Revocation Or Expiration Patents (Class 713/158)
-
Patent number: 12233273Abstract: Disclosed are embodiments directed to security methods applied to connections between components in a distributed (networked) system including medical and non-medical devices, providing secure authentication, authorization, patient and device data transfer, and patient data association and privacy for components of the system.Type: GrantFiled: February 20, 2024Date of Patent: February 25, 2025Assignee: West Affum Holdings DACInventors: Steven E. Sjoquist, David P. Finch, Erick M. Roane, Zoie R. Engman, Jonathan P. Niegowski, Dusan Beblavy, Martin Pribula, Peter Curila, Martin Kolesár
-
Patent number: 12236256Abstract: The system provided in the present application includes a public key infrastructure builder, a container image identity builder, a signature list builder, a container image verifier, a signature list and user certificates loader, and a container program verifier. The method provided in the present application is capable of conveniently authorizing container images and software running in the container, and verifying the container images and programs in the container at the right time, so as to ensure that container images running on the container platform are trusted, and the software running in the container is also trusted, thereby improving the security of the container platform.Type: GrantFiled: April 1, 2020Date of Patent: February 25, 2025Assignee: INSTITUTE OF INFORMATION ENGINEERING, CHINESE ACADEMY OF SCIENCESInventors: Aimin Yu, Jiangang Ma, Yue Wang, Dan Meng
-
Vehicle control apparatus including RXSWIN information and vehicle control system including the same
Patent number: 12175233Abstract: A vehicle control apparatus and a vehicle control system including the same are provided. The vehicle control apparatus includes an electronic control unit and a gateway. The electronic control unit is configured to store software identification management information associated with the electronic control unit. The gateway is configured to store a master list of the software identification management information, which includes the software identification management information received from the electronic control unit, deliver update information related to software associated with vehicle type approval (VTA) to the electronic control unit corresponding to the update information, as the update information is received, and update the software identification management information associated with the electronic control unit in the master list as an update of the software of the electronic control unit is completed.Type: GrantFiled: November 17, 2022Date of Patent: December 24, 2024Assignees: HYUNDAI MOTOR COMPANY, KIA CORPORATIONInventors: Hye Ryun Lee, Jin Gu Kwon, Kyung Tae Noh, Min Ho Heo, Sug Woo Shin, Duk Won Hong, Dong Jun Ahn -
Patent number: 12174949Abstract: The present invention provides a method and apparatus for a highly secure Air-Gapped storage or repository (Transportable Storage). The apparatus has a storage stack that can be completely isolated and not accessible to outside of the system except through an internal virtual network connected to the main or primary storage stack with special protocols and authentications trusted by both parties (primary and Transportable Storage Stack(s)) and hosted on the virtual layer. The storage stacks could be either virtual or physical. The system uses a consensus algorithm to achieve consensus in order to authorize/validate any user, action or function. The system using this method might also be environment-aware or policy enabled and can take proper actions in case of malicious network attacks or problems detected by antivirus software. In addition, it can make itself offline or invisible.Type: GrantFiled: November 6, 2020Date of Patent: December 24, 2024Inventor: Lilly Nahal Tahmasebi
-
Patent number: 12143486Abstract: Automatic rotation of materials such as cryptographic materials prevents downtime in computer systems through a method in which the business logic of a DLN, such as a smart contract, receives a request from a given machine to access a resource such as a stream of chained identifiers. The logic checks the stream for a status marker that says the materials need rotation. If so, the business logic replies that rotation is required. When the marker is not there, the logic retrieves the expiry information on the cryptographic material and calculates how long until expiration. If the remaining validity is not enough, the business logic forces a rotation of the cryptographic material by storing the status marker in the stream and notifying the machine. The machine responds by working with the business logic to do the rotation.Type: GrantFiled: July 5, 2022Date of Patent: November 12, 2024Assignee: Corsha Inc.Inventors: Anusha R. Iyer, David Mazary, Russell Bodine, Christopher Simkins
-
Patent number: 12126735Abstract: Systems and methods for securely exchanging cryptographically signed records are disclosed. In one aspect, after receiving a content request, a sender device can send a record to a receiver device (e.g., an agent device) making the request. The record can be sent via a short range link in a decentralized (e.g., peer-to-peer) manner while the devices may not be in communication with a centralized processing platform. The record can comprise a sender signature created using the sender device's private key. The receiver device can verify the authenticity of the sender signature using the sender device's public key. After adding a cryptography-based receiver signature, the receiver device can redeem the record with the platform. Upon successful verification of the record, the platform can perform as instructed by a content of the record (e.g., modifying or updating a user account).Type: GrantFiled: November 30, 2023Date of Patent: October 22, 2024Assignee: MAGIC LEAP, INC.Inventor: Adrian Kaehler
-
Patent number: 12095735Abstract: Aspects of the present disclosure involve systems, methods, for encoding a firewall ruleset into one or more bit arrays for fast determination of processing of a received communication packet by a firewall device associated with a network. Through this bitmap, a number of computation operations needed to determine a processing rule for a received packet is significantly reduced compared to the traditional approach of using a hash or a longest prefix match technique. Rather, determining a processing rule for a received packet may include determining a bit value within one or more arrays. In one implementation, a firewall rule may be encoded into a 64-bit array of bit values in which each bit of the array corresponds to a particular processing rule for a particular network address. The firewall rule may be encoded into a bitmap array of bit values by asserting a particular bit within the array.Type: GrantFiled: November 21, 2022Date of Patent: September 17, 2024Assignee: Level 3 Communications, LLCInventor: Robert Whelton
-
Patent number: 12074989Abstract: Disclosed are techniques for remotely controlling autonomous vehicles. In one embodiment, a method is disclosed comprising receiving a message from a first autonomous vehicle, the message including a signed body portion and a triple including components selected from the group consisting of a public identifier of the first autonomous vehicle, a public key of the first autonomous vehicle, and a certificate of the first autonomous vehicle; authenticating the message by verifying the certificate of the first autonomous vehicle; logging the message into a blockchain storage structure, the blockchain storage structure storing a plurality of blocks, each blocking including the signed body portion; and executing one or more orders included within the signed body portion.Type: GrantFiled: September 23, 2022Date of Patent: August 27, 2024Assignee: Lodestar Licensing Group LLCInventors: Antonino Mondello, Alberto Troia
-
Patent number: 12041449Abstract: Aspects of the present disclosure include methods, apparatuses, and computer readable media for obtaining at least one certificate, partitioning the at least one certificate into a plurality of certificate segments, embedding the plurality of certificate parts into a corresponding frame of a plurality of frames, and transmitting, sequentially, the plurality of frames at a periodicity.Type: GrantFiled: March 30, 2021Date of Patent: July 16, 2024Assignee: QUALCOMM IncorporatedInventors: Stefano Faccin, Drew Foster Van Duren
-
Patent number: 11997220Abstract: An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority. It may also include one or more load balancers communicatively connected to the one or more compute engines, the one or more load balancers to perform operations comprising distributing at least one request to the one or more compute engines.Type: GrantFiled: October 18, 2021Date of Patent: May 28, 2024Assignee: INTEGRITY SECURITY SERVICES LLCInventors: Alan T. Meyer, Gregory A. Powell
-
Patent number: 11917082Abstract: Systems and methods are disclosed herein for real-time digital authentication. According to some embodiments, a certification authentication method includes receiving a list of third party root certificates from a remote server, the list of third party root certificates including at least one association between a program configured to run on the computing apparatus and a public key for authenticating communication between the program and an associated server of the program. The method may also include authenticating the list of third party root certificates. The method may also include initiating a communication between the computing apparatus and the associated server and authenticating the communication with the associated server using the public key. Furthermore, the method may also include loading the program onto the one or more memories during a bootstrapping process in response to determining that the communication with the associated server is authentic.Type: GrantFiled: August 12, 2021Date of Patent: February 27, 2024Assignee: Capital One Services, LLCInventor: Srinivasan Rangaraj
-
Patent number: 11916924Abstract: Aspects of the present disclosure address systems, methods, and devices for enabling secure communication between electronic control units (ECUs) in a vehicle. The system may include a first and second ECU from a plurality of ECUs in the vehicle. The first ECU is to enable secure communication between the plurality of ECUs by performing operations that include provisioning the second ECU with authentication data for authenticating messages exchanged with a third ECU and provisioning the third ECU with a set of security keys to enable the third ECU to securely exchange messages with the second ECU. The second ECU receives, from the third ECU, a secure message that is cryptographically signed using a security key from the set of security keys provisioned to the third ECU, and the second ECU authenticates the secure message by comparing the authentication data with an authentication signal.Type: GrantFiled: October 13, 2021Date of Patent: February 27, 2024Assignee: NAGRAVISION S.A.Inventors: Christophe Buffard, Sanjeev Sehgal
-
Patent number: 11888997Abstract: A computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by public and/or private certificate authorities. In an embodiment, customers may use the certificate management service to generate private certificate authority which can issue signed certificates to network entities within the customer enterprise. In an embodiment, the private certificate authority is hosted by the computing resource service provider, and the certificate management service automates the renewal and management of active certificates. In an embodiment, the certificate management service allows customer applications to create, renew, and revoke certificates issued by both private and public certificate authorities via an application programming interface.Type: GrantFiled: June 25, 2018Date of Patent: January 30, 2024Assignee: Amazon Technologies, Inc.Inventors: Peter Zachary Bowen, Todd Lawrence Cignetti, Preston Anthony Elder, III, Brandonn Gorman, Ronald Andrew Hoskinson, Jonathan Kozolchyk, Kenneth Lawler, Marcel Andrew Levy, Kyle Benjamin Schultheiss, Sandeep Shantharaj, Param Sharma, Jose Maria Silveira Neto
-
Patent number: 11876914Abstract: Systems and methods for securely exchanging cryptographically signed records are disclosed. In one aspect, after receiving a content request, a sender device can send a record to a receiver device (e.g., an agent device) making the request. The record can be sent via a short range link in a decentralized (e.g., peer-to-peer) manner while the devices may not be in communication with a centralized processing platform. The record can comprise a sender signature created using the sender device's private key. The receiver device can verify the authenticity of the sender signature using the sender device's public key. After adding a cryptography-based receiver signature, the receiver device can redeem the record with the platform. Upon successful verification of the record, the platform can perform as instructed by a content of the record (e.g., modifying or updating a user account).Type: GrantFiled: May 19, 2021Date of Patent: January 16, 2024Assignee: Magic Leap, Inc.Inventor: Adrian Kaehler
-
Patent number: 11812265Abstract: Disclosed are various embodiments for certificate-based authentication in radio-based networks. In one embodiment, a request for service from a radio-based network is received from a client device. The request for service includes a secure certificate. The radio-based network includes a radio access network and an associated core network. The authenticity of the secure certificate is validated based at least in part on a certificate signature in the secure certificate signed by a certificate authority. It is determined that an entity identified in the secure certificate is permitted to access the radio-based network. Radio-based network access is provided to the client device in response to determining that the entity is permitted to access the radio-based network.Type: GrantFiled: November 15, 2021Date of Patent: November 7, 2023Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Diwakar Gupta, Kaixiang Hu, Benjamin Wojtowicz, Upendra Bhalchandra Shevade, Shane Ashley Hall
-
Patent number: 11804949Abstract: Techniques for subscriber revocation in a publish-subscribe network using attribute-based encryption (ABE) are disclosed, including: generating a tree data structure including leaf nodes representing subscribers, subtrees of the tree data structure representing subsets of subscribers having different likelihoods of ABE key revocation; generating ABE keys associated with edges in the tree data structure; assigning ABE keys to the leaf nodes, each leaf node being assigned a subset of the ABE keys associated with edges that form a path from a root node to the leaf node; based at least on a revocation record that indicates one or more revoked subscribers, determining a minimal subset of ABE keys that covers all non-revoked subscribers; and encrypting a payload using an encryption policy requiring at least one ABE key in the minimal subset of the ABE keys, to obtain a ciphertext that is not accessible to the one or more revoked subscribers.Type: GrantFiled: March 19, 2021Date of Patent: October 31, 2023Assignee: Raytheon BBN Technologies Corp.Inventors: Joud Khoury, Samuel Cunningham Nelson, William Timothy Strayer
-
Patent number: 11750404Abstract: A decentralized group signature method for an issuer-anonymized credential system includes (a) an initial system setup operation of defining elements of a group signature method and information that is generated and shared by each group member, (b) an initial group member setup operation, (c) a group member participation operation of adding a new group member to a group, (d) a group signature operation of putting a group signature on a specific message, (e) an operation of verifying the group signature, (f) an operation of removing anonymity from a group signature for a specific group member with agreement of group members, and (g) an operation of revoking a specific group member with agreement of the group members. Exclusive authority of a group manager is distributed to the group members.Type: GrantFiled: November 4, 2020Date of Patent: September 5, 2023Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Hwan Jo Heo, Hyun Jin Lee
-
Patent number: 11743733Abstract: Methods and devices enable connecting devices to cellular networks using the devices' hardware identifiers. Subscriber records include a hardware identifier assigned when the devices are manufactured. A target hardware identifier included in an attachment request is associated with an International Mobile Subscriber Identity, IMSI, available to the cellular network if, according to subscriber records, the device is registered.Type: GrantFiled: September 27, 2021Date of Patent: August 29, 2023Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Athanasios Karapantelakis, Ioannis Fikouras, Rafia Inam, Qiang Li, Leonid Mokrushin, Maxim Teslenko, Konstantinos Vandikas, Aneta Vulgarakis Feljan
-
Patent number: 11734460Abstract: Connectionless trusted computing base recovery is described. An example of a system includes one or more processors to process data; hardware including a hardware RoT (root of trust); and firmware including a firmware TCB (trusted computing base), the firmware including the credentials including one or more certificates and one or more keys, wherein the one or more processors are to determine that the firmware TCB is compromised and that the hardware RoT is intact; issue new credentials by the hardware RoT to mutable firmware based on a version number or security version number (SVN) of the firmware; and revoke old versions of the credentials for the firmware.Type: GrantFiled: June 23, 2021Date of Patent: August 22, 2023Assignee: INTEL CORPORATIONInventors: Xiaoyu Ruan, Tsippy Mendelson, Yanai Moyal, Daniel Nemiroff
-
Patent number: 11683188Abstract: A method for representing certificate expiration includes obtaining, from a root certificate authority, a root digital certificate and generating a chain of intermediate certificate authorities. Each intermediate certificate authority includes a respective intermediate certificate digitally signed by the intermediate certificate authority that is immediately higher in the chain and a respective validation time period indicating a range of times when the intermediate certificate authority is permitted to digitally sign certificates. The respective validation time period includes the validation time period of each intermediate certificate authority that is lower in the chain. The method includes generating a certificate revocation list and generating, from the lowest intermediate certificate authority in the chain, a plurality of end entity certificates.Type: GrantFiled: October 13, 2020Date of Patent: June 20, 2023Assignee: Google LLCInventors: Matthew Robert Jones, Benjamin Jackson Benoy, John David Thayer Wood
-
Patent number: 11641285Abstract: Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.Type: GrantFiled: January 11, 2021Date of Patent: May 2, 2023Assignee: DigiCert, Inc.Inventors: Hari Veladanda, Hoa Ly, Ning Chai
-
Patent number: 11640149Abstract: A method of providing a plurality of controller certificates for a plurality of controllers within a Building Management System (BMS) includes downloading project information defining the BMS and using the downloaded project information to solicit a Certificate Signing Request (CSR) from each of the plurality of controllers of the BMS. The received CSRs are uploaded to a remote server so that the remote server can generate a corresponding controller certificate for each of the plurality of controllers of the BMS. The generated controller certificates are then downloaded to the corresponding one of the plurality of controllers of the BMS.Type: GrantFiled: December 22, 2021Date of Patent: May 2, 2023Assignee: HONEYWELL INTERNATIONAL INC.Inventors: Nagasree Poluri, Manish Gupta, Nagesh Narayanappa, Ankith Makam
-
Patent number: 11632247Abstract: Provided are methods and systems for invalidating user security tokens. An example method may include providing, by one or more nodes in a cluster, a list of revoked security tokens. The method may include receiving, by the one or more nodes, an indication of invalidating a user security token associated with a user device. The indication may include a request from the user to invalidate the user security token. The method may further include, in response to the receiving, adding, by the one or more nodes, the user security token to the list of revoked security tokens. The user security token can be added to the list of revoked security tokens prior to the expiration time of the user security token. The method may further include replicating, by the one or more nodes, the list of revoked security tokens between further nodes of the cluster.Type: GrantFiled: April 19, 2021Date of Patent: April 18, 2023Assignee: ELASTICSEARCH B.V.Inventor: Jayesh Modi
-
Patent number: 11625476Abstract: A method, system and apparatus for requesting a plurality of credentials from a trusted entity. A local validation device (LVD) receives a credential request or an identifier from each of a plurality of user devices. The LVD generates or compiles a bundle of credential requests corresponding to the plurality of user devices. The LVD transmits the bundle of credentials requests to the MVD. The MVD receives the bundle of request and performs a validation for each request in the bundle and then communicates the credentials and/or the results of the validations to the LVD. The LVD communicates credentials to each of the plurality of user devices. In some cases, the LVD performs the validation for each credential request. For instance, the LVD can receive a local enforcement policy from the MVD, which can provide instructions or guidance to the LVD as to how to perform the validations.Type: GrantFiled: November 10, 2020Date of Patent: April 11, 2023Assignee: DigiCert, Inc.Inventors: Wade Johnathon Choules, Darin Scott Andrew, Ricky Eldon Roos, Jason Allen Sabin, Daniel Robert Timpson
-
Patent number: 11627127Abstract: The authentication and authorization system includes an application execution unit, a user information storage unit, a token acquisition unit configured to acquire, using the user information acquired from the user information storage unit, an access token from an authorization server that authorizes the application to use the external service when a valid access token is presented via the cooperation unit, and a token storage unit configured to store the acquired access token. The token acquisition unit acquires the access token from the authorization server at a predetermined cycle, and stores it in the token storage unit. When the application uses the external service, the application execution unit requests a cooperation unit to make the application cooperate with the external service using the access token acquired from the token storage unit.Type: GrantFiled: September 11, 2020Date of Patent: April 11, 2023Assignee: HITACHI, LTD.Inventors: Toshio Nishida, Keisuke Hatasaki
-
Patent number: 11593775Abstract: Disclosed herein are system, method, and computer program product embodiments for authenticating a mobile user via an authentication method determined based on a token level associated with the action being completed. An authentication token is created corresponding to the token level and the authentication token is sent to the mobile device. This authentication token may be used to authenticate subsequent actions and engage various services to complete the actions using application programming interfaces. The authentication token stored on the mobile device obviates the need for a user to authenticate multiple times to complete actions requiring a similar token level. The system may authenticate the identity of the mobile user using various authentication methods.Type: GrantFiled: May 18, 2021Date of Patent: February 28, 2023Assignee: Capital One Services, LLCInventors: Jeremy J. Phillips, Mitchell Miller, Saleem Ahmed Sangi
-
Patent number: 11570167Abstract: Apparatus and methods pertaining to a Certified Approval Service (CAS) are disclosed and enabled. The apparatus may include a Personal Computing Device (PCD) implementing a CAS Device to interact with an end user and a server implementing a CAS provider. The various embodiments operate without the end user and the CAS provider to engage in an authenticated login session between themselves.Type: GrantFiled: October 28, 2021Date of Patent: January 31, 2023Assignee: CHIPIWORKS COMPANYInventors: Kobi Eshun, Karim Tahawi
-
Patent number: 11563587Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action.Type: GrantFiled: July 27, 2022Date of Patent: January 24, 2023Assignee: ;Anchor Labs, Inc.Inventors: Diogo Monica, Nathan P. McCauley, Riyaz D. Faizullabhoy, Boaz Avital
-
Patent number: 11556856Abstract: A method for training an analytics engine hosted by an edge server device is provided. The method includes determining a classification for data in an analytics engine hosted by an edge server and computing a confidence level for the classification. The confidence level is compared to a threshold. The data is sent to a cloud server if the confidence level is less than the threshold. A reclassification is received from the cloud server and the analytics engine is trained based, at least in part, on the data and the reclassification.Type: GrantFiled: December 24, 2020Date of Patent: January 17, 2023Assignee: Intel CorporationInventor: Yen Hsiang Chew
-
Patent number: 11550894Abstract: A trusted application (TA) operates on a trusted execution environment (TEE) and generates a screen. Further, the TA transmits certification information for certifying validity of the TA to a verification device. The verification device verifies whether the TA is valid on the basis of the certification information. Further, the verification device authenticates a display device when the validity of the TA is certified and when the verification device is capable of confirming the facts that a picture is being output and that a device outputting the picture is the display device. Further, the verification device outputs a random number code when the display device is authenticated. Further, the verification device transmits the random number code to the display device when the display device is authenticated. Further, the display device receives the random number code from the verification device and displays the same.Type: GrantFiled: June 17, 2019Date of Patent: January 10, 2023Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Kenichiro Muto, Takeshi Nagayoshi, Kimihiro Yamakoshi
-
Patent number: 11528604Abstract: The invention concerns a method for transmitting to a physical or virtual element of a telecommunications network, an encrypted subscription identifier stored in a security element, or an encrypted identifier of the security element or an encrypted identifier of a terminal cooperating with the security element. The method includes pre-calculating proactively, at the occurrence of an event, the encrypted identifier using a key and storing it in a file or memory of the security element with a parameter enabling the key to be calculated by the element of the telecommunications network, in order to be able to transmit to the element of the telecommunications network the encrypted identifier and the parameter, without having to compute the encrypted identifier when the terminal is asking for it.Type: GrantFiled: October 2, 2018Date of Patent: December 13, 2022Assignee: THALES DIS FRANCE SASInventors: Paul Bradley, Mireille Pauliac
-
Patent number: 11523278Abstract: A secured communication method for a V2X communication device is disclosed. The secured communication method for a V2X communication device comprises the steps of; receiving at least one message on the basis of V2X communication; extracting adaptive certificate pre-distribution (ACPD) target information when the at least one message includes the ACPD target information; pre-authenticating at least one short-term certificate acquired from the ACPD target information; collecting at least one pre-authenticated short-term certificate to be broadcasted at a specific predicted time at a specific predicted location; and broadcasting an ACPD group (ACPDG) message including the collected at least one pre-authenticated short-term certificate at the specific predicted location at the specific predicted time.Type: GrantFiled: December 21, 2017Date of Patent: December 6, 2022Assignee: LG ELECTRONICS INC.Inventors: Soyoung Kim, Jaeho Hwang
-
Patent number: 11516023Abstract: A proxy revocation service provides a reliable service for performing revocation checks. The proxy revocation service queries public certificate authorities for the revocation status of a set of digital certificates and maintains a database of the revocation statuses. The proxy revocation service provides a singular endpoint that is Application Protocol Interface (API) accessible to web clients. Web clients communicate with the proxy revocation service through use of API message to perform revocation checks, rather than communicating with the public certificate authorities using an online certificate status protocol (OCSP). Use of the proxy revocation service provides both a reliable service for performing revocation checks as well as shifts the complexity away from the web clients.Type: GrantFiled: November 5, 2021Date of Patent: November 29, 2022Assignee: Snowflake Inc.Inventors: Harsh Chaturvedi, Harsha S. Kapre, Srinath Shankar
-
Patent number: 11509484Abstract: Systems and methods relating to settlement of securities without revealing ownership including the end owner are described. In some implementations, ownership or control of a security may be managed by using group membership technology to revoke the signing rights of the seller and adding signing rights to the buyer. Group membership with group signatures allow for one group public key and a plurality of private keys, where each private key is associated with a group member. Signatures create by different group members are indistinguishable to verifiers but a group manager is able to determine which member has signed, link member signatures, implement controls and/or limits, and revoke and add signatory capability when needed. In some implementations, revocation of signatory capability is done with the cooperation of a Digital Certificate Authority.Type: GrantFiled: December 18, 2019Date of Patent: November 22, 2022Assignee: Wells Fargo Bank, N.A.Inventor: Phillip H. Griffin
-
Patent number: 11483162Abstract: Systems and methods relating to settlement of securities without revealing ownership including the end owner are described. In some implementations, ownership or control of a security may be managed by using group membership technology to revoke the signing rights of the seller and adding signing rights to the buyer. Group membership with group signatures allow for one group public key and a plurality of private keys, where each private key is associated with a group member. Signatures create by different group members are indistinguishable to verifiers but a group manager is able to determine which member has signed, link member signatures, implement controls and/or limits, and revoke and add signatory capability when needed. In some implementations, revocation of signatory capability is done with the cooperation of a Digital Certificate Authority.Type: GrantFiled: December 18, 2019Date of Patent: October 25, 2022Assignee: Wells Fargo Bank, N.A.Inventor: Phillip H. Griffin
-
Patent number: 11444780Abstract: A processing device receives, from a host system, a key manifest and a digital signature generated based on the key manifest using a private key corresponding to a public/private key pair. The key manifest comprises one or more verification keys. The digital signature is verified using the public key and the processing device stores the key manifest in a persistent storage component in response to successful verification of the digital signature. The one or more verification keys are utilized in one or more verification operations based on the key manifest being stored in the persistent memory component.Type: GrantFiled: November 25, 2019Date of Patent: September 13, 2022Assignee: Micron Technology, Inc.Inventors: Robert W. Strong, James Ruane
-
Patent number: 11438174Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action.Type: GrantFiled: January 31, 2022Date of Patent: September 6, 2022Assignee: Anchor Labs, Inc.Inventors: Diogo Monica, Nathan P. McCauley, Riyaz D. Faizullabhoy, Boaz Avital
-
Patent number: 11431510Abstract: A system and method for efficiently managing an executable environment involving multiple code-sign certificate chains. The system and method include receiving, by one or more processors and from a client device, a request for information to verify an authorization of a code bundle, the code bundle associated with a first signed code segment and a second signed code segment. The system and method include generating, by one or more processors, a list of certificates associated with the code bundle. The system and method include transmitting, by the one or more processors and to the client device, a message comprising the list of certificates, the message causing the client device to verify the code bundle based on the list of certificates.Type: GrantFiled: April 30, 2020Date of Patent: August 30, 2022Assignee: Wells Fargo Bank, N.A.Inventor: Jeff J. Stapleton
-
Patent number: 11424940Abstract: A computer-implemented method for using a standalone tool for certificate management is provided. The standalone tool for certificate management is provided between a plurality of computing nodes and a management node. The standalone tool determines a certificate status for each of the plurality of computing nodes in the computing system. The standalone tool also determines any certificate operations for each of the plurality of computing nodes in the computing system. The certificate status and any of the certificate operations are presented in a consolidated view.Type: GrantFiled: July 16, 2019Date of Patent: August 23, 2022Assignee: VMware, Inc.Inventors: Krzysztof K Pierscieniak, Samdeep Nayak, Ranganathan Srinivasan
-
Patent number: 11423129Abstract: A host device, a storage device, and a method employ a vendor unique command (VUC) authentication system. The storage device includes a memory and a memory controller which includes a VUC authentication module and controls the memory. The VUC authentication module transmits first memory information about the memory to the host device, receives from the host device a one-time password generated by the first memory information, verifies the one-time password, and receives a vendor unique command from the host device when the one-time password is correct.Type: GrantFiled: July 10, 2019Date of Patent: August 23, 2022Assignee: Samsung Electronics Co., Ltd.Inventors: Bo Hyung Kim, Jang Hwan Kim, Moon Wook Oh, Da Woon Jung
-
Patent number: 11388598Abstract: Systems, apparatus, methods, and techniques for reporting an attack or intrusion into an in-vehicle network are provided. The attack can be broadcast to connected vehicles over a vehicle-to-vehicle network. The broadcast can include an indication of a sub-system involved in the attack and can include a request for assistance in recovering from the attack. Connected vehicles can broadcast responses over the vehicle-to-vehicle network. The responses can include indications of data related to the compromised sub-system. The vehicle can receive the responses and can use the responses to recover from the attack, such as, estimate data.Type: GrantFiled: December 19, 2019Date of Patent: July 12, 2022Assignee: INTEL CORPORATIONInventors: Liuyang Yang, Xiruo Liu, Manoj Sastry, Marcio Juliato, Shabbir Ahmed, Christopher Gutierrez
-
Patent number: 11368297Abstract: Embodiments of the present disclosure disclose a method and apparatus for updating a digital certificate. A specific embodiment of the method includes: receiving digital certificate data, the digital certificate data including a number of times of forwarding and a first forwarding moment; determining whether the following conditions are satisfied: the number of times of the forwarding being less than a preset threshold, or a time length between a current moment and the first forwarding moment being less than a preset time length; and increasing, in response to determining at least one of the conditions being satisfied, the number of times of the forwarding by a preset number, and forwarding the digital certificate data to another proxy server.Type: GrantFiled: September 9, 2019Date of Patent: June 21, 2022Assignee: Beijing Baidu Netcom Science and Technology Co., Ltd.Inventors: Huangjun Shi, Liguo Duan
-
Patent number: 11366788Abstract: Techniques delete snapshot data. In accordance with certain techniques, a first sub-process of a snapshot deletion process on a first data block of the snapshot data is performed with a first thread. The snapshot deletion process includes at least the first sub-process and a second sub-process, the first and second sub-processes being performed sequentially. In response to an end of the first sub-process performed with the first thread, the second sub-process on the first data block is performed with the first thread. In parallel with performing, with the first thread, the second sub-process on the first data block, the first sub-process on a second data block of the snapshot data is performed with a second thread different from the first thread, the second data block being different from the first data block. Such techniques improve IO lock contention, system resource utilization rate and parallelism, response time and system overhead.Type: GrantFiled: March 18, 2019Date of Patent: June 21, 2022Assignee: EMC IP Holding Company LLCInventors: Shuo Lv, Ming Zhang
-
Patent number: 11349673Abstract: A system for monitoring the status of digital certificates is provided. The system includes a responder computer device. The responder computer device is programmed to store, in a database, a plurality of statuses associated with a plurality of digital certificates. The responder computer device is further programmed to receive, from a first computer device, a request message including an identifier of a target certificate. The responder computer device is further programmed to query the database to retrieve status information about the target certificate, generate a response message based on the retrieved status information, and transmit the response message to the first computer device.Type: GrantFiled: January 22, 2019Date of Patent: May 31, 2022Assignee: Cable Television Laboratories, Inc.Inventor: Massimiliano Pala
-
Patent number: 11329964Abstract: A method of managing messages in a messaging system, the method including: identifying a policy associated with the messaging system, the policy including directives associated with the privacy and integrity of messages; applying the policy to a message, the policy including configuration data that determines when the message should be expired; sending the message to the messaging system; using the configuration data to calculate the expiry of the message and passing the calculated expiry of the message to the messaging system; determining whether the expiry has been reached; responsive to the expiry being reached, sending a report message to the message producer; and responsive to the expiry not being reached, attempting to deliver the message to the message consumer.Type: GrantFiled: April 6, 2020Date of Patent: May 10, 2022Assignee: International Business Machines CorporationInventor: Jonathan L. Rumsey
-
Patent number: 11271753Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action.Type: GrantFiled: June 23, 2021Date of Patent: March 8, 2022Assignee: Anchor Labs, Inc.Inventors: Diogo Monica, Nathan P. McCauley, Riyaz D. Faizullabhoy, Boaz Avital
-
Patent number: 11256540Abstract: For each server under consideration for container migration, whether the server has a value for a first parameter that precludes the server from being migrated to a container is determined. Each server having a value that precludes the serve from being migrated to a container is removed from further consideration. For each server remaining under consideration, a value of the server for each second parameter of a number of second parameters is determined, and the values of the server for the second parameters are weighted to yield a weight for the server. The servers remaining under consideration for migration are ranked based at least on the weights for the servers, yielding an order in which the servers are to migrated.Type: GrantFiled: October 2, 2019Date of Patent: February 22, 2022Assignee: MICRO FOCUS LLCInventors: Rajashekar Dasari, Harish Kum Somisetty, Stefan Bergstein
-
Patent number: 11237534Abstract: A method of providing a plurality of controller certificates for a plurality of controllers within a Building Management System (BMS) includes downloading project information defining the BMS and using the downloaded project information to solicit a Certificate Signing Request (CSR) from each of the plurality of controllers of the BMS. The received CSRs are uploaded to a remote server so that the remote server can generate a corresponding controller certificate for each of the plurality of controllers of the BMS. The generated controller certificates are then downloaded to the corresponding one of the plurality of controllers of the BMS.Type: GrantFiled: February 11, 2020Date of Patent: February 1, 2022Assignee: Honeywell International Inc.Inventors: Nagasree Poluri, Manish Gupta, Nagesh Narayanappa, Ankith Makam
-
Patent number: 11212274Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.Type: GrantFiled: August 29, 2019Date of Patent: December 28, 2021Assignee: DigiCert, Inc.Inventors: Richard F. Andrews, Quentin Liu
-
Patent number: 11182491Abstract: A method of limiting data usage for certified purposes by using functional encryption, comprising: receiving from a software publisher an application code and declared privacy information, the declared privacy information specifies at least one declared usage for at least one data type; analyzing the application's usage of data collected by the application, to identify an actual usage of the at least one data type by a function; identifying when the actual usage is compliant with the at least one declared usage according to the analysis; in response to the identification, creating a pair of a public key and a master private key; creating a function private key for the function using the master private key; and sending the function private key to the software publisher to be used for operating the function on data which is encrypted using the public key.Type: GrantFiled: February 4, 2020Date of Patent: November 23, 2021Assignee: International Business Machines CorporationInventors: Abigail Goldsteen, Ron Shmelkin, Gilad Ezov, Muhammad Barham