Having Key Exchange Patents (Class 713/171)
-
Patent number: 11755423Abstract: A data protection method for protecting backup data stored in a data backup device is executed by a mobile device. When the mobile device is included in a trust circle of the data backup device, the mobile device can receive a certified signal, can execute a file manager of a backup APP for loading the backup data, and can generate a first invitation code. Otherwise, the mobile device cannot access the backup data, and displays a code input menu for inputting a second invitation code. The data backup device can certify the first invitation code and the second invitation code for determining whether the mobile device can be added into the trust circle of the data backup device. Therefore, the mobile device included in the trust circle can access the backup data, and the privacy of the backup data can be secured.Type: GrantFiled: February 10, 2022Date of Patent: September 12, 2023Assignee: Vinpower Inc.Inventors: Calvinson Chang, Stanley Chu, Chihhan Chou
-
Patent number: 11754623Abstract: Systems and techniques of the present disclosure may provide remote debugging of an integrated circuit (IC) device while preventing unauthorized access of device intellectual property (IP). A system may include an IC device that generates an encrypted session key and an interface that enables communication between the IC device and a remote debugging site. The interface may enable the IC device to send the encrypted the encrypted session key to initiate a remote debug process, receive an acknowledgement from the remote debugging session, and authenticate the acknowledgement. Further, the interface may enable to the IC device to initiate a secure debug session between the IC device and the remote debugging site.Type: GrantFiled: August 9, 2021Date of Patent: September 12, 2023Assignee: Intel CorporationInventors: Tsvika Kurts, Boris Dolgunov, Vladislav Mladentsev, Ittai Anati, Elias Khoury, Maor Kima, Eran Shlomo, Shay Gueron, William Penner
-
Patent number: 11750385Abstract: A system and a method for an electronic method of authenticating a user to establish a service session the method comprising the steps of receiving an access request at a service provider device from a user device, authenticating a user based on a unique user credential associated with the user, by the service provider, establishing a service session between the user device and the service device.Type: GrantFiled: November 16, 2017Date of Patent: September 5, 2023Assignee: Prisec Innovation LimitedInventor: Cheuk Yiu So
-
Patent number: 11750384Abstract: Generally discussed herein are devices, systems, and methods for binding with cryptographic key attestation. A method can include generating, by hardware of a device, a device public key and a device private key, based on the device private key, signing a first attestation resulting in a signed first attestation, the first attestation claiming the device private key originated from the hardware, based on the device public key and the signed first attestation, registering the device with a trusted authority, generating, by the hardware, a first application private key and a first application public key, and based on the device private key, signing a second attestation resulting in a signed second attestation, the second attestation claiming the first application private key originated from the hardware, and based on the first application public key and the signed second attestation, registering a first application of the device to a first server.Type: GrantFiled: May 27, 2021Date of Patent: September 5, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Prabagar Ramadasse, Yordan Rouskov, Mick Healy, Gaurav Dhawan, Venkata Raghuram Pampana, Aleksandr Tokarev, Marc Shepard, Ramachandra Ravitej Vennapusa
-
Patent number: 11750382Abstract: Methods, systems, and devices for facilitating the automated configuration of one or more new 802.11 access points (APs) are disclosed herein. A cloud server may receive a message associated with a customer account for one or more new APs. The cloud server may associate a first AP of the one or more new APs based on the message. The cloud server may then retrieve a public key associated with the first AP which has a reciprocal private key. The cloud server may send the public key to a gateway (GW) associated with the customer account. The GW may encrypt the GW credentials, such as a password and SSID, into a ciphertext using the public key and then broadcast this information. When the first AP has been powered on it may decrypt the ciphertext using the private key and use the credentials to act as a node in the GW's network.Type: GrantFiled: June 2, 2020Date of Patent: September 5, 2023Assignee: AIRTIES S.A.S.Inventors: Mujdat Pakkan, Metin Ismail Taskin, Irfan Acar, Kivanc Cakmak
-
Patent number: 11750573Abstract: A system for transmitting and receiving data based on a vehicle network and a method therefor are provided. The method includes generating, by a first hardware security module (HSM), a first session key using a first random number and a first fixed key and, encrypting, by a first electric control unit (ECU), a message using the first session. The method also includes generating, by a second HSM, a second session key using a second random number and a second fixed key, and decrypting, by a second ECU, the message using the second session key.Type: GrantFiled: November 2, 2020Date of Patent: September 5, 2023Assignees: Hyundai Motor Company, Kia Motors CorporationInventor: Ho Jin Jung
-
Patent number: 11743030Abstract: Systems and methods that may implement an Oracle-aided protocol for producing and using FHE encrypted data. The systems and methods may initially encrypt and store input data in one encrypted form that is not performed using FHE, which does not substantially increase the size of the data and storage resources required to store the encrypted data. In accordance with the Oracle-aided protocol, the encrypted data is re-encrypted as FHE encrypted data when FHE encrypted data is required.Type: GrantFiled: April 25, 2022Date of Patent: August 29, 2023Inventors: Margarita Vald, Laetitia Kahn, Boaz Sapir, Yaron Sheffer, Yehezkel Shraga Resheff
-
Patent number: 11743725Abstract: A communication system includes a plurality of apparatuses each performing wireless communication with a mobile apparatus. Each of the plurality of apparatuses performs authentication processing for determining whether the mobile apparatus is a mobile apparatus registered beforehand. At least one apparatus of the plurality of apparatuses performs registration processing for obtaining mobile key information to be used for the authentication processing from the mobile apparatus and registering the mobile key information, and sharing processing for transmitting the mobile key information obtained by the registration processing to the other apparatus.Type: GrantFiled: March 22, 2021Date of Patent: August 29, 2023Assignee: KABUSHIKI KAISHA TOKAI RIKA DENKI SEISAKUSHOInventors: Yosuke Ohashi, Keita Sobue, Shingo Mochizuki, Norihiro Shimizu
-
Patent number: 11736272Abstract: A method for a mobile station (STA) is described. The method may be performed to use an identifiable medium access control (MAC) random (IRM) address (IRMA) to associate to an access point (AP). The method includes exchanging one IRM key (IRMK) with the AP for each association of a plurality of associations; determining an IRM hash using the IRMA and the IRMK exchanged with the AP at an immediately previous association of the plurality of associations and/or a temporal element; associating to the AP using the IRMA as a transmitted address (TA); and transmitting an association request including the IRM hash. The transmitted association request triggers the AP to one or both of check a list of stored IRMKs to find one stored IRMK that together with the IRMA produces the IRM hash included in the association request and identify the STA by the one IRMK.Type: GrantFiled: December 1, 2022Date of Patent: August 22, 2023Assignee: SR Technologies, Inc.Inventors: Graham K. Smith, Olivia Turner
-
Patent number: 11736273Abstract: Embodiments described herein relate to credential wrapping for secure transfer of electronic SIMs (eSIMs) between wireless devices. Transfer of an eSIM from a source device to a target device includes re-encryption of sensitive eSIM data, e.g., eSIM encryption keys, financial transaction credentials, transit authority credentials, and the like, using new encryption keys that include ephemeral elements applicable to a single, particular transfer session between the source device and the target device. The sensitive eSIM data encrypted with a symmetric key (Ks) is re-wrapped with a new header that includes a version of Ks encrypted with a new key encryption key (KEK) and information to derive KEK by the target device. The re-encrypted sensitive SIM data is formatted with additional eSIM data into a new bound profile package (BPP) to transfer the eSIM from the source device to the target device.Type: GrantFiled: August 16, 2022Date of Patent: August 22, 2023Assignee: Apple Inc.Inventors: Xiangying Yang, Jean-Marc Padova
-
Patent number: 11729169Abstract: Systems and methods for network security are provided. Various embodiments issue single use certificates for validating remote endpoints access to the private network. Some embodiments use a triage zone (or triage gateway) to which remote device can calls into using a static issued certificate. However, instead of granting complete access to the virtual private network, the use of this static certificate only grants access to the triage zone where further validation of the endpoint without any access to sensitive content on the private network. The endpoint can be connected to an ID manager within the triage zone. The endpoint can then send the username and password to the ID manager that can create a single use certificate (e.g., valid for a limited period of time). While valid, the single use certificate can be used by the remote device to gain access to the production zone using a VPN tunnel.Type: GrantFiled: December 17, 2021Date of Patent: August 15, 2023Assignee: SailPoint Technologies, Inc.Inventors: Cameron Williams, Ryan Privette, Christopher Chad Wheeler, Andrew John Cer, Joseph Nathan Zendle
-
Patent number: 11728972Abstract: Embodiments described herein enable the generation of cryptographic material for ranging operations in a manner that reduces and obfuscates potential correlations between leaked and secret information. One embodiment provides for an apparatus including a ranging module having one or more ranging sensors. The ranging module is coupled to a secure processing system through a hardware interface to receive at least one encrypted ranging session key, the ranging module to decrypt the at least one encrypted ranging session key to generate a ranging session key, generate a sparse ranging input, derive a message session key based on the ranging session key, and derive a derived ranging key via a key derivation cascade applied to the message session key and the sparse ranging input, the derived ranging key to encrypt data transmitted during a ranging session.Type: GrantFiled: June 24, 2022Date of Patent: August 15, 2023Assignee: Apple Inc.Inventors: Yannick L. Sierra, Zhimin Chen, Thomas Icart
-
Patent number: 11720891Abstract: A method for implementing zero-knowledge private key management for decentralized applications on a client device including registering an account with a verifier server, initializing a wallet, generating a public key and a private key, encrypting the private key with a zero-knowledge encryption function, producing an encrypted private key, transmitting the encrypted private key to the verifier server, removing the private key from the decentralized client application, sending a transaction request to a decentralized application, receiving a raw transaction, requesting and receiving the encrypted private key from the verifier server, decrypting the encrypted private key with a zero-knowledge decryption function, signing the raw transaction with the decrypted private key, transmitting the signed transaction to the decentralized application, and removing each of the encrypted private key and the decrypted private key from the client application.Type: GrantFiled: December 7, 2021Date of Patent: August 8, 2023Inventor: Vijay Madisetti
-
Patent number: 11722473Abstract: A communication device of a communication network receives, via a network, a challenge, generates a first Diffie Hellman, DH, parameter, a first verification code for the first DH parameter, forwards the challenge or a derivative thereof to an identity module, receives at least one result parameter as response from the identity module, determines, based on the result parameter, whether the first DH parameter is authentic, and if the first DH parameter is authentic, generates and sends a second DH parameter to the network device for session key generation based on the first DH parameter and the second DH parameter.Type: GrantFiled: February 23, 2021Date of Patent: August 8, 2023Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Mats Näslund, Bengt Sahlin, Karl Norrman, Jari Arkko
-
Patent number: 11716321Abstract: A communication network employing a method and system for secure access from a security device at a local network location to a remote network location are disclosed. At the security device having a unique identifier (UID), processor, and memory, a security software is obtained from a remote network location, the security software obtaining a personal identification number (PIN) of a user, and the UID of the security device. The PIN, the UID and the private security software are forwarded to the remote network location for generating a credential code, including encrypting the credential code. At the security device, the credential code is obtained from the remote network location, and authenticity of the PIN and the UID is verified, without communicating over a network, including decrypting the credential code. Upon verifying the authenticity of the PIN and the UID, access credentials to the remote network location are retrieved.Type: GrantFiled: June 4, 2021Date of Patent: August 1, 2023Assignee: INBAY TECHNOLOGIES INC.Inventors: Nicolas Johannes Sebastian Bettenburg, Randy Kuang
-
Patent number: 11716615Abstract: In an aspect, a network supporting a number of client devices includes a network device that generates a context for a client device. The client device context may include network state information for the client device that enables the network to communicate with the client device. The client device may obtain, from a network device that serves a first service area of the network, information that includes a first client device context. The client device may enter a second service area of the network served by a second network device. Instead of performing a service area update procedure with the network, the client device may transmit a packet in the different service area with the information that includes the client device context. The client device may receive a service relocation message including information associated with the different network device in response to the transmission.Type: GrantFiled: March 20, 2020Date of Patent: August 1, 2023Assignee: QUALCOMM IncorporatedInventors: Soo Bum Lee, Gavin Bernard Horn, Anand Palanigounder
-
Patent number: 11706622Abstract: Methods, systems, and media for protected near-field communications are provided. In some embodiments, the method comprises: receiving, from an NFC tag device, a request for an NFC reader device identifier (ID); transmitting the NFC reader device ID to the NFC tag device; receiving an NFC tag device ID; determining whether the NFC tag device ID matches an NFC tag device ID stored in memory of the NFC reader device; in response to determining that the NFC tag device ID matches the NFC tag device ID, transmitting a password to the NFC tag device; receiving, from the NFC tag device, a shared secret; determining whether the received shared secret matches a shared secret stored in the memory of the NFC reader device; and in response to determining that the received shared secret matches the shared secret, causing an action to be performed by a device associated with the NFC reader device.Type: GrantFiled: May 31, 2022Date of Patent: July 18, 2023Assignee: McAfee, LLCInventor: Eoin Carroll
-
Patent number: 11706202Abstract: Examples described herein include systems and methods for performing distributed encryption across multiple devices. An example method can include a first device discovering a second device that shares a network. The device can identify data to be sent to a server and calculate a checksum for that data. The device can then split the data into multiple portions and send a portion to the second device, along with a certificate associated with the server for encrypting the data. The first device can encrypt the portion of data it retained. The first device can receive an encrypted version of the second portion of the data sent to the second device. The first device can merge these two portions and send the merged encrypted data to the server, along with the checksum value. The server can decrypt the data and confirm that it reflects the original set of data.Type: GrantFiled: January 25, 2021Date of Patent: July 18, 2023Assignee: VMware, Inc.Inventors: Suman Aluvala, Ramani Panchapakesan, Rajneesh Kesavan, Arjun Kochhar
-
Patent number: 11698982Abstract: Systems and methods for securing user location data are described. A method includes receiving, by a location server computer, an encrypted location from a mobile device. The encrypted location is a location of the mobile device encrypted with a public key. The method then includes receiving, by the location server computer, a location request message from an interaction processing server and partially decrypting, by the location server computer, the encrypted location with a first private key share to form a partially decrypted location. The method further includes transmitting, by the location server computer to the interaction processing server, a location response message with the encrypted location and the partially decrypted location. The interaction processing server then uses the partially decrypted location and the second private key share to form a decrypted location.Type: GrantFiled: September 3, 2021Date of Patent: July 11, 2023Assignee: Visa International Service AssociationInventors: Oleg Gryb, Akshay Bhaskaran, Ravi Krishnan Muthukrishnan
-
Patent number: 11696121Abstract: Briefly, in accordance with one or more embodiments, an apparatus of a user equipment (UE), comprises one or more baseband processors to derive a dynamic scrambling key, and a memory to store the dynamic scrambling key and a temporary UE identifier (temporary UE ID) assigned to the UE. The one or more baseband processors monitor a paging request for a scrambled UE identifier (UE ID) to determine if the paging request is intended for the UE by unscrambling the scrambled UE ID with the dynamic scrambling key to produce the temporary UE ID. The paging request is intended for the UE if the temporary UE ID produced by unscrambling the scrambled UE ID matches the temporary UE ID stored in the memory. A new dynamic scrambling key may be derived each time the UE returns to a radio resource control idle (RRC_IDLE) state.Type: GrantFiled: May 3, 2017Date of Patent: July 4, 2023Assignee: Apple Inc.Inventors: Sudeep M. Vamanan, Robert Zaus, Birgit Breining, Chen Ho Chin, Hyung-Nam Choi
-
Binding a public cloud user account and a personal cloud user account for a hybrid cloud environment
Patent number: 11689629Abstract: Binding a public cloud account and a personal cloud account is described. A pre-approval list indicates that a user's public cloud account and personal cloud account are approved for binding. A copy of the pre-approval list is stored on the personal cloud device; another copy is stored on the public cloud service. The user logs into the public cloud account using a client device. Based on the pre-approval list stored on the public cloud service, the client device obtains information identifying the user's personal cloud account. The personal cloud device verifies the pre-approval of the binding based on the pre-approval list stored on the personal cloud device. The personal cloud device transmits a verification to the public cloud service. Each of the public cloud service and the personal cloud device stores information indicating the binding.Type: GrantFiled: September 10, 2021Date of Patent: June 27, 2023Assignee: Latticework, Inc.Inventor: Pantas Sutardja -
Patent number: 11682038Abstract: Methods and systems for serving advertisement objects on an advertising platform are disclosed. The advertising platform detects invalid activity related to advertisement objects served in response to a request, and identifies a source associated with the invalid activity. In response to detection of the invalid activity, at least one decoy advertisement object is served in response to further requests originating from the identified source. The decoy advertisement object is an advertisement object that is processed by the advertising platform differently from regular advertisement objects that are served by the advertising platform in response to requests from other sources.Type: GrantFiled: December 4, 2020Date of Patent: June 20, 2023Assignee: SHOPIFY INC.Inventors: Marek Kudlacz, Peter James McCracken
-
Patent number: 11683390Abstract: Systems and methods for a publish-subscribe broker network that distributes data packets between authorized entities and includes one or more publish-subscribe brokers. Each publish-subscribe broker is reachable by an entity attempting to connect thereto via a transport network configured to transport IP packets. The publish-subscribe brokers are configured to check credentials of entities attempting to connect to the publish-subscribe broker network and ensure that first and second entities are authorized for publishing packets on the secured named channel or for receiving published packets via the secured named channel. Cipher keys are used by the first and second authorized entities to encrypt and decrypt messages distributed via the publish-subscribe broker network and the publish-subscribe brokers are configured to route encrypted messages as data packets on behalf of the first authorized entity to the second authorized entity using the secured named channel.Type: GrantFiled: September 16, 2020Date of Patent: June 20, 2023Assignee: All Purpose Networks, Inc.Inventors: Harvey Rubin, John Grossmann
-
Patent number: 11677569Abstract: A method, system, and apparatus for managing digital certificates, managing a certificate authority (CA), and cross-referencing CA hierarchies. The method includes receiving, by a processor of a CA computing system, at least one of a digital certificate generation request and a digital certificate revocation from a user via a user computing device, the digital certificate generation request including a user public key and a user identity. The method further includes generating a digital certificate for the user and signing the digital certificate with a CA private key, wherein the CA private key is associated with a known CA public key. The method further includes publishing the digital certificate signed with the CA private key to a digital certificate blockchain, determining a certificate status of the digital certificate, and publishing an update to the digital certificate blockchain to reflect the certificate status of the digital certificate.Type: GrantFiled: November 13, 2020Date of Patent: June 13, 2023Assignee: Wells Fargo Bank, N.A.Inventors: David V. Duccini, Phillip H. Griffin, Jeffrey J. Stapleton
-
Patent number: 11671499Abstract: Systems and methods of an internet of things device connecting to a remote server. The internet of things device connects to a web target. The web target sends a response to the internet of things device indicating whether a change to the one or more settings of the internet of things device has been received at a cloud server. If a change has occurred, the internet of things device connects to a secure cloud server to update the settings on the internet of things device.Type: GrantFiled: September 13, 2019Date of Patent: June 6, 2023Assignee: Spectrum Brands, Inc.Inventors: James Creighton Hart, Michael Walker
-
Patent number: 11669544Abstract: A client can allocate and reassociate unique identifiers to local content items associated with an account at a content management system, and use the unique identifiers to commit operations for the content items on the content management system. For example, a client can create a content item and determine the content item does not have an identifier from the content management system. The client obtains an identifier for the content item and asks the content management system to verify a uniqueness of the identifier. When the identifier is unique, the client adds a node corresponding to the content item to a local tree representing a state at the client of content items associated with the account, and uploads the content item with the identifier to the content management system. When the identifier is not unique, the client obtains a new identifier for the content item.Type: GrantFiled: August 12, 2020Date of Patent: June 6, 2023Assignee: Dropbox, Inc.Inventors: Isaac Goldberg, John Lai, Sujay Jayakar
-
Patent number: 11663521Abstract: Described herein are systems and techniques for privacy-preserving unsupervised learning. The disclosed system and methods can enable separate computers, operated by separate entities, to perform unsupervised learning jointly based on a pool of their respective data, while preserving privacy. The system improves efficiency and scalability, while preserving privacy and avoids leaking a cluster identification. The system can jointly compute a secure distance via privacy-preserving multiplication of respective data values x and y from the computers based on a 1-out-of-N oblivious transfer (OT). In various embodiments, N may be 2, 4, or some other number of shares. A first computer can express its data value x in base-N. A second computer can form an ×N matrix comprising random numbers mi,0 and the remaining elements mi,j=(yjNi-mi,0) mod . The first computer can receive an output vector from the OT, having components mi=(yxi Ni-mi,0) mod .Type: GrantFiled: November 6, 2019Date of Patent: May 30, 2023Assignee: VISA INTERNATIONAL SERVICE ASSOCIATIONInventors: Payman Mohassel, Ni Trieu
-
Patent number: 11665532Abstract: A method of a wireless private gateway securely obtaining a communication link to another wireless private gateway is provided. The method comprises transmitting a request for a first partial identifier of a relay wireless private gateway by an application executing on a first wireless private gateway to a second wireless private gateway, receiving the first partial identifier, transmitting a request for a second partial identifier of the relay wireless private gateway to a third wireless private gateway, receiving the second partial identifier, concatenating the first partial identifier and the second partial identifier to form a complete identifier of the relay wireless private gateway by the application, and transmitting a request to establish a communication link with the relay wireless private gateway by the application to the relay wireless private gateway, wherein the request to establish the communication link comprises the complete identifier of the relay wireless private gateway.Type: GrantFiled: January 28, 2022Date of Patent: May 30, 2023Assignee: T-Mobile Innovations LLCInventors: Lyle W. Paczkowski, David Hufker, George Jason Schnellbacher, Michael David Svoren, Jr.
-
Patent number: 11659002Abstract: Systems and methods for enabling Media Access Control Security (MACsec) at a MAC layer, according to IEEE 802.1AE, and extending MACsec are provided. An edge device, according to one implementation, includes one or more User-to-Network Interface (UNI) ports and a plurality of Network-to-Network Interface (NNI) ports. The edge device also includes a processing device and a memory device configured to store a computer program having instructions. The instructions, when executed, allow the processing device to provide network security on a Media Access Control (MAC) layer, the network security defined by the MAC Security (MACsec) protocol. The instructions also allow the processing device to provide network path protection by enabling packet routing over multiple paths via the plurality of NNI ports on a network layer.Type: GrantFiled: May 4, 2021Date of Patent: May 23, 2023Assignee: Ciena CorporationInventors: Hossein Baheri, Manoj Velliangiri, Pramod Kumar Aggarwal
-
Patent number: 11658815Abstract: In certain embodiments, shares related to an output of a function having multiple shares of a secret as input may be computed. In some embodiments, with respect to initial key shares of a key that are collectively held by multiple parties, an output of an arithmetic function (performed on an initial key share of the initial key shares) may be received from each of the multiple parties. The outputs from the multiple parties may be provided as input for a Multi-Party Computation (MPC) process, where the MPC process outputs final key shares in connection with the outputs from the multiple parties being provided as input for the MPC process. With respect to each party of the multiple parties, a final key share of the final key shares may be sent to the party.Type: GrantFiled: August 3, 2020Date of Patent: May 23, 2023Assignee: Coinbase IL RD Ltd.Inventor: Samuel Ranellucci
-
Patent number: 11652614Abstract: A method including determining, by a user device, an assigned key pair including an assigned public key and an associated assigned private key; determining, for content to be encrypted, an access key pair including an access public key and an associated access private key; encrypting the access private key by utilizing the assigned public key; encrypting a randomly generated key by utilizing the access public key; and encrypting content utilizing the randomly generated key. Various other aspects are contemplated.Type: GrantFiled: October 1, 2021Date of Patent: May 16, 2023Assignee: UAB 360 ITInventor: Mindaugas Valkaitis
-
Patent number: 11652607Abstract: Features for providing a secure method of symmetric encryption for private smart contacts among multiple parties in a private peer-to-peer network. The features include a master key representing a unique blockchain ledger. The master key may be shared among multiple participants in a private peer-to-peer network. Sharing of the master key may include communicating the master key in an encrypted message (e.g., email) using public key infrastructure (PKI). In some implementations, more complex distribution features may be includes such as quantum entanglement. The features support instantiation of a smart contract using a specific master key. The request may be submitted as an entry to the ledger with appropriate metadata and/or payload information for identifying and processing the request.Type: GrantFiled: July 28, 2020Date of Patent: May 16, 2023Assignee: Experian Information Solutions, Inc.Inventors: Vijay Mehta, Alexander Phan
-
Patent number: 11645422Abstract: An example operation may include one or more of marking a document, by a user node, to be included into a collection of documents, determining, by the user node, a business process step associated with the document based on a user mark, and executing a transaction to store a hash of the document onto a ledger of a blockchain, wherein a Merkle tree hash is generated and tagged on the ledger with details of the business process step.Type: GrantFiled: February 12, 2020Date of Patent: May 9, 2023Assignee: International Business Machines CorporationInventors: Yedendra Shrinivasan, Krishna Chaitanya Ratakonda, Ramesh Gopinath
-
Patent number: 11645685Abstract: The disclosed systems can regulate access to an online mode for a dynamic transportation matching system. For example, based on a provider efficiency parameter associated with the dynamic transportation matching system, the disclosed systems can prevent a transportation provider device from switching to the online mode within a geographic area. In addition, the disclosed systems can detect a pattern of behavior and, based on a comparison between the pattern of behavior and a behavioral threshold, cause a transportation provider device to switch from the online mode to an offline mode. Further, the disclosed systems can provide a map interface that indicates where a transportation provider device can switch from the offline mode to the online mode. Additionally, the disclosed systems can determine priorities associated with transportation provider devices and, based on the prioritization, selectively allow the transportation provider devices to switch from the offline mode to the online mode.Type: GrantFiled: November 1, 2019Date of Patent: May 9, 2023Assignee: Lyft, Inc.Inventors: Helen Wai-Quen Bentley, Aidan Church, John Torres Fremlin, Matthew Lawrence Green, Mayank Gulati, Yilei Li, Demitri Nava, Mengqi Niu, Daniel Allen Sullivan, Garrett van Ryzin, Rachel Marie Wasko, Shashi Kant Sharma
-
Patent number: 11641670Abstract: According to one embodiment, a wireless communication device includes: a receiver that configured to receives a first frame; and a transmitter that configured to transmits a second frame including a first identifier and acknowledgement information on the first frame, the first identifier being extracted from a predetermined field of the first frame and being different from a source address of the first frame.Type: GrantFiled: December 27, 2021Date of Patent: May 2, 2023Assignee: TOSHIBA ELECTRONIC DEVICES & STORAGE CORPORATIONInventors: Tomoko Adachi, Masahiro Sekiya, Takeshi Tomizawa, Daisuke Taki, Masaaki Ikuta, Tomoya Suzuki
-
Patent number: 11637704Abstract: Various embodiments provide a method and an apparatus for determining a trust status of a TPM, and a storage medium, and pertains to the field of data security technologies. In those embodiments, a verifier send an unsealing request to a host, so that the host unseals current PCR values in the TPM based on a seal key handle carried in the unsealing request, and sends verification information to the verifier based on the unseal verification key obtained after the unsealing. Therefore, any verifier that establishes an encrypted channel with the host can determine the trust status of the TPM in the host based on a second verification key transmitted on the encrypted channel, and there is no need to pre-deploy a remote attestation server to determine the trust status of the TPM.Type: GrantFiled: June 22, 2020Date of Patent: April 25, 2023Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Fanglong Men, Honglei Wang, Fangzhan Li
-
Patent number: 11632254Abstract: There is disclosed in one example a home router, including: a hardware platform including a processor and a memory; a local area network (LAN) interface; a data store including rules for domain name-based services; and instructions encoded within the memory to instruct the processor to: provision a certificate and key pair to provide domain name system (DNS) over hypertext transfer protocol secure (DoH) or DNS over transport layer security (DoT) services; receive on the LAN interface an encrypted DNS request; decrypt the DNS request; query the data store according to the DNS request; receive a rule for the DNS request; and execute the rule.Type: GrantFiled: June 12, 2020Date of Patent: April 18, 2023Assignee: McAfee, LLCInventors: Tirumaleswar Reddy Konda, Shashank Jain, Himanshu Srivastava
-
Patent number: 11621945Abstract: A system/method for secure communication between client devices includes receiving a request, at a secure communication platform, from a from a first client device to communicate with a second client device; determining, by the secure communication platform, whether the first client device is permitted to communicate with the second client device; if communication is permitted: generating, by the secure communication platform, a one-time use ephemeral key; transmitting, by the secure communication platform, the generated one-time use ephemeral key to the first and second client devices; establishing, by the secure communication platform, a secure communication session directly between the first and second client devices, wherein communications between the first and second client devices are encrypted and decrypted using the one-time use ephemeral key; and destroying, by the secure communication platform, the one-time use ephemeral key upon termination of the secure communication session between the first andType: GrantFiled: February 19, 2021Date of Patent: April 4, 2023Assignee: SDSE NETWORKS, INCInventors: Dennis Vance Pollutro, Viji Bettadapura, Charles Illingworth, Saroop Mathur, John Zavgren
-
Patent number: 11616767Abstract: Systems and methods for encrypted storage device telemetry data are described. Storage device telemetry data may be collected for a telemetry message, such as a non-volatile memory express (NVMe) telemetry command, and encrypted using a first encryption key. The first encryption key may be encrypted using one or multiple second encryption keys and the encrypted first encryption key may be added to the telemetry message. A client system may receive the telemetry message, decrypt the encrypted first encryption key, and use the first encryption key to decrypt the encrypted storage device telemetry data.Type: GrantFiled: February 23, 2021Date of Patent: March 28, 2023Assignee: Western Digital Technologies, Inc.Inventors: Daniel Helmick, Timothy Hallett
-
Patent number: 11611558Abstract: A method for integrating third-party encryption managers with cloud services includes receiving, at data processing hardware, an operation request requesting a cryptographic operation on data comprising an encryption operation or a decryption operation. When the operation is an encryption operation, the method includes transmitting a data encryption key associated with the data to a remote entity. The remote entity encrypts the data encryption key with a key encryption key and transmits the encrypted data encryption key to the data processing hardware. When the operation is a decryption operation, the method includes transmitting the encrypted data encryption key to the remote entity which causes the remote entity to decrypt the encrypted data encryption key with the key encryption key and transmit the decrypted data encryption key and transmit to the data processing hardware.Type: GrantFiled: November 13, 2019Date of Patent: March 21, 2023Assignee: Google LLCInventors: Il-Sung Lee, Sidharth Durgesh Telang, Jimmy C. Chau, Timothy Matthew Dierks, Ariel Joseph Feldman, Hunter James Freyer, Netanel Keidar, Gregory David Laun, Tianyuan Liu, Pedro Henrique Ribeiro Morais e Silva, Aditya Sinha, Xioalan Zhang
-
Patent number: 11611539Abstract: A method, apparatus and computer program product are provided for encrypting and decrypting data using multiple authority keys including receiving, from a first computing device, a data decrypt request to decrypt encrypted data, the data decrypt request comprising a user key, determining that the user key is associated with a key hierarchy that comprises a server key, decrypting the server key using the user key, decrypting the encrypted data using the decrypted server key and permitting access to the decrypted data by the first computing device.Type: GrantFiled: December 16, 2019Date of Patent: March 21, 2023Assignee: Auth9, Inc.Inventors: Hongjun Li, Ning Xu
-
Patent number: 11606840Abstract: In embodiments of the present disclosure, there is provided an approach for connecting an access point (AP) to a mesh network. According to embodiments of the present disclosure, an AP in a recovery mode transmits its identity information to a mesh portal (MPP) in the mesh network via an unsecured connection between the AP and the MPP. Upon a successful verification by the MP, the AP establishes a secured connection with a trusted server to obtain configuration information. The configuration information is used by the AP to establish a mesh link with an MPP or MP in the mesh network automatically. Accordingly, the AP switches from the recovery mode to a normal mode. Embodiments of the present disclosure provide an effective way for deploying and/or recovering an AP in a mesh network, which is more secure and requires no manual operation.Type: GrantFiled: March 6, 2020Date of Patent: March 14, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Junyu Pei, Xiaohang Wei, Haiming Wang
-
Patent number: 11601808Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.Type: GrantFiled: August 31, 2020Date of Patent: March 7, 2023Assignee: Cisco Technology, Inc.Inventors: Eliot Lear, Owen Friel, Max Pritikin
-
Patent number: 11601261Abstract: A unique transaction key (Tk) is established amongst multiple entities using a common hardware security module (HSM) with a common HMAC key (HK) and transaction scheme name (T). The transaction key (Tk) can be used for various cryptographic functions (e.g. encryption, MAC, HMAC, key management) with one or more messages at the transaction or session level.Type: GrantFiled: November 22, 2021Date of Patent: March 7, 2023Assignee: Wells Fargo Bank, N.A.Inventors: Phillip H. Griffin, Jeffrey J. Stapleton
-
Patent number: 11599335Abstract: A vehicle includes: at least one memory configured to store at least one default Instruction Structure Key (ISK), a generated ISK, and a pin code of the vehicle; and at least one processor. The at least one default ISK may include a first default ISK and a second default ISK. The processor may generate a random number using the first default ISK, receive the second default ISK encrypted with the generated ISK generated based on the pin code, and determine the generated ISK as an encryption key for encryption communication of the vehicle when the generated random number and the random number corresponding to the second default ISK are the same.Type: GrantFiled: October 2, 2019Date of Patent: March 7, 2023Assignees: Hyundai Motor Company, Kia Motors CorporationInventors: Jihye Lee, Kyuhwan Chin, Dong June Song, Jaekwon Jung, Yongho Shin, Sinjung Kim, Beom Choon Park, SeokHan Lee
-
Patent number: 11595442Abstract: A method includes establishing a multi-link security association between a transmitter upper Media Access Control (MAC) logic entity of a transmitter and a receiver upper MAC logic entity of a receiver. The transmitter includes one or more transmitter links. The receiver includes one or more receiver links.Type: GrantFiled: September 21, 2020Date of Patent: February 28, 2023Assignee: SEMICONDUCTOR COMPONENTS INDUSTRIES, LLCInventor: Huizhao Wang
-
Patent number: 11595360Abstract: A method for hosted payload operations comprises transmitting, by a hosted payload (HoP) operation center (HOC), encrypted hosted commands to a host spacecraft operations center (SOC). The method further comprises transmitting, by the host SOC, encrypted host commands and the encrypted hosted commands to a vehicle. Also, the method comprises reconfiguring a host payload according to unencrypted host commands, and reconfiguring a hosted payload according to unencrypted hosted commands. Additionally, the method comprises transmitting host payload data to a host receiving antenna. Also, the method comprises transmitting hosted payload data to a hosted receiving antenna and/or the host receiving antenna. Additionally, the method comprises transmitting, by a host telemetry transmitter, encrypted host telemetry to the host SOC; and transmitting, by a hosted telemetry transmitter, encrypted hosted telemetry to the host SOC.Type: GrantFiled: June 17, 2020Date of Patent: February 28, 2023Assignee: The Boeing CompanyInventors: Yi-Feng James Chen, Haig F. Krikorian, Robert J. Winig, Jonathan Fish, Craig Benjamin
-
Patent number: 11595189Abstract: A method for secure key exchange. The method comprises receiving a request to certify a key from a communication partner at an interface between an access and tamper resistant circuit block and exposed circuitry. Within the access and tamper resistant circuit block, a first random private key is generated. A corresponding public key of the first random private key is derived, and a cryptographic digest of the public key and attributes associated with the first random private key is generated. The generated cryptographic digest is signed using a second random private key that has been designated for signing by one or more associated attributes. The public key and the signature are then sent to the communication partner via the interface.Type: GrantFiled: October 27, 2020Date of Patent: February 28, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Avdhesh Chhodavdia, Ling Tony Chen, Felix Stefan Domke, Kambiz Rahimi, Jay Scott Fuller
-
Patent number: 11593492Abstract: At least a static analysis and a dynamic analysis to perform for a first software application are determined based, at least in part, on a profile of the first software application. The first software application is analyzed with the static analysis to generate static analysis results. The first software application is analyzed with dynamic analysis to generate dynamic analysis results. An assessment report is generated based on the static analysis results and the dynamic analysis results, wherein the assessment report indicates a security score of the first software application that is based, at least in part, on the static analysis results and the dynamic analysis results.Type: GrantFiled: August 7, 2020Date of Patent: February 28, 2023Assignee: Veracode, Inc.Inventors: Christopher J. Wysopal, Christopher J. Eng
-
Patent number: 11588637Abstract: Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. A secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. The user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key, which can be used to generate a cryptogram for conducting secure communications.Type: GrantFiled: May 5, 2021Date of Patent: February 21, 2023Assignee: Visa International Service AssociationInventors: Eric Le Saint, James Gordon, Roopesh Joshi