By Generation Of Certificate Patents (Class 713/175)
  • Patent number: 10356084
    Abstract: A mobile device may include at least one memory and a processor-cooperating with the at least one memory to enroll with an enterprise mobility management (EMM) server and store a plurality of different managed enterprise applications in the at least one memory, and receive and store a digital certificate associated with a given one of the managed enterprise applications in a secure shared location within the at least one memory. The processor may further run the plurality of managed enterprise applications to share access to the digital certificate from the secure shared location and generate and send encrypted data to another mobile device via the EMM server with all of the managed enterprise applications using the same digital certificate associated with the given managed enterprise application for encryption so that the EMM server is unable to decrypt the encrypted data.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: July 16, 2019
    Assignee: CITRIX SYSTEMS, INC.
    Inventor: Shaunak Mistry
  • Patent number: 10356616
    Abstract: Examples of techniques for identifying external devices using a wireless network associated with a vehicle are disclosed. In one example implementation, a method includes initializing, by a processing system, an unsecure wireless network identified by a service set identifier (SSID). The method further includes receiving, by the processing system, a safety message from an external device external to a vehicle. The method further includes processing, by the processing system, the safety message to determine a location and a movement vector of the external device without performing a dynamic internet protocol address allocation to the external device. The method further includes alerting, by the processing system, an operator of the vehicle of the location and the movement vector of the external device.
    Type: Grant
    Filed: February 14, 2017
    Date of Patent: July 16, 2019
    Assignee: GM GLOBAL TECHNOLOGY OPERATIONS LLC
    Inventor: Nadav Lavi
  • Patent number: 10333922
    Abstract: Disclosed are various embodiments for validating the identity of network sites. A communication session is established with a network site using a credential for the network site. A validation of the communication session is generated based at least in part upon a profile for the network site. The profile is derived from at least one previous communication session with the network site. An action is initiated in response to the validation when the validation indicates a discrepancy exists between the profile for the network site and the communication session with the network site.
    Type: Grant
    Filed: July 24, 2017
    Date of Patent: June 25, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10326741
    Abstract: Embodiments are directed to sharing secure communication secrets with a network monitoring device (NMD). The NMD may passively monitor network packets communicated between client computers and server computers. If a secure communication session is established between a client computer and a server computer, a key provider may provide the NMD a session key that corresponds to the secure communication session. The NMD may buffer each network packet associated with the secure communication session until the NMD is provided a session key for the secure communication session. The NMD may use the session key to decrypt network packets communicated between the client computer and the server computer. The NMD may then proceed to analyze the secure communication session based on the contents of the decrypted network packets.
    Type: Grant
    Filed: March 13, 2017
    Date of Patent: June 18, 2019
    Assignee: ExtraHop Networks, Inc.
    Inventors: Jesse Abraham Rothstein, Benjamin Thomas Higgins, Brian David Hatch
  • Patent number: 10320756
    Abstract: Technology for communicating secure data from a sensor is disclosed. A data transfer device may comprise at least one sensor to generate sensor data and a security engine to generate a key. The data transfer device may also comprise a hardware interface to couple with the at least one sensor and receive the sensor data, and to generate a security signature using the key with the sensor data, and configured to send the sensor data combined with the security signature to a communication interface of a host device. The data transfer device may also comprise a security enclave configured to receive the key from the security engine and to send the key to an application layer of the host device.
    Type: Grant
    Filed: December 31, 2016
    Date of Patent: June 11, 2019
    Assignee: Intel Corporation
    Inventor: Tamir D. Munafo
  • Patent number: 10313352
    Abstract: A system and method for identifying a phishing website is disclosed. Content associated with a website that a user is attempting to access is retrieved and translated into a format that a classifier can process. The classifier is trained to identify phishing attempts for a particular website or family of websites. The classifier processes the website to determine if the website is a phishing website. A scorer can determine the likelihood that the classifier classified the website correctly. If the website is determined to be a phishing website a protection component can deny access to the website. Otherwise the user can be permitted to access the website.
    Type: Grant
    Filed: October 26, 2016
    Date of Patent: June 4, 2019
    Assignee: International Business Machines Corporation
    Inventors: Jeff H. C. Kuo, Chien Pang Lee, John K. C. Lee
  • Patent number: 10313132
    Abstract: A method for importing and exporting configurations includes: generating a public key and a private key of a manufacturer; generating a certificate of the manufacturer; storing the certificate of the manufacturer in each of products; and signing a public key by using the private key of the manufacturer to generate a signature of the manufacturer; wherein the products receive the certificate of the manufacturer, at least one configuration and a signature of a customer which is generated by signing the at least one configuration by using a private key of the customer, as well as each products verifies the signature of the manufacturer in accordance with the stored certificate of the manufacturer, verifies the signature of the customer in accordance with the certificate of the manufacturer, and applies the at least one configuration when authenticated. A system for importing and exporting configurations is also provided.
    Type: Grant
    Filed: March 9, 2017
    Date of Patent: June 4, 2019
    Assignee: GETAC TECHNOLOGY CORPORATION
    Inventors: Jiunn-Jye Lee, Yu-Shian Chen
  • Patent number: 10303887
    Abstract: Systems and methods described herein generally relate to storing and verifying data. In some embodiments, reference levels are generated according to time intervals, where the first reference level comprises a predetermined number of the time intervals, and where each of the time intervals of the remaining reference levels is comprised of a predetermined number of the time intervals of a previous reference level. Hashes of data can be created at the first reference level by performing a hashing function on the data in a time-sequenced manner. First reference level time interval hashes may be generated by performing the hashing function on the hashes of the data at each of the time intervals of the first reference level. Hashes for remaining reference level time intervals can be generated by performing the hashing function on the hashes of each of the time intervals of the previous reference level.
    Type: Grant
    Filed: September 14, 2015
    Date of Patent: May 28, 2019
    Assignee: t0.com, Inc.
    Inventors: Tron Black, Alec Wilkins, Robert Christensen
  • Patent number: 10291410
    Abstract: A first digital identification document is transmitted from an identification authority to a mobile device of an identified individual. This first digital identification document is digitally signed and includes a set of attributes about the identified individual. In the same manner, a second digital identification document is also transmitted to the identified individual's mobile device. The second digital identification document is also digitally signed but includes a different set of attributes about the identified individual. The identified individual is then confronted by a series of challengers, wherein each challenger requires a different amount of information about the identified individual. Based on the identity of each challenger, the identified individual selects an appropriate identification document and transmits it to the applicable challenger's device.
    Type: Grant
    Filed: January 11, 2018
    Date of Patent: May 14, 2019
    Assignee: International Business Machines Corporation
    Inventor: Richard Redpath
  • Patent number: 10270757
    Abstract: A method, system or computer usable program product for managing exchanges of sensitive data including utilizing a processor to request a service across a network from an application, the service requiring a disclosure of a first set of sensitive data by the application; providing a set of certified policy commitments regarding the first set of sensitive data to the application for a determination of acceptability; and upon a positive determination, receiving the service including the disclosure of the first set of sensitive data.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: April 23, 2019
    Assignee: TRUSTARC INC
    Inventor: Daniel J. Guinan
  • Patent number: 10263791
    Abstract: Examples for acceleration of online certificate status checking with an Internet hinting service are disclosed. For example, one method includes receiving, by a computing device from a hinting server, hint information comprising certificate information; receiving, from a remote computing device, a certificate in response to a request to establish secure communications with the remote computing device; and determining a validity of the certificate based on the certificate information.
    Type: Grant
    Filed: March 21, 2018
    Date of Patent: April 16, 2019
    Assignee: VIASAT, INC.
    Inventors: Michael J Schexnaydre, Peter J Lepeska, Douglas C Larrick
  • Patent number: 10263961
    Abstract: A security chip and an application processor may be included in a device configured to engage in encrypted communications with an external client, including public key infrastructure communications, in an environment where a certificate authority is absent. The security chip may provide the application processor with a device public key from among a pair of device keys related to public key infrastructure communications, receive a request from the application processor to generate a digital signature on a certificate form including the device public key, provide the application processor with a digital signature generated based on an encryption operation using a certificate authority private key, and receive and store a certificate including the digital signature from the application processor.
    Type: Grant
    Filed: November 21, 2016
    Date of Patent: April 16, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Youn-sung Chu, Min-ja Han, Kyung-jin Lee
  • Patent number: 10243930
    Abstract: Systems and methods prevent fraudulent registration of devices associated with remuneration vehicles by bootstrapping the device to be registered with a bootstrap URL. The bootstrap URL may provide access to a registration server hosted by the vehicle provider. The vehicle provider may verify a single use of the bootstrap URL. Moreover, if access to the bootstrap URL is provided to the device, the vehicle provider may provide a server access communication to the device allowing the device and vehicle provider to set up a secure communication (even if communicating via an unsecure communication path). The secure communication may be used by the vehicle provider and the device to negotiate a symmetric communication key. At least the secure access communication and the symmetric communication key may operate based on one or more of an Elliptic Curve-, Diffie Hellman-, or Elliptic Curve Diffie Hellman (ECDH)-based secure connection scheme.
    Type: Grant
    Filed: January 11, 2017
    Date of Patent: March 26, 2019
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Brandon Craig Bryson, Medha Bhatt, Eric G. Alger
  • Patent number: 10237306
    Abstract: A disclosed method includes operations of a control computer and interceptor computer. The control computer creates a certificate request and sends it to a certificate issuer, the certificate request created with an encrypted blob including a service private key S-PrK encrypted with an escrow server public key E-PuK. The control computer receives the certificate from the certificate issuer and provisions it to the service server along with S-PRK for use in secured communications with clients. The interceptor computer monitors session-establishment communications, e.g. a TLS handshake, between the service server and client to obtain the digital certificate, and retrieves the encrypted blob from the certificate and sends it to the escrow server. The escrow computer retrieves S-PrK by decrypting the encrypted blob using the escrow private key E-PrK, and returns S-PrK to the interceptor, where it is used to decrypt secure-session communications between the client and service server.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: March 19, 2019
    Assignee: EMC IP Holding Company LLC
    Inventor: Peter Alan Robinson
  • Patent number: 10225735
    Abstract: In one aspect, a vehicle includes an engine, a drive train and chassis, a battery, a wireless transceiver, and a vehicle computing system that controls the engine, drive train, chassis, battery, and wireless transceiver. The vehicle computing system includes a cryptographic processor that has program instructions to communicate with a device separate from the vehicle to provide authentication information to the device via the wireless transceiver.
    Type: Grant
    Filed: August 31, 2016
    Date of Patent: March 5, 2019
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventor: David Rivera
  • Patent number: 10178086
    Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.
    Type: Grant
    Filed: November 28, 2014
    Date of Patent: January 8, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: John Mattsson, Robert Skog, Salvatore Loreto, Hans Spaak, Mats Näslund
  • Patent number: 10108788
    Abstract: Techniques are disclosed for improving user experience of multimedia streaming over computer networks. More specifically, techniques presented herein reduce (or eliminate) latency in playback start time for streaming digital media content resulting from digital rights management (DRM) authorizations. A streaming media client (e.g., a browser, set-top box, mobile telephone or tablet “app”) may request a “fast-expiring” license for titles the streaming media client predicts a user is likely to begin streaming. A fast-expiring license is a DRM license (and associated decryption key) which is valid for only a very limited time after being used for playback. During the validity period of such a license, the client device requests a “normal” or “regular” license to continue accessing the title after the fast-expiring license expires.
    Type: Grant
    Filed: September 10, 2013
    Date of Patent: October 23, 2018
    Assignee: NETFLIX, INC.
    Inventors: Mark Watson, Anthony Neal Park, Mitch Zollinger
  • Patent number: 10083112
    Abstract: A system of testing updated software may include a cloud-based production environment. The system may also include a cloud-based testing environment. The system may also include a cloud-based production processing unit configured to receive in response to document, execute an initial software by inputting the document, and determine an initial software result and an initial software process based the document. The system may also include a cloud-based testing processing unit configured to receive the document, execute an updated software by inputting the document, and determine an updated software result and an updated software process based on the document. The system may also include a testing comparison unit configured to compare the initial software result and the updated software result, and compare the initial software process and the updated software process.
    Type: Grant
    Filed: December 13, 2016
    Date of Patent: September 25, 2018
    Assignee: GLOBAL HEALTHCARE EXCHANGE, LLC
    Inventors: Steve Cochran, Hatem El-Sebaaly, Eric Bersagel, Mukund Jaiswal, Daniel Milburn
  • Patent number: 10044743
    Abstract: The present disclosure provides a computer-readable medium, method and system for determining security vulnerabilities for a plurality of application programs used to provide television services to a customer device over a communications network. The method includes running a first scanning program against a first application program relating to a control panel for the customer device; running a second scanning program against a second application program that provides Internet content to the customer device; running a third scanning program against a third application program that relates to a component management system of customer premises equipment; and correlating security vulnerabilities identified utilizing the first, second, and third scanning programs.
    Type: Grant
    Filed: November 10, 2015
    Date of Patent: August 7, 2018
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Jerald Robert Howcroft, John J. Markley, Rocco A. Del Carmine
  • Patent number: 10038559
    Abstract: In a distributed system, data is shared between three or more electronic devices. The first device generates and signs an object that includes the data. A second device receives the signed object and determines whether the signed object is valid. If valid, the second device will generate a validated signed object and send it to a third device. The third device will validate the object by determining whether the object includes valid signatures of both the first and second devices.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: July 31, 2018
    Assignee: Google LLC
    Inventors: Michael Burrows, Himabindu Pucha, Raja Daoud, Jatin Lodhia, Ankur Taly
  • Patent number: 10033722
    Abstract: A mobile device may include at least one memory and a processor cooperating with the at least one memory to store a plurality of managed enterprise applications in the at least one memory, and receive and store a digital certificate in a secure shared location within the at least one memory. The processor may further cooperate with the at least one memory to run the plurality of managed enterprise applications to access the digital certificate from the secure shared location and generate and send encrypted data to another mobile device based upon the digital certificate.
    Type: Grant
    Filed: November 21, 2016
    Date of Patent: July 24, 2018
    Assignee: Citrix Systems, Inc.
    Inventor: Shaunak Mistry
  • Patent number: 10026507
    Abstract: A method manages a care service by a terminal apparatus of a caregiver. The method includes recognizing a smart card of a patient, receiving encrypted data including encrypted time information from the smart card, the encrypted time information being generated at the smart card by encrypting time information corresponding to a point in time when the terminal apparatus recognizes the smart card, and transmitting the encrypted data to a management server. The encrypted data is generated by the smart card using an encryption key and decrypted by the management server using a decryption key corresponding to the encryption key. A time corresponding to time information acquired from the decrypted data is stored in the management server as a care service providing time.
    Type: Grant
    Filed: June 9, 2014
    Date of Patent: July 17, 2018
    Assignee: LG CNS CO., LTD.
    Inventors: Chun-Rae Cho, Jeong Pyo Kim, Sung Yong Park, Soon Gi Yoon, Kwan Pyo Lee, Moon Ho Ha, Sung Ho Kim
  • Patent number: 9986577
    Abstract: A method for dynamically managing spectrum access and supporting multiple tiers of users is provided. A spectrum access server receives a request from a device to access a segment of spectrum, and determines which tier of the multiple tiers is associated with the request. If the request is from a second tier user and the request does not interfere with first tier users, the request is granted. If the request is from a third tier user and the request does not interfere with first tier users and authorized second tier users, the request is granted.
    Type: Grant
    Filed: February 19, 2014
    Date of Patent: May 29, 2018
    Assignee: Vanu, Inc.
    Inventor: Vanu Bose
  • Patent number: 9973498
    Abstract: Virtual smart card system includes a virtual smart card server (VSS) which controls access to content respectively associated with a plurality of virtual smart cards. A remote client computer system includes a system level agent which establishes the client computer machine to the VSS as a trusted computer system. A user level agent at the client computer system responds to a request for a virtual smart card operation by causing the client computer system to obtain user authentication information, negotiate with the system level agent to obtain a cookie, and initiate a request to the VSS for the virtual smart card operation. The VSS will perform the virtual smart card operation provided that a security policy is satisfied and will communicate the results to the user level agent.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: May 15, 2018
    Assignee: Citrix Systems, Inc.
    Inventors: David Lloyd, Andrew Innes
  • Patent number: 9954685
    Abstract: A first digital identification document is transmitted from an identification authority to a mobile device of an identified individual. This first digital identification document is digitally signed and includes a set of attributes about the identified individual. In the same manner, a second digital identification document is also transmitted to the identified individual's mobile device. The second digital identification document is also digitally signed but includes a different set of attributes about the identified individual. The identified individual is then confronted by a series of challengers, wherein each challenger requires a different amount of information about the identified individual. Based on the identity of each challenger, the identified individual selects an appropriate identification document and transmits it to the applicable challenger's device.
    Type: Grant
    Filed: October 19, 2016
    Date of Patent: April 24, 2018
    Assignee: International Business Machines Corporation
    Inventor: Richard Redpath
  • Patent number: 9942047
    Abstract: There is described a method of controlling application access to predetermined functions of a mobile device. The described method comprises (a) providing a set of keys, each key corresponding to one of the predetermined functions, (b) receiving an application from an application provider together with information identifying a set of needed functions, and (c) generating a signed application by signing the received application with each of the keys that correspond to one of the needed functions identified by the received information. There is also described a device for controlling application access and a system for controlling and authenticating application access. Furthermore, there is described a computer program and a computer program product.
    Type: Grant
    Filed: November 13, 2015
    Date of Patent: April 10, 2018
    Assignee: NXP B.V.
    Inventor: Giten Kulkarni
  • Patent number: 9906518
    Abstract: A method, system or computer usable program product for managing exchanges of sensitive data including utilizing a processor to request a service across a network from an application, the service requiring a disclosure of a first set of sensitive data by the application; providing a set of certified policy commitments regarding the first set of sensitive data to the application for a determination of acceptability; and upon a positive determination, receiving the service including the disclosure of the first set of sensitive data.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: February 27, 2018
    Assignee: TrustArc Inc
    Inventor: Daniel J. Guinan
  • Patent number: 9882890
    Abstract: Effecting reissue in a data processing system of a cryptographic credential certifying a set of attributes, the credential being initially bound to a first secret key stored in a first processing device. A backup token is produced using the first device and comprises a commitment to said set of attributes and proof data permitting verification that the set of attributes in said commitment corresponds to the set of attributes certified by said credential. At a second processing device, a second secret key is stored and blinded to produce a blinded key. A credential template token produced from the backup token and the blinded key is sent to a credential issuer where said verification is performed using the proof data and the credential template token is used to provide a reissued credential, certifying said set of attributes, to the second device, the reissued credential being bound to the second secret key.
    Type: Grant
    Filed: May 26, 2016
    Date of Patent: January 30, 2018
    Assignee: International Business Machines Corporation
    Inventors: Jan Camenisch, Anja Lehmann, Gregory Neven
  • Patent number: 9854059
    Abstract: In one embodiment, a method includes receiving a request for the client device to access a communication network. The request includes data identifying the client device based on an intermediate device certificate signed by one or more of the computing devices. The method also includes associating the request with a user profile of a social-networking system; and granting the client device access to the communication network based at least in part on the association of the request to the user profile.
    Type: Grant
    Filed: March 4, 2016
    Date of Patent: December 26, 2017
    Assignee: Facebook, Inc.
    Inventors: Charles J. Hughes, Ivan Poliakov
  • Patent number: 9853973
    Abstract: Inherent terminal identification information and a terminal unique key are stored in an on-board terminal, and server-side terminal identification information and a server-side terminal unique key, which are same information as the above terminal identification information and terminal unique key are stored in a server. And, the on-board terminal transmits the terminal identification information to the server via a communication terminal, and the server performs terminal authentication according to the server-side terminal identification information, and if the authentication is success, transmits encrypted software for the on-board terminal of which authentication was success to the communication terminal.
    Type: Grant
    Filed: June 11, 2014
    Date of Patent: December 26, 2017
    Assignee: CLARION CO., LTD
    Inventors: Takashi Matsumoto, Atsushi Shimizu, Hiroyoshi Endo, Susumu Kojima, Haruhiko Sawajiri
  • Patent number: 9819682
    Abstract: Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: November 14, 2017
    Assignee: AirWatch LLC
    Inventors: Alan Dabbiere, Erich Stuntebeck
  • Patent number: 9813392
    Abstract: Disclosed is a method for providing a public key for authenticating an integrated circuit. In the method, the integrated circuit obtains a hardware key and an integrated circuit identifier. The integrated circuit generates a derived key based on the hardware key using a key derivation function (KDF) shared with a manufacturing machine. The integrated circuit generates a private key and a corresponding public key using the derived key as an input to a deterministic function. The integrated circuit then provides the public key and the integrated circuit identifier to a partner service for authentication of the integrated circuit using an anonymized credential database to be provided to the partner service by a manufacturer.
    Type: Grant
    Filed: March 6, 2015
    Date of Patent: November 7, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Dean Lorenz, Boris Dolgunov, Roberto Avanzi, Ivan Hugh Mclean
  • Patent number: 9800413
    Abstract: Methods and apparatus are provided for performing an asymmetric key exchange between a vehicle and a first remote device. The method comprises storing predetermined cryptographic information on the vehicle, generating a first public key and a first private key that correspond to the vehicle, storing the first private key on the vehicle, and providing the first public key and descriptive data associated with the vehicle to a trusted entity, wherein the trusted entity is configured to store the first public key and the descriptive data in a location that is accessible to the first remote device.
    Type: Grant
    Filed: August 15, 2008
    Date of Patent: October 24, 2017
    Assignee: GM GLOBAL TECHNOLOGY OPERATIONS, INC.
    Inventors: Ansaf I. Alrabady, Thomas M. P. Catsburg
  • Patent number: 9781097
    Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.
    Type: Grant
    Filed: February 13, 2015
    Date of Patent: October 3, 2017
    Assignee: SecureAuth Corporation
    Inventors: Garret Florian Grajek, Chihwei Liu, Allen Yu Quach, Jeffrey Chiwai Lo
  • Patent number: 9749141
    Abstract: A secure boot method includes: obtaining a certificate digest at a digest processor from a write-once, always-on memory; calculating a flash digest using the digest processor by cryptographically processing a sensitive information image; and comparing, using the digest processor, the flash digest with the certificate digest.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: August 29, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Ron Keidar, Eugen Pirvu, Jeff Smith
  • Patent number: 9749690
    Abstract: Provided are a video information system and a method of providing video data access history. Biomedical information or non-biomedical information that may authorize a user who is accessing video data stored in the video information system is stored to be linked to the video data as metadata of the video data, and thus, an authorized user who later accesses the video information system may identify an identity of a user who has accessed the video data. If it is determined that the user is an unauthorized user, the biomedical information or the non-biomedical information of the user may be used to determine who the unauthorized user is.
    Type: Grant
    Filed: October 23, 2015
    Date of Patent: August 29, 2017
    Assignee: Hanwha Techwin Co., Ltd.
    Inventors: Sungbong Cho, Chanki Jeon
  • Patent number: 9742758
    Abstract: Disclosed are various embodiments for validating the identity of network sites. A communication session is established with a network site using a credential for the network site. A validation of the communication session is generated based at least in part upon a profile for the network site. The profile is derived from at least one previous communication session with the network site. An action is initiated in response to the validation when the validation indicates a discrepancy exists between the profile for the network site and the communication session with the network site.
    Type: Grant
    Filed: August 13, 2013
    Date of Patent: August 22, 2017
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 9729642
    Abstract: A technique to at least partial transfer an active network communication session associated with a server and an authenticated user communicating through a first device. The at least partial transfer includes the following actions (not necessarily in the following order): (i) recording the network communication session on an inline network device; (ii) associating the network communication session with the second device on the inline network device; and (iii) sending session continuation information from the inline network device to at least the second device and/or the server. The first device is in data communication with the inline network device during at least a portion of the recording step. The session continuation information sent at the sending step includes information enabling the user to continue the active network communication session through the second device.
    Type: Grant
    Filed: May 24, 2013
    Date of Patent: August 8, 2017
    Assignee: International Business Machines Corporation
    Inventors: Paul A. Ashley, Christopher Y. Choi, John W. Court, Simon W. Gee
  • Patent number: 9722802
    Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for increasing network security. The method for increasing network security includes: receiving, by a network management system, a certificate message reported by a network element; generating, by the network management system, a first list; when determining that a certificate corresponding to certificate information in the first list needs to be revoked, generating, by the network management system, a certificate revocation request file according to the certificate information, and removing the certificate information in the first list from the first list; and sending, by the network management system, the certificate revocation request file to a public key infrastructure (PKI) system.
    Type: Grant
    Filed: July 21, 2015
    Date of Patent: August 1, 2017
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Wenjun Jin, Ying Xiong, Jiajia Chen, Jiangsheng Wang
  • Patent number: 9715357
    Abstract: A method of performing user authentication in an image forming apparatus, the method including detecting whether an interruption or a failure has occurred during authentication using an external authentication server; providing a user interface (UI) screen image for selecting to retry the authentication using the external authentication server or to enter a temporary authentication mode that does not use the external authentication server; when it is selected to enter the temporary authentication mode, entering an administrator authentication mode or an internal authentication mode based on pre-set temporary authentication options; and receiving information necessary for authentication and performing authentication based on a current authentication mode.
    Type: Grant
    Filed: January 16, 2015
    Date of Patent: July 25, 2017
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Tae-gyun Cho, Hyun-cheol Park
  • Patent number: 9699654
    Abstract: Methods, systems, and devices are described for wireless communication at a wireless station. Specifically, the present disclosure prevents a station from decrypting unauthorized messages transmitted by wireless device(s) impersonating an AP. In some examples, the AP may continuously and periodically alter the keys for each transmitted message transmitted to prevent malicious interference by unauthorized devices. In some examples, the method may use a symmetric cipher (e.g., Message Integrity Code) for a message using an undisclosed MIC key.
    Type: Grant
    Filed: November 5, 2014
    Date of Patent: July 4, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Soo Bum Lee, Santosh Paul Abraham, Philip Michael Hawkes, George Cherian, Anand Palanigounder
  • Patent number: 9697668
    Abstract: An automatically configurable smart card comprises—a generic data structure provided for containing smart card specific data, and—a smart card operating system being adapted to automatically detect the generic data structure and to migrate the generic data structure.
    Type: Grant
    Filed: February 14, 2007
    Date of Patent: July 4, 2017
    Assignee: NXP B.V.
    Inventors: Christoph Tapler, Ernst Haselsteiner
  • Patent number: 9699172
    Abstract: A method for managing the installation of an application on an electronic device is disclosed. In one aspect, the method includes seeking the authenticity of a second signature using the public authentication key of a certificate, the certificate being authenticated if at least one of the second sub-signatures is considered authentic during implementation of the search.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: July 4, 2017
    Assignee: SCHNEIDER ELECTRIC INDUSTRIES SAS
    Inventor: Michel Moulin
  • Patent number: 9686266
    Abstract: An authentication scheme may be utilized for a single sign-on operation between servers. One or more servers (e.g., a SHAREPOINT server) receives a data request directed to a disparate server (e.g., an SAP server). A root certificate (e.g., an X.509 root certificate) is loaded for accessing the disparate server. A user certificate is dynamically generated for identifying a logged-in user. The user certificate is signed with the root certificate and sent to the disparate server for binding with the data request. The data request is sent to the disparate server for authentication using the user certificate. The disparate server accesses a mapping table to map a subject name in the user certificate. When an entry for the logged-in user is found in the mapping table, data operations are enabled between the servers. An open web protocol response containing the requested data is then received from the disparate server.
    Type: Grant
    Filed: January 11, 2016
    Date of Patent: June 20, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ajay Gupta, Sudeep Rastogi, Shyam Sundar Jayasankar, Diwakar Mantha
  • Patent number: 9680700
    Abstract: Some demonstrative embodiments include devices, systems and/or methods of configuring a radio transceiver. For example, some embodiment include a radio virtual machine (RVM) to configure a radio transceiver, the RVM including a radio processor to execute a first code configuring one or more transceiver functionalities independent of a configuration of the radio transceiver, and to generate a second code based on the configuration of the radio transceiver and the first code, wherein the second code is to be executed by the radio transceiver to configure the one or more transceiver functionalities for the radio transceiver.
    Type: Grant
    Filed: September 8, 2013
    Date of Patent: June 13, 2017
    Assignee: INTEL CORPORATION
    Inventors: Vladimir Ivanov, Markus Dominik Mueck, Hossein Alavi
  • Patent number: 9660974
    Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.
    Type: Grant
    Filed: February 13, 2015
    Date of Patent: May 23, 2017
    Assignee: SecureAuth Corporation
    Inventors: Garret Florian Grajek, Chihwei Liu, Allen Yu Quach, Jeffrey Chiwai Lo
  • Patent number: 9646332
    Abstract: Disclosed is a manufacturing process and feature licensing system for provisioning personalized (device-unique) licenses to devices. The secure system uses a secure key wrapping mechanism to deliver the LSK to LPS. Another feature is that various network communication links are secured using standard security protocol. Application messages, license templates, licenses are digitally signed. The system is flexible, configured to allow multiple manufacturers and to allow various feature configurations via the use of License Template; scalable, as it is possible to use multiple LPS hosts to serve multiple programming stations; and available in that the delegation of license signing capability from CLS to LPS eliminates the dependency on unreliable Internet connections. Redundant LPS hosts provide high level of availability required for high volume license provisioning.
    Type: Grant
    Filed: September 21, 2011
    Date of Patent: May 9, 2017
    Assignee: Google Technology Holdings LLC
    Inventors: Jinsong Zheng, Tat Keung Chan, Liqiang Chen, Greg N. Nakanishi, Jason A. Pasion, Xin Qiu, Ting Yao
  • Patent number: 9584492
    Abstract: A cryptographic proxy service may be provided. Upon determining that data associated with a network destination comprises at least some sensitive data, a cryptographic service may provide a security certificate associated with the network destination. The plurality of data may be encrypted according to the security certificate associated with the network destination and provided to the cryptographic service for re-encryption and transmission to the network destination.
    Type: Grant
    Filed: June 23, 2014
    Date of Patent: February 28, 2017
    Assignee: VMware, Inc.
    Inventor: Erich Stuntebeck
  • Patent number: 9565211
    Abstract: A method, system or computer usable program product for managing exchanges of sensitive data including utilizing a processor to request a service across a network from an application, the service requiring a disclosure of a first set of sensitive data by the application; providing a set of certified policy commitments regarding the first set of sensitive data to the application for a determination of acceptability; and upon a positive determination, receiving the service including the disclosure of the first set of sensitive data.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: February 7, 2017
    Assignee: TRUE ULTIMATE STANDARDS EVERYWHERE, INC.
    Inventor: Daniel J. Guinan
  • Patent number: 9548970
    Abstract: A method for managing unlinkable database user identifiers includes distributing to a first database a first encrypted user identifier, a first database identifier, and a first database user identifier; distributing to a second database a second encrypted user identifier, a second database identifier, and a second database user identifier; receiving from the first database a third encryption and a fourth encryption, the third encryption being formed from the first encrypted user identifier, the second database identifier, and a message comprised in the fourth encryption; decrypting the third encryption thereby obtaining a decrypted value; deriving a blinded user identifier from the decrypted value; and sending the encrypted blinded user identifier and the fourth encrypted value to the second server thereby enabling the second server to compute the second database user identifier from the encrypted blinded database user identifier and the decrypted fourth encrypted value.
    Type: Grant
    Filed: May 8, 2015
    Date of Patent: January 17, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jan L. Camenisch, Anja Lehmann