By Generation Of Certificate Patents (Class 713/175)
  • Patent number: 12218796
    Abstract: A network device may be coupled to a removable storage device. The network device may process redirect information stored on the removable storage device to connect to a device configuration server indicated by the redirect information. The network device may complete a device provisioning operation based on configuration information obtained from the device configuration server and report status of the device provisioning operation to the device configuration server.
    Type: Grant
    Filed: October 12, 2023
    Date of Patent: February 4, 2025
    Assignee: Arista Networks, Inc.
    Inventor: Eamon Doyle
  • Patent number: 12212691
    Abstract: A method of operating a computer-controlled first device for establishing a secure data communication with a computer-controlled second device in a passenger transportation arrangement distributed control system includes: generating an encryption key including a public and private key pair; creating credentials (e.g. X.509 certificate) based on the generated encryption key; preparing a certificate signing request CSR and dispatching the CSR via a secured data communication path to a certificate authority CA that is based on a public key infrastructure PKI operated by the passenger transportation arrangement operator; receiving the certificate from the CA with a signature using a private key held secret by the operator; establishing the secure data communication with the second device by transmitting the credentials to the second device, wherein the second device accepts establishing the secure data communication upon verification of the signature of the credentials executed using a public key of the operator.
    Type: Grant
    Filed: February 8, 2021
    Date of Patent: January 28, 2025
    Assignee: INVENTIO AG
    Inventor: Claudio Colombano
  • Patent number: 12206798
    Abstract: Systems and procedures are provided for tracking hardware components of an IHS (Information Handling System). During factory provisioning of an IHS, an inventory certificate to the IHS is stored to the IHS that includes an inventory identifying factory-installed hardware components of the IHS. Also during the factory provisioning, a record is stored in a component datastore of the factory-installed hardware specified in the inventory certificate. Upon initialization of the delivered IHS, a pre-boot validation environment is initialized on the IHS and the stored inventory certificate is retrieved and used to validate the detected hardware components of the IHS. The results of the validation are then reported to a component datastore, where they are used to identify any transfer of a factory-installed hardware component. The factory datastore is updated in subsequent validations to reflect any detected modifications to the IHS in tracking genuine components.
    Type: Grant
    Filed: October 22, 2021
    Date of Patent: January 21, 2025
    Assignee: Dell Products, L.P.
    Inventors: Marshal F. Savage, Jason Matthew Young, Mukund P. Khatri
  • Patent number: 12200143
    Abstract: Methods and systems for certificate management in a distributed system are disclosed. The distributed system may include data processing systems that utilize certificates issued by a certificate issuer. The data processing systems may be intermittently connected to the certificate issuer. The certificate issuer may, at any point in time, revoke any issued certificate. The certificate issuer may not notify other entities of the revocation. To determine whether a certificate should be treated as being valid, the data processing systems may apply a set of rules to the certificate that compensate for intermittent connectivity to the certificate issuer that may prevent determining whether a certificate has been revoked, while limiting risk due to the potential for a certificate to have been revoked but the revocation not being known.
    Type: Grant
    Filed: April 20, 2022
    Date of Patent: January 14, 2025
    Assignee: Dell Products L.P.
    Inventors: Bradley K. Goodman, Kirk Alan Hutchinson
  • Patent number: 12170655
    Abstract: The present disclosure relates to a microcontroller comprising a memory module for storing a digital certificate, a network module for establishing a connection with a network, and a processor. The processor is configured to establish a connection with a network computer located in the network, to request a digital certificate from the network computer, to receive the digital certificate from the network computer, to store the digital certificate in the memory module, and to exchange user data with the network computer, provided that a previous verification of the digital certificate of the microcontroller has been successful. The present disclosure further relates to a method for communication between a microcontroller and a network computer as well as to a network computer and a communication system.
    Type: Grant
    Filed: November 25, 2019
    Date of Patent: December 17, 2024
    Assignee: WIZnet Germany GmbH
    Inventors: Witali Bartsch, Steen Harbach
  • Patent number: 12160910
    Abstract: A method of pairing a client device to a host device, the method comprising: obtaining, at the host device, a reference approval code; receiving, at the host device, a pairing request from the client device; when the pairing requests includes an embedded approval code, comparing the embedded approval code to the reference approval code; when the embedded approval code matches the reference approval code, bypassing an approval request and approving a pairing of the client device to the host device; and responsive to approving the pairing, pairing the client device to the host device based on the pairing request.
    Type: Grant
    Filed: January 31, 2022
    Date of Patent: December 3, 2024
    Assignee: Zebra Technologies Corporation
    Inventors: Maulin Sheth, Mariya Wright
  • Patent number: 12153681
    Abstract: According to embodiments of the present disclosure, an Information Handling System (IHS), systems and methods for identifying firmware versions of a firmware image using SPDM alias certificates are disclosed. In one embodiment, an IHS includes a Security Protocol and Data Model (SPDM)-enabled device conforming to a SPDM specification, and computer-executable instructions to receive a request to attest a firmware image, generate an alias certificate using a hash of the firmware and version information associated with the firmware in response to the request, and using the alias certificate, attest the version of the firmware image using the version information.
    Type: Grant
    Filed: March 2, 2023
    Date of Patent: November 26, 2024
    Assignee: Dell Products, L.P.
    Inventors: Dharma Bhushan Ramaiah, Vineeth Radhakrishnan, Mini Thottunkal Thankappan, Shinose Abdul Rahiman, Rama Rao Bisa
  • Patent number: 12149928
    Abstract: A vehicle communication system, including plural control devices configured to carry out communication with one another, wherein a transmitting device and a receiving device each include a memory and a processor. The processor at the transmitting device generates first authentication information based on a message and the encryption key, and in a case in which there is an abnormality at the encryption key, transmits the predetermined authentication information and the message to the receiving device. The processor at the receiving device generates second authentication information based on the encryption key and the received message, collates the first authentication information and the second authentication information, and authenticates the message, and in a case in which, after starting-up of the receiving device, authentication has not succeeded even once, and the received first authentication information and the predetermined authentication information match, accepts the received message.
    Type: Grant
    Filed: October 13, 2023
    Date of Patent: November 19, 2024
    Assignee: TOYOTA JIDOSHA KABUSHIKI KAISHA
    Inventor: Masahide Banno
  • Patent number: 12141102
    Abstract: A container system is disclosed. The container system includes a host, a daemon and an API server running in the containers of the host, and a container manager running in the host. The host has a file system. The container manager creates a source directory in the file system and mounts the source directory to a share directory of the daemon. The API server receives a request command with respect to a target directory in the file system, and the container manager bind-mounts the target directory to a sub-directory of the source directory according to the request command. In addition, the container manager responds the API server the location of the target directory in the share directory for accessing the required data through the share directory in the containers.
    Type: Grant
    Filed: July 11, 2022
    Date of Patent: November 12, 2024
    Assignee: QNAP SYSTEMS, INC.
    Inventor: Chin-Hsing Hsu
  • Patent number: 12137142
    Abstract: A system for managing communication between a vehicle and a broker module includes a telematics unit connected to the vehicle. The telematics unit is configured to carry out wireless data communications according to a publish-subscribe messaging protocol. A command unit is in communication with the telematics unit, the command unit having a processor and tangible, non-transitory memory on which instructions are recorded. The telematics unit is configured to establish a network connection with the broker module. The command unit is adapted to create a dynamic retry delay process for the network connection by varying a connection retry delay time based on a plurality of failure categories and an operation mode of the vehicle. The plurality of failure categories each corresponds to a respective failure in the network connection.
    Type: Grant
    Filed: October 13, 2022
    Date of Patent: November 5, 2024
    Assignee: GM Global Technology Operations LLC
    Inventors: Venkata Naga Siva Vikas Vemuri, Scott T. Droste, Yu-Kung Ke, Andrew J. MacDonald
  • Patent number: 12120226
    Abstract: Described embodiments provide systems and methods for morphing or regenerating validation information. A client can receive, via a device, an authentication cookie for access to a server. The device may maintain a sequence number and a cryptographic secret. The client may use the cryptographic secret and a cookie engine to generate validation cookie information with an updated sequence number. The client may send the authentication cookie to the device via a hypertext transfer protocol (HTTP) message to validate the authentication cookie. The client may send the validation cookie information with the updated sequence number to the device via a HTTP message to validate the authentication cookie.
    Type: Grant
    Filed: November 13, 2020
    Date of Patent: October 15, 2024
    Assignee: Citrix Systems, Inc.
    Inventors: Daniel G. Wing, Ratnesh Singh Thakur, Arkesh Kumar, Raghukrishna Hegde, Nivedita Jagdale, Ramachandra Kasyap Marmavula, Joseph Hoelbrandt, Girish Chandra Padhi
  • Patent number: 12120250
    Abstract: A method at a computing device within an Intelligent Transportation System, the method comprising: determining, at the computing device, whether a short-term certificate is available to sign a message; if the short-term certificate is available, signing the message with a private key associated with the short-term certificate; if the short-term certificate is not available, signing the message with a private key associated with a long-term certificate; and sending the message to a recipient.
    Type: Grant
    Filed: January 18, 2024
    Date of Patent: October 15, 2024
    Assignee: BlackBerry Limited
    Inventors: Stephen John Barrett, John Octavius Goyo, James Randolph Winter Lepp
  • Patent number: 12113915
    Abstract: Methods and apparatus relating to a Federal Information Processing Standard (FIPS) compliant Device Identifier Composition Engine (DICE) certificate chain architecture for embedded systems are described. In an embodiment, Deterministic Random Bit Generator (DRBG) logic circuitry generates a random number for each layer of a Device Identifier Composition Engine (DICE). The DRBG logic circuitry is a Federal Information Processing Standard (FIPS) approved DRBG logic circuitry. Logic circuitry derives an Elliptic Curve Digital Signature Algorithm (ECDSA) private key for a layer of the DICE based at least in part on one or more operations of a FIPS-approved ECDSA key pair generation logic circuitry. Other embodiments are also disclosed and claimed.
    Type: Grant
    Filed: March 30, 2022
    Date of Patent: October 8, 2024
    Assignee: Intel Corporation
    Inventors: Xiaoyu Ruan, Ned M. Smith, Matthew G. Pirretti
  • Patent number: 12111957
    Abstract: Software provenance validation reports whether a validation binary matches the source code, resources, and other parts, as well as the compiler, runtime, operating system, and other context, which is specified in a provenance manifest for a release binary. Part context checksums, software versions, tool parameters, and other aspects of a build are checked. Certification signatures, timestamps, certain version differences, source code locations, and other data may be ignored for validation purposes. A provenance manifest may include other provenance manifests, including binary rewrite manifests. The provenance manifest may be stored in a debugger file with symbol information, or stored separately. Partial matches may be reported, with details of what matches or does not match. After provenance of a binary is validated, the binary's source code can be analyzed for vulnerabilities, thereby enhancing software supply chain security.
    Type: Grant
    Filed: June 8, 2021
    Date of Patent: October 8, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Claire Novotny, Jared Parsons, Jason R. Shaver, Jobst-Immo Landwerth, Richard Steele Gibson, Tomas Matousek
  • Patent number: 12111795
    Abstract: A method for managing replication of cloned files is provided. Embodiments include determining, at a source system, that a first file has been cloned to create a second file. Embodiments include sending, from the source system to a replica system, an address of the first extent and an indication that a status of the first extent has changed from non-cloned to cloned. Embodiments include changing, at the replica system, a status of a second extent associated with a replica of the first file on the replica system from non-cloned to cloned and creating a mapping of the address of the first extent to an address of the second extent on the replica system. Embodiments include creating, at the replica system, a replica of the second file comprising a reference to the address of the second extent on the replica system.
    Type: Grant
    Filed: June 24, 2021
    Date of Patent: October 8, 2024
    Assignee: VMware LLC
    Inventors: Abhay Kumar Jain, Sriram Patil, Junlong Gao, Wenguang Wang
  • Patent number: 12095785
    Abstract: A system and methods for detecting and mitigating SAML forgery and manipulation attacks against services is provided, comprising a policy manager configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a unique identifier for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid unique identifier.
    Type: Grant
    Filed: October 28, 2023
    Date of Patent: September 17, 2024
    Assignee: QOMPLX
    Inventors: Jason Crabtree, Richard Kelley, Angadbir Singh Salaria, Andrew Sellers, Farooq Israr Ahmed Shaikh, Randy Clayton, Luka Jurukovski
  • Patent number: 12088578
    Abstract: Provided is a method for the cryptographically protected provision of a digital certificate for a device, including the following steps: generating a one-time security ID according to a provided secret and at least one item of device-specific information; in a configuration device, transmitting the one-time security ID to the device; and in the device, generating an item of security information according to the one-time security ID; requesting a certificate by a request message, which contains an item of device-specific information and which is cryptographically protected by the security information, from an issuing authority; and at the issuing authority, checking the security information by the device-specific ID and the secret provided to the issuing authority; and transmitting a certificate to the device in the event of a positive check result.
    Type: Grant
    Filed: March 25, 2020
    Date of Patent: September 10, 2024
    Assignee: Siemens Aktiengesellschaft
    Inventors: Hendrik Brockhaus, Jens-Uwe Bußer
  • Patent number: 12079328
    Abstract: A system and method for inspecting a running container for a cybersecurity object in a cloud computing environment is disclosed. The method includes: generating a clone of a disk, wherein the disk is deployed in a cloud computing environment; detecting a software container on the generated clone of the disk; and inspecting the software container for a cybersecurity object, in response to determining that the container is a running container.
    Type: Grant
    Filed: October 10, 2023
    Date of Patent: September 3, 2024
    Assignee: Wiz, Inc.
    Inventors: Daniel Hershko Shemesh, Yarin Miran, Roy Reznik, Ami Luttwak, Yinon Costica, Niv Roit Ben David, Yaniv Shaked, Raaz Herzberg, Amir Lande Blau
  • Patent number: 12074991
    Abstract: A proxy revocation service provides a reliable service for performing revocation checks. The proxy revocation service queries public certificate authorities for the revocation status of a set of digital certificates and maintains a database of the revocation statuses. The proxy revocation service provides a singular endpoint that is Application Protocol Interface (API) accessible to web clients. Web clients communicate with the proxy revocation service through use of API message to perform revocation checks, rather than communicating with the public certificate authorities using an online certificate status protocol (OCSP). Use of the proxy revocation service provides both a reliable service for performing revocation checks as well as shifts the complexity away from the web clients.
    Type: Grant
    Filed: June 21, 2023
    Date of Patent: August 27, 2024
    Assignee: Snowflake Inc.
    Inventors: Harsh Chaturvedi, Harsha S. Kapre, Srinath Shankar
  • Patent number: 12067154
    Abstract: A sensor data assembly providing a secured data storage for monitored data containing sensor data acquired by at least one sensor, a processing unit adapted to provide a cryptographic checksum of the monitored data and/or the sensor data acquired by the sensor, a distributed database and a first connection adapted to, at least temporarily, connect the sensor and the processing unit. A method provides manipulation proof monitored data containing sensor data of a sensor of the sensor data assembly.
    Type: Grant
    Filed: September 16, 2019
    Date of Patent: August 20, 2024
    Assignee: Siemens Energy Global GmbH & Co. KG
    Inventors: Jerry Fornander, Andreas Graichen, Thomas Jetzfellner, Johan Lindstam, Markus Sauer, Monika Sturm
  • Patent number: 12063314
    Abstract: A security event management system for an electronic connected network includes a public key infrastructure subsystem configured to generate a security ID for a connected device accessing the network, a digital ledger, a trigger list in operable communication with the digital ledger, and an event manager configured to (i) subscribe to the trigger list by defining at least one reportable event of which the trigger list is to advise the event manager, and (ii) receive a notification from the trigger list upon validation of the at least one reportable event behind the digital ledger.
    Type: Grant
    Filed: July 10, 2023
    Date of Patent: August 13, 2024
    Assignee: Cable Television Laboratories, Inc.
    Inventors: Steven J. Goeringer, Brian A. Scriber, Massimiliano Pala
  • Patent number: 12045811
    Abstract: A system, device and method of confidential secure custodial transfers of asset between entities utilizing transaction agents implemented via a distributed ledger (e.g. a blockchain). In particular, the transaction agents securely record each of the transactions on the ledger utilizing obfuscated or proxy data state such that information about the transactions cannot be gleaned from the ledger. In particular, the transaction agents are able to enforce business rules of the system by requesting zero-knowledge proofs from participants to the transaction (e.g. sender and recipient) in place of actual data for the transaction. The zero-knowledge proofs are able to be designed to prevent an observer of the distributed ledger from determining any information of the transaction that is taking place.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: July 23, 2024
    Assignee: Chronicled Inc.
    Inventors: Maurizio Greco, Ryan Orr, Maksym Petkus, Jon Eric Garvin, Susanne Somerville
  • Patent number: 12034874
    Abstract: An approach is provided for validating and managing certificates. A certificate is received. Information related to the certificate and additional information an additional data source are determined. A risk factor is rated based on the information related to the certificate and the additional information from the additional source. The certificate is validated based on the rating of the risk factor. A unique hashtag ID is generated for the validated certificate and recorded on a blockchain network.
    Type: Grant
    Filed: October 10, 2021
    Date of Patent: July 9, 2024
    Assignee: International Business Machines Corporation
    Inventors: Richard Daniel Gunjal, Subhra Kanti Bhakta
  • Patent number: 12028461
    Abstract: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
    Type: Grant
    Filed: May 11, 2023
    Date of Patent: July 2, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: William Frederick Hingle Kruse, Conor Patrick Cahill, Jeffrey Cicero Canton, Dmitry Frenkel, Harshad Vasant Kulkarni, Colin Watson, Andrew Paul Mikulski
  • Patent number: 12028940
    Abstract: Provided are methods and apparatuses for performing a communication in a wireless communication system. An IAB node of performing a communication, according to an embodiment, includes a transceiver and a processor coupled with the transceiver and configured to perform an authentication and a setup of an IP connectivity with an OAM (operations, administration and maintenance) server, in response to an architecture in which a DU (distribution unit) and a CU (central unit) are split, establish a F1 interface between a DU of the IAB node and a CU of an IAB donor, and provide a service to a UE based on a result of the establishment.
    Type: Grant
    Filed: May 10, 2019
    Date of Patent: July 2, 2024
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Fasil Abdul Latheef, Neha Sharma, Pravjyot Singh Deogun, Aneesh Deshmukh, Shouvik Guha
  • Patent number: 12008110
    Abstract: A method of building a device historian, across a supply chain of device manufactures and managers, by a plurality of device management services comprising an enrollment service, an update service, a policy service, and an analytics service, a transaction connector, a blockchain broker service participating as a node in a blockchain network, and transaction filters. The method comprises sending, by the plurality of device management services a transaction record over the transaction connector to the blockchain broker service, receiving, by the blockchain broker service, the transaction record, filtering, by the blockchain broker service, information in the transaction record based on the transaction filters, preparing, by the blockchain broker service, a versioned block based on the filtered information from the transaction record, and adding, by the blockchain broker service, the versioned block to the blockchain network.
    Type: Grant
    Filed: July 29, 2022
    Date of Patent: June 11, 2024
    Assignee: DigiCert, Inc.
    Inventors: Srinivas Kumar, Atul Gupta, Ruslan Ulanov, Shreya Uchil
  • Patent number: 12010250
    Abstract: A capability enabling method and apparatus. A secure element (SE) establishes, with a trusted execution environment (TEE), a session for communication. The SE sends, to the TEE, an obtaining instruction to obtain a security certificate of the TEE. After receiving the obtaining instruction, the TEE generates the security certificate based on attribute information of the TEE, and sends the generated security certificate to the SE. After the SE receives the security certificate, the SE determines, based on the security certificate and a preset security policy, that the TEE is in a secure state. After the SE determines that the TEE is in the secure state, the SE enables a first capability for a third-party service in the SE based on a second capability of the TEE.
    Type: Grant
    Filed: October 23, 2019
    Date of Patent: June 11, 2024
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Sishan Wang, Xiaona Zhao, Xinmiao Chang
  • Patent number: 11997221
    Abstract: Securely transmitting a public key “PK” of a certificate holder within a public key infrastructure includes transferring a digital certificate signed with a digital certificate signature and having certificate holder and certificate key information from a sender “A” to a recipient “B”. The recipient “B” establishes a data-transferring connection to a digitally contactable resource “R” on the basis of resource identification information contained in the digital certificate and retrieves the public key “PK” of the certificate holder via the resource “R”. The recipient “B” compares a key hash value determined from the public key “PK” using a specified hash function with a certificate key hash value contained in the digital certificate and signed with a digital certificate signature. The public key “PK” assigned to the certificate holder is accepted and used by the recipient “B” if the determined key hash value matches the signed certificate key hash value.
    Type: Grant
    Filed: February 10, 2020
    Date of Patent: May 28, 2024
    Assignee: MTG AG
    Inventor: Evangelos Karatsiolis
  • Patent number: 11985247
    Abstract: A method for authenticating an origin of a network device. The method includes reading one or more encrypted parameters from a memory of the network device, decoding the one or more encrypted parameters, and determining whether one or more of the decoded parameters match parameters obtained from a trusted platform module (TPM) installed in the network device and/or a read only memory (ROM) of the network device. In response to a mismatch between the decoded parameters and the parameters obtained from the TPM or the ROM, at least one of suspending operation of the device or transmitting a report of an authentication failure across a network on which the device is operating.
    Type: Grant
    Filed: July 21, 2022
    Date of Patent: May 14, 2024
    Assignee: ARISTA NETWORKS, INC.
    Inventors: Ethan Rahn, Baptiste Covolato, Roy Wen, Julien Gomes
  • Patent number: 11962698
    Abstract: A system and method for receiving secure data in a client device. In one embodiment, the method comprises (a) receiving a token having a token ID and a digital certificate generated by a certificate authority (CA) having client device fingerprint data generated from client device parameters, (b) accepting a request in the client device to provide secure data to the client device, (c) regenerating the client device fingerprint data from the client device parameters, (d) determining, in the client device, differences between the client device fingerprint data of the digital certificate from the regenerated client device fingerprint data, and (e) transmitting a request to a secure data service to provide secure data based upon the determination.
    Type: Grant
    Filed: March 17, 2021
    Date of Patent: April 16, 2024
    Assignee: ARRIS Enterprises LLC
    Inventors: Jason A. Pasion, John Okimoto, Xin Qiu, Alexander Medvinsky, Ting Yao, Jinsong Zheng, Oscar Jiang
  • Patent number: 11954226
    Abstract: Disclosed herein are methods and systems for executing verifiable computation modules to process private data at private data owner platform, comprising obtaining a computation module having a unique identifier recorded in a distributed ledger controlled by a plurality of computing nodes, generating a key pair comprising a signing key and a verification key derived from the signing key, recording, in the distributed ledger, an execution record associating an execution instance of the computation module with the verification key, initiating the execution instance of the computation module to process a private dataset incorporated with the signing key. outputting a computation outcome, computing an execution result signature for the execution instance based on the unique identifier and the private data and the signing key, and recording the execution result signature in the distributed ledger to enable verification of the execution instance.
    Type: Grant
    Filed: August 17, 2021
    Date of Patent: April 9, 2024
    Assignee: International Business Machines Corporation
    Inventors: Alexander Kofman, Artem Barger, Corville O. Allen, Jonathan Bnayahu, Pratul Gupta, Yacov Manevich
  • Patent number: 11917085
    Abstract: A method at a computing device within an Intelligent Transportation System, the method comprising: determining, at the computing device, whether a short-term certificate is available to sign a message; if the short-term certificate is available, signing the message with a private key associated with the short-term certificate; if the short-term certificate is not available, signing the message with a private key associated with a long-term certificate; and sending the message to a recipient.
    Type: Grant
    Filed: April 21, 2023
    Date of Patent: February 27, 2024
    Assignee: BlackBerry Limited
    Inventors: Stephen John Barrett, John Octavius Goyo, James Randolph Winter Lepp
  • Patent number: 11902869
    Abstract: A communication device may execute a wireless communication of object data with a mobile device via a first target network using a second type of interface after executing a sending process of sending a wireless setting, for causing the mobile device to belong to the first target network, to the mobile device using a first type of interface in a case where the communication device is determined as currently belonging to the first target network. The communication device may execute the wireless communication of the object data with the mobile device via a second target network using the second type of interface after executing a specific process of causing both the communication device and the mobile device to belong to the second target network in a case where the communication device is determined as currently not belonging to the target network.
    Type: Grant
    Filed: October 31, 2022
    Date of Patent: February 13, 2024
    Assignee: Brother Kogyo Kabushiki Kaisha
    Inventors: Takanobu Suzuki, Hirotaka Asakura, Munehisa Matsuda, Satoshi Tanaka
  • Patent number: 11886441
    Abstract: A method of implementing object tagging framework starts with the processor receiving a tag creation command including a tag name. In response to the tag creation command, the processor creates a current tag. The processor then receives an association command, the tag name and a source object identifier. The processor determines a source object associated with the source object identifier. The source object includes a tag value. The processor associates the current tag with the source object. The processor receives a replication command including the source object and a target object. The processor causes replication of the source object to the target object that comprises replicating the current tag with the tag name and the tag value in the source object to the target object. Other embodiments are also described herein.
    Type: Grant
    Filed: November 7, 2022
    Date of Patent: January 30, 2024
    Assignee: Snowflake Inc.
    Inventors: Artin Avanes, Khalid Zaman Bijon, Yujie Li, Zheng Mi, Subramanian Muralidhar, David Schultz
  • Patent number: 11882440
    Abstract: An embodiment user authentication system for a connected vehicle service includes a service terminal configured to encrypt first vehicle identification information comprising identification information of a vehicle system and terminal identification information comprising identification information of the service terminal to generate a service identification (ID) comprising identification information of the connected vehicle service, and to display the service ID on a display screen as an optically readable code, and a user terminal configured to receive the service ID by scanning the code and to transmit the received service ID to a service server through an external network to request a user authentication.
    Type: Grant
    Filed: June 16, 2021
    Date of Patent: January 23, 2024
    Assignees: Hyundai Motor Company, Kia Corporation
    Inventor: Jaeyoon Ko
  • Patent number: 11863689
    Abstract: A system having one or more processors. The one or more processors receive data having a request for transferring ownership of a portion of a security from a first user computing system. A portion of the data is signed by a signer with a group signature having an extension. The one or more processors further receive a request to link an identity of the signer and open the identity of the signer. The one or more processors provide to a regulator information corresponding to the group signature and a signature of a transferee being linked to the group signature. The one or more processors generate signing ability of a second user computing system associated with an identifier of the transferee. Generating the signing ability of the second user computing system to use the group signature transfers the ownership of the portion of the security.
    Type: Grant
    Filed: October 24, 2022
    Date of Patent: January 2, 2024
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Phillip H. Griffin
  • Patent number: 11863589
    Abstract: The present disclosure provides for enterprise security in intelligent electronic devices such as electric power meters. In accordance with the present disclosure, enterprise security is a security system in which each individual device, instead of configuring and storing security configurations locally, use a security server for security verifications. Such a security server of the present disclosure may be a dedicated computer on a network, that is used to manage the security configuration for all users. This makes it simpler for administrators to configure users and devices, which in turn improves security by encouraging security to be properly configured.
    Type: Grant
    Filed: June 8, 2020
    Date of Patent: January 2, 2024
    Assignee: EI ELECTRONICS LLC
    Inventors: Luna A. Koval, Erran Kagan
  • Patent number: 11849052
    Abstract: A method for replacing an identity certificate in a blockchain network includes a service subnet, a consensus subnet, and a routing layer used for isolating the service subnet from the consensus subnet. The method includes: receiving a root certificate replacement notification transmitted by a certificate authentication center; obtaining a public key corresponding to the certificate authentication center; verifying the root certificate replacement notification by using the obtained public key; forwarding the root certificate replacement notification to a consensus node in the consensus subnet after the validation succeeds, so that the consensus node records the root certificate replacement notification into a latest data block after a consensus on the root certificate replacement notification is reached; and requesting, when the data block is received, the certificate authentication center to replace an identity certificate.
    Type: Grant
    Filed: January 21, 2021
    Date of Patent: December 19, 2023
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Mao Cai Li, Geng Liang Zhu, Hu Lan, Zong You Wang, Li Kong, Kai Ban Zhou, Chang Qing Yang, Qiu Ping Chen, Qu Cheng Liu, Yi Fang Shi, Jin Song Zhang, Pan Liu
  • Patent number: 11841957
    Abstract: Disclosed is a system and method to create an encrypted file system on a block chain. The system creates the block chain controlling an access to the encrypted file system. The block chain defines a user permission to access at least a portion of the encrypted file system. The system creates the encrypted file system by recording a unique file ID in the block chain, where the unique file ID stores a chunk index including memory locations of multiple chunks storing portions of a file in the encrypted file system. The system encrypts the file using a channel session key and a file encryption key. The channel session key includes a cryptographic key computed based on information known to users granted at least a temporary access to the file, and the file encryption key includes a cryptographic key used to encrypt each file in the encrypted file system.
    Type: Grant
    Filed: December 23, 2022
    Date of Patent: December 12, 2023
    Assignee: SpiderOak, Inc.
    Inventor: Jonathan Andrew Crockett Moore
  • Patent number: 11838139
    Abstract: An agenda dictating a sequence of actions to occur during a conference associated with a plurality of participants is accessed. The sequence of actions is associated with an electronic signature envelope. Content shared by a sharing participant of the conference is monitored for content corresponding to a given action of the sequence. Responsive to detecting the content corresponding to the given action, an acting participant for the given action is determined and data obtained from sensors of a client device of the acting participant is monitored. It is determined that the data indicates that the acting participant has performed the given action and an auditable data structure reflective of the data is generated. The content shared by the sharing participant of the conference is automatically modified to include content corresponding to a next action of the sequence of actions.
    Type: Grant
    Filed: October 31, 2022
    Date of Patent: December 5, 2023
    Assignee: DOCUSIGN, INC.
    Inventors: Anthony Joseph Ramoutar, Billy Travis Williams, David Soh
  • Patent number: 11838427
    Abstract: A method, a computer program product, and a system for usage restrictions on digital certificates. The method includes selecting a digital certificate relating to a user and determining a usage restriction policy for the digital certificate based on the user. The method also includes populating an extension field of the digital certificate with the usage restriction policy. The method further includes providing the digital certificate including the usage restriction policy to the user. The method also includes gathering parameters relating to the digital certificate, determining usage patterns based on the parameters, inputting the usage patterns into a machine learning model, outputting a risk assessment, and updating the usage restriction policy based on the risk assessment.
    Type: Grant
    Filed: February 4, 2021
    Date of Patent: December 5, 2023
    Assignee: International Business Machines Corporation
    Inventors: Rinkesh I. Bansal, Vinod A. Valecha, Sanjay B. Panchal, Chintan Thaker
  • Patent number: 11832098
    Abstract: A vehicle communication system, including plural control devices configured to carry out communication with one another, wherein a transmitting device and a receiving device each include a memory and a processor. The processor at the transmitting device generates first authentication information based on a message and the encryption key, and in a case in which there is an abnormality at the encryption key, transmits the predetermined authentication information and the message to the receiving device. The processor at the receiving device generates second authentication information based on the encryption key and the received message, collates the first authentication information and the second authentication information, and authenticates the message, and in a case in which, after starting-up of the receiving device, authentication has not succeeded even once, and the received first authentication information and the predetermined authentication information match, accepts the received message.
    Type: Grant
    Filed: November 12, 2021
    Date of Patent: November 28, 2023
    Assignee: TOYOTA JIDOSHA KABUSHIKI KAISHA
    Inventor: Masahide Banno
  • Patent number: 11831634
    Abstract: A technique for managing communications between a server and multiple clients includes configuring the server to support multiple sets of certificates for respective clients having respective root certificates. The technique further includes determining an indicator associated with a client root certificate during an initial handshake between a client and the server and providing the client with a server certificate associated with the indicator.
    Type: Grant
    Filed: October 30, 2020
    Date of Patent: November 28, 2023
    Assignee: EMC IP Holding Company LLC
    Inventors: Dmitry Nikolayevich Tylik, Charles W. Kaufman, Gregory W. Lazar, Marco Abela, Jingyan Zhao
  • Patent number: 11825306
    Abstract: Methods, apparatuses and systems for peer-to-peer secure communication are disclosed. In an example, a mobile security apparatus (“MSA”) is connected to a first endpoint device and includes a memory device storing a list of MSAs that are designated as being within a circle of trust (“CoT”) of the MSA. The list includes an Internet Protocol (“IP”) address, a public key, and an identifier of at least one endpoint device for each of the MSAs. The apparatus also includes a processor configured to receive a selection of content from the first endpoint device for transmission to the second endpoint device. After determining the second endpoint device corresponds to a second MSA that is included within the CoT, the processor encrypts a message including the content using the public key associated with the second MSA and transmits the encrypted message using the IP address of the second MSA.
    Type: Grant
    Filed: July 7, 2021
    Date of Patent: November 21, 2023
    Assignee: Cervais Inc.
    Inventors: James A. Austin, Tony J. Salman
  • Patent number: 11824995
    Abstract: A system and method for integrating FIDO authentication systems and user verification systems. The system is provided in one configuration as a mobile app that allows access to highly sensitive information via a mobile device while simultaneously ensuring a highly secured environment authenticating both the mobile device and the user via a highly reliable authentication process.
    Type: Grant
    Filed: August 24, 2022
    Date of Patent: November 21, 2023
    Assignee: Queralt Inc.
    Inventors: Michael Queralt, Daniel R. Sabia
  • Patent number: 11812262
    Abstract: A method of registering a device with an authentication service; in which the method comprises the device; establishing a secure connection between the device and a second device: in which the second device is registered with the authentication service; in which the second device is allocated to the user, in which the secure connection comprises one of: a wireless data connection; and a wired data connection over a LAN; in which the method further comprises tire device: obtaining over tire secure connection from the registered device, an identifier uniquely associated with the registered device; providing to tire authentication service a first credential known to the user; and a second credential derived front tire identifier, and requesting registration on tire basis of tire first and second credentials.
    Type: Grant
    Filed: December 6, 2018
    Date of Patent: November 7, 2023
    Assignee: BRITISH TELECOMMUNICATIONS public limited company
    Inventor: Amar Chandarana
  • Patent number: 11811942
    Abstract: The invention relates to distributed ledger technologies such as consensus-based blockchains. Computer-implemented methods for locking and unlocking transaction inputs and outputs are described. The invention is implemented using a blockchain network, which may be, for example, a Bitcoin blockchain. A group of entities form a group in with membership may be proven using an accumulation tree. A variety of methods are described for generating the accumulation tree, including methods that use a central authority and methods that use a decentralized protocol in place of the central authority. In various implementations, parties are able to unlock transaction outputs that are based on group membership without revealing their identity generally.
    Type: Grant
    Filed: March 5, 2019
    Date of Patent: November 7, 2023
    Assignee: nChain Licensing AG
    Inventors: Silvia Bartolucci, Pauline Bernat
  • Patent number: 11805116
    Abstract: Technologies for securing a virtualization network function (VNF) image includes a security server to generate a wrapping cryptographic key to wrap a private key of the VNF image and replace the private key with the wrapped private key to secure the private key. During operation, the VNF image may be authenticated by a network function virtualization (NFV) server as needed. Additionally, the signature of the VNF image may be updated each time the VNF image is shutdown to ensure the continued authenticity of the VNF image.
    Type: Grant
    Filed: March 31, 2018
    Date of Patent: October 31, 2023
    Assignee: Intel Corporation
    Inventors: Changzheng Wei, Weigang Li, Danny Y. Zhou, Junyuan Wang, Hari K. Tadepalli, Rashmin N. Patel
  • Patent number: 11799855
    Abstract: Systems, methods, and related technologies for device identification are described. In certain aspects, packet data associated with a device can be analyzed and a score determined. The score and the threshold can be compared to determine a device identification for the device.
    Type: Grant
    Filed: November 5, 2020
    Date of Patent: October 24, 2023
    Assignee: FORESCOUT TECHNOLOGIES, INC.
    Inventors: Yang Zhang, Siying Yang
  • Patent number: 11799882
    Abstract: A method and system for network endpoint identification through network fingerprint based entity resolution. Particularly, embodiments disclosed herein may entail receiving a network fingerprint descriptive of at least a network endpoint; obtaining at least two network endpoint label sets each inferred from the network fingerprint by a different network fingerprint parser; reducing, through entity resolution and heuristics, the at least two network endpoint label sets into a de-duplicated network endpoint label set; and resolving, through a voting algorithm, the de-duplicated network endpoint label set to obtain a unified network endpoint label that best identifies the network endpoint.
    Type: Grant
    Filed: May 26, 2022
    Date of Patent: October 24, 2023
    Assignee: ARISTA NETWORKS, INC.
    Inventors: Arunabh Ghosh, Debabrata Dash