By Generation Of Certificate Patents (Class 713/175)
  • Patent number: 11954226
    Abstract: Disclosed herein are methods and systems for executing verifiable computation modules to process private data at private data owner platform, comprising obtaining a computation module having a unique identifier recorded in a distributed ledger controlled by a plurality of computing nodes, generating a key pair comprising a signing key and a verification key derived from the signing key, recording, in the distributed ledger, an execution record associating an execution instance of the computation module with the verification key, initiating the execution instance of the computation module to process a private dataset incorporated with the signing key. outputting a computation outcome, computing an execution result signature for the execution instance based on the unique identifier and the private data and the signing key, and recording the execution result signature in the distributed ledger to enable verification of the execution instance.
    Type: Grant
    Filed: August 17, 2021
    Date of Patent: April 9, 2024
    Assignee: International Business Machines Corporation
    Inventors: Alexander Kofman, Artem Barger, Corville O. Allen, Jonathan Bnayahu, Pratul Gupta, Yacov Manevich
  • Patent number: 11917085
    Abstract: A method at a computing device within an Intelligent Transportation System, the method comprising: determining, at the computing device, whether a short-term certificate is available to sign a message; if the short-term certificate is available, signing the message with a private key associated with the short-term certificate; if the short-term certificate is not available, signing the message with a private key associated with a long-term certificate; and sending the message to a recipient.
    Type: Grant
    Filed: April 21, 2023
    Date of Patent: February 27, 2024
    Assignee: BlackBerry Limited
    Inventors: Stephen John Barrett, John Octavius Goyo, James Randolph Winter Lepp
  • Patent number: 11902869
    Abstract: A communication device may execute a wireless communication of object data with a mobile device via a first target network using a second type of interface after executing a sending process of sending a wireless setting, for causing the mobile device to belong to the first target network, to the mobile device using a first type of interface in a case where the communication device is determined as currently belonging to the first target network. The communication device may execute the wireless communication of the object data with the mobile device via a second target network using the second type of interface after executing a specific process of causing both the communication device and the mobile device to belong to the second target network in a case where the communication device is determined as currently not belonging to the target network.
    Type: Grant
    Filed: October 31, 2022
    Date of Patent: February 13, 2024
    Assignee: Brother Kogyo Kabushiki Kaisha
    Inventors: Takanobu Suzuki, Hirotaka Asakura, Munehisa Matsuda, Satoshi Tanaka
  • Patent number: 11886441
    Abstract: A method of implementing object tagging framework starts with the processor receiving a tag creation command including a tag name. In response to the tag creation command, the processor creates a current tag. The processor then receives an association command, the tag name and a source object identifier. The processor determines a source object associated with the source object identifier. The source object includes a tag value. The processor associates the current tag with the source object. The processor receives a replication command including the source object and a target object. The processor causes replication of the source object to the target object that comprises replicating the current tag with the tag name and the tag value in the source object to the target object. Other embodiments are also described herein.
    Type: Grant
    Filed: November 7, 2022
    Date of Patent: January 30, 2024
    Assignee: Snowflake Inc.
    Inventors: Artin Avanes, Khalid Zaman Bijon, Yujie Li, Zheng Mi, Subramanian Muralidhar, David Schultz
  • Patent number: 11882440
    Abstract: An embodiment user authentication system for a connected vehicle service includes a service terminal configured to encrypt first vehicle identification information comprising identification information of a vehicle system and terminal identification information comprising identification information of the service terminal to generate a service identification (ID) comprising identification information of the connected vehicle service, and to display the service ID on a display screen as an optically readable code, and a user terminal configured to receive the service ID by scanning the code and to transmit the received service ID to a service server through an external network to request a user authentication.
    Type: Grant
    Filed: June 16, 2021
    Date of Patent: January 23, 2024
    Assignees: Hyundai Motor Company, Kia Corporation
    Inventor: Jaeyoon Ko
  • Patent number: 11863689
    Abstract: A system having one or more processors. The one or more processors receive data having a request for transferring ownership of a portion of a security from a first user computing system. A portion of the data is signed by a signer with a group signature having an extension. The one or more processors further receive a request to link an identity of the signer and open the identity of the signer. The one or more processors provide to a regulator information corresponding to the group signature and a signature of a transferee being linked to the group signature. The one or more processors generate signing ability of a second user computing system associated with an identifier of the transferee. Generating the signing ability of the second user computing system to use the group signature transfers the ownership of the portion of the security.
    Type: Grant
    Filed: October 24, 2022
    Date of Patent: January 2, 2024
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Phillip H. Griffin
  • Patent number: 11863589
    Abstract: The present disclosure provides for enterprise security in intelligent electronic devices such as electric power meters. In accordance with the present disclosure, enterprise security is a security system in which each individual device, instead of configuring and storing security configurations locally, use a security server for security verifications. Such a security server of the present disclosure may be a dedicated computer on a network, that is used to manage the security configuration for all users. This makes it simpler for administrators to configure users and devices, which in turn improves security by encouraging security to be properly configured.
    Type: Grant
    Filed: June 8, 2020
    Date of Patent: January 2, 2024
    Assignee: EI ELECTRONICS LLC
    Inventors: Luna A. Koval, Erran Kagan
  • Patent number: 11849052
    Abstract: A method for replacing an identity certificate in a blockchain network includes a service subnet, a consensus subnet, and a routing layer used for isolating the service subnet from the consensus subnet. The method includes: receiving a root certificate replacement notification transmitted by a certificate authentication center; obtaining a public key corresponding to the certificate authentication center; verifying the root certificate replacement notification by using the obtained public key; forwarding the root certificate replacement notification to a consensus node in the consensus subnet after the validation succeeds, so that the consensus node records the root certificate replacement notification into a latest data block after a consensus on the root certificate replacement notification is reached; and requesting, when the data block is received, the certificate authentication center to replace an identity certificate.
    Type: Grant
    Filed: January 21, 2021
    Date of Patent: December 19, 2023
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Mao Cai Li, Geng Liang Zhu, Hu Lan, Zong You Wang, Li Kong, Kai Ban Zhou, Chang Qing Yang, Qiu Ping Chen, Qu Cheng Liu, Yi Fang Shi, Jin Song Zhang, Pan Liu
  • Patent number: 11841957
    Abstract: Disclosed is a system and method to create an encrypted file system on a block chain. The system creates the block chain controlling an access to the encrypted file system. The block chain defines a user permission to access at least a portion of the encrypted file system. The system creates the encrypted file system by recording a unique file ID in the block chain, where the unique file ID stores a chunk index including memory locations of multiple chunks storing portions of a file in the encrypted file system. The system encrypts the file using a channel session key and a file encryption key. The channel session key includes a cryptographic key computed based on information known to users granted at least a temporary access to the file, and the file encryption key includes a cryptographic key used to encrypt each file in the encrypted file system.
    Type: Grant
    Filed: December 23, 2022
    Date of Patent: December 12, 2023
    Assignee: SpiderOak, Inc.
    Inventor: Jonathan Andrew Crockett Moore
  • Patent number: 11838427
    Abstract: A method, a computer program product, and a system for usage restrictions on digital certificates. The method includes selecting a digital certificate relating to a user and determining a usage restriction policy for the digital certificate based on the user. The method also includes populating an extension field of the digital certificate with the usage restriction policy. The method further includes providing the digital certificate including the usage restriction policy to the user. The method also includes gathering parameters relating to the digital certificate, determining usage patterns based on the parameters, inputting the usage patterns into a machine learning model, outputting a risk assessment, and updating the usage restriction policy based on the risk assessment.
    Type: Grant
    Filed: February 4, 2021
    Date of Patent: December 5, 2023
    Assignee: International Business Machines Corporation
    Inventors: Rinkesh I. Bansal, Vinod A. Valecha, Sanjay B. Panchal, Chintan Thaker
  • Patent number: 11838139
    Abstract: An agenda dictating a sequence of actions to occur during a conference associated with a plurality of participants is accessed. The sequence of actions is associated with an electronic signature envelope. Content shared by a sharing participant of the conference is monitored for content corresponding to a given action of the sequence. Responsive to detecting the content corresponding to the given action, an acting participant for the given action is determined and data obtained from sensors of a client device of the acting participant is monitored. It is determined that the data indicates that the acting participant has performed the given action and an auditable data structure reflective of the data is generated. The content shared by the sharing participant of the conference is automatically modified to include content corresponding to a next action of the sequence of actions.
    Type: Grant
    Filed: October 31, 2022
    Date of Patent: December 5, 2023
    Assignee: DOCUSIGN, INC.
    Inventors: Anthony Joseph Ramoutar, Billy Travis Williams, David Soh
  • Patent number: 11831634
    Abstract: A technique for managing communications between a server and multiple clients includes configuring the server to support multiple sets of certificates for respective clients having respective root certificates. The technique further includes determining an indicator associated with a client root certificate during an initial handshake between a client and the server and providing the client with a server certificate associated with the indicator.
    Type: Grant
    Filed: October 30, 2020
    Date of Patent: November 28, 2023
    Assignee: EMC IP Holding Company LLC
    Inventors: Dmitry Nikolayevich Tylik, Charles W. Kaufman, Gregory W. Lazar, Marco Abela, Jingyan Zhao
  • Patent number: 11832098
    Abstract: A vehicle communication system, including plural control devices configured to carry out communication with one another, wherein a transmitting device and a receiving device each include a memory and a processor. The processor at the transmitting device generates first authentication information based on a message and the encryption key, and in a case in which there is an abnormality at the encryption key, transmits the predetermined authentication information and the message to the receiving device. The processor at the receiving device generates second authentication information based on the encryption key and the received message, collates the first authentication information and the second authentication information, and authenticates the message, and in a case in which, after starting-up of the receiving device, authentication has not succeeded even once, and the received first authentication information and the predetermined authentication information match, accepts the received message.
    Type: Grant
    Filed: November 12, 2021
    Date of Patent: November 28, 2023
    Assignee: TOYOTA JIDOSHA KABUSHIKI KAISHA
    Inventor: Masahide Banno
  • Patent number: 11824995
    Abstract: A system and method for integrating FIDO authentication systems and user verification systems. The system is provided in one configuration as a mobile app that allows access to highly sensitive information via a mobile device while simultaneously ensuring a highly secured environment authenticating both the mobile device and the user via a highly reliable authentication process.
    Type: Grant
    Filed: August 24, 2022
    Date of Patent: November 21, 2023
    Assignee: Queralt Inc.
    Inventors: Michael Queralt, Daniel R. Sabia
  • Patent number: 11825306
    Abstract: Methods, apparatuses and systems for peer-to-peer secure communication are disclosed. In an example, a mobile security apparatus (“MSA”) is connected to a first endpoint device and includes a memory device storing a list of MSAs that are designated as being within a circle of trust (“CoT”) of the MSA. The list includes an Internet Protocol (“IP”) address, a public key, and an identifier of at least one endpoint device for each of the MSAs. The apparatus also includes a processor configured to receive a selection of content from the first endpoint device for transmission to the second endpoint device. After determining the second endpoint device corresponds to a second MSA that is included within the CoT, the processor encrypts a message including the content using the public key associated with the second MSA and transmits the encrypted message using the IP address of the second MSA.
    Type: Grant
    Filed: July 7, 2021
    Date of Patent: November 21, 2023
    Assignee: Cervais Inc.
    Inventors: James A. Austin, Tony J. Salman
  • Patent number: 11811942
    Abstract: The invention relates to distributed ledger technologies such as consensus-based blockchains. Computer-implemented methods for locking and unlocking transaction inputs and outputs are described. The invention is implemented using a blockchain network, which may be, for example, a Bitcoin blockchain. A group of entities form a group in with membership may be proven using an accumulation tree. A variety of methods are described for generating the accumulation tree, including methods that use a central authority and methods that use a decentralized protocol in place of the central authority. In various implementations, parties are able to unlock transaction outputs that are based on group membership without revealing their identity generally.
    Type: Grant
    Filed: March 5, 2019
    Date of Patent: November 7, 2023
    Assignee: nChain Licensing AG
    Inventors: Silvia Bartolucci, Pauline Bernat
  • Patent number: 11812262
    Abstract: A method of registering a device with an authentication service; in which the method comprises the device; establishing a secure connection between the device and a second device: in which the second device is registered with the authentication service; in which the second device is allocated to the user, in which the secure connection comprises one of: a wireless data connection; and a wired data connection over a LAN; in which the method further comprises tire device: obtaining over tire secure connection from the registered device, an identifier uniquely associated with the registered device; providing to tire authentication service a first credential known to the user; and a second credential derived front tire identifier, and requesting registration on tire basis of tire first and second credentials.
    Type: Grant
    Filed: December 6, 2018
    Date of Patent: November 7, 2023
    Assignee: BRITISH TELECOMMUNICATIONS public limited company
    Inventor: Amar Chandarana
  • Patent number: 11805116
    Abstract: Technologies for securing a virtualization network function (VNF) image includes a security server to generate a wrapping cryptographic key to wrap a private key of the VNF image and replace the private key with the wrapped private key to secure the private key. During operation, the VNF image may be authenticated by a network function virtualization (NFV) server as needed. Additionally, the signature of the VNF image may be updated each time the VNF image is shutdown to ensure the continued authenticity of the VNF image.
    Type: Grant
    Filed: March 31, 2018
    Date of Patent: October 31, 2023
    Assignee: Intel Corporation
    Inventors: Changzheng Wei, Weigang Li, Danny Y. Zhou, Junyuan Wang, Hari K. Tadepalli, Rashmin N. Patel
  • Patent number: 11799882
    Abstract: A method and system for network endpoint identification through network fingerprint based entity resolution. Particularly, embodiments disclosed herein may entail receiving a network fingerprint descriptive of at least a network endpoint; obtaining at least two network endpoint label sets each inferred from the network fingerprint by a different network fingerprint parser; reducing, through entity resolution and heuristics, the at least two network endpoint label sets into a de-duplicated network endpoint label set; and resolving, through a voting algorithm, the de-duplicated network endpoint label set to obtain a unified network endpoint label that best identifies the network endpoint.
    Type: Grant
    Filed: May 26, 2022
    Date of Patent: October 24, 2023
    Assignee: ARISTA NETWORKS, INC.
    Inventors: Arunabh Ghosh, Debabrata Dash
  • Patent number: 11799855
    Abstract: Systems, methods, and related technologies for device identification are described. In certain aspects, packet data associated with a device can be analyzed and a score determined. The score and the threshold can be compared to determine a device identification for the device.
    Type: Grant
    Filed: November 5, 2020
    Date of Patent: October 24, 2023
    Assignee: FORESCOUT TECHNOLOGIES, INC.
    Inventors: Yang Zhang, Siying Yang
  • Patent number: 11757635
    Abstract: A method of performing validation of an access token under OAuth 2.0 protocol includes: providing, by an authorization server, the access token for service to a client in response to a request for the access token; adding, by the client, a client signature to at least the access token; forwarding, by the client, the access token as part of a service request to a resource server; and validating, by the resource server, whether the client is a valid owner of the access token, wherein the validation is based on at least the client signature of the access token. The validation is based on a hash of a combination of the service request, the access token and a shared secret key common to the client and the resource server, the output of which hash is added to the service request, and the resource server validates the hash.
    Type: Grant
    Filed: February 17, 2021
    Date of Patent: September 12, 2023
    Assignee: Mavenir Networks, Inc.
    Inventors: Ahmad Muhanna, Peter J. McCann
  • Patent number: 11743056
    Abstract: A platform security system and method improve security by binding an identity of a self-contained certificate signing request (SC CSR) requestor to the SC CSR to prevent malicious tampering, such as man-in-the-middle attacks. In at least one embodiment, the requestor, such as a client computer system or other source of a request, requests certificates from a certificate authority (CA). Binding the identity of the SC CSR to the requestor can prevent unauthorized system and/or data access and potentially resultant unauthorized access, malicious tampering, such as man-in-the-middle attacks, and other unauthorized actions or observations. Validation can be performed at the CA on the SC CSR to determine the integrity of the requestor and authorization to receive certificates before the CA sends the certificate to the requestor.
    Type: Grant
    Filed: May 26, 2021
    Date of Patent: August 29, 2023
    Assignee: INDEED, INC.
    Inventors: Greg Altman, Justin Daily, Sergey Karamov
  • Patent number: 11743297
    Abstract: A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.
    Type: Grant
    Filed: April 26, 2022
    Date of Patent: August 29, 2023
    Assignee: CUPP Computing AS
    Inventor: Omar Nathaniel Ely
  • Patent number: 11736301
    Abstract: A method, system, transmitter, and receiver for authenticating a transmitter are disclosed. The authentication is performed using an asymmetric key pair and using a digital signature. The method for authenticating the transmitter includes generating a user identification, calculating the digital signature, generating an authentication request message, and transmitting the authentication request message to a receiver.
    Type: Grant
    Filed: May 29, 2021
    Date of Patent: August 22, 2023
    Assignee: Siemens Aktiengesellschaft
    Inventors: Steffen Fries, Andreas Güttinger, Marco Lambio
  • Patent number: 11734259
    Abstract: An example operation may include one or more of generating, by an executing client, a blockchain transaction comprising an anonymous rating, a proof, a nullifier, and a root node value, receiving, by a smart contract, the blockchain transaction, the anonymous rating related to an authorizing client, verifying the proof with the root node value and the nullifier, verifying that the root node value is a current or a previous merkle tree root node value, adding the anonymous rating to a shared ledger, marking the nullifier as used, and storing the marked nullifier to the shared ledger.
    Type: Grant
    Filed: May 31, 2019
    Date of Patent: August 22, 2023
    Assignee: International Business Machines Corporation
    Inventors: Rishi Saket, Pankaj S. Dayama, Nitin Singh
  • Patent number: 11728992
    Abstract: The disclosed technology is generally directed to secure transactions. In one example of the technology, an enclave is used for executing a cryptlet binary of a first cryptlet. The enclave is a secure execution environment for which results of a secure execution are capable of being attested to have run unaltered and in private, the enclave stores an enclave private key, and the first cryptlet is associated with at least a first counterparty. A cryptlet binding that is associated with the first cryptlet is generated. The cryptlet binding includes counterparty information that is associated with at least the first counterparty. Cryptlet binding information is provided to a cryptlet binding key graph. A location of a hardware security module (HSM) that stores a key that is associated with the first counterparty is received from the cryptlet binding key graph.
    Type: Grant
    Filed: March 30, 2022
    Date of Patent: August 15, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: John Marley Gray
  • Patent number: 11722321
    Abstract: A method at a computing device within an Intelligent Transportation System, the method comprising: determining, at the computing device, whether a short-term certificate is available to sign a message; if the short-term certificate is available, signing the message with a private key associated with the short-term certificate; if the short-term certificate is not available, signing the message with a private key associated with a long-term certificate; and sending the message to a recipient.
    Type: Grant
    Filed: May 11, 2022
    Date of Patent: August 8, 2023
    Assignee: BlackBerry Limited
    Inventors: Stephen John Barrett, John Octavius Goyo, James Randolph Winter Lepp
  • Patent number: 11722477
    Abstract: A system for data processing, comprising a plurality of data processing systems, each associated with a user and having an anchor certificate, a proxy system operating on a processor and configured to determine whether an expiration associated with the anchor certificate for each data processing system is within a predetermined time of expiration and a certificate expiration monitor operating on the processor and configured to generate a certificate signing request in response to the determination that the expiration associated with the anchor certificate for each data processing system is within the predetermined time of expiration.
    Type: Grant
    Filed: January 21, 2020
    Date of Patent: August 8, 2023
    Assignee: FORCEPOINT LLC
    Inventors: Luis Diogo Monteiro Duarte Couto, Ciarán James Dorney, Ralph Hans Depping, Jordan Smith, Finbar O'Mahony
  • Patent number: 11711210
    Abstract: In one embodiment, a secure computing system comprises a key generation sub-system configured to generate cryptographic keys and corresponding key labels for distribution to computer clusters, each computer cluster including a plurality of respective endpoints, a plurality of quantum key distribution (QKD) devices connected via respective optical fiber connections, and configured to securely distribute the generated cryptographic keys among the computer clusters, and a key orchestration sub-system configured to manage caching of the cryptographic keys in advance of receiving key requests from applications running on ones of the endpoints, and provide respective ones of the cryptographic keys to the applications to enable secure communication among the applications.
    Type: Grant
    Filed: April 11, 2021
    Date of Patent: July 25, 2023
    Assignee: MELLANOX TECHNOLOGIES, LTD.
    Inventors: Dimitrios Syrivelis, Paraskevas Bakopoulos, Ioannis (Giannis) Patronas, Elad Mentovich, Dotan David Levi
  • Patent number: 11711349
    Abstract: Systems and methods are disclosed for cross-platform token exchange. One method comprises receiving a primary token exchange request from an upstream entity, generating an ancillary detokenization request based on the primary token exchange request, and transmitting the ancillary detokenization request to an input token vault. An ancillary detokenization response comprising sensitive data may then be received from the input token vault, and one or more ancillary tokenization requests may be generated based on the ancillary detokenization response and the primary token exchange request. The one or more ancillary tokenization requests may be transmitted to one or more output token vaults. Subsequently, one or more ancillary tokenization responses may be received from the one or more output token vaults, each ancillary tokenization response comprising an output token.
    Type: Grant
    Filed: December 10, 2021
    Date of Patent: July 25, 2023
    Assignee: Worldpay, LLC
    Inventors: Stephen E. Dinan, James S. Osborn, William J. Wied
  • Patent number: 11700132
    Abstract: A security event management system for an electronic connected network includes a public key infrastructure subsystem configured to generate a security ID for a connected device accessing the network, a digital ledger, a trigger list in operable communication with the digital ledger, and an event manager configured to (i) subscribe to the trigger list by defining at least one reportable event of which the trigger list is to advise the event manager, and (ii) receive a notification from the trigger list upon validation of the at least one reportable event behind the digital ledger.
    Type: Grant
    Filed: May 3, 2019
    Date of Patent: July 11, 2023
    Assignee: Cable Television Laboratories, Inc.
    Inventors: Steven J. Goeringer, Brian A. Scriber, Massimiliano Pala
  • Patent number: 11693977
    Abstract: A software defined data security level method, computer program product, and data processing system. One embodiment may comprise intercepting, by a processor at a data security layer, an input/output (IO) request from a local software application, wherein the IO request includes a header and a data payload, analyzing, by the processor at the data security layer, the data payload of the IO request relative to a service level agreement (SLA), assigning, by the processor at the data security layer, a security level to the IO request based on the analysis.
    Type: Grant
    Filed: October 7, 2020
    Date of Patent: July 4, 2023
    Assignee: International Business Machines Corporation
    Inventors: Prateek Goyal, Seema Nagar, Manish Anand Bhide, Kuntal Dey
  • Patent number: 11693948
    Abstract: A computer-implemented method and a computer program product for enforcing verifiable mandatory access control (MAC) labels, and a data processing system. One embodiment may comprise receiving, from an entity, a first verifiable MAC label associated with an object, receiving, from the entity, a second verifiable MAC label associated with a subject requesting to access the object, and determining whether to grant, to the subject, access to the object responsive to the request based on comparing the first verifiable MAC label associated with the object and the second verifiable MAC label associated with the subject to a verifiable MAC policy. Each of the first verifiable MAC label, the second verifiable MAC label, and the verifiable MAC policy in some embodiments may be formatted as a verifiable credential that is machine readable and digitally signed.
    Type: Grant
    Filed: August 4, 2020
    Date of Patent: July 4, 2023
    Assignee: International Business Machines Corporation
    Inventors: Timothy Olson, Petr Novotny
  • Patent number: 11669639
    Abstract: A system for configuring an information handling system based on a multi-user state change. An intelligent sensor hub communicates with sensors to detect the number of persons in a field of view of the information handling system. When the intelligent sensor hub determines there is a change in the number of persons, the information is sent out-of-band to an embedded controller (EC) independent of a host operating system. The EC makes a change to the configuration of the information handling system if needed.
    Type: Grant
    Filed: February 25, 2021
    Date of Patent: June 6, 2023
    Assignee: Dell Products L.P.
    Inventors: Vivek Viswanathan Iyer, Daniel Lawrence Hamlin, Yung-Sheng Lin
  • Patent number: 11621948
    Abstract: A computer system detects that a digital certificate is set to expire within a threshold amount of time. In response to detecting that the digital certificate is set to expire, the computer system generates an update to cause a second computer system to perform operations to indicate an upcoming expiration of the digital certificate. The computer system provides the update to the second computer system to cause the second computer system to perform the operations.
    Type: Grant
    Filed: November 15, 2019
    Date of Patent: April 4, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: Marcel Andrew Levy, Peter Zachary Bowen, Jonathan Kozolchyk, Nicholas Wexler
  • Patent number: 11595819
    Abstract: A method and apparatus for authenticating a device on a wireless network using a secure attestation package is provided. The method includes receiving, by a processor, information related to a device of an Internet of Thing (IoT) service provider, generating, by the processor, a secure attestation package based on the information, transmitting, by the processor, the secure attestation package to the IoT service provider, receiving, by the processor, a request to access a wireless network of the processor from the device of the IoT service provider, and authorizing, by the processor, the device to access the wireless network based on the secure attestation package.
    Type: Grant
    Filed: May 26, 2020
    Date of Patent: February 28, 2023
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Richard Zaffino, Arnold Schrider, Yaron Koral
  • Patent number: 11593459
    Abstract: Techniques are disclosed for improving user experience of multimedia streaming over computer networks. More specifically, techniques presented herein reduce (or eliminate) latency in playback start time for streaming digital media content resulting from digital rights management (DRM) authorizations. A streaming media client (e.g., a browser, set-top box, mobile telephone or tablet “app”) may request a “fast-expiring” license for titles the streaming media client predicts a user is likely to begin streaming. A fast-expiring license is a DRM license (and associated decryption key) which is valid for only a very limited time after being used for playback. During the validity period of such a license, the client device requests a “normal” or “regular” license to continue accessing the title after the fast-expiring license expires.
    Type: Grant
    Filed: October 22, 2018
    Date of Patent: February 28, 2023
    Assignee: NETFLIX, INC.
    Inventors: Mark Watson, Anthony Neal Park, Mitch Zollinger
  • Patent number: 11588684
    Abstract: A disclosed method for provisioning a computing device includes receiving, by provisioning software that executes on the computing device to provision the computing device for access to an enterprise infrastructure from a device orchestration service through which computing devices are provisioned to access the enterprise infrastructure, a digital certificate representing a credential for accessing, by a user via the computing device, the enterprise infrastructure.
    Type: Grant
    Filed: October 5, 2020
    Date of Patent: February 21, 2023
    Assignee: Dell Products L.P.
    Inventors: Charles Delbert Robison, Jr., Joseph Kozlowski, Daniel Lawrence Hamlin
  • Patent number: 11586777
    Abstract: A device includes at least one first and one second module configured to cooperate to solve a task and/or are configured to communicate with a higher-level apparatus, a certification module configured to issue a cryptographic signature for each of the at least one first and second module, and an identity generation module configured to form a first code as an identity of the first module from a signature of the first module, to form a second code as an identity of the second module from a signature of the second module, and to form an overall code from the first and the second codes. The certification module is further configured to sign the overall code with a key in order to issue a unique certificate for the device, which biuniquely identifies the device.
    Type: Grant
    Filed: October 2, 2020
    Date of Patent: February 21, 2023
    Assignee: Robert Bosch GmbH
    Inventors: Tobias Buhlinger, Alexander Breitenbach, Julien Rausch
  • Patent number: 11582592
    Abstract: A communication device may include a first type of interface and a second type of interface. The communication device may execute the communication of object data with a mobile device using the second type of interface after executing a specific process for causing the communication device to shift to a communication-enabled state, in a case where it is determined that the communication device is not currently in the communication-enabled state. Also, the communication device may execute the communication of the object data with the mobile device using the second type of interface without executing the specific process, in a case where it is determined that the communication device is currently in the communication-enabled state.
    Type: Grant
    Filed: May 12, 2021
    Date of Patent: February 14, 2023
    Assignee: Brother Kogyo Kabushiki Kaisha
    Inventors: Takanobu Suzuki, Hirotaka Asakura, Munehisa Matsuda, Satoshi Tanaka
  • Patent number: 11569996
    Abstract: An example operation may include one or more of receiving, from an executing client, a blockchain transaction comprising an anonymous rating related to an authorizing client, a merkle tree root node value, a proof, and a nullifier, and in response, executing, by a smart contract, a valid historical value assert call on a lookback key storing the merkle tree root node value, verifying, through a valid historical value assert call, that the merkle tree root node value is a current or previous value of the merkle tree root node value, verifying the proof with the merkle tree root node value and the nullifier, adding the anonymous rating to a shared ledger, marking the nullifier as used, and storing the marked nullifier to the shared ledger.
    Type: Grant
    Filed: May 31, 2019
    Date of Patent: January 31, 2023
    Assignee: International Business Machines Corporation
    Inventors: Rishi Saket, Pankaj S. Dayama, Nitin Singh
  • Patent number: 11558380
    Abstract: Techniques are disclosed relating to detecting and prevent phishing attacks (such as man-in-the-middle attacks) related to multi-factor authentication (MFA) or two-factor authentication (2FA) processes. A system is described that makes a determination of whether to permit or deny a subsequent authentication step (e.g., a 2FA authentication step) based on a level of trust determined between the computing device making the initial authentication request to a service computer system and the computing device being asked to implement the subsequent authentication step (such as a mobile device). The computing device associated with the subsequent authentication step assesses the trust between the devices and makes the determination of whether to permit or deny the subsequent authentication step. The present techniques enhance computer system security against phishing attacks while maintaining a satisfying user experience for legitimate users.
    Type: Grant
    Filed: November 19, 2020
    Date of Patent: January 17, 2023
    Assignee: PayPal, Inc.
    Inventor: George Chen Kaidi
  • Patent number: 11552808
    Abstract: A method and apparatus for generating a dynamic security certificate. The method creates an entropic element from user input, receives metadata from user input and generates a dynamic security certificate using the entropic element and the metadata. The dynamic security certificate is then trusted through user input.
    Type: Grant
    Filed: November 23, 2021
    Date of Patent: January 10, 2023
    Assignee: UAB 360 IT
    Inventor: Emanuelis Norbutas
  • Patent number: 11537689
    Abstract: In one embodiment, a computer implemented method of a data processing (DP) accelerator providing a watermark of an artificial intelligence (AI) model to a host device includes receiving, by the DP accelerator, from the host device, the AI model, and a watermark-enabled kernel to the DP accelerator. The DP accelerator further receives from the host device, first input data to the DP accelerator that, when the first input data is used as input to the watermark-enabled kernel, generates a watermark of the AI model. The watermark is provided to the host device. In an embodiment, the method further includes receiving a signature kernel from the host device and calling the signature kernel to digitally sign the watermark. In an embodiment, the method alternatively includes calling a digital signature routine in a secure unit of the DP accelerator to digitally sign the watermark.
    Type: Grant
    Filed: October 10, 2019
    Date of Patent: December 27, 2022
    Assignees: BAIDU USA LLC, KUNLUNXIN TECHNOLOGY (BEIJING) COMPANY LIMITED
    Inventors: Yong Liu, Yueqiang Cheng
  • Patent number: 11522844
    Abstract: A key master service capable of operating on a service provider in a network enables is disclosed. The key master enables authorized parties to securely exchange client information without compromising client security. One feature of the key master service is the generation of a unique key for each client. All parties in an authorized universe access, exchange and modify client information by referencing the universal key, rather than using known client identifiers. Client information is further secured by advantageously applying an obfuscation function to the data. Obfuscated client information is stored together with the universal key as keyed client data at the client and/or server, where it may be directly accessed by the service provider or third parties. Because client information is stored and exchanged without the ability to discern either the client identity or the nature of the information, such information is secured against malicious third-party interception.
    Type: Grant
    Filed: March 4, 2019
    Date of Patent: December 6, 2022
    Assignee: Capital One Services, LLC
    Inventors: Jeremy Yoches, Christopher Vito Covalucci, Scott Johnson
  • Patent number: 11516644
    Abstract: A communication device may execute a wireless communication of object data with a mobile device via a first target network using a second type of interface after executing a sending process of sending a wireless setting, for causing the mobile device to belong to the first target network, to the mobile device using a first type of interface in a case where the communication device is determined as currently belonging to the first target network. The communication device may execute the wireless communication of the object data with the mobile device via a second target network using the second type of interface after executing a specific process of causing both the communication device and the mobile device to belong to the second target network in a case where the communication device is determined as currently not belonging to the target network.
    Type: Grant
    Filed: November 23, 2020
    Date of Patent: November 29, 2022
    Assignee: Brother Kogyo Kabushiki Kaisha
    Inventors: Takanobu Suzuki, Hirotaka Asakura, Munehisa Matsuda, Satoshi Tanaka
  • Patent number: 11514165
    Abstract: An information handling system may include a processor and a basic input/output system communicatively coupled to the processor and embodied by executable instructions embodied in non-transitory computer readable media, the instructions configured to, when executed by the processor: identify, for a firmware image, a secure boot certificate; identify, for the secure boot certificate, a certificate use policy; determine whether the certificate use policy permits verification of the firmware image using the secure boot certificate; and allow the firmware image to be verified with the secure boot certificate if the certificate use policy permits verification of the firmware image using the secure boot certificate.
    Type: Grant
    Filed: September 18, 2020
    Date of Patent: November 29, 2022
    Assignee: Dell Products L.P.
    Inventors: Richard M. Tonry, Ibrahim Sayyed
  • Patent number: 11509487
    Abstract: A first entity stores an issuer digital certificate published by a certificate authority (CA) and signed by the issuer certificate; and also stores an old issuer digital certificate published by the CA prior to publication of the issuer digital certificate and an old first entity digital certificate signed by the old issuer digital certificate. The first entity attempts to initiate a secure communication session with a second entity by receiving a second entity digital certificate from the second entity via an electronic network, and sending either the first entity digital certificate or the old first entity digital certificate to the second entity based on which of the issuer digital certificate or the old issuer digital certificate is effective to authenticate the second entity digital certificate received from the second entity. The secure communication session is conducted only if the attempt to initiate the secure communication session is successful.
    Type: Grant
    Filed: September 15, 2020
    Date of Patent: November 22, 2022
    Assignee: Kaseya Limited
    Inventors: Charles A. Barbe, Christopher S. Sprague, Christopher A. Hoult
  • Patent number: 11477012
    Abstract: Techniques to facilitate feature licensing of industrial devices employed in an industrial automation environment are disclosed herein. In at least one implementation, a security certificate for an industrial device is provisioned based on a first private key associated with the industrial device, wherein the first private key is securely stored in a hardware root of trust within the industrial device. A device information package for the industrial device is generated based on the security certificate, wherein the device information package is encrypted with a first public key paired with the first private key and signed by a certificate authority using a second private key. The device information package is provided to the industrial device, wherein the industrial device is configured to validate the device information package using a second public key paired with the second private key and decrypt the device information package with the first private key.
    Type: Grant
    Filed: September 24, 2019
    Date of Patent: October 18, 2022
    Assignee: ROCKWELL AUTOMATION TECHNOLOGIES, INC.
    Inventors: Jack Michael Visoky, Diane E. Golden, Benjamin H. Nave
  • Patent number: 11442922
    Abstract: A data management method includes: in a case where A denotes a set of symbols, A* denotes a set of all character strings composed of the symbols in A, L denotes a subset of A, and h(L) denotes a mapping performed on L with h that denotes a cryptographical hash function, regarding h: A*?A, multiple peers each hold an inverse mapping hL?1 of hL: L?h(L) that denotes a partial mapping of h, and in a case where at least one original data item M and an encrypted data item C encrypted from the original data item M are present, the encrypted data item C being held in hL?1, and correspondence between the original data item M and the encrypted data item C is to be validated, calculating a hash value h(M); decrypting the encrypted data item C with a hash value k; and comparing a result of the decrypting with the original data item M.
    Type: Grant
    Filed: September 11, 2019
    Date of Patent: September 13, 2022
    Assignee: FUJIFILM Business Innovation Corp.
    Inventor: Taro Terao