encrypted by the public key to the other communication device to perform the encrypted communication in a case where the certificate is valid as a result of the verification.Type: GrantFiled: August 2, 2019Date of Patent: March 29, 2022Assignee: CANON KABUSHIKI KAISHAInventor: Kazuo Moritomo
-
Patent number: 11283791Abstract: A method for re-provisioning a user equipment (UE, 140) after a first digital security certificate for the UE (140) has expired includes communicating content data to a controller (130) over a first secure communication channel after verification of a validity of a first digital security certificate. Once it is realized the first digital security certificate has expired, the UE (140) sends a certificate provisioning request message over an unsecure channel to the controller (130) as a request to the controller (130) to provision a second digital security certificate. The UE (140) signs the certificate provisioning request message with the private key for the now expired first digital security certificate. A second digital security certificate is signed by the rescue-secret private key at the controller (130) and sent to the UE (140), which verifies its authenticity with the corresponding rescue-secret public key.Type: GrantFiled: February 4, 2021Date of Patent: March 22, 2022Assignee: AXIS ABInventors: Magnus Eriksson, Stefan Andersson, Fredrik Hugosson, Jerry Olsson
-
Patent number: 11283630Abstract: Embodiments herein describe providing a certificate signed by a local CA to an unauthenticated server rather than obtaining a certificated signed by a third-party CA. A server that already has a certificate that was signed by a third-party CA may want to establish secure connection with an unauthenticated server which does not have a signed certificate. The unauthenticated server needs a certificate signed by a CA trusted by the server that already has a signed certificate (referred to herein as the authenticated server). To do so, the unauthenticated server sends login credentials to the authenticated server so that this server knows it can trust the unauthenticated server. In turn, the authenticated server can send its signed certificate to the unauthenticated server so it can verify the authenticated server. Once verified, the authenticated server generates a signed certificate for the unauthenticated server using a local CA.Type: GrantFiled: November 5, 2019Date of Patent: March 22, 2022Assignee: International Business Machines CorporationInventors: Erez Alexander Theodorou, Amalia Avraham, Eran Tzabari
-
Patent number: 11283782Abstract: Systems and methods related to a VPN controller are provided. In some embodiments, a first VPN controller is configured to establish a VPN tunnel with a client endpoint, wherein the VPN tunnel is established using an authentication process of the client endpoint, route a L2 request to a second VPN controller via an established communication tunnel between the first VPN controller and the second VPN controller by identifying a Generic Routing Encapsulation (GRE) header of the L2 request and based on the GRE header of the L2 request, directing the L2 request to a responsive L2 device accessible by the second VPN controller, receive an encapsulated L2 response from the second VPN controller identifying acceptance of the L2 request, and enable an electronic communication between the client endpoint and the responsive L2 device at least via the VPN tunnel between the client endpoint and the first VPN controller.Type: GrantFiled: November 26, 2019Date of Patent: March 22, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Amit Agrawal, Nagendra Babu Rapaka, Ravi Suhane
-
Patent number: 11283623Abstract: Systems and methods relating to an extension of a group signature scheme certificate that allows group users to conduct anonymous transactions in public, with the ability to subsequently audit and confirm signer identity. Auditing and confirmatory functions may include group signature openers that are configured to reveal the identity of a signer that is a member of a group by their signature. Auditing and confirmatory functions may also include group signature linkers that are configured to link two signatures to the same signer using a linking key or linking base.Type: GrantFiled: June 3, 2019Date of Patent: March 22, 2022Assignee: Wells Fargo Bank, N.A.Inventor: Phillip H. Griffin
-
Patent number: 11275858Abstract: Disclosed are various approaches for encrypting documents using mobile devices. A first application receives, from a second application a file and an identifier of a user account. The first application then sends a request for a certificate to a certificate authority and receives a certificate in response. The file is then encrypted using the certificate, and the encrypted file is returned to the second application. The second application can identify the user account as the recipient of a file. Then, the second application can send an encryption request that includes the identifier of the user account and the file to the first application. In response to the request, the second application receives the encrypted file and then provides the encrypted file to the recipient.Type: GrantFiled: August 12, 2019Date of Patent: March 15, 2022Assignee: VMWARE, INC.Inventors: Lucas Chen, Gaurav Arora, Evan Hurst, Nicholas Grivas, Nicholas Brouillette, Jubin Benny, Jason Ruby, Eugene Liderman, Hemant Sahani
-
Patent number: 11271755Abstract: The present disclosure includes apparatuses, methods, and systems for verifying a vehicular identity. An example includes a processing resource, memory, and a vehicular communication component configured to verify an identity of the particular vehicle using a public key, wherein the public key is received in response to a departure of the particular vehicle, and request, in response to verifying the identity of the particular vehicle, data corresponding to information associated with the departure of the particular vehicle.Type: GrantFiled: March 25, 2019Date of Patent: March 8, 2022Assignee: Micron Technology, Inc.Inventors: Antonino Mondello, Alberto Troia
-
Patent number: 11265319Abstract: A method and system for associating a unique device identifier with a potential security threat are described. In a method conducted at a remotely accessible server, a unique device identifier is received from a computing device. The unique device identifier is associated with a record and is usable in identifying the computing device. An interaction data element is received from the computing device. The received interaction data element is validated including confirming that the received interaction data element matches an expected interaction data element associated with the record. Based on determining that the received interaction data element is not valid, the record is updated to associate the unique device identifier with a potential security threat. The interaction data element is updated periodically according to a sequence. The expected interaction data element changes based on the sequence.Type: GrantFiled: April 16, 2020Date of Patent: March 1, 2022Assignee: Entersekt International LimitedInventor: Christiaan Johannes Petrus Brand
-
Patent number: 11257159Abstract: System and method for dynamically managing message flow. According to the example embodiments, an intermediary network device or a client device dynamically manages the flow of messages received from an electronic exchange by analyzing the client device's capabilities, such as CPU utilization. Based on a percentage of total CPU utilization, the level of throttling is dynamically adjusted, such that if the percentage of CPU utilization, or load, increases, then throttling is increased from a lower level to a higher level. Similarly, if the percentage of CPU utilization decreases significantly enough, then throttling is decreased to a lower level.Type: GrantFiled: June 23, 2020Date of Patent: February 22, 2022Assignee: Trading Technologies International, Inc.Inventors: Alexander V. Foygel, Bharat Mittal, Douglas R. Duquette
-
Patent number: 11250157Abstract: A system protects personally identifiable information (PII) by implementing an unconventional key management scheme. In this scheme, the system uses a set of keys rather than an individual key for encrypting PII. Different portions of the PII are encrypted using different keys from the set of keys. In this manner, even if a malicious user were to access a key, that key would not give the malicious user the ability to decrypt all of the PII. Additionally, the system generates a new set of keys periodically (e.g., once a month). The system also deletes sets of keys that are too old (e.g., six months old). As a result, even if a malicious user were to access a key, the usefulness of that key would be time limited.Type: GrantFiled: March 3, 2020Date of Patent: February 15, 2022Assignee: THE PRUDENTIAL INSURANCE COMPANY OF AMERICAInventors: Venkatesh Sarvottamrao Apsingekar, Sahil Vinod Motadoo, Christopher John Schille, James Francis Lavine
-
Patent number: 11246032Abstract: Among other things, techniques are described for provisioning and authentication of devices in vehicles. In one aspect, a device in a vehicle establishes a communication session with a network server that manages provisioning of devices corresponding to an enterprise associated with the vehicle. The device receives instructions from the network server to generate cryptographic keys, and in response, generates a public and private key pair. The device sends, to the network server, a certificate signing request that includes the public key and an identifier of the device. In response, the device receives a digital security certificate for the device, and a security certificate of a signing certificate authority. The device authenticates the security certificate of the certificate authority using a known enterprise root certificate, and upon successful authentication, stores the device security certificate and the security certificate of the signing certificate authority.Type: GrantFiled: October 29, 2020Date of Patent: February 8, 2022Assignee: Motional AD LLCInventors: Michael Maass, Karl Robinson
-
Patent number: 11245577Abstract: Methods, systems, and computer-readable media for template-based onboarding of internet-connectible devices are disclosed. A device onboarding service receives an onboarding request comprising a proof and context of identity (PCI) of an Internet-connectible device (ICD). The service determines an account associated with the ICD based at least in part on the onboarding request. The account is associated with an account policy in an onboarding template that is determined at least in part by an owner of the account. If the PCI is verified against one or more criteria of the onboarding template, then a device configuration is determined based at least in part on the onboarding template. The service sends the device configuration to the ICD, and the ICD's behavior is determined at least in part on the device configuration. The ICD uses the access credentials of the device configuration to communicate with an application in a cloud computing environment.Type: GrantFiled: September 26, 2019Date of Patent: February 8, 2022Assignee: Amazon Technologies, Inc.Inventors: Bradley Jeffery Behm, Lomash Kumar, Jijo Raphael Jose
-
Patent number: 11238147Abstract: An application installed on a user device (e.g., a mobile device, a smart device, a communication device, a computing device, etc.) may be used to validate, authenticate, and/or authorize another application installed on and/or associated with the user device.Type: GrantFiled: August 27, 2019Date of Patent: February 1, 2022Assignee: COMCAST CABLE COMMUNICATIONS, LLCInventors: Eric Schrag, Saravanan Muthusamy
-
Patent number: 11240046Abstract: Techniques for providing a digital certificate management for blockchain technologies are described. One example method includes a transaction request including a digital certificate is received from a certificate authority at a node in a blockchain network, and the transaction request is a request to write the digital certificate into a blockchain associated with the blockchain network, and the digital certificate is issued to a node in the blockchain network. A consensus verification result is determined for the transaction request, and the consensus verification result is produced by nodes in the blockchain network. The consensus verification result is compared to a predetermined threshold value. In response to determining the consensus verification result is greater than or equal to the predetermined threshold value, the digital certificate is stored in the blockchain associated with the blockchain network.Type: GrantFiled: June 7, 2021Date of Patent: February 1, 2022Assignee: Advanced New Technologies Co., Ltd.Inventor: Honglin Qiu
-
Patent number: 11240726Abstract: A communication continuity device configured to automatically switch to alternative communication service providers and/or communication channels in response to a predicted or identified communication degradation event. The communication continuity device includes a communication hub configured to receive communication channels from different sources, and an intelligent switch device that is configured to select a communication channel to provide connectivity between an internal network within an organization and an external network outside of the organization.Type: GrantFiled: July 1, 2020Date of Patent: February 1, 2022Assignee: Bank of America CorporationInventors: George Albero, Elijah Clark, Elizabeth Swanzy-Parker, Andrew Sides
-
Patent number: 11240671Abstract: Disclosed herein are methods, systems, and media for providing Bluetooth connection between Bluetooth devices. One of the methods comprises: generating, by a first Bluetooth device, a code; encrypting the code to generate a first ciphertext in response to detecting that a Bluetooth connection is disconnected; generating, by the first Bluetooth device, a broadcast packet based on the first ciphertext, and broadcasting the broadcast packet to a second Bluetooth device; receiving a scanning request from the second Bluetooth device, the scanning request including a random private address; verifying the scanning request based on the random private address; sending, in response to verifying the scanning request, a scanning response to the second Bluetooth device based on the random private address in the scanning request; and establishing a Bluetooth connection with the second Bluetooth device in response to determining that a connection request from the second Bluetooth device is received.Type: GrantFiled: June 23, 2021Date of Patent: February 1, 2022Assignee: Alipay (Hangzhou) Information Technology Co., Ltd.Inventors: Lin Huang, Dingliang Yan, Yunding Jian
-
Patent number: 11232215Abstract: Electronic laboratory notebook (ELN) system (1), comprises an ELN managing application (3) of an ELN service provider and being accessible for clients via the Internet and being configured for managing the access of the clients on the electronic laboratory notebook represented by ELN data in an ELN database hosted by the ELN service provider, a client computer (2) being located on premises of the client and connected to the internet (4), the client computer (2) running a client software (7) to communicate with the ELN managing application (3) via the Internet (4), a local storage server (5) being located on premises of the client, the local storage server being configured for storing ELN-files, which include content of the ELN, and the ELN application (3) being configured for controlling, in dependence on the client's access rights, the transfer of the ELN-files between the local storage server and the client computer.Type: GrantFiled: May 8, 2017Date of Patent: January 25, 2022Inventor: Erwin Seinen
-
Patent number: 11233641Abstract: Some implementations of the disclosure are directed to: receiving an encrypted message from an entity, the encrypted message including a request to determine if a claimant of a distributed attestation is a holder of the distributed attestation; decrypting the encrypted message; using at least a public key of the entity to determine whether the entity is authorized to obtain information about the distributed attestation; and if the entity is authorized to obtain information about the distributed attestation, transmitting a response message to the entity indicating if the claimant of the distributed attestation is the holder of the distributed attestation. Authorization of the entity to obtain information about the distributed attestation may be based on role based access control rights to obtain information about the distributed attestation.Type: GrantFiled: July 31, 2018Date of Patent: January 25, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Abilash Soundararajan, Michael Reid Tennefoss