By Generation Of Certificate Patents (Class 713/175)
  • Patent number: 10680831
    Abstract: In general, the disclosure describes examples where a single software-defined network (SDN) controller establishes tunnels and controls communication on these tunnels between a plurality of virtual computing environments (VCEs). The SDN controller establishes the logical tunnel mesh to interconnect the plurality of VCEs in the multi-cloud network via respective connect gateway routers. To establish the logical tunnel mesh, the SDN controller is configured to determine one or more logical tunnels from the logical tunnel mesh to establish one or more communication links between a first VCE and a second VCE of the plurality of VCEs in the multi-cloud network. The SDN controller is configured to advertise the one or more logical tunnels to the first VCE and the second VCE.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: June 9, 2020
    Assignee: Juniper Networks, Inc.
    Inventor: Sanju C. Abraham
  • Patent number: 10681148
    Abstract: The systems and methods described herein can enable the selection of customized content in networked systems that prevent the transfer of session data between different domains. The systems and methods described herein enable the exchange of data between third-party entities that would be blocked in networked systems that prevent cross-domain data exchange. The systems and methods can provide multi-sourced content without sacrificing security of the client device and browser environment.
    Type: Grant
    Filed: April 24, 2018
    Date of Patent: June 9, 2020
    Assignee: Google LLC
    Inventors: Gang Wang, Yian Gao
  • Patent number: 10681143
    Abstract: A system, method, node, user equipment and computer program for establishment of a secure connection between a user equipment (100) and a media gateway (130) at setup of a communication session with another party (150) is described. The media gateway (130) is controlled by a control server (120). The control server (120) receives a communication session setup request from the user equipment (100) and determines an indication of a security certificate of the media gateway (130). The control server (120) then sends the indication of the security certificate of the media gateway (130) to the user equipment (100), wherein the indication is sent before or in parallel to sending the communication session setup request towards said other party (150). The user equipment (100) then initiates a negotiation of security related parameters, based on the received indication of the security certificate of the media gateway (130).
    Type: Grant
    Filed: September 3, 2014
    Date of Patent: June 9, 2020
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Yunjie Lu, Huoming Dong
  • Patent number: 10673627
    Abstract: Using three pieces of element data w1, w2, and w3 obtained by partitioning storage data D, an encryption unit generates three sets of a first set A1 in which the first to third pieces of element data are sequentially arranged, a second set A2 in which the second to third pieces of element data are sequentially arranged, and a third set A3 composed of the third piece of element data. The encryption unit encrypts each piece of element data included in each set with a random number R(1) by a CBC mode.
    Type: Grant
    Filed: January 18, 2016
    Date of Patent: June 2, 2020
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Yutaka Kawai, Takato Hirano
  • Patent number: 10659366
    Abstract: Network devices, such as load balancers may be configured to forward client metadata to back-end nodes using defined fields of a security protocol. For example, client metadata may be inserted into an extension field or certificate defined by a security protocol that is used for a secure connection between the load balancer and the back-end node. In some instances, a source IP address based on a received request may be inserted into the extension field or certificate defined by the security protocol before the request is forwarded to the back-end node. The back-end node may extract the client metadata and use the client metadata for any of a number of processes (e.g., billing, tracking, security, logging, etc.).
    Type: Grant
    Filed: November 4, 2015
    Date of Patent: May 19, 2020
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10652732
    Abstract: Embodiments are directed to provisioning a general-use basis for authentication of a processor device. During manufacture, a hardware processor stores a secret value and shares a derived value produced based on the secret value with a secure service. These values may be used in a limited-use initial authentication process to authenticate the hardware processor. A general-use basis for authentication not so limited as the initial authentication process is established subsequent to the manufacture of the hardware processor. The general-use basis for authentication may include a public-private key pair, and is established upon successful completion of the initial authentication process. Authentication using the general-use process produces an authentication traceable to the manufacture of the hardware processor.
    Type: Grant
    Filed: February 24, 2016
    Date of Patent: May 12, 2020
    Assignee: Intel Corporation
    Inventors: Ernie F. Brickell, Rachid El Bansarkhani
  • Patent number: 10652030
    Abstract: A method and system for generating multiple profiles corresponding to different digital certificates. The profile includes intrinsic attributes and derived attributes associated with a digital certificate. The system enables a customer system to filter digital certificates based on a suitability of the various digital certificates for use with a given application to be executed by or on behalf of the customer system. The suitability may be determined based on a comparison of certificate requirements associated with a customer system's request and one or more of the intrinsic attributes and derived attributes.
    Type: Grant
    Filed: March 5, 2018
    Date of Patent: May 12, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Marcel Andrew Levy, Peter Zachary Bowen, Todd Lawrence Cignetti, Brandonn Gorman, Ronald Andrew Hoskinson, Brenda Lee Leary, Timothy Sterling Loverin, James Spencer, Nicholas Wexler
  • Patent number: 10623570
    Abstract: An apparatus, a method, and a computer program receive a request message from a mobile device to connect with an agent and authenticate the request message and provisioning a database for enabled services and service location. A service provider is identified and selected from a plurality of service providers. As a result, the request message is transmitted to the service provider in order to determine availability of the service provider.
    Type: Grant
    Filed: March 20, 2018
    Date of Patent: April 14, 2020
    Assignee: West Corporation
    Inventors: Michael T. Mateer, James K. Boutcher, Jesse Andersen
  • Patent number: 10616239
    Abstract: A system includes a communication module that receives a request to post content to an event gallery associated with an event. The request in turn includes geo-location data for a device sending the content, and identification data identifying the device or a user of the device. The system further has an event gallery module to perform a first authorization operation that includes determining that the geo-location data corresponds to a geo-location fence associated with an event. The event gallery module also performs a second authorization operation that includes using the identification data to verify an attribute of the user. Finally, based on the first and second authorization operations, the event gallery module may selectively authorize the device to post the content to the event gallery.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: April 7, 2020
    Assignee: Snap Inc.
    Inventors: Nicholas Richard Allen, Sheldon Chang
  • Patent number: 10595352
    Abstract: A method and system of establishing a short-range wireless communications connection between a host device and a client device, wherein the host device includes a host certificate and a host key, the method including the steps of: transmitting an advertisement using a short-range wireless communications (SRWC) protocol from the host device to the client device; receiving a connection request message from the client device; receiving a client device verification message, wherein the client device verification message includes an encrypted client certificate, wherein the encrypted client certificate is a certificate that is encrypted using a client key; decrypting the encrypted certificate using the host key to obtain the client certificate; verifying the client certificate using the host certificate; generating a shared secret; encrypting the shared secret using the host key; and sending the encrypted shared secret to the client device.
    Type: Grant
    Filed: November 29, 2017
    Date of Patent: March 17, 2020
    Assignee: GM GLOBAL TECHNOLOGY OPERATIONS LLC
    Inventors: Brian E. McColgan, Ramie Phillips, III
  • Patent number: 10594498
    Abstract: A method for secure transmission of user-authenticating information is provided. The method includes steps of: a service-providing server (a) determining whether a public key of the user is registered in a blockchain network, and instructing a user-authenticating information generator to generate user-authenticating information for reference, instructing an encrypting engine to encrypt the generated user-authenticating information for reference by using the public key of the user retrieved from the blockchain network, and instructing a message-sending part to transmit the encrypted user-authenticating information for reference to a mobile device of the user; and (b) in case that user-authenticating information for comparison is acquired from the user device and if the user-authenticating information for comparison is determined as identical to the user-authenticating information for reference, providing the user device with the service desired by the user.
    Type: Grant
    Filed: May 22, 2019
    Date of Patent: March 17, 2020
    Assignee: Coinplug, Inc.
    Inventors: Joon Sun Uhr, Jay Wu Hong, Joo Han Song
  • Patent number: 10581595
    Abstract: Provided are a computer program product, system, and method for generating public/private key pairs to deploy public keys at computing devices to verify digital signatures. A plurality of public-private key pairs are generated to store in a key store. A set of public keys of the public-private key pairs is distributed to the computing systems to use to verify purported digitally signed challenges. One of the public-private key pairs is selected to use a private key of the selected one of the public-private key pairs as a current private key to use to digitally sign challenges from the computing systems. A determination is made to retire the current private key. Another one of the public-private key pairs is selected and the current private key is set to a private key of the selected another one of the public-private key pairs to use to digitally sign challenges from the computing systems.
    Type: Grant
    Filed: March 1, 2017
    Date of Patent: March 3, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Thomas Fiege, Michael P. Groover, Mark E. Hack
  • Patent number: 10574849
    Abstract: An import unit of an image forming apparatus performs control as follows. If an import target setting value corresponds to a device setting, the import unit determines whether the setting value complies with the security rule. If it is determined that the setting value complies with the security rule, the import unit executes the import processing of the setting value. If it is determined that the setting value does not comply with the security rule, the import unit does not execute the import processing of the setting value. Further, if an import target setting value corresponds to an individual setting, the import unit executes the import processing of the setting value regardless of the security rule.
    Type: Grant
    Filed: April 10, 2019
    Date of Patent: February 25, 2020
    Assignee: Canon Kabushiki Kaisha
    Inventor: Hideo Asahara
  • Patent number: 10567399
    Abstract: A server communicates over a network with a data inspection device (DID) having access to at least portions of a data file, and assists the DID with matching the data file to known data files represented on the server. A hash tree is constructed for each known data file. To construct each hash tree: the known data file is fragmented into contiguous fragments; spaced fragments separated based on an offset schema are selected from the contiguous fragments; and nodes of the hash tree are generated based on hashes of the spaced fragments, but not the skipped fragments. A hash of a fragment of the data file is received from the DID, and it is compared to the hash trees constructed using the offset schema. Compare results are sent to the data inspection device indicating a match or a mismatch between the received hash and the hash trees.
    Type: Grant
    Filed: March 28, 2017
    Date of Patent: February 18, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Foster Glenn Lipkey, John Joseph Groetzinger, Aaron Frederick Louks
  • Patent number: 10540271
    Abstract: A system of testing updated software may include a cloud-based production environment. The system may also include a cloud-based testing environment. The system may also include a cloud-based production processing unit configured to receive in response to document, execute an initial software by inputting the document, and determine an initial software result and an initial software process based the document. The system may also include a cloud-based testing processing unit configured to receive the document, execute an updated software by inputting the document, and determine an updated software result and an updated software process based on the document. The system may also include a testing comparison unit configured to compare the initial software result and the updated software result, and compare the initial software process and the updated software process.
    Type: Grant
    Filed: August 20, 2018
    Date of Patent: January 21, 2020
    Assignee: GLOBAL HEALTHCRAE EXCHANGE, LLC
    Inventors: Steve Cochran, Hatem El-Sebaaly, Eric Bersagel, Mukund Jaiswal, Daniel Milburn
  • Patent number: 10542011
    Abstract: A system includes a communication module that receives a request to post content to an event gallery associated with an event. The request in turn includes geo-location data for a device sending the content, and identification data identifying the device or a user of the device. The system further has an event gallery module to perform a first authorization operation that includes determining that the geo-location data corresponds to a geo-location fence associated with an event. The event gallery module also performs a second authorization operation that includes using the identification data to verify an attribute of the user. Finally, based on the first and second authorization operations, the event gallery module may selectively authorize the device to post the content to the event gallery.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: January 21, 2020
    Assignee: Snap Inc.
    Inventors: Nicholas Richard Allen, Sheldon Chang
  • Patent number: 10536537
    Abstract: A master oracle may receive an oracle network identifier for an oracle network. The master oracle may receive a plurality of data messages respectively generated by the oracles. The master oracle may verify, based on respective public keys for the oracles, that each of the data messages are digitally signed by a different corresponding one of the oracles. The master oracle may aggregate the data messages into an aggregated data message. The master oracle may digitally sign the aggregated data message with a private key and public key pair. The master oracle may transmit the aggregated data message to a participant node of a distributed ledger network. A smart contract stored on a blockchain may verify the aggregated data. After receiving and verifying the aggregated data message the smart contract may execute to perform operations based on the aggregated data message.
    Type: Grant
    Filed: June 13, 2019
    Date of Patent: January 14, 2020
    Assignee: ACCENTURE GLOBAL SOLUTIONS LIMITED
    Inventors: Anh-Dung Le, Luca Schiatti, Giuseppe Giordano
  • Patent number: 10530781
    Abstract: A medical device has a device component with an operating state controllable by predefining a predefined value for an operating parameter. A data network interface receives a data message from a central network computer. The data message indicates whether the central network computer is in a blocked state concerning potential user inputs into an input unit of the network computer. The medical device further has an input unit for the potential input of an input value and at least one control unit configured to predefine the predefined value as a function of the input value to the device component as well as to block the input unit for inputs of a user. The control unit is further configured to block the input unit for the input of the input value as a function of the indicated state of the central network computer.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: January 7, 2020
    Assignee: Dr├Ągerwerk AG & Co. KGaA
    Inventors: Stefan Schlichting, Joshua Abell
  • Patent number: 10524122
    Abstract: Methods and systems are provided for validating a signature in a multi-tenant environment. A server or other computing device that is part of a distributed network may request a certificate collection from an identified tenant store. The requested certificate collection may be loaded in a virtual store that is accessible by the server or other computing device. The sever or other computing device may then access one or more certificates from the virtual store to validate a signature.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: December 31, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Tariq Sharif, Yamin Wang, Jinghua Chen
  • Patent number: 10516542
    Abstract: A certificate authority receives a request to issue a digital certificate from a customer. In response to the request, the certificate authority determines a network endpoint to be specific to the digital certificate that is to serve information usable to determine whether the digital certificate is valid. The certificate authority issues, to the customer, a digital certificate that specifies a network address for the network endpoint and records information about requests made to the network endpoint to obtain the information usable to determine whether the digital certificate is valid.
    Type: Grant
    Filed: March 8, 2017
    Date of Patent: December 24, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Marcel Andrew Levy, Peter Zachary Bowen, Jonathan Kozolchyk, Nicholas Wexler
  • Patent number: 10489596
    Abstract: A method includes storing configuration data for a Trusted Platform Module (TPM) in a pre-boot environment such as Unified Extensible Firmware Interface (UEFI), reading the configuration data, and automatically configuring the TPM based upon the configuration data. The configuring includes storing values of TPM parameters in non-volatile memory of the TPM. A method includes UEFI firmware of a circuit board on an assembly line configuring a TPM. An information handling system includes UEFI firmware and a TPM. The UEFI firmware configures the TPM from a configuration file stored in memory of the UEFI firmware.
    Type: Grant
    Filed: March 7, 2017
    Date of Patent: November 26, 2019
    Assignee: DELL PRODUCTS, LP
    Inventors: Andrew J. O'Rourke, Darin R. Dearwater, Johan Rahardjo, Jeffrey R. Azulay
  • Patent number: 10491762
    Abstract: An apparatus that executes a job, broadcasts a wireless signal prior to establishing a connection by wireless communication with an external apparatus. The wireless signal includes information relating to the apparatus, by which it can be identified whether execution of a job by the apparatus is possible, in a predetermined packet.
    Type: Grant
    Filed: February 7, 2018
    Date of Patent: November 26, 2019
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Taketomo Naruse
  • Patent number: 10484394
    Abstract: A system includes a communication module that receives a request to post content to an event gallery associated with an event. The request in turn includes geo-location data for a device sending the content, and identification data identifying the device or a user of the device. The system further has an event gallery module to perform a first authorization operation that includes determining that the geo-location data corresponds to a geo-location fence associated with an event. The event gallery module also performs a second authorization operation that includes using the identification data to verify an attribute of the user. Finally, based on the first and second authorization operations, the event gallery module may selectively authorize the device to post the content to the event gallery.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: November 19, 2019
    Assignee: Snap Inc.
    Inventors: Nicholas Richard Allen, Sheldon Chang
  • Patent number: 10475272
    Abstract: Disclosed are techniques that use devices with corresponding identity wallet applications that execute on an electronic processor device of the devices, and which identity wallets store identity information and encrypt the stored identity information. A distributed ledger system, and a broker system that interfaces to the wallet and the distributed ledger are used for various information exchange cases pertaining to access to facilities.
    Type: Grant
    Filed: May 15, 2017
    Date of Patent: November 12, 2019
    Assignee: TYCO INTEGRATED SECURITY, LLC
    Inventors: Richard Campero, Sean Davis, Graeme Jarvis, Terezinha Rumble
  • Patent number: 10469482
    Abstract: The disclosed embodiments include encrypted data retrieval systems and methods to provide access to encrypted data. In one of such embodiments, the method includes receiving a request to access encrypted data. The method also includes analyzing the request to determine a credential of a source electronic device seeking to access the encrypted data. The method further includes determining, based on the credential of the source electronic device, a category of the request. In response to determining the category of the request, the method further includes selecting additional credentials with which to authenticate the request. The method further includes providing an indication of the credentials to at least one operator, wherein the at least one operator is authorized to enter the additional credentials to release the encrypted data. In response to receiving the additional credentials, the method further includes transmitting the encrypted data to the source electronic device.
    Type: Grant
    Filed: September 5, 2017
    Date of Patent: November 5, 2019
    Assignee: MASERGY COMMUNICATIONS, INC.
    Inventors: David Venable, Jake Warren, Chris Dudek
  • Patent number: 10462184
    Abstract: The disclosed computer-implemented method for enforcing access-control policies in an arbitrary physical space may include (i) identifying a collection of devices that are located within a predetermined physical space, (ii) determining the physical location of each device in the collection of devices, (iii) establishing, based on the collection of devices, (a) a list of controlled devices that are subject to an access-control policy and (b) a list of monitoring devices that are capable of monitoring user activity within a physical proximity, (iv) matching each controlled device with at least one monitoring device that is capable of monitoring user activity within physical proximity to the controlled device, and (v) monitoring, for each controlled device and by each monitoring device matched to the controlled device, user activity within proximity to the controlled device. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 28, 2016
    Date of Patent: October 29, 2019
    Assignee: Symantec Corporation
    Inventors: Lei Gu, Ilya Sokolov, Bruce McCorkendale
  • Patent number: 10454689
    Abstract: A client maintains a pinned collection of trusted digital certificates. An original digital certificate in the collection may be updated by sending a request to the certificate authority that issued the original digital certificate. The certificate authority generates an updated certificate, signs the updated certificate with a private key of the updated certificate, and also signs the updated certificate with the private key of the original digital certificate. The server provides the updated certificate to the client. The client can validate the signature created with the updated private key using the updated public key of the certificate authority, and the signature created with the original private key can be validated using the original public key of the certificate authority. If both signatures are valid, a continuity of trust may be established, and the updated certificate added to the collection of trusted digital certificates.
    Type: Grant
    Filed: August 27, 2015
    Date of Patent: October 22, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10447480
    Abstract: Blockchain blocks are provided with either or both of two element types that enable later verification of block validity. One element type is identifiers, such as signatures, of trusted validators that approve entry of the block into the blockchain. Another element is a history hash tree that encodes data from not only the current block, but also at least one previous block.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: October 15, 2019
    Assignee: Guardtime SA
    Inventors: Risto Alas, Hema Krishnamurthy
  • Patent number: 10447683
    Abstract: Techniques are disclosed for provisioning device-specific credentials to an Internet of Things device that accesses a cloud-based IoT service. The IoT service receives, from the IoT device, a request for device-specific credentials. The request comprises a provisioning certificate including information identifying a group of devices associated with the IoT device. The provisioning certificate is authenticated by evaluating the information with expected information. The device-specific credentials are generated based, at least in part, on the information provided in the provisioning certificate. The device-specific credentials are sent to the IoT device, and the IoT device installs and activates the device-specific credentials. The device-specific credentials are associated with the IoT device in a registry of the IoT service.
    Type: Grant
    Filed: November 17, 2016
    Date of Patent: October 15, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Rameez Loladia, Ramkishore Bhattacharyya, Ashutosh Thakur, Atulya S. Beheray
  • Patent number: 10439816
    Abstract: A method is provided for generating a public/private key pair on an IC and to provision an IoT device having the IC. In the method, a first entity manufacturers an integrated circuit (IC) for use in a device. The IC, or chip, has a root secret embedded therein. A public key is generated on the IC using a unique identifier (ID) and the root secret. The IC is provided to a second entity for manufacturing the device using the IC. A reference IC is provided to a third entity. The reference IC has the same embedded root secret as the IC. The reference IC is configured to use the unique ID of the IC and the embedded root secret to generate a derived public key. The third entity is enabled to verify that the public key of the IC is associated with the unique ID by using the derived public key of the reference IC. The method allows the IoT device to be provisioned without using a public key infrastructure.
    Type: Grant
    Filed: September 8, 2017
    Date of Patent: October 8, 2019
    Assignee: NXP B.V.
    Inventor: Marno Herman Josephus van der Maas
  • Patent number: 10437525
    Abstract: Methods for distributed storage in accordance with embodiments of the invention enable secret sharing. One embodiment includes encoding source data using an encoding system to produce a plurality of sets of encoded data, where: the source data can be recovered from at least a portion of less than all of the plurality of sets of encoded data; and the source data cannot be recovered using less than a threshold number of the plurality of sets of encoded data; storing each of the plurality of sets of encoded data on a storage device from a set of storage devices on which encoded data is stored; determining a set of storage devices that are available using a decoding system, where the set of storage devices that are available does not include all of the storage devices in the set of storage devices on which encoded data is stored.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: October 8, 2019
    Assignees: California Institute of Technology, The Research Foundation For the State University of New York, New Jersey Institute of Technology
    Inventors: Wentao Huang, Michael Langberg, Joerg Kliewer, Jehoshua Bruck
  • Patent number: 10440051
    Abstract: Embodiments of the invention are directed to systems, methods and computer program products for enhanced detection of polymorphic malicious content within an entity. In this regard, the present invention receives information associated with an incidence of an electronic file; receives an first hash value of the electronic file from a first network device and a second hash value of the electronic file from a second network device; compares the first hash value with the second hash value; determines that the electronic file is polymorphic based on at least the match; initiates an execution of a quantum optimization algorithm using a quantum optimizer to determine one or more hash value states associated with the electronic file for a third network device; and initiates a control signal configured to store the one or more hash value states in a database associated with the third network device.
    Type: Grant
    Filed: March 3, 2017
    Date of Patent: October 8, 2019
    Assignee: Bank of America Corporation
    Inventors: Eric Eugene Sifford, William August Stahlhut
  • Patent number: 10419421
    Abstract: Methods, systems, and computer programs are presented for creating a secure network fabric and for adding trusted devices to an existing secure network fabric. One method includes an operation for setting a switch into a provisioning mode where the switch does not enforce secure communications. While the switch is in provisioning mode, the method performs operations including establishing a connection from the switch to a provisioning controller, sending a certificate signing request (CSR) from the switch to the provisioning controller, and receiving, from the provisioning controller, a security certificate generated by a certificate authority. The method further includes an operation for entering a lockdown mode by the switch after receiving the security certificate, where the switch, while in lockdown mode, secures communications utilizing the security certificate.
    Type: Grant
    Filed: August 11, 2016
    Date of Patent: September 17, 2019
    Assignee: Big Switch Networks, Inc.
    Inventors: Andreas Wundsam, Gregor Maier, Carl D. Roth, Jeffrey Townsend, Jason Parraga, Cham Ho Li, Tomasz Klimczyk
  • Patent number: 10389535
    Abstract: Provided are a computer program product, system, and method for using public keys provided by an authentication server to verify digital signatures. A plurality of public keys from a plurality of public-private key pairs and stored in a local key store. A request is received to access computational resources in the system. A challenge is returned in response to the request. A response to the challenge is received comprising a purported digitally signed challenge. A determination is made as to whether the purported digitally signed challenge is verified using a first public key of the public keys in the local key store. A determination is made as to whether the purported digitally signed challenge is verified using a second public key of the public keys in the local key store in response to determining that the first public key did not verify the purported digitally signed challenge.
    Type: Grant
    Filed: March 1, 2017
    Date of Patent: August 20, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Thomas Fiege, Michael P. Groover, Mark E. Hack
  • Patent number: 10382213
    Abstract: A technology is provided for certificate authentication for registering a certificate in computing service environment. A request may be received to register a certificate authority (CA) certificate. A registration token associated with a customer account in a service provider environment may be generated to enable association of the customer account with the CA certificate and to authenticate a registration of the CA certificate. The registration token may be sent to a requester desiring to register the CA certificate. A verification certificate that contains the registration token and that is signed by a certificate authority (CA) of the CA certificate and the CA certificate that is signed by the CA may be received to register the CA certificate with the customer account within a service provider environment The CA certificate is persisted with the service provider environment after verifying the registration token is associated with the customer account and the CA certificate is signed by the CA.
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: August 13, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Mark Edward Rafn, Ashutosh Thakur, Rameez Loladia, James Christopher Sorenson, III, Christoph Saalfeld
  • Patent number: 10380370
    Abstract: An apparatus and method for operating a relational database (DB) are provided. The method includes determining a sensitivity classification for a column of a table in the DB, performing encryption, using a data encryption key (DEK), of sensitive data when writing the sensitive data to the column determined to be sensitive, performing decryption, using the DEK, of the encrypted sensitive data when reading the sensitive data from the column determined to be sensitive, and performing writing to the column and reading from the column of unencrypted non-sensitive data when the column is determined to be non-sensitive.
    Type: Grant
    Filed: February 25, 2016
    Date of Patent: August 13, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Abdul Syed-Ebrahim, Peng Ning, Ken Chen
  • Patent number: 10360567
    Abstract: This invention discloses a novel system and method for distributing electronic ticketing to mobile devices such that the ticket stored on the device is checked for its integrity from tampering and the device periodically reports on ticket usage with a central server.
    Type: Grant
    Filed: May 23, 2014
    Date of Patent: July 23, 2019
    Inventors: Micah Bergdale, Matthew Grasser, Kevin Rejko, Nicholas Ihm
  • Patent number: 10362020
    Abstract: A digital certificate of a user is collected. A digest computation of a collecting result of the digital certificate is performed to generate a digital certificate digest of the user. The digital certificate digest is cached. In response to an operation of the user, a service request containing the cached digital certificate digest is transmitted to a service server such that when a service corresponding to the service request is a service for which the digital certificate needs to be verified, the service server executes the service when the verification passes through verification of the digital certificate digest. The techniques of the present disclosure execute the verification operation of the digital certificate along with specific service operations, which reduce the number of certificate verifications and the number of requests for executing the specific service.
    Type: Grant
    Filed: May 26, 2015
    Date of Patent: July 23, 2019
    Assignee: Alibaba Group Holding Limited
    Inventor: Zhizhang Zhou
  • Patent number: 10356616
    Abstract: Examples of techniques for identifying external devices using a wireless network associated with a vehicle are disclosed. In one example implementation, a method includes initializing, by a processing system, an unsecure wireless network identified by a service set identifier (SSID). The method further includes receiving, by the processing system, a safety message from an external device external to a vehicle. The method further includes processing, by the processing system, the safety message to determine a location and a movement vector of the external device without performing a dynamic internet protocol address allocation to the external device. The method further includes alerting, by the processing system, an operator of the vehicle of the location and the movement vector of the external device.
    Type: Grant
    Filed: February 14, 2017
    Date of Patent: July 16, 2019
    Assignee: GM GLOBAL TECHNOLOGY OPERATIONS LLC
    Inventor: Nadav Lavi
  • Patent number: 10356084
    Abstract: A mobile device may include at least one memory and a processor-cooperating with the at least one memory to enroll with an enterprise mobility management (EMM) server and store a plurality of different managed enterprise applications in the at least one memory, and receive and store a digital certificate associated with a given one of the managed enterprise applications in a secure shared location within the at least one memory. The processor may further run the plurality of managed enterprise applications to share access to the digital certificate from the secure shared location and generate and send encrypted data to another mobile device via the EMM server with all of the managed enterprise applications using the same digital certificate associated with the given managed enterprise application for encryption so that the EMM server is unable to decrypt the encrypted data.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: July 16, 2019
    Assignee: CITRIX SYSTEMS, INC.
    Inventor: Shaunak Mistry
  • Patent number: 10333922
    Abstract: Disclosed are various embodiments for validating the identity of network sites. A communication session is established with a network site using a credential for the network site. A validation of the communication session is generated based at least in part upon a profile for the network site. The profile is derived from at least one previous communication session with the network site. An action is initiated in response to the validation when the validation indicates a discrepancy exists between the profile for the network site and the communication session with the network site.
    Type: Grant
    Filed: July 24, 2017
    Date of Patent: June 25, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10326741
    Abstract: Embodiments are directed to sharing secure communication secrets with a network monitoring device (NMD). The NMD may passively monitor network packets communicated between client computers and server computers. If a secure communication session is established between a client computer and a server computer, a key provider may provide the NMD a session key that corresponds to the secure communication session. The NMD may buffer each network packet associated with the secure communication session until the NMD is provided a session key for the secure communication session. The NMD may use the session key to decrypt network packets communicated between the client computer and the server computer. The NMD may then proceed to analyze the secure communication session based on the contents of the decrypted network packets.
    Type: Grant
    Filed: March 13, 2017
    Date of Patent: June 18, 2019
    Assignee: ExtraHop Networks, Inc.
    Inventors: Jesse Abraham Rothstein, Benjamin Thomas Higgins, Brian David Hatch
  • Patent number: 10320756
    Abstract: Technology for communicating secure data from a sensor is disclosed. A data transfer device may comprise at least one sensor to generate sensor data and a security engine to generate a key. The data transfer device may also comprise a hardware interface to couple with the at least one sensor and receive the sensor data, and to generate a security signature using the key with the sensor data, and configured to send the sensor data combined with the security signature to a communication interface of a host device. The data transfer device may also comprise a security enclave configured to receive the key from the security engine and to send the key to an application layer of the host device.
    Type: Grant
    Filed: December 31, 2016
    Date of Patent: June 11, 2019
    Assignee: Intel Corporation
    Inventor: Tamir D. Munafo
  • Patent number: 10313352
    Abstract: A system and method for identifying a phishing website is disclosed. Content associated with a website that a user is attempting to access is retrieved and translated into a format that a classifier can process. The classifier is trained to identify phishing attempts for a particular website or family of websites. The classifier processes the website to determine if the website is a phishing website. A scorer can determine the likelihood that the classifier classified the website correctly. If the website is determined to be a phishing website a protection component can deny access to the website. Otherwise the user can be permitted to access the website.
    Type: Grant
    Filed: October 26, 2016
    Date of Patent: June 4, 2019
    Assignee: International Business Machines Corporation
    Inventors: Jeff H. C. Kuo, Chien Pang Lee, John K. C. Lee
  • Patent number: 10313132
    Abstract: A method for importing and exporting configurations includes: generating a public key and a private key of a manufacturer; generating a certificate of the manufacturer; storing the certificate of the manufacturer in each of products; and signing a public key by using the private key of the manufacturer to generate a signature of the manufacturer; wherein the products receive the certificate of the manufacturer, at least one configuration and a signature of a customer which is generated by signing the at least one configuration by using a private key of the customer, as well as each products verifies the signature of the manufacturer in accordance with the stored certificate of the manufacturer, verifies the signature of the customer in accordance with the certificate of the manufacturer, and applies the at least one configuration when authenticated. A system for importing and exporting configurations is also provided.
    Type: Grant
    Filed: March 9, 2017
    Date of Patent: June 4, 2019
    Assignee: GETAC TECHNOLOGY CORPORATION
    Inventors: Jiunn-Jye Lee, Yu-Shian Chen
  • Patent number: 10303887
    Abstract: Systems and methods described herein generally relate to storing and verifying data. In some embodiments, reference levels are generated according to time intervals, where the first reference level comprises a predetermined number of the time intervals, and where each of the time intervals of the remaining reference levels is comprised of a predetermined number of the time intervals of a previous reference level. Hashes of data can be created at the first reference level by performing a hashing function on the data in a time-sequenced manner. First reference level time interval hashes may be generated by performing the hashing function on the hashes of the data at each of the time intervals of the first reference level. Hashes for remaining reference level time intervals can be generated by performing the hashing function on the hashes of each of the time intervals of the previous reference level.
    Type: Grant
    Filed: September 14, 2015
    Date of Patent: May 28, 2019
    Assignee: t0.com, Inc.
    Inventors: Tron Black, Alec Wilkins, Robert Christensen
  • Patent number: 10291410
    Abstract: A first digital identification document is transmitted from an identification authority to a mobile device of an identified individual. This first digital identification document is digitally signed and includes a set of attributes about the identified individual. In the same manner, a second digital identification document is also transmitted to the identified individual's mobile device. The second digital identification document is also digitally signed but includes a different set of attributes about the identified individual. The identified individual is then confronted by a series of challengers, wherein each challenger requires a different amount of information about the identified individual. Based on the identity of each challenger, the identified individual selects an appropriate identification document and transmits it to the applicable challenger's device.
    Type: Grant
    Filed: January 11, 2018
    Date of Patent: May 14, 2019
    Assignee: International Business Machines Corporation
    Inventor: Richard Redpath
  • Patent number: 10270757
    Abstract: A method, system or computer usable program product for managing exchanges of sensitive data including utilizing a processor to request a service across a network from an application, the service requiring a disclosure of a first set of sensitive data by the application; providing a set of certified policy commitments regarding the first set of sensitive data to the application for a determination of acceptability; and upon a positive determination, receiving the service including the disclosure of the first set of sensitive data.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: April 23, 2019
    Assignee: TRUSTARC INC
    Inventor: Daniel J. Guinan
  • Patent number: 10263791
    Abstract: Examples for acceleration of online certificate status checking with an Internet hinting service are disclosed. For example, one method includes receiving, by a computing device from a hinting server, hint information comprising certificate information; receiving, from a remote computing device, a certificate in response to a request to establish secure communications with the remote computing device; and determining a validity of the certificate based on the certificate information.
    Type: Grant
    Filed: March 21, 2018
    Date of Patent: April 16, 2019
    Assignee: VIASAT, INC.
    Inventors: Michael J Schexnaydre, Peter J Lepeska, Douglas C Larrick
  • Patent number: 10263961
    Abstract: A security chip and an application processor may be included in a device configured to engage in encrypted communications with an external client, including public key infrastructure communications, in an environment where a certificate authority is absent. The security chip may provide the application processor with a device public key from among a pair of device keys related to public key infrastructure communications, receive a request from the application processor to generate a digital signature on a certificate form including the device public key, provide the application processor with a digital signature generated based on an encryption operation using a certificate authority private key, and receive and store a certificate including the digital signature from the application processor.
    Type: Grant
    Filed: November 21, 2016
    Date of Patent: April 16, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Youn-sung Chu, Min-ja Han, Kyung-jin Lee