Revocation Or Expiration Patents (Class 713/158)
  • Patent number: 10797890
    Abstract: Systems, methods, and software can be used to provide inter-enterprise data communications between enterprise applications on an electronic device. In some aspects, a method comprises: receiving, by a bridge application executing on an electronic device, an interoperation request for a first enterprise, wherein the interoperation request includes a first token and a second token; sending, from the bridge application to an application of the first enterprise, the first token, wherein the application of the first enterprise executes on the electronic device; receiving, by the bridge application from the application of the first enterprise, a certificate in response to the first token, wherein the certificate is encrypted by the second token; decrypting, by the bridge application, the certificate by using the second token; and validating, by the bridge application, the application of the first enterprise based on the decrypted certificate.
    Type: Grant
    Filed: February 26, 2018
    Date of Patent: October 6, 2020
    Assignee: BlackBerry Limited
    Inventors: Johnathan George White, Siavash James Joorabchian Hawkins, Fraser George Stewart
  • Patent number: 10785287
    Abstract: Techniques for securely binding a software application to a communication device may include sending a set of device identifiers associated with the computing device to a server, receiving a server-generated dynamic device identifier that is generated based on the set of device identifiers; and storing the server-generated dynamic device identifier during initialization of the application. During runtime execution of the application, the application may receive a request to execute an application specific task.
    Type: Grant
    Filed: November 15, 2018
    Date of Patent: September 22, 2020
    Assignee: Visa International Service Association
    Inventors: Gyan Prakash, Selim Aissi, Rasta Mansour, Ajit Gaddam
  • Patent number: 10761782
    Abstract: A printing apparatus stores a user credential and updates a certificate by using the stored user credential information to reduce the time and effort required by a user to update the certificate.
    Type: Grant
    Filed: May 20, 2019
    Date of Patent: September 1, 2020
    Assignee: Canon Kabushiki Kaisha
    Inventor: Go Inoue
  • Patent number: 10757138
    Abstract: Certain embodiments described herein are generally directed to a first host machine exchanging a Security Parameter Index (SPI) value with a second host machine by storing the SPI in an options field of an encapsulation header of an encapsulated packet.
    Type: Grant
    Filed: July 13, 2017
    Date of Patent: August 25, 2020
    Assignee: Nicira, Inc.
    Inventors: Calvin Qian, Ganesan Chandrashekhar, Sanal Pillai, Kishore Kankipati, Sujatha Sundararaman
  • Patent number: 10747717
    Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.
    Type: Grant
    Filed: February 20, 2019
    Date of Patent: August 18, 2020
    Assignee: Twilio Inc.
    Inventors: Adam Ballai, Timothy S. Milliron
  • Patent number: 10708047
    Abstract: A computer-readable recording medium storing an update program is disclosed. An issuing request of a second public key certificate is sent to a server under a secure connection to the server using a first public key certificate. The second public key certificate is received from the server. A connection confirmation using the second public key certificate is conducted, when a validity date of the first public key certificate lapses.
    Type: Grant
    Filed: December 13, 2016
    Date of Patent: July 7, 2020
    Assignee: FUJITSU LIMITED
    Inventor: Hidefumi Maruyama
  • Patent number: 10708254
    Abstract: An information processing apparatus is provided. Assume that a user has signed into a first cloud service of operation source. In a case where the user signs in to a second cloud service of operation destination, and in a case where an account registered in the second cloud service is permitted to be cooperated with another account, the information processing apparatus allows the user to sign in to the second cloud service.
    Type: Grant
    Filed: October 16, 2017
    Date of Patent: July 7, 2020
    Assignee: FUJI XEROX CO., LTD.
    Inventors: Zhenrui Zhang, Eisuke Kanno
  • Patent number: 10701062
    Abstract: A method for improving information security for vehicle-to-X communication, wherein the vehicle-to-X communication is protectable by at least one certificate, wherein the certificate for protecting the vehicle-to-X communication has a validity period of defined length and is provided for storage in a memory of a vehicle, wherein the method is additionally distinguished in that the vehicle uses a communication link for wireless data interchange between the vehicle and a backend system, before expiry of the validity period of the certificate and a change to a validity period of defined length for an updated certificate, to ask the backend system to provide an up-to-date piece of time information for the vehicle. In addition, the invention relates to a corresponding communication apparatus for vehicle-to-X communication.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: June 30, 2020
    Assignee: Continental Teves AG & Co. oHG
    Inventors: Bernhard Jungk, Henrik Antoni
  • Patent number: 10694549
    Abstract: The present disclosure is directed to a wireless communication device for wireless communication in a wireless communication system which comprises a base station and a plurality of wireless communication devices arranged in clusters, wherein a unique cluster signature is assigned to each cluster and its wireless communication devices, wherein the wireless communication device is allocated to one of said clusters, and comprises receiving means adapted to receive a unique cluster signature assigned to said one cluster from the base station, storing means adapted to store said received unique cluster signature, and transmission means adapted to transmit said unique cluster signature when the wireless communication device switches into an active state, wherein wireless communication device is adapted to access resources on the basis of resource allocation information received in response to the transmission of said unique cluster signature.
    Type: Grant
    Filed: September 17, 2018
    Date of Patent: June 23, 2020
    Assignees: HUAWEI TECHNOLOGIES CO., LTD., FRAUNHOFER-GESELLSCHAFT ZUR FÖRDERUNG DER ANGEWANDTEN FORSCHUNG E.V.
    Inventors: Chan Zhou, Yunyan Chang, Peter Jung, Slawomir Stanczak
  • Patent number: 10680834
    Abstract: A supplier network device is provided and includes a supplier processor and memory that stores a credential package including information for a chip or a vehicle control module (VCM). The supplier processor: receives ID and signature public keys from the chip, where the ID and signature public keys correspond respectively to private keys stored in the chip; transmit the ID and signature public keys to a certificate authority processor of a vehicle manufacturer data center; and receive the credential package including signing certificates from the certificate authority processor prior to assembling the VCM. The supplier processor: reads the ID public key from the VCM subsequent to incorporating the chip in the VCM; identifies the credential package based on the ID public key; and based on the identifying of the credential package, programs the VCM with the signing certificates prior to installation of the vehicle control module in a vehicle.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: June 9, 2020
    Assignee: GM GLOBAL TECHNOLOGY OPERATIONS LLC
    Inventors: David W. Racklyeft, Jessica S. Moreno, Jian Shen, Leonard J. Leshinsky, Jr., Yoni Kahana, Monica E. Mitchell, Hariharan Krishnan, Mohammad Naserian
  • Patent number: 10667100
    Abstract: Provided are a communication system for an in-vehicle communication apparatus mounted in a vehicle, and the in-vehicle communication apparatus included in said communication system. The in-vehicle communication apparatus communicates with a certificate information issuing system which creates electronic certificate information, and acquires certificate information from a sub-server apparatus. The in-vehicle communication apparatus makes a request to the sub-server apparatus to create the certificate information, and the sub-server apparatus creates the certificate information in response to the request. The in-vehicle communication apparatus then makes an inquiry to the sub-server apparatus regarding the creation status of the certificate information.
    Type: Grant
    Filed: June 26, 2017
    Date of Patent: May 26, 2020
    Assignees: AutoNetworks Technologies, Ltd., Sumitomo Wiring Systems, Ltd., Sumitomo Electric Industries, Ltd.
    Inventor: Yasuhiro Yabuuchi
  • Patent number: 10667147
    Abstract: A sensing recognition method and device based on wireless communication signals are disclosed. The method comprises the steps of obtaining channel state information from a received wireless communication signal; extracting a channel state feature value from the channel state information; and outputting a sensing result mapped with the channel state feature value according to the channel state feature value. The disclosed method and device can improve the accuracy of sensing recognition and achieve better recognition effect.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: May 26, 2020
    Assignee: Beijing University of Posts & Telecommunications
    Inventors: Xiangming Wen, Lingchao Guo, Zhaoming Lu, Tao Lei, Gang Cao, Zhihong He
  • Patent number: 10659440
    Abstract: Certain embodiments described herein are generally directed to methods and apparatus for providing a security parameter index (SPI) value for use in establishing a security association between a source tunnel endpoint and a destination tunnel endpoint. In some embodiments, utilization of the SPI bit space is optimized to allow the scaling of key policies within a network. In some embodiment, using an SPI derivation formula, a server in the network is able to generate SPI values whose bit spaces are optimized to allow key policies to scale out.
    Type: Grant
    Filed: November 30, 2017
    Date of Patent: May 19, 2020
    Assignee: Nicira, Inc.
    Inventors: Dexiang Wang, Zhen Mo, Fang Peng, Bo Hu, Helen Liu
  • Patent number: 10637668
    Abstract: An identity authentication method includes sending, by a third-party application client, an operation request to a third-party application server, in response to receiving a first operation indication for requesting to perform a target operation, the operation request requesting the third-party application server to perform the target operation, and receiving, by the third-party application client, to-be-signed information from an authentication server via the third-party application server, in response to the operation request being sent, the to-be-signed information comprising a challenge random number.
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: April 28, 2020
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Wenqing Liu, Zixi Shen, Qiang Wang
  • Patent number: 10609082
    Abstract: Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.
    Type: Grant
    Filed: November 10, 2017
    Date of Patent: March 31, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Raja Charu Vikram Kakumani, Brandon Murdoch, Ronald Bjones, Muhammad O. Iqbal, Kim Cameron
  • Patent number: 10581620
    Abstract: Scalable certificate management system architectures. An example system may include one or more application platforms (e.g., VMs) that run a registration authority and are communicatively connected to one or more compute engines that perform cryptographic computations required by the registration authority. The system may also include one or more application platforms that run an enrollment certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the enrollment certificate authority. It may further include one or more application platforms that run a pseudonym certificate authority and that are communicatively connected to one or more compute engines that perform cryptographic computations required by the pseudonym certificate authority.
    Type: Grant
    Filed: July 7, 2018
    Date of Patent: March 3, 2020
    Assignee: INTEGRITY SECURITY SERVICES LLC
    Inventors: Alan T. Meyer, Gregory A. Powell
  • Patent number: 10581860
    Abstract: A system for managing and distributing a blacklist of User Equipment IDs (UE IDs) in a network. The system comprises a number of groups of networks, each of the groups of networks comprise a blacklist server and a number of authentication servers. The system further comprises a Package Key Generator (PKG). The blacklist server is configured to: store a blacklist containing UE IDs that are not allowed to gain access to the network; transmit the blacklist to the plurality of authentication servers in the same group; receive a message; determine a content in the message is an order to add a new revoked UE ID to the blacklist; update the blacklist to include the new revoked UE ID; and send an update blacklist message to the plurality of authentication servers in the same group.
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: March 3, 2020
    Assignee: Huawei International Pte. Ltd.
    Inventors: Lichun Li, Haiguang Wang, Xin Kang
  • Patent number: 10566714
    Abstract: Embodiments described herein provide an apparatus for facilitating a double-density small form-factor pluggable (SFP-DD) module. The apparatus includes a set of control connector pins for exchanging control signals. The apparatus also includes a first set of communication connector pins for establishing a first communication channel and a second set of communication connector pins for establishing a second communication channel. The set of control connector pins and the first set of communication connector pins correspond to connector pins of an SFP module, and the second set of communication connector pins extends the SFP module. The size of the SFP-DD module corresponds to the size of the SFP module.
    Type: Grant
    Filed: March 20, 2018
    Date of Patent: February 18, 2020
    Assignee: Alibaba Group Holding Limited
    Inventors: Rui Lu, Chongjin Xie, Jie Cao
  • Patent number: 10560457
    Abstract: A master database server may store policy tables which are replicated to SQL databases on a periodic schedule. A master server may receive a privileged command request from a user. The master server may query the SQL database to determine whether the user is authorized to execute the command request. The master server may determine whether the user is a member of a privileged request command (“PRC”) group, whether the PRC group has access to the master server, and whether the PRC group has permission to execute the command request.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: February 11, 2020
    Assignee: American Express Travel Related Services Company, Inc.
    Inventors: Duc D. Anderson, Chad A. Erbe, Alex Jeffery Lundberg
  • Patent number: 10521364
    Abstract: Disclosed are various embodiments of transmit and receive connectivity devices that include signal processing circuitry, an HDMI port, and a multi-position multi-contact port. The signal processing circuitry can transmit and receive signals over the multi-position multi-contact port. The signals can include a first signal corresponding to a frequency different from a frequency of a second signal. A power source can be sent over a cable attached to the multi-position multi-contact port.
    Type: Grant
    Filed: April 9, 2018
    Date of Patent: December 31, 2019
    Assignees: Vanco International, LLC, Shenzhen Hollyland Technology Co., Ltd.
    Inventors: O. Bradley Corbin, Dezhi Liu
  • Patent number: 10491402
    Abstract: Systems and methods for securely exchanging cryptographically signed records are disclosed. In one aspect, after receiving a content request, a sender device can send a record to a receiver device (e.g., an agent device) making the request. The record can be sent via a short range link in a decentralized (e.g., peer-to-peer) manner while the devices may not be in communication with a centralized processing platform. The record can comprise a sender signature created using the sender device's private key. The receiver device can verify the authenticity of the sender signature using the sender device's public key. After adding a cryptography-based receiver signature, the receiver device can redeem the record with the platform. Upon successful verification of the record, the platform can perform as instructed by a content of the record (e.g., modifying or updating a user account).
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: November 26, 2019
    Assignee: Magic Leap, Inc.
    Inventor: Adrian Kaehler
  • Patent number: 10467384
    Abstract: An encryption scheme is provided in which subset-difference lists are generated by blacklisting subsets corresponding to compromised devices and splitting subset difference lists corresponding to the blacklisted subsets into multiple subset difference lists. In some embodiments, a subset-difference tree is generated. The subset-difference tree includes a plurality of subsets. The subset-difference tree covers a plurality of nodes. Each of the plurality of subsets has an apex node among the plurality of nodes. At least one blacklisted node of the plurality of nodes is determined. A first subset among the plurality of subsets is identified that covers the at least one blacklisted node. A plurality of substitute subsets is determined. Each of the plurality of substitute subsets overlaps the first subset and does not cover the at least one blacklisted node. The plurality of substitute subsets are substituted for the first subset.
    Type: Grant
    Filed: May 18, 2016
    Date of Patent: November 5, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: John B. Geagan, Dulce B. Ponceleon
  • Patent number: 10454919
    Abstract: A system and method for secure component provisioning implements a three-way transaction to thwart fraudulent component provisioning when a certificate requester is not fully trusted. A certificate authority receives a certificate request for a component from a contract manufacturer and then issues the certificate, sending the issued certificate to a final assembly point for provisioning of the component.
    Type: Grant
    Filed: February 26, 2014
    Date of Patent: October 22, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Kenneth A Goldman
  • Patent number: 10440006
    Abstract: A smart device, connected device, Internet of Things (IoT) device, etc. is configured with an embedded certificate authority. The embedded certificate authority generates a compound certificate that is signed at least by a manufacturer certificate securely stored on the device. The compound certificate includes a representation of a state of the device, which is based on one or more measurements of code executable on the device. The compound certificate may be used by an external device communicating with the smart device to determine whether the device is in a trusted state. Because the compound certificate is chained to a manufacturer certificate, the external device can communicate with the manufacturer (or an employed party) to determine whether the state of the device should be trusted.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: October 8, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Robert Karl Spiger, Dennis Mattoon, Paul England
  • Patent number: 10425398
    Abstract: A method for performing certification by a control device of a vehicle including generating a first signed certificate, which has at least one public key, and generating an associated private key; single-time introduction of the first signed certificate and of the associated private key into the control device; producing a second certificate; signing a further public key in the control device, using the private key and the second certificate; and making available the signed further public key together with the first signed certificate.
    Type: Grant
    Filed: October 11, 2016
    Date of Patent: September 24, 2019
    Assignee: Volkswagen AG
    Inventors: Alexander Tschache, Timo Winkelvos
  • Patent number: 10412083
    Abstract: A plurality of beacons that do not include any service set identifiers may be broadcast from an access point. A request concerning association with the access point may be sent wirelessly from a user device and received at the access point. A unique service set identifier (SSID) for the requesting user device may be generated, and information regarding the unique SSID may be transmitted to the requesting user device. A subsequent association request from the requesting user device may include the unique SSID.
    Type: Grant
    Filed: December 12, 2017
    Date of Patent: September 10, 2019
    Assignee: SONICWALL INC.
    Inventors: Guo Hui Zou, Zhong Chen, Zhuangzhi Duo, Xiaodong Lin
  • Patent number: 10402593
    Abstract: There is provided mechanisms for determining a verification path for each leaf of a tree. A method is performed by a tree manager processor. The method comprises acquiring leaf values of leaves of a tree. The method comprises determining a root value from a leaf to the root value of the leaves. The method comprises determining a verification path for each of the leaves. The verification path for each of the leaves is determined such that the size of each verification path is independent from the number of leaves. Each verification path comprises a partial result and a function that enables determination of said root value from its leaf value and said partial result. The partial result for the verification path for leaf is determined as a one-way function depending only on other leaves such that the verification path for leaf prohibits re-computation of any other leaf value from said partial result.
    Type: Grant
    Filed: July 9, 2018
    Date of Patent: September 3, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Alexander Maximov, Christine Jost, Bernard Smeets
  • Patent number: 10367647
    Abstract: A certificate acquiring method and device, where the method includes receiving a certificate application representation message sent by a newly installed virtualized network function component (VNFC) instance, sending a certificate request message to a certification authority, and acquiring a certificate issued by the certification authority. In this way, the newly installed VNFC instance does not need to use a current manner for a virtualized network function (VNF) to acquire a certificate, which effectively avoids a problem of a cumbersome and more complex process caused when the newly installed VNFC instance acquires a certificate.
    Type: Grant
    Filed: November 8, 2016
    Date of Patent: July 30, 2019
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Chengyan Feng, Jiangsheng Wang
  • Patent number: 10324901
    Abstract: In accordance with embodiments, there are provided mechanisms and methods for sharing tenant information utilizing a multi-tenant on-demand database service. These mechanisms and methods for sharing tenant information utilizing a multi-tenant on-demand database service can allow automatic sharing of information owned by a first tenant with other tenants of the multi-tenant on-demand database service. In this way, collaboration among tenants of the multi-tenant on-demand database service may be enabled via the sharing of the tenant information.
    Type: Grant
    Filed: February 29, 2016
    Date of Patent: June 18, 2019
    Assignee: salesforce.com, inc.
    Inventors: Aditya S. Kuruganti, Kedar Doshi, Chaitanya Bhatt, Sanjaya Lai
  • Patent number: 10326754
    Abstract: An electronic component includes a processor and a memory. The electronic component has a secure platform capable of storing at least one dual key pair and a corresponding digital signature. There is also a system including a host machine and an electronic component capable of being operated by the host machine. The electronic component has a processor, a memory, and a secure platform capable of storing at least one dual key pair and a corresponding digital signature. Another aspect describes a method, which includes reading a public key from an electronic component by a host machine, verifying the public key against a stored key in the host machine, digitally signing data using a private key from the electronic component, verifying the signed data against the stored key, and using the electronic component by the host machine only if the signed data and the public key are verified.
    Type: Grant
    Filed: October 3, 2017
    Date of Patent: June 18, 2019
    Assignee: STMICROELECTRONICS, INC.
    Inventors: Sean Newton, John Tran, David Tamagno
  • Patent number: 10296752
    Abstract: A computing device can include an embedded universal integrated circuit card (eUICC) in order to receive and decrypt an encrypted profile, where the encrypted profile includes network access credentials. The eUICC can record a first private key and a set of cryptographic parameters. The computing device can use the eUICC to authenticate with a server. The computing device can receive (i) a signal for deriving a second private key and corresponding public key, and (ii) a nonce as user input. The eUICC can use the first private key to process a digital signature for the corresponding public key and the nonce. The eUICC can use at least the second private key, the set of cryptographic parameters, and an elliptic curve Diffie Hellman key exchange in order to derive a symmetric ciphering key. The eUICC can receive the encrypted profile and decrypt with at least the derived symmetric ciphering key.
    Type: Grant
    Filed: November 19, 2018
    Date of Patent: May 21, 2019
    Assignee: IoT and M2M Technologies, LLC
    Inventor: John A. Nix
  • Patent number: 10293787
    Abstract: Systems and methods for managing keys that operate a given vehicle include a processor. Responsive to identifying a received first key for operating the vehicle as having an administrative status, the processor is configured to enable creation of a second key for operating the vehicle having the administrative status, and enable creation of a third key for operating the vehicle having a secondary status and a passcode. Responsive to receiving and identifying the third key as having the secondary status, the processor is configured to enable alteration of the passcode.
    Type: Grant
    Filed: August 10, 2017
    Date of Patent: May 21, 2019
    Assignee: Ford Global Technologies, LLC
    Inventors: Ronald Patrick Brombach, Daniel M. King, Maria Eugenia Protopapas, Maeen Mawari
  • Patent number: 10284376
    Abstract: A code signing system operating a web portal for user clients and a web service for automated machine clients. The web service can receive an operation request from a code signing module running on a remote machine client, the operation request including a request for a cryptographic operation and user credentials retrieved from a hardware cryptographic token connected to the machine client. The code signing system can perform the requested cryptographic operation and return a result to the machine client if the code signing system authenticates the machine client and the requested cryptographic operation is within a permissions set associated with the machine client.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: May 7, 2019
    Assignee: ARRIS Enterprises LLC
    Inventors: Reshma T. Shahabuddin, Ting Yao, Tat Keung Chan, Alexander Medvinsky, Xin Qiu
  • Patent number: 10284374
    Abstract: An improved code signing method is provided. The code signing method includes receiving a build notification at a package builder utility and retrieving one or more remotely stored code images and build logs identified in the build notification, invoking a code signing module with the package builder utility to request a digital signature from a remote code signing system, combining the requested digital signature with a code image or a manifest file comprising hashes of multiple code images, and storing the signed code image or signed manifest file at a code repository.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: May 7, 2019
    Assignee: ARRIS Enterprises LLC
    Inventors: Alexander Medvinsky, Tat Keung Chan, Alexey Shevchenko
  • Patent number: 10237249
    Abstract: A signature authority generates revocable one-time-use keys that are able to generate digital signatures. The signature authority generates a set of one-time-use keys, where each one-time-use key has a secret key and a public key derived from a hash of the secret key. The signature authority generates one or more revocation values that, when published, proves that the signature authority has the authority to revoke corresponding cryptographic keys. The signature authority hashes the public keys and the revocation values and arranges the hashes in a hash tree where the root of the hash tree acts as a public key of the signature authority. In some implementations, the one-time-use cryptographic keys are generated from a tree of seed values, and a particular revocation value is linked to a particular seed value, allowing for the revocation of a block of one-time-use cryptographic keys associated with the particular seed.
    Type: Grant
    Filed: December 23, 2016
    Date of Patent: March 19, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Matthew John Campagna, Gregory Alan Rubin, Nicholas Alexander Allen, Andrew Kyle Driggs, Eric Jason Brandwine
  • Patent number: 10229126
    Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.
    Type: Grant
    Filed: November 29, 2017
    Date of Patent: March 12, 2019
    Assignee: Twilio, Inc.
    Inventors: Adam Ballai, Timothy S. Milliron
  • Patent number: 10225261
    Abstract: A mechanism is provided for authentication and authorization of an access to a resource by a device may be provided. The device may be a system-on-a-chip resource weak device. The mechanism forms a federation of a group of the devices in a neighborhood. The devices are wireless communication enabled. The mechanism builds a representational vector for each device of the federation of devices during an initial authentication procedure for the device. The representational vector comprises characteristic parameters of the device and neighboring devices. The mechanism uses an access token based authorization process for accessing the resource. The access token is generated during the initial authentication procedure, in which the representational vector of the device is used to confirm that a device that is new to the federation is in the neighborhood of already federated devices.
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: March 5, 2019
    Assignee: International Business Machines Corporation
    Inventors: Gianluca Gargaro, Patrizio Trinchini
  • Patent number: 10218513
    Abstract: Embodiments of the present invention provide a method and a terminal for message verification, which can enhance timeliness of event message verification. The method includes: receiving an event message sent by a cell broadcast entity; obtaining a public key of a CA according to pre-configured information for determining the public key of the CA and information for determining the public key of the CA and obtained from a network side, or according to information of the CA obtained from the network side; then, obtaining a public key of the cell broadcast entity according to the obtained public key of the CA and an implicit certificate of the cell broadcast entity; verifying a signature of the cell broadcast entity over the event message according to the public key of the cell broadcast entity; and finally, determining legitimacy of the event message according to the verification result.
    Type: Grant
    Filed: May 8, 2015
    Date of Patent: February 26, 2019
    Assignee: HUAWEI TECHNOLOGIE CO., LTD.
    Inventors: Xiaoyu Bi, Jing Chen, Yixian Xu, Chunshan Xiong
  • Patent number: 10187797
    Abstract: A system and method for authenticating mobile communications devices. The method comprises: generating a code corresponding to a user configured to be rendered on a rendering device to produce a rendered code, the rendered code being readable by a mobile communications device having a code reading device, the rendered code comprising a secret token; storing the secret token along with information identifying the user on a first storage device; providing the code to the user; receiving, at the authentication server, a setup message from the mobile device, the message includes a device identifier and the secret token; comparing the received secret token and the secret token stored on the first storage device; if the received secret token matches the secret token stored on the first storage device, storing, on a second storage device, information identifying the user and a trusted device value corresponding to the device identifier.
    Type: Grant
    Filed: March 17, 2017
    Date of Patent: January 22, 2019
    Assignee: D2L Corporation
    Inventor: Jeremy Auger
  • Patent number: 10178164
    Abstract: Techniques for securely binding a software application to a communication device may include sending a set of device identifiers associated with the computing device to a server, receiving a server-generated dynamic device identifier that is generated based on the set of device identifiers; and storing the server-generated dynamic device identifier during initialization of the application. During runtime execution of the application, the application may receive a request to execute an application specific task.
    Type: Grant
    Filed: August 31, 2015
    Date of Patent: January 8, 2019
    Assignee: Visa International Service Association
    Inventors: Gyan Prakash, Selim Aissi, Rasta Mansour, Ajit Gaddam
  • Patent number: 10110686
    Abstract: Systems and method of providing beacon-based notifications are provided. More particularly, an identifying signal can be received from a beacon device. A geographic location of a user device can be determined based at least in part on the identifying signal. At least a portion of time-based contextual beacon data can then be obtained based at least in part on spatial-temporal data associated with a user. One or more notifications associated with the contextual beacon data can then be determined. The one or more notifications can indicative of information corresponding to the beacon device, and can be provided for display on a user device.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: October 23, 2018
    Assignee: Google LLC
    Inventors: Kenneth William Shirriff, Prasad Haridass, Damian Gajda, Matthew Joelson Secor
  • Patent number: 10097354
    Abstract: A method, system and computer program product for privacy control. A unique identifier for each data element of a group of data elements (e.g., driver's license contains a group of data elements, such as name, driver's license number) is created. These identifiers may be stored along with documentation (e.g., label) of the associated data elements in a manifest file. Alternatively, the identifiers may be stored in a file outside of the manifest file. In this manner, by utilizing a data element identifier which corresponds to a random number, security of privacy information is improved as one would only be able to obtain such sensitive information by obtaining such an identifier. Furthermore, the user only needs to send the requested data elements, as opposed to all the data elements of the group of data elements, to the challenger. In this manner, the user is preserving the security of other privacy information.
    Type: Grant
    Filed: August 21, 2015
    Date of Patent: October 9, 2018
    Assignee: International Business Machines Corporation
    Inventors: William F. Abt, Jr., Daniel A. Gisolfi, Richard Redpath
  • Patent number: 10083445
    Abstract: In one embodiment a controller comprises logic to receive, via a near field communication link, an identification packet generated by a remote authentication provider, associate an electronic signature with the identification packet, transmit the identification packet to a remote authentication provider, receive an authorization from the remote authentication provider, receive login information associated with the identification packet, and initiate a login procedure using the login information. Other embodiments may be described.
    Type: Grant
    Filed: May 6, 2016
    Date of Patent: September 25, 2018
    Assignee: Intel Corporation
    Inventors: Sanjay Bakshi, Ned Smith
  • Patent number: 10083282
    Abstract: Methods, systems, and computer program products are included for authenticating computing devices. An exemplary method includes associating a security key with an operating system of a first computing device, wherein the security key is generated from a serial number corresponding to the first computing device. A token corresponding to the security key is sent to a second computing device. The token is accessed by the second computing device to authenticate the first computing device. An authenticated session is established between the first computing device and the second computing device. Within the authenticated session, a connection is provided between the first computing device and the second computing device.
    Type: Grant
    Filed: March 24, 2016
    Date of Patent: September 25, 2018
    Assignee: PAYPAL, INC.
    Inventor: Srini Rangaraj
  • Patent number: 10063380
    Abstract: A formalized set of interfaces (e.g., application programming interfaces (APIs)) is described, that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order authorize and authenticate requests sent to a virtualization later. The interfaces can be invoked to perform security monitoring, forensic capture, and/or patch software systems at runtime. In addition to the foregoing, other aspects are described in the claims, detailed description, and figures.
    Type: Grant
    Filed: January 22, 2013
    Date of Patent: August 28, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric Jason Brandwine, Matthew Shawn Wilson
  • Patent number: 10057059
    Abstract: Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.
    Type: Grant
    Filed: May 1, 2017
    Date of Patent: August 21, 2018
    Assignee: Network-1 Technologies, Inc.
    Inventor: John A. Nix
  • Patent number: 10057288
    Abstract: A method includes receiving, from a certificate requestor: a request for a public key certificate and a list of a plurality of distribution addresses. The request may include a public key for the certificate requestor. The plurality of distribution addresses may belong to a plurality of third parties. The method further includes verifying an identity of the certificate requestor, and, in response to verifying the identity of the certificate requestor, retrieving a public key from the request for the public key certificate. The method may also include, in response to verifying the identity of the certificate requestor, generating the public key certificate and signing the public key certificate. The public key certificate may include the public key. The method may also include transmitting the signed public key certificate to the certificate requestor and the plurality of distribution addresses.
    Type: Grant
    Filed: March 25, 2016
    Date of Patent: August 21, 2018
    Assignee: CA, Inc.
    Inventor: Joann Jayne Kent
  • Patent number: 10043039
    Abstract: There is provided mechanisms for determining a verification path for each leaf of a tree. A method is performed by a tree manager processor. The method comprises acquiring leaf values of leaves of a tree. The method comprises determining a root value from a leaf to the root value of the leaves. The method comprises determining a verification path for each of the leaves. The verification path for each of the leaves is determined such that the size of each verification path is independent from the number of leaves. Each verification path comprises a partial result and a function that enables determination of said root value from its leaf value and said partial result. The partial result for the verification path for leaf is determined as a one-way function depending only on other leaves such that the verification path for leaf prohibits re-computation of any other leaf value from said partial result.
    Type: Grant
    Filed: April 10, 2015
    Date of Patent: August 7, 2018
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Alexander Maximov, Christine Jost, Bernard Smeets
  • Patent number: 10027630
    Abstract: The systems, methods and apparatuses described herein provide a computing environment that includes a secure zone for executing tasks. An apparatus according to the present disclosure may comprise a screen, a secure zone and an indicator operatively controlled by the secure zone. The secure zone may be configured to execute a task and to assume control over an output to the screen while the apparatus is operating in a secure mode and to transfer control over the output to the screen to a non-secure zone while the apparatus is operating in a non-secure mode.
    Type: Grant
    Filed: August 17, 2017
    Date of Patent: July 17, 2018
    Assignee: OLogN Technologies AG
    Inventor: Sergey Ignatchenko
  • Patent number: 9992189
    Abstract: A CAC/PIV certificate associated with a HSPD-12 identity is used to generate a derived credential for storage on a device, such as a mobile device, that lacks a CAC/PIV card reader. The derived credential (which is distinct from the original CAC/PIV certificate) may then be used to grant the device access to secure resources that may otherwise require a CAC/PIV certificate. Embodiments of the present disclosure also relate to systems and methods for authenticating or validating a derived credential stored on a mobile device.
    Type: Grant
    Filed: August 14, 2017
    Date of Patent: June 5, 2018
    Assignee: SecureAuth Corporation
    Inventors: Chris Hayes, Garret Florian Grajek, Jeffrey Chiwai Lo, Allen Yu Quach, Firas Shbeeb