Mutual Entity Authentication Patents (Class 713/169)
  • Patent number: 12231427
    Abstract: A wireless communication system enables one-sided authentication of a responder device (120) by an initiator device (110) and mutual authentication of both devices. Embodiments of the initiator may have a message unit (116) and a state machine (117). The initiator starts by acquiring a responder public key via an out-of-band action and sends an authentication request. The responder sends an authentication response comprising responder authentication data based on a responder private key and a mutual progress status indicative of the mutual authentication being in progress for enabling the responder device to acquire an initiator public key via a responder out-of-band action. The initiator state machine is arranged to provide a mutual authenticating state, engaged upon receiving the mutual progress status, for awaiting mutual authentication. Thereby long time-out periods during wireless communication are avoided, while also enabling the initiator to report communication errors to the user within a short time.
    Type: Grant
    Filed: August 4, 2023
    Date of Patent: February 18, 2025
    Assignee: Koninklijke Philips N.V.
    Inventors: Johannes Arnoldus Cornelis Bernsen, Franciscus Antonius Maria Van De Laar, Ronald Felix Albertus Linders
  • Patent number: 12231585
    Abstract: In one embodiment, a secure challenge-response method includes requesting respective token challenges from devices, receiving the respective token challenges from the devices, providing the respective token challenges to a signing server, receiving from the signing server a signature of the respective token challenges signed with a private key of the signing server, and providing to a given device of the devices a request to perform an operation, the request including the signature and the respective token challenges.
    Type: Grant
    Filed: May 17, 2022
    Date of Patent: February 18, 2025
    Assignee: Mellanox Technologies, Ltd
    Inventors: Yuval Itkin, Michael Tahar, Haim Kupershmidt, Ameer Mahagneh
  • Patent number: 12212675
    Abstract: Discussed are a cross certification method and a certifying device to perform the method.
    Type: Grant
    Filed: July 27, 2021
    Date of Patent: January 28, 2025
    Assignee: LG ENERGY SOLUTION, LTD.
    Inventor: Junghyun Kwon
  • Patent number: 12200490
    Abstract: A method provisions keys in a network of connected objects, including a plurality of such objects as well as a programming station. The nodes of the network could communicate over a main channel and over a secure auxiliary channel, distinct from the main channel. After a first phase of authentication and mutual identification with the nodes of the network, a terminal including a secure hardware element, broadcasts, in a second phase, a set of secret keys to each node, via the auxiliary channel, the set of secret keys including a first secret key intended to authenticate the nodes belonging to the network and a second secret key, intended to encrypt the exchanges over the main channel. In a third phase, the programming station performs a discovery of the nodes of the network.
    Type: Grant
    Filed: May 27, 2022
    Date of Patent: January 14, 2025
    Assignee: COMMISSARIAT A L'ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES
    Inventor: Christine Hennebert
  • Patent number: 12182274
    Abstract: An adversarial robustness testing method, system, and computer program product include testing, via an accelerator, a robustness of a black-box system under different access settings, where the testing includes tearing down the robustness testing to a subtask of a predetermined size.
    Type: Grant
    Filed: October 20, 2023
    Date of Patent: December 31, 2024
    Assignee: International Business Machines Corporation
    Inventors: Pin-Yu Chen, Sijia Liu, Lingfei Wu, Chia-Yu Chen
  • Patent number: 12177184
    Abstract: A system and method for providing dynamic network traffic policies is provided. The method includes: inspecting a workload for a cybersecurity object, the cybersecurity object indicating a cybersecurity risk, wherein the workload is deployed in a cloud computing environment having a firewall connected to an external network; detecting the cybersecurity risk on the workload based on the cybersecurity object; generating a policy for the firewall based on the cybersecurity risk; and configuring the firewall to apply the generated policy.
    Type: Grant
    Filed: February 7, 2024
    Date of Patent: December 24, 2024
    Assignee: Wiz, Inc.
    Inventors: Lidor Gonshorowitz, Oron Noah, Ami Luttwak, Yinon Costica, Roy Reznik
  • Patent number: 12167233
    Abstract: Some aspects of the present disclosure include systems and techniques for key exchange and encryption to facilitate secure wireless communication. Certain aspects of the present disclosure are directed towards a method for wireless communication by a first device. The method generally includes determining, at a security system, a first output associated with a first expression having a first value for a variable of the first expression; determining, at the security system, a second value; evaluating, at the security system, a second expression based on the first output and the second value, the second expression being evaluated to determine a second output associated with the first expression with the variable having a third value, the third value being a product of the first value and the second value; and communicating, via a communication interface coupled to the security system, a message based on the second output.
    Type: Grant
    Filed: June 16, 2022
    Date of Patent: December 10, 2024
    Assignee: QUALCOMM Incorporated
    Inventor: Remi Geraud-Stewart
  • Patent number: 12155570
    Abstract: Implementations of the present disclosure are directed to systems and methods for reducing the size of packet headers by using a single field to encode multiple elements. Instead of including separate fields for each element, one or more encoded fields may be used, each of which is decoded to determine two or more values for the data packet. A receiving device decodes the encoded data field to retrieve the two or more values.
    Type: Grant
    Filed: November 18, 2022
    Date of Patent: November 26, 2024
    Assignee: Micron Technology, Inc.
    Inventor: Tony Brewer
  • Patent number: 12143492
    Abstract: A zero-touch deployment (ZTD) manager receives a first request to issue a first cryptographic token to a constrained device for establishing a communications session between the constrained device and a secured resource. The ZTD manager evaluates identity information corresponding to the constrained device and determines whether the identity information is valid. If so, the ZTD manager returns the first cryptographic token to the constrained device, where it is stored in cache memory. The ZTD manager receives a second request to obtain a second cryptographic token from the secured resource. When the second cryptographic token is provided to the secured resource, the secured resource uses this second cryptographic token to validate the first cryptographic token and to facilitate the communications session with the constrained device.
    Type: Grant
    Filed: August 4, 2022
    Date of Patent: November 12, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Michael Freed, Elango Ganesan, Swapna Anandan
  • Patent number: 12143494
    Abstract: The invention refers to a method for increasing a security level of one-time-password message format of an organization and for disabling displays of one-time-passwords on screens of smartphones in a state of locked-screen-preview. The method includes the steps of having a computer system of an organization on which the format is saved and used for sending one-time-passwords to smartphones of clients of the organization, redrafting the format or replacing the format with a new format to include at least one hundred and twenty characters from the beginning of the redrafted or the new format until the digits that comprise the one-time-password, and using the redrafted or the new format for sending one-time-passwords to smartphones of clients of the organization. By that, the one-time-passwords are disabled to be shown on the screens of the smartphones that are in a state of locked-screen-preview.
    Type: Grant
    Filed: June 9, 2024
    Date of Patent: November 12, 2024
    Inventors: Meir Dahan, Eliahu Antopolsky
  • Patent number: 12136084
    Abstract: An example operation may include one or more of receiving, by a data store peer, measured values of objects, storing, by the data store peer, the measured values along with corresponding hash/time pair values on a data store of the data store peer, executing, by the data store peer, a smart contract to update the hash/time pair values on a blockchain ledger, executing, by the data store peer, a smart contract to retrieve hash values corresponding to a particular time from the blockchain ledger and providing the hash values to the data store, generating, by the data store peer, a summary table that contains object values retrieved from the data store based on the hash values, and executing, by the data store peer, a smart contract to calculate a fee based on the summary table.
    Type: Grant
    Filed: November 3, 2018
    Date of Patent: November 5, 2024
    Assignee: International Business Machines Corporation
    Inventor: Hiroaki Nakamura
  • Patent number: 12126717
    Abstract: In one arrangement, a method for using symmetric keys between two entities comprising a device and a host include initiating, by the device, a transaction involving original data, wherein the original data needs to be verified by the host. The method further includes deriving, by the device, a first key based on a previously generated key and a first number, wherein the first key is unique to the transaction, and the first number is randomly generated. The method further includes sending, by the device, the first key to the host for verification.
    Type: Grant
    Filed: December 27, 2021
    Date of Patent: October 22, 2024
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Phillip H. Griffin, Jeffrey J. Stapleton
  • Patent number: 12126737
    Abstract: The present application provides methods for downloading a key, a client, a password device, and a terminal device, in which, the client sends a request for downloading an initial key to a backend server, and receives a server identity certificate delivered by the backend server and forwards the server identity certificate to the password device. The client acquires a device identity ciphertext returned by the password device and sends the device identity ciphertext to the backend server. The client acquires a server identity ciphertext and an initial key ciphertext generated by the backend server, and sends the server identity ciphertext to the password device. After the password device successfully verifies an identity of the backend server, the client sends the initial key ciphertext to the password device.
    Type: Grant
    Filed: October 8, 2019
    Date of Patent: October 22, 2024
    Assignee: PAX COMPUTER TECHNOLOGY (SHENZHEN) CO., LTD.
    Inventors: Lijun Li, Rongshou Peng
  • Patent number: 12105854
    Abstract: A data intermediary system includes a processor and a storage unit. The storage unit stores, for a plurality of services used by a user in the past, provision situation information indicating data for each item of the data provided to a service provider to use the service. The processor acquires information indicating an item of data requested, by the service provider, acquires the provision situation of data of the same item as the item of the data requested by the service provider, determines that an item of the data whose provision situation satisfies a predetermined condition is provided to the service provider, and controls distribution of the data to the service provider that that holds the data of the item determined to be provided.
    Type: Grant
    Filed: January 13, 2022
    Date of Patent: October 1, 2024
    Inventors: Bandara Syafril, Mitsuhiro Kitani, Satoshi Iimuro
  • Patent number: 12107948
    Abstract: An authentication encryption device generates a mask sequence having, as an element, multiplication, in a Galois field, of a basic mask and a primitive element raised to power of an exponent. The basic mask is defined based on an initialization vector, a secret key, and a constant. The primitive element is a primitive element of a multiplicative group of the Galois field. The exponent differs per cleartext block. The authentication encryption device generates a mask for tag generation by multiplication, in the Galois field, of the basic mask and the primitive element of the multiplicative group of the Galois field raised to power of an exponent differing from the exponent in any of the element in the mask sequence.
    Type: Grant
    Filed: February 28, 2020
    Date of Patent: October 1, 2024
    Assignee: NEC CORPORATION
    Inventor: Akiko Mukai
  • Patent number: 12107956
    Abstract: An information processing device according to the present application includes a control unit. The control unit acquires, from an authentication server in a state in which a first authenticator used for FIDO authentication and a second authenticator used for recovery for the FIDO authentication cooperate with each other, a recovery execution request that is transmitted from a user terminal including the second authenticator to the authentication server, and if the recovery execution request meets a predetermined authentication condition that is set in advance, notifies the user terminal including the second authenticator of a recovery execution permission.
    Type: Grant
    Filed: March 7, 2022
    Date of Patent: October 1, 2024
    Assignee: Yahoo Japan Corporation
    Inventors: Hidehito Gomi, Shuji Yamaguchi
  • Patent number: 12093353
    Abstract: Methods and systems for user authentication. At a server, receiving unique fingerprint information for an unauthenticated browsing session with the server by a first user device. The unique fingerprint information received is compared with respective historical fingerprint information associated with a plurality of user accounts stored on the server. Based on the comparison, determining that one of the plurality of user accounts has associated historical fingerprint information that matches the unique fingerprint information with at least a threshold confidence level. In response to receiving user input from a second device indicating that the unauthenticated browsing session corresponds to the one of the plurality of user accounts, associating the unauthenticated browsing session with the one of the plurality of user accounts.
    Type: Grant
    Filed: September 4, 2020
    Date of Patent: September 17, 2024
    Assignee: Shopify Inc.
    Inventor: Siavash Ghorbani
  • Patent number: 12088697
    Abstract: The disclosed computer-implemented method for protecting the security of authentication credentials utilized to access sensitive data during online transactions may include (i) registering, utilizing a set of cryptographic keys, a proxy service with a third-party service provider of sensitive online transactions, (ii) identifying user credentials for accessing the third-party service provider, (iii) encrypting the user credentials utilizing the set of cryptographic keys, (iv) sending the encrypted user credentials in a request for authentication tokens, (v) accessing, responsive to the request, the authentication tokens for sharing with an access manager of the user credentials, and (vi) performing a security action that protects against a data privacy invasion by utilizing the authentication tokens to validate a user requesting access to a website hosted by the third-party service provider without the user credentials. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 29, 2022
    Date of Patent: September 10, 2024
    Assignee: GEN DIGITAL INC.
    Inventors: SriHarsha Angara, Lisa Kurahashi, Mahesh Kamsala, Richard Amancio
  • Patent number: 12088741
    Abstract: Discussed is a mutual authentication protocol, and systems, methods and devices implementing the same. Such a protocol may be used, as a non-limiting example, by devices coupled by low throughput connections for speedy authentication to establish a secure communication session.
    Type: Grant
    Filed: September 3, 2020
    Date of Patent: September 10, 2024
    Assignee: Microchip Technology Incorporated
    Inventor: Paolo Trere
  • Patent number: 12089050
    Abstract: Techniques disclosed herein relate to the pairing of a pairing initiator device and a pairing responder device for communication. The pairing initiator device and the pairing responder device range with each other to determine the distance between the pairing initiator device and the pairing responder device. Based on the distance being below a threshold distance, the pairing initiator device and the pairing responder device wirelessly pair with each other without further input from the user.
    Type: Grant
    Filed: December 22, 2022
    Date of Patent: September 10, 2024
    Assignee: Apple Inc.
    Inventors: Brent M. Ledvina, Yannick L. Sierra, Kyle C. Brogle, Steven Andrew Myers
  • Patent number: 12081654
    Abstract: Provided is a method to authenticate a user equipment (UE) at a service provider (SP), when the UE is compliant with either Generic Bootstrap Architecture (GBA) or Authentication and Key Agreement for Applications (AKMA). The user authentication is performed by way of the GBA or AKMA protocol The method relies on the Mobile Network Operator's (MNO) GBA or AKMA authentication framework. It can employ a Diffie-Hellman exchange between the user equipment (UE) and the service provider (SP), leading to a Diffie-Hellman session key (gxy), while establishing the GBA or AKMA protocol. The method calculates a final Network Application Function (NAF) or AKMA Application Function key (iNAF_key or iAApF_key) to maintain confidentiality of the communication between the user equipment (UE) and the service provider (SP). It derives this key from the Diffie-Hellman session key (gxy) and from the respective protocol's service provider key (Ks_ext/int_NAF or KAF).
    Type: Grant
    Filed: April 7, 2020
    Date of Patent: September 3, 2024
    Assignee: THALES DIS FRANCE SAS
    Inventors: Mireille Pauliac, Ly Thanh Phan
  • Patent number: 12081969
    Abstract: Systems and methods for device agnostic remote eSIM provisioning. One example method includes detecting, with an electronic processor, a provisioning trigger event. The method includes, responsive to detecting the provisioning trigger event, transmitting, via a transceiver, a provisioning request to a mobile device management server, the provisioning request including a device identifier and an identifier for an integrated circuit card of the wireless communication device. The method includes receiving, from the mobile device management server, an activation code. The method includes transmitting, to the integrated circuit card, a provisioning command based on the activation code.
    Type: Grant
    Filed: September 15, 2020
    Date of Patent: September 3, 2024
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: Harsha Sureshlal, Kiran Kumar Krishna, Jeevan Kishore Pattiam
  • Patent number: 12069162
    Abstract: A method for creating a secure channel between devices for secure communication therebetween. The method comprises transmitting a first nonce from an initiator device to a responder device; receiving, at the initiator device, a second nonce and an identity of the responder device; transmitting an identity of the initiator device and a first set of one or more encrypted data objects from the initiator device to the responder device; receiving, at the initiator device, a second set of one or more encrypted data objects from the responder device; and generating, at the initiator device, a session key for secure communication between the initiator and responder devices.
    Type: Grant
    Filed: September 10, 2021
    Date of Patent: August 20, 2024
    Assignee: ASSA ABLOY AB
    Inventor: Martin Kaufmann
  • Patent number: 12063214
    Abstract: Disclosed are various approaches for authenticating a user through a voice assistant device and creating an association between the device and a user account. The request is associated with a network or federated service. The user can use a client device, such as a smartphone, to initiate an authentication flow. A passphrase is provided to the client device can captured by the client device and a voice assistant device. Audio captured by the client device and voice assistant device can be sent to an assistant connection service. The passphrase and an audio signature calculated from the audio can be validated. An association between the user account and the voice assistant device can then be created.
    Type: Grant
    Filed: February 25, 2020
    Date of Patent: August 13, 2024
    Assignee: VMware LLC
    Inventor: Rohit Pradeep Shetty
  • Patent number: 12047517
    Abstract: A method for sequential authentication based on chain of authentication using public key infrastructure (PKI) is provided. The method includes abutting a first wearable device belonging to a first party with a second wearable device belonging to a second party; transmitting, by the first wearable device, authentication information of the first party; verifying the authentication information of the first party; transmitting, by the second wearable device, authentication information of the second party; verifying the authentication information of the second party; authorizing electronic transaction in response to successfully verifying both the authentication information of the first party and the authentication information of the second party. Each of the authentication information of the first party and the authentication information of the second party includes information configured for authentication based on a public key infrastructure (PKI) certificate.
    Type: Grant
    Filed: September 10, 2021
    Date of Patent: July 23, 2024
    Inventor: Unho Choi
  • Patent number: 12041509
    Abstract: An authentication-gaining apparatus includes: an acquiring unit that acquires unique information; an encrypting unit that encrypts the unique information using a cryptographic key, thereby generating encrypted information; and a transmitting unit that repeatedly transmits an authentication request containing the encrypted information, to an authentication apparatus, during an authentication period, wherein multiple authentication requests respectively containing encrypted information obtained by encrypting multiple pieces of unique information are transmitted during the authentication period.
    Type: Grant
    Filed: October 11, 2019
    Date of Patent: July 16, 2024
    Assignee: Sinumy Corporation
    Inventors: Yasuhiko Adachi, Takanori Isobe
  • Patent number: 12040820
    Abstract: A system and method for data compression with homomorphic encryption, which enables secure storage of private information in a database, and which enables searching and comparison of encrypted data within the database, comprising a stream condition system configured to optimize the contents of received data for lossless compression by a data encoder, a data encoder to perform the lossless compression, and an encrypted search engine configured to encrypt the compressed data according to a homomorphic encryption scheme and store the encrypted data in a database. The system may receive a data query and encrypt the data query according to the homomorphic encryption scheme. The encrypted data query may be compared against an encrypted element in the database and an encryption score generated. The encryption score may be compared against a set of criteria to determine if a match is found. Matched data may be returned to the requesting entity.
    Type: Grant
    Filed: November 28, 2023
    Date of Patent: July 16, 2024
    Assignee: ATOMBEAM TECHNOLOGIES INC.
    Inventors: Joshua Cooper, Charles Yeomans
  • Patent number: 12032979
    Abstract: A virtualization host is identified for an isolated run-time environment. One or more records generated at a security module of the host, which indicate that a first phase of a multi-phase establishment of an isolated run-time environment has been completed by a virtualization management component of the host, is transmitted to a resource verifier. In response to a host approval indicator from the resource verifier, the multi-phase establishment is completed at the virtualization host.
    Type: Grant
    Filed: November 6, 2019
    Date of Patent: July 9, 2024
    Assignee: Amazon Technologies, Inc.
    Inventor: Samartha Chandrashekar
  • Patent number: 12034699
    Abstract: Systems and methods for file sharing over secure connections.
    Type: Grant
    Filed: May 12, 2023
    Date of Patent: July 9, 2024
    Assignee: Parallels International GmbH
    Inventors: Alexey Petrukhin, Grigory Nikolaenko, Nikolay Dobrovolskiy, Serguei Beloussov
  • Patent number: 12028324
    Abstract: A server device is provided for authenticating client devices on a communication network. The server device includes a transceiver configured for operable communication with at least one client of the communication network, and a processor including a memory configured to store computer-executable instructions. When executed by the processor, the instructions cause the server device to transmit one or more messages of an authentication exchange with a client device, transmit a server Registration Authorization Token (RAT) associated with the server device to the client device, receive from the client device a client RAT associated with the client device, and store the client RAT.
    Type: Grant
    Filed: July 1, 2021
    Date of Patent: July 2, 2024
    Assignee: Cable Television Laboratories, Inc.
    Inventor: Massimiliano Pala
  • Patent number: 12026412
    Abstract: Methods, apparatuses, and computer program products are provided to facilitate connections between devices, such as a printer and a cloud-based server, and to implement an adaptive application framework. In the context of an apparatus, a printer is provided comprising communications circuitry configured to facilitate communications with a network; and processing circuitry configured to transmit a connection request to the network; receive requested connection parameters from the network; transmit printer connection parameters to the network; and establish a first secure connection between the printer and the network. The printer comprising processing circuitry further configured to receive requested connection parameters comprising at least a signed security certificate and a DNS name for a server on the network and to verify the signed security certificate and the DNS name for the server.
    Type: Grant
    Filed: July 26, 2022
    Date of Patent: July 2, 2024
    Assignee: Zebra Technologies Corporation
    Inventor: Bret M. Anno
  • Patent number: 12021555
    Abstract: An implantable medical device, external device and method for managing a wireless communication are provided. The IMD includes a transceiver configured to communicate wirelessly, with an external device (ED), utilizing a protocol that utilizes multiple physical layers. The transceiver is configured to transmit information indicating that the transceiver is configured with first, second, and third physical layers (PHYs) for wireless communication. The IMD includes memory configured to store program instructions. The IMD includes one or more processors configured to execute instructions to obtain an instruction designating one of the first, second and third PHY to be utilized for at least one of transmission or reception, during a communication session, with the external device and manage the transceiver to utilize, during the communication session, the one of the first, second and third PHY as designated.
    Type: Grant
    Filed: October 30, 2020
    Date of Patent: June 25, 2024
    Assignee: Pacesetter, Inc.
    Inventors: Perry Li, Jeffery Crook, Souvik Dubey
  • Patent number: 11997096
    Abstract: A distributed computing system provides a distributed data store for network enabled devices at the edge. The distributed database is partitioned such that each node in the system has its own partition and some number of followers that replicate the data in the partition. The data in the partition is typically used in providing services to network enabled devices from the edge. The set of data for a particular network enabled device is owned by the node to which the network enabled device connects. Ownership of the data (and the data itself) may move around the distributed computing system to different nodes, e.g., for load balancing, fault-resilience, and/or due to device movement. Security/health checks are enforced at the edge as part of a process of transferring data ownership, thereby providing a mechanism to mitigate compromised or malfunctioning network enabled devices.
    Type: Grant
    Filed: May 18, 2021
    Date of Patent: May 28, 2024
    Assignee: Akamai Technologies, Inc.
    Inventors: Mark M. Ingerman, Robert B. Bird
  • Patent number: 11997081
    Abstract: A variable-step authentication system and a method for operating for performing variable-step authentication for communications in a controlled environment is disclosed. The variable-step authentication system may include a communication device and a server. The variable-step method includes steps for determining an authentication process that involves a number of authentication steps. The number of authentication steps is variable and dependent on a trust level associated with each participant in the communication.
    Type: Grant
    Filed: July 12, 2022
    Date of Patent: May 28, 2024
    Assignee: Global Tel*Link Corporation
    Inventor: Stephen L. Hodge
  • Patent number: 11991286
    Abstract: An exemplary method includes an access management system receiving a signed message that is associated with a non-fungible digital asset and that includes a non-fungible digital asset identifier and a nonce. The non-fungible digital asset may be configured to provide access to an access-restricted resource. Based on the non-fungible digital asset identifier included in the signed message, the access management system may access a distributed record that is configured to store ownership information associated with the non-fungible digital asset. Based on the signed message and the ownership information stored in the distributed record, the access management system may verify that a user of the non-fungible digital asset is authorized to access the access-restricted resource.
    Type: Grant
    Filed: August 18, 2021
    Date of Patent: May 21, 2024
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Dante J. Pacella, Nazneen Khan, Rea Setya
  • Patent number: 11968233
    Abstract: A trust rule between a first service and a second service in a plurality of services deployed in a distributed system is received; the trust rule defines whether the first service is allowed to access the second service. A trust tree is obtained for the distributed system, and the trust tree comprises a plurality of certificates for accessing the plurality of services. A first group of certificates is selected for the first service based on the trust rule and the trust tree, and the first group of certificates enables the first service to access the second service.
    Type: Grant
    Filed: May 28, 2021
    Date of Patent: April 23, 2024
    Assignee: International Business Machines Corporation
    Inventors: Peng Hui Jiang, Hui Zhao, Li Wen, Guang Yi Xu
  • Patent number: 11956273
    Abstract: Systems, methods, and computer-readable media for discovering trustworthy devices through attestation and authenticating devices through mutual attestation. A relying node in a network environment can receive attestation information from an attester node in the network environment as part of a unidirectional push of information from the attester node according to a unidirectional link layer communication scheme. A trustworthiness of the attester node can be verified by identifying a level of trust of the attester node from the attestation information. Further, network service access of the attester node through the relying node in the network environment can be controlled based on the level of trust of the attester node identified from the attestation information.
    Type: Grant
    Filed: August 8, 2022
    Date of Patent: April 9, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Patent number: 11935151
    Abstract: Examples described herein relate to a graphics processing system that includes one or more integrated graphics systems and one or more discrete graphics systems. In some examples, an operating system (OS) or other software supports switching between image display data being provided from either an integrated graphics system or a discrete graphics system by configuring a multiplexer at runtime to output image data to a display. In some examples, a multiplexer is not used and interface supported messages are used to transfer image data from an integrated graphics system to a discrete graphics system and the discrete graphics system generates and outputs image data to a display. In some examples, interface supported messages are used to transfer image data from a discrete graphics system to an integrated graphics system and the integrated graphics system uses an overlay process to generate a composite image for output to a display.
    Type: Grant
    Filed: July 7, 2022
    Date of Patent: March 19, 2024
    Assignee: Intel Corporation
    Inventors: James E. Akiyama, John Howard, Murali Ramadoss, Gary K. Smith, Todd M. Witter, Satish Ramanathan, Zhengmin Li
  • Patent number: 11934527
    Abstract: A method is disclosed and includes authenticating a first stage boot loader and authenticating a second stage boot loader in response to authentication of the first stage boot loader. The method also includes executing the second stage boot loader in response to authentication of the second stage boot loader. Executing the second stage boot loader includes loading an operating system, a first set of machine-readable instructions, and first configuration information associated with the first set of machine-readable instructions onto a non-transitory computer-readable medium, wherein the first set of machine-readable instructions and the first configuration information are associated with one or more priority partitions. Executing the second stage boot loader includes authenticating the operating system and the first set of machine-readable instructions.
    Type: Grant
    Filed: September 24, 2020
    Date of Patent: March 19, 2024
    Assignee: General Electric Company
    Inventors: Jeffrey S. Gilton, Matthew B. Pfenninger, Douglas R. Nichols, Mark E Hingsbergen
  • Patent number: 11909742
    Abstract: Embodiments of the present disclosure relate to managing admin-controlled access of external resources to group-based communication interfaces associated with an organization, via a group-based communication system including APIs for improved external resource permissioning, provisioning, and access handling. Embodiments include methods, computer program products, apparatuses, and systems configured to receive an external resource access request, determine an organization identifier, obtain an admin response indication, set an external resource permission status for the external resource based on the admin response indication, and cause rendering of the requested group-based communication interface based on the admin response indication. Embodiments further relate to provisioning and handling requests for services associated with an external resource by managing one or more single-interface access tokens linked to a multi-interface access token.
    Type: Grant
    Filed: February 18, 2022
    Date of Patent: February 20, 2024
    Assignee: Salesforce, Inc.
    Inventors: Salman Suhail, Saurabh Sahni, Kefan Xie, Emilio Aurea, Shilpi Sanchetee, Nupur Goyal, Carly Robinson
  • Patent number: 11902440
    Abstract: A method for providing Cheon-resistance security for a static elliptic curve Diffie-Hellman cryptosystem (ECDH), the method including providing a system for message communication between a pair of correspondents, a message being exchanged in accordance with ECDH instructions executable on computer processors of the respective correspondents, the ECDH instructions using a curve selected from a plurality of curves, the selecting including choosing a range of curves; selecting, from the range of curves, curves matching a threshold efficiency; excluding, within the selected curves, curves which may include intentional vulnerabilities; and electing, from non-excluded selected curves, a curve with Cheon resistance, the electing comprising a curve from an additive group of order q, wherein q is prime, such that q?1=cr and q+1=ds, where r and s are primes and c and d are integer Cheon cofactors of the group, such that cd?48.
    Type: Grant
    Filed: February 27, 2023
    Date of Patent: February 13, 2024
    Assignee: Malikie Innovations Limited
    Inventor: Daniel Richard L. Brown
  • Patent number: 11895251
    Abstract: A verifier device of an authentication system comprises physical layer circuitry and processing circuitry coupled to the physical layer circuitry. The processing circuitry is configured to encode an authentication command for sending to a credential device; decode a response communication received from the credential device, wherein the response communication includes a first random number; encrypt the first random number, a second random number, and verifier keying material for sending to the credential device; decrypt encrypted information received from the credential device, wherein the encrypted information includes the first random number, the second random number, and receiver keying material; and calculate a session encryption key using the verifier keying material and the receiver keying material.
    Type: Grant
    Filed: September 18, 2020
    Date of Patent: February 6, 2024
    Assignee: ASSA ABLOY AB
    Inventors: Martin Kaufmann, Adam Augustyn
  • Patent number: 11886548
    Abstract: An exemplary method includes a digital asset management system generating a set of collectible non-fungible digital assets, generating metadata specifying that non-fungible digital assets included the set of collectible non-fungible digital assets are configured to combine together to form a layered scene configured to be presented by a computer system, and recording, in a distributed record configured to track ownership of non-fungible digital assets, ownership information associated with the set of collectible non-fungible digital assets.
    Type: Grant
    Filed: July 2, 2021
    Date of Patent: January 30, 2024
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Nazneen Khan, Dante J. Pacella, Rea Setya
  • Patent number: 11882114
    Abstract: In IP communication, an authentication code AC1 uniquely generated by a receiving-side communication device 1b is sent to an originating-side communication device 1a (S1, S2), and stored in the originating-side communication device (S3). Packets in which the stored authentication code is embedded are sent to the receiving-side communication device 1b on connection from the originating-side communication device 1a to the receiving-side communication device 1b (S4), and it is determined at the receiving-side communication device whether the originating-side communication device is true or false depending on if the authentication code sent from the receiving-side communication device is contained in the packets received from the originating-side communication device or not (S5).
    Type: Grant
    Filed: May 14, 2020
    Date of Patent: January 23, 2024
    Assignee: KOGA ELECTRONICS CO., LTD.
    Inventor: Tadashi Nakanuma
  • Patent number: 11882215
    Abstract: One disclosed example method includes a leader client device associated with a leader participant generating a meeting key for a video meeting joined by multiple participants. For each participant, the leader client device obtains a long-term public key and a cryptographic signature associated with the participant. The leader client device verifies the cryptographic signature of the participant based on the long-term public key and the cryptographic signature. If the verification is successful, the leader client device encrypts the meeting key for the participant using a short-term private key generated by the leader client device, a short-term public key of the participant, a meeting identifier, and a user identifier identifying the participant. The leader client device further publishes the encrypted meeting key for the participant on the meeting system. The leader client device encrypts and decrypts meeting data communicated with other participants based on the meeting key.
    Type: Grant
    Filed: May 21, 2021
    Date of Patent: January 23, 2024
    Assignee: Zoom Video Communications, Inc.
    Inventors: Simon Booth, Karan Lyons
  • Patent number: 11876901
    Abstract: An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.
    Type: Grant
    Filed: September 23, 2022
    Date of Patent: January 16, 2024
    Assignee: Malikie Innovations Limited
    Inventors: Daniel Richard L. Brown, Scott Alexander Vanstone
  • Patent number: 11848920
    Abstract: Verifiable, secure communications between a sender and a receiver on at least one shared communication channel is provided. A manicoded key encoder produces an argument of knowledge for a secret key to the at least one shared communication channel, and a manicoded message encoder provides an implication argument indicating that knowledge of the secret key enables access to message content of the manicoded message. The argument of knowledge is included in a key manifest for the secret key within a manicoded key, and the implication argument is included in a message manifest of a manicoded message. In this way, the sender may provide message content within the manicoded message, and the receiver may operate a decoder to access the message content. A verifier may use the manicoded key and the manicoded message to verify that the receiver has access to the message content.
    Type: Grant
    Filed: July 11, 2022
    Date of Patent: December 19, 2023
    Inventor: Yaron Gvili
  • Patent number: 11836256
    Abstract: An adversarial robustness testing method, system, and computer program product include testing a robustness of a black-box system under different access settings via an accelerator.
    Type: Grant
    Filed: January 24, 2019
    Date of Patent: December 5, 2023
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Pin-Yu Chen, Sijia Liu, Lingfei Wu, Chia-Yu Chen
  • Patent number: 11824841
    Abstract: A constrained device, such as an Internet of Things (IoT) device, can use a handshake procedure to establish a secure transport session with a server and generate a corresponding client session state. The constrained device can encrypt the client session state into an encrypted client session state, and transmit the encrypted client session state to the server. When the constrained device enters an idle mode, the client session state may be cleared from memory of the constrained device. However, when the constrained device next wakes from the idle mode and re-enters an active mode, the constrained device can retrieve the encrypted client session state from the server. The constrained device can decrypt the encrypted client session state to recover the client session state, and use the recovered client session state to resume the secure transport session instead of establishing a new secure transport session with a new client session state.
    Type: Grant
    Filed: August 18, 2020
    Date of Patent: November 21, 2023
    Assignee: T-Mobile USA, Inc.
    Inventor: Sergey Slovetskiy
  • Patent number: 11824999
    Abstract: Aspects and features of a cryptosystem and authentication for the cryptosystem, and a method or process for the cryptosystem, are described. In one example, a method for cryptographic communications includes storing a secret key, generating a system randomization number, and encrypting a plain data package into an encrypted data package by application of the plain data package, the secret key, and the system randomization number to a system of equations for encryption. The system of equations can be a system of linearly dependent equations in one example. Among other benefits, the cryptosystem relies upon the system of linearly dependent equations and the system randomization number to provide additional strength against known-plaintext attacks, chosen-plaintext attacks, and other types of attacks. The system is more semantically secure and offers ciphertext indistinguishability in a new approach using the system of linearly dependent equations.
    Type: Grant
    Filed: August 13, 2021
    Date of Patent: November 21, 2023
    Assignee: Winkk, Inc.
    Inventors: Rustam Islamov, Roustem Akhiarov