Pre-loaded With Certificate Patents (Class 713/173)
-
Patent number: 12225139Abstract: A method and device for issuing an identity certificate to a blockchain node in a blockchain network includes issuing a first identity certificate to a first terminal. a second identity certificate issuance request that is from the first terminal and that is made by using the first identity certificate is received and a second identity certificate is issued to the first terminal, which forwards the second identity certificate to a second terminal. A third identity certificate issuance request that is from the second terminal and that is made by using the second identity certificate is received and a third identity certificate is issued to the second terminal, which forwards the third identity certificate to a third terminal.Type: GrantFiled: February 15, 2024Date of Patent: February 11, 2025Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITEDInventors: Mao Cai Li, Zong You Wang, Kai Ban Zhou, Chang Qing Yang, Hu Lan, Li Kong, Jin Song Zhang, Yi Fang Shi, Geng Liang Zhu, Qu Cheng Liu, Qiu Ping Chen
-
Patent number: 12225072Abstract: A system, method, and computer-readable medium are disclosed for performing a data center connectivity management operation. The connectivity management operation includes: providing a data center asset with a data center asset client module, the data center asset client module comprising a file download module, the data center asset client module storing a file block; establishing a connection between the data center asset client module and a connectivity management system, the connectivity management system comprising a connectivity management system aggregator, the connectivity management system aggregator communicating with a file distribution service, the file distribution service communicating with a file tracker service, the location of the software component being maintained by the file tracker service; and, distributing the file block from the data center asset client module to the data center asset client module via the file download module.Type: GrantFiled: July 29, 2022Date of Patent: February 11, 2025Assignee: Dell Products L.P.Inventors: Eric Williams, Dominique Prunier, Christoper Atkinson, Damon G. Earley, Michael E. Brown
-
Patent number: 12147978Abstract: A nameserver receives a request to access a webpage from a client device. The nameserver generates a blockchain query based on the request for querying a domain registrar blockchain storing domain name registration data in smart contracts. The nameserver sends the first blockchain query to the domain registrar blockchain. In response to receiving a nameserver identifier from the domain registrar blockchain, the nameserver retrieves a DNS record for the webpage using the received nameserver identifier. The nameserver then provides information from the retrieved DNS record to the client device to allow the client device to access the webpage.Type: GrantFiled: June 22, 2023Date of Patent: November 19, 2024Assignee: 3DNS, INC.Inventor: Paul Richard Gauvreau, Jr.
-
Patent number: 12124594Abstract: This disclosure relates to, among other things, electronic device security systems and methods. Certain embodiments disclosed herein provide for protection of cryptographic keys and/or associated operations using both an operating system security service and a software-based whitebox cryptographic security service executing on a device. Leveraging operating system security services and software-based whitebox cryptographic security services may provide enhanced security when compared to using either service alone to protect cryptographic keys and associated operations. In additional embodiments, server-side cryptographic security solutions may be further used to enhance device security implementations.Type: GrantFiled: January 6, 2023Date of Patent: October 22, 2024Inventors: Yutaka Nagao, Stephen G. Mitchell, Vishisht Tiwari, Rohaan Advani
-
Patent number: 11966942Abstract: A device may process a message associated with an account to identify a first identifier that identifies a third party. The device may identify a match between the first identifier and transaction information related to an individual associated with the account. The transaction information may include a set of first identifiers that identify a respective set of third parties. The transaction information may facilitate identification of one or more messages that is likely to include account information. The device may tag the message with a second identifier based on the match. The device may receive, from another device, the message based on the message being tagged with the second identifier. The device may process the message to identify the account information related to another account. The device may extract identified account information from the message. The device may perform an action related to extracted account information or the message.Type: GrantFiled: March 13, 2023Date of Patent: April 23, 2024Assignee: Capital One Services, LLCInventors: Dan Givol, Victor Mayaki, Zviad Aznaurashvili
-
Patent number: 11941408Abstract: During a boot-up processing of a computing device, such as an augmented reality wearable device, a static image and a bootup process progress bar may be encoded in a single image file, such as a bitmap image, and displayed in conjunction with updates that are applied to a hardware gamma table at various stages of the bootup process to create the effect of an animated progress bar.Type: GrantFiled: December 2, 2020Date of Patent: March 26, 2024Assignee: Magic Leap, Inc.Inventors: Marshall Charles Capps, Anuroop Suresh Jesu
-
Patent number: 11917084Abstract: Described herein is a system and method for validating media integrity using asymmetric key cryptography utilizing a public/private cryptographic key pair. The private key is kept secret and is known to an originator and/or publisher of a media file. The public key is added to the media file and is used to validate integrity of the media file, that is, that content of the media file (e.g., portion(s), frame(s)) has not been altered since publication of the media file. By validating integrity of the media file, strong proof that the media file came from an owner of the keypair (e.g., had possession of the private key) can be obtained, for example, resolving issues of trust and/or authenticity common in altered content. In some embodiments, information regarding an origin of the content can further be determined.Type: GrantFiled: August 8, 2022Date of Patent: February 27, 2024Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Rebecca Nicole Burke-Aguero, Samuel John Wenker, Andrew Lee Jenks, Isha Sharma
-
Patent number: 11888998Abstract: Techniques for configuring a device with a security context using a security context distribution service are provided. One embodiment receives, from a first device operating on a first network, a request for a security context for the first device, where the request includes a public certificate for the first device. The request is decrypted, and the public certificate is validated. A set of device requirements are determined based on a unique identifier for the first device and device claim information associated with the first device. Embodiments generate a response message that contains at least one Transport Layer Security (TLS) certificate associated with the first network, based on the set of device requirements, where the response message is encrypted using a public key associated with the first device. The response is message is transmitted to the first device.Type: GrantFiled: January 29, 2020Date of Patent: January 30, 2024Assignee: Schneider Electric USA, Inc.Inventors: Victor Danilchenko, Daniel Cohen
-
Patent number: 11876791Abstract: Systems, methods, circuits and computer-readable mediums for message authentication with secure code verification are provided. In one aspect, a system includes a client device storing a code and a security device coupled to the client device. The security device is configured to receive a property of the code generated by the client device, verify correctness of the property of the code based on information associated with an authorized code to determine that the code is authorized, the information being stored within the security device. In response to determining that the code is authorized, the security device enables to access data stored within the security device and generate a property of a message based on the data.Type: GrantFiled: March 30, 2020Date of Patent: January 16, 2024Assignee: Amtel CorporationInventors: Kerry Maletsky, Oscar Sanchez, Nicolas Schieli
-
Patent number: 11868512Abstract: A pattern detector circuit is provided in a security chip, wherein the pattern detector circuit monitors accesses of a plurality of configuration registers, each of the plurality of configuration registers having a corresponding address. In response to receiving from a host a predefined sequence of accesses of the plurality of configuration registers for one or more operations to the plurality of configuration registers, a processor in the pattern detector circuit determines a value indicative of a current version of a netlist for the security chip. The determined value is made available to be obtained by a read operation by the host at a specific configuration register address.Type: GrantFiled: September 4, 2020Date of Patent: January 9, 2024Assignee: CRYPTOGRAPHY RESEARCH, INC.Inventors: Scott C. Best, Christopher Leigh Rodgers
-
Patent number: 11860990Abstract: A system for link device authentication includes a computing device configured to acquire, from an originating device, an identifier of an endpoint device, obtain an endpoint device authentication code corresponding to the identifier, determine, as a function of the identifier, a location of the endpoint device, identify a plurality of link devices, select, from the plurality of link devices, at least a probabilistically verified link device as a function of the location of the endpoint device, and transmit, to the at least a probabilistically verified link device, the endpoint device authentication code.Type: GrantFiled: October 6, 2021Date of Patent: January 2, 2024Inventor: Mark Lawson
-
Patent number: 11836277Abstract: A secure integrated circuit comprises a lower logic layer, and one or more memory layers disposed above the lower logic layer. A security key is provided in one or more of the memory layers for unlocking the logic layer. A plurality of connectors are provided between the one or more memory layers and the lower logic layer to electrically couple the memory layer(s) and lower logic layer.Type: GrantFiled: June 22, 2021Date of Patent: December 5, 2023Assignee: CROSSBAR, INC.Inventor: George Minassian
-
Patent number: 11764975Abstract: A method for validating a digital user certificate of a user by a checking device is provided. The user certificate is protected by a digital signature with an issuer key of an issuance location which issues the user certificate. The method has the steps of: receiving the user certificate in the checking device, checking the user certificate using a certificate path positive list with at least one valid certificate path which is provided to the checking device by at least one positive path server, and confirming the validity of the user certificate if the issuer key of the user certificate can be traced back to a root certificate according to one of the valid certificate paths of the certificate path positive list. Also provided is a system, a checking device, a user device, a positive path server, and a computer program product which are designed to carry out the method for validating a digital user certificate.Type: GrantFiled: December 11, 2019Date of Patent: September 19, 2023Inventors: Rainer Falk, Steffen Fries
-
Patent number: 11764954Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.Type: GrantFiled: December 30, 2019Date of Patent: September 19, 2023Assignee: Apple Inc.Inventors: Wade Benson, Libor Sykora, Vratislav Kuzela, Michael Brouwer, Andrew R. Whalley, Jerrold V. Hauck, David Finkelstein, Thomas Mensch
-
Patent number: 11631074Abstract: In various embodiments, a system, method, and computer readable medium (collectively, the “System”) for authenticating a mobile device configured to initiate payments is provided. The System may be configured to perform operations and/or steps comprising receiving, by the processor and in a secure environment, a secret element. The secret element may be transmitted to the processor (e.g., the issuer system) via a payment terminal. The System may further comprise comparing, by the processor and in the secured environment, the secret element to an issuer element. The issuer element may be linked with a flag that is associated with the transaction account. Moreover, the issuer element may be a data module that corresponds to be is not equal to the secret element. The System may also comprise authorizing, by the processor, a transaction initiated by the mobile device in response to the comparing being a satisfactory comparison.Type: GrantFiled: December 6, 2018Date of Patent: April 18, 2023Assignee: American Express Travel Related Services Company, Inc.Inventor: Alan Clark
-
Patent number: 11574298Abstract: There are provided systems and methods for a payment information autofill mechanism that links a browser application with a user account such that a payment page at the browser application can be automatically filled based on the link. Specifically, the autofill mechanism establishes a link between a browser application running on a user device and a user account associated with the user that is stored at the server. When the user engages with the browser application to conduct a transaction on a merchant website, an application programming interface (API) call can be made to retrieve user virtual card information for automatically populating the payment data fields at the transaction page.Type: GrantFiled: August 18, 2020Date of Patent: February 7, 2023Assignee: PayPal, Inc.Inventors: Rachna Tibrewala, Darshankumar Bhadrasinh Desai, Dinesh Agnello Gomes
-
Patent number: 11552807Abstract: A method includes sending, by a trusted application (TA) entity, a certificate of the TA entity and a private key signature of the TA entity to a target security domain (SD). The certificate and the private key signature enable the target SD to perform trust verification via a server, obtaining, by the TA entity, a first key of the target SD when the trust verification of the TA entity succeeds, and establishing, by the TA entity, a trust relationship with the target SD.Type: GrantFiled: September 18, 2017Date of Patent: January 10, 2023Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Guoqing Li, Xinmiao Chang, Jingqing Mei, Sishan Wang
-
Patent number: 11550933Abstract: This disclosure relates to, among other things, electronic device security systems and methods. Certain embodiments disclosed herein provide for protection of cryptographic keys and/or associated operations using both an operating system security service and a software-based whitebox cryptographic security service executing on a device. Leveraging operating system security services and software-based whitebox cryptographic security services may provide enhanced security when compared to using either service alone to protect cryptographic keys and associated operations. In additional embodiments, server-side cryptographic security solutions may be further used to enhance device security implementations.Type: GrantFiled: March 9, 2021Date of Patent: January 10, 2023Assignee: Intertrust Technologies CorporationInventors: Yutaka Nagao, Stephen G. Mitchell, Vishisht Tiwari, Rohaan Advani
-
Patent number: 11539399Abstract: The exemplary embodiments described herein relate to systems and methods for identifying and authenticating a mobile platform. One embodiment relates to a method comprising receiving, by a mobile platform, a digital certificate from an integrated circuit card (“ICC”) via close-proximity radio communication, verifying the digital certificate with a digital signature stored on the mobile platform, and booting the mobile platform upon verification of the digital certificate of the ICC. A further embodiment relates to a mobile platform, comprising a non-transitory computer readable storage medium storing a digital signature, and a processor receiving a digital certificate from an integrated circuit card (“ICC”) via close-proximity radio communication between the ICC and the mobile platform, verifying the digital certificate with the digital signature, booting the mobile platform upon verification of the digital certificate of the ICC.Type: GrantFiled: March 4, 2013Date of Patent: December 27, 2022Assignee: WIND RIVER SYSTEMS, INC.Inventor: Aric Shipley
-
Patent number: 11310061Abstract: Methods and content consumption devices are disclosed that enable a revocation list to be securely enforced and managed, in terms of enforcing version control and providing granular control of individual capabilities, for example. Aspects also relate to enhanced enforcement control of content consumption control information more generally, for example by enforcing version control of activation messages, and/or granular management of individual capabilities.Type: GrantFiled: November 28, 2018Date of Patent: April 19, 2022Assignee: Nagravision S.A.Inventors: Jean-Bernard Fischer, Patrick Servet, Didier Hunacek
-
Patent number: 11138593Abstract: A method of activating a smart card includes issuing a smart card in a deactivated state such that the smart card is incapable of performing a transaction; receiving an authentication token from a mobile device via a wireless communication of the authentication token from the smart card in the deactivated state to the mobile device; extracting data from the authentication token; confirming the extracted data corresponds to stored data regarding a customer who was issued smart card; and in response to confirming the extracted data, enabling the smart card for a subsequent transaction.Type: GrantFiled: March 4, 2019Date of Patent: October 5, 2021Assignee: Wells Fargo Bank, N.A.Inventor: Peter Ho
-
Patent number: 11095460Abstract: Implementations of this disclosure provide for certificate application operations. An example method includes sending, from a terminal device, a subscription topic name to a gateway to establish a data transmission channel between the terminal device and the gateway; receiving by the terminal device, via the data transmission channel, a certificate installation instruction from a certificate server; generating, by the terminal device, a user certificate request based on the certificate installation instruction; sending the user certificate request to the certificate server; and receiving, via the data transmission channel, a user certificate from the certificate server.Type: GrantFiled: March 11, 2020Date of Patent: August 17, 2021Assignee: Advanced New Technologies Co., Ltd.Inventor: Yawen Wei
-
Patent number: 11082430Abstract: Technology is described for a device registration service for a local computing environment. The device registration service may provide one or more computing hubs within the local computing environment with robust means to authenticate or verify the authority of a computing device (e.g., a computer, a server, a mobile device, smart phone, a tablet), and/or other devices requesting to access to the local computing environment. The device registration service provided by the one or more computing hubs may be used in addition to, in place of, or as a backup to a device management and provisioning services provided remotely from the local computing environment using a service provider environment.Type: GrantFiled: May 31, 2018Date of Patent: August 3, 2021Assignee: Amazon Technologies, Inc.Inventors: Calvin Yue-Ren Kuo, Robert P. Cochran
-
Patent number: 11030682Abstract: Systems and methods for programmatic access of external financial service systems. An application proxy instance is created that simulates an application of an external financial service system. A normalized account request is received for financial data of the external financial service system for a specified account. The normalized account request is provided by an external financial application system by using a financial data API of the financial platform system. Responsive to the normalized account request, communication is negotiated with the external financial service system by using the application proxy instance to access the requested financial data from the external financial service system by using a proprietary Application Programming Interface (API) of the external financial service system. The financial data is provided to the external financial application system as a response to the normalized account request.Type: GrantFiled: April 26, 2019Date of Patent: June 8, 2021Assignee: Plaid Inc.Inventors: William Hockey, Charles Li, Zach Perret
-
Patent number: 10958449Abstract: Implementations of this disclosure provide for certificate application operations. An example method includes sending, from a terminal device, a subscription topic name to a gateway to establish a data transmission channel between the terminal device and the gateway; receiving by the terminal device, via the data transmission channel, a certificate installation instruction from a certificate server; generating, by the terminal device, a user certificate request based on the certificate installation instruction; sending the user certificate request to the certificate server; and receiving, via the data transmission channel, a user certificate from the certificate server.Type: GrantFiled: March 11, 2020Date of Patent: March 23, 2021Assignee: Advanced New Technologies Co., Ltd.Inventor: Yawen Wei
-
Patent number: 10931466Abstract: Implementations of this disclosure provide for certificate application operations. An example method includes sending, from a terminal device, a subscription topic name to a gateway to establish a data transmission channel between the terminal device and the gateway; receiving by the terminal device, via the data transmission channel, a certificate installation instruction from a certificate server; generating, by the terminal device, a user certificate request based on the certificate installation instruction; sending the user certificate request to the certificate server; and receiving, via the data transmission channel, a user certificate from the certificate server.Type: GrantFiled: March 11, 2020Date of Patent: February 23, 2021Assignee: Advanced New Technologies Co., Ltd.Inventor: Yawen Wei
-
Patent number: 10911491Abstract: An aspect includes a computer system with a network encryption device and a trusted container within firmware or hardware and/or within a virtual machine running on the computer system. The network encryption device includes a key store for storing secret encryption keys and a network traffic encryption engine for negotiating and/or storing encryption keys in the key store and/or for encrypting and/or decrypting network traffic using the encryption keys from the key store. The trusted container includes a flow analyzer for analyzing network traffic received from the network encryption device.Type: GrantFiled: November 20, 2017Date of Patent: February 2, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Marco Kraemer, Hoang-Nam Nguyen, Carsten Otte, Christoph Raisch
-
Patent number: 10880294Abstract: In a machine-to-machine/Internet-of-things environment, end-to-end authentication of devices separated by multiple hops is achieved via direct or delegated/intermediated negotiations using pre-provisioned hop-by-hop credentials, uniquely generated hop-by-hop credentials, and-or public key certificates, whereby remote resources and services may be discovered via single-hop communications, and then secure communications with the remote resources may be established using secure protocols appropriate to the resources and services and capabilities of end devices, and communication thereafter conducted directly without the overhead or risks engendered hop-by-hop translation.Type: GrantFiled: September 21, 2018Date of Patent: December 29, 2020Assignee: Convida Wireless, LLCInventors: Vinod Kumar Choyi, Dale N. Seed, Yogendra C. Shah, Quang Ly, William Robert Flynn, IV, Michael F. Starsinic, Shamim Akbar Rahman, Zhuo Chen, Qing Li
-
Patent number: 10671709Abstract: Certain aspects of the present disclosure provide techniques for managing data in a plurality of nodes of a distributed system. Embodiments include storing, by a node of the plurality of nodes, sensitive data in a block of a hash chain. Embodiments further include determining, by the node, that the sensitive data should not be distributed to other nodes of the plurality of nodes. Embodiments further include distributing, by the node, a limited version of the block to the other nodes. The limited version of the block may comprise a hash and a pointer to a previous block of the hash chain, and the limited version of the block may not contain the sensitive data.Type: GrantFiled: January 22, 2018Date of Patent: June 2, 2020Assignee: INTUIT, INC.Inventors: Michael R. Gabriel, Glenn Scott
-
Patent number: 10630488Abstract: Embodiments provide a method and an apparatus for managing an application identifier. The method includes: receiving, by an identifier management apparatus, an application identifier certificate application request sent by a user, and acquiring a user identifier and an application identifier of the user according to the application identifier certificate application request. The method also includes acquiring a feature identifier of the user according to the user identifier, generating an application identifier certificate according to the application identifier and the feature identifier of the user, and sending the application identifier certificate to the user.Type: GrantFiled: April 26, 2017Date of Patent: April 21, 2020Assignee: Huawei Technologies Co., Ltd.Inventors: Yingtao Li, He Wei, Jinbo Ma
-
Patent number: 10601796Abstract: Systems, methods, and computer-readable media for personalizing program credentials are provided. For example, a program credential (e.g., loyalty pass) associated with a program provider (e.g., an issuer) subsystem may be customized using personal data. The personal data can be collected from an electronic device before provisioning the customized program credential on the electronic device for use in a suitable transaction. However, such personal data may not be collected unless an administration entity subsystem is first able to validate the program provider subsystem. The administration entity subsystem can generate tracking data that may be used during the validation and/or provisioning in order to track when program credentials are personalized.Type: GrantFiled: March 17, 2017Date of Patent: March 24, 2020Assignee: APPLE INC.Inventors: Christopher D. Adams, Scott D. Blakesley, Jack K. Chung, George R. Dicker, Glen W. Steele, Katherine B. Skinner, Yousuf H. Vaid
-
Patent number: 10554418Abstract: Provided are a system and method for routing messages in a multi-tenant cloud computing environment based on digital certificates. In one example, a server includes a network interface configured to receive a request and a digital certificate from a network object, where the digital certificate includes a plurality of attributes. The server also includes a processor configured to determine whether the digital certificate is valid, and in response to determining the digital certificate is valid, detect tenant information from an attribute among the plurality of attributes included in the digital certificate. For example, the detected tenant information may identify a tenant of the multi-tenant cloud computing environment. The network interface may be further configured to transmit the request to the multi-tenant cloud computing environment based on the detected tenant information.Type: GrantFiled: June 24, 2016Date of Patent: February 4, 2020Assignee: General Electric CompanyInventors: Atul Chandrakant Kshirsagar, Vineet Banga
-
Patent number: 10515196Abstract: Embodiments of the disclosure implement techniques to create secure Original Equipment Manufacturer (OEM) identifiers. In one embodiment, a processing system is disclosed. The processing system includes a memory to store an Original Equipment Manufacturer (OEM) key and a processing device, operatively coupled to the memory. The processing device is to receive the OEM key for an OEM system as input to a cryptographic hash function. A device key is produced by applying the cryptographic hash function to the OEM key and a global key associated with a vendor of the OEM system. The device key is provided to a security firmware device to authenticate the OEM system.Type: GrantFiled: June 27, 2016Date of Patent: December 24, 2019Assignee: Intel CorporationInventors: Rauno Tamminen, Jari Lukkarila, Uttam Sengupta
-
Patent number: 10333775Abstract: Disclosed herein are systems, devices, and methods for provisioning a local analytics device to interact with a remote computing system on behalf of an asset that is coupled to the local analytics device and that is associated with a particular customer account hosted by the remote computing system.Type: GrantFiled: December 6, 2016Date of Patent: June 25, 2019Assignee: Uptake Technologies, Inc.Inventors: Brad Nicholas, Brett Heliker
-
Patent number: 10305898Abstract: During secure communications between two parties, the identity of the message creator is not always certain. In many cases, the signature of the message is automatically generated by the computer of the sending party. On the other hand, the signature of the received message from the sender indicates only form whose account the message comes, but it may not be the sender himself sending the message. In this patent, we propose the use of a personal attribute to be included in the secure message protocols. This personal attribute could be the personal typing rhythm (keystroke dynamics) of the message originator. This patent defines a methodology and algorithms for two different cases: when the information is encrypted, and when it is not. Also included in this methodology are the cases where a Rhythm Certification Agency (RCA) is used to validate rhythm information, or without an RCA.Type: GrantFiled: April 22, 2018Date of Patent: May 28, 2019Inventor: Carlos Manuel Gonzalez
-
Patent number: 10262158Abstract: A firmware includes a firmware module for copying a digitally signed binary file that includes a firmware globally unique identifier (GUID), tool GUIDs, and feature GUIDs to an Advanced Configuration and Power Management interface (ACPI) table (the Firmware Enabled Tool Registry (FETR) table). If the FETR table is stored in memory, a firmware tool determines whether a digital signature of the signed binary file can be verified. If the digital signature can be verified, the firmware tool determines if the firmware GUID stored in the FETR table matches a firmware GUID stored in another ACPI table. If the firmware GUIDs match, the firmware tool determines whether its tool GUID matches a tool GUID stored in the FETR table. The firmware tool can continue to execute if the tool GUIDs match. Firmware tool features are enabled if feature GUIDs in the FETR table match feature GUIDs of the firmware tool.Type: GrantFiled: July 27, 2017Date of Patent: April 16, 2019Assignee: American Megatrends, Inc.Inventors: Stefano Righi, Paul Anthony Rhea
-
Patent number: 10206103Abstract: Systems and methods of providing a secure access layer in a mobile phone and a computer system coupled to the mobile phone to provide authentication for transmitting data between the phone and the computer system.Type: GrantFiled: August 5, 2016Date of Patent: February 12, 2019Assignee: FUTURE DIAL, INC.Inventor: Benedict Chong
-
Patent number: 10158608Abstract: It is disclosed a method and a constrained resource device (502, 70, 90) for establishing a secret first key between a client device (506) and the constrained resource device. The invention also relates to a method and an authorization server (504, 60, 80) for enabling establishing a secret first key between a client device (506) and the constrained resource device. Based on a secret second key shared (508) between the constrained RD and the AS, the secret first key shared between the constrained resource device and the client device can be established. Devices having constrained resources cannot use protocols with which additional messages are required to share a secure identity. Embodiments of the present invention have the advantage that a secret identity can be established within an authentication protocol and that no additional messages are required to establish the secret identity.Type: GrantFiled: July 2, 2013Date of Patent: December 18, 2018Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventor: Göran Selander
-
Patent number: 10013565Abstract: An information handling system includes a trusted platform module (TPM) and a storage device, the TPM provides boot authentication for the information handling system such that, during a pre-boot phase, the TPM can access a platform configuration register (PCR). During a first instance of the pre-boot phase, the information handling system provides a public/private key pair including a public key and a private key, stores the private key to an encrypted storage of the TPM, seals the private key in the encrypted storage to the PCR, and stores the public key to the storage device. During an operating system phase that is after the first instance of the pre-boot phase, the information handling system retrieves the public key from the storage device, encrypts transfer data using the public key, and stores the encrypted transfer data to the storage device.Type: GrantFiled: August 18, 2014Date of Patent: July 3, 2018Assignee: DELL PRODUCTS, LPInventors: Ricardo L. Martinez, Anand P. Joshi
-
Patent number: 9985939Abstract: In a case in which information about authorization that is identified based on an authorization token issued in an old authentication system satisfies a condition, the old authorization token is updated with a new authorization token.Type: GrantFiled: May 17, 2016Date of Patent: May 29, 2018Assignee: Canon Kabushiki KaishaInventor: Masahito Numata
-
Patent number: 9918226Abstract: The disclosed embodiments related to a first electronic device (such as a cellular telephone) that includes a secure element. In response to a challenge and a request for a secure-element identifier associated with the secure element, which are received from a second electronic device (such as a trusted services manager that loads content onto the secure element), the secure element provides to the second electronic device: the secure-element identifier, a certificate associated with a provider of the secure element, and a digital signature. The digital signature may include a signed version of the challenge and the secure-element identifier, which are encrypted using an encryption key associated with a provider of the secure element. In this way, the second electronic device may certify the secure element.Type: GrantFiled: September 2, 2014Date of Patent: March 13, 2018Assignee: APPLE INC.Inventor: Ahmer A. Khan
-
Patent number: 9471948Abstract: The product unit disclosed herein has identification data that are stored internally in memory. This stored identification data can be viewed as the product unit's “digital nameplate,” in that the data can represent the product unit's identifier, brand, and so on. Each data set is digitally signed while on the production line by using an encryption technique. The digitally signed data set is then written into the product unit's memory where it can be used for verification. A first digitally-signed data set can be used to control the use of one or more software modules that are provided by a software owner. The data that are undergoing signature contain at least one globally-unique identifier, which can be used to identify cloning attempts. Additionally, more than one digital signature can be used, in order to protect and control the use of features other than the software, such as the product brand.Type: GrantFiled: December 8, 2014Date of Patent: October 18, 2016Assignee: Seed Labs Sp. z o.o.Inventors: Maciej Langman, Szymon Slupik, Adam Gembala
-
Patent number: 9450951Abstract: In one embodiment, a device and a services provisioning system establish an over-the-air connection with each other, and perform device posture validation to obtain a unique identification (ID) of the device at the provisioning system. The device and provisioning system then participate in device and user authentication in response to a confirmed unique ID by a backend access control system, where the device generates a secure key pair after successful user authentication. In response to the device being approved for services (e.g., checked by the provisioning system via a registration system), the provisioning system provides a root certificate to the device, and the device sends a certificate enrollment request back to the provisioning system. In response to a certificate authority signing the certificate request, the provisioning system returns a valid certificate to the device, and the valid certificate is installed on the device.Type: GrantFiled: December 29, 2015Date of Patent: September 20, 2016Assignee: Cisco Technology, Inc.Inventors: Plamen Nedeltchev, Helder F. Antunes, David Sisto Iacobacci, Pedro Leonardo, Parag Thakore, Gautam M. Aggarwal, Anuj Sawani
-
Patent number: 9405925Abstract: Applications are stored on removable storage of a mobile device in an encrypted form to provide isolation and piracy protection. In one implementation, each application is encrypted using its own associated encryption key that is generated based on an identifier of the application and a master key that is associated with a trusted platform module of the mobile device. In another implementation, each application is encrypted using two associated encryption keys. One key is used to encrypt binary data associated with the application such as source code, and the other key is used to encrypt application data such as graphics and configuration files. The encryption keys are each generated using the identifier of the application, the master key, and identifiers of the folders where the corresponding data types are stored on the mobile device. The removable storage includes SD cards formatted using the FAT or exFAT file systems.Type: GrantFiled: February 9, 2014Date of Patent: August 2, 2016Assignee: Microsoft Technology Licensing, LLCInventors: David Callaghan, Ravisankar Pudipeddi, Geir Olsen, Sachin Patel, JianMing Zhou, Dylan D'Silva
-
Patent number: 9385871Abstract: An apparatus and method for authenticating a Non-Volatile Memory (NVM) device are provided. A host device that authenticates the NVM device transmits challenge information for authentication to the NVM device, receives pieces of authentication information in response to the challenge information from the NVM device, and authenticates the NVM device using the pieces of authentication information by the host device. The pieces of authentication information are generated based on the challenge information and secret key information stored in the NVM device.Type: GrantFiled: May 23, 2012Date of Patent: July 5, 2016Assignee: Samsung Electronics Co., LtdInventors: Bo-Gyeong Kang, Moon-Sang Kwon
-
Patent number: 9240979Abstract: A method and apparatus for providing an automated key distribution to enable communication between two networked devices. A monitoring device receives a request from a network device to send a certificate using a second secure connection prior to an expiration of a timeout period, wherein the second secure connection was created using a known port in response to determining that a request to create a first secure connection was rejected. The monitoring device sends the certificate to the network device using the second secure connection, and establishes the first secure connection with the network device in response to the network device receiving the public key of the monitoring device from a server system by using the certificate.Type: GrantFiled: January 17, 2014Date of Patent: January 19, 2016Assignee: Red Hat, Inc.Inventor: James Paul Schneider
-
Patent number: 9152794Abstract: A method relating generally to generating a boot image, as performed by an information handling system, for an embedded device is disclosed. This method includes a public key obtained by a boot image generator. A first hash for the public key is generated by the boot image generator. The first hash is provided to a signature generator. A first signature for the first hash is generated by the signature generator. A first partition for the boot image is obtained by the boot image generator. A second hash for the first partition is generated by the boot image generator. The second hash is provided to the signature generator. A second signature for the second hash is generated by the signature generator. The boot image generator and the signature generator are programmed into the information handling system. The boot image includes the public key, the first signature, and the second signature. The boot image is output from the information handling system.Type: GrantFiled: September 5, 2013Date of Patent: October 6, 2015Assignee: XILINX, INC.Inventors: Lester S. Sanders, Yatharth K. Kochar
-
Patent number: 9076000Abstract: An authentication device includes circuitry that holds L (L?2) secret keys si (i=1 to L) and L public keys yi that satisfy yi=F(si) with respect to a set F of multivariate polynomials of n-th order (n?2). The circuitry also performs with a verifier, an interactive protocol for proving knowledge of (L?1) secret keys si that satisfy yi=F(si). The circuitry receives L challenges from the verifier, arbitrarily selects (L?1) challenges from the L challenges received. The circuitry also generates, by using the secret keys si, (L?1) responses respectively for the (L?1) challenges selected, and transmits the (L?1) responses generated.Type: GrantFiled: July 12, 2011Date of Patent: July 7, 2015Assignee: Sony CorporationInventors: Koichi Sakumoto, Taizo Shirai, Harunaga Hiwatari
-
Patent number: 9026794Abstract: An information processing system including a medium where a content to be played is stored; and a playing apparatus for playing a content stored in the medium; with the playing apparatus being configured to selectively activate a playing program according to a content type to be played, to obtain a device certificate correlated with the playing program from storage by executing the playing program, and to transmit the obtained device certificate to the medium; with the device certificate being a device certificate for content types in which content type information where the device certificate is available is recorded; and with the medium determining whether or not an encryption key with reading being requested from the playing apparatus is an encryption key for decrypting an encrypted content matching an available content type recorded in the device certificate, and permitting readout of the encryption key only in the case of matching.Type: GrantFiled: July 11, 2012Date of Patent: May 5, 2015Assignee: Sony CorporationInventors: Kenjiro Ueda, Hiroshi Kuno, Takamichi Hayashi
-
Publication number: 20150121077Abstract: A method and an apparatus for controlling a lock state of an electronic device, and a system therefor are provided. The method includes signing a lock state update request by using a unique key loaded in a confidence region of the electronic device when a lock state change is requested, generating a lock state control request message including the lock state update request, the signed lock state update request, and a certificate of the electronic device, transmitting the generated lock state control request message to a service provider server, and authenticating a lock state update command in a communication processor of the electronic device and updating a state of the communication processor according to the lock state update command when the lock state update command is received from the service provider server.Type: ApplicationFiled: October 24, 2014Publication date: April 30, 2015Inventors: Bumhan KIM, Chankyu HAN, Michael PARK