Having Key Exchange Patents (Class 713/171)
  • Patent number: 11328093
    Abstract: Various examples described herein are directed to systems and methods for securing data. A security system may receive a first record comprising a plurality of record fields, where the plurality of record fields includes a first record field and the first record field includes a first record field data. The security system may access a source setup record corresponding to the first record from a source setup table and determine that the source setup record comprises data referencing the first record field. The security system may access first token data corresponding to the first record field data and replace the first record field data at the first record field with the first token data. The security system may store the first token data at a token table and writing the first token data to the first record field to replace the first record field data.
    Type: Grant
    Filed: February 6, 2020
    Date of Patent: May 10, 2022
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Thomas Francis Galvin, Jr., James Moffat McGill Hinkle, Victor Manuel Ortiz Del Valle, Udayakumar Ramakrishnan, Christina M. Hamilton, Stuart Edward Lockhart, Gregory Scott Woods
  • Patent number: 11323250
    Abstract: A method for key agreement between a first party and a second party over a public communications channel, the method including selecting, by the first party, from a semigroup, a first value “a”; multiplying the first value “a” by a second value “b” to create a third value “d”, the second value “b” being selected from the semigroup; sending the third value “d” to the second party; receiving, from the second party, a fourth value “e”, the fourth value comprising the second value “b” multiplied by a fifth value “c” selected by the second party from the semigroup; and creating a shared secret by multiplying the first value “a” with the fourth value “e”, wherein the shared secret matches the third value “d” multiplied by the fifth value “c”.
    Type: Grant
    Filed: March 31, 2020
    Date of Patent: May 3, 2022
    Assignee: BlackBerry Limited
    Inventor: Daniel Richard L. Brown
  • Patent number: 11323241
    Abstract: An encryption processing system includes: an encryption data generation device, an encryption processing device, and a processing result utilization device. A first processor of the encryption data generation device is configured to perform preprocessing by generating encrypted data of homomorphic encryption corresponding to data obtained by multiplying plaintext data as a target by a power of a predetermined number of two or more. A second processor of the encryption processing device is configured to perform acquiring the encrypted data, and executing a processing on the encrypted data in an encrypted state to obtain a processing result in the encrypted state. A third processor of the processing result utilization device is configured to perform acquiring the processing result, and postprocessing by decrypting data of the processing result in the encrypted state and by dividing the decrypted data by the power of the predetermined number of two or more.
    Type: Grant
    Filed: March 27, 2020
    Date of Patent: May 3, 2022
    Assignee: AXELL CORPORATION
    Inventor: Yusuke Hoshizuki
  • Patent number: 11316668
    Abstract: Cryptographic key management systems configured to provide key management services for the secure and decentralized control and storage of private cryptographic keys and other information. Asset private keys, seeds, passphrases, and other digitized information may be split into a plurality of subkeys and distributed to a group of people to allow the group to gain control of the asset private key if and when a specified condition has occurred. In some examples, the group of people receive less than a threshold number of the subkeys required to restore the asset private key and one or more of the subkeys required to restore the asset private key are defined as validator subkeys, the validator subkeys separately and securely stored. In some examples, the validator subkeys are encrypted and the encrypted validator subkeys stored on a blockchain platform.
    Type: Grant
    Filed: November 15, 2019
    Date of Patent: April 26, 2022
    Assignee: SafeTech BV
    Inventor: Jurgen Schouppe
  • Patent number: 11317279
    Abstract: The present invention is generally related to client and computing platforms that may be used for conducting secure transactions.
    Type: Grant
    Filed: June 2, 2014
    Date of Patent: April 26, 2022
    Assignee: Certus Technology Systems, Inc.
    Inventor: Jack Wolosewicz
  • Patent number: 11316660
    Abstract: Encrypted multi-stage smart contracts are disclosed. A smart contract that is to be performed by a contract executor in a plurality of successive stages is generated. For each respective stage of at least some stages, a package of data is encrypted with at least one key to generate an encrypted package that corresponds to the respective stage, and an envelope that corresponds to the respective stage is generated. The envelope includes a condition precedent confirmable by an oracle, and an encrypted package-decryption key that is encrypted with a key of the contract executor. The encrypted package-decryption key, when decrypted, is configured to facilitate the decryption of the encrypted package that corresponds to the respective stage. For at least some of the stages, the encrypted package comprises an envelope and an encrypted package that corresponds to a next successive stage.
    Type: Grant
    Filed: February 21, 2019
    Date of Patent: April 26, 2022
    Assignee: Red Hat, Inc.
    Inventors: Axel Simon, Michael H. M. Bursell
  • Patent number: 11316682
    Abstract: The disclosure proposes a novel method for generating public polynomials. The method simplifies key exchange processes, reduces the time required for key exchange and reduces the bandwidth required for data transmission from a server to a client. Secondly, the method keeps the calculation processes at both sides synchronized through a novel data exchange solution, particularly through handshaking signals, to ensure that the server and the client are always in the same key exchange process. In addition, the method further reduces a transmission bandwidth by sending information of the client twice. A state synchronization mechanism of the client and the server is proposed in the disclosure to ensure that Trivium modules at both sides are in the same state at the beginning of each key exchange, thereby avoiding reinitializing the modules and improving the operation efficiency of the whole system.
    Type: Grant
    Filed: June 18, 2020
    Date of Patent: April 26, 2022
    Assignee: HUAZHONG UNIVERSITY OF SCIENCE AND TECHNOLOGY
    Inventors: Dongsheng Liu, Xingjie Liu, Cong Zhang, Zilong Liu, Ang Hu, Wending Zhao, Zirui Jin, Jiahao Lu
  • Patent number: 11310078
    Abstract: Techniques for sending encrypted data includes establishing a plurality of different links between a first node and a different second node. The different links are different physical layer links or different virtual private network (VPN) links or some combination. The method also includes encrypting plaintext using a first value for an encryption parameter to produce ciphertext. Further, the method includes sending a first plurality of messages that indicate the ciphertext using at least one link of the plurality of different links. Still further, the method includes sending a different second plurality of messages that indicate the first value for the encryption parameter using at least one different link of the plurality of different links without introducing a random bit error.
    Type: Grant
    Filed: January 10, 2019
    Date of Patent: April 19, 2022
    Inventors: Randall Paul Joseph Ethier, Anatoly Y. Rodionov, Jordan Steven Feldman
  • Patent number: 11310034
    Abstract: Described embodiments provide systems and methods for securing offline data for shared accounts of a shared computing device. Cache files can be generated for a plurality of users of an application executable on the device to store user data corresponding to individual users of the application. An encryption key can be generated for one or more of the cache files and the encryption key can be associated with at least one user of the application. The encryption key can be associated with a user identifier so that the encryption key is not accessible by other users of the computing device. The user data can be encrypted in one of the cache files with the encryption key. The encrypted user data can be presented to a user via the shared computing device based on receipt of a user identifier that enables access to the encryption key.
    Type: Grant
    Filed: May 8, 2019
    Date of Patent: April 19, 2022
    Assignee: Citrix Systems, Inc.
    Inventors: Feng Huang, Andy Cooper
  • Patent number: 11310041
    Abstract: A method for a data owner to enforce attribute-based and discretionary access control over a cloud-based data store by specifying an access policy, creating a plurality of users with attributes that satisfy the access policy, and revoking one or more of the plurality of users by embedding their respective identities as revoked into a ciphertext, whereby only those of the plurality of users whose attributes satisfy the access policy and that are not revoked can decrypt the ciphertext.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: April 19, 2022
    Assignee: Arizona Board of Regents on Behalf of Arizona State University
    Inventors: Dijiang Huang, Jim Luo, Myong Hoon Kang, Qiuxiang Dong
  • Patent number: 11303432
    Abstract: Double key encryption encrypts sensitive data using a content key, obtains a user public key from a key management service, encrypts the content key using the user public key, and encrypts the result using a cloud service provider key. Data confidentiality is protected efficiently through multilevel encryption and also by utilizing keys that are managed by different entities. Sensitivity labeling allows analytics to track sensitive data without compromising confidentiality. Compliance mechanisms may use attribute-based access control to support storage of sensitive data in a cloud, but only inside a permitted region, and without giving the cloud service provider access to the sensitive data.
    Type: Grant
    Filed: May 1, 2020
    Date of Patent: April 12, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Benjamin Sean Levin, Kartik Tirunelveli Kanakasabesan, Laurie Lee Litwack, Kurt Matthew Brendon, Ajay Kumar Karanam, Kiran Doreswamy, Ryan Jay Best
  • Patent number: 11301429
    Abstract: A blockchain of transactions may be referenced for various purposes and may be later accessed by interested parties for ledger verification. One example operation may comprise one or more of identifying determining a shared file is being edited by one or more entities, identifying one or more changes to the shared file while the shared file is being edited, signing the one or more changes with one or more public keys, and adding the one or more changes to a blockchain.
    Type: Grant
    Filed: January 2, 2020
    Date of Patent: April 12, 2022
    Assignee: International Business Machines Corporation
    Inventors: Paul R. Bastide, Jonathan Dunne, Liam Harpur, Robert E. Loredo
  • Patent number: 11297682
    Abstract: Disclosed is a method for indirectly activating at least one connected object intended to be joined to a network of connected objects, the network of connected objects including at least one network organizing agent and a commissioning agent, each including a communication module, the communication module including a first radiofrequency interface suitable for communicating according to a first communication protocol, the method including a step of collecting information that is useful for connecting at least one connected object to the network of connected objects by a mobile terminal, a step of transmitting, by the mobile terminal, the collected information to the commissioning agent and a step of inputting at least one connected object into the network of connected objects using information useful for connecting the connected object.
    Type: Grant
    Filed: November 19, 2018
    Date of Patent: April 5, 2022
    Assignee: SOMFY ACTIVITES SA
    Inventors: Hubert Cosserat, Thibaut Desbrugeres, Emmanuel Pauchard
  • Patent number: 11290281
    Abstract: This specification describes techniques for managing assets in a blockchain. One example method includes receiving, from a target user recorded in a distributed database of a blockchain network, a user input including a request to update a status of a target object, determining, based on a contract object, whether the target user is a member user with an update permission for the target object, the contract object being published in the blockchain network and corresponding to an asset type of the target object, wherein the target object was created using the contract object, and in response to determining that the target user has the update permission for the target object, performing a status update on the target object by using the contract object.
    Type: Grant
    Filed: February 14, 2019
    Date of Patent: March 29, 2022
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Xuebing Yan
  • Patent number: 11290874
    Abstract: A communication terminal (10) includes control means for generating a subscription concealed identifier (SUCI) including a subscription permanent identifier (SUPI) concealed using a predetermined protection scheme, and a protection scheme identifier identifying the protection scheme, and transmission means for sending the SUCI to a first network apparatus during a registration procedure, the SUCI being sent for a second network apparatus to de-conceal the SUPI from the SUCI based on the protection scheme used to generate the SUCI.
    Type: Grant
    Filed: January 9, 2019
    Date of Patent: March 29, 2022
    Assignee: NEC CORPORATION
    Inventors: Sheeba Backia Mary Baskaran, Sivakamy Lakshminarayanan, Anand Raghawa Prasad, Sivabalan Arumugam, Hironori Ito, Takahito Yoshizawa
  • Patent number: 11288167
    Abstract: The present disclosure provides generally for a system and method for visualizing and measuring software assets and identifying security risk and vulnerabilities associated with products and personnel. An analytics engine may be configured to analyze a software asset and provide a plurality of analytics and a plurality of insights related to the software asset. A correlation engine may be configured to translate the plurality of insights into a set of universal data and correlate the plurality of insights to predefined risks associated with the software asset.
    Type: Grant
    Filed: June 29, 2021
    Date of Patent: March 29, 2022
    Inventor: Jeremy J. Vaughan
  • Patent number: 11290349
    Abstract: Systems and techniques are described for a centralized management system operating within a virtual machine which configures, monitors, analyzes, and manages an adaptive private network (APN) to provide a discovery process that learns about changes to the APN through a network control node (NCN) that is a single point of control of the APN. The discovery process automatically learns a new topology of the network without relying on configuration information of nodes in the APN. Network statistics are based on a timeline of network operations that a user selected to review. Such discovery and timeline review is separate from stored configuration information. If there was a network change, the changes either show up or not show up in the discovery process based on the selected time line. Configuration changes can be made from the APN VM system by loading the latest configuration on the APN under control of the NCN.
    Type: Grant
    Filed: July 31, 2019
    Date of Patent: March 29, 2022
    Assignee: TALARI NETWORKS INCORPORATED
    Inventors: Todd Martin, Sonia Kiang Rovner, Justin Allen Patterson
  • Patent number: 11283703
    Abstract: A uniform protocol can facilitate secure, authenticated communication between a controller device and an accessory device that is controlled by the controller. An accessory and a controller can establish a pairing, the existence of which can be verified at a later time and used to create a secure communication session. The accessory can provide an accessory definition record that defines the accessory as a collection of services, each service having one or more characteristics. Within a secure communication session, the controller can interrogate the characteristics to determine accessory state and/or modify the characteristics to instruct the accessory to change its state.
    Type: Grant
    Filed: May 7, 2019
    Date of Patent: March 22, 2022
    Assignee: Apple Inc.
    Inventors: Joe S. Abuan, Bob Bradley, Craig P. Dooley, Gregg J. Golembeski, Jr., Andrew W. Burks, Srinivas Rama, Arun G. Mathias, Anush G. Nadathur, Kevin P. McLaughlin
  • Patent number: 11283603
    Abstract: A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.
    Type: Grant
    Filed: April 8, 2020
    Date of Patent: March 22, 2022
    Assignee: Network-1 Technologies, Inc.
    Inventor: John A. Nix
  • Patent number: 11283811
    Abstract: An information processing apparatus that, when authentication is successfully performed by using first authentication information, permits access to first content. When authentication is successfully performed by using second authentication information which is different from the first authentication information, the information processing apparatus permits access to second content having a confidentiality level higher than a confidentiality level of the first content. The third authentication information is issued to a user in a period in which authentication using the second authentication information is valid. The third authentication information is different from the first authentication information and the second authentication information. When authentication is successfully performed by using both the first authentication information and the third authentication information, the information processing apparatus permits access to the second content.
    Type: Grant
    Filed: August 22, 2019
    Date of Patent: March 22, 2022
    Assignee: FUJIFILM Business Innovation Corp.
    Inventor: Yosuke Shinnaka
  • Patent number: 11277415
    Abstract: Disclosed herein are methods, systems, and processes for continuously renewing credentials in application development and testing environments that include application products from third-party vendors. A notification indicating that an existing credential associated with a developer account of a third-party application will expire is received via a webhook. A credential renewal request for a new set of credentials for the developer account is sent using a request method specified for the third-party application and the new set of credentials for the developer account are received within the expiration period via the webhook.
    Type: Grant
    Filed: May 14, 2019
    Date of Patent: March 15, 2022
    Assignee: Rapid7 , Inc.
    Inventor: Michael Robert Rinehart
  • Patent number: 11277258
    Abstract: Disclosed herein are methods, systems, and media for privacy-protected user recognition. One of the methods comprising obtaining a biometric feature of a first user; performing homomorphic encryption on the biometric feature of the first user to obtain a first ciphertext feature; determining a candidate ciphertext feature from a predetermined ciphertext feature set based on the first ciphertext feature and a predetermined graph structure index, wherein the predetermined ciphertext feature set comprises a plurality of second ciphertext features obtained by performing the homomorphic encryption of a plurality of second biometric features of multiple second users, and wherein the predetermined graph structure index is generated based on similarity among at least some of the plurality of second ciphertext features in the predetermined ciphertext feature set; and determining a recognition result for the first user based on the candidate ciphertext feature.
    Type: Grant
    Filed: June 25, 2021
    Date of Patent: March 15, 2022
    Assignee: Alipay (Hangzhou) Information Technology Co., Ltd.
    Inventors: Juntao Zhang, Qixian Zhou
  • Patent number: 11275819
    Abstract: Embodiments of the present invention provide a system for generative adversarial network training and feature extraction for biometric authentication. The system collects electronic biometric data of a user from one or more data sources, and stores the collected electronic biometric data as a biometric user account for the user in a personal NoSQL database library associated with the user. A generative adversarial neural network system then determines improved biometric feature selection and improved model refinements for existing biometric authentication models based on the biometric account for the user in the personal library associated with the user. The system can then determine user exposure levels for different authentication channels, including certain biometric authentication channels. A custom adversarial strategy for general adversarial network attacks is then established based on the user exposure levels to generate a biometric authentication process that is more accurate and secure.
    Type: Grant
    Filed: December 5, 2018
    Date of Patent: March 15, 2022
    Assignee: BANK OF AMERICA CORPORATION
    Inventor: Eren Kursun
  • Patent number: 11277444
    Abstract: Provided is a system-on-chip that may perform a message encryption operation based on a transport layer security (TLS) scheme. The system-on-chip may include an authentication unit configured for exchanging a key used for the message encryption operation and performing authentication for a subject to perform communication, an advanced encryption standard (AES) engine core configured for performing a function of encrypting a message using a key or decrypting the encrypted message and a function of encrypting the key or decrypting the encrypted key, and a controller configured for controlling the AES engine core and the authentication unit based on a real time operating system (RTOS) and firmware for performing the message encryption operation.
    Type: Grant
    Filed: September 11, 2019
    Date of Patent: March 15, 2022
    Assignee: SECURITY PLATFORM INC.
    Inventors: Kyung-mo Kim, Ho Gwan Kang
  • Patent number: 11277412
    Abstract: A computer implemented system for controlling access to data associated with an entity includes a data storage device having a protected memory region, and one or more processors, at least one of which is operable in the protected memory region. The one or more processors are configured for: storing a secret key associated with the entity in a portion of the protected memory region associated with the entity; upon receiving entity data, storing the entity data in the portion of the protected memory region associated with the entity; and upon receiving an access grant signal, generating a smart contract, the smart contract defining the entity data to be accessed and a recipient of the entity data to be accessed.
    Type: Grant
    Filed: July 24, 2019
    Date of Patent: March 15, 2022
    Assignee: ROYAL BANK OF CANADA
    Inventors: Edison U. Ortiz, Arya Pourtabatabaie, Ambica Pawan Khandavilli, Margaret Inez Salter, Jordan Alexander Richards, Iustina-Miruna Vintila, Sarah Rachel Waigh Yean Wilkinson
  • Patent number: 11277381
    Abstract: A method for controlling the transfer of data through a firewall. The method includes one or more computer processors establishing a first communication channel between a first server and a second server. The method further includes transmitting, via the first communication channel, information related to a pending transmission of data from the first server to the second server. The method further includes receiving from the second server, via the first communication channel, a set of security information associated with accessing the second server via a second communication channel. The method further includes establishing the second communication channel between the first server and the second server based on the set of security information received from the second server. The method further includes transmitting the data from the first server to the second server utilizing the established second communication channel.
    Type: Grant
    Filed: April 30, 2020
    Date of Patent: March 15, 2022
    Assignee: KYNDRYL, INC.
    Inventors: Pramod Vadayadiyil Raveendran, Seema Nagar, Sougata Mukherjea, Kuntal Dey
  • Patent number: 11271921
    Abstract: This disclosure includes utilizing a token cryptogram with a browser to facilitate a transaction. A webpage of a website is configured to accept a token cryptogram in fields of the webpage. The webpage of the website may indicate that it is token-aware and is configured to accept the token cryptograms.
    Type: Grant
    Filed: May 1, 2019
    Date of Patent: March 8, 2022
    Assignee: Visa International Service Association
    Inventors: Prasanna L. Narayan, Ramji Sethuraman
  • Patent number: 11265379
    Abstract: An internet-of-things (IoT) distribution hub enables delivery of formatted IoT data to any of multiple hosting platforms as dynamically configurable by an IoT device owner. A service node in a distributed network provides, to an IoT device, a device key for accessing an IoT distribution network. The service node receives a selection of a hosting platform for the IoT device, wherein the selected hosting platform is one from a group of available hosting platforms available through the IoT distribution network. The service node maps the IoT device to a virtual device proxy for the selected hosting platform and receives a request from the IoT device to forward IoT data. The request includes the device key. The service node forwards the IoT data to the selected hosting platform via the virtual device proxy.
    Type: Grant
    Filed: September 25, 2020
    Date of Patent: March 1, 2022
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Cheul Shim, Michael G. Hogan, Angel Polito, Terence P. Maguire, Thierry R. Sender
  • Patent number: 11265715
    Abstract: Provided are a method and apparatus. A method, performed by a primary terminal, of providing a communication service may include: identifying and accessing, by performing a discovery process, an Internet of Things (IoT) terminal operating as an access point, transmitting, to the IoT terminal, authentication information for performing a second embedded Subscriber Identity Module (eSIM) setup process following a first eSIM setup process while performing the first eSIM setup process on the IoT terminal, disconnecting first connection with the IoT terminal after terminating the first eSIM setup process, performing second connection with the IoT terminal based on the authentication information, in response to an access request from the IoT terminal and performing the second eSIM setup process as a subsequent procedure to the first eSIM setup process.
    Type: Grant
    Filed: June 22, 2020
    Date of Patent: March 1, 2022
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Sujung Kang, Hyewon Lee, Jonghan Park, Duckey Lee
  • Patent number: 11265699
    Abstract: A network terminal, e.g., LTE or 5G, can connect to a home network via a serving network. The terminal can have a terminal identifier (TID), such as an IMEI or other PEI, and a network subscriber can have a subscriber identifier (SID), such as an IMSI or other SUPI. In some nonlimiting examples, a network node can determine that a SID and a TID are authorized for joint use and, in response, transmit authorization information. In some nonlimiting examples, a network node can receive an attach request having verification data and encrypted identification data. The network node can receive decrypted identity data and determine that the identity data corresponds with the verification data. In some nonlimiting examples, the terminal can send an attach request comprising encrypted SID and TID data, and a cryptographic hash, to a network node.
    Type: Grant
    Filed: May 17, 2018
    Date of Patent: March 1, 2022
    Assignee: T-Mobile USA, Inc.
    Inventor: Yousif Targali
  • Patent number: 11258784
    Abstract: Approaches presented herein enable credentials to be revoked or otherwise modified while limiting the impact of inadvertent or unintended changes in access. In some embodiments, the revocation of a credential can occur over a period of time with the level of access being diminished over that period, in order to prevent an inadvertent denial of access while indicating to the requestor that there is an issue with the credential. When a new policy is created for a new credential, a prior policy can be retained for at least a period of time such that users with inadvertently revoked access can obtain a level of access per the previous policy. Various embodiments trace the calls for a credential throughout the system in order to determine which services, processes, or components might be affected by the revocation, such that an appropriate remedial action can be taken.
    Type: Grant
    Filed: November 8, 2019
    Date of Patent: February 22, 2022
    Assignee: Amazon Technologies, Inc.
    Inventor: Jon T. Hanlon
  • Patent number: 11258610
    Abstract: One embodiment provides a system and method for sharing a security application. During operation, the security application receives a service key associated with a first application executed on a terminal device. The security application resides in a secure element within the terminal device. The security application receives service data associated with the first application; processes the service data based on the service key; and returns the processed service data to the first application, thereby facilitating the first application in performing service based on the processed service data.
    Type: Grant
    Filed: January 26, 2021
    Date of Patent: February 22, 2022
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Xi Sun, Hongwei Luo
  • Patent number: 11259178
    Abstract: A first set of device authentication parameters for a to-be-authenticated Bluetooth device in a Bluetooth mesh network is determined based at least in part on device identification information associated with the to-be-authenticated Bluetooth device. First authentication information is generated based at least in part on the first set of device authentication parameters and a first random number. The first authentication information and the first random number are forwarded to the to-be-authenticated Bluetooth device. Second authentication information and a second random number associated with the to-be-authenticated Bluetooth device are received, wherein the second authentication information is generated based at least in part on a second set of device authentication parameters and the second random number. The to-be-authenticated Bluetooth device is authenticated based at least in part on the second authentication information and the second random number.
    Type: Grant
    Filed: May 14, 2019
    Date of Patent: February 22, 2022
    Inventor: Junfeng Hu
  • Patent number: 11258778
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing data management. One of the methods includes: obtaining authentication information of a login user; generating a digital abstract of the authentication information of the login user; and authenticating the login user based on a comparison between the digital abstract of the authentication information of the login user and one or more digital abstracts stored on a blockchain.
    Type: Grant
    Filed: February 28, 2019
    Date of Patent: February 22, 2022
    Assignee: ADVANCED NEW TECHNOLOGIES CO., LTD.
    Inventors: Long Cheng, Yanpeng Li
  • Patent number: 11251943
    Abstract: Methods, system and devices for sharing a secret between an isolated device connected to a network through a transmit-only unidirectional secure channel and a network connected user device, comprising generating a secret value divided to first and second components, transmitting the first component, via the unidirectional secure channel, to one or more computing nodes of a distributed system, and transferring the second component, via a tamper-resistant unidirectional insecure channel, to the network connected user device associated with the user to enable the network connected user device to reproduce the secret value by combining the first component received from one or more of the computing nodes with the second component.
    Type: Grant
    Filed: July 8, 2019
    Date of Patent: February 15, 2022
    Assignee: GK8 LTD
    Inventors: Shahar Shamai, Lior Lamesh
  • Patent number: 11245672
    Abstract: A method for accessing content of encrypted data item(s) by a terminal device operating in a digital environment, according to which before the data item is being accessed by the terminal device, it is modified after being intercepted if found to be encrypted. The wrapper of the data item is modified or replaced by embedding a URL with a unique identifier and a message into the wrapper of the data item. If a supported terminal device attempts to accesses the modified data item, the client application natively consumes the data from the modified data item and ignores its wrapper. If not, the message and the URL are displayed on the terminal device and the user browses the URL. Then after authentication, a web server locates the modified data item using the unique identifier, retrieves and decrypts the modified item and converts the decrypted modified data item to a format that can be consumed by the browser.
    Type: Grant
    Filed: June 17, 2013
    Date of Patent: February 8, 2022
    Assignee: MICROSOFT TECHNOLOGLY LICENSING, LLC
    Inventor: Yuval Eldar
  • Patent number: 11237954
    Abstract: Provided herein may be a controller and a data storage system having the controller. The controller may include a mapping time generator configured to generate a first mapping time at which a logical block address and a physical block address are mapped to each other, an internal memory configured to store first address mapping information including an address map, and the first mapping time, a host interface configured to transmit the first address mapping information to a host, and receive second address mapping information from the host, and a central processing unit configured to generate the address map, store the first address mapping information in the internal memory, compare a second mapping time included in the second address mapping information with the first mapping time, and select a read mode based on a result of the comparison.
    Type: Grant
    Filed: June 8, 2020
    Date of Patent: February 1, 2022
    Assignee: SK hynix Inc.
    Inventors: Hye Mi Kang, Eu Joon Byun
  • Patent number: 11233633
    Abstract: Method and system of secured direct link set-up (DLS) for wireless networks. In accordance with aspects of the method, techniques are disclosed for setting up computationally secure direct links between stations in a wireless network in a manner that is computationally secure. A direct link comprising a new communication session is set up between first and second stations in a wireless local area network (WLAN) hosted by an access point (AP), the direct link comprising a new communication session. The AP generates a unique session key for the new communication session and transfers secured copies of the session key to each of the first and second stations in a manner under which only the first and second stations can obtain the session key. A security mechanism is then implemented on the unsecured direct link to secure the direct link between the first and second stations using a secure session key derived from the session key.
    Type: Grant
    Filed: November 13, 2018
    Date of Patent: January 25, 2022
    Assignee: INTEL CORPORATION
    Inventors: Jesse Walker, Shlomo Ovadia, Suman Sharma
  • Patent number: 11233661
    Abstract: A device and a method for authenticating an application in an execution environment in a trust zone are provided. The method includes executing a client application (CA) in a normal world, receiving, in the normal world, a request for receiving a service of a trusted application (TA) of a secure world from the CA, acquiring, when the request is received in the normal world, source information of the CA loaded in a memory of the device, acquiring, in the normal world, first hash information from the source information, providing, to the secure world, the first hash information together with signature information and a sub certificate included in the CA, and authenticating the CA based on the sub certificate and a root certificate of the TA in the secure world.
    Type: Grant
    Filed: February 25, 2020
    Date of Patent: January 25, 2022
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Jinha Hwang, Kyungsoo Kwag, Inho Kim, Dongsun Lee, Jungkyuen Lee, Jongtak Lee, Kyungim Jung
  • Patent number: 11228423
    Abstract: A method includes: a first device sending to a second device a deployment request for deploying a homomorphically-encrypted data model on the second device, wherein the deployment request comprises ciphertext model parameters and a public key for the homomorphic encryption; the second device obtaining a first ciphertext security assessment index through computation using the ciphertext model parameters, and sending the same to the first device; the first device decrypting the received first ciphertext security assessment index using a private key corresponding to the public key to generate a plaintext security assessment index, and forwarding the plaintext security assessment index to the second device; and the second device encrypting the plaintext security assessment index using the public key to generate a second ciphertext security assessment index, comparing both indices to determine consistency for determining whether to deploy the homomorphically-encrypted data model.
    Type: Grant
    Filed: March 31, 2020
    Date of Patent: January 18, 2022
    Assignee: ADVANCED NEW TECHNOLOGIES CO., LTD.
    Inventor: Fangyuan Ruan
  • Patent number: 11228584
    Abstract: A method for use in a hybrid network ecosystem comprising an enterprise network and a reconciliation network is presented. The method comprises generating, by at least one first computing node in the enterprise network or the reconciliation network, a first digital facilitator, wherein the first digital facilitator provides one or more parameters for accessing or distributing data on a distributed ledger in the enterprise network, and wherein a private key is used for performing a computing operation, based on the data, in the enterprise network. The method also comprises generating, by the at least one first computing node in the enterprise network or the reconciliation network or at least one second computing node in the enterprise network or the reconciliation network, a second digital facilitator, wherein the second digital facilitator provides the one or more parameters for accessing or distributing the data in the reconciliation network.
    Type: Grant
    Filed: May 16, 2019
    Date of Patent: January 18, 2022
    Assignee: SpeedChain, Inc.
    Inventors: Daniel Cage, Padmakar Kankipati, Norman R. Silverman
  • Patent number: 11228903
    Abstract: The methods, systems, and computer readable media discussed herein are directed to enabling a fifth generation cellular-wireless access technology (5G) user equipment (UE) to receive 5G service using a fourth generation cellular-wireless access technology (4G) subscriber identity module (SIM). Upon powering on, the 5G UE may determine whether a mobile network operator (MNO) public key file exists in the 4G SIM. Upon determining that the MNO public key file exists in the 4G SIM, the 5G UE may retrieve a MNO public key value from the MNO public key file, read a subscription permanent identifier (SUPI) from the 4G SIM, generate a subscription concealed identifier (SUCI) based on the SUPI and the MNO public key value, send the SUCI to a 5G mobile network for registering the 5G UE, and begin receiving 5G services from the 5G mobile network.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: January 18, 2022
    Assignee: T-Mobile USA, Inc.
    Inventors: Kyeong Hun An, Phani Ramisetty, Mathew George
  • Patent number: 11218313
    Abstract: A trusted device is positioned within a private consensus network. The trusted device includes a memory and processing circuitry in communication with the memory. The processing circuitry is configured to obtain, from a private distributed ledger associated with the private consensus network, rules associated with the private consensus network, the private distributed ledger being accessible only to devices positioned within the private consensus network, to identify one or more other trusted devices positioned within the private consensus network, to receive, from an unidentified device positioned within the private consensus network, an identity verification request to identify the unidentified device within the private consensus network, to determine, based on the obtained rules, whether to approve or deny the identity verification request, and to communicate, to the one or more other trusted devices, a vote indicative of the determination of whether to approve or deny the identity verification request.
    Type: Grant
    Filed: December 5, 2019
    Date of Patent: January 4, 2022
    Assignee: Equinix, Inc.
    Inventors: Srinivasan Raghavan, Sreekanth Narayanan, Neeraj Kumar Kukreti
  • Patent number: 11218465
    Abstract: Disclosed is a computer-implemented method for establishing a secure connection between two electronic computing devices which are located in a network environment, the two electronic computing devices being a first computing device offering the connection and a second computing device designated to accept the connection, the method comprising executing, by at least one processor of at least one computer, a connection-establishing application for exchanging an information packet between the first computing device and the second computing device comprising a secret usable for establishing the connection, and evaluating a response from the second computing device for establishing the secure connection.
    Type: Grant
    Filed: January 29, 2017
    Date of Patent: January 4, 2022
    Assignee: BEAME.IO LTD.
    Inventors: Zeev Glozman, Markus Neff
  • Patent number: 11218918
    Abstract: Techniques for efficient roaming of clients between access points (APs) of a wireless data communications network are described. A first AP receives a request for a first client device to join the network. The request specifies at least a unique identifier for the first client device. An identifier for a second AP is identified by processing the unique identifier using a predefined hash function. The second AP is one of at least two APs configured to each redundantly store network state information relating to the first client device. A network address of the second AP is determined. A first request to is transmitted to the network address, for network state information including a pairwise master key (PMK) and profile information. The PMK and the profile information are received. The first client device is authenticated and a connection is established between the first client device and the network.
    Type: Grant
    Filed: July 27, 2020
    Date of Patent: January 4, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Prashant Kumar, Tirthankar Ghose
  • Patent number: 11218325
    Abstract: This specification describes techniques for managing assets in a blockchain. One example method includes receiving, from a target user recorded in a distributed database of a blockchain network, a user input including a request to update a status of a target object, determining, based on a contract object, whether the target user is a member user with an update permission for the target object, the contract object being published in the blockchain network and corresponding to an asset type of the target object, wherein the target object was created using the contract object, and in response to determining that the target user has the update permission for the target object, performing a status update on the target object by using the contract object.
    Type: Grant
    Filed: December 23, 2019
    Date of Patent: January 4, 2022
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Xuebing Yan
  • Patent number: 11218466
    Abstract: Systems, devices, and techniques are disclosed for endpoint security. A user identifier entered into a first authentication screen used to access endpoints hosted on a server system may be received from a user computing device. The user identifier may be determined to be an invalid user identifier for the server system. The user identifier may be hashed to generate a hashed user identifier. An endpoint number may be determined as the hashed user identifier modulo a number of endpoint records assigned numbers on the server system. An endpoint URL may be retrieved from an endpoint record of the server system that is associated with a number equal to the endpoint number. The endpoint URL and data for a second authentication screen including a control for password entry may be sent to the user computing device. The endpoint URL may be displayed on the second authentication screen.
    Type: Grant
    Filed: December 19, 2018
    Date of Patent: January 4, 2022
    Assignee: salesforce.com, inc.
    Inventors: John Rice, Thomas B. Kashin
  • Patent number: 11212099
    Abstract: Some embodiments relate to an electronic network node (110) configured for a cryptographic operation. The network node obtains a shared matrix (A) by selecting integers, polynomials, and/or polynomial-coefficients from a shared pool, the shared pool being shared with the second network node, wherein the selecting is done according to one or more selection functions.
    Type: Grant
    Filed: October 12, 2018
    Date of Patent: December 28, 2021
    Assignee: Koninklijke Philips N.V.
    Inventors: Oscar Garcia Morchon, Ludovicus Marinus Gerardus Maria Tolhuizen
  • Patent number: 11210658
    Abstract: In a general aspect, a distributed ledger transaction is generated on a cold hardware wallet. Generating the distributed ledger transaction includes receiving, at the cold hardware wallet, ledger information from a network-connected device via a private module-to-device communication link. The ledger information may include account information for the distributed ledger transaction, and a timestamp identifying when the account information was received by the network-connected device from a public network. The cold hardware wallet may generate a message based on the account information, identify a private key stored in the cold hardware wallet, generate a digital signature based on the message and the private key, and generate the distributed ledger transaction based on the message and the digital signature. The cold hardware wallet may send the distributed ledger transaction to the network-connected device via the private module-to-device communication link for forwarding to the public network for settlement.
    Type: Grant
    Filed: April 28, 2021
    Date of Patent: December 28, 2021
    Assignee: iCoin Technology, Inc.
    Inventors: Chester Silvestri, Adam Silvestri, Douglas Kadlecek
  • Patent number: 11201859
    Abstract: A method and apparatus for providing tenant specific encryption is described herein. According to an embodiment, a transmission site receives a data packet for transmission or forwarding. The transmission site determines, based on information in a header of the data packet, that the data packet is to be encrypted before transmission or forwarding. Using the information in the header, the transmission site identifies an encryption key for the data packet. The transmission site generates, for the data packet, an additional header and populates the additional header with a destination port number based on a destination port header value of the data packet. The transmission site overwrites the destination port header value of the packet with data indicating that the data packet is encrypted and then encrypts an encapsulated packet within the data packet using the encryption key prior to transmitting or forwarding the data packet.
    Type: Grant
    Filed: October 17, 2018
    Date of Patent: December 14, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Javed Asghar, Sridhar Vallepalli, Govind Prasad Sharma, Eshwar Rao Yedavalli