Particular Communication Authentication Technique Patents (Class 713/168)
  • Patent number: 10104517
    Abstract: A method for loading a profile for a mobile radio subscription from a data preparation server into a subscriber identity module, comprises the steps: (a) providing a profile at the data preparation server; (b) generating a single executable program code module of the profile provided according to (a), which program code module is arranged such that by executing the executable program code module the profile is installed in the subscriber identity module; (c?) loading the single executable program code module into the subscriber identity module. A method for installing a profile in the subscriber identity module, comprises the steps: (d) sending an APDU command from the data preparation server to the subscriber identity module; (e) in reaction to a reception of the APDU command at the subscriber identity module, executing the executable program code module and by executing installing the profile in the subscriber identity module.
    Type: Grant
    Filed: March 24, 2016
    Date of Patent: October 16, 2018
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Nils Nitsch, Ulrich Huber
  • Patent number: 10104070
    Abstract: A system, method, and computer-readable medium for challenge-response authentication are provided. A plurality of codes is received over a communication network based on input provided by way of a user interface displaying a plurality of images. An alphanumeric string is generated based on the received plurality of codes and based on a table that associates each one of the plurality of codes with a respective one of the plurality of images and with a respective one of a plurality of alphanumeric characters. A determination is made as to whether to grant authorization based on whether the generated alphanumeric string matches an alphanumeric user identifier stored in a memory device in association with a user.
    Type: Grant
    Filed: November 21, 2017
    Date of Patent: October 16, 2018
    Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.
    Inventor: Samuel A. Bailey, Jr.
  • Patent number: 10104048
    Abstract: A method of shared key generation between three nodes through a shared communication medium includes performing, with a processor in a first node communicatively connected to a second node and a third node through a shared communication medium, a one-way function using a first shared key between the first node and the second node stored in a memory of the node and a predetermined counter as inputs to generate a first plurality of pseudo-random bits. The method includes generating, with the processor and a transceiver in the first node, a second shared key between the first node and the third node by transmitting each bit in the first plurality of pseudo-random bits to the third node through the shared communication medium simultaneously to transmission of random bits from the third node to the first node.
    Type: Grant
    Filed: July 15, 2016
    Date of Patent: October 16, 2018
    Assignee: Robert Bosch GmbH
    Inventors: Shalabh Jain, Jorge Guajardo Merchan, Xinxin Fan
  • Patent number: 10103887
    Abstract: The invention relates to a method and system for key distribution and encryption/decryption. An encryption key (Kenc) is derived in a terminal. The encryption key is applied by the terminal for encrypting at least a part of data included in an application message for an application server transmitted over a network. The terminal and the network both have access to a first key (K1). The terminal and the server both have access to a second key (K2). The encryption key is derived at the terminal using the first key and the second key. The first key or the derivative thereof is received at the server. The encryption key for decrypting the application message encrypted by the terminal is derived in the server using the shared second key and the received first key of the derivative thereof.
    Type: Grant
    Filed: December 6, 2011
    Date of Patent: October 16, 2018
    Assignees: Koninklijke KPN N.V., Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek TNON
    Inventor: Frank Fransen
  • Patent number: 10104716
    Abstract: The disclosure provides an apparatus and method for relaying by a mobile device and a storage medium, the apparatus including: one or more processors; and a memory, where: the memory stores therein one or more computer readable program codes configured to be executed by the one or more processors to perform operations of: connecting with a wireless access point through a station node of Wi-Fi; enabling a softAP node of Wi-Fi so that logon information of the mobile device is broadcasted, and one or more electronic devices are connected through the softAP node; enabling a packet forwarding function to enable a data packet to be forwarded between different nodes of Wi-Fi in the mobile device; and sending configuration information of packet forwarding to a Wi-Fi module so that a data packet is forwarded between the station node and the softAP node.
    Type: Grant
    Filed: February 25, 2016
    Date of Patent: October 16, 2018
    Assignees: HISENSE MOBILE COMMUNICATIONS TECHNOLOGY CO., LTD., HISENSE USA CORPORATION, HISENSE INTERNATIONAL CO., LTD.
    Inventors: Chuanqing Yang, Zizhi Sun, Bin Zheng, Shidong Shang, Changsheng Zhou
  • Patent number: 10104097
    Abstract: The disclosed computer-implemented method for preventing targeted malware attacks may include (1) identifying at least one candidate risk factor for targets of previous targeted malware attacks that were directed to the targets based on characteristics of the targets, (2) calculating a degree of association between the candidate risk factor and the previous targeted malware attacks by comparing rates of targeted malware attacks between a group that possesses the risk factor and a group that does not possess the risk factor, (3) identifying a candidate target of a targeted malware attack that possesses the candidate risk factor, and (4) adjusting a security policy assigned to the candidate target of the targeted malware attack based on the calculated degree of association between the candidate risk factor and the previous targeted malware attacks. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 12, 2014
    Date of Patent: October 16, 2018
    Assignee: Symantec Corporation
    Inventors: Leylya Yumer, Olivier Thonnard, Anand Kashyap
  • Patent number: 10103878
    Abstract: Disclosed are various embodiments for separating security credential verification. A first authentication service receives a first security credential from a client. The first authentication service also receives an encrypted version of a second security credential from a second authentication service. The first authentication service determines a stored encrypted credential corresponding to the second security credential based at least in part on the first security credential. The first authentication service authenticates the client by comparing the encrypted version of the second security credential to the stored encrypted credential.
    Type: Grant
    Filed: September 15, 2015
    Date of Patent: October 16, 2018
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10096205
    Abstract: If it is desired to convert an EGM 2 into an EGM that is configured to provide a stand-alone progressive jackpot, then the conversion device 1 is retrofitted into the EGM 2. The conversion device 1 includes a processor 6 that is configured to administer the stand-alone progressive jackpot. The processor 6 is communicatively connected to both the plurality of input ports 3 and the plurality of output ports 5. The processor 6 is also communicatively connected to memory 8. A flowchart setting out the steps performed in a first method of using the conversion device 1 to provide a stand-alone progressive jackpot is illustrated in FIG. 2.
    Type: Grant
    Filed: July 22, 2016
    Date of Patent: October 9, 2018
    Assignee: PALTRONICS AUSTRALASIA PTY LIMITED
    Inventors: Dean Wright, Stephen Cowan
  • Patent number: 10095858
    Abstract: Various embodiments of the invention provide for secure data communication in industrial process control architectures that employ a network of sensors and actuators. In various embodiments, data is secured by a secure serial transmission system that detects and authenticates IO-Link devices that are equipped with secure transceivers circuits, thereby, ensuring that non-trusted or non-qualified hardware is prevented from connecting to a network and potentially compromising system behavior.
    Type: Grant
    Filed: March 24, 2014
    Date of Patent: October 9, 2018
    Assignee: Maxim Integrated Products, Inc.
    Inventors: Samer A. Haija, Chowdary Subbayya Yanamadala, Hal Kurkowski
  • Patent number: 10091174
    Abstract: In some embodiments, upon detecting malicious activity associated with a user account, a content management system can identify other user accounts related to the malicious user account. The content management system can identify related user accounts by comparing authentication information collected for the malicious user account with authentication information collected for other user accounts. Authentication information can include IP address information, geographic information, device type, browser type, email addresses, and/or referral information, for example. The content management system can compare the content items associated with the malicious user account to content items associated with other user accounts to determine relatedness or maliciousness. After identifying related malicious user accounts, the content management system can block all related malicious user accounts.
    Type: Grant
    Filed: September 29, 2014
    Date of Patent: October 2, 2018
    Assignee: DROPBOX, INC.
    Inventor: Anton Mityagin
  • Patent number: 10089468
    Abstract: A device may detect or emulate a sequence of keystrokes to be used to detect a keystroke logger application. The device may determine a sequence of characters associated with the sequence of keystrokes. The sequence of characters may correspond to the sequence of keystrokes or a portion of the sequence of keystrokes. The device may search a memory for the sequence of characters. The device may determine that the sequence of characters is stored in the memory based on searching the memory for the sequence of characters. The device may perform an action to counteract the keystroke logger application based on determining that the sequence of characters is stored in the memory.
    Type: Grant
    Filed: June 12, 2017
    Date of Patent: October 2, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Kyle Adams, Jacob Asher Langton, Daniel J. Quinlan
  • Patent number: 10091211
    Abstract: Systems and methods for authenticating access to multiple data stores substantially in real-time are disclosed. The system may include a server coupled to a network, a client device in communication with the server via the network and a plurality of data stores. The server may authenticate access to the data stores and forward information from those stores to the client device. An exemplary authentication method may include receipt of a request for access to data. Information concerning access to that data is stored and associated with an identifier assigned to a client device. If the identifier is found to correspond to the stored information during a future request for access to the store, access to that store is granted.
    Type: Grant
    Filed: April 10, 2018
    Date of Patent: October 2, 2018
    Assignee: Seven Networks, LLC
    Inventors: Jay Sutaria, Brian Daniel Gustafson, Robert Paul van Gent, Ruth Lin, David Merriwether, Parvinder Sawhney, Ari Backholm
  • Patent number: 10091537
    Abstract: A method of managing the processing of a digital broadcast transport stream by a multimedia unit identified by a personal identifier. The multimedia unit being connectable to a security module associated to the multimedia unit and/or a server through an IP-connection with a return path. The transport stream comprising scrambled content packets and conditional access messages that are necessary for descrambling the content packets. The method comprises: sending the conditional access messages from the multimedia unit to either the server or the security module; verifying the authentication of the multimedia unit and/or the validity of access rights allocated to the multimedia unit; if the authentication fails, preventing any further processing of the conditional access message; securely obtaining, at the multimedia unit, the control data corresponding to the conditional access messages; and descrambling the audio/video/data content packets using the control data at the multimedia unit.
    Type: Grant
    Filed: October 5, 2012
    Date of Patent: October 2, 2018
    Assignee: Nagravision S.A.
    Inventor: Bertrand Wendling
  • Patent number: 10091655
    Abstract: A system that incorporates the subject disclosure may include, for example, instructions which when executed cause a device processor to perform operations comprising sending a service request to a remote management server; receiving from the management server an authentication management function and an encryption key generator for execution by a secure element and an encryption engine for execution by a secure device processor, sending a request to establish a communication session with a remote device; and communicating with the remote device via a channel established using an application server. The secure element and the secure device processor authenticate each other using a mutual authentication keyset. The secure element, the secure device processor and the device processor each have a security level associated therewith; the security level associated with the secure device processor is intermediate between that of the secure element and that of the device processor. Other embodiments are disclosed.
    Type: Grant
    Filed: September 8, 2016
    Date of Patent: October 2, 2018
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Walter Cooper Chastain, Stephen Emille Chin
  • Patent number: 10091183
    Abstract: A method for authorizing a function of an embedded electronic control unit, including: a decision gateway requests from a hardware security module a function request destined for the electronic control unit, the decision gateway receives from the hardware security module the function request which is signed by the hardware security module, the decision gateway creates a communication channel, based on a cryptographic identity of the decision gateway, to a backend, the decision gateway sends the function request to the backend, the decision gateway receives from the backend via the communication channel a ticket which corresponds to the function request and is signed by the backend, and the decision gateway stores the ticket.
    Type: Grant
    Filed: May 4, 2016
    Date of Patent: October 2, 2018
    Assignee: ROBERT BOSCH GMBH
    Inventors: Frederic Stumpf, Jan Holle
  • Patent number: 10083324
    Abstract: Qualified web application security based on multi-layered evaluation of web application hierarchy is described. A system receives a web application login request from a web browser associated with a user device. The system identifies a portion of qualified user information associated with the user device. The system creates an executable file based on using the portion of the qualified user information to evaluate a web application hierarchy file comprising hierarchical nodes, wherein each of the hierarchical nodes is associated with a corresponding web application function, at least one corresponding business rule, and a corresponding scope-based security configuration. The system sends the executable file to the web browser, thereby enabling the web browser to use another portion of the qualified user information to evaluate the executable file and to execute the evaluated executable file to provide qualified web application security for web application access requests from the user device.
    Type: Grant
    Filed: March 17, 2016
    Date of Patent: September 25, 2018
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Sachin G Totale, Pawel Zieminski, Julian Hjortshoj
  • Patent number: 10085148
    Abstract: A novel key management approach is provided for securing communication handoffs between an access terminal and two access points. An access terminal establishes a secure communication session with a first access point based on a first master session key based on a master transient key. The access terminal obtains a second access point identifier associated with a second access point and sends a message associated with a handoff to either the first access point or the second access point. The access terminal generates a second master session key based on at least the master transient key and the second access point identifier. The second master session key is used for secure communications with the second access point in connection with an intra-authenticator handoff from the first access point to the second access point. The access terminal then moves the secure communication session to the second access point.
    Type: Grant
    Filed: August 9, 2017
    Date of Patent: September 25, 2018
    Assignee: QUALCOMM Incorporate
    Inventor: Michaela Vanderveen
  • Patent number: 10084838
    Abstract: Techniques for serving a manifest file of an adaptive streaming video include receiving a request for the manifest file from a user device. The video is encoded at different reference bitrates and each encoded reference bitrate is divided into segments to generate video segment files. The manifest file includes an ordered list of universal resource locators (URLs) that reference a set of video segment files encoded at a particular reference bitrate. A source manifest file that indicates the set of video segment files is identified based on the request. An issued manifest file that includes a first URL and a second URL is generated based on the source manifest file. The first URL references a first domain and the second URL references a second domain that is different from the first domain. The issued manifest file is transmitted to the user device as a response to the request.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: September 25, 2018
    Assignee: DLVR, Inc.
    Inventors: Michael Gordon, David Morel
  • Patent number: 10084598
    Abstract: Technical solutions are described for authenticating a hosting system prior to securely deploying a shrouded virtual server. An example method includes receiving, by a hypervisor, a request for a public certificate, from a client device that requested the virtual server, and sending the public certificate of the hosting system that executes the hypervisor. The method also includes receiving, in response to the public certificate being successfully authenticated by the client device using a third-party verification system, a session key based on a public key included in the public certificate. The method also includes decrypting the session key using a private key, where the private key is pre-installed in the hosting system by a manufacturer of the hosting system, and sending an acknowledgement message encrypted using the session key. The method also includes establishing a secure communication between the client device and the hypervisor using the session key.
    Type: Grant
    Filed: December 27, 2017
    Date of Patent: September 25, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Khary J. Alexander, Reinhard T. Buendgen, K. Paul Muller, James A. O'Connor, William J. Rooney, Tiberiu Suto, Craig R. Walters, Sean Swehla
  • Patent number: 10084767
    Abstract: A method and apparatus for authenticating a communication device is disclosed. An system that incorporates teachings of the present disclosure may include, for example, an authentication system having a controller element that receives from a communication device over a packet-switched network a terminal ID and a request to authenticate said communication device, generates a first registration ID, stores the first registration ID and a first communication identifier, transmits the first registration ID to the communication device, receives from an interactive response system a second communication identifier and a second registration ID that the interactive response system received during a communication session with the communication device over a circuit-switched network, and authenticates the communication device in response to detecting a match between the first and second communication identifiers and the first and second registration IDs. Additional embodiments are disclosed.
    Type: Grant
    Filed: July 18, 2017
    Date of Patent: September 25, 2018
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Edward Walter, Larry B. Pearson
  • Patent number: 10084773
    Abstract: A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource.
    Type: Grant
    Filed: April 26, 2016
    Date of Patent: September 25, 2018
    Assignee: NetIQ Corporation
    Inventors: Lloyd Leon Burch, Duane Fredrick Buss, Larry Hal Henderson
  • Patent number: 10084820
    Abstract: A method of providing security for data being transferred over a Universal Serial Bus (USB) connection, the method comprising: setting an IPsec policy configuration on a host device hand a client device; sending a packet to a first loopback interface on the host device, wherein the first loopback interface configures the packet to be routed to a second loopback interface on the client device; sending the packet from the first loopback interface to an IPsec module for encryption; filtering the packet received from first loopback interface; sending the packet to the client device over the USB connection; injecting the packet into the second loopback interface; sending the packet from the second loopback interface on the client device to the IPsec module on the client device for decryption; and sending the decrypted packet to the second loopback interface on the device application, wherein the packet is received on the client device.
    Type: Grant
    Filed: February 27, 2015
    Date of Patent: September 25, 2018
    Assignee: Konica Minolta Laboratory U.S.A., Inc.
    Inventor: Maria Perez
  • Patent number: 10084782
    Abstract: Provided is a method for authenticating a user communicating with an enterprise via a network. The method includes receiving, via the network, authenticators for a user from a first user device associated with the user, and storing the received authenticators. A first authenticator from the stored authenticators is selected to be used for authenticating the user based on an authentication policy received from the enterprise. An authentication request is transmitted to a user device requesting the first authenticator and the user is authentication by by comparing the received authenticator with the stored first authenticator.
    Type: Grant
    Filed: September 19, 2016
    Date of Patent: September 25, 2018
    Assignee: Early Warning Services, LLC
    Inventors: Andrew Robert Rolfe, Alan Dundas, Gregory Slowiak
  • Patent number: 10079829
    Abstract: Described herein are methods, apparatuses, and systems for secure provisioning of devices for manufacturing and maintenance. A method includes provisioning a sensor device by storing identification data for the sensor device and information used to authenticate the identification data in the sensor device. A method includes storing subassembly data for the sensor device and information used to authenticate the subassembly data in the sensor device in response to the sensor device being received and installed in a subassembly unit. The sensor device is installed in response to validating authenticity of the identification data. A method includes connecting the sensor device to a wireless sensor network in response to validating authenticity of one or more of the identification data and the subassembly data. The sensor device is integrated into a larger unit comprising the wireless sensor network.
    Type: Grant
    Filed: April 2, 2015
    Date of Patent: September 18, 2018
    Assignee: The Boeing Company
    Inventor: Ian G. Angus
  • Patent number: 10078425
    Abstract: In various embodiments, authentication stations are distributed within a facility, particularly in spaces where mobile devices are predominantly used—e.g., a hospital's emergency department. Each such station includes a series of authentication devices. Mobile device may run applications for locating the nearest such station and, in some embodiments, pair wirelessly with the station so that authentication thereon will accord a user access to the desired resource via a mobile device.
    Type: Grant
    Filed: November 19, 2015
    Date of Patent: September 18, 2018
    Assignee: IMPRIVATA, INC.
    Inventor: Meinhard Dieter Ullrich
  • Patent number: 10080185
    Abstract: A method, an apparatus, and a computer program product for wireless communication are provided. The apparatus may be a UE. The UE receives a discovery code and key information associated with the discovery code. A discovery message may be generated based on the discovery code. The UE transforms the discovery message using the key information. The UE then broadcasts the transformed discovery message. In a second configuration, the UE receives a first discovery code, key information associated with the first discovery code, and a discovery message containing a second discovery code. The UE unscrambles the discovery message using the key information to obtain the second discovery code. The first discovery code and the second discovery code are compared. If the first and second discovery codes match, the UE may check the integrity of the discovery message and/or remove confidentiality of the discovery message using the key information.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: September 18, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Adrian Edward Escott, Michaela Vanderveen
  • Patent number: 10078761
    Abstract: Disclosed herein is a system to validate information about a user, or users, derived from publicly-accessible data. The system comprises a validation system that uses private data about the user to validate the user information derived from the publicly-accessible data. The validation system may receive a validation request in connection with an inconclusive result derived from the publicly-accessible data.
    Type: Grant
    Filed: October 10, 2016
    Date of Patent: September 18, 2018
    Assignee: OATH INC.
    Inventors: Varun Bhagwan, Patrick Mason, Ashutosh Singh, Jaikit Savla, Rahul Teotia, Ramachandran Natarajan Iyer
  • Patent number: 10075427
    Abstract: For resetting authentication tokens based on implicit credentials, a method is disclosed that includes receiving, by use of a processor, an authentication request, the request requiring an authentication token, the request not including the authentication token, verifying an implicit credential, and resetting the authentication token in response to the implicit credential matching a predefined credential.
    Type: Grant
    Filed: March 31, 2014
    Date of Patent: September 11, 2018
    Assignee: Lenovo (Singapore) PTE. LTD.
    Inventors: Robert A. Bowser, Richard Wayne Cheston, Howard Locker, Goran Hans Wibran, Randall Scott Springfield
  • Patent number: 10075615
    Abstract: Provided is a method of establishing, by an image forming apparatus, a connection to a mobile device, the method including transmitting temporary credential information to the mobile device in response to receiving a pairing request from the mobile device, receiving an encrypted personal identification number (PIN) code from the mobile device, determining whether a PIN code is valid by decrypting the encrypted PIN code using the temporary credential information to extract the PIN code, and transmitting permanent credential information to the mobile device when it is determined that the PIN code is valid.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: September 11, 2018
    Assignee: S-PRINTING SOLUTION CO., LTD.
    Inventor: Ju-ho Eum
  • Patent number: 10075807
    Abstract: Methods and devices of various embodiments provide enhanced location services by leveraging a system of beacon devices each broadcasting data that is useful in calculating locations and report of the trustworthiness of neighbor beacon devices. Various embodiments include a method performed by a beacon device that may include obtaining location data using a first functionality, evaluating sensor data to identify a breach of trust condition at the beacon device, generating authentication data that indicates any identified breach of trust condition, receiving one or more neighbor beacon broadcast messages using a second functionality, determining whether the one or more neighbor beacon broadcast messages include trustworthy location data, and broadcasting an outgoing broadcast message that includes the obtained location data, timing data, the generated authentication data, and data indicating whether the one or more neighbor beacon broadcast messages include trustworthy location data.
    Type: Grant
    Filed: September 3, 2015
    Date of Patent: September 11, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Michael-David Nakayoshi Canoy, Stephen Alton Sprigg, Kiet Tuan Chau, Michael Orlando DeVico, Yinyin Liu, Gregory Cisewksi
  • Patent number: 10075420
    Abstract: Creation of update of a security context between user equipment and MSC/VLR (Mobile Switching Centre/Visitor Location Register) for circuit switched domain services is provided. The creation or update is based on conversion of the security context used in an evolved Universal Terrestrial Radio Access Network (E-UTRAN) in the Mobility Management Entity (MME) to a security context for the circuit switched domain target system and transferring it to a MSC/VLR. When user equipment is moved from E-UTRAN to GSM EDGE Radio Access Network/Universal Terrestrial Radio Access Network (GERAN/UTRAN), a MME does not need to perform authentication and key agreement procedures to establish shared circuit switched security context for the user equipment.
    Type: Grant
    Filed: May 4, 2010
    Date of Patent: September 11, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Xipeng Zhu, Wolfgang Granzow, Adrian Edward Escott
  • Patent number: 10073977
    Abstract: Technologies for authenticity assurance for I/O data include a computing device with a cryptographic engine and one or more I/O controllers. A metadata producer of the computing device performs an authenticated encryption operation on I/O data to generate encrypted I/O data and an authentication tag. The metadata producer stores the encrypted I/O data in a DMA buffer and the authentication tag in an authentication tag queue. A metadata consumer decrypts the encrypted I/O data from the DMA buffer and determines whether the encrypted I/O data is authentic using the authentication tag from the authentication tag queue. For input, the metadata producer may be embodied as the cryptographic engine and the metadata consumer may be embodied as a trusted software component. For output, the metadata producer may be embodied as the trusted software component and the metadata consumer may be embodied as the cryptographic engine. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: September 11, 2018
    Assignee: Intel Corporation
    Inventors: Pradeep M. Pappachan, Reshma Lal, Bin Xing, Steven B. McGowan, Siddhartha Chhabra, Reouven Elbaz
  • Patent number: 10067781
    Abstract: Generally described, aspects of the present disclosure relate to for managing the configuration and security policies of hosted virtual machine networks. Hosted virtual machine networks are configured in a manner such that a virtual machine manager component can establish service manifests that correspond to information required by the virtual machine network from a user/customer. The virtual machine manager component can also publish in the service manifests contractual information, such as security risk assessments, that are deemed to have been provided and accepted by the user/customer in instantiating virtual machine networks. If the processed service manifest information remains valid, a substrate network process requests or independently instantiate services or components in accordance with the configuration information and security risk information included in the processed service manifest.
    Type: Grant
    Filed: October 19, 2015
    Date of Patent: September 4, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric Jason Brandwine, Don Johnson, Marvin M. Theimer
  • Patent number: 10070314
    Abstract: An approach is provided for authenticating a user. Geolocations are collected during a first time period and social media interactions are collected during a second time period. Historical data is polled which indicates (1) geolocations whose timestamps indicate locations of a person authorized to access the device within the first time period and (2) social media interactions whose timestamps indicate interactions of the person within the second time period. A question is generated to be relevant to a social media interaction and/or a geolocation included in the historical data. The voice of the user who provided an answer to the question is verified as matching a voice of the person authorized to access the device. The answer is determined to be correct. Based on the matching voices and the answer being correct, the user is authenticated and access to the device by the user is granted.
    Type: Grant
    Filed: November 28, 2017
    Date of Patent: September 4, 2018
    Assignee: International Business Machines Corporation
    Inventors: Michael Bender, David E. Nachman, Michael P. Shute
  • Patent number: 10067770
    Abstract: In one example, a system for a platform key hierarchy includes an embedded controller to, store a first public platform key with a key bit list corresponding to a number of valid private platform keys, and verify a second public platform key by comparing a key number corresponding to a private platform key to the key bit list.
    Type: Grant
    Filed: December 21, 2015
    Date of Patent: September 4, 2018
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Jeffrey K. Jeansonne, Lan Wang, Valiuddin Y. Ali
  • Patent number: 10069810
    Abstract: There is described a method of enabling a content receiver to access encrypted content, the content receiver forming part of a home network. The method comprises executing, on a device that also forms part of the home network, a key provisioning application. The method further comprises the key provisioning application receiving a key provisioning message and, based on the key provisioning message, providing to the content receiver via the home network one or more content decryption keys for decrypting the encrypted content. There is also described a device arranged to carry out this method. In addition, there is described a content receiver arranged to (a) receive from the aforementioned device, via a home network, one or more content decryption keys for accessing encrypted content; and (b) decrypt encrypted content using the one or more content decryption keys. Related computer programs and computer readable mediums are also described.
    Type: Grant
    Filed: March 18, 2014
    Date of Patent: September 4, 2018
    Assignee: IRDETO B.V.
    Inventors: Wim Mooij, Graham Kill, Chunming Qie, Michiel Willemsen
  • Patent number: 10067486
    Abstract: A system for providing a control program code (SPC) for controlling a device connected to a control device has: an authentication service which, after successful authentication of the device with respect to the authentication service, transmits a device ID (FG-ID) of the authenticated device to a commissioning service which, on the basis of the device ID (FG-ID) of the authenticated device, transmits a control program code (SPC) to a control device which controls the authenticated device using the control program code (SPC).
    Type: Grant
    Filed: September 3, 2012
    Date of Patent: September 4, 2018
    Assignee: Siemens Aktiengesellschaft
    Inventors: Steffen Fries, Jürgen Gessner, Hans-Joachim Hof, Angela Schattleitner
  • Patent number: 10063536
    Abstract: A method includes receiving a request from a certificate user to utilize a short-term private key-public key pair. The short-term private key-public key pair includes a short-term private key and a public key. The short-term private key may expire after a period less than a year in length. The method further includes generating, using a processor, the short-term private key and generating, using the processor, the public key. The method further includes requesting a public key certificate from a Certificate Authority (CA). The method also includes receiving the public key certificate from the CA and pairing the short-term private key with the public key certificate. The public key certificate may include the public key that corresponds to the short-term private key. The method further includes storing the short-term private key-public key pair to a storage.
    Type: Grant
    Filed: March 25, 2016
    Date of Patent: August 28, 2018
    Assignee: CA, Inc.
    Inventor: Joann Jayne Kent
  • Patent number: 10057273
    Abstract: A request is received from a client device of a user for configuring a tenant of a multi-tenant storage system, the multi-tenant storage system storing data for different tenants. An entity identifier (ID) identifying an entity to be associated exclusively with the tenant is obtained from the request. A lookup operation is performed based on the entity in an SMT registry namespace cache stored in a memory to locate an entry that matches the entity. If no matching entry is found, the request is allowed. If a matching entry is found, a first tenant ID obtained from the request is compared with a second tenant ID stored in the matching entry. The request to configure the tenant is allowed if the first tenant ID matches the second tenant ID. The request is denied if the first tenant ID does not match the second tenant ID.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: August 21, 2018
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Subhasish Chakraborty, Hongyu Zhang, Terry Hahn, Xiaoyin Hu
  • Patent number: 10057296
    Abstract: Methods and systems for providing destination-specific network management are described. One example method includes determining a normal data movement profile for a computing device based on observed normal data transfer behavior by the computing device; identifying a data movement rule associated with the computing device, the data movement rule including a deviation amount, and one or more actions to take when the computing device deviates from the normal data movement profile by more than the deviation amount; detecting a data movement associated with the computing device; determining that the detected data movement exceeds the deviation amount included in the data movement rule relative to the normal data movement profile for the computing device; and performing the one or more actions associated with the data movement rule upon determining that the data movement violates the data movement rule.
    Type: Grant
    Filed: October 5, 2017
    Date of Patent: August 21, 2018
    Assignee: iboss, Inc.
    Inventors: Paul Michael Martini, Peter Anthony Martini
  • Patent number: 10050943
    Abstract: This technology mitigates the vulnerabilities of parameter storage by calculating parameters dynamically rather than storing and using static parameters. This example non-limiting technology derives parameters “on-demand” from a subset of widely distributed parameters determined by a random string generated for each encrypted session. The subset of widely distributed parameters will be different each time a new subset is generated as the individual parameters are randomly selected. Thus the individual encrypted message (or document) will be encrypted differently using a different set of parameters each time. Some of these parameters bind the encrypted message to a specific user account and user device making the resulting encrypted message highly secure.
    Type: Grant
    Filed: February 16, 2016
    Date of Patent: August 14, 2018
    Assignee: Global Integrity, Inc.
    Inventors: Anthony C. Fascenda, Emil Sturniolo
  • Patent number: 10049359
    Abstract: An identity risk score may be determined for subscribers of a service to indicate a level of confidence or certainty associated with a subscriber's identity. The identity risk score may be modified upward or downward in order to reflect changing levels of certainty. The changes may be based on transactions performed on behalf of and/or information submitted by the subscriber. Functionality provided to the subscriber may also be dependent upon whether the subscriber's identity risk score meets a threshold. In one or more arrangements, an identity risk score may be determined based on whether information entered by the subscriber can be confirmed and a level of confidence with which the information is confirmed.
    Type: Grant
    Filed: February 9, 2015
    Date of Patent: August 14, 2018
    Assignee: CheckFree Corporation
    Inventors: Paul J. Lyda, Brett V. Borger, James Patrick McCabe, Roy Alan Southard, Hans D. Dreyer
  • Patent number: 10050790
    Abstract: A method for authorizing a transaction has the following steps: inputting transaction data on a first mobile device, transmitting the transaction data from the first device to a background system by means of a first over-the-air interface, transmitting in encrypted manner at least a password to a second mobile device through the intermediary of the first mobile device, and authorizing the transaction by inputting the password displayed on the second device on the first device.
    Type: Grant
    Filed: January 19, 2015
    Date of Patent: August 14, 2018
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Florian Gawlas, Jan Eichholz
  • Patent number: 10050968
    Abstract: A method for access control of shared data includes a data access requester transmitting a request for accessing a shared data to a data storage dealer, obtaining a cipher text of the shared data, a cipher text of an encryption key, an access strategy, and a cipher text attribute component from the data storage dealer, and transmitting a request for obtaining the user attribute component of the data access requester respectively to the attribute authorizers. The attribute authorizers generate the user attribute components of the data access requester respectively and transmit the user attribute components of the data access requester to the data access requester. The data access requester restores the encryption key, and decrypts the cipher text of the shared data according to the encryption key for obtaining the shared data requested to be accessed.
    Type: Grant
    Filed: December 31, 2014
    Date of Patent: August 14, 2018
    Assignee: Shenzhen University
    Inventors: Bo Wang, Jianyong Chen, Jianping Yu
  • Patent number: 10050942
    Abstract: A method for two factor authentication is described. The method comprises a server receiving an activation code for verification from a mobile device. The server generates an encrypted secret key using the activation code The secret key is encrypted and sent to the mobile device. The server receives a first token generated by the mobile device. The server generates a second token using the secret key, determines whether the first token is identical to the second token, and syncs information with the mobile device.
    Type: Grant
    Filed: March 17, 2015
    Date of Patent: August 14, 2018
    Assignee: CA, Inc.
    Inventors: Mohammed Mujeeb Kaladgi, Mahesh Malatesh Chitragar, Vishwanatha Salian
  • Patent number: 10044709
    Abstract: Methods, systems and computer readable media for multi-device single network sign-on are described. For example, a method can include authenticating a first device for network access via a first authentication process, the first device being associated with a user account. The method can also include receiving an access request from a second device associated with the user account, and determining whether the second device is within an access perimeter of the first device. The method can further include permitting the second device to access the network without a second authentication process when the second device is within the access perimeter of the first device.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: August 7, 2018
    Assignee: EXTREME NETWORKS, INC.
    Inventors: Sunil Menon, Shailesh Patel
  • Patent number: 10044684
    Abstract: The present invention provides a server for authenticating a smart chip, which is connected to a terminal transmitting and receiving data to and from the smart chip through a network, the server including: a server transceiving unit receiving a card identifier identifying a user from the terminal; and an authentication unit generating an authentication key from the card identifier and authenticating the smart chip from the authentication key, in which the smart chip receives the encrypted text to generate the decrypted text from a private key, and the card identifier is a public key corresponding to the private key. Accordingly, the present invention has the advantages of increasing the safety of a transaction to confirm whether a user has a medium in possession during online and offline transactions.
    Type: Grant
    Filed: September 5, 2014
    Date of Patent: August 7, 2018
    Inventor: Deoksang Kim
  • Patent number: 10044689
    Abstract: A security application for a computing device, e.g., a mobile phone, allows generation of a secret according to a unique user input (e.g., user credentials). The secret is stored in a directory such that it is retrievable when the unique user input is received via a user interface of a device on which the security application executes or is coupled with. Responsive to receiving an identifier associated with the secret, the security application prompts, e.g., via a user interface of the mobile phone, entry of the unique user input; and, subsequently, verifies the unique user input. Following such verification, the security application provides the secret for use in encoding a communication with a remote computer-based station. Entry of the user credentials may be required prior to the security application generating the secret, and may be responsive to receipt of an invitation (e.g., from the remote computer-based station) to generate it.
    Type: Grant
    Filed: December 12, 2017
    Date of Patent: August 7, 2018
    Assignee: PACID TECHNOLOGIES, LLC
    Inventor: Guy Fielder
  • Patent number: 10044697
    Abstract: Described herein is a platform and method for providing multi-level authentication by an onboard system in relation to a transaction. In response to receiving information related to a transaction, one or more authentication policies may be identified and provided to an onboard system associated with the transaction. The authentication policies may be executed by the onboard system to generate a result set indicating a pass/fail for each authentication policy. Once the result set has been generated, success actions and/or failure actions associated with each authentication policy may be executed in accordance with the generated result set.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: August 7, 2018
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventors: Nancy Kim, Sharon Gibson, Kelvan Howard
  • Patent number: 10042999
    Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to manage password security. An example apparatus includes a password field identifier to: monitor a computing device to detect entry of password information for web services, the password field identifier to identify when the password information for a first one of the web services is new or is changing. When the password information is new or is changing, capture the entered password associated with the first one of the web services. The example apparatus further includes a password linkage monitor to store a hash value of the captured password in a password vault and associate the stored hash value of the captured password with the first one of the web services.
    Type: Grant
    Filed: January 3, 2017
    Date of Patent: August 7, 2018
    Assignee: Intel Corporation
    Inventors: Hong Li, Tobias M. Kohlenberg, Lawrence Hurst