Chain Or Hierarchical Certificates Patents (Class 713/157)
  • Patent number: 11405206
    Abstract: Systems and methods for managing a compromised autonomous vehicle server are described herein. A processor may obtain an indication of a first server configured to control an autonomous vehicle being compromised. The autonomous vehicle may have previously been provisioned with a first public key. The first public key may be paired with a first private key. A processor may compile command information. The command information may include a command for the autonomous vehicle and a digital certificate of a second server configured to control the autonomous vehicle in the event of the first server being compromised. The digital certificate may include a second public key and may be signed with the first private key. The command may be signed with a second private key associated with the second server. The second private key may be paired with the second public key.
    Type: Grant
    Filed: December 30, 2018
    Date of Patent: August 2, 2022
    Assignee: Beijing Voyager Technology Co., Ltd.
    Inventors: Jiang Zhang, Xiaoyong Yi, Liwei Ren
  • Patent number: 11374930
    Abstract: Various embodiments are generally directed to techniques to form secure communications between two computing devices in which the chain of trust of those communications is extended to a particular application routine executed by one of the two computing devices. An apparatus includes a processor component; a verifying component to verify a link attestation credential received from a server to verify an ability of the server to form a secure pipeline, and to signal an application routine with an indication of a result of the verification by the verifying component; and a hash component to generate a return hash of a return signature associated with the application routine to indicate to the server that the application routine has also verified the link attestation credential to form the secure pipeline between the server and the application routine. Other embodiments are described and claimed.
    Type: Grant
    Filed: January 2, 2019
    Date of Patent: June 28, 2022
    Assignee: INTEL CORPORATION
    Inventors: Adi Shaliv, Jesse Walker
  • Patent number: 11336636
    Abstract: Systems and methods for server authentication in a content delivery network are provided. Various embodiments include a content delivery network obtaining multiple digital certificates from multiple certificate authorities. When a client attempts to access the content delivery network, the network serves the client a digital certificate and then monitors the authentication of the certificate. If the authentication fails, the content delivery network serves the client another digital certificate that was issued from a different certificate authority. In other embodiments, the content delivery network constantly monitors the function of each certificate authority. The content delivery network constantly pings each certificate authority. If any one of the certificate authorities fails to respond to the pings, the content delivery network will presume the certificate authority is non-operational and will stop using certificates from the non-operational certificate authorities until they resume operation.
    Type: Grant
    Filed: January 31, 2020
    Date of Patent: May 17, 2022
    Assignee: Fastly, Inc.
    Inventor: Sean Leach
  • Patent number: 11308193
    Abstract: An embodiment of the present invention is directed to a translation layer that intercepts a token and converts new group names into old entitlement verbiage based on data loaded at start-up (e.g., hash map, etc.) from a configuration file. The old entitlement verbiage may be loaded into the User Session just as it would have been if the entitlements had come from within the old application authorization structure. The remainder of the application is unaware that the authorization source has changed.
    Type: Grant
    Filed: August 30, 2019
    Date of Patent: April 19, 2022
    Assignee: JPMorgan Chase Bank, N.A.
    Inventors: Brooke Koskinen, Imamuddin H. Syed, William Loughery
  • Patent number: 11301361
    Abstract: The present disclosure involves a sidechain testing system and method for improving security and stability of a smart contract.
    Type: Grant
    Filed: January 28, 2020
    Date of Patent: April 12, 2022
    Assignee: Huazhong University of Science and Technology
    Inventors: Weiqi Dai, Hai Jin, Deqing Zou, Bingcheng Zhao
  • Patent number: 11233640
    Abstract: A system for committing event data includes an interface and a processor. The interface is configured to receive input data and receive a client key. The processor is configured to generate an Nth sequence number; determine an Nth event hash using the input data, an N?1 signature, and the Nth sequence number; encrypt the Nth event hash with the client key to generate an Nth signature; generate an Nth event from the input data, the N?1 signature, the Nth sequence number, and the Nth signature; and, in response to an aggregate N?1 of one or more prior events being valid, apply Nth event onto the aggregate N?1.
    Type: Grant
    Filed: May 13, 2020
    Date of Patent: January 25, 2022
    Assignee: Ridgeline, Inc.
    Inventors: George Michael Barrameda, Joan Hyewon Hong, Hayden Ray Hudgins, Nathan Matthew Macfarlane
  • Patent number: 11228450
    Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing certifications.
    Type: Grant
    Filed: April 29, 2021
    Date of Patent: January 18, 2022
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Chaofan Yu, Lei Wang, Aihui Zhou, Ning Zhang, Hongliang Tian, Junxian Xiao
  • Patent number: 11222319
    Abstract: A method for managing a post-hoc device registration in an ecosystem is provided. The method includes assembling an electronic device, having a system on a chip (SoC) integrated therein. The method further includes activating/onboarding the device, receiving, by a CA from the device, a communication containing at least one keypair, validating, from the CA to the device, the at least one keypair, triggering, by the CA, data capture of validation data. The validation data includes user registration data, and manufacture/status data for least one of the device and the SoC. The captured validation data is stored in a database of the CA, and then aggregated, along with the received at least one keypair, from the CA database into a billing invoice to the device assembler. The registration data is referenced to the at least one keypair and other validation data by the CA.
    Type: Grant
    Filed: October 16, 2017
    Date of Patent: January 11, 2022
    Assignee: Cable Television Laboratories, Inc.
    Inventor: Brian Alexander Scriber
  • Patent number: 11218327
    Abstract: Implementations of the present disclosure provide techniques to improve security in blockchain networks. In some implementations, a linking request is received from a node. The node requests to be linked to a blockchain network. The linking request includes a digital code. One or more consensus verification messages are received from one or more blockchain nodes of the blockchain network. Each consensus verification message indicates whether a respective blockchain node approves or denies the linking request. A consensus verification result is determined based on the one or more consensus verification messages. In response to determining that the linking request is approved by the one or more blockchain nodes, the digital code is stored into the blockchain network as a digital certificate of the node.
    Type: Grant
    Filed: July 2, 2021
    Date of Patent: January 4, 2022
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Honglin Qiu
  • Patent number: 11218328
    Abstract: Implementations of the present disclosure provide techniques to improve security in blockchain networks. In some implementations, a linking request is received from a node. The node requests to be linked to a blockchain network. The linking request includes a digital code. One or more consensus verification messages are received from one or more blockchain nodes of the blockchain network. Each consensus verification message indicates whether a respective blockchain node approves or denies the linking request. A consensus verification result is determined based on the one or more consensus verification messages. In response to determining that the linking request is approved by the one or more blockchain nodes, the digital code is stored into the blockchain network as a digital certificate of the node.
    Type: Grant
    Filed: July 2, 2021
    Date of Patent: January 4, 2022
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Honglin Qiu
  • Patent number: 11210392
    Abstract: Disclosed herein are systems and methods for enabling the automatic detection of executable code from a stream of bytes. In some embodiments, the stream of bytes can be sourced from the hidden areas of files that traditional malware detection solutions ignore. In some embodiments, a machine learning model is trained to detect whether a particular stream of bytes is executable code. Other embodiments described herein disclose systems and methods for automatic feature extraction using a neural network. Given a new file, the systems and methods may preprocess the code to be inputted into a trained neural network. The neural network may be used as a “feature generator” for a malware detection model. Other embodiments herein are directed to systems and methods for identifying, flagging, and/or detecting threat actors which attempt to obtain access to library functions independently.
    Type: Grant
    Filed: July 3, 2020
    Date of Patent: December 28, 2021
    Assignee: Sentinel Labs Israel Ltd.
    Inventors: Shlomi Salem, Roy Ronen, Assaf Nativ, Amit Zohar, Gal Braun, Pavel Ferencz, Eitan Shterenbaum, Tai Maimon
  • Patent number: 11171953
    Abstract: A technique includes receiving a request from a first electronic device to connect to a network and receiving a first part from the first electronic device. The technique includes regulating onboarding of the first electronic device. Regulating the onboarding includes authenticating the first electronic device. Authenticating the first electronic device includes communicating with a plurality of electronic devices that are connected to the network to receive a set of second secret parts; constructing a first secret from the first secret part and the set of second secret parts; and comparing the first secret to a second secret. Regulating the onboarding of the first electronic device includes allowing the first electronic device to connect to the network based on a result of the comparison.
    Type: Grant
    Filed: November 26, 2018
    Date of Patent: November 9, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Sharath Srikanth Chellappa, Yashavantha Nagaraju Naguvanahalli, Dileep Bangalore Sridhara, Thomas M. Laffey
  • Patent number: 11153752
    Abstract: A method of a local bundle assistant (LBA) negotiating a certificate with a secondary platform bundle manager (SPBM) in a wireless communication system including: transmitting a request message requesting information of certificates supported by a secondary secure platform (SSP) to a secondary platform bundle loader (SPBL) of the SSP; receiving the information of certificates supported by the SSP including information of certificate issuers corresponding to a family identifier from the SPBL; transmitting the information of certificates supported by the SSP to the SPBM; and receiving a certificate of the SPBM for key agreement, information of public key identifiers of certificate issuers to be used by the SSP, and information of the family identifier from the SPBM.
    Type: Grant
    Filed: September 9, 2019
    Date of Patent: October 19, 2021
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kangjin Yoon, Duckey Lee, Hyewon Lee, Jonghoe Koo
  • Patent number: 11108547
    Abstract: Methods and apparatuses for retrieving blockchain data are disclosed. One method comprises: receiving a data retrieving request that comprises a target transaction identifier; identifying a transaction storage location that corresponds to the target transaction identifier as a target transaction storage location based on a pre-stored correspondence between transaction identifiers of transactions recorded on a blockchain associated with the blockchain network and transaction storage locations of the transactions; and retrieving data from the target transaction storage location in the blockchain.
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: August 31, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Xinying Yang
  • Patent number: 11086971
    Abstract: There is provided a method to playback content in a ROM having a ROM ID. The method includes copying the content from the ROM to a RAM having a RAM ID, copying the ROM ID to a memory accessible to a RAM controller, transmitting a license request from the RAM controller to a license server, the license request comprising a RAM controller ID, the ROM ID and a request for a content license to play back the content from the RAM; receiving the content license including a right for the playback of the content from the RAM, and a content key, decrypting the content license by the RAM controller, according to the RAM controller secret associated with the RAM controller ID, to recover and provide the content key to a playback module, decrypting the content using the content key to generate a decrypted content, and playing back the decrypted content.
    Type: Grant
    Filed: September 20, 2019
    Date of Patent: August 10, 2021
    Assignee: Disney Enterprises, Inc.
    Inventors: Hanno Basse, Ian E. Harvey
  • Patent number: 11068875
    Abstract: Using electronic devices (such as cellular telephones) that communicate wirelessly, two individuals can make person-to-person payments. In particular, an individual using an electronic device may identify another proximate electronic device of a counterparty in a financial transaction, and may provide an encrypted payment packet to the other electronic device that includes: a financial credential for a financial account of the individual, a payment amount, and a payment sign. When the other electronic device receives the encrypted payment applet, the counterparty may accept the payment in the financial transaction specified by the encrypted payment packet. Then, the other electronic device may provide the encrypted payment packet and another encrypted payment packet (with a financial credential for a financial account of the counterparty, the payment amount and the opposite payment sign) to a third party that completes the financial transaction.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: July 20, 2021
    Assignee: Apple, Inc.
    Inventors: Ahmer A. Khan, Timothy S. Hurley
  • Patent number: 11070541
    Abstract: Embodiments of the present application provide a certificate management method and apparatus in an NFV architecture. The certificate management method includes: determining, by an MANO, a storage network element, where the storage network element is configured to store a certificate of a VNFC, and the storage network element is different from the VNFC; creating, by the MANO, storage space in the storage network element, where the storage space is used to store the certificate of the VNFC; and sending, by the MANO, an address of the storage space to the VNFC, so that the VNFC accesses the address of the storage space, obtains the certificate of the VNFC, and directly communicates with another network element by using the certificate stored in the storage network element. The VNFC does not locally store the certificate.
    Type: Grant
    Filed: April 20, 2018
    Date of Patent: July 20, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Wenji Liu, Jiangsheng Wang
  • Patent number: 11030119
    Abstract: The present disclosure provides a storage data encryption and decryption method, including: providing a true random number generator configured to generate a plurality of keys; providing a data memory configured to store data and a key memory configured to store keys, and writing the keys into the key memory; and providing a data reading and writing interface module configured to read and write data, and providing a data encryption and decryption module configured to read the keys and perform encryption and decryption operations. The data written by the data reading and writing interface module is encrypted by the data encryption and decryption module and written into the data memory. The data read from the data memory is decrypted by the data encryption and decryption module and read to the data reading and writing interface module.
    Type: Grant
    Filed: October 30, 2018
    Date of Patent: June 8, 2021
    Assignee: C-SKY Microsystems Co., Ltd.
    Inventors: Jun Yang, Jie Wang
  • Patent number: 11025598
    Abstract: Method and apparatus for storing and managing encrypted electronic information, which enables on-demand access to a data owner's encrypted electronic information only to the data owner or to authorized data recipients, and only so long as the authorization is not rescinded by the data owner. The authorized data recipient's access to the data owner's information is limited solely to those portions of the data owner's encrypted electronic information designated by the data owner. Moreover, the authorized data recipient's limited access to the encrypted electronic information is accomplished without ever revealing or exposing the data owner's secret or private encryption key(s) to the authorized data recipient. The data owner can also immediately disable this access at any time by rescinding the access authority, if so desired, thereby terminating the authorized recipient's access to any existing information on the system, or any additional information yet to be uploaded, encrypted and stored on the system.
    Type: Grant
    Filed: February 8, 2021
    Date of Patent: June 1, 2021
    Assignee: Mockingbird Ventures, LLC
    Inventors: Cameron Laghaeian, Ugo Ferrante, Lori P. Cobb
  • Patent number: 11010153
    Abstract: A method of controlling an information processing apparatus and an information processing apparatus are provided. The information processing apparatus detects whether or not a control program stored in a storage has been falsified, updates the control program to a valid control program in accordance with a detection of the detecting unit that the control program has been falsified, and initializes setting data set in the information processing apparatus in accordance with an update of the control program.
    Type: Grant
    Filed: May 31, 2019
    Date of Patent: May 18, 2021
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Yuichi Yagi
  • Patent number: 10991196
    Abstract: A system includes a first server and a second server. The second server receives a value from a first device, possibly via the first server, and stores the value. In response to a request from a second device, the second server then determines the value and sends the value to the second device. In this fashion, verification can be made that the first device is in communications with the first server.
    Type: Grant
    Filed: August 22, 2017
    Date of Patent: April 27, 2021
    Assignee: CFPH, LLC
    Inventor: Dean P. Alderucci
  • Patent number: 10992482
    Abstract: Methods, systems, and apparatus, including computer-readable media, for verified boot and key rotation. In some implementations, a device extracts a public key from a secure data storage area of the device. The device extracts a first certificate for an intermediate key and a second certificate for a signing key, the first certificate and the second certificate being extracted from a system image. The device verifies a signature of the first certificate using the public key. After verifying the signature of the first certificate, the device verifies the second certificate using a public key in the first certificate. In response to verifying the second certificate, the device loads the system image during a boot process of the device.
    Type: Grant
    Filed: December 14, 2017
    Date of Patent: April 27, 2021
    Assignee: Google LLC
    Inventors: Alejandro Martin Deymonnaz, Darren David Krahn, David Zeuthen
  • Patent number: 10977024
    Abstract: There is provided methods and apparatuses for secure updating of firmware/software. The methods and apparatus can be enabled by making use of the Online Certificate Status Protocol (OCSP) to request the revocation status of certificates in the certificate chain. In particular, a method called ‘OCSP stapling’ can ensure the validity of the certificates or verify authenticity of the software/firmware. By virtue of features of the OCSP stapling, the user device does not need to contact CAs directly for the purpose of verifying the status of the certificates that ensure authenticity and integrity of the delivered software/firmware and thus is not required to open an extra communication channel to obtain status of certificates. This process can also reduce the burden on CAs because the CAs are neither required to keep a large volume of CRLs nor to maintain connection with user devices for which the CAs are responsible.
    Type: Grant
    Filed: June 15, 2018
    Date of Patent: April 13, 2021
    Assignee: SIERRA WIRELESS, INC.
    Inventor: Alex Jiang
  • Patent number: 10943030
    Abstract: In accordance with embodiments within, a securable independent electronic document apparatus is taught. With an authenticable and tamper detectable electronic container, elements and sections supporting platform, vendor and authentication independence, data sections and elements supporting, if user desired, digital signatures, data automation and nested embedding, graphical image data, and/or other types of data elements and sections supporting perceptual integrity and authenticity verification, and/or other free formatted data elements and sections supporting a plurality of types of data processing operations, and, if user desired, imaging representation comprised within a container using a securable and independent system. The securable independent electronic document apparatus presents solutions for the personal unique and interwoven creation and enhancement of user and document security and confidence in electronic data information's digital distribution, commerce, trade, publishing and/or exchange.
    Type: Grant
    Filed: December 15, 2008
    Date of Patent: March 9, 2021
    Assignee: iBailBonding.Com
    Inventor: John Lewis Guymon, Jr.
  • Patent number: 10936723
    Abstract: A system and method are disclosed in which a node of a peer-to-peer (P2P) network supporting a blockchain is able to restart following network or power disruption (or is able to initially join the blockchain network) by bootstrapping information from one or more peer nodes in the P2P network. The bootstrapping operation involves communication between the Trusted Execution Environments (TEEs) of the two or more nodes. The system and method ensure that the retrieval of data related to the blockchain state are not from untrusted parts of the peer node(s) and the data has not been tampered with (avoidance of replay attacks).
    Type: Grant
    Filed: March 27, 2019
    Date of Patent: March 2, 2021
    Assignee: INTEL CORPORATION
    Inventors: Manoj Gopalakrishnan, Ashish Kumar Mishra, Amol Kulkarni
  • Patent number: 10897484
    Abstract: The present invention relates to the technical field of computer software analysis and discloses an RFC-directed differential testing method of certificate validations in a SSL/TLS implementations which includes: extracting rules from RFC and updating the rules, classifying the rules, further classifying consumer rules and shared rules into breakable rules and unbreakable rules, expressing the rules as variables, and generating a symbolic program; generating low-level test cases by applying the dynamic symbolic execution technique to the symbolic program; assembling high-level test cases i.e. digital certificates according to the low-level test cases; and employing the assembled digital certificates to the differential testing of the certificate validation in SSL/TLS implementations.
    Type: Grant
    Filed: May 29, 2018
    Date of Patent: January 19, 2021
    Assignee: XIDIAN UNIVERSITY
    Inventors: Cong Tian, Chu Chen, Zhenhua Duan
  • Patent number: 10867053
    Abstract: This disclosure is related to devices, systems, and techniques for automatically generating software packages to provide Secure Computation as a Service (SCaaS). For example, a computing device includes processing circuitry configured to receive a set of information comprising an indication of a first party and an indication of a second party. Additionally, the processing circuitry is configured to generate, based on the set of information, a first software package corresponding to the first party, the first software package configured to implement a secure computation, and generate, based on the set of information, a second software package corresponding to the second party, the second software package configured to implement the secure computation. Additionally, the processing circuitry is configured to export the first software package and export the second software package, enabling the first party device and the second party device to perform the secure computation.
    Type: Grant
    Filed: April 11, 2019
    Date of Patent: December 15, 2020
    Assignee: SRI International
    Inventors: Karim Eldefrawy, Tancrede Lepoint
  • Patent number: 10833863
    Abstract: A computing device is provisioned to be remotely managed by a current owner. The device has an initial cryptographic basis of trust, and an owner identifier that facilitates establishment of communication with the current owner of the device. The ownership may change one or more times while the device may remain inoperative. Later, the device receives a transfer-of-ownership indication, which it verifies against the initial basis of trust to establish a new current owner. The device may then communicate with a device management service of the new current owner based on the transfer-of-ownership indication.
    Type: Grant
    Filed: July 1, 2016
    Date of Patent: November 10, 2020
    Assignee: Intel Corporation
    Inventors: Ernie F. Brickell, Geoffrey H. Cooper
  • Patent number: 10805091
    Abstract: Disclosed herein are system, method, and computer program product embodiments for certificate tracking. An embodiment operates by a computer implemented method that includes receiving, by at least one processor of a certificate manager, a first request from a client device and sending a second request for a root certificate to a certificate authority. The method further includes receiving the root certificate from the certificate authority and sending a third request to the certificate authority for one or more additional certificates. The method further includes receiving the one or more additional certificates from the certificate authority and storing the root certificate and the one or more additional certificates. The certificate manager and the certificate authority can be located on different networks.
    Type: Grant
    Filed: April 28, 2017
    Date of Patent: October 13, 2020
    Assignee: SAP SE
    Inventors: Pavan Kiran Rai, Sajid Thalam Kandathil
  • Patent number: 10754935
    Abstract: A non-transitory computer readable storage medium including instructions that, when executed by a computing system, cause the computing system to perform operations. The operations include collecting, by a processing device, raw data regarding a user action. The operations also include converting, by the processing device, the raw data to characteristic test data (CTD), wherein the CTD represents behavior characteristics of a current user. The operations also include identifying, by the processing device, a characteristic model corresponding to the behavior characteristics represented by the CTD. The operations also include generating, by the processing device, a predictor from a comparison of the CTD against the corresponding characteristic model, wherein the predictor comprises a score indicating a probability that the user action came from an authenticated user.
    Type: Grant
    Filed: June 19, 2017
    Date of Patent: August 25, 2020
    Assignee: Akamai Technologies, Inc.
    Inventor: Sreenath Kurupati
  • Patent number: 10740277
    Abstract: A method and system for embedded personalized communication have been disclosed. According to one embodiment, a computer-implemented method comprises providing software code to be embedded in a webpage. The webpage is loaded including the software code. A configuration file is fetched from a configuration server in response to the software code. A first instant messaging user interface is rendered on the webpage. A request is sent to a web-based instant messaging server, the request initiating an instant messaging session with a second instant messaging user interface.
    Type: Grant
    Filed: March 20, 2017
    Date of Patent: August 11, 2020
    Assignee: Google LLC
    Inventors: Elaine Wherry, Sandy Jen, Seth Sternberg, Jian Shen
  • Patent number: 10735208
    Abstract: It is provided a method, including checking if an indication is received that a certificate installed in a communication entity is to be revoked at a revocation time in the future; preparing, if the indication is received, a first revocation list, wherein the first revocation list includes an identifier of the certificate and the revocation time; providing the first revocation list to the communication entity.
    Type: Grant
    Filed: March 2, 2015
    Date of Patent: August 4, 2020
    Assignee: Nokia Solutions and Networks Oy
    Inventors: Shekhar Kumar, Juergen Opschroef, Martin Karl Peylo, Giangiacomo Guglielmini, Michal Szymanski
  • Patent number: 10715500
    Abstract: A computer-implemented method for information protection comprises: committing a transaction amount of a transaction with a first commitment scheme to obtain a transaction commitment value, committing a change of the transaction with a second commitment scheme to obtain a change commitment value, the first commitment scheme comprising a transaction blinding factor, and the second commitment scheme comprising a change blinding factor; encrypting a first combination of the change blinding factor and the change with a first key; transmitting the transaction blinding factor, the transaction amount, and the transaction commitment value to a recipient node associated with a recipient for the recipient node to verify the transaction; in response to that the recipient successfully verifies the transaction, obtaining an encrypted second combination of the transaction blinding factor and the transaction amount encrypted with a second key.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: July 14, 2020
    Assignee: ALIBABA GROUP HOLDING LIMITED
    Inventors: Huanyu Ma, Wenbin Zhang, Baoli Ma, Zheng Liu, Jiahui Cui
  • Patent number: 10715311
    Abstract: An embodiment herein provides a processor implemented method for blockchain-based authentication of a user using a user device, that includes (i) obtaining an identify information associated with an identity document of the user; (ii) storing the identity information, and a set of credentials, with a blockchain to link the identity information with the set of credentials for the user; (iii) obtaining a cryptographic challenge from a relying party device when a record that includes a user identity information of the user and the set of credentials associated with the user identity information for the user device is found to be stored with the blockchain; and (iv) transmitting a response to the cryptographic challenge to the relying party device. The relying party device checks whether the response matches with a predetermined correct response or not. The relying party device authenticates the user only if the response matches with the predetermined correct response.
    Type: Grant
    Filed: May 7, 2018
    Date of Patent: July 14, 2020
    Assignee: Workday, Inc.
    Inventors: Prakash Sundaresan, Lionello G. Lunesu, Antoine Cote
  • Patent number: 10678920
    Abstract: According to a first aspect of the present disclosure, an electronic device is provided, comprising: an attack detection unit arranged to detect one or more attacks on the electronic device; a countermeasure unit arranged to apply countermeasures against the attacks detected by the attack detection unit; a threat level determination unit arranged to determine a threat level corresponding to the attacks detected by the attack detection unit; wherein the countermeasure unit is further arranged to activate one or more specific ones of said countermeasures in dependence on the threat level determined by the threat level determination unit. According to a second aspect of the present disclosure, a corresponding method of protecting an electronic device is conceived. According to a third aspect of the present disclosure, a corresponding computer program product is provided.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: June 9, 2020
    Assignee: NXP B.V.
    Inventor: Sebastian Stappert
  • Patent number: 10630470
    Abstract: In some examples, with respect to zone based key version encoding, data that is to be encrypted may be ascertained, and a key, including a key version, that is to be used to encrypt the ascertained data may be ascertained. Encrypted data may be generated by encrypting the ascertained data based on the ascertained key, and a zone representing the key version may be determined. Further, encrypted zoned data may be generated by applying the determined zone to the encrypted data to encode the key version, and the encrypted zoned data including the encoded key version may be stored.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: April 21, 2020
    Assignee: MICRO FOCUS LLC
    Inventors: Cheryl He, Timothy Roake, Luther Martin
  • Patent number: 10579997
    Abstract: Techniques are disclosed relating to authenticate a user with a mobile device. In one embodiment, a computing device includes a short-range radio and a secure element. The computing device reads, via the short-range radio, a portion of credential information stored in a circuit embedded in an identification document issued by an authority to a user for establishing an identity of the user. The computing device issues, to the authority, a request to store the credential information, the request specifying the portion of the credential information. In response to an approval of the request, the computing device stores the credential information in the secure element, the credential information being usable to establish the identity of the user. In some embodiments, the identification document is a passport that includes a radio-frequency identification (RFID) circuit storing the credential information, and the request specifies a passport number read from the RFID circuit.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: March 3, 2020
    Assignee: Apple Inc.
    Inventors: Herve Sibert, Onur E. Tackin, Matthias Lerch, Ahmer A. Khan, Franck Rakotomalala, Oren M. Elrad
  • Patent number: 10541817
    Abstract: A data generation apparatus includes a processor that executes a process including obtaining target data sequentially from time-series data, the target data including n (n being an integer greater than or equal to 2) data items in a predetermined section of the time-series data, calculating parameter information satisfying a (k?1) order polynomial based on the target data, the (k?1) order polynomial including k random values, k being an integer greater than or equal to 1 and less than n, associating the target data to the parameter information, outputting the target data and the parameter information associated to the target data, attaching a signature to secret information based on a secret distributed protocol. The secret information is calculable by using k pairs of data including the target data and the parameter information associated to the target data, and outputting the secret information attached with the signature.
    Type: Grant
    Filed: March 2, 2017
    Date of Patent: January 21, 2020
    Assignee: Ricoh Company, Ltd.
    Inventors: Hitoshi Namiki, Hiroshi Kobayashi, Ryouji Yamamoto, Eiichiro Yoshida, Masuyoshi Yachida, Yuki Takaya
  • Patent number: 10503920
    Abstract: The embodiments herein relate to discrete data containers and, more particularly, to management of data stored in discrete data containers. Embodiments herein disclose methods and systems to update data present within a data container, when a user accessing the data, present within the data container, has updated the data. Embodiments herein disclose a method and system for enabling modifications of data present in data containers, wherein de-containerized data associated with a data container can be modified by at least one user and the modifications by the user can be reflected in real-time to the data in the data container.
    Type: Grant
    Filed: March 15, 2018
    Date of Patent: December 10, 2019
    Assignee: VAULTIZE TECHNOLOGIES PRIVATE LIMITED
    Inventors: Ankur Panchbudhe, Praneeth Siva, Amol Vaikar, Yusuf Batterywala
  • Patent number: 10449774
    Abstract: A method of authenticating a consumable or detachable element of a continuous inkjet printer comprising: the controller of the printer generating a 1st item of random information that is dispatched to an authentication circuit of the element; encrypting the 1st item of information by the authentication circuit using a 1st encryption algorithm and a 1st secret key to form a 1st item of encrypted random information; dispatching the 1st item of information to the controller; encrypting the 1st item of information by the controller using a 2nd encryption algorithm and a 2nd secret key to form a 2nd item of encrypted random information; comparing the 1st item of encrypted random information with the 2nd encrypted item of random information to authenticate the consumable element; and if the consumable element is authenticated, dispatching at least one part of a 3rd key, termed the shared key, by the element to the printer.
    Type: Grant
    Filed: July 18, 2018
    Date of Patent: October 22, 2019
    Assignee: DOVER EUROPE SÀRL
    Inventor: Damien Bonneton
  • Patent number: 10447481
    Abstract: Various embodiments of a system and method for authenticating a call request header including identity information that is lightweight and deployable in VoIP and PSTN systems are disclosed.
    Type: Grant
    Filed: March 15, 2017
    Date of Patent: October 15, 2019
    Assignee: Arizona Board of Regents on Behalf of Arizona State University
    Inventors: Huahong Tu, Adam Doupe, Gail-Joon Ahn, Ziming Zhao
  • Patent number: 10425401
    Abstract: In a general aspect, a digital certificate can be used with multiple cryptography systems (“cryptosystems”). In some cases, the digital certificate includes a public key field, which contains a first public key of an entity associated with a first cryptosystem. The digital certificate includes a signature value field, which contains a first digital signature of a certificate authority associated with the first cryptosystem. The digital certificate includes an extension. The extension contains a second public key of the entity, a second digital signature of the certificate authority, or both, associated with a second cryptosystem. The extension contains a policy field that includes instructions for processing the fields associated with the second cryptosystem.
    Type: Grant
    Filed: October 31, 2018
    Date of Patent: September 24, 2019
    Assignee: ISARA Corporation
    Inventors: Mark Pecen, Michael Kenneth Brown, Alexander Truskovsky
  • Patent number: 10409786
    Abstract: Systems, methods, and software are disclosed herein for facilitating deployment of a decision service for sharing application data among multiple isolated applications executing on one or more application platforms. In an implementation, a method of deploying applications conforming to a platform schema for facilitating sharing of the application data among isolated applications executing on one or more application platforms is described. The method includes receiving a request to submit a third party application to an application deployment system, identifying a validation manifest associated with a platform schema responsive to receiving the request, and automatically verifying that the third party application to conforms to the platform schema by performing a set of pre-defined validation checks. The request identifies the platform schema and platform capability information associated with the third party application. The validation manifest includes the set of pre-defined validation checks.
    Type: Grant
    Filed: September 19, 2016
    Date of Patent: September 10, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: David Mowatt, Stephen O'Driscoll
  • Patent number: 10341360
    Abstract: A method and apparatus is provided for managing the eligibility of data signing in an online code signing system. The method is used by a plurality of data publishers in an online code signing system. The method includes defining, by an administrator of the system, a hierarchy of a plurality of entities, and managing, by an administrator of the system, eligibility to designate at least one of a plurality of users to access the at least one configuration entity to sign the data via a plurality of accounts and eligibility to designate at least one of a plurality of managers via owner account to manage user access to sign data for at least one model entity.
    Type: Grant
    Filed: March 6, 2017
    Date of Patent: July 2, 2019
    Assignee: ARRIS Enterprises LLC
    Inventors: Ting Yao, Xin Qiu, Jinsong Zheng, Patrick Dizon, Aye Myint, Annie C. Kuramoto, Reshma Shahabuddin, Thomas J. Barbour
  • Patent number: 10327144
    Abstract: A communication apparatus displays connection information for an external device to perform wireless connection with the communication apparatus, determines whether a wireless connection based on the connection information is established, and hides the connection information according to establishment of the wireless connection.
    Type: Grant
    Filed: April 26, 2016
    Date of Patent: June 18, 2019
    Assignee: Canon Kabushiki Kaisha
    Inventor: Naoya Kakutani
  • Patent number: 10277621
    Abstract: The disclosed computer-implemented method for detecting vulnerabilities on servers may include (i) sending requests to servers for information about services potentially executing on the servers, (ii) receiving, in response to requests, messages from the servers that comprise the information about the services, wherein the set of messages use different formats for transmitting the information, (iii) creating, by analyzing the set of the messages, at least one heuristic that is capable of automatically extracting, from a message, an identifier of a service that executes on a server that sent the message, (iv) extracting, from the message, via the heuristic, the identifier of the service executes on the server that sent the message, and (v) determining, based on the identifier of the service, that the service contributes to a vulnerability on the server that sent the message. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: July 12, 2017
    Date of Patent: April 30, 2019
    Assignee: Symantec Corporation
    Inventors: Pierre-Antoine Vervier, Yun Shen
  • Patent number: 10210337
    Abstract: Disclosed herein are a method and a system for discrete data containerization for Information Rights Management. The system identifies based on a user request, data to be containerized. Further, the system receives at least one rule based on the data and attributes, which is to be used for containerizing the data. Further, using the rule, the system containerizes the data, wherein the data is containerized at individual data level.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: February 19, 2019
    Assignee: ANOOSMAR TECHNOLOGIES PRIVATE LIMITED
    Inventors: Ankur Panchbudhe, Praneeth Siva, Amol Vaikar, Yusuf Batterywala
  • Patent number: 10171504
    Abstract: In one embodiment, a method includes receiving at an enforcement node, a request to access a network from an endpoint, transmitting at the enforcement node, the access request to a policy server, receiving at the enforcement node from the policy server, a dynamic authorization comprising a plurality of ranks, each of the ranks comprising a policy for access to the network by the endpoint, assigning the endpoint to one of the ranks and applying the policy associated with the rank to traffic received from the endpoint at the enforcement node during a communication session between the endpoint and the network, assigning the endpoint to a different rank, and applying the policy associated with the rank to traffic received from the endpoint during the communication session. An apparatus and logic are also disclosed herein.
    Type: Grant
    Filed: August 4, 2015
    Date of Patent: January 1, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Pok Sze Wong, Ramesh Nampelly, Aaron Rodriguez
  • Patent number: 10146948
    Abstract: The present invention relates to a system and method for facilitating access to secure network sites, such as sites providing secure financial information. An active software agent is utilized to fetch passwords and user identifiers from a user computing system and to use the passwords and identifiers to extract required information from the secure site. The password sites and identifiers are encrypted and an encryption key is stored at a network mode remote from the user's computer and is fetched in order to enable the passwords and identifiers to be decrypted so that the active agent can use them to obtain the required information.
    Type: Grant
    Filed: May 9, 2016
    Date of Patent: December 4, 2018
    Assignee: EWISE SYSTEMS PTY LTD
    Inventors: Alexander Grinberg, Mike Kontorovich, Mark Chazan, Colin Reyburn
  • Patent number: RE47730
    Abstract: A system and method is disclosed for allowing content providers to protect against widespread copying of their content, while enabling them to give their customers more freedom in the way they use the content. In accordance with one embodiment, content providers identify their content as protected by watermarking the content. Consumers use compliant devices to access protected content. All of a user's compliant devices, or all of a family's devices, can be organized into an authorized domain. This authorized domain is used by content providers to create a logical boundary in which they can allow users increased freedom to use their content.
    Type: Grant
    Filed: May 2, 2016
    Date of Patent: November 12, 2019
    Assignee: Nokia Technologies Oy
    Inventors: Jukka Alve, Peter K. Chiu, Zheng Yan, Juha Hietasarka