Mutual Entity Authentication Patents (Class 713/169)
-
Patent number: 11882215Abstract: One disclosed example method includes a leader client device associated with a leader participant generating a meeting key for a video meeting joined by multiple participants. For each participant, the leader client device obtains a long-term public key and a cryptographic signature associated with the participant. The leader client device verifies the cryptographic signature of the participant based on the long-term public key and the cryptographic signature. If the verification is successful, the leader client device encrypts the meeting key for the participant using a short-term private key generated by the leader client device, a short-term public key of the participant, a meeting identifier, and a user identifier identifying the participant. The leader client device further publishes the encrypted meeting key for the participant on the meeting system. The leader client device encrypts and decrypts meeting data communicated with other participants based on the meeting key.Type: GrantFiled: May 21, 2021Date of Patent: January 23, 2024Assignee: Zoom Video Communications, Inc.Inventors: Simon Booth, Karan Lyons
-
Patent number: 11876901Abstract: An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.Type: GrantFiled: September 23, 2022Date of Patent: January 16, 2024Assignee: Malikie Innovations LimitedInventors: Daniel Richard L. Brown, Scott Alexander Vanstone
-
Patent number: 11848920Abstract: Verifiable, secure communications between a sender and a receiver on at least one shared communication channel is provided. A manicoded key encoder produces an argument of knowledge for a secret key to the at least one shared communication channel, and a manicoded message encoder provides an implication argument indicating that knowledge of the secret key enables access to message content of the manicoded message. The argument of knowledge is included in a key manifest for the secret key within a manicoded key, and the implication argument is included in a message manifest of a manicoded message. In this way, the sender may provide message content within the manicoded message, and the receiver may operate a decoder to access the message content. A verifier may use the manicoded key and the manicoded message to verify that the receiver has access to the message content.Type: GrantFiled: July 11, 2022Date of Patent: December 19, 2023Inventor: Yaron Gvili
-
Patent number: 11836256Abstract: An adversarial robustness testing method, system, and computer program product include testing a robustness of a black-box system under different access settings via an accelerator.Type: GrantFiled: January 24, 2019Date of Patent: December 5, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Pin-Yu Chen, Sijia Liu, Lingfei Wu, Chia-Yu Chen
-
Patent number: 11824999Abstract: Aspects and features of a cryptosystem and authentication for the cryptosystem, and a method or process for the cryptosystem, are described. In one example, a method for cryptographic communications includes storing a secret key, generating a system randomization number, and encrypting a plain data package into an encrypted data package by application of the plain data package, the secret key, and the system randomization number to a system of equations for encryption. The system of equations can be a system of linearly dependent equations in one example. Among other benefits, the cryptosystem relies upon the system of linearly dependent equations and the system randomization number to provide additional strength against known-plaintext attacks, chosen-plaintext attacks, and other types of attacks. The system is more semantically secure and offers ciphertext indistinguishability in a new approach using the system of linearly dependent equations.Type: GrantFiled: August 13, 2021Date of Patent: November 21, 2023Assignee: Winkk, Inc.Inventors: Rustam Islamov, Roustem Akhiarov
-
Patent number: 11824841Abstract: A constrained device, such as an Internet of Things (IoT) device, can use a handshake procedure to establish a secure transport session with a server and generate a corresponding client session state. The constrained device can encrypt the client session state into an encrypted client session state, and transmit the encrypted client session state to the server. When the constrained device enters an idle mode, the client session state may be cleared from memory of the constrained device. However, when the constrained device next wakes from the idle mode and re-enters an active mode, the constrained device can retrieve the encrypted client session state from the server. The constrained device can decrypt the encrypted client session state to recover the client session state, and use the recovered client session state to resume the secure transport session instead of establishing a new secure transport session with a new client session state.Type: GrantFiled: August 18, 2020Date of Patent: November 21, 2023Assignee: T-Mobile USA, Inc.Inventor: Sergey Slovetskiy
-
Patent number: 11804956Abstract: Embodiments provide methods, and systems for cryptographic keys exchange where the method can include receiving, by a server system, a client public key being part of a client asymmetric key pair from a client device; sending, by the server system, a server public key being part of a server asymmetric key pair to the client device; generating, by the server system, a random value master key and sending the random value master key encrypted using the client public key to the client device; and generating, by the server system, an initial unique session key and sending the initial unique session key encrypted under the random value master key to the client device. A unique session key from the set of the unique session keys is used by the client device to encrypt a session data for transmission to the server system per session.Type: GrantFiled: January 17, 2022Date of Patent: October 31, 2023Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Ritesh Chaudhari, Ashish Dhande, Ashish Patel, Chetan Bhalerao
-
Patent number: 11797715Abstract: The technology disclosed herein enables a method to receive an indication of a change to an operating mode of a device from a first operating mode to a second operating mode, and identify a cryptographic item stored at a memory of the device, wherein the cryptographic item corresponds to an identification of the device signed with a digital signature, and wherein the digital signature is based on a private key that is inaccessible to the device. On response to receiving the indication of the change to the operating mode of the device, the method can modify the cryptographic item stored at the memory, and operate the device in the second operating mode based on the modified cryptographic item. The indication of the change to the operating mode of the device can correspond to a detection of a change in a function of the device.Type: GrantFiled: December 17, 2020Date of Patent: October 24, 2023Assignee: Fortanix, Inc.Inventors: Andrew Leiserson, Jethro Gideon Beekman
-
Patent number: 11799656Abstract: A security authentication method and device are provided. The method includes performing, based on a transmitted password authentication message, password authentication with a server and acquiring a result of the password authentication; sending a request authentication message to the server in a case that the result of the password authentication is determined to indicate that the password authentication is successful; performing security authentication through digitally signing by the server all intercommunicated messages and verifying the digital signature by the client, or through encrypting a local random number and all intercommunicated messages by the client using a public key and verifying a random number returned by the server.Type: GrantFiled: July 25, 2018Date of Patent: October 24, 2023Assignees: China Mobile Communication Co., Ltd Research Institute, China Mobile Communications Group Co., Ltd.Inventors: Fuwen Liu, Min Zuo
-
Patent number: 11784995Abstract: Disclosed herein is an identity network that can provide a universal, digital identity for users that can be used to authenticate the user by an identity provider for relying parties to utilize for confirming the identity of the user during sign-up. The identity network receives a request from a relying party that includes deep linking to an identity provider selected by the user. The request specifies the user and any other information about the user the relying party is requesting. A service of the identity network launches the application for the identity provider on the user's device and the user logs into the identity provider's application, which provides the user authentication/validation and information about the user to the identity network. The identity network can then provide the information to the relying party, which the relying party can rely on for creating an account with the relying party for the user.Type: GrantFiled: June 22, 2020Date of Patent: October 10, 2023Inventors: Gregory Slowiak, Eric Woodward, Philip Lam, Jeff Shultz
-
Patent number: 11785448Abstract: This document discloses a method and device for implementing secure communication, and a storage medium. The method for implementing secure communication includes: encrypting first information and second information of a data packet respectively to generate an encrypted message; wherein, a region in which the encrypted first information is located is a first encrypted region, and a region in which the encrypted second information is located is a second encrypted region; the first information is used for a receiving device to determine whether to acquire the second information; and sending the encrypted message.Type: GrantFiled: March 24, 2020Date of Patent: October 10, 2023Assignee: BOE Technology Group Co., Ltd.Inventors: Kai Zhao, Hongtao Guan, Ying Zhang
-
Patent number: 11770699Abstract: Implementations disclosed describe techniques to allow wireless devices to initially connect with randomized MAC addresses and send an encrypted permanent MAC for differentiated services. In one method, a first wireless device connects to an access point (AP) using a randomized MAC address. The first wireless device receives a request for a permanent MAC address from the AP. The first wireless device determines whether to send the permanent MAC address. Responsive to determining to send the permanent MAC address, the first wireless device encrypts the permanent MAC address to obtain an encrypted MAC address and sends a response to the request, including the encrypted MAC address, to the AP.Type: GrantFiled: November 18, 2021Date of Patent: September 26, 2023Assignee: Cypress Semiconductor CorporationInventor: Hui Luo
-
Patent number: 11763289Abstract: A method of operating a payment device for selectively enabling a payment function according to the validity of a host is provided. The method relates to a method of operating the payment device which includes a near field communication controller (NFCC) and a host communicating with the NFCC. The method selectively enables the payment function according to the validity of the host, thereby preventing illegal or unwanted payment.Type: GrantFiled: October 23, 2020Date of Patent: September 19, 2023Assignee: Samsung Electronics Co., Ltd.Inventor: Joong Chui Yoon
-
Patent number: 11743249Abstract: One example method includes contacting, by a client, a service, receiving a credential from the service, obtaining trust information from a trust broker, comparing the credential with the trust information, and either connecting to the service if the credential and trust information match, or declining to connect to the service if the credential and the trust information do not match. Other than by way of the trust information obtained from the trust broker, the client may have no way to verify whether or not the service can be trusted.Type: GrantFiled: June 2, 2022Date of Patent: August 29, 2023Assignee: EMC IP HOLDING COMPANY LLCInventors: Ido Begun, Jehuda Shemer
-
Patent number: 11734252Abstract: A system includes reception of a database query, determination of result set output columns associated with the database query, and determination, for each of the determined result set output columns, of one or more data sources associated with the result set output column. Sensitivity information is determined for each of the one or more data sources based on metadata, and result set sensitivity information is determined based on the determined sensitivity information. A result set is determined based on the database query, and the result set and the result set sensitivity information are transmitted.Type: GrantFiled: November 7, 2017Date of Patent: August 22, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Alex Umansky, David Edward Brookler, Gilad Mittelman, Shai Kariv, Tomer Levav, Tomer Weisberg
-
Patent number: 11736612Abstract: Disclosed are methods, systems, and machine-readable mediums which provide for customer chatbots that detect a customer handoff condition and in response, transferring the customer to a communication session with a live agent. The handoff condition may comprise an inability to understand the customer, an inability to answer the customer's question, expressions of frustration or anger on the part of the customer, a customer's express request to be transferred, or the like. The live agent may receive a complete history of the conversation with the chatbot so that the customer does not have to repeat him or herself to the live agent. The chatbot chat session may be linked to a social networking account of the customer and may take place in association with a social networking profile page of the company.Type: GrantFiled: August 24, 2022Date of Patent: August 22, 2023Assignee: Wells Fargo Bank, N.A.Inventors: Kristin H. Deegan, Matthew G. Vanhouten, Uma Meyyappan, Jennifer Toby Whateley, Balinder Singh Mangat, Upul D. Hanwella, Kimarie Pike Matthews, Maria J. Latorre, Scott Edward Pitchford
-
Patent number: 11727265Abstract: Methods, apparatus, systems and articles of manufacture to provide machine programmed creative support to a user are disclosed. An example apparatus include an artificial intelligence architecture to be trained based on previous inputs of the user; a processor to: implement a first machine learning model based on the trained artificial intelligence architecture; and predict a first action based on a current state of a computer program using the first machine learning model; implement a second machine learning model based on the trained artificial intelligence architecture; and predict a second action based on the current state of the computer program using the second machine learning model; and a controller to select a state based on the action that results in a state that is more divergent from the current state of the computer program.Type: GrantFiled: June 27, 2019Date of Patent: August 15, 2023Assignee: Intel CorporationInventors: Ignacio Javier Alvarez, Javier Felip Leon, David Israel Gonzalez Aguirre, Javier Sebastian Turek, Luis Carlos Maria Remis, Justin Gottschlich
-
Patent number: 11706033Abstract: A method of sharing encrypted data includes, by an electronic device, receiving a password from a user to perform an action, receiving a salt value, generating a user key using the password and salt value, receiving an encrypted key location identifier value, decrypting the encrypted key location identifier value to obtain a key location identifier, receiving an encrypted read token value, decrypting the encrypted read token value using the user key to obtain a read token value, and transmitting the read token value and the key location identifier to a server electronic device.Type: GrantFiled: May 20, 2021Date of Patent: July 18, 2023Assignee: Powch, LLCInventors: Essam Abadir, Rosco Schock, Joshua R. Cox
-
Patent number: 11681805Abstract: A system for collecting data artifacts from a production environment, storing them, and replaying them in a testing environment is disclosed. One or more processors receive a data artifact from a sensor in a production environment, and store the data artifact in a first storage with a unique identifier, while also storing in a second storage record(s) associating the unique identifier with a tag. A clone of at least a portion of the production environment is created within the testing environment, and an analytic targeting the data artifact is incorporated into the clone. Upon receiving a request to replay the data artifact, referencing the tag associated with the data artifact's unique identifier, the data artifact is replayed by causing the clone to receive the data artifact as if it were presently encountered. Logs of output from the clone's response are stored in a third storage for future analysis.Type: GrantFiled: May 26, 2022Date of Patent: June 20, 2023Assignee: Morgan Stanley Services Group Inc.Inventors: Jonathan Oakley, Joseph Edmonds
-
Patent number: 11683170Abstract: A secure digital communications method is provided in which a Certificate Authority generates an improved RSA key pair having a modulus, a public key exponent, a public key, and a private key. The public key exponent can contain descriptive attributes and a digital signature. The digital signature can be responsive to the descriptive attributes and the modulus. A secure session can be established between a first system and a second system, within a secure digital communication protocol. The second system can verify the digital signature to authenticate the public key.Type: GrantFiled: December 2, 2020Date of Patent: June 20, 2023Assignee: ARRIS Enterprises LLCInventors: Alexander Medvinsky, Eric J. Sprunk
-
Patent number: 11678228Abstract: In one illustrative example, a user plane (UP) entity for use in a mobile network may receive a data packet from a user equipment (UE) operative to communicate in one or more sessions via a serving base station (BS) (e.g. eNB or gNB) of the mobile network. The UP entity may detect, in a header (e.g. SRH) of the data packet, an identifier indicating a new serving BS or session of the UE. The identifier may be UE- or BS-added data (e.g. iOAM data) that is inserted in the header by the UE or BS. In response, the UP entity may cause a message to be sent to an analytics function (e.g. a NWDAF) to perform analytics for session or flow migration for the UE.Type: GrantFiled: December 6, 2021Date of Patent: June 13, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Vimal Srivastava, Srinath Gundavelli, Nagendra Kumar Nainar, Carlos M. Pignataro, Timothy Peter Stammers
-
Patent number: 11664980Abstract: A method includes extracting, by an individual computing system, physical movement intentions of an individual from neural signals; mapping, by a secure element of the individual computing system, the physical movement intentions to a character string representing a knowledge factor; and establishing, by the individual computing system, a secure, mutually authenticated communication channel between the individual computing system and a provider computing system by using the knowledge factor as an input to a password authenticated key exchange protocol and generating a symmetric encryption key using the knowledge factor as an input to a key exchange protocol.Type: GrantFiled: April 29, 2021Date of Patent: May 30, 2023Assignee: Wells Fargo Bank, N.A.Inventor: Phillip H. Griffin
-
Patent number: 11657162Abstract: In one example an apparatus comprises a memory and a processor to create, from a first deep neural network (DNN) model, a first plurality of DNN models, generate a first set of adversarial examples that are misclassified by the first plurality of deep neural network (DNN) models, determine a first set of activation path differentials between the first plurality of adversarial examples, generate, from the first set of activation path differentials, at least one composite adversarial example which incorporates at least one intersecting critical path that is shared between at least two adversarial examples in the first set of adversarial examples, and use the at least one composite adversarial example to generate a set of inputs for a subsequent training iteration of the DNN model. Other examples may be described.Type: GrantFiled: March 22, 2019Date of Patent: May 23, 2023Assignee: INTEL CORPORATIONInventors: Michael Kounavis, Antonios Papadimitriou, Anindya Sankar Paul, Micah Sheller, Li Chen, Cory Cornelius, Brandon Edwards
-
Patent number: 11653202Abstract: A method for edge network authentication and access, implemented by an edge server, including receiving user equipment (UE) information from an application client executed on a UE to establish a connection between the edge server and the UE, verifying whether the UE has authorization to the local access point name (APN) based on the UE information, generating a session key when the UE has authorization to the local APN, sending the session key to the UE, receiving a request to access content of an application on a content server from the UE, decrypting the information to obtain a key, comparing the key with the application key to validate the UE, verifying identifiers of the UE when the UE is valid, identifying the application on the content server to obtain the content based on the request, encrypting and sending a session identifier to the UE based on a new application key.Type: GrantFiled: April 11, 2022Date of Patent: May 16, 2023Assignee: SPRINT COMMUNICATIONS COMPANY, L.P.Inventors: Marouane Balmakhtar, Galip Murat Karabulut
-
Patent number: 11635964Abstract: Aspects of the disclosure relate to a dynamic event securitization and neural network analysis system. A dynamic event inspection and securitization computing platform comprising at least one processor, a communication interface, and memory storing computer-readable instructions may securitize event data prior to authorizing execution of the event. A neural network event analysis computing platform comprising at least one processor, a communication interface, and memory storing computer-readable instructions may utilize a plurality of event analysis modules, a neural network, and a decision engine to analyze the risk level values of data sharing events. The dynamic event inspection and securitization computing platform may interface with the neural network event analysis computing platform by generating data securitization flags that may be utilized by the neural network event analysis computing platform to modify event analysis results generated by the event analysis modules.Type: GrantFiled: April 7, 2021Date of Patent: April 25, 2023Assignee: Bank of America CorporationInventors: Chie Khiong Chin, Ayush Anand, Harish Tammaji Kulkarni, Simon Peter Lawrie, Nhat Minh Nguyen
-
Patent number: 11616648Abstract: A method for providing Cheon-resistance security for a static elliptic curve Diffie-Hellman cryptosystem (ECDH), the method including providing a system for message communication between a pair of correspondents, a message being exchanged in accordance with ECDH instructions executable on computer processors of the respective correspondents, the ECDH instructions using a curve selected from a plurality of curves, the selecting including choosing a range of curves; selecting, from the range of curves, curves matching a threshold efficiency; excluding, within the selected curves, curves which may include intentional vulnerabilities; and electing, from non-excluded selected curves, a curve with Cheon resistance, the electing comprising a curve from an additive group of order q, wherein q is prime, such that q?1=cr and q+1=ds, where r and s are primes and c and d are integer Cheon cofactors of the group, such that cd?48.Type: GrantFiled: July 12, 2022Date of Patent: March 28, 2023Assignee: BlackBerry LimitedInventor: Daniel Richard L. Brown
-
Patent number: 11611588Abstract: One or more computer processors intercept one or more network inputs entering or existing an internal network; synthesize one or more network input images from a random noise vector sampled from a normal distribution of textually embedded network inputs utilizing a trained generative adversarial network; classify one or more synthesized network input images by identifying contained objects utilizing a trained convolutional neural network with rectified linear units, wherein the objects include patterns, sequences, trends, and signatures; predict a security profile of the one or more classified network input images and associated one or more network inputs, wherein the security profiles includes a set of rules and associated mitigation actions, analogous historical network traffic, a probability of infection, a probability of signature match with historical malicious network inputs, and a harm factor; apply one or more mitigation actions based on the predicted security profile.Type: GrantFiled: July 10, 2020Date of Patent: March 21, 2023Assignee: KYNDRYL, INC.Inventor: Karthick Vasu
-
Patent number: 11599678Abstract: A method for ensuring integrity of data sent by a vehicle V2X communication device to a control module to ensure operational safety, including: receiving data transferred by vehicle-to-X communication by a first computing apparatus of the V2X communication device, storing the data in a data memory, forwarding the data to a second computing apparatus, receiving the data by the second computing apparatus, establishing whether an action is to be triggered for the data and, in response, transmitting the data to a comparison apparatus, carrying out a comparison test for the data provided by the second computing apparatus with the data stored in the data memory and, in response to the test being passed, outputting the data and/or a control instruction and/or a warning message by the V2X communication device to a control module. Furthermore, a corresponding vehicle-to-X device and the use of the device in a vehicle are disclosed.Type: GrantFiled: September 18, 2019Date of Patent: March 7, 2023Assignees: CONTINENTAL TEVES AG & CO. OHG, CONTINENTAL AUTOMOTIVE SYSTEMS, INC.Inventors: Marc Menzel, Ulrich Stählin
-
Patent number: 11588640Abstract: The subject matter discloses computer-implemented method performed during a multi-party computation (MPC) process performed between multiple parties, said method comprising, the multiple parties executing a pre-processing phase and obtain values of correlated random variables to be used in an MPC process, the parties periodically verifying the correctness of the correlated random variables by exchanging information between the multiple parties, refreshing the values of the correlated random variables in each of the multiple parties, wherein no party of the multiple parties has access to values of the correlated random variables stored in another party of the multiple parties during the verifying and refreshing processes, the multiple parties using the correlated random variables during the MPC process after verifying a correctness of the correlated random variables.Type: GrantFiled: April 24, 2020Date of Patent: February 21, 2023Assignee: Coinbase IL RD Ltd.Inventor: Samuel Ranellucci
-
Patent number: 11588621Abstract: Systems and techniques that facilitate universal and efficient privacy-preserving vertical federated learning are provided. In various embodiments, a key distribution component can distribute respective feature-dimension public keys and respective sample-dimension public keys to respective participants in a vertical federated learning framework governed by a coordinator, wherein the respective participants can send to the coordinator respective local model updates encrypted by the respective feature-dimension public keys and respective local datasets encrypted by the respective sample-dimension public keys. In various embodiments, an inference prevention component can verify a participant-related weight vector generated by the coordinator, based on which the key distribution component can distribute to the coordinator a functional feature-dimension secret key that can aggregate the encrypted respective local model updates into a sample-related weight vector.Type: GrantFiled: December 6, 2019Date of Patent: February 21, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Nathalie Baracaldo Angel, Runhua Xu, Yi Zhou, Ali Anwar, Heiko H. Ludwig
-
Patent number: 11580231Abstract: There is provided a cryptographic key determination device for determining one or more cryptographic keys in a cryptographic device, the cryptographic device being configured to execute one or more test programs, the cryptographic device comprising one or more components (11-i), each component (11-i) being configured to generate static and dynamic data, the dynamic data being generated in response to the execution of the one or more test programs, wherein the cryptographic key determination device comprises: a data extraction unit configured to extract at least one part of the static data and at least one part of the dynamic data generated by the one or more components (11-i), and a key generator configured to combine the at least one part of static data and the at least one part of dynamic data, and to determine the one or more cryptographic keys by applying a cryptographic function to the combined data.Type: GrantFiled: September 11, 2019Date of Patent: February 14, 2023Assignee: SECURE-IC SASInventors: Youssef Souissi, Florent Lozac'h, Adrien Facon, Sylvain Guilley
-
Patent number: 11563729Abstract: An information processing apparatus includes a processor configured to request a management apparatus for user authentication to acquire second credential information that is used for acquiring first credential information that is used for a Web service, the second credential information indicating that a user has been authenticated, receive the second credential information transmitted from the management apparatus in a case where the user authentication is successful by the management apparatus, transmit the received second credential information to an authentication server, receive the first credential information transmitted from the authentication server in response to the transmission of the second credential information, and use the Web service by using the received first credential information.Type: GrantFiled: April 21, 2020Date of Patent: January 24, 2023Assignee: FUJIFILM Business Innovation Corp.Inventor: Tsutomu Hirosawa
-
Patent number: 11563579Abstract: Approaches in accordance with various embodiments allow for zero-touch enrollment of devices with respective manager systems. In at least one embodiment, a device at startup can contact a central directory service (CDS) for information about an associated manager. The CDS can authenticate the device using device information included in the request, and can send a challenge token to the device in response. The challenge token can include information for the manager, protected with multiple layers of security that should only be able to be decrypted by the authenticated device. The device can decrypt this challenge token to determine the manager information, and can convert this challenge token to a bearer token. The device can then send a request to the determined manager that includes the bearer token, which the manager can use to authenticate the device. The manager can then send the device appropriate configuration information.Type: GrantFiled: October 2, 2020Date of Patent: January 24, 2023Assignee: Nvidia CorporationInventors: Daniel Major, Mark Overby
-
Patent number: 11556556Abstract: A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.Type: GrantFiled: June 7, 2019Date of Patent: January 17, 2023Assignee: OPEN TEXT HOLDINGS, INC.Inventors: Shawn McCreight, Dominik Weber, Matthew Garrett
-
Patent number: 11553261Abstract: A system for releasing locking of a fusion splicer includes a fusion splicer, an information terminal, and a server. The fusion splicer locks a fusion-splicing function in accordance with a predetermined lock condition and releases the locked function in accordance with a release command input. The server includes a storage unit that stores authentication information provided by a user of the fusion splicer, a collation unit that collates authentication information provided from the information terminal with the authentication information stored in the storage unit, and a password issuance unit that issues a one-time password including at least a date in an algorithm when a collation result is favorable. The information terminal authenticates the one-time password in consideration of a day difference or a time difference between the information terminal and the server and applies the release command to the fusion splicer when an authentication result is favorable.Type: GrantFiled: December 24, 2019Date of Patent: January 10, 2023Assignee: SUMITOMO ELECTRIC OPTIFRONTIER CO., LTD.Inventors: Takahiro Suzuki, Kazuyoshi Ooki, Hideaki Yusa, Takaharu Ohnishi
-
Patent number: 11544393Abstract: Discussed herein are devices, systems, and methods for secure access to offline data. A method can include configuring a device in a task retrieval state and retrieving a task to be executed on a cold storage device while the device is in the task retrieval state, configuring the device in a disconnected state after retrieving the task, and configuring the device in a task execution state after the device is in the disconnected state and executing the task on the cold storage while the device is in the task execution state. In the task retrieval state, the device can communicate with a buffer network and cannot communicate with a cold network. In the disconnected state, the device cannot communicate with either the cold network or the buffer network. In the task execution state, the device can communicate with the cold network and cannot communicate with the buffer network.Type: GrantFiled: July 19, 2019Date of Patent: January 3, 2023Assignee: Cold Fortress, Inc.Inventors: Travis Lockman, Hansel Fernandez
-
Patent number: 11522693Abstract: There is provided an information processing device, including a processing unit configured to perform a calculation using keys assigned to a plurality of areas of a recording medium and generate an authentication key. The processing unit generates the authentication key by performing a calculation using conversion values corresponding to the keys, the conversion values being obtained by converting device-specific information using conversion methods associated with the keys used in the calculation.Type: GrantFiled: January 11, 2019Date of Patent: December 6, 2022Assignee: SONY CORPORATIONInventors: Tsutomu Nakatsuru, Katsuya Shimoji
-
Patent number: 11520872Abstract: An information processing apparatus includes a first processor, a second processor, and one or more non-volatile storage devices. The one or more storage devices store a first control program to be executed by the first processor and a second control program to be executed by the second processor. The first processor verifies the second control program stored in the one or more storage devices, and then verifies the first control program stored in the one or more storage devices.Type: GrantFiled: September 6, 2019Date of Patent: December 6, 2022Assignee: Canon Kabushiki KaishaInventor: Takashi Fujii
-
Patent number: 11516673Abstract: Devices, systems and methods are provided to implement key generation for secure pairing between first and second devices using embedded out-of-band (OOB) key generation and without requiring the devices to have input/output (IO) capability to enter authentication information. Bluetooth Smart or Low Energy (BLE) OOB pairing option can be used for pairing medical devices with added security of OOB key generation. The OOB key generation comprises providing first and second devices with the same predefined credential and secure hashing algorithm, and making input of the hashing algorithm of the first and second devices the same. The first device transmits unique data to second device (e.g., via BLE advertising) to share and compute a similar input. The first and second devices use the credential and shared data with the hashing function to generate a key that is the same at each of first and second devices.Type: GrantFiled: May 21, 2018Date of Patent: November 29, 2022Assignee: Becton, Dickinson and CompanyInventors: Yi Su, Ping Zheng, Mojtaba Kashef
-
Patent number: 11503023Abstract: A first authentication apparatus obtains a modification restriction parameter which is stored in a second authentication apparatus and which indicates a number of times a mutual authentication pair modification is possible or a number of times modification has been executed. The first authentication apparatus transmits to the second authentication apparatus authentication information corresponding to the modification restriction parameter. The second authentication apparatus receives the authentication information from the first authentication apparatus. The second authentication apparatus determines whether or not the received authentication information is authentication information for permitting the mutual authentication pair modification. In a case where the received authentication information is authentication information that permits the mutual authentication pair modification, the second authentication apparatus and the first authentication apparatus form a mutual authentication pair.Type: GrantFiled: December 29, 2020Date of Patent: November 15, 2022Assignee: Canon Kabushiki KaishaInventor: Yuta Hojo
-
Patent number: 11494481Abstract: Each of the authentication apparatus and the authentication target device holds the last piece of authentication information subjected to an authentication process. When the authentication target device is reconnected to the authentication apparatus, the authentication apparatus collates the authentication information held in the authentication apparatus with the authentication information read out of the authentication target device. The authentication apparatus determines, based on the collation result, whether or not the authentication target device has been authenticated by a different authentication apparatus.Type: GrantFiled: May 4, 2020Date of Patent: November 8, 2022Assignee: Canon Kabushiki KaishaInventor: Yuta Hojo
-
Patent number: 11477019Abstract: An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.Type: GrantFiled: July 24, 2020Date of Patent: October 18, 2022Assignee: BlackBerry LimitedInventors: Daniel Richard L. Brown, Scott Alexander Vanstone
-
Patent number: 11477642Abstract: A method of operating an electronic device is provided.Type: GrantFiled: December 19, 2019Date of Patent: October 18, 2022Inventors: Tae-Soo Jun, Seung-ku Kim
-
Patent number: 11463430Abstract: Techniques are provided for authenticating a user using shared secret updates. One method comprises, in response to a first authentication of a client using a given shared secret, updating, by the server, the given shared secret using information from the first authentication as part of a secret update protocol to generate an updated shared secret; and evaluating a second authentication using the updated shared secret. An anomaly may be detected when the client attempts the second authentication using a shared secret and the server determines that the shared secret was previously used for an authentication. The server may detect a breach of shared secrets of multiple users by monitoring a number of the detected anomalies across a user population and initiate a predefined recovery flow depending upon a number of impacted users.Type: GrantFiled: February 1, 2019Date of Patent: October 4, 2022Assignee: RSA Security LLCInventors: Brian C. Mullins, Kevin Bowers
-
Patent number: 11436872Abstract: A data management platform for Autonomous Vehicles (AVs) is provided. The data management platform can receive, from an AV at a first time, a first copy of a manifest including a creation history of a transformed object generated by the AV and a data integrity value corresponding to the transformed object. The data management platform can receive, from a second computing system at a second time, a second copy of the manifest. The data management platform can reconcile the first copy and the second copy. The data management platform can receive, from the second computing system at a third time, a request to upload the transformed object. The data management platform can validate the transformed object stored in storage of the first computing system based on the data integrity value included in the manifest.Type: GrantFiled: June 29, 2019Date of Patent: September 6, 2022Assignee: GM Cruise Holdings, LLCInventors: Pedro Miquel Duarte Gelvez, Vadim Antonov, Dennis Suratna
-
Patent number: 11436873Abstract: A communication system includes a plurality of processors coupled with a network, each of the processors having a predefined encryption method for a communication with a server. Each of the processors configured to determine a primary processor of the processors based on at least one of a processability of the processor, network distance to the processor, or cipher strengths, when the processor is not determined as the primary processor, transfer unencrypted communication data through the network to the primary processor, and when the processor is determined as the primary processor, perform an encryption of unencrypted communication data received, and an encrypted communication with the server by the encryption method of the primary processor.Type: GrantFiled: December 7, 2020Date of Patent: September 6, 2022Assignee: TOYOTA JIDOSHA KABUSHIKI KAISHAInventor: Masashi Nakagawa
-
Patent number: 11436313Abstract: Provided is a method for authenticating a device. The method may include coupling a first device to an interaction database that is connected to a second device. The first and second devices store first group public and private keys. The second device also stores second device public and private keys. The first device transmits to a remote computer system a first message encrypted with a remote computer system public key that includes challenge data and response data encrypted with the first group public key and authentication data. The second device receives from the remote computer system a second message including the encrypted challenge data. The second device transmits to the remote computer system a third message including the response data. In response to receiving an authentication message, interaction may be permitted between the first device and remote computer system. A system and computer program product are also disclosed.Type: GrantFiled: April 10, 2018Date of Patent: September 6, 2022Assignee: Visa International Service AssociationInventors: Muthyam Reddy Paaredi, Jerry Jose Zachariah
-
Patent number: 11431850Abstract: Disclosed are methods, systems, and machine-readable mediums which provide for customer chatbots that detect a customer handoff condition and in response, transferring the customer to a communication session with a live agent. The handoff condition may comprise an inability to understand the customer, an inability to answer the customer's question, expressions of frustration or anger on the part of the customer, a customer's express request to be transferred, or the like. The live agent may receive a complete history of the conversation with the chatbot so that the customer does not have to repeat him or herself to the live agent. The chatbot chat session may be linked to a social networking account of the customer and may take place in association with a social networking profile page of the company.Type: GrantFiled: April 28, 2021Date of Patent: August 30, 2022Assignee: Wells Fargo Bank, N.A.Inventors: Kristin H. Deegan, Matthew G. Vanhouten, Uma Meyyappan, Jennifer Toby Whateley, Balinder Singh Mangat, Upul D. Hanwella, Kimarie Pike Matthews, Maria J. Latorre, Scott Edward Pitchford
-
Patent number: 11418515Abstract: Methods and systems for specifying and enforcing network policies are provided. One method for configuring a network that includes a plurality of heterogeneous network access devices includes creating a network enforcement profile based on at least one enforcement policy, and determining a network access device group of the plurality of heterogeneous network access devices that are capable of managing the enforcement profile. The method further includes providing vendor-specific configuration parameters for at least one network access device of the network access device group so as to cause the network to manage the network enforcement profile, and applying the vendor-specific configuration parameters to the at least one network access device.Type: GrantFiled: June 3, 2019Date of Patent: August 16, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Rajesh Kumar Ganapathy Achari, Anoop Kumaran Nair, Pattabhi Attaluri, Venkatesh Ramachandran, Bhagya Prasad Nittur, Antoni Milton
-
Patent number: 11418498Abstract: Embodiments disclosed herein provide systems, methods, and computer readable media for using a single sign-on proxy to regulate access to a cloud service. In a particular embodiment, a method provides receiving an authentication request from a user system directed to a SSO service and determining whether the authentication request satisfies at least one criterion for allowing access to the cloud service associated with the SSO service. Upon determining that the authentication request satisfies the at least one criterion, the method provides forwarding the authentication request to the SSO service.Type: GrantFiled: October 24, 2017Date of Patent: August 16, 2022Assignee: Palo Alto Networks, Inc.Inventor: Nishant Doshi