Revocation Or Expiration Patents (Class 713/158)
  • Patent number: 11212274
    Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.
    Type: Grant
    Filed: August 29, 2019
    Date of Patent: December 28, 2021
    Assignee: DigiCert, Inc.
    Inventors: Richard F. Andrews, Quentin Liu
  • Patent number: 11184178
    Abstract: A method at a computing device within an Intelligent Transportation System (ITS), the method including: receiving a first message, the first message including at least tailoring information for a first ITS endpoint and intended journey details for the first ITS endpoint; storing all or a subset of data from the first message; obtaining a full certificate revocation list; creating a tailored certificate revocation list based on data in the first message and the full certificate revocation list, the tailored certificate revocation list containing certificates or identifiers of certificates for ITS endpoints that may be encountered by the first ITS endpoint when navigating a route provided in the intended journey details; and providing the tailored certificate revocation list to the first ITS endpoint.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: November 23, 2021
    Assignee: BlackBerry Limited
    Inventors: Nicholas James Russell, Jonathon Brookfield, Stephen John Barrett
  • Patent number: 11182491
    Abstract: A method of limiting data usage for certified purposes by using functional encryption, comprising: receiving from a software publisher an application code and declared privacy information, the declared privacy information specifies at least one declared usage for at least one data type; analyzing the application's usage of data collected by the application, to identify an actual usage of the at least one data type by a function; identifying when the actual usage is compliant with the at least one declared usage according to the analysis; in response to the identification, creating a pair of a public key and a master private key; creating a function private key for the function using the master private key; and sending the function private key to the software publisher to be used for operating the function on data which is encrypted using the public key.
    Type: Grant
    Filed: February 4, 2020
    Date of Patent: November 23, 2021
    Assignee: International Business Machines Corporation
    Inventors: Abigail Goldsteen, Ron Shmelkin, Gilad Ezov, Muhammad Barham
  • Patent number: 11184180
    Abstract: To revoke a digital certificate (160p), activation of the digital certificate is blocked by withholding an activation code from the certificate user (110). The certificates are generated by a plurality of entities (210, 220, 838) in a robust process that preserves user privacy (e.g. anonymity) even in case of collusion of some of the entities. The process is suitable for connected vehicles, e.g. as an improvement for Security Credential Management System (SCMS).
    Type: Grant
    Filed: February 5, 2019
    Date of Patent: November 23, 2021
    Assignees: LG ELECTRONICS, INC., UNIVERSITY OF SAO PAULO
    Inventors: Marcos A. Simplicio, Jr., Eduardo Lopes Cominetti, Harsh Kupwade Patil, Jefferson E. Ricardini, Marcos Vinicius M. Silva
  • Patent number: 11178146
    Abstract: Systems and methods are disclosed for online authentication of online attributes. One method includes receiving an authentication request from a rely party, the authentication request including identity information to be authenticated and credential information to be authenticated; determining whether a user account is associated with the received identity information by accessing an internal database; accessing user data of the user account determined to be associated with received identity information; determining authentication data to obtained from a user associated with the user account based on the user data of the user account and the credential information to be authenticated; transmitting a request for authentication data; receiving authentication data associated with the user; transmitting authentication data associated with the user; and receiving an authentication result from the verification data source server for the user associated with authentication data.
    Type: Grant
    Filed: November 21, 2018
    Date of Patent: November 16, 2021
    Assignee: ID.me, Inc.
    Inventors: Blake Hall, Tanel Suurhans
  • Patent number: 11166135
    Abstract: Implementations of the subject technology provide for receiving a registration request for registering and associating phone numbers for at least one service on a particular device, where the registration request includes information related to a phone authentication certificate (PAC) that was generated for the particular device. The PAC authenticates that each of the phone numbers is associated with the particular device. The subject system performs an authentication of user identifiers associated with the particular device based at least on the PAC. The subject system performs a registration of at least one service for the particular device using the authenticated user identifiers, in which the registration includes at least one respective handle for accessing the at least one service via each respective user identifier. The subject system transmits to the particular device, information related to the at least one respective handle for accessing the service via each respective user identifier.
    Type: Grant
    Filed: May 29, 2020
    Date of Patent: November 2, 2021
    Assignee: Apple Inc.
    Inventors: Nelson M. Leduc, Xudong Liu
  • Patent number: 11158309
    Abstract: Techniques are described for automatically distributing validated user safety alerts from a networked computing device. The networked computing device may be configured to operate as an autonomous agent to perform actions on behalf of a user without receiving direct instructions from the user. For example, the autonomous agent computing device may be configured to make certain purchases, send alerts or reminders, or perform other functions in accordance with preprogrammed rules. According to the disclosed techniques, the autonomous agent computing device is configured to automatically generate and send an alert to one or more computing devices associated with the user upon detecting a safety concern for the user. The autonomous agent also uses a signing key associated with its digital certificate, which verifies the identity of the autonomous agent, to sign the alert such that a third-party server may validate the alert prior to distribution to the destination computing devices.
    Type: Grant
    Filed: August 16, 2019
    Date of Patent: October 26, 2021
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Rita M. Homewood, Christopher M. Ruiz, Scott Christopher Hall, Michael J. Foster, Michelle E. Masters, Lawrence R. Belton, Jr.
  • Patent number: 11153298
    Abstract: Apparatus and methods pertaining to a Certified Approval Service (CAS) are disclosed and enabled. The apparatus may include a Personal Computing Device (PCD) implementing a CAS Device to interact with an end user and a server implementing a CAS provider. The various embodiments operate without the end user and the CAS provider to engage in an authenticated login session between themselves.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: October 19, 2021
    Assignee: Chipiworks Company
    Inventors: Kobi Eshun, Karim Tahawi
  • Patent number: 11153101
    Abstract: An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority. It may also include one or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers to perform operations comprising distributing at least one request to the one or more compute engines.
    Type: Grant
    Filed: March 2, 2020
    Date of Patent: October 19, 2021
    Assignee: INTEGRITY SECURITY SERVICES LLC
    Inventors: Alan T. Meyer, Gregory A. Powell
  • Patent number: 11139990
    Abstract: Systems, apparatuses and methods may provide for infrastructure node technology that conducts a mutual authentication with a vehicle and verifies, if the mutual authentication is successful, location information received from the vehicle. The infrastructure node technology may also send a token to the vehicle if the location information is verified, wherein the token includes an attestation that the vehicle was present in a location associated with the location information at a specified moment in time. Additionally, vehicle technology may conduct a mutual authentication with an infrastructure node and send, if the mutual authentication is successful, location information to the infrastructure node. The vehicle technology may also receive a token from the infrastructure node.
    Type: Grant
    Filed: December 29, 2018
    Date of Patent: October 5, 2021
    Assignee: Intel Corporation
    Inventors: Moreno Ambrosin, Kathiravetpillai Sivanesan, Rafael Misoczki, Sridhar Sharma, Ignacio Alvarez
  • Patent number: 11115558
    Abstract: Systems and methods for maintaining chain of custody for assets offloaded from a portable electronic device. One exemplary system includes an electronic processor configured to receive, from the portable electronic device, an asset manifest including an asset identifier, a fixed-length unique identifier associated with the asset identifier, and a manifest digital signature. The electronic processor is further configured to transmit to the portable electronic device a storage message based on the asset manifest; receive, from the portable electronic device, an upload completion message; retrieve, from a data warehouse an asset file; and determine, for the asset file, an asset file fixed-length unique identifier.
    Type: Grant
    Filed: May 20, 2016
    Date of Patent: September 7, 2021
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: David B. Flowerday, Remigiusz Orlowski, Steven D. Tine, Lechoslaw Radwanski
  • Patent number: 11082235
    Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action.
    Type: Grant
    Filed: February 14, 2019
    Date of Patent: August 3, 2021
    Assignee: Anchor Labs, Inc.
    Inventors: Diogo Monica, Nathan P. McCauley, Riyaz D. Faizullabhoy, Boaz Avital
  • Patent number: 11068890
    Abstract: This invention relates to systems and methods for authenticating transactions using a mobile device based primarily on the introduction of a layer of middleware and wherein the Payment Networks, Merchants, Issuing Banks, Credit Reporting Bureaus, Insurance Companies, Healthcare Providers may customize the implementation of the services based on individual strategy and consumer preferences.
    Type: Grant
    Filed: November 30, 2017
    Date of Patent: July 20, 2021
    Assignee: COLLECTIVE DYNAMICS LLC
    Inventor: Steven V. Bacastow
  • Patent number: 11055943
    Abstract: Methods and systems for managing facility access credentials for two or more facilities are disclosed. The method may include electronically receiving a user request to gain access to a designated facility of the two or more facilities and electronically receiving user information related to a user that is making the user request. A facility access credential from a group of facility access credentials that are assigned by a third-party credential issuer may be obtained and linked to the user information and the designated facility. The obtained facility access credential for use in gaining access to the designated facility may be activated resulting in an activated facility access credential and a notification transmitted to the user notifying the user of the activated facility access credential.
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: July 6, 2021
    Assignee: HONEYWELL INTERNATIONAL INC.
    Inventors: Roshan Valder, Murugan Gopalan, Jayalaxmi Telang, Aditya Arun, Sathish Kumar Vedachalam, Sanjay Roy
  • Patent number: 11044101
    Abstract: Systems and methods for securely exchanging cryptographically signed records are disclosed. In one aspect, after receiving a content request, a sender device can send a record to a receiver device (e.g., an agent device) making the request. The record can be sent via a short range link in a decentralized (e.g., peer-to-peer) manner while the devices may not be in communication with a centralized processing platform. The record can comprise a sender signature created using the sender device's private key. The receiver device can verify the authenticity of the sender signature using the sender device's public key. After adding a cryptography-based receiver signature, the receiver device can redeem the record with the platform. Upon successful verification of the record, the platform can perform as instructed by a content of the record (e.g., modifying or updating a user account).
    Type: Grant
    Filed: October 9, 2019
    Date of Patent: June 22, 2021
    Assignee: Magic Leap, Inc.
    Inventor: Adrian Kaehler
  • Patent number: 11025425
    Abstract: Provided are methods and systems for invalidating user security tokens. An example method may include providing, by one or more nodes in a cluster, a list of revoked security tokens. The method may include receiving, by the one or more nodes, an indication of invalidating a user security token associated with a user device. The indication may include a request from the user to invalidate the user security token. The method may further include, in response to the receiving, adding, by the one or more nodes, the user security token to the list of revoked security tokens. The user security token can be added to the list of revoked security tokens prior to the expiration time of the user security token. The method may further include replicating, by the one or more nodes, the list of revoked security tokens between further nodes of the cluster.
    Type: Grant
    Filed: June 25, 2018
    Date of Patent: June 1, 2021
    Assignee: Elasticsearch B.V.
    Inventor: Jayesh Modi
  • Patent number: 11005828
    Abstract: Techniques are disclosed for securing data stored on a minimally trusted third-party data store. The techniques include directing all messages for storing data and retrieving stored data through a security server. The security server can be configured to receive encrypted data for storage at a remote data store, decrypt the encrypted data, generate index information for the decrypted data, encrypt the index information, encrypt the decrypted data to produce re-encrypted data, digitally sign the re-encrypted data, and cause transmission of the re-encrypted data and the encrypted index information to the remote data store. To access stored data, the security server can be configured to receive a query for stored data, encrypt the query, cause transmission of the encrypted query to the remote data store, receive a copy of the stored data, process the copy of the stored data, and cause transmission of the stored data to the requesting computer.
    Type: Grant
    Filed: November 19, 2018
    Date of Patent: May 11, 2021
    Assignee: BAE Systems Information and Electronic Systems Integration Inc.
    Inventors: Benjamin Kapp, Jibu Abraham, Kevan O. Vanhoff
  • Patent number: 10985926
    Abstract: Embodiments provided herein identify a certificate issuer (CI) to be relied on as a trusted third party by an electronic subscriber identity module (eSIM) server in remote SIM provisioning (RSP) transactions with an embedded universal integrated circuit card (eUICC). In an RSP ecosystem, multiple CIs may exist. Parties rely on public key infrastructure (PKI) techniques for establishment of trust. Trust may be established based on a trusted third party such as a CI. Parties need to agree on the CI in order for some PKI techniques to be useful. Embodiments provided herein describe approaches for an eUICC and an eSIM server to arrive at an agreed-on CI. Candidate or negotiated CIs may be indicated on a public key identifier (PKID) list. A PKID list is distributed, in some embodiments, by means of a discovery server, via an activation code (AC) and/or during the establishment of a profile provisioning session.
    Type: Grant
    Filed: August 30, 2018
    Date of Patent: April 20, 2021
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Avinash Narasimhan, Li Li, David I. Ahn, Jean-Marc Padova, Clark P. Mueller, David T. Haggerty
  • Patent number: 10979897
    Abstract: A computerized method of evaluating authenticity of automotive devices, comprising a local authorization entity (AE) adapted to manage identity authentication for a group of automotive devices located in an associated geographical area. The local AE provides, to a first automotive device of the group, an AE identity certificate comprising an encryption key of the local AE and signed with a higher level AE's encryption key. The first automotive device uses the higher level AE's encryption key to decrypt the AE identity certificate and retrieve the local AE's encryption key. The first automotive device uses the local AE's encryption key to verify an identity certificate created by the local AE for a second automotive device of the group. The first automotive device establishes a session with the second automotive device according to an identity posture score extracted from the identity certificate of the second automotive device.
    Type: Grant
    Filed: January 21, 2019
    Date of Patent: April 13, 2021
    Assignee: Saferide Technologies Ltd.
    Inventors: Yehiel Stein, Yossi Vardi
  • Patent number: 10963843
    Abstract: A patrol tracking system is disclosed, comprising an NFC carrier, a handheld device and a cloud server equipment, wherein the NFC carrier can be placed at a patrol location such that an administrator can scan the NFC carrier by means of the control unit of the handheld device, accordingly establish an NFC device setup file, and then upload it to the cloud server equipment; afterwards, when a patroller arrives at the patrol location, it is possible to use the handheld device to scan the NFC carrier, and, upon completing the scanning operation, create a patrol record file including relevant GPS coordinates, and then upload it to the cloud server equipment such that the back-end administrator can exactly manage and control the actual patrol location of the patroller thereby achieving the purpose of precise and credible patrol inspections.
    Type: Grant
    Filed: January 17, 2019
    Date of Patent: March 30, 2021
    Inventor: Chao-Cheng Yu
  • Patent number: 10951424
    Abstract: A first communication request including a digital certificate of a first node sent from the first node in a blockchain is received at a second node in the blockchain, where the digital certificate of the first node is stored in the blockchain. Certificate validity information stored in the blockchain and associated with the nodes in the blockchain is accessed by the second node based on the first communication request, where the certificate validity information reflects the validity status information of digital certificates of the nodes in the blockchain. A verification of whether the digital certificate of the first node is valid is performed by the second node based on the first communication request and the accessed certificate validity information. A communication connection to the first node is established by the second node in response to verifying that the digital certificate of the first node is valid.
    Type: Grant
    Filed: December 19, 2019
    Date of Patent: March 16, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Honglin Qiu
  • Patent number: 10938578
    Abstract: A system and method for ensuring digital integrity of a blockchain is presented. The blockchain is initiated with one or more digital certificates presented in one of an initial set of blocks of the blockchain. One or more of the digital certificates may subsequently be used to sign a hash of a sequence of blocks in the blockchain at regular or semi-regular intervals. If a sequence of consecutive blocks is longer than a predetermined number and does not contain a signature from one or more of the digital certificates of a hash or one or more of the blocks in the sequence, the sequence may be considered not to comprise a part of the blockchain. In other embodiments side blocks may be signed and added to the blockchain.
    Type: Grant
    Filed: October 18, 2018
    Date of Patent: March 2, 2021
    Inventor: Keir Finlow-Bates
  • Patent number: 10911249
    Abstract: A first communication request including a digital certificate of a first node sent from the first node in a blockchain is received at a second node in the blockchain, where the digital certificate of the first node is stored in the blockchain. Certificate validity information stored in the blockchain and associated with the nodes in the blockchain is accessed by the second node based on the first communication request, where the certificate validity information reflects the validity status information of digital certificates of the nodes in the blockchain. A verification of whether the digital certificate of the first node is valid is performed by the second node based on the first communication request and the accessed certificate validity information. A communication connection to the first node is established by the second node in response to verifying that the digital certificate of the first node is valid.
    Type: Grant
    Filed: December 19, 2019
    Date of Patent: February 2, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Honglin Qiu
  • Patent number: 10909222
    Abstract: A technique for verifying an origin of a digital object in a digital object architecture is described. The technique includes the steps of receiving, from a handle registry, handle information for a digital object that includes an attestation that references the handle identification value for the handle and origin identification information; verifying the authenticity of the attestation; after verifying the authenticity of the attestation, using the origin information in determining authorizations applicable to the digital object.
    Type: Grant
    Filed: July 20, 2018
    Date of Patent: February 2, 2021
    Assignee: VERISIGN, INC.
    Inventors: Andrew Fregly, Najmehalsadat Miramirkhani, Swapneel Sheth
  • Patent number: 10887294
    Abstract: A set of cryptographic keys are synchronized across a set of HSMs that are configured in an HSM cluster. The set of cryptographic keys is maintained in a synchronized state by HSM cluster clients running on client computer systems with corresponding client applications. If the HSM cluster becomes unsynchronized, an HSM cluster client attempts to lock the HSM cluster and reestablish synchronization of the cryptographic keys across the HSM cluster. HSMs within the HSM cluster are able to establish an encrypted communication channel to other HSMs without revealing the contents of their communications to their respective host computer systems. Individual HSMs in the HSM cluster may include features that assist the HSM cluster client in determining whether each HSM is up-to-date, identifying particular keys that are not up-to-date, and copying keys from one HSM to another HSM within the HSM cluster.
    Type: Grant
    Filed: May 31, 2019
    Date of Patent: January 5, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Benjamin Philip Grubin, Benjamin Samuel
  • Patent number: 10878342
    Abstract: A method for training an analytics engine hosted by an edge server device is provided. The method includes determining a classification for data in an analytics engine hosted by an edge server and computing a confidence level for the classification. The confidence level is compared to a threshold. The data is sent to a cloud server if the confidence level is less than the threshold. A reclassification is received from the cloud server and the analytics engine is trained based, at least in part, on the data and the reclassification.
    Type: Grant
    Filed: March 30, 2017
    Date of Patent: December 29, 2020
    Assignee: Intel Corporation
    Inventor: Yen Hsiang Chew
  • Patent number: 10880302
    Abstract: A biometric certification request authentication (BCRA) computing device is provided for authenticating a requestor undergoing a certificate signing request process. The BCRA computing device is communicatively coupled to a memory device.
    Type: Grant
    Filed: September 26, 2019
    Date of Patent: December 29, 2020
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventor: Manoneet Kohli
  • Patent number: 10868678
    Abstract: A first communication request including a digital certificate of a first node sent from the first node in a blockchain is received at a second node in the blockchain, where the digital certificate of the first node is stored in the blockchain. Certificate validity information stored in the blockchain and associated with the nodes in the blockchain is accessed by the second node based on the first communication request, where the certificate validity information reflects the validity status information of digital certificates of the nodes in the blockchain. A verification of whether the digital certificate of the first node is valid is performed by the second node based on the first communication request and the accessed certificate validity information. A communication connection to the first node is established by the second node in response to verifying that the digital certificate of the first node is valid.
    Type: Grant
    Filed: December 19, 2019
    Date of Patent: December 15, 2020
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Honglin Qiu
  • Patent number: 10860714
    Abstract: Technologies for cache side channel attack detection and mitigation include an analytics server and one or more monitored computing devices. The analytics server polls each computing device for analytics counter data. The computing device generates the analytics counter data using a resource manager of a processor of the computing device. The analytics counter data may include last-level cache data or memory bandwidth data. The analytics server identifies suspicious core activity based on the analytics counter data and, if identified, deploys a detection process to the computing device. The computing device executes the detection process to identify suspicious application activity. If identified, the computing device may perform one or more corrective actions. Corrective actions include limiting resource usage by a suspicious process using the resource manager of the processor. The resource manager may limit cache occupancy or memory bandwidth used by the suspicious process.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: December 8, 2020
    Assignee: Intel Corporation
    Inventors: John J. Browne, Marcel Cornu, Timothy Verrall, Tomasz Kantecki, Niall Power, Weigang Li, Eoin Walsh, Maryam Tahhan
  • Patent number: 10862691
    Abstract: A first communication request including a digital certificate of a first node sent from the first node in a blockchain is received at a second node in the blockchain, where the digital certificate of the first node is stored in the blockchain. Certificate validity information stored in the blockchain and associated with the nodes in the blockchain is accessed by the second node based on the first communication request, where the certificate validity information reflects the validity status information of digital certificates of the nodes in the blockchain. A verification of whether the digital certificate of the first node is valid is performed by the second node based on the first communication request and the accessed certificate validity information. A communication connection to the first node is established by the second node in response to verifying that the digital certificate of the first node is valid.
    Type: Grant
    Filed: July 19, 2018
    Date of Patent: December 8, 2020
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Honglin Qiu
  • Patent number: 10848301
    Abstract: One embodiment of the present application sets forth a computer-implemented method for establishing trust for handles used to identify digital objects in a digital object architecture (DOA) by associating a first attester identifier with a first attester from a trusted public key infrastructure (PKI), identifying a first digital object public key for a first digital object, generating, by the first attester, a first digital object identity attestation that associates the first digital object public key with a handle identifier for the first digital object, wherein the handle identifier is external to the trusted PKI, and generating a first attester identity attestation attesting that the first attester is authentic, where the first attester identity attestation includes the first attester identifier.
    Type: Grant
    Filed: July 20, 2018
    Date of Patent: November 24, 2020
    Assignee: VERISIGN, INC.
    Inventors: Andrew Fregly, Najmehalsadat Miramirkhani, Swapneel Sheth
  • Patent number: 10797890
    Abstract: Systems, methods, and software can be used to provide inter-enterprise data communications between enterprise applications on an electronic device. In some aspects, a method comprises: receiving, by a bridge application executing on an electronic device, an interoperation request for a first enterprise, wherein the interoperation request includes a first token and a second token; sending, from the bridge application to an application of the first enterprise, the first token, wherein the application of the first enterprise executes on the electronic device; receiving, by the bridge application from the application of the first enterprise, a certificate in response to the first token, wherein the certificate is encrypted by the second token; decrypting, by the bridge application, the certificate by using the second token; and validating, by the bridge application, the application of the first enterprise based on the decrypted certificate.
    Type: Grant
    Filed: February 26, 2018
    Date of Patent: October 6, 2020
    Assignee: BlackBerry Limited
    Inventors: Johnathan George White, Siavash James Joorabchian Hawkins, Fraser George Stewart
  • Patent number: 10785287
    Abstract: Techniques for securely binding a software application to a communication device may include sending a set of device identifiers associated with the computing device to a server, receiving a server-generated dynamic device identifier that is generated based on the set of device identifiers; and storing the server-generated dynamic device identifier during initialization of the application. During runtime execution of the application, the application may receive a request to execute an application specific task.
    Type: Grant
    Filed: November 15, 2018
    Date of Patent: September 22, 2020
    Assignee: Visa International Service Association
    Inventors: Gyan Prakash, Selim Aissi, Rasta Mansour, Ajit Gaddam
  • Patent number: 10761782
    Abstract: A printing apparatus stores a user credential and updates a certificate by using the stored user credential information to reduce the time and effort required by a user to update the certificate.
    Type: Grant
    Filed: May 20, 2019
    Date of Patent: September 1, 2020
    Assignee: Canon Kabushiki Kaisha
    Inventor: Go Inoue
  • Patent number: 10757138
    Abstract: Certain embodiments described herein are generally directed to a first host machine exchanging a Security Parameter Index (SPI) value with a second host machine by storing the SPI in an options field of an encapsulation header of an encapsulated packet.
    Type: Grant
    Filed: July 13, 2017
    Date of Patent: August 25, 2020
    Assignee: Nicira, Inc.
    Inventors: Calvin Qian, Ganesan Chandrashekhar, Sanal Pillai, Kishore Kankipati, Sujatha Sundararaman
  • Patent number: 10747717
    Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.
    Type: Grant
    Filed: February 20, 2019
    Date of Patent: August 18, 2020
    Assignee: Twilio Inc.
    Inventors: Adam Ballai, Timothy S. Milliron
  • Patent number: 10708047
    Abstract: A computer-readable recording medium storing an update program is disclosed. An issuing request of a second public key certificate is sent to a server under a secure connection to the server using a first public key certificate. The second public key certificate is received from the server. A connection confirmation using the second public key certificate is conducted, when a validity date of the first public key certificate lapses.
    Type: Grant
    Filed: December 13, 2016
    Date of Patent: July 7, 2020
    Assignee: FUJITSU LIMITED
    Inventor: Hidefumi Maruyama
  • Patent number: 10708254
    Abstract: An information processing apparatus is provided. Assume that a user has signed into a first cloud service of operation source. In a case where the user signs in to a second cloud service of operation destination, and in a case where an account registered in the second cloud service is permitted to be cooperated with another account, the information processing apparatus allows the user to sign in to the second cloud service.
    Type: Grant
    Filed: October 16, 2017
    Date of Patent: July 7, 2020
    Assignee: FUJI XEROX CO., LTD.
    Inventors: Zhenrui Zhang, Eisuke Kanno
  • Patent number: 10701062
    Abstract: A method for improving information security for vehicle-to-X communication, wherein the vehicle-to-X communication is protectable by at least one certificate, wherein the certificate for protecting the vehicle-to-X communication has a validity period of defined length and is provided for storage in a memory of a vehicle, wherein the method is additionally distinguished in that the vehicle uses a communication link for wireless data interchange between the vehicle and a backend system, before expiry of the validity period of the certificate and a change to a validity period of defined length for an updated certificate, to ask the backend system to provide an up-to-date piece of time information for the vehicle. In addition, the invention relates to a corresponding communication apparatus for vehicle-to-X communication.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: June 30, 2020
    Assignee: Continental Teves AG & Co. oHG
    Inventors: Bernhard Jungk, Henrik Antoni
  • Patent number: 10694549
    Abstract: The present disclosure is directed to a wireless communication device for wireless communication in a wireless communication system which comprises a base station and a plurality of wireless communication devices arranged in clusters, wherein a unique cluster signature is assigned to each cluster and its wireless communication devices, wherein the wireless communication device is allocated to one of said clusters, and comprises receiving means adapted to receive a unique cluster signature assigned to said one cluster from the base station, storing means adapted to store said received unique cluster signature, and transmission means adapted to transmit said unique cluster signature when the wireless communication device switches into an active state, wherein wireless communication device is adapted to access resources on the basis of resource allocation information received in response to the transmission of said unique cluster signature.
    Type: Grant
    Filed: September 17, 2018
    Date of Patent: June 23, 2020
    Assignees: HUAWEI TECHNOLOGIES CO., LTD., FRAUNHOFER-GESELLSCHAFT ZUR FÖRDERUNG DER ANGEWANDTEN FORSCHUNG E.V.
    Inventors: Chan Zhou, Yunyan Chang, Peter Jung, Slawomir Stanczak
  • Patent number: 10680834
    Abstract: A supplier network device is provided and includes a supplier processor and memory that stores a credential package including information for a chip or a vehicle control module (VCM). The supplier processor: receives ID and signature public keys from the chip, where the ID and signature public keys correspond respectively to private keys stored in the chip; transmit the ID and signature public keys to a certificate authority processor of a vehicle manufacturer data center; and receive the credential package including signing certificates from the certificate authority processor prior to assembling the VCM. The supplier processor: reads the ID public key from the VCM subsequent to incorporating the chip in the VCM; identifies the credential package based on the ID public key; and based on the identifying of the credential package, programs the VCM with the signing certificates prior to installation of the vehicle control module in a vehicle.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: June 9, 2020
    Assignee: GM GLOBAL TECHNOLOGY OPERATIONS LLC
    Inventors: David W. Racklyeft, Jessica S. Moreno, Jian Shen, Leonard J. Leshinsky, Jr., Yoni Kahana, Monica E. Mitchell, Hariharan Krishnan, Mohammad Naserian
  • Patent number: 10667100
    Abstract: Provided are a communication system for an in-vehicle communication apparatus mounted in a vehicle, and the in-vehicle communication apparatus included in said communication system. The in-vehicle communication apparatus communicates with a certificate information issuing system which creates electronic certificate information, and acquires certificate information from a sub-server apparatus. The in-vehicle communication apparatus makes a request to the sub-server apparatus to create the certificate information, and the sub-server apparatus creates the certificate information in response to the request. The in-vehicle communication apparatus then makes an inquiry to the sub-server apparatus regarding the creation status of the certificate information.
    Type: Grant
    Filed: June 26, 2017
    Date of Patent: May 26, 2020
    Assignees: AutoNetworks Technologies, Ltd., Sumitomo Wiring Systems, Ltd., Sumitomo Electric Industries, Ltd.
    Inventor: Yasuhiro Yabuuchi
  • Patent number: 10667147
    Abstract: A sensing recognition method and device based on wireless communication signals are disclosed. The method comprises the steps of obtaining channel state information from a received wireless communication signal; extracting a channel state feature value from the channel state information; and outputting a sensing result mapped with the channel state feature value according to the channel state feature value. The disclosed method and device can improve the accuracy of sensing recognition and achieve better recognition effect.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: May 26, 2020
    Assignee: Beijing University of Posts & Telecommunications
    Inventors: Xiangming Wen, Lingchao Guo, Zhaoming Lu, Tao Lei, Gang Cao, Zhihong He
  • Patent number: 10659440
    Abstract: Certain embodiments described herein are generally directed to methods and apparatus for providing a security parameter index (SPI) value for use in establishing a security association between a source tunnel endpoint and a destination tunnel endpoint. In some embodiments, utilization of the SPI bit space is optimized to allow the scaling of key policies within a network. In some embodiment, using an SPI derivation formula, a server in the network is able to generate SPI values whose bit spaces are optimized to allow key policies to scale out.
    Type: Grant
    Filed: November 30, 2017
    Date of Patent: May 19, 2020
    Assignee: Nicira, Inc.
    Inventors: Dexiang Wang, Zhen Mo, Fang Peng, Bo Hu, Helen Liu
  • Patent number: 10637668
    Abstract: An identity authentication method includes sending, by a third-party application client, an operation request to a third-party application server, in response to receiving a first operation indication for requesting to perform a target operation, the operation request requesting the third-party application server to perform the target operation, and receiving, by the third-party application client, to-be-signed information from an authentication server via the third-party application server, in response to the operation request being sent, the to-be-signed information comprising a challenge random number.
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: April 28, 2020
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Wenqing Liu, Zixi Shen, Qiang Wang
  • Patent number: 10609082
    Abstract: Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.
    Type: Grant
    Filed: November 10, 2017
    Date of Patent: March 31, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Raja Charu Vikram Kakumani, Brandon Murdoch, Ronald Bjones, Muhammad O. Iqbal, Kim Cameron
  • Patent number: 10581620
    Abstract: Scalable certificate management system architectures. An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority.
    Type: Grant
    Filed: July 7, 2018
    Date of Patent: March 3, 2020
    Assignee: INTEGRITY SECURITY SERVICES LLC
    Inventors: Alan T. Meyer, Gregory A. Powell
  • Patent number: 10581860
    Abstract: A system for managing and distributing a blacklist of User Equipment IDs (UE IDs) in a network. The system comprises a number of groups of networks, each of the groups of networks comprise a blacklist server and a number of authentication servers. The system further comprises a Package Key Generator (PKG). The blacklist server is configured to: store a blacklist containing UE IDs that are not allowed to gain access to the network; transmit the blacklist to the plurality of authentication servers in the same group; receive a message; determine a content in the message is an order to add a new revoked UE ID to the blacklist; update the blacklist to include the new revoked UE ID; and send an update blacklist message to the plurality of authentication servers in the same group.
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: March 3, 2020
    Assignee: Huawei International Pte. Ltd.
    Inventors: Lichun Li, Haiguang Wang, Xin Kang
  • Patent number: 10566714
    Abstract: Embodiments described herein provide an apparatus for facilitating a double-density small form-factor pluggable (SFP-DD) module. The apparatus includes a set of control connector pins for exchanging control signals. The apparatus also includes a first set of communication connector pins for establishing a first communication channel and a second set of communication connector pins for establishing a second communication channel. The set of control connector pins and the first set of communication connector pins correspond to connector pins of an SFP module, and the second set of communication connector pins extends the SFP module. The size of the SFP-DD module corresponds to the size of the SFP module.
    Type: Grant
    Filed: March 20, 2018
    Date of Patent: February 18, 2020
    Assignee: Alibaba Group Holding Limited
    Inventors: Rui Lu, Chongjin Xie, Jie Cao
  • Patent number: 10560457
    Abstract: A master database server may store policy tables which are replicated to SQL databases on a periodic schedule. A master server may receive a privileged command request from a user. The master server may query the SQL database to determine whether the user is authorized to execute the command request. The master server may determine whether the user is a member of a privileged request command (“PRC”) group, whether the PRC group has access to the master server, and whether the PRC group has permission to execute the command request.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: February 11, 2020
    Assignee: American Express Travel Related Services Company, Inc.
    Inventors: Duc D. Anderson, Chad A. Erbe, Alex Jeffery Lundberg