Revocation Or Expiration Patents (Class 713/158)
  • Patent number: 10326754
    Abstract: An electronic component includes a processor and a memory. The electronic component has a secure platform capable of storing at least one dual key pair and a corresponding digital signature. There is also a system including a host machine and an electronic component capable of being operated by the host machine. The electronic component has a processor, a memory, and a secure platform capable of storing at least one dual key pair and a corresponding digital signature. Another aspect describes a method, which includes reading a public key from an electronic component by a host machine, verifying the public key against a stored key in the host machine, digitally signing data using a private key from the electronic component, verifying the signed data against the stored key, and using the electronic component by the host machine only if the signed data and the public key are verified.
    Type: Grant
    Filed: October 3, 2017
    Date of Patent: June 18, 2019
    Assignee: STMICROELECTRONICS, INC.
    Inventors: Sean Newton, John Tran, David Tamagno
  • Patent number: 10324901
    Abstract: In accordance with embodiments, there are provided mechanisms and methods for sharing tenant information utilizing a multi-tenant on-demand database service. These mechanisms and methods for sharing tenant information utilizing a multi-tenant on-demand database service can allow automatic sharing of information owned by a first tenant with other tenants of the multi-tenant on-demand database service. In this way, collaboration among tenants of the multi-tenant on-demand database service may be enabled via the sharing of the tenant information.
    Type: Grant
    Filed: February 29, 2016
    Date of Patent: June 18, 2019
    Assignee: salesforce.com, inc.
    Inventors: Aditya S. Kuruganti, Kedar Doshi, Chaitanya Bhatt, Sanjaya Lai
  • Patent number: 10296752
    Abstract: A computing device can include an embedded universal integrated circuit card (eUICC) in order to receive and decrypt an encrypted profile, where the encrypted profile includes network access credentials. The eUICC can record a first private key and a set of cryptographic parameters. The computing device can use the eUICC to authenticate with a server. The computing device can receive (i) a signal for deriving a second private key and corresponding public key, and (ii) a nonce as user input. The eUICC can use the first private key to process a digital signature for the corresponding public key and the nonce. The eUICC can use at least the second private key, the set of cryptographic parameters, and an elliptic curve Diffie Hellman key exchange in order to derive a symmetric ciphering key. The eUICC can receive the encrypted profile and decrypt with at least the derived symmetric ciphering key.
    Type: Grant
    Filed: November 19, 2018
    Date of Patent: May 21, 2019
    Assignee: IoT and M2M Technologies, LLC
    Inventor: John A. Nix
  • Patent number: 10293787
    Abstract: Systems and methods for managing keys that operate a given vehicle include a processor. Responsive to identifying a received first key for operating the vehicle as having an administrative status, the processor is configured to enable creation of a second key for operating the vehicle having the administrative status, and enable creation of a third key for operating the vehicle having a secondary status and a passcode. Responsive to receiving and identifying the third key as having the secondary status, the processor is configured to enable alteration of the passcode.
    Type: Grant
    Filed: August 10, 2017
    Date of Patent: May 21, 2019
    Assignee: Ford Global Technologies, LLC
    Inventors: Ronald Patrick Brombach, Daniel M. King, Maria Eugenia Protopapas, Maeen Mawari
  • Patent number: 10284376
    Abstract: A code signing system operating a web portal for user clients and a web service for automated machine clients. The web service can receive an operation request from a code signing module running on a remote machine client, the operation request including a request for a cryptographic operation and user credentials retrieved from a hardware cryptographic token connected to the machine client. The code signing system can perform the requested cryptographic operation and return a result to the machine client if the code signing system authenticates the machine client and the requested cryptographic operation is within a permissions set associated with the machine client.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: May 7, 2019
    Assignee: ARRIS Enterprises LLC
    Inventors: Reshma T. Shahabuddin, Ting Yao, Tat Keung Chan, Alexander Medvinsky, Xin Qiu
  • Patent number: 10284374
    Abstract: An improved code signing method is provided. The code signing method includes receiving a build notification at a package builder utility and retrieving one or more remotely stored code images and build logs identified in the build notification, invoking a code signing module with the package builder utility to request a digital signature from a remote code signing system, combining the requested digital signature with a code image or a manifest file comprising hashes of multiple code images, and storing the signed code image or signed manifest file at a code repository.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: May 7, 2019
    Assignee: ARRIS Enterprises LLC
    Inventors: Alexander Medvinsky, Tat Keung Chan, Alexey Shevchenko
  • Patent number: 10237249
    Abstract: A signature authority generates revocable one-time-use keys that are able to generate digital signatures. The signature authority generates a set of one-time-use keys, where each one-time-use key has a secret key and a public key derived from a hash of the secret key. The signature authority generates one or more revocation values that, when published, proves that the signature authority has the authority to revoke corresponding cryptographic keys. The signature authority hashes the public keys and the revocation values and arranges the hashes in a hash tree where the root of the hash tree acts as a public key of the signature authority. In some implementations, the one-time-use cryptographic keys are generated from a tree of seed values, and a particular revocation value is linked to a particular seed value, allowing for the revocation of a block of one-time-use cryptographic keys associated with the particular seed.
    Type: Grant
    Filed: December 23, 2016
    Date of Patent: March 19, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Matthew John Campagna, Gregory Alan Rubin, Nicholas Alexander Allen, Andrew Kyle Driggs, Eric Jason Brandwine
  • Patent number: 10229126
    Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.
    Type: Grant
    Filed: November 29, 2017
    Date of Patent: March 12, 2019
    Assignee: Twilio, Inc.
    Inventors: Adam Ballai, Timothy S. Milliron
  • Patent number: 10225261
    Abstract: A mechanism is provided for authentication and authorization of an access to a resource by a device may be provided. The device may be a system-on-a-chip resource weak device. The mechanism forms a federation of a group of the devices in a neighborhood. The devices are wireless communication enabled. The mechanism builds a representational vector for each device of the federation of devices during an initial authentication procedure for the device. The representational vector comprises characteristic parameters of the device and neighboring devices. The mechanism uses an access token based authorization process for accessing the resource. The access token is generated during the initial authentication procedure, in which the representational vector of the device is used to confirm that a device that is new to the federation is in the neighborhood of already federated devices.
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: March 5, 2019
    Assignee: International Business Machines Corporation
    Inventors: Gianluca Gargaro, Patrizio Trinchini
  • Patent number: 10218513
    Abstract: Embodiments of the present invention provide a method and a terminal for message verification, which can enhance timeliness of event message verification. The method includes: receiving an event message sent by a cell broadcast entity; obtaining a public key of a CA according to pre-configured information for determining the public key of the CA and information for determining the public key of the CA and obtained from a network side, or according to information of the CA obtained from the network side; then, obtaining a public key of the cell broadcast entity according to the obtained public key of the CA and an implicit certificate of the cell broadcast entity; verifying a signature of the cell broadcast entity over the event message according to the public key of the cell broadcast entity; and finally, determining legitimacy of the event message according to the verification result.
    Type: Grant
    Filed: May 8, 2015
    Date of Patent: February 26, 2019
    Assignee: HUAWEI TECHNOLOGIE CO., LTD.
    Inventors: Xiaoyu Bi, Jing Chen, Yixian Xu, Chunshan Xiong
  • Patent number: 10187797
    Abstract: A system and method for authenticating mobile communications devices. The method comprises: generating a code corresponding to a user configured to be rendered on a rendering device to produce a rendered code, the rendered code being readable by a mobile communications device having a code reading device, the rendered code comprising a secret token; storing the secret token along with information identifying the user on a first storage device; providing the code to the user; receiving, at the authentication server, a setup message from the mobile device, the message includes a device identifier and the secret token; comparing the received secret token and the secret token stored on the first storage device; if the received secret token matches the secret token stored on the first storage device, storing, on a second storage device, information identifying the user and a trusted device value corresponding to the device identifier.
    Type: Grant
    Filed: March 17, 2017
    Date of Patent: January 22, 2019
    Assignee: D2L Corporation
    Inventor: Jeremy Auger
  • Patent number: 10178164
    Abstract: Techniques for securely binding a software application to a communication device may include sending a set of device identifiers associated with the computing device to a server, receiving a server-generated dynamic device identifier that is generated based on the set of device identifiers; and storing the server-generated dynamic device identifier during initialization of the application. During runtime execution of the application, the application may receive a request to execute an application specific task.
    Type: Grant
    Filed: August 31, 2015
    Date of Patent: January 8, 2019
    Assignee: Visa International Service Association
    Inventors: Gyan Prakash, Selim Aissi, Rasta Mansour, Ajit Gaddam
  • Patent number: 10110686
    Abstract: Systems and method of providing beacon-based notifications are provided. More particularly, an identifying signal can be received from a beacon device. A geographic location of a user device can be determined based at least in part on the identifying signal. At least a portion of time-based contextual beacon data can then be obtained based at least in part on spatial-temporal data associated with a user. One or more notifications associated with the contextual beacon data can then be determined. The one or more notifications can indicative of information corresponding to the beacon device, and can be provided for display on a user device.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: October 23, 2018
    Assignee: Google LLC
    Inventors: Kenneth William Shirriff, Prasad Haridass, Damian Gajda, Matthew Joelson Secor
  • Patent number: 10097354
    Abstract: A method, system and computer program product for privacy control. A unique identifier for each data element of a group of data elements (e.g., driver's license contains a group of data elements, such as name, driver's license number) is created. These identifiers may be stored along with documentation (e.g., label) of the associated data elements in a manifest file. Alternatively, the identifiers may be stored in a file outside of the manifest file. In this manner, by utilizing a data element identifier which corresponds to a random number, security of privacy information is improved as one would only be able to obtain such sensitive information by obtaining such an identifier. Furthermore, the user only needs to send the requested data elements, as opposed to all the data elements of the group of data elements, to the challenger. In this manner, the user is preserving the security of other privacy information.
    Type: Grant
    Filed: August 21, 2015
    Date of Patent: October 9, 2018
    Assignee: International Business Machines Corporation
    Inventors: William F. Abt, Jr., Daniel A. Gisolfi, Richard Redpath
  • Patent number: 10083445
    Abstract: In one embodiment a controller comprises logic to receive, via a near field communication link, an identification packet generated by a remote authentication provider, associate an electronic signature with the identification packet, transmit the identification packet to a remote authentication provider, receive an authorization from the remote authentication provider, receive login information associated with the identification packet, and initiate a login procedure using the login information. Other embodiments may be described.
    Type: Grant
    Filed: May 6, 2016
    Date of Patent: September 25, 2018
    Assignee: Intel Corporation
    Inventors: Sanjay Bakshi, Ned Smith
  • Patent number: 10083282
    Abstract: Methods, systems, and computer program products are included for authenticating computing devices. An exemplary method includes associating a security key with an operating system of a first computing device, wherein the security key is generated from a serial number corresponding to the first computing device. A token corresponding to the security key is sent to a second computing device. The token is accessed by the second computing device to authenticate the first computing device. An authenticated session is established between the first computing device and the second computing device. Within the authenticated session, a connection is provided between the first computing device and the second computing device.
    Type: Grant
    Filed: March 24, 2016
    Date of Patent: September 25, 2018
    Assignee: PAYPAL, INC.
    Inventor: Srini Rangaraj
  • Patent number: 10063380
    Abstract: A formalized set of interfaces (e.g., application programming interfaces (APIs)) is described, that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order authorize and authenticate requests sent to a virtualization later. The interfaces can be invoked to perform security monitoring, forensic capture, and/or patch software systems at runtime. In addition to the foregoing, other aspects are described in the claims, detailed description, and figures.
    Type: Grant
    Filed: January 22, 2013
    Date of Patent: August 28, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric Jason Brandwine, Matthew Shawn Wilson
  • Patent number: 10057059
    Abstract: Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.
    Type: Grant
    Filed: May 1, 2017
    Date of Patent: August 21, 2018
    Assignee: Network-1 Technologies, Inc.
    Inventor: John A. Nix
  • Patent number: 10057288
    Abstract: A method includes receiving, from a certificate requestor: a request for a public key certificate and a list of a plurality of distribution addresses. The request may include a public key for the certificate requestor. The plurality of distribution addresses may belong to a plurality of third parties. The method further includes verifying an identity of the certificate requestor, and, in response to verifying the identity of the certificate requestor, retrieving a public key from the request for the public key certificate. The method may also include, in response to verifying the identity of the certificate requestor, generating the public key certificate and signing the public key certificate. The public key certificate may include the public key. The method may also include transmitting the signed public key certificate to the certificate requestor and the plurality of distribution addresses.
    Type: Grant
    Filed: March 25, 2016
    Date of Patent: August 21, 2018
    Assignee: CA, Inc.
    Inventor: Joann Jayne Kent
  • Patent number: 10043039
    Abstract: There is provided mechanisms for determining a verification path for each leaf of a tree. A method is performed by a tree manager processor. The method comprises acquiring leaf values of leaves of a tree. The method comprises determining a root value from a leaf to the root value of the leaves. The method comprises determining a verification path for each of the leaves. The verification path for each of the leaves is determined such that the size of each verification path is independent from the number of leaves. Each verification path comprises a partial result and a function that enables determination of said root value from its leaf value and said partial result. The partial result for the verification path for leaf is determined as a one-way function depending only on other leaves such that the verification path for leaf prohibits re-computation of any other leaf value from said partial result.
    Type: Grant
    Filed: April 10, 2015
    Date of Patent: August 7, 2018
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Alexander Maximov, Christine Jost, Bernard Smeets
  • Patent number: 10027630
    Abstract: The systems, methods and apparatuses described herein provide a computing environment that includes a secure zone for executing tasks. An apparatus according to the present disclosure may comprise a screen, a secure zone and an indicator operatively controlled by the secure zone. The secure zone may be configured to execute a task and to assume control over an output to the screen while the apparatus is operating in a secure mode and to transfer control over the output to the screen to a non-secure zone while the apparatus is operating in a non-secure mode.
    Type: Grant
    Filed: August 17, 2017
    Date of Patent: July 17, 2018
    Assignee: OLogN Technologies AG
    Inventor: Sergey Ignatchenko
  • Patent number: 9992189
    Abstract: A CAC/PIV certificate associated with a HSPD-12 identity is used to generate a derived credential for storage on a device, such as a mobile device, that lacks a CAC/PIV card reader. The derived credential (which is distinct from the original CAC/PIV certificate) may then be used to grant the device access to secure resources that may otherwise require a CAC/PIV certificate. Embodiments of the present disclosure also relate to systems and methods for authenticating or validating a derived credential stored on a mobile device.
    Type: Grant
    Filed: August 14, 2017
    Date of Patent: June 5, 2018
    Assignee: SecureAuth Corporation
    Inventors: Chris Hayes, Garret Florian Grajek, Jeffrey Chiwai Lo, Allen Yu Quach, Firas Shbeeb
  • Patent number: 9985754
    Abstract: An information processing apparatus comprises a first circuitry and a second circuitry. The first circuitry first/second demand response requests from first/second communication devices. The second circuitry creates first request content information representing contents of the first demand response request, sends it to a time-stamping authority, and acquires first time certification information containing a time stamp that the time-stamping authority issues for the first demand response request. The second circuitry stores the first time certification information in a storage device to be associates with the first demand response request; and determine, when the second demand response request is received, whether the second demand response request is retransmission of the first demand response request.
    Type: Grant
    Filed: August 24, 2015
    Date of Patent: May 29, 2018
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Yu Kaneko, Tomonori Maegawa, Keisuke Mera, Masashi Ito
  • Patent number: 9973487
    Abstract: An authentication method for at least one of a plurality of devices connected to a HAN includes checking, with a first device among the plurality of devices, validity of a second device using a CRL including attribute information regarding the second device among the plurality of devices, and revoking, with the first device, the second device if a result of the checking is negative.
    Type: Grant
    Filed: February 2, 2016
    Date of Patent: May 15, 2018
    Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Yoshihiro Ujiie, Motoji Ohmori, Hideki Matsushima, Tomoyuki Haga, Manabu Maeda, Yuji Unagami
  • Patent number: 9973478
    Abstract: Methods and apparatus for controlling write access by one or more accessing nodes to a resource within a Resource Location And Discovery, RELOAD, network. The methods and apparatus configured to: at a node owning the resource, obtain a public key of a peer responsible for the resource, encrypt a write key using the obtained public key and send the encrypted write key to the peer responsible for the resource; at the peer responsible for the resource, decrypt the write key; at an accessing node, sign data to be written to the resource using the write key and send a request to the peer responsible for the resource to write the signed data to the resource; and at the peer responsible for the resource, control write access to the resource based on the decrypted write key and the signed data.
    Type: Grant
    Filed: March 7, 2013
    Date of Patent: May 15, 2018
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Jaime Jiménez, Gonzalo Camarillo Gonzalez, Manuel Urueña Pascual
  • Patent number: 9946663
    Abstract: Disclosed are various embodiments of transmit and receive connectivity devices that include signal processing circuitry, an HDMI port, and a multi-position multi-contact port. The signal processing circuitry can transmit and receive signals over the multi-position multi-contact port. The signals can include a first signal corresponding to a first frequency and a second signal corresponding to a second frequency. A power and ground can be send over a cable attached to the multi-position multi-contact port.
    Type: Grant
    Filed: August 11, 2017
    Date of Patent: April 17, 2018
    Assignees: Vanco International, LLC, Schenzhen Hollyland Technology, Co., Ltd.
    Inventors: O. Bradley Corbin, Dezhi Liu
  • Patent number: 9917844
    Abstract: Methods and systems for detecting undesirable computer files based on scanning and analysis of information contained within an associated digital certificate chain are provided. According to one embodiment, a determination is made regarding whether there exists a certificate chain associated with a computer file. If the certificate chain is determined to exist, then the certificate chain is evaluated by extracting information from the certificate chain and analyzing the extracted information. The computer file is then classified into one of multiple categories based on the evaluation. Finally, the computer file is handled in accordance with a policy associated with the category to which it was assigned. For example, a confirmed or suspected undesired file may be quarantined and/or an end user or an administrator may be notified regarding the confirmed or suspected undesired file.
    Type: Grant
    Filed: December 17, 2007
    Date of Patent: March 13, 2018
    Assignee: Fortinet, Inc.
    Inventors: Steven Michael Fossen, Alexander Douglas MacDonald
  • Patent number: 9906512
    Abstract: The invention relates to a computer-implemented method for handling revocation statuses of credentials, the method including: an issuing computer transmitting a public key to user and verifying computers, a revocation computer sending revocation parameters to user and verifying computer devices, issuing credentials to a user computer by an issuing computer, verifying issued credentials by the user computer, transmitting updated revocation information to the revocation computer by the verifying computer, updating provisional revocation status information by the revocation computer, updating revocation status information by the revocation computer, transmitting updated revocation information to a revocation computer by a verifying computer, updating provisional revocation status information by the revocation computer, transmitting updated revocation status information to the user and verifying computers by the revocation computer, creating a presentation token by the user computer, transmitting the presentation
    Type: Grant
    Filed: July 28, 2015
    Date of Patent: February 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Maria Dubovitskaya, Alfredo Rial Duran
  • Patent number: 9900727
    Abstract: Provided is a method for processing a specific object instance associated with a server due to a server account deletion in a wireless communication system, according to one embodiment of the present invention, wherein the method is performed by a terminal and comprises the steps of: receiving from a first server an action command for deleting an account of a specific server; deleting the specific object instance and an access control object instance associated with same when the specific object instance is an object instance accessible only to the specific server, and deleting access authorization information of the specific server from the access control object instance associated with the specific object instance when the specific object instance is an object instance accessible by a plurality of servers including the specific server; and changing the server having the largest sum of values granted to an access authorization of each of the plurality of servers, with the exception of the specific server as
    Type: Grant
    Filed: January 15, 2014
    Date of Patent: February 20, 2018
    Assignee: LG ELECTRONICS INC.
    Inventors: Seongyun Kim, Seungkyu Park
  • Patent number: 9883400
    Abstract: The present invention relates to a message processing method for resource subscription in a machine-to-machine (M2M) system and a device therefor, and the method comprises the steps of: receiving a subscription request message for a subscribed-to resource from a first device, wherein the subscription request message includes identification information of the first device and identification information of a second device; checking whether the first device has a right for the subscribed-to resource; determining whether the first device and the second device are the same on the basis of the identification information of the first device and the identification information of the second device; transmitting a notification message including the identification information of the first device, identification information of an M2M device, and parameter information for indicating a verification request to the second device, if the first device and the second device are different; and receiving a response message to the
    Type: Grant
    Filed: November 6, 2014
    Date of Patent: January 30, 2018
    Assignee: LG ELECTRONICS INC.
    Inventors: Seungmyeong Jeong, Seungkyu Park, Seongyun Kim, Hongbeom Ahn, Heedong Choi
  • Patent number: 9858004
    Abstract: A method of generating one or more host key sets for one or more host devices may comprise: generating one or more node key sets for one or more ancestor nodes in a data structure; generating one or more node key sets for one or more leaf nodes in the data structure by using the one or more node key sets of the one or more ancestor nodes; and/or generating the one or more host key sets for the one or more leaf nodes by reusing the generated one or more node key sets of the one or more ancestor nodes and the node key sets of the one or more leaf nodes.
    Type: Grant
    Filed: April 23, 2015
    Date of Patent: January 2, 2018
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventor: Banmeet Singh
  • Patent number: 9858279
    Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: January 2, 2018
    Assignee: Twilio, Inc.
    Inventors: Adam Ballai, Timothy S. Milliron
  • Patent number: 9853965
    Abstract: An authentication device receives, from an application executing at a mobile device, a request for an authentication token, the request including an application identifier and an encrypted session identifier (SID). The application identifier identifies the application and the SID uniquely identifies a session between the application and a destination network device. The authentication device decrypts, using a first private key of a first public/private key pair, the encrypted SID to produce a decrypted SID; and determines a first hash value of certain data that includes the application identifier and session information associated with the session. The authentication device further encrypts, using a second public key of a second public/private key pair, the determined first hash value and the decrypted SID to produce an authentication token comprising the encrypted first hash value and the SID; and sends the authentication token to the application at the mobile device.
    Type: Grant
    Filed: August 24, 2015
    Date of Patent: December 26, 2017
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Fenglin Yin, Jianxiu Hao, Zhong Chen
  • Patent number: 9853880
    Abstract: Exemplary methods at a content centric networking (CCN) gateway located at an autonomous system (AS), wherein the CCN gateway is communicatively coupled to a CCN domain name system (DNS) server, include receiving, on a first face, a first interest message comprising of a first content name identifying a first content being requested by the first interest message. The methods include in response to determining the first content is not located at the AS, determining a first remote AS name that identifies a first remote AS where the first content is located, generating a first 2-level (2L) content name comprising of the first remote AS name and the first content name, forwarding the first interest message comprising of the first 2L content name, and in response to receiving a first content object (CO) message comprising of the first 2L content name and the first content, forwarding the first content.
    Type: Grant
    Filed: June 1, 2015
    Date of Patent: December 26, 2017
    Assignee: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventor: Carlos Valencia Lopez
  • Patent number: 9847883
    Abstract: Providing revocation status of at least one associated credential includes providing a primary credential that is at least initially independent of the associated credential, binding the at least one associated credential to the primary credential, and deeming the at least one associated credential to be revoked if the primary credential is revoked. Providing revocation status of at least one associated credential may also include deeming the at least one associated credential to be not revoked if the primary credential is not revoked. Binding may be independent of the contents of the credentials and may be independent of whether any of the credentials authenticate any other ones of the credentials. The at least one associated credential may be provided on an integrated circuit card (ICC). The ICC may be part of a mobile phone or a smart card.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: December 19, 2017
    Assignee: Assa Abloy AB
    Inventors: Eric F. Le Saint, Robert F. Dulude
  • Patent number: 9847983
    Abstract: Technologies are disclosed herein for epoch-based expiration of temporary security credentials. A temporary security credential is issued that identifies one or more epochs and that specifies one or more versions of the identified epochs during which the temporary security credential is valid. The temporary security credential may then be utilized to request access to another system, service or component. In order to determine whether such a request may be granted, current epoch versions for the epochs identified in the temporary security credential are obtained. The current epoch versions for the identified epochs are then compared to epoch versions specified in the temporary security credential to determine if the request can be granted. The current epoch versions may be periodically modified in order to expire previously issued temporary security credentials. A temporary security credential might also specify an expiration time after which the temporary security credential is no longer valid.
    Type: Grant
    Filed: April 29, 2014
    Date of Patent: December 19, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Benjamin Tillman Farley, Graeme David Baer
  • Patent number: 9798681
    Abstract: Disclosed are various embodiments of transmit and receive connectivity devices that receive a media signal from a source device coupled to the HDMI port and to convert the media signal to a converged media signal based on a converged signal specification. The converged media signal can be transmitted between the transmit and receive connectivity devices through a multi-position multi-contact port. The converged media signal can be converted to a media signal based on the converged signal specification. The converted media signal can be output to a sink device via an HDMI port.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: October 24, 2017
    Assignees: Vanco International, LLC, Schenzhen Hollyland Technology Co., Ltd.
    Inventors: O. Bradley Corbin, Dezhi Liu
  • Patent number: 9800561
    Abstract: Generally, this disclosure provides systems, methods and computer readable media for secure sharing of user annotated subscription media content with trusted devices. The shared content may include user specified snapshots of the media along with user supplied annotations. The system may include a host processor configured to arrange a secure session with a server and to receive the subscription media content from the server in an encrypted format. The system may also include a trusted execution environment (TEE) comprising a secure processor and secure storage configured to decrypt and store the media content, based on a content encryption key obtained from the server. The system may further be configured to: receive a snapshot frame request and annotations from the user; generate a composite image of the snapshot and an overlay including the annotations; and encrypt the composite image for sharing with other users.
    Type: Grant
    Filed: November 6, 2014
    Date of Patent: October 24, 2017
    Assignee: Intel Corporation
    Inventors: Rajesh Poornachandran, Saurabh Dadu, Ned M. Smith
  • Patent number: 9787668
    Abstract: Sensitive user information management system and method. In accordance with some embodiments of the subject innovations, a RESTful “custodial” web service is provided to online service applications of an online service for storing and retrieving sensitive user information. More particularly, the custodial web service offers an operational interface to the online service applications accessible over a data network. The operational interface comprises two operations: STORE and RETRIEVE. The STORE operation allows an online service application to store sensitive user information with the custodial web service. The RETRIEVE operation allows the online service application to later retrieve the sensitive user information from the custodial web service. The custodial web service also ensures that received sensitive user information is cryptographically encrypted when in the custody of the web service.
    Type: Grant
    Filed: August 3, 2015
    Date of Patent: October 10, 2017
    Assignee: LinkedIn Corporation
    Inventors: Nikhil Marathe, Arvind Mani, Ganesh Krishnan
  • Patent number: 9769335
    Abstract: An embodiment of this invention is directed to an information processing apparatus capable of performing high-speed processing and preventing memory shortage even when executing a hybrid application. According to the embodiment, an information processing apparatus that executes a program including a first program layer with an instruction set to be interpreted and executed by a processor and a second program layer with an instruction set interpreted in advance by a unit other than the processor includes the following arrangement. That is, the processor includes a plurality of interpretation units configured to interpret the first program layer. A first interpretation unit is provided in an operating system that operates in the processor, and a second interpretation unit is provided in the second program layer.
    Type: Grant
    Filed: June 2, 2015
    Date of Patent: September 19, 2017
    Assignee: Canon Kabushiki Kaisha
    Inventors: Kiyoshi Umeda, Naoki Sumi, Tomohiro Suzuki
  • Patent number: 9754116
    Abstract: Techniques for operating web services within secure execution environments running within computing resource service provider environments are described herein. A web service provides an application that can be instantiated within a secure execution environment associated with a customer computer system that is hosted by a computing resource service provider and programmatically managed by the customer and the customer computer system provides validation of the secure execution environment. Web service requests from the customer computer system are received by the web service application hosted within the secure execution environment. As the one or more web service requests are received by the web service within the secure execution environment, the requests are fulfilled by executing instructions associated with the web service within the secure execution environment.
    Type: Grant
    Filed: September 3, 2014
    Date of Patent: September 5, 2017
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Gregory Branchek Roth, Aaron Douglas Dokey, Eric Jason Brandwine, Nathan Bartholomew Thomas
  • Patent number: 9747236
    Abstract: Disclosed are various embodiments of transmit and receive connectivity devices that receive a media signal from a source device coupled to the HDMI port and to convert the media signal to a converged media signal based on a converged signal specification. The converged media signal can be transmitted between the transmit and receive connectivity devices through a multi-position multi-contact port. The converged media signal can be converted to a media signal based on the converged signal specification. The converted media signal can be output to a sink device via an HDMI port.
    Type: Grant
    Filed: April 7, 2016
    Date of Patent: August 29, 2017
    Assignees: Vanco International, LLC, Schenzhen Hollyland Technology Co., Ltd.
    Inventors: O. Bradley Corbin, Dezhi Liu
  • Patent number: 9736145
    Abstract: A CAC/PIV certificate associated with a HSPD-12 identity is used to generate a derived credential for storage on a device, such as a mobile device, that lacks a CAC/PIV card reader. The derived credential (which is distinct from the original CAC/PIV certificate) may then be used to grant the device access to secure resources that may otherwise require a CAC/PIV certificate. Embodiments of the present disclosure also relate to systems and methods for authenticating or validating a derived credential stored on a mobile device.
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: August 15, 2017
    Assignee: SecureAuth Corporation
    Inventors: Chris Hayes, Garret Florian Grajek, Jeffrey Chiwai Lo, Allen Yu Quach, Firas Shbeeb
  • Patent number: 9710038
    Abstract: Disclosed are various embodiments of transmit and receive connectivity devices that receive a media signal from a source device coupled to the HDMI port and to convert the media signal to a converged media signal based on a converged signal specification. The converged media signal can be transmitted between the transmit and receive connectivity devices through a multi-position multi-contact port. The converged media signal can be converted to a media signal based on the converged signal specification. The converted media signal can be output to a sink device via an HDMI port.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: July 18, 2017
    Assignees: Vanco International, LLC, Schenzhen Hollyland Technology Co., Ltd.
    Inventors: O. Bradley Corbin, Dezhi Liu
  • Patent number: 9705903
    Abstract: A call control device including: a memory, and a processor coupled to the memory and configured to: receive a call request from a communication device, a source of the call request being a terminal, the call request being transferred by the communication device when the terminal is registered in a management device, and request the management device to deregister the terminal when the call control device is determined that the call control device is attacked from the terminal based on the call request.
    Type: Grant
    Filed: February 23, 2016
    Date of Patent: July 11, 2017
    Assignee: FUJITSU LIMITED
    Inventors: Ryouji Nakamatsu, Hiromitsu Kajiyama, Shigehiko Hirata, Hideo Okawa, Akio Koga
  • Patent number: 9680827
    Abstract: In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.
    Type: Grant
    Filed: March 21, 2014
    Date of Patent: June 13, 2017
    Assignee: Venafi, Inc.
    Inventor: Remo Ronca
  • Patent number: 9680649
    Abstract: Methods of providing policy based access to master keys, enabling keys to be distributed to groups of users in a secure manner while minimizing disruptions to the user in the event of changes to group membership or changes to user attributes. User attributes are identified. Policies are rewritten in terms of user attributes. New unique user attribute keys are generated for each attribute for each user. An access tree is constructed with user attribute keys as leaf nodes and Boolean algebra operations as internal nodes. Shamir polynomials are used for AND nodes, and broadcast polynomials are used for OR nodes. Master keys are accessible by traversing the access tree from the leaf nodes to the root node constructing the polynomials attached to all the nodes along the access path.
    Type: Grant
    Filed: March 19, 2015
    Date of Patent: June 13, 2017
    Assignee: Oracle International Corporation
    Inventor: Mohamed Nabeel
  • Patent number: 9667427
    Abstract: Systems and methods for managing digital identities. In some embodiments, a method is provided, comprising acts of: using a plurality of measurements taken from a user to generate an identifier for the user, the identifier comprising a cryptographic proof of the plurality of measurements; instantiating a digital identity representation associated with the identifier for the user, the digital identity representation comprising program code that implements rules for attestation; generating an electronic signature over the digital identity representation; and publishing the digital identity representation and the electronic signature to a distributed ledger system.
    Type: Grant
    Filed: October 14, 2016
    Date of Patent: May 30, 2017
    Assignee: Cambridge Blockchain, LLC
    Inventors: Alex Oberhauser, Matthew Commons, Alok Bhargava
  • Patent number: 9654922
    Abstract: In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.
    Type: Grant
    Filed: March 21, 2014
    Date of Patent: May 16, 2017
    Assignee: Venafi, Inc.
    Inventor: Remo Ronca
  • Patent number: 9641327
    Abstract: Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: May 2, 2017
    Assignee: M2M and IoT Technologies, LLC
    Inventor: John A. Nix