Having Key Exchange Patents (Class 713/171)
  • Patent number: 9705673
    Abstract: System, device, and method of provisioning cryptographic assets to electronic devices. A delegation message is generated at a first provisioning server. The delegation message indicates provisioning rights that are delegated by the first provisioning server to a second provisioning server with regard to subsequent provisioning of cryptographic assets to an electronic device. The delegation message includes an association key unknown to the first provisioning server, encrypted using a public key of the electronic device. The delegation message further includes a public key of the second provisioning server. The electronic device locally generates the association key, which is unknown to the first provisioning server. The delegation message is delivered to the electronic device. Based on the delegation message, cryptographic assets are provisioned by the second provisioning server to the electronic device, using the association key.
    Type: Grant
    Filed: September 21, 2015
    Date of Patent: July 11, 2017
    Assignee: ARM Technologies Israel Ltd.
    Inventors: Hagai Bar-El, Alexander Klimov, Asaf Shen
  • Patent number: 9706397
    Abstract: An apparatus and method for configuring a wireless station for use within a wireless local area network are disclosed. In at least one exemplary embodiment, a pairwise master key is generated by the wireless station and an access point within the wireless local area network. The pairwise master key may be based, at least in part, on a transient identity key pair of the wireless station. The transient identity key pair may be generated by the wireless station in response to receiving a message from the access point. In some embodiments, a public transient identity key of the transient identity key pair may be provided to additional access points to enable the wireless station to authenticate with the additional access points.
    Type: Grant
    Filed: March 9, 2016
    Date of Patent: July 11, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Olivier Jean Benoit, Peerapol Tinnakornsrisuphap
  • Patent number: 9697298
    Abstract: A method used to authenticate an item using an identification tag is provided. At the time of manufacture, the tags are created with various hardware attributes (HA), including a unique identifier (UID); and encoded with a signature of a message that includes a URL, and optionally a serial number associated with a product to which the tag is to be attached. The URL embeds various data such as one or more of the HAs, a serial number, etc., which can be used to verify the authenticity of the tag when verifying the signature. When a tag is read, the message including the URL is recovered and the signature is verified by the processor of the reader. This can be done to ensure that the URL in the message is one designated by the signer. The data in the signature can then be used to verify the authenticity of the tag and/or to detect tampering. The results of the verification can also be displayed to a user, e.g., using an available display on the electronic device including or otherwise acting as the tag reader.
    Type: Grant
    Filed: July 30, 2015
    Date of Patent: July 4, 2017
    Assignee: ETAS Embedded Systems Canada Inc.
    Inventors: Anthony Rosati, Jason Smith
  • Patent number: 9699145
    Abstract: A method comprising using at least one hardware processor for: receiving input from a user with respect to masking of a data element in one or more documents of a java script object notation (JSON) type, wherein the input comprises: an identifier of the data element, and one or more constraints for masking the data element based on the hierarchy of the one or more documents of the JSON-type; and generating a masking rule for the one or more documents of the JSON-type based on the input.
    Type: Grant
    Filed: October 29, 2014
    Date of Patent: July 4, 2017
    Assignee: Internationl Business Machines Corporation
    Inventors: Ron Ben-Natan, Tamar Domany, Ariel Farkash, Igor Gorkhman, Abigail Goldsteen, Boris Rozenberg
  • Patent number: 9692736
    Abstract: An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire.
    Type: Grant
    Filed: December 26, 2016
    Date of Patent: June 27, 2017
    Assignee: Akamai Technologies, Inc.
    Inventors: Charles E. Gero, Philip A. Lisiecki
  • Patent number: 9684898
    Abstract: Systems and methods can secure personal identification numbers associated with secure elements within mobile devices. A host application of the mobile device can receive a personal identification number (PIN) or user PIN from a user. The application can generate one or more random PIN components. The application can compute a PIN for the secure element based upon the user PIN and each of the one or more random components. The SE can be configured using the PIN computed for the secure element. Each of the one or more random components may be stored in one or more distinct, diverse locations. In addition to entering the correct user PIN, each of the one or more random components must be retrieved from the diverse locations in order to reconstruct the PIN for the secure element whenever performing a transaction using the secure element.
    Type: Grant
    Filed: September 25, 2013
    Date of Patent: June 20, 2017
    Assignee: GOOGLE INC.
    Inventors: Ismail Cem Paya, Robert Lieh-Yuan Tsai
  • Patent number: 9680642
    Abstract: In order to overcome the limitation of the prior art quantum key terminal equipment not being able to operate across different segments, the present invention discloses a quantum cryptography service network implementation technique to let a point-to-point quantum key equipment in one segment be redesigned to cooperate with other quantum key equipment in other segments to form a quantum key service network. As opposed to the prior art technique of having each segment generates its own quantum key, the present invention can map one pair of quantum key equipment with another pair of quantum key equipment, or map multiple pairs of quantum key equipment connected in series to have quantum keys entirely or partly shared by the quantum key equipment. Therefore, the generated quantum keys can be used across different segments. Each node in the quantum key service network can provide the quantum key to nearby telecommunication equipment in the telecommunication network of the same premises.
    Type: Grant
    Filed: February 17, 2011
    Date of Patent: June 13, 2017
    Assignee: CHUNGHWA TELECOM CO., LTD.
    Inventors: Tzuoh-Chyau Yeh, I-Ming Tsai
  • Patent number: 9673976
    Abstract: A method for encryption of blocks of data is provided including the steps of: encrypting a block of data using a current random number generated for the block of data; encoding the current random number using one or more of a set of previous random numbers, each of the set of previous random numbers having been used to encrypt a previously sent block of data; and transmitting the encrypted block of data with the one or more versions of the encoded current random number, each version for a different one of the previous random numbers.
    Type: Grant
    Filed: July 28, 2015
    Date of Patent: June 6, 2017
    Assignee: International Business Machines Corporation
    Inventor: Philip G. Willoughby
  • Patent number: 9668134
    Abstract: The subject matter described herein includes methods, systems, and computer readable media for access network protocol interworking and authentication proxying. One method includes receiving an authentication request from a node in an access network for authenticating a user using cellular network authentication. The method further includes, in response to the request, using a native protocol of the cellular network to obtain an authentication challenge from a node in the cellular network. The method further includes communicating the authentication challenge to the node in the access network. The method further includes receiving a response to the authentication challenge from the node in the access network. The method further includes determining whether the response matches an expected response. The method further includes, in response to determining that the response matches the expected response, communicating an indication of successful authentication to the node in the access network.
    Type: Grant
    Filed: August 14, 2015
    Date of Patent: May 30, 2017
    Assignee: Oracle International Corporation
    Inventor: Thomas Matthew McCann
  • Patent number: 9668230
    Abstract: A method, system and computer program product in a wireless gateway to provide secured communications over a wireless network and a wired network is provided herein. The method includes the steps of receiving a first authentication credential from a wireless device and mapping the first authentication credential to a second authentication credential. The method further includes transmitting the second authentication credential to an authentication server and receiving a first authentication response from the authentication server. The method also includes generating a first shared secret and a second shared secret if the first authentication response indicates that authentication is successful and transmitting a second authentication response to the wireless device. The first shared secret is used to setup a first secured channel for communications with a service provider over a wired network and the second shared secret is used to setup a second secured channel for communications with the wireless device.
    Type: Grant
    Filed: November 10, 2010
    Date of Patent: May 30, 2017
    Assignee: Avago Technologies General IP (Singapore) Pte. Ltd.
    Inventors: Gordon Yong Li, Victor T. Hou, Xuemin Chen
  • Patent number: 9667626
    Abstract: A method is to be implemented using a network authentication device and a user end for authenticating the user end. The network authentication device stores hardware information associated with unique identification codes of hardware components of the user end. In the method, the user end executes a terminal program for scanning the hardware components to obtain the identification codes, for establishing a hardware list according to the identification codes, and for automatically sending to the network authentication device verification data associated with the hardware list without user operation. The network authentication device verifies identity of the user end based on the verification data and the hardware information.
    Type: Grant
    Filed: October 13, 2015
    Date of Patent: May 30, 2017
    Assignee: KEYPASCO AB
    Inventor: Maw-Tsong Lin
  • Patent number: 9654287
    Abstract: A mobile secret communications method based on a quantum key distribution network, comprises the following steps: a mobile terminal registering to access the network and establishing a binding relationship with a certain centralized control station in the quantum key distribution network; after a communication service is initiated, the mobile terminals participating in the current communication applying for service keys from the quantum key distribution network; the quantum key distribution network obtaining addresses of the centralized control stations participating in service key distribution during the current communication, designating a service key generation centralized control station according to a current state indicator of each centralized control station; the service key generation centralized control station generating service keys required in the current communication and distributing the keys to the mobile terminals participating in the current communication.
    Type: Grant
    Filed: June 6, 2014
    Date of Patent: May 16, 2017
    Assignees: QUANTUMCTEK CO., LTD., SHANDONG INSTITUTE OF QUANTUM SCIENCE AND TECHNOLOGY CO., LTD
    Inventors: Yong Zhao, Chunhua Liu
  • Patent number: 9654975
    Abstract: A method for authenticating a mobile device includes: probing by the mobile device a fading channel which connects the mobile device to a first radio base station; determining a secret held in common with the first radio base station as a function of a physical property of the fading channel; storing the in-common secret; receiving a first request for the in-common secret from a second radio base station; and, in response to the first request, sending a proof of knowledge of the in-common secret to the second radio base station.
    Type: Grant
    Filed: June 22, 2015
    Date of Patent: May 16, 2017
    Assignee: ROBERT BOSCH GMBH
    Inventors: Rene Guillaume, Paulius Duplys
  • Patent number: 9633221
    Abstract: An authentication method for accessing a user account of a service (28) on a data network (26), includes the following steps: reception (E20) by the service (28) of a request from a consulting device (10) for the service (28), the request including a first authentication information element, reception (E60) by the service (28) of an information element sent by an authentication security device manager (34), the information received by the service (28) being based on a second authentication information element originating from a security device (16; 18) associated with the user account, and authentication by the service (28), based on the first authentication information element and the information received from the authentication security device manager (34).
    Type: Grant
    Filed: November 18, 2014
    Date of Patent: April 25, 2017
    Assignee: OBERTHUR TECHNOLOGIES
    Inventors: Florian Vallee, Vincent Guerin
  • Patent number: 9628450
    Abstract: A method for data privacy in a distributed communication system including a plurality of client terminals merges encrypted streaming data using tree-like encryption key switching and without sharing any private keys in a distributed communication system. The merged data is then sent to client terminals to be further process by respective client terminals.
    Type: Grant
    Filed: April 16, 2014
    Date of Patent: April 18, 2017
    Assignee: RAYTHEON BBN TECHNOLOGIES CORP.
    Inventor: Kurt Ryan Rohloff
  • Patent number: 9628523
    Abstract: Disclosed are an apparatus and method of remotely communicating with a managed machine. One example method of operation may include selecting the managed machine operating in a communication network, transmitting a connection request message to the managed machine and establishing a secure connection between the managed machine and an administrator machine. The example method may also include responsive to connecting with the managed machine, executing a host service on the managed machine, and connecting to the host service over the communication network via an application client operating on the administrator machine.
    Type: Grant
    Filed: September 6, 2016
    Date of Patent: April 18, 2017
    Assignee: KASEYA LIMITED
    Inventor: Derek Rodrigues
  • Patent number: 9614822
    Abstract: A node device in a network system includes a memory and a processor. The node device is identified with a first value related to a first element and a second value related to a second element. The memory stores a first key corresponding to the first value, a second key corresponding to the second value, first information on a first range of values and second information on a second range of values, at least one of the first key and the second key being shared by at least three or more node devices in the network system. The processor communicates with one of at least three or more node devices indicated by the first value related to the first element and the second value related to the second element using one of the first key and the second key.
    Type: Grant
    Filed: January 20, 2015
    Date of Patent: April 4, 2017
    Assignee: FUJITSU LIMITED
    Inventors: Yumi Sakemi, Tetsuya Izu
  • Patent number: 9608971
    Abstract: A method comprising the use of a bootstrapping protocol to define a security relationship between a first server and a second server, the first and second servers co-operating to provide a service to a user terminal. A bootstrapping protocol is used to generate a shared key for securing communication between the first server and the second server. The shared key is based on a context of the bootstrapping protocol, and the context is associated with a Subscriber Identity Module (SIM) associated with the user terminal and provides a base for the shared key. A method of the invention may, for example, be employed within a computing/service network such as a “cloud”, and in particular for communications between two servers in the cloud that are co-operating to provide a service to a user.
    Type: Grant
    Filed: September 8, 2011
    Date of Patent: March 28, 2017
    Assignee: Telefonaktiebolaget LM Ericcson (publ)
    Inventors: Kristoffer Gronowski, Shingo Murakami, Mats Näslund
  • Patent number: 9608804
    Abstract: Method and system for secure key authentication and key ladder are provided herein. Aspects of the method for secure key authentication may include generating a digital signature of a secure key in order to obtain a digitally signed secure key and transmitting the digitally signed secure key from a first location to a second location. The digital signature may be generated by utilizing an asymmetric encryption algorithm and/or a symmetric encryption algorithm. The digitally signed secure key may be encrypted prior to transmission. The secure key may be a master key, a work key and/or a scrambling key. The digitally signed secure key may be received at the second location and the digitally signed secure key may be decrypted to obtain a decrypted digitally signed secure key.
    Type: Grant
    Filed: June 14, 2013
    Date of Patent: March 28, 2017
    Assignee: Avago Technologies General IP (Singapore) Pte. Ltd.
    Inventors: Sherman (Xuemin) Chen, Steve Rodgers
  • Patent number: 9596245
    Abstract: A one-way interface for a network device which secures status registers therein from unauthorized changes. The interface includes a first server, a one-way data link and a second server. The first server is coupled to the status registers to read information stored therein. The first server reads the information from the status registers and transmits the information on an output. The one-way data link has an input coupled to the output of the first server and an output. The second server has an input coupled to the output of the one-way data link and an output coupled to a network. The second server receives the information from the first server via the one-way data link. The second server transmits the information on the output to a predetermined network destination and/or provides a user interface for providing access to the information via the network.
    Type: Grant
    Filed: April 4, 2013
    Date of Patent: March 14, 2017
    Assignee: Owl Computing Technologies, Inc.
    Inventors: Ronald Mraz, Gabriel Silberman
  • Patent number: 9596706
    Abstract: A delivery method between a terminal device and a delivery device, the method includes: causing the terminal device to request a connection to the delivery device, and request the delivery device to update information to be delivered when the terminal device is connected to the delivery device; and causing the delivery device to deliver delivery target information stored in a storage unit, to interrupt delivery of the delivery target information and to switch to connection to the terminal device, when the connection request is made by the terminal device, to authenticate the terminal device, to restart delivery of the delivery target information when an authentication is not obtained in a first predetermined period, and to update the delivery target information stored in the storage unit in response to a request from the terminal device when the authentication is obtained in the first predetermined period.
    Type: Grant
    Filed: February 25, 2016
    Date of Patent: March 14, 2017
    Assignee: FUJITSU LIMITED
    Inventors: Masako Kimura, Yusuke Nomiyama, Hideaki Kawano, Shinobu Wakabayashi, Atsushi Miura
  • Patent number: 9584313
    Abstract: A streaming one time pad cipher using rotating ports for data encryption uses a One Time Pad (OTP) and an Exclusive Or (XOR) (or other cipher) with a public key channel to encrypt and decrypt OTP data. There is no method in cryptography to thwart the OTP/XOR method and it is proven impossible to crack. The method also rotates the ports of the channels periodically to increase communication obfuscation. Through pre-fetching and cache of OTP data, latency increases from encryption are kept to an absolute minimum as the XOR for encryption and decryption is done with a minimal number of instructions.
    Type: Grant
    Filed: December 16, 2013
    Date of Patent: February 28, 2017
    Assignee: INTROSPECTIVE POWER, INC.
    Inventor: Anthony Scott Thompson
  • Patent number: 9571288
    Abstract: Disclosed are various embodiments for facilitating the distribution of files from a file repository. Files from a file repository can be distributed via peer to peer transmissions where the peer devices can perform authentication functions. The authentication can be performed based upon metadata associated with the files as well as based upon authentication requests submitted to an authentication server.
    Type: Grant
    Filed: April 15, 2015
    Date of Patent: February 14, 2017
    Assignee: AirWatch LLC
    Inventors: Ramani Panchapakesan, Akshay Laxminarayan, Sivaji Koya
  • Patent number: 9565173
    Abstract: The present invention generally relates to systems and methods for establishing trusted, secure communications from a mobile device, such as a smart phone, to an immobile device, such as a multi-function device. The disclosed techniques can include the immobile device displaying a pattern that encodes a cryptographic key. The mobile device can obtain an image of the pattern and decode it to obtain the cryptographic key. Because the mobile device obtained the image within its line-of-sight, for example, it can be assured that it communicated with the immobile device, and only the immobile device. The mobile device and the immobile device can use the cryptographic key to secure further communications.
    Type: Grant
    Filed: March 26, 2013
    Date of Patent: February 7, 2017
    Assignee: XEROX CORPORATION
    Inventors: Roger T. Kramer, Gavan L. Tredoux
  • Patent number: 9542825
    Abstract: A cold chain transportation device includes a body, a cover, and a detection system. The cover is coupled to the body. The detection system includes a control unit, a temperature sensor, and a detection unit. The temperature sensor senses a temperature of the cold chain transportation device. The detection unit detects opened/closed states of cover. The control unit determines motion states and working states of the cold chain transportation device and transmits the temperature, the opened/closed states, the motion states, and the working states of the cold chain transportation device to an electronic terminal.
    Type: Grant
    Filed: January 6, 2015
    Date of Patent: January 10, 2017
    Assignee: HON HAI PRECISION INDUSTRY CO., LTD.
    Inventor: Zong-Yuan Sun
  • Patent number: 9544048
    Abstract: Various aspects of the present disclosure enable a persistent docking procedure that, once a persistent docking environment has been established, can simplify the future establishment of a docking environment between the dockee and docking host. Other aspects, embodiments, and features are also claimed and described.
    Type: Grant
    Filed: February 6, 2013
    Date of Patent: January 10, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Vijayalakshmi R. Raveendran, Xiaolong Huang
  • Patent number: 9536076
    Abstract: An automatic train operation system includes a first control system configured to run a first software for controlling a first vehicle subsystem and a second control system configured to run a second software for controlling a second vehicle subsystem. The automatic train operation system also includes a software verification controller. The software verification controller is configured to identify a first identifier of the first software and a second identifier of the second software as a software configuration and determine whether the software configuration is preapproved. The software verification controller is also configured to, if the software configuration is preapproved, authorize the first control system and the second control system to run the first and second software.
    Type: Grant
    Filed: April 17, 2015
    Date of Patent: January 3, 2017
    Assignee: Electro-Motive Diesel, Inc.
    Inventors: Venkata Swamy Reddy Gajulapalli, Russell Kubycheck, James Seaton, Alexander Shubs, Jr., Ola Tannous
  • Patent number: 9531566
    Abstract: A control apparatus for controlling packet transfer between terminals belonging to a first virtual network identified by a first identifier includes a network configuration information management unit for holding configuration information on a second virtual network identified by a second identifier so that the terminals belong to the second virtual network; and a path control unit for controlling communication between the terminals based on the configuration information on the second virtual network.
    Type: Grant
    Filed: July 1, 2011
    Date of Patent: December 27, 2016
    Assignee: NEC Corporation
    Inventor: Shuji Ishii
  • Patent number: 9526003
    Abstract: The present invention is related to a method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.
    Type: Grant
    Filed: February 25, 2008
    Date of Patent: December 20, 2016
    Assignee: Nokia Solutions and Networks Oy
    Inventors: Marc Blommaert, Guenther Horn
  • Patent number: 9519761
    Abstract: Systems, methods, and devices for authenticating a user are provided. A device includes one or more processors configured to determine if a requested service requires high quality authentication, generate a request for high quality authentication if the requested service requires high quality authentication, and generate a request for low quality authentication if the requested service requires low quality authentication. The device also include a network interface component coupled to a network, the network interface component configured to: receive the request for the service requiring authentication, and a memory, the memory storing high quality authentication information and low quality authentication information for authenticating the user.
    Type: Grant
    Filed: September 6, 2012
    Date of Patent: December 13, 2016
    Assignee: PAYPAL, INC.
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 9516567
    Abstract: Methods and apparatus to provide packet switched service continuity during circuit switched fallback operation are described. One example method includes determining a set of access technologies available to a User Equipment (UE); identifying a WLAN access network from the set of access technologies; identifying a 3GPP RAT from the set of access technologies; prioritizing the WLAN access network type with respect to types of 3GPP RAT; and selecting one access technology from amongst the identified WLAN access network and the 3GPP RAT according to the prioritizing.
    Type: Grant
    Filed: June 10, 2015
    Date of Patent: December 6, 2016
    Assignee: BlackBerry Limited
    Inventors: Stefano Faccin, Wei Wu, Chen Ho Chin
  • Patent number: 9515996
    Abstract: An authentication system comprises a plurality of servers storing respective shares of a private key, and a controller associated with the servers. The authentication system is configured to receive a message comprising a password encrypted using a public key corresponding to the private key. The controller directs performance of distributed password-based authentication in the authentication system based at least in part on the encrypted password utilizing the shares of the private key stored in the respective servers. The message is formatted in a manner consistent with an authentication protocol that normally utilizes public key signatures as a mechanism for authentication but is modified to support password-based authentication. For example, the message may be formatted in a manner consistent with a request message of a Kerberos PKINIT protocol extension.
    Type: Grant
    Filed: June 28, 2013
    Date of Patent: December 6, 2016
    Assignee: EMC IP Holding Company LLC
    Inventors: Ari Juels, Gareth Richards
  • Patent number: 9509510
    Abstract: According to an embodiment, a communication device includes a first manager, and a second manager, a first communication unit, a determination unit, a controller, and a second communication unit. The first manager shares a first cryptographic key with a first external device connected via a link. The second manager shares a second cryptographic key to be provided to an application, with the first external device and with a second external device connected via links. The first communication unit transmits the second cryptographic key to the first external device. The determination unit determines whether a device with which the second cryptographic key is to be shared is the first external device. If it is affirmative, the controller controls the second manager to share, as the second cryptographic key, a cryptographic key obtained by converting the first cryptographic key. The second communication unit provides the application with the second cryptographic key.
    Type: Grant
    Filed: March 12, 2015
    Date of Patent: November 29, 2016
    Assignee: Kabushiki Kaisha Toshiba
    Inventor: Yoshimichi Tanizawa
  • Patent number: 9503444
    Abstract: A home network router and method of operation are provided for seamlessly sharing access to a network service by multiple devices in a home network by configuring the home network router to receive and store authenticated user credentials for the network service at the home network router after associating the user credentials with the network service so that, upon reception of a second user request from a second client device to access the network service, the user credentials are retrieved from the home network router for direct delivery to and authentication by the network service without requiring re-entry of the one or more user credentials from the second client device.
    Type: Grant
    Filed: February 20, 2015
    Date of Patent: November 22, 2016
    Assignee: International Business Machines Corporation
    Inventors: Darryl M. Adderly, Jonathan W. Jackson, Ajit J. Jariwala, Eric B. Libow
  • Patent number: 9503448
    Abstract: Methods, devices, and machine-readable media are provided to provide secure communications between entities. As provided in this disclosure, this may include receiving a request to begin a new communication session, determining one or more desired parameters of the session, and determining whether the desired parameters of the message match proposed parameters provided by the entity requesting the new communication session. When the one or more proposed parameters match the one or more desired parameters, a secure communication session is established between the entities.
    Type: Grant
    Filed: October 7, 2014
    Date of Patent: November 22, 2016
    Assignee: Google Inc.
    Inventor: Jay D. Logue
  • Patent number: 9503476
    Abstract: Methods, systems, and devices are described for the prevention of network peripheral takeover activity. Peripheral devices may implement an anti-takeover mechanism limiting the number of available device command classes when certain handshake and verification requirements are not met. Anti-takeover peripheral devices with protection enabled may be relocated within a controller network, or in certain cases, from one controller network to another controller network when certain conditions are met. That same device may be hobbled when removed from a controller network and may remain hobbled when connected to another network that fails to meet certain conditions. Unprotection and unhobbling of a device may occur through an algorithmic mechanism using values stored on the peripheral device and the controller device for one or more of anti-takeover code generation, anti-takeover code comparison, network identification value comparison, and manufacturer identification value comparison.
    Type: Grant
    Filed: January 28, 2014
    Date of Patent: November 22, 2016
    Assignee: Vivint, Inc.
    Inventor: Jeremy B. Warren
  • Patent number: 9497185
    Abstract: Systems, methods, and computer program products are provided for application validation. A first request is transmitted to a ticket generation application. A first ticket is received, including a first unencrypted portion and a first encrypted portion. A second request is transmitted to the ticket generation application. A second ticket is received, including a second unencrypted portion and a second encrypted portion. The first and second unencrypted portions are concatenated to form an unencrypted shared encryption key. The first and second encrypted portions are concatenated to form an encrypted shared encryption key. The unencrypted shared encryption key is stored in a memory, and the encrypted shared encryption key is transmitted to a server.
    Type: Grant
    Filed: December 11, 2014
    Date of Patent: November 15, 2016
    Assignee: GOOGLE INC.
    Inventor: Weimin Tsai
  • Patent number: 9485254
    Abstract: Methods for authenticating a security device at a local network location for providing a secure access from the local network location to a remote network location are provided. A security device is registered by installing private security software on the security device that generates an asymmetrical encryption key pair including an encryption key and a decryption key. The encryption key is stored only on the security device and the decryption key is stored only on a remote server. Embodiments of the present invention provide increased security by not storing the encryption key on the remote server so that attackers stealing data from the server cannot pretend to a user having the registered security device. A corresponding system for authenticating a security device is also provided.
    Type: Grant
    Filed: March 2, 2015
    Date of Patent: November 1, 2016
    Assignee: INBAY TECHNOLOGIES INC.
    Inventors: Randy Kuang, Stanislus Kisito Xavier, David Michael Mann, Robert Frank Steklasa, Stephen George Wilson, He Zhu, Nicolas Johannes Sebastian Bettenburg
  • Patent number: 9483657
    Abstract: The data vaporizer provides secure online distributed data storage services that securely store and retrieve data in a public distributed storage substrate such as public cloud. The data vaporizer vaporizes (e.g., fragmented into tiny chunks of configurable sizes) data and distributes the fragments to multiple storage nodes so that the data is not vulnerable to local disk failures, secures data so that even if some of the storage nodes are compromised, the data is undecipherable to the attacker, stores data across multiple cloud storage providers and/or parties using keys (e.g., tokens) provided by multiple parties (including the owners of the data) and maintains data confidentiality and integrity even where one or more data storage provider is compromised. The data vaporizer is configurable for different domain requirements including data privacy and anonymization requirements, encryption mechanisms, regulatory compliance of storage locations, and backup and recovery constraints.
    Type: Grant
    Filed: January 10, 2014
    Date of Patent: November 1, 2016
    Assignee: Accenture Global Services Limited
    Inventors: Sanjoy Paul, Shubhashis Sengupta, Annervaz Karukapadath Mohamedrasheed, Amitabh Saxena, Vikrant Kaulgud
  • Patent number: 9485092
    Abstract: A transaction device for establishing a shared secret with a point of interaction (POI) over a communications network to enable encrypted communications between the transaction device and the point of interaction, the device comprising: an input arranged to receive communications from the point of interaction; a processor arranged to generate a first communication according to a Diffie-Hellman protocol; an output arranged to send the first communication to the point of interaction; wherein the processor is arranged to apply a randomly generated blinding factor, r, when generating the first communication and wherein, in response to receiving a second communication from the point of interaction at the input, the second communication having been generated according to the Diffie-Hellman protocol, the processor is arranged to apply the randomly generated blinding factor and generate a shared secret according to the Diffie-Hellman protocol in dependence on data contained within the second communication.
    Type: Grant
    Filed: June 6, 2014
    Date of Patent: November 1, 2016
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Patrik Smets, Patrick Mestre, Dave Roberts, Duncan Garret
  • Patent number: 9473474
    Abstract: An identity is communicated by a client device to a server without requiring the identity to be disclosed to eavesdroppers and without requiring the use of symmetric or asymmetric cryptography. In one example, the identity is an identity of the client device, where the identity has been assigned to the client device by the server through the provisioning of a unique subset of client-identifying keys. In another example, the identity is an identity of a group shared secret that has been provisioned by the server to the client device.
    Type: Grant
    Filed: July 16, 2014
    Date of Patent: October 18, 2016
    Assignee: BlackBerry Limited
    Inventor: David Robert Suffling
  • Patent number: 9473513
    Abstract: In one embodiment, a computer-implemented method includes, in response to an attempt by a user to perform a transaction using a computing device, accessing a communication device connected to the computing device. A presence of one or more nearby devices, with respect to the computing device, is detected through use of the communication device connected to the computing device. A mapping of nearby devices to trust levels may be applied to the one or more nearby devices. In the mapping, each group of one or more nearby devices maps to a trust level of two or more trust levels. An assigned trust level for the transaction is determined, by a computer processor, based on applying the mapping of nearby devices to trust levels. The mapping of nearby devices to trust levels is modified based on the one or more nearby devices detected. The modified mapping is used for future transactions.
    Type: Grant
    Filed: June 22, 2015
    Date of Patent: October 18, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Louis T. Fuka, Susann M. Keohane, James R. Kraemer
  • Patent number: 9467736
    Abstract: An audio/video content receiver being configured to receive media content from a content source by a broadcast data path, the media content being arranged as a plurality of media channels comprises a host module having a tuner configured to assign logical channel indices to the media channels to allow selection, at the host module, of one or more of the media channels for reproduction by selecting the corresponding logical channel index, the host module storing channel association data associating the logical channel indices with the received media channels; and a removable conditional access module (CAM), the CAM having an access control unit for decoding access-controlled encoded broadcast content, the host module and the removable CAM being arranged to provide an encrypted communication link for decoded access-controlled encoded broadcast content between the CAM and the host module; in which: the host module is configured to acquire channel association data via the broadcast data path; the CAM is configure
    Type: Grant
    Filed: November 4, 2015
    Date of Patent: October 11, 2016
    Assignees: SONY CORPORATION, SONY EUROPE LIMITED
    Inventor: David Hill-Jowett
  • Patent number: 9467429
    Abstract: A federated management identity protocol may be used with various protocols such as, for example, the Generic Bootstrapping Architecture (GBA). For example, OpenID Connect may be integrated with GBA such that the GBA protocol implements the authentication functionality of OpenID Connect. In various example embodiments, functionality of the OpenID Connect protocol and GBA may be implemented locally, such as by a secure module within a user equipment.
    Type: Grant
    Filed: November 8, 2013
    Date of Patent: October 11, 2016
    Assignee: InterDigital Patent Holdings, Inc.
    Inventors: Andreas Leicher, Vinod K. Choyi
  • Patent number: 9461817
    Abstract: The confidentiality of JavaScript Object Notation (JSON) message data is secured using an encryption scheme. The encryption scheme implements a JSON encryption syntax, together with a set of processing rules for creating encrypting arbitrary data in JSON messages in a platform/language independent manner. A method for encrypting a data item in a JSON message begins by applying an encryption method and a key to the data item to generate a cipher value. A data object is then constructed that represents an encryption of the data item. The data item in the JSON message is then replaced with the data object, and the resulting modified JSON message is then output from a sending entity. At a receiving entity, information in the data object is used to re-generate the data item, which is then placed back in the original message.
    Type: Grant
    Filed: January 20, 2009
    Date of Patent: October 4, 2016
    Assignee: International Business Machines Corporation
    Inventors: Timothy Walter Moore, Patrick Ryan Wardrop
  • Patent number: 9454671
    Abstract: Providing analytics information from a cloud service includes maintaining an analytics database that is separate from data and servers accessed by users of the cloud service, selectively pushing information from the cloud service to the analytics database, where data and servers accessed by users of the cloud service are inaccessible for direct access by the analytics database, and allowing users limited access to the analytics database, where users of the analytics information that are accessing the analytics database are restricted from accessing data and servers of the cloud service. The analytics database may include a first database of adapted database records and a second database of dynamic logs of service related events. The adapted database records may be initially formed using the data and servers accessed by users of the cloud service prior to being pushed to the analytics database.
    Type: Grant
    Filed: May 13, 2014
    Date of Patent: September 27, 2016
    Assignee: Evernote Corporation
    Inventors: David Engberg, Phil Constantinou
  • Patent number: 9456346
    Abstract: Wireless personal area network (Zigbee, Bluetooth, UWB) and wireless identification technologies (Near Field Communication (NFC), Radio Frequency Identification (RFID)) are implemented in particular client server functions and communications. Connected with an Authentication Server, a wireless HUB authenticates user identification and provides the user with access to secure data communication with a wireless terminal such as a cellular phone or a PDA. A Location Server provides user locations via methods such as RSSI, TDOA, and GPS and sends location information to a Center Control Server and the Authentication Server. With location information, the Center Control Server initiates and optimizes secure information processes and coordinates the functions of servers and user terminals.
    Type: Grant
    Filed: March 5, 2015
    Date of Patent: September 27, 2016
    Assignee: Virginia Innovation Science, Inc
    Inventors: Tiehong A. Wang, Tiejun Wang, Guang Zeng, Ning Wang
  • Patent number: 9443111
    Abstract: Apparatus and method for data security through the use of an encrypted keystore data structure. In accordance with some embodiments, first and second sets of input data are respectively encrypted using first and second encryption keys to form corresponding first and second encrypted data sets. The first and second encryption keys are combined to form a string. A hidden key stored within a system on chip (SOC) is used to encrypt the string to form an encrypted keystore data structure, and the first and second encrypted data sets and the encrypted keystore data structure are stored in a memory.
    Type: Grant
    Filed: February 28, 2014
    Date of Patent: September 13, 2016
    Assignee: Seagate Technology LLC
    Inventors: Manuel A. Offenberg, Monty A. Forehand, Christopher J. DeMattio, KianBeng Lim
  • Patent number: 9445269
    Abstract: Disclosed is a method for terminal identity verification and service authentication. After initiating a service request, the terminal generates a user unique code according to user-specific information in an SIM card, and encrypts a name of the user-specific information, and then transmits the encrypted name of the user-specific information together with the user unique code to a credible cloud control center; a service provider generates a unique code according to its own specific information, and transmits an encrypted name of its own specific information together with the generated unique code to the credible cloud control center; and the credible cloud control center authenticates the terminal and the service provider according to their respective unique codes, and when determining that both of them pass the authentication, transmits a communication code to both of them so that they communicate with each other according to the communication code to complete a current service.
    Type: Grant
    Filed: July 17, 2013
    Date of Patent: September 13, 2016
    Assignee: ZTE CORPORATION
    Inventor: Xiao Jiang
  • Patent number: 9441986
    Abstract: The technology described herein includes a system and/or a method for global hypothesis tracking. In some examples, a method generates one or more paired segments based on track data representing kinematic data of target objects. Each paired segment includes a list of tracks incompatible with the paired segment, which are tracks sharing common track data, and a likelihood score. The method generates a transition probability between each pair of the paired segments based on the list of tracks incompatible with the paired segment and the likelihood score associated with each paired segment. The method further generates one or more multi-segment tracks based on the one or more paired segments also based on the transition probability between each pair of the paired segments.
    Type: Grant
    Filed: April 12, 2013
    Date of Patent: September 13, 2016
    Assignee: Raytheon Company
    Inventors: Brian A. Cronin, Nicholas J. Ploplys, Ray B. Huffaker, Nicholas Sun, Michael Boardman