Mutual Entity Authentication Patents (Class 713/169)
  • Patent number: 11172359
    Abstract: A method and apparatus provide for security for restricted local operator services. At least one of a restricted local operator services indication and security capabilities associated with the restricted local operator services can be sent. A non-access stratum key exchange request including a symmetric root key can be received. The symmetric root key can be encrypted with a public key. The non-access stratum key exchange request can be acknowledged. A non-access stratum security key can be derived with the symmetric root key. Radio interface keys for user plane and radio resource control can be derived with the symmetric root key.
    Type: Grant
    Filed: August 8, 2018
    Date of Patent: November 9, 2021
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Andreas Kunz, Genadi Velev
  • Patent number: 11153748
    Abstract: A Wi-Fi access point device (APD) includes a controller, a radio, and a memory. The memory contains instructions for establishing a programmed secure Wi-Fi onboarding SSID with the client device with connection to the external network. The controller is configured to instruct the radio to broadcast the open Wi-Fi onboarding SSID for a predetermined period of time. The controller is also configured to: instruct the radio to broadcast an established programmed secure Wi-Fi onboarding SSID; onboard the Wi-Fi APD to the external network, based on information communicated between the Wi-Fi client device and the Wi-Fi APD over the established programmed secure Wi-Fi onboarding SSID; and instruct the radio to stop the broadcast of the open Wi-Fi onboarding SSID at the earlier of a termination of the predetermined time period and the onboarding of the Wi-Fi APD to the external network.
    Type: Grant
    Filed: July 24, 2020
    Date of Patent: October 19, 2021
    Assignee: ARRIS ENTERPRISES LLC
    Inventors: Sathish Arumugam Chandrasekaran, Muralidharan Narayanan, Jalagandeswari Ganapathy, Amit Srivastava
  • Patent number: 11146557
    Abstract: An augmented reality device engages in a mutual exchange of negotiated services with another device. The negotiation comprises a first exchange of respective zero-knowledge proofs, and second exchange of credentials followed by verification of the credentials by a trusted third party, and further exchanges of information comprising services provided by the augmented reality device to the other device, and vice versa. The services are used, in embodiments, to customize an augmented reality experience.
    Type: Grant
    Filed: April 19, 2019
    Date of Patent: October 12, 2021
    Assignee: Vulcan Inc.
    Inventors: Paul G. Allen, Alan Caplan, Keith Rosema, Jeffrey Alex Kramer
  • Patent number: 11134379
    Abstract: This application discloses an identity authentication method, a device, and a system. The method includes: obtaining a first master public key and a first private key from a key generation center; sending a ClientHello message; obtaining a second identity from a ServerKeyExchange message; generating a pre-shared key of a selected PSK mode by using the second identity, the first private key, and the first master public key; and completing identity authentication with a second device by using the pre-shared key. According to the method, device, and system provided in embodiments of this application, an identity can be transmitted by using information in the TLS protocol, without extending the TLS protocol. This can avoid a compatibility problem caused by TLS protocol extension.
    Type: Grant
    Filed: May 23, 2019
    Date of Patent: September 28, 2021
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Jie Shi, Yanjiang Yang, Guilin Wang
  • Patent number: 11122429
    Abstract: A system for controlling airplane mode of a user device is configured to transmit a connection request to a telecommunication network for connecting with a target user device over a first communication channel. Upon receiving a call failure response from the telecommunication network the system is configured to transmitting a second communication request to the target user device through a second communication channel, wherein the second communication request comprises a target authentication key. The target user device is configured for generating an authentication response upon authentication of the second communication request based on the target authentication key. Further, the system is configured to transmit an activation signal to the target user device through the secondary communication channel for deactivating the airplane-mode and activate the first communication channel upon receipt of the activation signal.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: September 14, 2021
    Inventors: Maria Teresa Caira, Giuseppe Longobardi, Elvira Zanin, Ciro Oliviero
  • Patent number: 11115284
    Abstract: Systems and methods provide techniques for dynamic rate-limiting, such as techniques that utilize one or more of asynchronous rate-limiting, context-aware rate-limiting, and cost-aware rate-limiting. In one example, a method for asynchronous rate-limiting includes the steps of receiving a rate-limiting request for a service application; extracting one or more policy-defining parameters from the rate-limiting request; querying a local cache storage medium associated with the rate-limit decision node to identify one or more local rate-limiting policies associated with the rate-limiting request; determining, based on the one or more policy-defining parameters and the one or more local rate-limiting policies, a rate-limiting decision for the rate-limiting request; and transmitting the rate-limiting decision to the service application in response to the rate-limiting request.
    Type: Grant
    Filed: April 8, 2020
    Date of Patent: September 7, 2021
    Assignees: Atlassian PTY Ltd., Atlassian, Inc.
    Inventors: Anre Mario Roshan Paiva, Dean Shaft, Bernice Chen, Abhas Bodas, David Mankin, Martien Verbruggen, Aleksander Mierzwicki, Andrei Beliaev
  • Patent number: 11108749
    Abstract: The present disclosure includes secure device coupling. An embodiment includes a processing resource, memory, and a network management device communication component configured to, identifying a network attached device within a first domain. Generating a domain device secret corresponding to the first domain. Each network attached device within the first domain can share the same domain device secret. Coupling iterations may be performed for each device within the first domain can include: generating a network management device private key and public key. Providing, via short-range communication, the network management device public key and the domain device secret to a network attached device communication component included in each network attached device of the first domain.
    Type: Grant
    Filed: March 25, 2019
    Date of Patent: August 31, 2021
    Assignee: Micron Technology, Inc.
    Inventors: Antonino Mondello, Alberto Troia
  • Patent number: 11106441
    Abstract: The disclosed technology provides for packaging a secure cloud workload at a workload provisioning service. A unique device identifier is received from an edge device. The unique identifier is associated with the edge device. A unique packaging key is cryptographically generated based on the received unique device identifier, a unique workload identifier corresponding to a secure cloud workload to be executed on the edge device, and a nonce. The secure cloud workload is encrypted to generate a packaged secure cloud workload using the cryptographically generated unique packaging key. The encrypted secure cloud workload is transmitted to the edge device. The edge device is capable of independently cryptographically generating the unique packaging key using the unique device identifier, the unique workload identifier, and the nonce. The edge device is also capable of decrypting the packaged secure cloud workload using the generated unique packaging key cryptographically generated by the edge device.
    Type: Grant
    Filed: September 14, 2018
    Date of Patent: August 31, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Eustace Ngwa Asanghanwa, Mahesh Sham Rohera
  • Patent number: 11102125
    Abstract: Described embodiments provide systems and methods for securing communications between services in a cluster using load balancing. A first proxy of a first node of a cluster of nodes can receive a request for a service from at least one pod of the first node. The service can include a plurality of pods. The plurality of pods can execute in the cluster of nodes including the first node. The first proxy can select, responsive to a load balancing determination, a pod of a second node of the cluster of nodes to receive the request. An encrypted connection can be established with a second proxy of the second node. The request can be forwarded to the selected pod via the encrypted connection to the second proxy. The request can be decrypted at the second proxy and forwarded at the pod of the second node.
    Type: Grant
    Filed: June 27, 2019
    Date of Patent: August 24, 2021
    Assignee: Citrix Systems, Inc.
    Inventors: Mehul Patidar, Swetha Garipally, Nilamadhava Chaudhury, Subrata Sarkar
  • Patent number: 11095634
    Abstract: Techniques are disclosed relating to user authentication using multi-party computation and public key cryptography. In some embodiments, a client system may receive, from a server system, an authentication challenge that includes a first partial signature value. The client system may access key-pair information that includes, for a server key-pair, a server public key and a second component of a server private key, where the server system has access to a first component of the server private key. The client system may then generate a second partial signature value using the second component of the server private key but not an entirety of the server private key, and may generate a final signature value based on the first and second partial signature values. Using the final signature value, the client system may then determine whether the authentication challenge was sent by the server system.
    Type: Grant
    Filed: January 31, 2019
    Date of Patent: August 17, 2021
    Assignee: salesforce.com, inc.
    Inventors: Prasad Peddada, Taher Elgamal
  • Patent number: 11095619
    Abstract: A system may include a first network device configured to communicate via an encrypted session, and a second network device configured to communicate with the first network device via the encrypted session, where the second network device may be configured to perform operations to facilitate communication via the encrypted session. The operations may include receive a first set of data from a device other than the first network device, where the first set of data is used to communicate via the encrypted session. The operations may also include combine peer-to-peer information to be used by the first network device to communicate via the encrypted session to an encrypted packet, where the peer-to-peer information is combined with the encrypted packet in an unencrypted form. The operations may additionally include send the encrypted packet with the peer-to-peer information to the first network device.
    Type: Grant
    Filed: June 27, 2018
    Date of Patent: August 17, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: David Mark Carrel, Praveen Raju Kariyanahalli
  • Patent number: 11088837
    Abstract: A system and associated methods provide digital identity and strong authentication management services for Internet users. The system includes a central, cloud-based, online service, referred to as a central service, which can manage user accounts. The system also includes dedicated, always-on, always-connected, cryptographically unique devices, referred to as beacons, located within the physical residences of its users. The central service associates each beacon with the residence address of its user by physically sending a unique address verification code by postal mail to the user's residence. The user presents the unique code to the beacon, and the beacon cryptographically confirms its identity and the unique code sent to the residence address back to the central service. The beacons can attest to users' identities and provide seamless strong authentication to third-party online service providers on behalf of those users.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: August 10, 2021
    Inventor: Jean-Emmanuel Fontaine
  • Patent number: 11089480
    Abstract: This application sets forth techniques for provisioning electronic subscriber identity modules (eSIMs) to mobile wireless devices that do not include functional bootstrap provisioning profiles to obtain access to a cellular wireless network. Connectivity to a cellular wireless network can be allowed for provisioning one or more eSIMs to a mobile wireless device using hardware device identifiers for authentication and a limited purpose provisioning connection when the cellular wireless network supports provisioning connections without the use of a provisioning profile for access.
    Type: Grant
    Filed: November 21, 2019
    Date of Patent: August 10, 2021
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Anish Kumar Goyal, Chandiramohan Vasudevan, Vikram Bhaskara Yerrabommanahalli, Raj S. Chaugule, Li Li
  • Patent number: 11049090
    Abstract: Methods, systems, and computer program products for providing enhanced mobile transactions and payments are disclosed. A computer-implemented method may include providing a registry of public keys to allow users to securely exchange mobile payment data with respective trusted merchants, sending a request from a computing device of a user to validate a merchant, storing a public key for the merchant from the registry, receiving a merchant identifier from a terminal during a mobile transaction indicating that the terminal is associated with the merchant, receiving a request for information from the terminal as part of the mobile transaction, determining whether the terminal requesting the information is trusted, providing the requested information encrypted using the public key to the terminal when the terminal is trusted, and providing decoy response information to the terminal when the terminal is determined to be untrusted.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: June 29, 2021
    Assignee: PAYPAL, INC.
    Inventor: Max Edward Metral
  • Patent number: 11025642
    Abstract: An electronic message delivery service receives a request to transmit an electronic message to a recipient. In response to the request, the electronic message delivery service determines first information from the electronic message usable to uniquely identify the electronic message. The electronic message delivery service obtains, based at least in part on the first information and a cryptographic key, cryptographic information that can be inserted into the electronic message. The electronic message delivery service inserts the cryptographic information and second information usable to validate at least a portion of the electronic message with the cryptographic information into the electronic message. The electronic message is transmitted to the recipient.
    Type: Grant
    Filed: March 23, 2018
    Date of Patent: June 1, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Matthew Ryan Jezorek, Jason Cetina, Paul Clarke, Douglas Allan Peabody, Matthew Michael Sommer
  • Patent number: 11023890
    Abstract: Embodiments are directed to the generation of a token associated with a status. The status of the token may affect how the token is treated and the types of restrictions placed on the token. The status of the token may indicate that the token is generated based on verification of secure user data. Alternatively, the status of the token may indicate that the token is generated based on insufficient user data and, as such, restrictions may be imposed on the token. The token requestor may be a mobile application, such as a merchant mobile application provisioned on a user device. In response to a token request from the merchant, the token provider issues tokens with varying status based on a confidence level. The status of the token may be indicated in terms of token assurance level.
    Type: Grant
    Filed: June 5, 2015
    Date of Patent: June 1, 2021
    Assignee: Visa International Service Association
    Inventors: Vishwanath Shastry, Shalini Mayor, Calvin Chen
  • Patent number: 11012427
    Abstract: Embodiments are described for enhanced security in a switched network using RSA security between hops of a transmission path of a data frame from an origination node to a destination node, via one or more intervening switches. Each switch and node in a switched network can be configured for “RSA security enabled” or “RSA security disabled.” RSA security can be enabled, or disabled, for the whole network. RSA security can be enabled for all switches (but not nodes) or selectively enabled for switches. If two adjacent devices (nodes or switches) have RSA security enabled, then an RSA secure frame is generated to transmit data on that hop of a transmission path between an originating node and destination node. RSA encryption keys can be different for each hop on the transmission path. RSA token seeds can be regenerated periodically to increase the difficulty of learning an encryption key for any hop.
    Type: Grant
    Filed: June 21, 2018
    Date of Patent: May 18, 2021
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventor: Livingston Paul Delightson
  • Patent number: 11005997
    Abstract: Disclosed are methods, systems, and machine-readable mediums which provide for customer chatbots that detect a customer handoff condition and in response, transferring the customer to a communication session with a live agent. The handoff condition may comprise an inability to understand the customer, an inability to answer the customer's question, expressions of frustration or anger on the part of the customer, a customer's express request to be transferred, or the like. The live agent may receive a complete history of the conversation with the chatbot so that the customer does not have to repeat him or herself to the live agent. The chatbot chat session may be linked to a social networking account of the customer and may take place in association with a social networking profile page of the company.
    Type: Grant
    Filed: March 22, 2018
    Date of Patent: May 11, 2021
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Kristin H. Deegan, Matthew G. Vanhouten, Uma Meyyappan, Jennifer Toby Whateley, Balinder Singh Mangat, Upul D. Hanwella, Kimarie Pike Matthews, Maria J. Latorre, Scott Edward Pitchford
  • Patent number: 10965463
    Abstract: A user apparatus, a base apparatus, and a method for authenticating these apparatuses through exchanging data packets is provided. The user apparatus and the base apparatus are paired, share a set of security algorithms and parameters, and perform a mutual authentication based on the challenge-response authentication mechanism. More in details, each of the challenge data packets includes authentication data (digest_a, digest_b, digest_c) and a set of at least two random sequences having random content and random length, wherein the random sequences are generated excluding those that, in the at least one data packet, produce at least one fake replica of the authentication data that at least one of the apparatuses can erroneously detect.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: March 30, 2021
    Assignee: Saronikos Trading and Services, Unipessoal LDA
    Inventor: Robert James
  • Patent number: 10963448
    Abstract: A method of operating a data store system may include identifying a non-responsive processing node from a plurality of processing nodes. The method may further include generating a new registration key in response to identifying the non-responsive processing node. The method may further include providing the new registration key to the other processing nodes of the plurality of processing nodes excluding the identified non-responsive node. Each processing node provided the new registration key may be authorized to access a plurality of storage devices of a storage array in communication with the plurality of processing nodes. A system and computer-readable medium may also be implemented.
    Type: Grant
    Filed: March 13, 2014
    Date of Patent: March 30, 2021
    Assignee: Teradata US, Inc.
    Inventors: Gary L. Boggs, Eric M. Shank, Franklin F. Meng
  • Patent number: 10958631
    Abstract: The disclosure relates to a security method in a radio access network system. A shared secret key is stored in both a user device and a core network system. A further secret key is received from the core network system, wherein the further secret key has been derived using the shared secret key stored in the core network system. One or more values are provided over the radio interface to the user device to derive the further secret key in the user device from at least the shared secret key stored in the user device and one or more of the one or more values provided over the radio interface. An authentication procedure and/or a key agreement procedure is performed for the user device over the wireless radio interface using the received further secret key in the radio access network system and the derived further secret key in the user device.
    Type: Grant
    Filed: February 6, 2019
    Date of Patent: March 23, 2021
    Assignees: Koninklijke KPN N.V., Nederlandse Organisatie voor Toegepast-Natuurwetenschappelijk Onderzoek TNO
    Inventor: Frank Fransen
  • Patent number: 10951400
    Abstract: An authentication method for a group of devices connected to a network includes selecting the first controller as a coordinator, the coordinator being configured to manage a group key to be used in common in the group. The method includes generating the group key, and performing first mutual authentication and second mutual authentication. The method also includes sharing the group key with each device for which the first mutual authentication has been successful, and sharing the group key with each second controller for which the second mutual authentication has been successful. The method further includes encrypting transmission data by using the group key to generate encrypted data, generating, authentication data by using the group key, and simultaneously broadcasting a message to each device for which the first mutual authentication has been successful and each second controller for which the second mutual authentication has been successful.
    Type: Grant
    Filed: July 15, 2019
    Date of Patent: March 16, 2021
    Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Yuji Unagami, Manabu Maeda, Hideki Matsushima, Tomoki Takazoe, Yoichi Masuda
  • Patent number: 10939370
    Abstract: The present disclosure relates to a communication technique of fusing a 5G communication system for supporting higher data transmission rate beyond a 4G system with an IoT technology and a system thereof, and provides an intelligent service based on the 5G communication technology and the IoT related technology. A method of an initial access and mobility management function (AMF) in a wireless communication system, includes receiving, from a base station, a registration request message including information on a requested slice; determining whether to reroute the registration request message based on subscription information; transmitting, to a network repository function (NRF), a first message to request information on a target AMF which has required capabilities to serve a terminal; receiving, from the NRF, a second message including information on the target AMF; and rerouting, to the target AMF, the registration request message based on the determination.
    Type: Grant
    Filed: January 13, 2020
    Date of Patent: March 2, 2021
    Inventors: Youngkyo Baek, Sunghoon Kim, Hoyeon Lee, Jungje Son
  • Patent number: 10924288
    Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing blockchain-based centralized ledger systems. One of the methods includes transmitting individual timestamp requests for to-be-timestamped blocks in a blockchain to a trust time server independent from a blockchain-based centralized ledger system that stores data in the blockchain, the blockchain including a plurality of blocks storing transaction data, receiving respective timestamps and associated signatures for the to-be-timestamped blocks from the trust time server, and storing information of the respective timestamps and associated signatures for the to-be-timestamped blocks in respective timestamped blocks in the blockchain, any adjacent two of the timestamped blocks in the blockchain being anchored with each other.
    Type: Grant
    Filed: July 10, 2020
    Date of Patent: February 16, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Wenyuan Yan, Yuan Zhang, Xinying Yang, Benquan Yu, Yize Li
  • Patent number: 10921757
    Abstract: An operation control device for controlling operation of an operation device with respect to an operation object includes: operation logic unit that stores in advance an operation logic related to sensor information; virtual object setting unit that sets an operation object to be estimated based on sensor information, as a virtual operation object having an attribute related to presence probability and an operation-related attribute; virtual object operation determination unit that determines whether it is possible to perform an operation with respect to the virtual operation object, based on the attribute related to a presence probability and the operation-related attribute; and operation control unit that controls an operation of the operation device with respect to the operation object by using an operation logic stored in the operation logic means, based on sensor information output from the sensor and a determination result by the virtual object operation determination unit.
    Type: Grant
    Filed: September 15, 2016
    Date of Patent: February 16, 2021
    Assignee: NEC CORPORATION
    Inventor: Hiroaki Nagano
  • Patent number: 10892896
    Abstract: An authentication request is sent to a server. An authentication request reply message is received from the server. A biometric feature input by a user is received. A biometric feature template identifier (ID) corresponding to the received biometric feature is acquired using the received biometric feature. The acquired biometric feature template ID is compared with a stored biometric feature template ID included in an enable record that is used for biometric feature verification and created during a biometric feature verification enabling process. When the two biometric feature template IDs are consistent, an authentication response message is generated. The authentication response message is sent to the server for verification. Verification includes comparing the biometric feature template ID in the authentication response message with the biometric feature template ID in a saved user record. The verification succeeds if the two biometric feature template IDs are consistent; otherwise an error is reported.
    Type: Grant
    Filed: May 18, 2020
    Date of Patent: January 12, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Junsui Lin
  • Patent number: 10892901
    Abstract: The present application provides a facial data collection and verification solution. In this solution, after collecting a face sample, a collection device uses the face sample and check data including a random number as to-be-signed data, performs signature by using a device private key, to obtain a facial data signature, and then obtains trusted facial data based on the to-be-signed data, the facial data signature, and a digital certificate that includes a device public key. When performing verification on the trusted facial data, a facial recognition server sequentially performs verification on the digital certificate that includes the device public key, the facial data signature, and the check data. Because content used for the verification process is added for the face sample on the collection device, subsequent verification cannot succeed if a transmitted communication packet is replaced by an attacker. Therefore, a replay attack is prevented at the collection source.
    Type: Grant
    Filed: March 2, 2020
    Date of Patent: January 12, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Xi Sun, Hongwei Luo
  • Patent number: 10885723
    Abstract: An encrypted communication system includes on-board devices configured to perform encrypted communication with a server located outside a vehicle. Each of the on-board devices includes an encrypted communication portion configured to perform encrypted communication with the server using an encryption key unique to a corresponding one of the on-board devices and a priority setting portion configured to set priority ranks of the on-board devices for encrypted communication. When each of the on-board devices performs encrypted communication with the server and if any one of the on-board devices is set to a higher priority rank, the on-board device is configured to perform encrypted communication with the server via the encrypted communication portion of the on-board device having the higher priority rank.
    Type: Grant
    Filed: December 21, 2017
    Date of Patent: January 5, 2021
    Assignee: TOYOTA JIDOSHA KABUSHIKI KAISHA
    Inventor: Masashi Nakagawa
  • Patent number: 10867172
    Abstract: A method is provided for verifying a user's identity. The method has the following steps: connecting a first and a second data processing device for data communication; running a software application in the second data processing device; for user verification, receiving user identification data in the second data processing device, the user identification data comprising reference data; receiving one or more images of a document assigned to the user in the second data processing device; determining measurement data from image data providing a digital representation of the one or more images; comparing the reference data to the measurement data determined from the digital representation of the one or more images; and providing verification data in the second data processing device, the verification data indicative of the user's identity being verified in the step of comparing the reference data to the measurement data.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: December 15, 2020
    Assignee: WEBID SOLUTIONS GMBH
    Inventors: Thomas Franz Fürst, Tim-Markus Kaiser, Frank Stefan Jorga, Sven Oliver Jorga
  • Patent number: 10862892
    Abstract: Systems, computer products, and methods are described herein for an improved secure certificate system for identifying potential authorized and unauthorized interactions between a web browser and a website. The certificate system utilizes stored certification requirements (e.g., pinned certification requirements, third-party certification requirement system, or the like), and compares the stored certification requirements with received certification requirements. The system may notify the user or prevent the interaction between the web browser and website when the stored certification requirements do not meet the received certification requirements (e.g., a threshold requirement of certificates to validate, validated certificates, or the like). The certificate system allows the interaction between the web browser and website when the stored certification requirements meet the received certification requirements and the website is verified based on the certification requirements.
    Type: Grant
    Filed: September 16, 2019
    Date of Patent: December 8, 2020
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Carl R. Frederick, Joel S. Kazin
  • Patent number: 10841106
    Abstract: A system and methods are provided for establishing an authenticated and encrypted communication connection between two devices with at most two round-trip communications. During establishment of an initial authenticated, encrypted communication connection (or afterward), a first device (e.g., a server) provides the second device (e.g., a client) with a token (e.g., a challenge) that lives or persists beyond the current connection. After that connection is terminated and the second device initiates a new connection, it uses the token as part of the handshaking process to reduce the necessary round-trip communications to one.
    Type: Grant
    Filed: November 15, 2018
    Date of Patent: November 17, 2020
    Assignee: WHATSAPP INC.
    Inventors: Bryan D. O'Connor, Eugene Fooksman
  • Patent number: 10819782
    Abstract: Personal Digital Server (“PDS”) is a unique computer application for the storage, updating, management and sharing of all types of digital media files, including audio, video, images and documents, irrespective of their format. PDS provides users with a single location to store and access, both locally and remotely, all of their digital media. It also provides the user total control of the overall management of these assets.
    Type: Grant
    Filed: September 27, 2019
    Date of Patent: October 27, 2020
    Assignee: WOODSTOCK SYSTEMS, LLC
    Inventors: James Hoffman, James Friskel
  • Patent number: 10791462
    Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.
    Type: Grant
    Filed: February 21, 2019
    Date of Patent: September 29, 2020
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Eliot Lear, Owen Friel, Max Pritikin
  • Patent number: 10735464
    Abstract: A computer-implemented method for detecting replay attack comprises: obtaining at least one candidate transaction for adding to a blockchain; verifying if an identification of the candidate transaction exists in an identification database, the identification database comprising a plurality of identifications within a validation range; and in response to determining that the identification does not exist in the identification database, determining that the candidate transaction is not associated with a replay attack.
    Type: Grant
    Filed: December 17, 2019
    Date of Patent: August 4, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Guilu Xie
  • Patent number: 10728045
    Abstract: An authentication device outputs a first challenge value corresponding to a random number along with a first authentication request. A second challenge value is input to the authentication device along with a second authentication request, and the authentication device outputs a second response value which is obtained by encrypting a value corresponding to the second challenge value by using a common key by a symmetric key cryptosystem. A first response value corresponding to the first challenge value is input to the authentication device, and the authentication device decides whether or not a decrypting result which is obtained by decrypting the first response value by using the common key and a value corresponding to the first challenge value coincide with each other.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: July 28, 2020
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventor: Dai Ikarashi
  • Patent number: 10715557
    Abstract: System and method for establishing secure conference calls. In one example system, a central conference call server establishes point-to-point connections with accessory devices comprising a secure element and connected to corresponding participant devices. The conference call server includes an interface to a plurality of secure elements configured to perform scrambling and unscrambling of media signals communicated to and from the accessory devices. In another example, one of the participant devices operates as the central conference call server. In other examples, participant devices communicate on a conference call via point-to-point connections between all accessory devices connected to the participant devices. The accessory devices include secure elements for decryption and encryption of media signals communicated between the accessory devices.
    Type: Grant
    Filed: September 13, 2018
    Date of Patent: July 14, 2020
    Assignee: NAGRAVISION S.A.
    Inventors: Francois Fer, Marco Macchetti, Laurent Gauteron, Jerome Perrine
  • Patent number: 10701047
    Abstract: Embodiments herein include, for example, a method, comprising: generating a shared symmetric key to begin a communication session among a group of users by a first user; distributing, by the first user, the generated shared symmetric key to each user in the group of users; communicating within the communication session among a group of users, where each user encrypts a message to the group of users to be distributed through the communication session using the generated shared symmetric key, and each user decrypts a message received from the communication session using the generated shared symmetric key.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: June 30, 2020
    Assignee: CYPH INC.
    Inventors: Ryan Lester, Bryant Zadegan
  • Patent number: 10701070
    Abstract: A method for providing improved personalized security mechanisms for transferring electronic data is disclosed. In an embodiment, the method comprises generating, at a client computer, a user key pair, wherein the user key pair comprises a user private key and a user public key; transmitting the user public key from the client computer to a server computer; receiving, at the client computer, from the server computer, a user account public key; generating a virtual memory stick (“VMS”) file and including, in the VMS file, one or more keys and one or more passphrases; encrypting the VMS file with a protection passphrase to generate an encrypted VMS file; and transmitting the encrypted VMS file to the server computer.
    Type: Grant
    Filed: May 23, 2018
    Date of Patent: June 30, 2020
    Assignee: VERUM SECURITAS, INC.
    Inventors: Kris Durski, Gustav Metkowski
  • Patent number: 10693863
    Abstract: A method of enabling applications to reference user information is provided, including receiving a request for a user identifier that references a user of the application and sending a second request for the user identifier to a server. The second request may include a second user identifier that references the user and a second authentication token for the second user identifier. Furthermore, the second user identifier and the second authentication token are not accessible by the user. The method includes receiving the user identifier and an authentication token for the first user identifier. The user identifier corresponds to the second identifier; and providing the user identifier and authentication token to the application. A method of enabling an application to identify users associated with a user of the application is provided; the method may include receiving, from the server, user identifiers that reference one or more users scoped to the application.
    Type: Grant
    Filed: May 4, 2018
    Date of Patent: June 23, 2020
    Assignee: Apple Inc.
    Inventors: Derrick S. Huhn, Jeremy M. Werner, Amol V. Pattekar
  • Patent number: 10635839
    Abstract: Disclosed herein are a fixed-location Internet-of-Things (IoT) device for protecting secure storage access information and a method for protecting secure storage access information of the fixed-location IoT device.
    Type: Grant
    Filed: July 31, 2017
    Date of Patent: April 28, 2020
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Dae-Won Kim, Young-Sae Kim, Yong-Hyuk Moon, Seung-Yong Yoon, Jin-Hee Han, Jae-Deok Lim, Jeong-Nyeo Kim, Yong-Sung Jeon
  • Patent number: 10637772
    Abstract: Data packets passing from a source to a destination in a network according to a Service Function Chain (SFC) are processed by an ordered sequence of at least one service function (SF). For each SF in the SFC in order, a current value of a function, such as a hash function, is recursively computed including, as input values, at least current identifying data that identifies a corresponding current one of the SFs, and a value of the function output from an immediately preceding SF. After computing the current value of the function for a selected SF in the SFC, the current value of the function is compared with an expected value. If the value of the function for the selected SF is the same as the expected value, the data packet is allowed to be transmitted to a subsequent processing stage; if not, then an error response action is taken.
    Type: Grant
    Filed: May 28, 2016
    Date of Patent: April 28, 2020
    Assignee: Guardtime SA
    Inventors: Hema Krishnamurthy, Jeffrey Pearce
  • Patent number: 10623400
    Abstract: A security method and system for capturing user specific binary information used to identify the user; using the user specific binary information to generate a secured primary code, generating strong user credentials for accessing web based or applications logins, intercepting credential requests from local applications or remote web sites, regenerating strong user credentials dynamically, using the secure primary code to generate encryption keys for protection of data inside or outside the machine of creation, and using secure primary code protection in conjunction with subsidiary key exchanges to allow data sharing while retaining data security.
    Type: Grant
    Filed: October 14, 2013
    Date of Patent: April 14, 2020
    Inventor: Greg Hauw
  • Patent number: 10592697
    Abstract: A method and apparatus prevents hacker code from infecting an application program by requiring decryption of the application program prior to running the application program on a computer. The method includes steps of: providing a security device that is a separate unit from components necessary to operate the computer; storing a symmetric private key on the security device; using the device symmetric private key to produce an encrypted application program upon first installation; thereafter decrypting that part of the encrypted application program needed implement a command to run the application program; and, decrypting, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program.
    Type: Grant
    Filed: September 19, 2018
    Date of Patent: March 17, 2020
    Inventor: John Almeida
  • Patent number: 10560844
    Abstract: In one embodiment, a system includes a processing circuit and logic integrated with the processing circuit, executable by the processing circuit, or integrated with and executable by the processing circuit. The logic is configured to cause the processing circuit to limit functionality of a remote controlled device during periods of time that a user of the remote controlled device is not authenticated, and to receive identity information of the user of the remote controlled device via an authentication process, with the identity information establishing an identity of the user. Also, the logic is configured to cause the processing circuit to authenticate the user prior to allowing full functionality of the remote controlled device, send an indication of the identity of the user to the remote controlled device, and provide full functionality of the remote controlled device to the user in response to successfully authenticating the user.
    Type: Grant
    Filed: March 15, 2017
    Date of Patent: February 11, 2020
    Assignee: International Business Machines Corporation
    Inventors: Michael A. Amisano, John F. Behnken, Jeb R. Linton, John Melchionne, David K. Wright
  • Patent number: 10560436
    Abstract: A pseudonymous proximity location device and methods of operating and/or interacting with the same are provided. The pseudonymous proximity location device is configured to provide meaningful information to authorized reading devices but useless information to non-authorized reading devices, thereby prohibiting the use of the pseudonymous proximity location device by unauthorized reading devices.
    Type: Grant
    Filed: November 2, 2015
    Date of Patent: February 11, 2020
    Assignee: ASSA ABLOY, AB
    Inventors: Philip Hoyer, Mark Robinton
  • Patent number: 10560481
    Abstract: Methods, systems, and computer-readable storage media for a trust management system (TMS) in connected devices including a service provider device and a service consumer device, actions including receiving, by the TMS, side information associated with the service provider device, the side information including profile data and context data, processing, by the TMS, the side information using a computer-executable stereotype model to determine a prior trust value, determining, by the TMS, a trust value using a computer-executable experiential trust model, and at least partially based on the prior trust value, and selectively conducting a transaction between the service consumer device, and the service provider device based on the trust value.
    Type: Grant
    Filed: June 16, 2017
    Date of Patent: February 11, 2020
    Assignee: SAP SE
    Inventor: Kun Ouyang
  • Patent number: 10554744
    Abstract: An approach is provided to automatically replicate content to certain servers in a networking environment based on, amongst other metrics, location of third parties accessing information in a social networking environment. The approach includes obtaining content from a user within a networked environment and analyzing information of one or more third parties that have access to the networked environment and who have an association with the user. The approach further includes replicating the content to one or more servers within the networked environment based on the analyzed information of the one or more third parties.
    Type: Grant
    Filed: January 7, 2016
    Date of Patent: February 4, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Kelly Abuelsaad, Lisa Seacat DeLuca, Soobaek Jang, Daniel C. Krook
  • Patent number: 10521779
    Abstract: An electronic social networking environment enables the transfer of stored value between users of the environment. A transfer may be in the form of a gift from one user to another. The stored value may represent actual currency or virtual currency. The stored value may be redeemed within or outside the electronic social networking environment, and may be redeemed with one or more merchants. The stored value may be redeemed for a physical item or service or for a virtual item or service.
    Type: Grant
    Filed: December 2, 2016
    Date of Patent: December 31, 2019
    Assignee: Gift Solutions LLC
    Inventors: Christopher L. Toomer, Steven E. Arthur, Debi Rex, Ginger Sayor
  • Patent number: 10516993
    Abstract: Provided are methods and apparatuses for establishing a wireless communications connection by using biometric information of a user. A method of operating an electronic device includes operations of: acquiring first biometric information; transmitting first sub-information of the first biometric information to a terminal within a certain time from an instant of acquiring the first biometric information; receiving from the terminal second sub-information of second biometric information of a user who uses the terminal; and comparing second sub-information of the first biometric information corresponding to the second sub-information of the second biometric information with the second sub-information of the second biometric information. If it is determined as a result of the comparing that the second sub-information of the first biometric information matches the second sub-information of the second biometric information, a pairing with the terminal is established through a wireless network.
    Type: Grant
    Filed: August 26, 2016
    Date of Patent: December 24, 2019
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Tae-soo Jun, Seung-ku Kim
  • Patent number: 10506642
    Abstract: A method to securely send, to the device the cryptographic key and the local wireless network credentials with an authenticity verification to ensure that the device is safe to be added to the local network. Those credentials are sent using a NFC enabled device to the internal EEPROM with NFC interface embedded on the target connected device. The method enforces the configuration setup process to avoid critical vulnerabilities in IoT devices, minimizing security and privacy issues to the final user and avoid any unauthorized device to be added to the network. When a new IoT device is added, assuming that this new device has no security key embedded and no stored authentication credentials, a secure mobile application will send that information to the device using NFC. This application has an interface to configure the device in a single step.
    Type: Grant
    Filed: November 30, 2016
    Date of Patent: December 10, 2019
    Assignee: SAMSUNG ELETRÔNICA DA AMAZÔNIA LTDA.
    Inventors: Pedro Henrique Minatel, Sang Hyuk Lee, Breno Silva Pinto, Felipe Caye Batalha Boeira