Object Protection Patents (Class 713/167)
  • Patent number: 11444754
    Abstract: There is provided a computer implemented method encrypting and/or decrypting data, comprising: accessing data for encryption and/or decryption, wherein the data is of a user account of a plurality of user accounts, obtaining an account key in an encrypted state, the account key is obtained from an account key dataset storing at least one encrypted account key for each of the user accounts, providing over the network, the encrypted account key to a key management system(s) (KMS) hosted by a server, receiving over the network, a decrypted account key from the server hosting the KMS(s), wherein the KMS(s) decrypts the encrypted account key using an organization key stored and managed by the KMS(s), storing the decrypted account key in a data storage device set to provide temporary storage for decrypted account keys, and encrypting and/or decrypting the data associated with the user account using the decrypted account key.
    Type: Grant
    Filed: December 30, 2021
    Date of Patent: September 13, 2022
    Assignee: monday.com Ltd.
    Inventors: Dotan Shaked, Daniel Mittelman, Eviathar Moussaffi, Eran Amiel, Eilon Moalem
  • Patent number: 11443054
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for referenced access control lists. In one aspect, a method includes accessing an object hierarchy for a plurality of objects, each object being representative of one of a storage location or a file. The object hierarchy includes for each object, a respective node, for each object that is a parent object having a child object, a directed edge connecting the node representing the parent object. In addition, for each object, including metadata that includes an access control list identifier that identifies an access control list for the object and that is owned by an access control list root object. The method including receiving updates to an access control list for particular objects, generating a new access control list, and storing the new access control list identifier in metadata for each object that descends from the particular object.
    Type: Grant
    Filed: May 27, 2020
    Date of Patent: September 13, 2022
    Assignee: Google LLC
    Inventors: Vaibhav Mehta, Abhinav Khandelwal
  • Patent number: 11425168
    Abstract: A system and methods for facilitating secure computing device control and operation. The invention discloses a framework to supply security and policy-based control to computing applications as a software service. Clients running the framework make requests for services whereby they identify the service needed and its required parameters, encrypt and sign them, and send them to the service handler. The service handler decrypts, checks for policy allowance, and then, if allowed, executes the functions. The handler then encrypts and returns the response to the client. The framework allows for an aggregator that collects service requests for any number of clients and manages the distribution to service handlers and communications back to the clients.
    Type: Grant
    Filed: May 13, 2016
    Date of Patent: August 23, 2022
    Inventor: Philip Attfield
  • Patent number: 11386214
    Abstract: Various examples are directed to systems and methods for executing a web application with client-side encryption. A web browser can receive a document comprising a plurality of data elements including a secure element that comprises an encrypted value. An extension component may generate a secure container element to replace the secure element. The extension component can also insert a subdocument into the secure container element. The web browser may be configured to prevent web applications from accessing the subdocument. The extension component may also decrypt the encrypted value to generate a clear value and write the clear value to the subdocument. The web browser may render the document using the clear value.
    Type: Grant
    Filed: December 13, 2018
    Date of Patent: July 12, 2022
    Assignee: SAP SE
    Inventor: Martin Johns
  • Patent number: 11374767
    Abstract: A method and system for performing authentication for a backup service provided by a server is provided. The method receives a request for authentication from a client device, the request for authentication including a signature generated using a private key. The method sends a request to obtain a public key corresponding to the private key to the server and receives the public key from the server, the public key being retrieved by the server from a backup of a virtual machine. The method verifies the signature using the public key and generates a token encrypted using the public key, the token enabling the client device to access the server for the backup service. The method sends the token to the client device, the token to be decrypted using the private key by the client device.
    Type: Grant
    Filed: January 14, 2019
    Date of Patent: June 28, 2022
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Jing Yu, Ming Zhang, Kunal Ruvala, Xiaoliang Zhu, Min Liu
  • Patent number: 11355121
    Abstract: The description relates to systems and methods for extending applications. For example, a voice assistant application can be the application to be extended. In an example, a mobile banking application can be the application that provides the extension. For example, a voice assistant might not have capability to conduct fingerprint (or biometric) authentication and bill payment function. An extension point within the voice assistant application that would enable this kind of capability might not exist. The mobile banking application can have a biometric tool for fingerprint authentication capability and a payment tool for a bill payment or money transfer function. Embodiments described herein can involve a deep link from the voice assistant application to the mobile banking application (which does offer fingerprint authentication and bill payment capability). The navigation to the mobile banking application can generate a visual impression at the UI similar or consistent with the voice assistant application.
    Type: Grant
    Filed: October 9, 2019
    Date of Patent: June 7, 2022
    Assignee: ROYAL BANK OF CANADA
    Inventors: Alex Tak Kwun Lau, Arup Saha
  • Patent number: 11356931
    Abstract: The systems, devices, and methods discussed herein are directed to a portable communication device, or a user equipment (UE), for obtaining cellular network services with an unassociated cellular network with assistance from a wireless local area network (WLAN). The UE registers with the WLAN, discovers the unassociated cellular network, sends request to a WLAN service provider of the WLAN to obtain cellular network services with the unassociated cellular network, and obtains cellular network services with the unassociated cellular network.
    Type: Grant
    Filed: October 20, 2016
    Date of Patent: June 7, 2022
    Assignee: T-Mobile USA, Inc.
    Inventors: Yousif Targali, Samir M. Hodroj
  • Patent number: 11354623
    Abstract: Embodiments are directed to providing remote healthcare services including remote diagnostics, and facilitating third-party healthcare payments. In one embodiment, a computer system receives an input including authentication credentials from a healthcare entity, and also requests assistance from another healthcare entity. The computer system authenticates the first healthcare entity using the authentication credentials, receives an input including authentication credentials from the other healthcare entity, and authenticates the other healthcare entity using these authentication credentials. The computer system further receives real-time information related to a health condition of a patient, where the real-time health condition information is provided to the second healthcare entity.
    Type: Grant
    Filed: May 15, 2014
    Date of Patent: June 7, 2022
    Assignee: DAV ACQUISITION CORP.
    Inventors: Michael A. Liberty, Mike Love
  • Patent number: 11347868
    Abstract: A cloud-based platform encrypts data imported from an organization using respective data encryption keys (DEK). The platform prevents decrypted data of the organization, and the DEK(s) used to encrypt such data, from being persistently retained within the platform. Access to the DEK may be controlled by the organization. Accordingly, the organization may retain control over access to its data, after the data has been exported to the platform. The platform may provide a purge control by which the organization can configure the platform the purge any cached DEK and/or unencrypted data pertaining to the organization.
    Type: Grant
    Filed: April 17, 2018
    Date of Patent: May 31, 2022
    Assignee: DOMO, INC
    Inventors: Esteban Araya, Niall Browne, Raka Dutta, Scott Jackman, Daren Thayne, Jon Sharp
  • Patent number: 11341273
    Abstract: A method for combining different partial data includes providing a secure connection between a connection unit in a first network and an analysis unit a second network, separating original data into at least two items of partial data comprised of analysis data and personal data as first and second partial data that can be assigned to each other by way of assigning information, pseudonymizing the second partial data, transmitting the first partial data and pseudonymized second partial data and the assigning information to the analysis unit, storing the second partial data on the connection unit, providing third partial data on the analysis unit in the form of analyzed first partial data, transmitting the third partial data and the pseudonymized second partial data with the assigning information to the connection unit via the secure connection, and combining the third partial data and the second partial data using the assigning information.
    Type: Grant
    Filed: April 26, 2019
    Date of Patent: May 24, 2022
    Assignee: mediri GmbH
    Inventors: Johannes Gregori, Sigurd Randoll, Stefan Hoffmann, Matthias Günther
  • Patent number: 11343100
    Abstract: Authentication is a key procedure in information systems. Conventional biometric authentication system is based on a trusted third-party server which is not secure. The present disclosure provides a privacy preserving multifactor biometric authentication for authenticating a client without the third-party authentication server. The server receives a plurality of encrypted biometric features from the client, encrypted using Fully Homomorphic Encryption. Further, the server evaluates the plurality of encrypted biometric features to obtain a client identifier value and a plurality of encrypted resultant values. The server encrypts each of the plurality of resultant values based on a time based nonce and the client identifier value. The encrypted authentication tags and the corresponding resultant values are aggregated by the server and transmitted to the client. The client decrypts the resultant value and the authentication tag and transmits to the server.
    Type: Grant
    Filed: February 24, 2021
    Date of Patent: May 24, 2022
    Assignee: TATA CONSULTANCY SERVICES LIMITED
    Inventors: Harika Narumanchi, Nitesh Emmadi, Imtiyazuddin Shaik, Srinivasa Rao Chalamala, Rajan Mindigal Alasingara Bhattachar
  • Patent number: 11323542
    Abstract: An object blocking method, a terminal, a server, and a storage medium are provided. The method includes: sending, when whether to block a target object cannot be determined according to a first blocking strategy library, feature information of the target object to a server. The feature information instructs the server to generate a target blocking strategy according to the feature information and feed back the target blocking strategy. The method also includes: receiving the target blocking strategy fed back by the server; adding the target blocking strategy to the first blocking strategy library; and performing subsequent object blocking according to the first blocking strategy library added with the target blocking strategy, including: determining whether to block the target object according to the target blocking strategy in the first blocking strategy library.
    Type: Grant
    Filed: July 24, 2019
    Date of Patent: May 3, 2022
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Lingling Wang
  • Patent number: 11310134
    Abstract: A method and a computing apparatus for tracking device utilization are provided. The method includes: obtaining first data that relates to a physical location of a device; obtaining second data that relates to network switch information of the device; obtaining third data that relates to a network activity performed by using the device; using each of the first data, second data, and third data to determine a utilization of the device; and outputting a result of the determination. The first data may include a building identification, a floor number, and/or a seat identification. The second data may include a switch host name, card information, and/or port information. The third data may include a management system into which the device is logged in.
    Type: Grant
    Filed: March 12, 2020
    Date of Patent: April 19, 2022
    Assignee: JPMORGAN CHASE BANK, N.A.
    Inventors: Gina Manacci, Simon Lane, David Anselmo, Alpa Stamp, Jonathan M Baum, Chetan Trikha, Jerome Rulewicz, Jr., Rakesh Bhola, Nick Rosenberg
  • Patent number: 11308234
    Abstract: Systems and methods utilized to protect data. One method includes maintaining, by one or more processing circuits in a production environment, encrypted data associated with a cryptographic function. The method further includes decrypting, by the one or more processing circuits in the production environment, the encrypted data to generate cleartext data. The method further includes encrypting, by the one or more processing circuits, the cleartext data using a homomorphic encryption function to generate ciphertext data. The method further includes masking, by the one or more processing circuits, the ciphertext data using a masking function to generate alternate ciphertext data. The method further includes decrypting, by the one or more processing circuits, the alternate ciphertext data to generate masked cleartext data and storing, by the one or more processing circuits in a lower environment, the masked cleartext data.
    Type: Grant
    Filed: April 2, 2020
    Date of Patent: April 19, 2022
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Jeff J. Stapleton
  • Patent number: 11295004
    Abstract: A computing device can perform operations to unlock encrypted volumes of the computing device while the computing device is in a recovery environment. In some examples, the computing device can work in conjunction with a test computing device to unlock the encrypted volumes using an unlock token and a PIN. In other examples, the computing device can perform operations without a test computing device. For example, the computing device can, while in the recovery environment, use credentials associated with a user of the computing device to obtain a recovery password to unlock keys for interpreting the encrypted volumes. In some examples, the computing device can use a shortened recovery password in conjunction with anti-hammering capabilities of a Trusted Platform Module in order to unlock keys for interpreting the encrypted volumes. These and other operations can facilitate secure unlock of volumes of encrypted data on a consumer device.
    Type: Grant
    Filed: January 31, 2020
    Date of Patent: April 5, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yogesh A. Mehta, Octavian T. Ureche, Scott R. Shell, Innokentiy Basmov, Peter Novotney, Christopher L. Walstad
  • Patent number: 11271920
    Abstract: A method for validating a message recipient includes: storing, in a memory of a processing server, a device profile, wherein the device profile is related to a mobile computing device and includes at least a device identifier, and token validation data; receiving, by a receiver of the processing server, a data signal from an external system that is encoded with a message packet, wherein the message packet includes at least the device identifier, a device token, and a content message; validating, by a processing device of the processing server, the device token using at least the token validation data; and electronically transmitting, by a transmitter of the processing server, the content message to the mobile computing device.
    Type: Grant
    Filed: January 29, 2019
    Date of Patent: March 8, 2022
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Ankur Arora, Rakesh Patel, Shashank Kumar Trivedi
  • Patent number: 11271716
    Abstract: A method of blockchain-based data management of distributed binary objects includes identifying a binary object to be stored in a first data store. The method further includes encrypting, by a processing device, the binary object using a cryptographic function of a blockchain to generate an encrypted binary object. The method further includes storing the encrypted binary object in the first data store. The method further includes storing a reference to the encrypted binary object on the blockchain.
    Type: Grant
    Filed: January 28, 2021
    Date of Patent: March 8, 2022
    Assignee: emTRUTH, Inc.
    Inventors: Irene Wong Woerner, Ronald Chi King Kong
  • Patent number: 11258587
    Abstract: Generating a rights blockchain storing rights of a user, including: receiving an enrollment request and a public key from the user; verifying that the user has a private key corresponding to the public key; generating a user identifier using the public key; and generating and delivering the rights blockchain having a genesis block including the user identifier to the user.
    Type: Grant
    Filed: March 14, 2017
    Date of Patent: February 22, 2022
    Assignees: Sony Corporation, Sony Pictures Entertainment Inc.
    Inventor: Eric Diehl
  • Patent number: 11251949
    Abstract: A method of storing data allowing a seed value for generating an encryption key to be retrieved is provided. The method comprises obtaining, for each of a plurality of biological data sources, a respective set of biometric data from an authorised user. A respective biometric identifier is generated from each set of biometric data. The biometric identifiers are stored in a database. A plurality of seed portions are generated that are combinable using a function to generate the seed value. Each seed portion is stored in the database in association with a biometric identifier.
    Type: Grant
    Filed: July 6, 2016
    Date of Patent: February 15, 2022
    Assignee: PIPA SOLUTIONS LTD
    Inventor: Sher Khan
  • Patent number: 11240251
    Abstract: The present invention discloses an intelligent cloud server for cloud storage information management and encryption. In some embodiments, the intelligent cloud server can save and store documents without the need of first saving them in a local drive for upload. Upon storage, the document can be scanned and classified in a security level according to pre-determined settings and parameters. In some embodiments, depending on the classification, the system can encrypt portions of the document in order to facilitate the sharing and access of information in a secure way. Encryption keys and access to the encrypted portions are only provided upon authentication of the user, network, and/or need, according to corresponding protocols for the information.
    Type: Grant
    Filed: November 21, 2019
    Date of Patent: February 1, 2022
    Assignee: KEEPIISAFE (IRELAND) LIMITED
    Inventors: Saheeq Sayed, Karolina Kondzielewska, John Eikenberry
  • Patent number: 11240043
    Abstract: This disclosure is directed to computing services that provide secure network connections using public-private key-based security for Internet of Things (IoT) devices, such as voice devices, that may have more than a predefined set of users. Device certificates that authorize IoT devices to access a secure network, such as an enterprise network and/or services eternal to an enterprise network are provided. A setup system may cooperate with an IoT device and a subordinate CA to generate a device certificate that allows the IoT device to access a secure enterprise network and services outside of the secure enterprise network. The IoT device may generate a certificate signing request (CSR) which may be signed by a remote subordinate CA to generate the device certificate using a root certificate of an enterprise CA. Systems are also disclosed that renew certificates for the IoT devices prior to their expiration.
    Type: Grant
    Filed: August 10, 2018
    Date of Patent: February 1, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Jonathan Alan Leblang, Jaykumar Harish Gosar, Farzad Sangi, Ankur Rawat, Danny Yu, Sujay Vaishampayan
  • Patent number: 11205194
    Abstract: A method includes sending an encrypted first hash value set to a data provider; receiving an encrypted second hash value set and a double-encrypted first hash value set from the data provider; re-encrypting the received encrypted second hash value set to obtain a double-encrypted second hash value set; calculating an intersection of the double-encrypted first hash value set and the double-encrypted second hash value set to determine one or more shared users shared with the data provider; and recommending or providing a service to the one or more shared users.
    Type: Grant
    Filed: April 6, 2020
    Date of Patent: December 21, 2021
    Assignee: ADVANCED NEW TECHNOLOGIES CO., LTD.
    Inventors: Hui Huang, Zhenyu Zhang
  • Patent number: 11194568
    Abstract: Technologies are described for retaining configuration information for software applications during upgrades. For example, when an addon software package is deployed to a web application server running a main software platform, the configuration information for the addon software package can be preserved separately (e.g., independent of the common configuration file) and used later to restore the addon configuration information if needed. In some implementations, an addon presence file is used to store an entry for the addon software package. The entry identifies another file containing the configuration information for the addon software package. If the main software platform is upgraded resulting in the common configuration file being overwritten or replaced, then the addon configuration information can be added back to the common configuration file using the preserved configuration information.
    Type: Grant
    Filed: October 27, 2020
    Date of Patent: December 7, 2021
    Assignee: SAP SE
    Inventors: Devashish Biswas, Nikita Jain
  • Patent number: 11188441
    Abstract: Techniques are described for sampling across trusted and untrusted distributed components. In accordance with embodiments, a first computing device receives a request from a second computing device, the first request including an operation identifier (ID) and a sampling ID that was generated by transforming a telemetry scope ID from a first value in a first domain to a second value in a second domain. The transformation may serve to anonymize and compress the telemetry scope ID. The first computing device determines whether or not to sample by comparing a ratio between the sampling ID and a size of the second domain with a sampling rate associated with the first computing device. The first computing device records telemetry about its processing of the first request in response to determining to sample and does not record any telemetry about its processing of the first request in response to determining not to sample.
    Type: Grant
    Filed: March 20, 2020
    Date of Patent: November 30, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Zaki Maksyutov, Dmitry G. Matveev, Sergey Kanzhelev, David J. Lubash, Soubhagya Kumar Dash, Arun Mathew Abraham
  • Patent number: 11178060
    Abstract: Examples include blocking an interface of a sponsor networking device from receiving data packets and receiving at the sponsor networking device an authentication packet from a first networking device. The first networking device is physically connected to the interface. Examples also include automatically setting by the first networking device, a unique local address for the first networking device; receiving, at the sponsor networking device, a local data packet from the first networking device, and translating, by the sponsor networking device, the local data packet to an off-fabric data packet.
    Type: Grant
    Filed: October 8, 2019
    Date of Patent: November 16, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Christopher Wild, Craig Mills
  • Patent number: 11170387
    Abstract: Embodiments are directed towards collecting, aggregating and indexing unique and non-unique user data from a plurality of users. The result for a query of this indexed aggregation of user data is provided in a plurality of sub-sets of aggregated user data. Each subset of aggregated user data corresponds to a particular portion of the plurality of users. Also, each of these particular portions of the users is set at least large enough to provide general anonymity for the individual users. User data may be collected by one or more user data suppliers and provided to a user data aggregator. In some embodiments, user data may be collected as unique user data, non-unique user data, or any combination thereof. In some embodiments, user data may be aggregated by zip code, expanded zip code, and/or one or more attributes.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: November 9, 2021
    Assignee: Blue Kai, Inc.
    Inventors: Omar Tawakol, Lucian Vlad Lita
  • Patent number: 11172365
    Abstract: A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag is enabled to generate a Tag Authentication Cryptogram (TAC) and include the TAC in response to a read request. Accordingly, each response generated by the smart tag will include a different TAC. It follows that interactions between the smart tag and a reading device can be authenticated as unique interactions if the TAC is validated as a unique and correct TAC.
    Type: Grant
    Filed: July 26, 2019
    Date of Patent: November 9, 2021
    Assignee: ASSA ABLOY AB
    Inventors: Philip Hoyer, Julian Eric Lovelock, Mark Robinton
  • Patent number: 11163893
    Abstract: The present invention discloses methods and systems for redundantly securing data using an array of independent networks. Methods include the steps of: upon receiving a storage request and secret data for securely storing the secret data, independently requesting random data from each of at least one independent partner network out of an array of at least two independent partner networks; independently receiving the random data from each of at least one independent partner network, wherein respective random data is also stored on a respective independent partner network; cumulatively calculating complementary data as an encrypted form of the secret data with a complement function using the random data; and sending the complementary data to an independent storage partner network for storage, wherein the independent storage partner network is part of the array, and wherein the independent storage partner network is independent from at least one independent partner network.
    Type: Grant
    Filed: July 13, 2016
    Date of Patent: November 2, 2021
    Assignee: nsKnox Technologies Ltd.
    Inventors: Alon N. Cohen, Ilan Shiber, Sagi Vizner, Yoav Hermon
  • Patent number: 11157944
    Abstract: A method and system for bringing together online and offline advertising uses partner-encoded anonymous links that are associated with consumer data. The partner-encoded anonymous links allow processing without personally identifiable information (PII) in a secure environment. Data is matched using identifiers that are encrypted for use in connection with individual match distribution partners. The method and system allows a marketer to utilize offline data to precisely target advertisements without the use of PII, and to perform analytics concerning the use of the online advertisements to more precisely determine the effectiveness of multichannel marketing efforts.
    Type: Grant
    Filed: September 5, 2014
    Date of Patent: October 26, 2021
    Assignee: LiveRamp, Inc.
    Inventors: Thierry Roullier, Dana S. Robbins, Linda Young, Scott Jones, Mike Zukerman, Russell Della Rosa
  • Patent number: 11151236
    Abstract: An example operation may include one or more of initiating, by a file verification device, verification of a source file or a redacted source file, executing one of a smart contract or chaincode to verify the chameleon hash signature and the auxiliary data hash signature, and providing a notification whether the verification was successful or unsuccessful. In response to initiating verification of the source file, the method further includes the file verification device receiving stored source file segments and stored auxiliary data segments, generating a chameleon hash signature, and generating an auxiliary data hash signature. In response to initiating verification of the redacted source file, the method further includes receiving stored redacted file segments, stored auxiliary data segments, and stored modified auxiliary data, generating a chameleon hash signature, and generating an auxiliary data hash signature.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: October 19, 2021
    Assignee: International Business Machines Corporation
    Inventors: Karthik Nandakumar, Nalini K. Ratha, Sharathchandra Pankanti
  • Patent number: 11146645
    Abstract: Network and/or application resources can be dynamically instantiated based on service attributes and/or network capabilities. In one aspect, a customized and/or localized core slice can be selected that can deliver the requested service with target performance parameters. According to an aspect, dynamic selection, control, and/or management reporting can be provided for core network slices. Moreover, optimal core network slice selection can be performed to reduce network transport costs and efficiently deliver various services using an optimal core slice that matches a service profile being requested by an end user and/or device.
    Type: Grant
    Filed: February 7, 2020
    Date of Patent: October 12, 2021
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Rajendra Prasad Kodaypak, Jianrong Wang, Jiansong Wang
  • Patent number: 11140148
    Abstract: A method, a non-transitory computer readable medium, and a system are disclosed for a single sign-on for services. The method includes: receiving, on a computer processor, user identification captured by a biometric device of a user; forwarding, by the computer processor, the user identification to an authentication server; receiving, on the computer processor, a user JSON Web Token (user-JWT), user principle name, active directory domain name, and user domain name password, upon authentication of the user by the authentication server; performing, by the computer processor, an active directory join operation with an active directory using the user principle name, the active directory domain name, and the user domain name password; launching, on the computer processor, a browser that communicates with the authentication server; and receiving, on the computer processor, an HTML page constructed with JavaScript code with clickable icons for provisioned services from the authentication server.
    Type: Grant
    Filed: March 30, 2020
    Date of Patent: October 5, 2021
    Assignee: Konica Minolta Business Solution U.S.A., Inc.
    Inventor: Rahul Suraparaju
  • Patent number: 11139960
    Abstract: An example operation may include one or more of determining, by a file redaction device, redacted segments of a source file, receiving, by a signature update device, the redacted source file segments, a stored trapdoor key, and stored auxiliary data segments, determining modified auxiliary data from the redacted source file segments, the trapdoor key and the auxiliary data segments, executing chaincode to obtain a modified auxiliary data signature and identifiers of the redacted source file segments, and storing the modified auxiliary data signature and identifiers of the redacted source file segments to a shared ledger of a blockchain network. Each stored auxiliary data segment including a random string of data corresponding to a segment of the source file.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: October 5, 2021
    Assignee: International Business Machines Corporation
    Inventors: Karthik Nandakumar, Nalini K. Ratha, Sharathchandra Pankanti
  • Patent number: 11108773
    Abstract: A client device accesses an online system using an authentication process when it is connected to a public network and not a private network. The client device requests access using an authentication broker via the public network. The authentication broker determines an authentication system and transmits identification information for the client device to the authentication system via the private network. The authentication broker receives an authentication vector generated by the authentication system via the private network, and receives a verification response from the client device via the public network. The verification response corresponds to a verification challenge generated based on the authentication vector by the authentication broker.
    Type: Grant
    Filed: July 22, 2019
    Date of Patent: August 31, 2021
    Assignee: Facebook, Inc.
    Inventor: Govardhan Reddy Dhani Reddy
  • Patent number: 11108545
    Abstract: Implementations of this specification provide a method and an apparatus for creating a blockchain account and verifying blockchain transactions. An example method performed by a blockchain platform includes receiving a transaction, the transaction including at least an initiator field that specifies an account to be created, a receiver field that specifies a pre-determined field value, and a data field that specifies a user-defined key control rule. The user-defined key control rule includes at least one 3-tuple, and each 3-tuple includes a key identifier, an action identifier, and a permission setting. The blockchain platform seals the transaction into a block, and sends the sealed transaction to at least one other full node in the blockchain network.
    Type: Grant
    Filed: January 31, 2020
    Date of Patent: August 31, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Jun Zuo
  • Patent number: 11070937
    Abstract: Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: recording position data for a mobile device over time, the position data being associated to an identifier of the mobile device; outputting to a user an identification code associated to the identifier; receiving input data from a user, the input data including the identification code and user identifying information from a user; responsively to the receiving the input data from a user associating the identification code and the user identifying information; based on the associating processing the position data and user profile data associated to the user identifying information; sending a message to the user based on a result of the processing.
    Type: Grant
    Filed: September 4, 2019
    Date of Patent: July 20, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jeremy A. Greenberger, Zachary M. Greenberger
  • Patent number: 11068466
    Abstract: A method for validating data structures includes generating and storing, at each of multiple intervals, a signature for each of multiple data structures, including a parent data structure and a child data structure. The method also includes, in response to a request to validate the child data structure, retrieving active state signatures of the parent and child data structures, and comparing the active state signatures. The method further includes, when the active state signatures are inconsistent, comparing the active state signature of the child data structure to a first prior state signature of the parent data structure; and when the active state signature of the child data structure is consistent with the first prior state signature of the parent data structure, notifying a user that the child data structure is a match for the parent data structure but out of sync therewith.
    Type: Grant
    Filed: December 31, 2018
    Date of Patent: July 20, 2021
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventor: Kenneth Gene Feulner
  • Patent number: 11055479
    Abstract: Techniques for obtaining electronic signatures via word processing applications are described. One approach utilizes a code module, also referred to as a “markup module,” that executes within a word processing application and that facilitates the preparation of a document for electronic signature. A user can operate the word processing application together with the markup module in order to add signature tag markers to the document and to provide recipient information about intended signers, such as names and email addresses. Once the document has been prepared, the code module transmits the document (including the added signature tag markers) and the recipient information to a digital transaction service. The digital transaction service then manages the signing of the document, such as by notifying the recipient, receiving the recipient's signature and securely storing the signature in association with the document.
    Type: Grant
    Filed: January 30, 2015
    Date of Patent: July 6, 2021
    Assignee: DOCUSIGN, INC.
    Inventors: Inbar Gazit, Joe Cartano, Jenson Yan, Lahini Arunachalam, Tamara Solorzano Tejeda
  • Patent number: 11038855
    Abstract: The invention relates to a method and an apparatus for encrypted communication between a client and a server, wherein the communication comprises request messages, each with request elements, and response messages, each with response elements. Request elements and response elements can comprise data. It is an object of the invention to hamper or prevent unauthorized access to the data during communication and also during storage and processing on the server. In this case, it is assumed that the communication channel and also the server itself are not trustworthy and neither client nor server provide measures or are adaptable in order to counter said risks of unauthorized access, for example by means of cryptographic methods.
    Type: Grant
    Filed: June 23, 2016
    Date of Patent: June 15, 2021
    Assignee: medisite GmbH
    Inventor: Torsten Frank
  • Patent number: 11032320
    Abstract: Systems and methods for dynamic application level encryption are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for dynamic application level encryption include: (1) receiving a plurality of data classification rules; (2) classifying data using the data classification rules; (3) identifying at least one protection option of a plurality of protection options for protecting the data in at least a rest state, an in-transit state, and an in-memory state; and (4) applying the at least one protection option to the data at rest.
    Type: Grant
    Filed: September 19, 2017
    Date of Patent: June 8, 2021
    Assignee: JPMorgan Chase Bank, N.A.
    Inventors: Jorge Garcia Reyero, Marco C. Pineda, Jody Spearing
  • Patent number: 10972860
    Abstract: A system and method for responding to changes in social traffic in a geographic area receives, via an electronic communications interface, information describing a geographic area and one or more attributes of people expected to be in the geographic area. A geofence is defined based on the information describing the geographic area, and a cohort of people expected to be in the geofence is defined based on the one or more attributes. Information from a sensor regarding an attribute of a person at a geographic location is received via an electronic communications network. Based on the attribute, a determination is made whether or not the person is a member of the cohort of people expected to be in the geofence. An alert may be triggered based at least in part on whether or not the person is a member of the cohort of people expected to be in the geofence.
    Type: Grant
    Filed: May 25, 2017
    Date of Patent: April 6, 2021
    Assignee: International Business Machines Corporation
    Inventors: Paul R. Bastide, Matthew E. Broomhall, Robert E. Loredo, Fang Lu
  • Patent number: 10958629
    Abstract: Methods and apparatus for ensuring protection of transferred content. In one embodiment, content is transferred while enabling a network operator (e.g., MSO) to control and change rights and restrictions at any time, and irrespective of subsequent transfers. This is accomplished in one implementation by providing a premises device configured to receive content in a first encryption format and encodes using a first codec, with an ability to transcrypt and/or transcode the content into an encryption format and encoding format compatible with a device which requests the content therefrom (e.g., from PowerKey/MPEG-2 content to DRM/MPEG-4 content). The premises device uses the same content key to encrypt the content as is used by the requesting device to decrypt the content.
    Type: Grant
    Filed: August 13, 2018
    Date of Patent: March 23, 2021
    Assignee: Time Warner Cable Enterprises LLC
    Inventor: Eric Hybertson
  • Patent number: 10951630
    Abstract: A method for verifying trusted communication between an agent device and an application providing apparatus using a registry apparatus. The registry apparatus maintains a device registry comprising authentication information for uniquely authenticating at least one agent device. The method includes the steps of obtaining from the device registry the authentication information for the agent device identified by a device identifier specified in an the authentication request from the agent device, performing verification of the agent device using the authentication information obtained from the device registry, and if the verification is not successful, transmitting to at least one of the agent device and the application providing apparatus revocation information for denying the trusted communication between the agent device and the application providing apparatus.
    Type: Grant
    Filed: October 12, 2018
    Date of Patent: March 16, 2021
    Assignee: ARM Limited
    Inventors: Norbert David, Szymon Sasin
  • Patent number: 10949555
    Abstract: A system and method for encryption and decryption of data is disclosed. The decryption system provides access to remotely stored data items, each of the data items being independently accessible. At least a subset of the remotely stored data items are encrypted and each encrypted data item has an associated access condition. Upon a client requesting access to a remotely stored data item, the decryption system is arranged provide non-encrypted data items and for encrypted data items provide a decrypted data item if the associated access condition is met.
    Type: Grant
    Filed: May 23, 2016
    Date of Patent: March 16, 2021
    Assignee: Exate Technology Limited
    Inventors: Sonal Rattan, Peter Lancos, Suraj Nittoor
  • Patent number: 10902145
    Abstract: Techniques for sorting encrypted data within a software as a service (SaaS) environment. Data is encrypted on a per symbol basis with a symbol based encryption module. Sort and search functionality preserving encryption that allows other modules to sort tokens and to search for tokens is provided. Encrypted tokens that have been encrypted by the symbol based encryption module are stored in a database. Access to the encrypted tokens is provided through the SaaS environment.
    Type: Grant
    Filed: March 4, 2019
    Date of Patent: January 26, 2021
    Assignee: salesforce.com, inc.
    Inventor: David Movshovitz
  • Patent number: 10824770
    Abstract: Various examples are directed to systems and methods for executing a web application with client-side encryption. A web application may execute in a web browser at a client computing device. The web browser may generate a document comprising a secure display element. The web browser may request to render the document at the client computing device. A cryptographic tool of the web browser may decrypt the first encrypted value to generate a first clear value. The web browser may render the document at an output device of the client computing device using the clear value. The web browser may also be programmed to prevent the web application from accessing the first clear value.
    Type: Grant
    Filed: December 13, 2018
    Date of Patent: November 3, 2020
    Assignee: SAP SE
    Inventor: Martin Johns
  • Patent number: 10803095
    Abstract: An approach is provided in which a system analyzes a first set of data to derive a first distribution output that is based on a first conjugated distribution corresponding to the first set of data and a domain class model. The system utilizes the first distribution output as a baseline input to generate a second conjugated distribution corresponding to a second set of data and the domain class model. Next, the system derives a second distribution output of the second set of data based on the second conjugated distribution. The second distribution output identifies at least one personally identifiable information (PII) data field corresponding to the second set of data that was not identified as a PII data field in the domain class model. In turn, the system tags at least a portion of the second set of data as PII based on the derived second distribution output.
    Type: Grant
    Filed: July 30, 2018
    Date of Patent: October 13, 2020
    Assignee: International Business Machines Corporation
    Inventors: Robert H. Grant, Trudy L. Hewitt, Brian A. O'Crowley, Jonathan Dunne
  • Patent number: 10783264
    Abstract: A non-transitory computer-readable storage medium storing a control program that causes a computer to execute a process including receiving specified information generated in response to reception of an acquisition request of data from a terminal device that decrypts an encrypted data corresponding to the data, and identification information on the terminal device, determining whether or not the specified information is stored, in a storage unit, in association with the received identification information on the terminal device that has sent the acquisition request, the storage unit storing the specified information to be generated in association with the identification information on a terminal device for which a data acquisition is permitted for each of the plurality of pieces of data, and transmitting information that permits decryption of the encrypted data corresponding to the data to the terminal device when the specified information is stored in association with the received identification information.
    Type: Grant
    Filed: August 31, 2017
    Date of Patent: September 22, 2020
    Assignee: FUJITSU LIMITED
    Inventors: Takanori Hamano, Seiji Kurimoto, Yumiko Yamagata, Yoko Miura, Yoshimi Yufu, Satoshi Wakabayashi, Yoriko Yamada
  • Patent number: 10785217
    Abstract: An authentication control method, system, and computer program product, includes performing an initial calibration to login to a registered device by detecting a plurality of biological signals, biometric signals, and idiosyncratic signals of a user and selecting a combination of the plurality of biological signals, biometric signals, and idiosyncratic signals to use in an initial calibration-authentication score, computing a login-authentication score at a time of the login based on a user input of signals corresponding to the signals of the initial calibration-authentication score, and allowing the login to the registered device if the login-authentication score is within a predetermined threshold of the initial calibration-authentication score.
    Type: Grant
    Filed: January 10, 2017
    Date of Patent: September 22, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Saritha Arunkumar, Kuntal Dey, Nizar Lethif, Enara C. Vijil
  • Patent number: 10776010
    Abstract: A system includes a read/write controller removably coupled to a storage drive. Responsive to detection of a coupling between the read/write controller and the storage drive, the read/write controller retrieves key information from the storage drive, uses the key information to locate adaptives associated with the primary storage medium, and loads the adaptives into volatile memory to configure read/write settings for access to the primary storage medium.
    Type: Grant
    Filed: April 19, 2019
    Date of Patent: September 15, 2020
    Assignee: SEAGATE TECHNOLOGY LLC
    Inventors: Riyan Alex Mendonsa, Jon D Trantham, Anil J Reddy, Varun Reddy Boddu, Ajay Narayan Kulkarni