Having Key Exchange Patents (Class 713/171)
  • Patent number: 11689629
    Abstract: Binding a public cloud account and a personal cloud account is described. A pre-approval list indicates that a user's public cloud account and personal cloud account are approved for binding. A copy of the pre-approval list is stored on the personal cloud device; another copy is stored on the public cloud service. The user logs into the public cloud account using a client device. Based on the pre-approval list stored on the public cloud service, the client device obtains information identifying the user's personal cloud account. The personal cloud device verifies the pre-approval of the binding based on the pre-approval list stored on the personal cloud device. The personal cloud device transmits a verification to the public cloud service. Each of the public cloud service and the personal cloud device stores information indicating the binding.
    Type: Grant
    Filed: September 10, 2021
    Date of Patent: June 27, 2023
    Assignee: Latticework, Inc.
    Inventor: Pantas Sutardja
  • Patent number: 11682038
    Abstract: Methods and systems for serving advertisement objects on an advertising platform are disclosed. The advertising platform detects invalid activity related to advertisement objects served in response to a request, and identifies a source associated with the invalid activity. In response to detection of the invalid activity, at least one decoy advertisement object is served in response to further requests originating from the identified source. The decoy advertisement object is an advertisement object that is processed by the advertising platform differently from regular advertisement objects that are served by the advertising platform in response to requests from other sources.
    Type: Grant
    Filed: December 4, 2020
    Date of Patent: June 20, 2023
    Assignee: SHOPIFY INC.
    Inventors: Marek Kudlacz, Peter James McCracken
  • Patent number: 11683390
    Abstract: Systems and methods for a publish-subscribe broker network that distributes data packets between authorized entities and includes one or more publish-subscribe brokers. Each publish-subscribe broker is reachable by an entity attempting to connect thereto via a transport network configured to transport IP packets. The publish-subscribe brokers are configured to check credentials of entities attempting to connect to the publish-subscribe broker network and ensure that first and second entities are authorized for publishing packets on the secured named channel or for receiving published packets via the secured named channel. Cipher keys are used by the first and second authorized entities to encrypt and decrypt messages distributed via the publish-subscribe broker network and the publish-subscribe brokers are configured to route encrypted messages as data packets on behalf of the first authorized entity to the second authorized entity using the secured named channel.
    Type: Grant
    Filed: September 16, 2020
    Date of Patent: June 20, 2023
    Assignee: All Purpose Networks, Inc.
    Inventors: Harvey Rubin, John Grossmann
  • Patent number: 11677569
    Abstract: A method, system, and apparatus for managing digital certificates, managing a certificate authority (CA), and cross-referencing CA hierarchies. The method includes receiving, by a processor of a CA computing system, at least one of a digital certificate generation request and a digital certificate revocation from a user via a user computing device, the digital certificate generation request including a user public key and a user identity. The method further includes generating a digital certificate for the user and signing the digital certificate with a CA private key, wherein the CA private key is associated with a known CA public key. The method further includes publishing the digital certificate signed with the CA private key to a digital certificate blockchain, determining a certificate status of the digital certificate, and publishing an update to the digital certificate blockchain to reflect the certificate status of the digital certificate.
    Type: Grant
    Filed: November 13, 2020
    Date of Patent: June 13, 2023
    Assignee: Wells Fargo Bank, N.A.
    Inventors: David V. Duccini, Phillip H. Griffin, Jeffrey J. Stapleton
  • Patent number: 11671499
    Abstract: Systems and methods of an internet of things device connecting to a remote server. The internet of things device connects to a web target. The web target sends a response to the internet of things device indicating whether a change to the one or more settings of the internet of things device has been received at a cloud server. If a change has occurred, the internet of things device connects to a secure cloud server to update the settings on the internet of things device.
    Type: Grant
    Filed: September 13, 2019
    Date of Patent: June 6, 2023
    Assignee: Spectrum Brands, Inc.
    Inventors: James Creighton Hart, Michael Walker
  • Patent number: 11669544
    Abstract: A client can allocate and reassociate unique identifiers to local content items associated with an account at a content management system, and use the unique identifiers to commit operations for the content items on the content management system. For example, a client can create a content item and determine the content item does not have an identifier from the content management system. The client obtains an identifier for the content item and asks the content management system to verify a uniqueness of the identifier. When the identifier is unique, the client adds a node corresponding to the content item to a local tree representing a state at the client of content items associated with the account, and uploads the content item with the identifier to the content management system. When the identifier is not unique, the client obtains a new identifier for the content item.
    Type: Grant
    Filed: August 12, 2020
    Date of Patent: June 6, 2023
    Assignee: Dropbox, Inc.
    Inventors: Isaac Goldberg, John Lai, Sujay Jayakar
  • Patent number: 11665532
    Abstract: A method of a wireless private gateway securely obtaining a communication link to another wireless private gateway is provided. The method comprises transmitting a request for a first partial identifier of a relay wireless private gateway by an application executing on a first wireless private gateway to a second wireless private gateway, receiving the first partial identifier, transmitting a request for a second partial identifier of the relay wireless private gateway to a third wireless private gateway, receiving the second partial identifier, concatenating the first partial identifier and the second partial identifier to form a complete identifier of the relay wireless private gateway by the application, and transmitting a request to establish a communication link with the relay wireless private gateway by the application to the relay wireless private gateway, wherein the request to establish the communication link comprises the complete identifier of the relay wireless private gateway.
    Type: Grant
    Filed: January 28, 2022
    Date of Patent: May 30, 2023
    Assignee: T-Mobile Innovations LLC
    Inventors: Lyle W. Paczkowski, David Hufker, George Jason Schnellbacher, Michael David Svoren, Jr.
  • Patent number: 11663521
    Abstract: Described herein are systems and techniques for privacy-preserving unsupervised learning. The disclosed system and methods can enable separate computers, operated by separate entities, to perform unsupervised learning jointly based on a pool of their respective data, while preserving privacy. The system improves efficiency and scalability, while preserving privacy and avoids leaking a cluster identification. The system can jointly compute a secure distance via privacy-preserving multiplication of respective data values x and y from the computers based on a 1-out-of-N oblivious transfer (OT). In various embodiments, N may be 2, 4, or some other number of shares. A first computer can express its data value x in base-N. A second computer can form an ×N matrix comprising random numbers mi,0 and the remaining elements mi,j=(yjNi-mi,0) mod . The first computer can receive an output vector from the OT, having components mi=(yxi Ni-mi,0) mod .
    Type: Grant
    Filed: November 6, 2019
    Date of Patent: May 30, 2023
    Inventors: Payman Mohassel, Ni Trieu
  • Patent number: 11659002
    Abstract: Systems and methods for enabling Media Access Control Security (MACsec) at a MAC layer, according to IEEE 802.1AE, and extending MACsec are provided. An edge device, according to one implementation, includes one or more User-to-Network Interface (UNI) ports and a plurality of Network-to-Network Interface (NNI) ports. The edge device also includes a processing device and a memory device configured to store a computer program having instructions. The instructions, when executed, allow the processing device to provide network security on a Media Access Control (MAC) layer, the network security defined by the MAC Security (MACsec) protocol. The instructions also allow the processing device to provide network path protection by enabling packet routing over multiple paths via the plurality of NNI ports on a network layer.
    Type: Grant
    Filed: May 4, 2021
    Date of Patent: May 23, 2023
    Assignee: Ciena Corporation
    Inventors: Hossein Baheri, Manoj Velliangiri, Pramod Kumar Aggarwal
  • Patent number: 11658815
    Abstract: In certain embodiments, shares related to an output of a function having multiple shares of a secret as input may be computed. In some embodiments, with respect to initial key shares of a key that are collectively held by multiple parties, an output of an arithmetic function (performed on an initial key share of the initial key shares) may be received from each of the multiple parties. The outputs from the multiple parties may be provided as input for a Multi-Party Computation (MPC) process, where the MPC process outputs final key shares in connection with the outputs from the multiple parties being provided as input for the MPC process. With respect to each party of the multiple parties, a final key share of the final key shares may be sent to the party.
    Type: Grant
    Filed: August 3, 2020
    Date of Patent: May 23, 2023
    Assignee: Coinbase IL RD Ltd.
    Inventor: Samuel Ranellucci
  • Patent number: 11652607
    Abstract: Features for providing a secure method of symmetric encryption for private smart contacts among multiple parties in a private peer-to-peer network. The features include a master key representing a unique blockchain ledger. The master key may be shared among multiple participants in a private peer-to-peer network. Sharing of the master key may include communicating the master key in an encrypted message (e.g., email) using public key infrastructure (PKI). In some implementations, more complex distribution features may be includes such as quantum entanglement. The features support instantiation of a smart contract using a specific master key. The request may be submitted as an entry to the ledger with appropriate metadata and/or payload information for identifying and processing the request.
    Type: Grant
    Filed: July 28, 2020
    Date of Patent: May 16, 2023
    Assignee: Experian Information Solutions, Inc.
    Inventors: Vijay Mehta, Alexander Phan
  • Patent number: 11652614
    Abstract: A method including determining, by a user device, an assigned key pair including an assigned public key and an associated assigned private key; determining, for content to be encrypted, an access key pair including an access public key and an associated access private key; encrypting the access private key by utilizing the assigned public key; encrypting a randomly generated key by utilizing the access public key; and encrypting content utilizing the randomly generated key. Various other aspects are contemplated.
    Type: Grant
    Filed: October 1, 2021
    Date of Patent: May 16, 2023
    Assignee: UAB 360 IT
    Inventor: Mindaugas Valkaitis
  • Patent number: 11645685
    Abstract: The disclosed systems can regulate access to an online mode for a dynamic transportation matching system. For example, based on a provider efficiency parameter associated with the dynamic transportation matching system, the disclosed systems can prevent a transportation provider device from switching to the online mode within a geographic area. In addition, the disclosed systems can detect a pattern of behavior and, based on a comparison between the pattern of behavior and a behavioral threshold, cause a transportation provider device to switch from the online mode to an offline mode. Further, the disclosed systems can provide a map interface that indicates where a transportation provider device can switch from the offline mode to the online mode. Additionally, the disclosed systems can determine priorities associated with transportation provider devices and, based on the prioritization, selectively allow the transportation provider devices to switch from the offline mode to the online mode.
    Type: Grant
    Filed: November 1, 2019
    Date of Patent: May 9, 2023
    Assignee: Lyft, Inc.
    Inventors: Helen Wai-Quen Bentley, Aidan Church, John Torres Fremlin, Matthew Lawrence Green, Mayank Gulati, Yilei Li, Demitri Nava, Mengqi Niu, Daniel Allen Sullivan, Garrett van Ryzin, Rachel Marie Wasko, Shashi Kant Sharma
  • Patent number: 11645422
    Abstract: An example operation may include one or more of marking a document, by a user node, to be included into a collection of documents, determining, by the user node, a business process step associated with the document based on a user mark, and executing a transaction to store a hash of the document onto a ledger of a blockchain, wherein a Merkle tree hash is generated and tagged on the ledger with details of the business process step.
    Type: Grant
    Filed: February 12, 2020
    Date of Patent: May 9, 2023
    Assignee: International Business Machines Corporation
    Inventors: Yedendra Shrinivasan, Krishna Chaitanya Ratakonda, Ramesh Gopinath
  • Patent number: 11641670
    Abstract: According to one embodiment, a wireless communication device includes: a receiver that configured to receives a first frame; and a transmitter that configured to transmits a second frame including a first identifier and acknowledgement information on the first frame, the first identifier being extracted from a predetermined field of the first frame and being different from a source address of the first frame.
    Type: Grant
    Filed: December 27, 2021
    Date of Patent: May 2, 2023
    Inventors: Tomoko Adachi, Masahiro Sekiya, Takeshi Tomizawa, Daisuke Taki, Masaaki Ikuta, Tomoya Suzuki
  • Patent number: 11637704
    Abstract: Various embodiments provide a method and an apparatus for determining a trust status of a TPM, and a storage medium, and pertains to the field of data security technologies. In those embodiments, a verifier send an unsealing request to a host, so that the host unseals current PCR values in the TPM based on a seal key handle carried in the unsealing request, and sends verification information to the verifier based on the unseal verification key obtained after the unsealing. Therefore, any verifier that establishes an encrypted channel with the host can determine the trust status of the TPM in the host based on a second verification key transmitted on the encrypted channel, and there is no need to pre-deploy a remote attestation server to determine the trust status of the TPM.
    Type: Grant
    Filed: June 22, 2020
    Date of Patent: April 25, 2023
    Inventors: Fanglong Men, Honglei Wang, Fangzhan Li
  • Patent number: 11632254
    Abstract: There is disclosed in one example a home router, including: a hardware platform including a processor and a memory; a local area network (LAN) interface; a data store including rules for domain name-based services; and instructions encoded within the memory to instruct the processor to: provision a certificate and key pair to provide domain name system (DNS) over hypertext transfer protocol secure (DoH) or DNS over transport layer security (DoT) services; receive on the LAN interface an encrypted DNS request; decrypt the DNS request; query the data store according to the DNS request; receive a rule for the DNS request; and execute the rule.
    Type: Grant
    Filed: June 12, 2020
    Date of Patent: April 18, 2023
    Assignee: McAfee, LLC
    Inventors: Tirumaleswar Reddy Konda, Shashank Jain, Himanshu Srivastava
  • Patent number: 11621945
    Abstract: A system/method for secure communication between client devices includes receiving a request, at a secure communication platform, from a from a first client device to communicate with a second client device; determining, by the secure communication platform, whether the first client device is permitted to communicate with the second client device; if communication is permitted: generating, by the secure communication platform, a one-time use ephemeral key; transmitting, by the secure communication platform, the generated one-time use ephemeral key to the first and second client devices; establishing, by the secure communication platform, a secure communication session directly between the first and second client devices, wherein communications between the first and second client devices are encrypted and decrypted using the one-time use ephemeral key; and destroying, by the secure communication platform, the one-time use ephemeral key upon termination of the secure communication session between the first and
    Type: Grant
    Filed: February 19, 2021
    Date of Patent: April 4, 2023
    Assignee: SDSE NETWORKS, INC
    Inventors: Dennis Vance Pollutro, Viji Bettadapura, Charles Illingworth, Saroop Mathur, John Zavgren
  • Patent number: 11616767
    Abstract: Systems and methods for encrypted storage device telemetry data are described. Storage device telemetry data may be collected for a telemetry message, such as a non-volatile memory express (NVMe) telemetry command, and encrypted using a first encryption key. The first encryption key may be encrypted using one or multiple second encryption keys and the encrypted first encryption key may be added to the telemetry message. A client system may receive the telemetry message, decrypt the encrypted first encryption key, and use the first encryption key to decrypt the encrypted storage device telemetry data.
    Type: Grant
    Filed: February 23, 2021
    Date of Patent: March 28, 2023
    Assignee: Western Digital Technologies, Inc.
    Inventors: Daniel Helmick, Timothy Hallett
  • Patent number: 11611558
    Abstract: A method for integrating third-party encryption managers with cloud services includes receiving, at data processing hardware, an operation request requesting a cryptographic operation on data comprising an encryption operation or a decryption operation. When the operation is an encryption operation, the method includes transmitting a data encryption key associated with the data to a remote entity. The remote entity encrypts the data encryption key with a key encryption key and transmits the encrypted data encryption key to the data processing hardware. When the operation is a decryption operation, the method includes transmitting the encrypted data encryption key to the remote entity which causes the remote entity to decrypt the encrypted data encryption key with the key encryption key and transmit the decrypted data encryption key and transmit to the data processing hardware.
    Type: Grant
    Filed: November 13, 2019
    Date of Patent: March 21, 2023
    Assignee: Google LLC
    Inventors: Il-Sung Lee, Sidharth Durgesh Telang, Jimmy C. Chau, Timothy Matthew Dierks, Ariel Joseph Feldman, Hunter James Freyer, Netanel Keidar, Gregory David Laun, Tianyuan Liu, Pedro Henrique Ribeiro Morais e Silva, Aditya Sinha, Xioalan Zhang
  • Patent number: 11611539
    Abstract: A method, apparatus and computer program product are provided for encrypting and decrypting data using multiple authority keys including receiving, from a first computing device, a data decrypt request to decrypt encrypted data, the data decrypt request comprising a user key, determining that the user key is associated with a key hierarchy that comprises a server key, decrypting the server key using the user key, decrypting the encrypted data using the decrypted server key and permitting access to the decrypted data by the first computing device.
    Type: Grant
    Filed: December 16, 2019
    Date of Patent: March 21, 2023
    Assignee: Auth9, Inc.
    Inventors: Hongjun Li, Ning Xu
  • Patent number: 11606840
    Abstract: In embodiments of the present disclosure, there is provided an approach for connecting an access point (AP) to a mesh network. According to embodiments of the present disclosure, an AP in a recovery mode transmits its identity information to a mesh portal (MPP) in the mesh network via an unsecured connection between the AP and the MPP. Upon a successful verification by the MP, the AP establishes a secured connection with a trusted server to obtain configuration information. The configuration information is used by the AP to establish a mesh link with an MPP or MP in the mesh network automatically. Accordingly, the AP switches from the recovery mode to a normal mode. Embodiments of the present disclosure provide an effective way for deploying and/or recovering an AP in a mesh network, which is more secure and requires no manual operation.
    Type: Grant
    Filed: March 6, 2020
    Date of Patent: March 14, 2023
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Junyu Pei, Xiaohang Wei, Haiming Wang
  • Patent number: 11601808
    Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.
    Type: Grant
    Filed: August 31, 2020
    Date of Patent: March 7, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Eliot Lear, Owen Friel, Max Pritikin
  • Patent number: 11599335
    Abstract: A vehicle includes: at least one memory configured to store at least one default Instruction Structure Key (ISK), a generated ISK, and a pin code of the vehicle; and at least one processor. The at least one default ISK may include a first default ISK and a second default ISK. The processor may generate a random number using the first default ISK, receive the second default ISK encrypted with the generated ISK generated based on the pin code, and determine the generated ISK as an encryption key for encryption communication of the vehicle when the generated random number and the random number corresponding to the second default ISK are the same.
    Type: Grant
    Filed: October 2, 2019
    Date of Patent: March 7, 2023
    Assignees: Hyundai Motor Company, Kia Motors Corporation
    Inventors: Jihye Lee, Kyuhwan Chin, Dong June Song, Jaekwon Jung, Yongho Shin, Sinjung Kim, Beom Choon Park, SeokHan Lee
  • Patent number: 11601261
    Abstract: A unique transaction key (Tk) is established amongst multiple entities using a common hardware security module (HSM) with a common HMAC key (HK) and transaction scheme name (T). The transaction key (Tk) can be used for various cryptographic functions (e.g. encryption, MAC, HMAC, key management) with one or more messages at the transaction or session level.
    Type: Grant
    Filed: November 22, 2021
    Date of Patent: March 7, 2023
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Phillip H. Griffin, Jeffrey J. Stapleton
  • Patent number: 11593492
    Abstract: At least a static analysis and a dynamic analysis to perform for a first software application are determined based, at least in part, on a profile of the first software application. The first software application is analyzed with the static analysis to generate static analysis results. The first software application is analyzed with dynamic analysis to generate dynamic analysis results. An assessment report is generated based on the static analysis results and the dynamic analysis results, wherein the assessment report indicates a security score of the first software application that is based, at least in part, on the static analysis results and the dynamic analysis results.
    Type: Grant
    Filed: August 7, 2020
    Date of Patent: February 28, 2023
    Assignee: Veracode, Inc.
    Inventors: Christopher J. Wysopal, Christopher J. Eng
  • Patent number: 11595442
    Abstract: A method includes establishing a multi-link security association between a transmitter upper Media Access Control (MAC) logic entity of a transmitter and a receiver upper MAC logic entity of a receiver. The transmitter includes one or more transmitter links. The receiver includes one or more receiver links.
    Type: Grant
    Filed: September 21, 2020
    Date of Patent: February 28, 2023
    Inventor: Huizhao Wang
  • Patent number: 11595189
    Abstract: A method for secure key exchange. The method comprises receiving a request to certify a key from a communication partner at an interface between an access and tamper resistant circuit block and exposed circuitry. Within the access and tamper resistant circuit block, a first random private key is generated. A corresponding public key of the first random private key is derived, and a cryptographic digest of the public key and attributes associated with the first random private key is generated. The generated cryptographic digest is signed using a second random private key that has been designated for signing by one or more associated attributes. The public key and the signature are then sent to the communication partner via the interface.
    Type: Grant
    Filed: October 27, 2020
    Date of Patent: February 28, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Avdhesh Chhodavdia, Ling Tony Chen, Felix Stefan Domke, Kambiz Rahimi, Jay Scott Fuller
  • Patent number: 11595360
    Abstract: A method for hosted payload operations comprises transmitting, by a hosted payload (HoP) operation center (HOC), encrypted hosted commands to a host spacecraft operations center (SOC). The method further comprises transmitting, by the host SOC, encrypted host commands and the encrypted hosted commands to a vehicle. Also, the method comprises reconfiguring a host payload according to unencrypted host commands, and reconfiguring a hosted payload according to unencrypted hosted commands. Additionally, the method comprises transmitting host payload data to a host receiving antenna. Also, the method comprises transmitting hosted payload data to a hosted receiving antenna and/or the host receiving antenna. Additionally, the method comprises transmitting, by a host telemetry transmitter, encrypted host telemetry to the host SOC; and transmitting, by a hosted telemetry transmitter, encrypted hosted telemetry to the host SOC.
    Type: Grant
    Filed: June 17, 2020
    Date of Patent: February 28, 2023
    Assignee: The Boeing Company
    Inventors: Yi-Feng James Chen, Haig F. Krikorian, Robert J. Winig, Jonathan Fish, Craig Benjamin
  • Patent number: 11588637
    Abstract: Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. A secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. The user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key, which can be used to generate a cryptogram for conducting secure communications.
    Type: Grant
    Filed: May 5, 2021
    Date of Patent: February 21, 2023
    Assignee: Visa International Service Association
    Inventors: Eric Le Saint, James Gordon, Roopesh Joshi
  • Patent number: 11582233
    Abstract: A computer-implemented system and method for secure authentication of IoT devices are disclosed. The method for secure authentication of IoT devices comprises establishing a network connection with a network operator server via a control channel, establishing identity of the network operator server using a pre-shared server key from one or more of pre-shared server keys, establishing identity of the IoT device using a pre-shared client key from one or more of pre-shared client keys and cryptographically generating a session key for a network session to allow secure data exchange between the network operator server and the IoT device. The cryptographically generated session key is used for securely authenticating application running on the authenticated IoT device.
    Type: Grant
    Filed: March 3, 2021
    Date of Patent: February 14, 2023
    Inventors: Narendra Sharma, Yixiang Chen
  • Patent number: 11575768
    Abstract: A communication apparatus can act as a proxy to perform communication with a plurality of other communication apparatuses by receiving a request from a client apparatus in a network in compliance with the Neighbor Awareness Networking standard, and includes a first reception unit configured to receive, from a first other communication apparatus, a first signal for service provision notification, a second reception unit configured to receive, from the first other communication apparatus, a second signal for service provision notification, and a third reception unit configured to receive, from a second other communication apparatus, a third signal for service provision notification. In addition, a notification unit notifies the client apparatus of information related to the first other communication apparatus and information related to the second other communication apparatus together in a case where the first signal, the second signal, and third signal are received.
    Type: Grant
    Filed: July 3, 2019
    Date of Patent: February 7, 2023
    Inventor: Yuki Yoshikawa
  • Patent number: 11576043
    Abstract: One disclosure in the present specification provides a session management method performed by a session management function (SMF) node. The session management method may comprise: a step of transmitting, to a user plane function (UPF) node, a request message for discarding traffic buffering, when a notification of the detection of particular traffic associated with a wireless device has been received, and if additional authentication is required for the particular traffic; and a step of transmitting a message for triggering the wireless device to establish a new packet data unit (PDU) session, to an access and mobility management function (AMF) node.
    Type: Grant
    Filed: December 26, 2017
    Date of Patent: February 7, 2023
    Inventors: Hyunsook Kim, Myungjune Youn
  • Patent number: 11570001
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for establishing a proof of storage over a specified period of time.
    Type: Grant
    Filed: May 4, 2020
    Date of Patent: January 31, 2023
    Assignee: Protocol Labs, Inc.
    Inventors: Nicola Greco, Juan Batiz-Benet
  • Patent number: 11569998
    Abstract: A system and method are provided for generating access tokens on a user device rather than via a remote server computer. An access token can be generated on a second user device by combining and encrypting, with format preservation, a primary access identifier, variable value, and salt. The resulting value can be provided to a first user device that can subsequently can provide the access token to an access device as part of an interaction. The access device can generate an authorization request message that comprises the access token and transmit it to a remote server computer for processing. The remote server computer can process the access token to determine the primary access identifier despite not being involved in the generation of the access token, providing an improvement over conventional tokenization methods.
    Type: Grant
    Filed: January 25, 2018
    Date of Patent: January 31, 2023
    Assignee: Visa International Service Association
    Inventors: Quan Wang, Yuexi Chen
  • Patent number: 11563763
    Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which allows in-network and network-border protection for Internet of things (IoT) devices by securely partitioning network space and defining service-based access to IoT devices. The disclosed segmented attack prevention system for IoT networks (SAPSIN) segments the IoT network into two virtual networks: a service network and a control network; and define access control rules for each virtual network. In the service network, SAPSIN utilizes a service-based approach to control device access, allowing only configured protocol, applications, network ports, or address groups to enter or exit the network. In control network, the SAPSIN provides the access control rules by defining a threshold for the number of configuration requests within a predetermined time. As a result, SAPSIN protects IoT devices against intrusion and misuse, without the need for device-specific software or device-specific security hardening.
    Type: Grant
    Filed: August 10, 2020
    Date of Patent: January 24, 2023
    Inventors: Ian McLinden, Timothy Hartley
  • Patent number: 11556959
    Abstract: A method for seamlessly and automatically granting tailored permission for use and transference of internet data between databases with comprehensive consent is described. The method employs a graph language such as JSON-LD to integrate and employ cryptographically signed Information Sharing Agreements (ISA) between parties. Data is serialized to be easily transferred between databases when appropriate permission is obtained. Granular data exchange under usage control contacts can be automated among any number of parties on the internet. As such, the method provides a means by which users may control not only what may be done with their data, but to what entity or entities the data may be transferred. Advertisements may then be served to the user according to his or her preferences as defined within a web or desktop app, which is then applied to all related ad publishers publishing to the domains visited by the user.
    Type: Grant
    Filed: June 14, 2020
    Date of Patent: January 17, 2023
    Assignee: Portable Data Corp
    Inventors: James Fournier, Victor Grey
  • Patent number: 11558414
    Abstract: A method that includes obtaining threat model data associating at least one actor with an application. The at least one actor being capable of taking advantage of at least one potential vulnerability associated with the application. The method includes associating at least one technology with the at least one potential vulnerability based at least in part on the at least one actor, formulating a test based at least in part on the at least one technology, instructing a processor to perform the test on the application, and receiving results from the processor after performance of the test.
    Type: Grant
    Filed: November 5, 2020
    Date of Patent: January 17, 2023
    Assignee: Amazon Technologies, Inc.
    Inventor: Man Nguyen
  • Patent number: 11537717
    Abstract: An authentication unit of an information processing apparatus authenticates an update control device that controls update of a control program by using a random number generated by a random number generation unit. In the random number generation unit, a first extraction unit extracts a bit value from a count value of a first clock signal, a calculation unit performs logical operation on the bit value extracted by the first extraction unit and a target bit value at a bit position included in an entropy as an update position that is designated, a replacement unit replaces the bit value at the update position with a result of the logical operation a position designation unit designates a new update position after the bit value is replaced, and an output unit generates the random number from the entropy.
    Type: Grant
    Filed: March 10, 2020
    Date of Patent: December 27, 2022
    Assignee: DENSO TEN Limited
    Inventors: Hironori Yohata, Shigeto Umeyama, Naoto Mori
  • Patent number: 11539535
    Abstract: An encrypted sequence that includes an authentication key may be received. A base key stored at a device may be identified and the encrypted sequence may be decrypted with the base key to obtain the authentication key. A challenge value may be received and the authentication key may be combined with the challenge value to generate a device ephemeral key. An authentication result may be generated for the device based on a combination of the device ephemeral key and the challenge value. Furthermore, the authentication result may be transmitted to a mobile network to authenticate the device.
    Type: Grant
    Filed: October 5, 2017
    Date of Patent: December 27, 2022
    Assignee: Cryptography Research, Inc.
    Inventors: Philippe Alain Martineau, Helena Handschuh
  • Patent number: 11538063
    Abstract: Disclosed are an electronic device and a method for controlling same. A method for controlling an electronic device according to the present disclosure comprises: a step of obtaining a program which shares data about an advertisement with another electronic device so as to verify the shared data; a step of, when an event for the advertisement occurs, generating first data including information about the event for the advertisement; a step of transmitting the generated first data to the other electronic device; a step of receiving second data including information about an event from the advertisement generated from the other electronic device; and a step of verifying the second data using the program.
    Type: Grant
    Filed: August 23, 2019
    Date of Patent: December 27, 2022
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kwangwon Ko, Baekjun Lim
  • Patent number: 11528677
    Abstract: A network entity may determine whether a network context of a device is stored in the device or in the network based, at least in part, on a preference or capability of the device, as reported by the device during attachment to the network entity. The context may be stored in, and retrieved from, a dedicated context storage function that is independent of the network entity. A context storage function may be partitioned, or separate storage functions used, to automatically group and track access network contexts, core network contexts, or network slice contexts. The context storage function may provide to the device an index, such as a link or other identifier to be used in retrieving the stored context information. The context storage function may further provide a token to secure re-attachment communications among the device, the network entity, and the context storage function.
    Type: Grant
    Filed: October 29, 2020
    Date of Patent: December 13, 2022
    Inventors: Michael F. Starsinic, Rocco Di Girolamo, Catalina Mihaela Mladin, Hongkun Li
  • Patent number: 11528599
    Abstract: A communication terminal (10) includes control means for generating a subscription concealed identifier (SUCI) including a subscription permanent identifier (SUPI) concealed using a predetermined protection scheme, and a protection scheme identifier identifying the protection scheme, and transmission means for sending the SUCI to a first network apparatus during a registration procedure, the SUCI being sent for a second network apparatus to de-conceal the SUPI from the SUCI based on the protection scheme used to generate the SUCI.
    Type: Grant
    Filed: February 15, 2022
    Date of Patent: December 13, 2022
    Inventors: Sheeba Backia Mary Baskaran, Sivakamy Lakshminarayanan, Anand Raghawa Prasad, Sivabalan Arumugam, Hironori Ito, Takahito Yoshizawa
  • Patent number: 11528132
    Abstract: A method and apparatus for providing user key material from a server to a client is disclosed. The method comprises receiving a first message from the client in a server, the first message having a user key material request, an access token and an identifier of a transport key (TrK-ID), validating the user key material request according to the access token, generating a response having user key material responsive to the user key material request, encrypting the response according to the transport key (TrK), and transmitting a second message comprising the response from the server to the client. The client decrypts the second message according to the transport key (TrK) and validates the second message using the identifier of the transport key (TrK-ID).
    Type: Grant
    Filed: November 19, 2020
    Date of Patent: December 13, 2022
    Assignee: ARRIS Enterprises LLC
    Inventor: Xin Qiu
  • Patent number: 11528779
    Abstract: The embodiments herein relate to reducing signaling for DoNAS (Data over Non-Access Stratum) via SGi. In one embodiment, there proposes a method (400) in a mobility management node (203), comprising: establishing (S401) an S11-U connection between the mobility management node (203) and a gateway node (204); monitoring (S402) the frequency of data transferring request for a wireless device (201); and deciding (S404) whether or not to release the S11-U connection based on the frequency of data transferring request. With the embodiments herein, the signaling between the mobility management node and the gateway node can be significantly reduced, without introducing extra signaling or message to the existing network.
    Type: Grant
    Filed: November 13, 2017
    Date of Patent: December 13, 2022
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventors: Zhiwei Qu, Ping Zhou, Yixin Chen, Sui Xu, Xiaoming Li
  • Patent number: 11520859
    Abstract: The present disclosure is directed to secure processing and display of protected content. The use of a trusted execution environment (TEE) to handle authentication and session key negotiation in accordance with a selected content protection protocol may reduce any trusted computing base (TCB) needed for such operations, and thereby present a smaller target for potential attackers. Techniques are presented in which a session key negotiated via such a TEE is securely provided to output circuitry such as a display controller, which may encrypt protected content that has been requested for viewing on a protocol-compliant display device communicatively coupled to a device comprising the TEE and/or the output circuitry. The output circuitry may then provide the encrypted protected content to the protocol-compliant display device, such as for compliant display of the protected content.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: December 6, 2022
    Assignee: Intel Corporation
    Inventors: Prashant Dewan, Siddhartha Chhabra
  • Patent number: 11520838
    Abstract: A system that provides recommendations of documents to a user, the system including a server arrangement, and a database arrangement that stores documents, wherein the server arrangement: receives identification details of the user, obtains prior work associated with the user, determines a user classification of the user based on: the identification details of the user, the prior work associated with the user, and an activity data of the user, determines a document classification for the documents based on a metainformation pertaining to the documents, determines a relevance factor for the documents with respect to the user based on the document classification of the documents, the user classification of the user, and activity data relating to the documents of a plurality of users with similar user classification as the user, and provides recommendations of documents to the user based on relevance factors of the documents.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: December 6, 2022
    Assignee: Innoplexus AG
    Inventors: Abhijit Keskar, Om Prakash
  • Patent number: 11516003
    Abstract: Embodiments described herein relate to credential wrapping for secure transfer of electronic SIMs (eSIMs) between wireless devices. Transfer of an eSIM from a source device to a target device includes re-encryption of sensitive eSIM data, e.g., eSIM encryption keys, financial transaction credentials, transit authority credentials, and the like, using new encryption keys that include ephemeral elements applicable to a single, particular transfer session between the source device and the target device. The sensitive eSIM data encrypted with a symmetric key (Ks) is re-wrapped with a new header that includes a version of Ks encrypted with a new key encryption key (KEK) and information to derive KEK by the target device. The re-encrypted sensitive SIM data is formatted with additional eSIM data into a new bound profile package (BPP) to transfer the eSIM from the source device to the target device.
    Type: Grant
    Filed: March 24, 2021
    Date of Patent: November 29, 2022
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Jean-Marc Padova
  • Patent number: 11516188
    Abstract: A secure element device for use in a connected device includes a first interface configured to enable communication with a communication module and a second interface configured to enable communication with an action module of the connected device. A processor coupled to the first interface and the second interface, executes a first set of computer-readable instructions, stored in a memory of the secure element device, to authenticate, via the first interface, the connected device on the communication network. The processor also executes a second set of computer-readable instructions, stored in the memory, to perform one or both of (i) obtaining, via the second interface, data from the action module, the data to be transmitted over the communication network and (ii) controlling, via the second interface, the action module to cause the action module to perform one or more operations based on an instruction received over the communication network.
    Type: Grant
    Filed: June 8, 2020
    Date of Patent: November 29, 2022
    Assignee: Giesecke+Devrient Mobile Security America, Inc.
    Inventors: John Scott Marquardt, Eric Johnson
  • Patent number: 11509486
    Abstract: A system and method of determining an attestation or identity score of a user of a communication device employs metadata stored in a plurality of client devices, such as IoT devices. A request for attestation, comprises a unique identifier associated with the communication device and an input or shared value. The unique identifier is used to identify, in a distributed ledger (blockchain), client devices that are paired with the communication device. Metadata stored in association with each of the client devices is retrieved and compared to the input or shared value, and a sub-identity score is determined based on the extent to which there is a match and the reliability of the client device. The sub-identity scores are combined to obtain an identity score reflecting a confidence level in the user and/or communication device.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: November 22, 2022
    Assignee: NXM LABS, INC.
    Inventors: Jay Fallah, Kristopher Byrne, Kevin John Oerton, Josef Zankowicz, Scott Rankine, Prathap Siddavaatam