By Generation Of Certificate Patents (Class 713/175)
  • Patent number: 11329829
    Abstract: A log, comprising a sequence of temporally ordered digital entries, is authenticated by entering a new entry into the log only after expiration of a minimum time interval. A digital signature and timestamp are generated for each entry in the log and are included in each respective entry. In a validity verification phase, the timestamp of at least one of the entries is examined to determine whether it indicates entry into the log at a time relative to a preceding entry in the log after less than an expected minimum time interval. If so, a remedial action is taken.
    Type: Grant
    Filed: June 1, 2019
    Date of Patent: May 10, 2022
    Assignee: Guardtime SA
    Inventor: Henri Lakk
  • Patent number: 11301840
    Abstract: A provisioning system is provided for terminals such as point of sale terminals. An interface device interfaces with a smart card and a provisioning server, providing initialization keys and security codes that are stored on the smart card. At a terminal, an initialization key from the smart card may be provided to the terminal if a correct security code is entered at the terminal. The terminal may then provide a terminal authorization package to the smart card. The terminal authorization package is stored on the smart card. At the interface device, the terminal authorization package is provided to the provisioning server. The terminal may then securely communicate transactions with an issuer server.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: April 12, 2022
    Assignee: Block, Inc.
    Inventors: Malcolm Smith, Kshitiz Vadera, Afshin Rezayee
  • Patent number: 11290285
    Abstract: A certificate identification system comprises multiple source devices configured to generate an artifact which comprises features indicating user data and an action, a certificate database configured to store certificates comprising user identity information corresponds to its signatory, and an identity manager in signal communication with the source devices and the certificate database.
    Type: Grant
    Filed: February 8, 2019
    Date of Patent: March 29, 2022
    Assignee: Bank of America Corporation
    Inventors: Govinda Rajulu Nelluri, Srinivasa Rao Dakshinyam
  • Patent number: 11290269
    Abstract: Embodiments of the invention are directed to techniques for enabling self-certification of an electronic device to result in the issuance of a security certificate that the electronic device may use to authenticate itself to another entity. In some embodiments, the device is caused to initiate the self-certification process upon determining that a status of a current security certificate is no longer valid. In some embodiments, an electronic device may communicate with a certificate authority, which may generate a set of policy data that indicates permissions for the electronic device. The electronic device may then generate an electronic record to be associated with the security certificate, which it may sign using a private key. The certificate authority may then verify the authenticity of the signed electronic record using a public key associated with the electronic device. The electronic record may be appended to some collection of records.
    Type: Grant
    Filed: December 13, 2017
    Date of Patent: March 29, 2022
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventors: Avinash Arumugam, Quan Wang, Kelvan Howard, Jerry Wald
  • Patent number: 11283793
    Abstract: Techniques for securing user sessions using a time-based one-time password (TOTP) generated from a shared secret. The shared secret can be a cryptographic hash of one or more user credentials. In response to a successful authentication based on the user credential(s), a session is created. The authentication is performed in connection with an initial access request from a client application. A subsequent access request for a protected resource during the session is processed by extracting a session cookie and a TOTP and generating a corresponding TOTP using the shared secret. The TOTP can be generated by combining the shared secret with one or more additional parameters such as a Uniform Resource Locator associated with the resource, or the session cookie. Access to the protected resource is conditioned upon the session, which is identified by the session cookie, being valid and upon the TOTPs matching.
    Type: Grant
    Filed: October 18, 2018
    Date of Patent: March 22, 2022
    Assignee: Oracle International Corporation
    Inventors: Ranjan Khanna, Sreenivasa R. Chitturi
  • Patent number: 11277399
    Abstract: Example method includes: establishing a secure tunnel with an unauthenticated client device associated with a user of a restricted network; receiving user credentials associated with the user and transmitted from the unauthenticated client device within the secure tunnel; validating the received user credentials; and transmitting at least a client certificate and device configuration information to the unauthenticated client device within the secure tunnel such that the unauthenticated client device is able to access the restricted network after installing the client certificate and applying the device configurations based on the received device configuration information.
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: March 15, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Antoni Milton, Timothy Cappalli
  • Patent number: 11271745
    Abstract: Embodiments of this specification provide methods and systems for operating an IoT device An exemplary method comprises: receiving, by a user equipment, an operation instruction for the IoT device from a user, wherein the user equipment is communicatively coupled with the IoT device; identifying, by the user equipment, a biometric feature of the user; verifying, by the user equipment, an identity of the user based on the biometric feature; signing, by the user equipment, the operation instruction using a first user key of the user in response to the identity of the user being verified; transmitting, by the user equipment, the signed operation instruction to the IoT device; verifying, by the IoT device, the signed operation instruction using a second user key of the user; and executing, by the IoT device, the operation instruction in response to the signed operation instruction being verified.
    Type: Grant
    Filed: May 6, 2021
    Date of Patent: March 8, 2022
    Assignee: ADVANCED NEW TECHNOLOGIES CO., LTD.
    Inventors: Qi Huang, Hui Liao
  • Patent number: 11265303
    Abstract: Embodiments provide a system and method for stateless session synchronization between inspectors for high availability deployments. Man in the Middle inspectors of a communication session between a client and server exchange a shared key that is used as a common seed value in a mapping function algorithm. Each inspector generates identical key-pairs using the common mapping function algorithm, and the inspectors generate the session keys from the key-pairs. Inspectors use the session keys to decrypt and either actively or passively inspect data transferred in a session between a client and server.
    Type: Grant
    Filed: March 30, 2020
    Date of Patent: March 1, 2022
    Assignee: International Business Machines Corporation
    Inventors: Kuo-Chun Chen, Wei-Hsiang Hsiung, Cheng-Ta Lee, Wei-Shiau Suen, Ming Hsun Wu
  • Patent number: 11251940
    Abstract: An approach is provided for deterring a tampering of content. Content is signed by using an asymmetric key cryptography. The signed content is stored in a distributed ledger which is accessible to a plurality of subscribers of the distributed ledger. The signing of the content using the asymmetric key cryptography together with the storing of the signed content in the distributed ledger provide a non-repudiable identification of an owner of the content and a non-repudiable proof of an ownership of the content.
    Type: Grant
    Filed: March 22, 2019
    Date of Patent: February 15, 2022
    Assignee: Kyndryl, Inc.
    Inventors: Michael C. Davis, Robert S. Milligan, Gordan G. Greenlee, Christopher L. Molloy, Steven A. Waite
  • Patent number: 11252572
    Abstract: A method is provided for registration of a device as a Network Application Function, NAF, in a Generic Bootstrapping Architecture, GBA. The device performs a GBA bootstrap operation with a Bootstrapping Server Function, BSF, and sends to a NAF registration function a request to register as a NAF. The device receives NAF registration information from the NAF registration function, and performs a NAF registration with the BSF. The NAF registration function receives from the device a request to register as a NAF, confirms that that the device is authorised to act as a NAF, and transmits the NAF registration information to the device.
    Type: Grant
    Filed: May 26, 2016
    Date of Patent: February 15, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Patrik Salmela, Joona Kannisto, Mohit Sethi, Kristian Slavov
  • Patent number: 11218304
    Abstract: Systems and methods for detecting breached user login records in a zero-knowledge architecture. A breach detection module obtains login data that has been breached from breached data sources and service providers. The breached data is hashed with a system key and the breached data hashes are hashed in a hardware security module (HSM) using a hashing method and a non-exportable key. Clients provide user login data that has been hashed using the hashing method by the client device to the breach detection module. The breach detection module hashes the hashed user login data and compares the hashed user login hashes with the hashed breached data hashes and sends a breach alert to the client device if any hashes match.
    Type: Grant
    Filed: September 23, 2019
    Date of Patent: January 4, 2022
    Assignee: KEEPER SECURITY, INC.
    Inventors: Craig B. Lurey, Darren S. Guccione
  • Patent number: 11216572
    Abstract: An information processing system 100 includes a client node 1 and an issuing node 2 for issuing a coupon having terms of use Q1. The client node 1 includes a use request unit 155 that requests to use the coupon by presenting user data D held by a user of the client node 1. The issuing node 2 includes: a use request verification unit 253 for verifying whether the information included in the user data D satisfies the terms of use Q1 upon the use request from the use request unit 155; and a use authorization unit 254 that authorizes the client node 1 to use the coupon when the information satisfies the terms of use Q1.
    Type: Grant
    Filed: July 18, 2019
    Date of Patent: January 4, 2022
    Assignee: TOHOKU UNIVERSITY
    Inventors: Masao Sakai, Eisuke Koizumi, Junya Iwazaki, Masashi Hisai
  • Patent number: 11210383
    Abstract: Authentication tokens, systems, and methods are described. An illustrative method is disclosed to include receiving an electronic file including a digital image, receiving biometric information that is associated with a person, modifying the electronic file with the biometric information such that one or more pixels in the digital image are replaced with the biometric information, and storing the modified electronic file as a digital authentication token to be used in connection with authorized publications of original digital work.
    Type: Grant
    Filed: June 28, 2021
    Date of Patent: December 28, 2021
    Assignees: Nant Holdings IP, LLC, ImmunityBio, Inc.
    Inventors: Luna Witchey, John Zachary Sanborn, Patrick Soon-Shiong, Nicholas James Witchey
  • Patent number: 11210650
    Abstract: Technologies related to credit payment based on a mobile terminal embedded secure element are disclosed. In an implementation, a payment request is received from a mobile computing device associated with a user account. The payment information including a payment amount is generated based on the payment request. The payment information is then sent to the mobile computing device. A payment authorization encrypted by a private key is received based on asymmetric encryption from the mobile computing device. A public key corresponding to the private key is used to verify the payment authorization, and a transaction log is generated for collecting a payment according to the payment amount if the payment authorization is successfully verified.
    Type: Grant
    Filed: December 19, 2019
    Date of Patent: December 28, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Xing Chen, Lei Wang, Kai Tang
  • Patent number: 11190504
    Abstract: A computer server controls access to a hosted service using digital certificates that are requested from each client attempting to access the service. When a particular client accesses the hosted service, the host service requests a digital certificate from the particular client and issues a challenge message. The particular client signs the challenge message and provides a client digital certificate to the hosted service. The hosted service confirms that the signature on the challenge message matches the client digital certificate, and that the client digital certificate is signed by a trusted entity. Trusted entities are defined by an administrator by uploading, to the hosted service, one or more trusted digital certificates associated with a trusted entities. Using the trusted digital certificates, the hosted service confirms that the digital certificate provided by the particular client is signed by at least one of the trusted entities.
    Type: Grant
    Filed: May 17, 2017
    Date of Patent: November 30, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Malcolm Russell Ah Kun, Uday Bheema, Ankur Goyal, Chao Li, Alexey A. Nikitin, Himesh Pandya, Prasanna Subash, Zhenghong Sun, Nathan Bartholomew Thomas, Harshit Kumar Tiwari, Venkatesh Velaga, Lihao Wang, Brian Scott Waters, Jeffery David Wells, Anand Krishnamoorthy
  • Patent number: 11170078
    Abstract: In one example an apparatus comprises a memory and a processor to receive, in an edge node of a secure network, a first file, determine that the first file is addressed to a recipient outside the secure network, and in response to a determination that the first file is addressed to a destination outside the secure network, to generate a watermark that identifies a transmitter of the document, a recipient of the document, and comprises a digital signature of the first file, embed the watermark in the first file to generate a watermarked file, and pass the watermarked file to an input/output system for transmission out of the secure network. Other examples may be described.
    Type: Grant
    Filed: March 22, 2019
    Date of Patent: November 9, 2021
    Assignee: INTEL CORPORATION
    Inventors: Oleg Pogorelik, Shefy Gur-Ary, Adir Abraham, David Alhanati, Angelo Moscati, Alex Nayshtut, Denis Klimov
  • Patent number: 11153309
    Abstract: Concepts and technologies are disclosed herein for multifactor authentication for Internet-of-things devices. An access request can be received from an Internet-of-things device. The access request can include identifying information associated with the Internet-of-things device and a certificate. The certificate can be validated and a stored version of the identifying information can be obtained. If the stored version of the identifying information is determined to match the identifying information included with the access request, access to a resource can be allowed.
    Type: Grant
    Filed: March 13, 2018
    Date of Patent: October 19, 2021
    Assignees: AT&T Mobility II LLC, AT&T Intellectual Property II, L.P.
    Inventors: Russell Vegh, Senthil Ramakrishnan, Roger Mahler
  • Patent number: 11132672
    Abstract: A user may be willing to purchase items or participate in a pay-for service offered by a service provider. A service provider may wish to verify characteristics of the user prior to allowing transactions to take place, and may want to secure the transactions once the transactions are allowed. A credential issued to a user and a transaction application uploaded to a user device may be used to secure transactions between the user and a service provider interface, such as a webserver or a point-of-sale. The transaction application may capture real-time user data and comparing the real-time user data to prior user data stored on the credential, authenticate the service provider interface to the user and the user to the service provider interface; and establish an encrypted session between the service provider interface and the transaction application adapted to authenticate the transactions between the user and the service provider interface.
    Type: Grant
    Filed: November 29, 2012
    Date of Patent: September 28, 2021
    Assignee: CARDLOGIX
    Inventor: Bruce Ross
  • Patent number: 11133931
    Abstract: The present invention relates to security service providing apparatus and method for supporting lightweight security which provides lightweight security by using an error coefficient and a hash of a chain block used for time synchronization with the terminal for generation of an encryption key to improve security complexity while securing security for communication with terminals and also securing security for an encryption key through the blockchain. According to the present invention, for security for the communication session between the service providing apparatus and the terminal, the encryption key of the terminal is generated as the hash through the hash algorithm by combining the time difference generated in the time synchronization process with the terminal and the hash generated based on the information related to the encryption key of the other terminal stored in the blockchain to generate a symmetrical encryption key which cannot be inferred and has high security.
    Type: Grant
    Filed: November 13, 2019
    Date of Patent: September 28, 2021
    Assignee: GREEN IT KOREA CO., LTD.
    Inventors: Won Sig Kang, Chang Seop Park
  • Patent number: 11132355
    Abstract: Systems and methods are disclosed for certifying an equipment by connecting to a distributed ledger; capturing a physical location and a schematic location of the equipment; performing a test on the equipment; taking a picture of the equipment being tested; and certifying a test result and rendering the test results as immutable records on the distributed ledger.
    Type: Grant
    Filed: January 18, 2019
    Date of Patent: September 28, 2021
    Assignee: Time Lock Documentation LLC
    Inventor: Christopher Eberhardt
  • Patent number: 11128988
    Abstract: In one illustrative example, a mobility node (e.g. an SMF) may receive a message which indicates a request for creating a session for a user equipment (UE). A user plane function (UPF) instance for the session may be selected based on a set of parameters. The set of parameters may include one or more location(s) of one or more multi-access edge computing (MEC) resources and applications of interest for the UE. Location data associated with the MEC resources and applications may be determined from server addresses obtained from UPF processing of domain name server (DNS) queries associated with the applications. In preferred implementations, the server addresses are client subnet location-dependent server addresses obtained from client subnet-based DNS queries. The server addresses or location data derived therefrom may be regularly submitted to the SMF for improved UPF selection based on locations of MEC resources and applications.
    Type: Grant
    Filed: May 15, 2020
    Date of Patent: September 21, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Timothy Peter Stammers, Robert Michael Batz
  • Patent number: 11128442
    Abstract: A system for performing authentication of users of a distributed register network is provided. In particular, the system may comprise a distributed register network comprising one or more decentralized nodes, each of which may store a separate copy of a distributed data register. The system may further comprise one or more specialized nodes which authenticate users that trigger the generation of blocks in a linked structures of the distributed register network, where the blocks are associated with requests that are submitted by the user. In this way, the system verifies the authenticity of the blocks in the linked structures, thereby providing a more robust distributed register network.
    Type: Grant
    Filed: June 23, 2020
    Date of Patent: September 21, 2021
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Nimish Ravindra Deshpande, Prashant Khare
  • Patent number: 11128612
    Abstract: Techniques are disclosed for provisioning device-specific credentials to an Internet of Things device that accesses a cloud-based IoT service. The IoT service receives, from the IoT device, a request for device-specific credentials. The request comprises a provisioning certificate including information identifying a group of devices associated with the IoT device. The provisioning certificate is authenticated by evaluating the information with expected information. The device-specific credentials are generated based, at least in part, on the information provided in the provisioning certificate. The device-specific credentials are sent to the IoT device, and the IoT device installs and activates the device-specific credentials. The device-specific credentials are associated with the IoT device in a registry of the IoT service.
    Type: Grant
    Filed: September 25, 2019
    Date of Patent: September 21, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Rameez Loladia, Ramkishore Bhattacharyya, Ashutosh Thakur, Atulya S. Beheray
  • Patent number: 11108571
    Abstract: Implementations of the present disclosure include generating, by a consensus node, a certificate signing request (CSR); sending the CSR to a first certificate authority (CA); receiving a first public key certificate of the consensus node from the first CA, and a first one or more public key certificates issued by a first one or more CAs. The consensus nodes also sends the CSR to a second CA, receives a second public key certificate of the consensus node from the second CA, and a second one or more public key certificates issued by a second one or more CAs. The consensus node further configures a first truststore including the first public key certificate and the first one or more public key certificates, and a second truststore including the second public key certificate and the second one or more public key certificates.
    Type: Grant
    Filed: November 30, 2020
    Date of Patent: August 31, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Dong Pan, Xuebing Yan, Shenglong Chen
  • Patent number: 11101997
    Abstract: Cryptographic key provisioning by determining future cryptographic key demand according to historic key demand and key access requirements, determining cryptographic key provisioning resources for the future cryptographic key demand, and providing cryptographic keys, prior to the determined future cryptographic key demand using the cryptographic key provisioning resources.
    Type: Grant
    Filed: July 1, 2019
    Date of Patent: August 24, 2021
    Assignee: International Business Machines Corporation
    Inventors: Vinod A. Valecha, Rinkesh I. Bansal, Sanjay B. Panchal, Chintan Thaker
  • Patent number: 11089094
    Abstract: Systems for managing user collaboration over objects stored on a cloud-based service platform. A server in a cloud-based platform maintains a set of read/write metadata that is associated in one-to-one correspondence to stored objects that are accessible by two or more collaborators. The server does not maintain a list of peers that communicate over peer-to-peer connections, rather the server exposes a semaphore for access to the metadata that pertains to a particular one of the stored objects. The server responds to download requests from the collaborators so as to deliver executable signaling protocol computer code to the collaborators' user devices. The signaling protocol code includes semaphore access by the collaborators' user devices using an application programming interface. Two or more accesses over the same semaphore establishes a leader and at least one follower. Corresponding ephemeral peer-to-peer connections are established between the leader and the at least one follower.
    Type: Grant
    Filed: September 10, 2018
    Date of Patent: August 10, 2021
    Assignee: Box, Inc.
    Inventors: Matthew A. Basta, Christopher Ling, Tarrence Van As
  • Patent number: 11088848
    Abstract: Provided are a computer program product, system, and method for using public keys provided by an authentication server to verify digital signatures. A plurality of public keys from a plurality of public-private key pairs and stored in a local key store. A request is received to access computational resources in the system. A challenge is returned in response to the request. A response to the challenge is received comprising a purported digitally signed challenge. A determination is made as to whether the purported digitally signed challenge is verified using a first public key of the public keys in the local key store. A determination is made as to whether the purported digitally signed challenge is verified using a second public key of the public keys in the local key store in response to determining that the first public key did not verify the purported digitally signed challenge.
    Type: Grant
    Filed: June 6, 2019
    Date of Patent: August 10, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Thomas Fiege, Michael P. Groover, Mark E. Hack
  • Patent number: 11080246
    Abstract: Systems and techniques are provided for a decentralized database associating public keys and communications addresses. A signed secret message may be sent by a validator computing device of a peer-to-peer network for a decentralized database to a communications address from a request for verification entry in a verification queue of the decentralized database. A second request for verification including the communications address and a user-signed secret message may be received. The user-signed secret message may be verified using a public key from the request for verification entry in the verification queue. The communications address and public key may be written to a verified database of the decentralized database when verifying the user-signed secret message causes a number of user-signed secret messages received in requests for verification with the communications address and successfully verified to meet a threshold number.
    Type: Grant
    Filed: December 11, 2018
    Date of Patent: August 3, 2021
    Assignee: CELO FOUNDATION
    Inventors: Rene Reinsberg, Sepandar Kamvar, Marek Olszewski
  • Patent number: 11076291
    Abstract: According to an aspect of an embodiment of the present disclosure, operations related to emulated mobile device determinations may include obtaining sensor data associated with an entity. The sensor data may include sensor output values associated with one or more sensors of a physical mobile device. The operations may also include analyzing the obtained sensor data. The analyzing may include performing one or more determinations. The determinations may include determining whether the obtained sensor data includes static data. The determinations may also include determining whether the obtained sensor data includes computer-simulated data. In addition, the determinations may include determining whether the obtained sensor data includes reused sensor data. In some embodiments, the operations may include determining whether the obtained sensor data includes emulated sensor data based on one or more of the determinations.
    Type: Grant
    Filed: January 10, 2017
    Date of Patent: July 27, 2021
    Assignee: PayPal, Inc.
    Inventor: Shlomi Boutnaru
  • Patent number: 11057368
    Abstract: A request to issue a digital certificate may be received. A hash value corresponding to an application that has provided the request for the digital certificate may be identified. A determination may be made as to whether the hash value corresponding to the application matches with a known hash value. In response to determining that the hash value corresponding to the application matches with the known hash value the digital certificate may be issued to the application.
    Type: Grant
    Filed: July 19, 2018
    Date of Patent: July 6, 2021
    Assignee: Fortanix, Inc.
    Inventors: Andrew Leiserson, Jethro Gideon Beekman, Manas Agarwal
  • Patent number: 11057421
    Abstract: Embodiments of the invention are directed to systems, methods and computer program products for enhanced detection of polymorphic malicious content within an entity. In this regard, the present invention receives information associated with an incidence of an electronic file; receives an first hash value of the electronic file from a first network device and a second hash value of the electronic file from a second network device; compares the first hash value with the second hash value; determines that the electronic file is polymorphic based on at least the match; initiates an execution of a quantum optimization algorithm using a quantum optimizer to determine one or more hash value states; receive information associated with an incidence of the electronic file at the third network device; determine that the electronic file is malware; and initiate an intrusion detection protocol configured to deny the electronic file access to the third network device.
    Type: Grant
    Filed: October 7, 2019
    Date of Patent: July 6, 2021
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Eric Eugene Sifford, William August Stahlhut
  • Patent number: 11048806
    Abstract: Disclosed is a method for controlling access to a secure zone of an electronic equipment from a computer file, the equipment including a memory including a reference access right to the electronic equipment. The method includes: —acquiring a reference authenticator via the computer file; acquiring an authenticator from the user; authenticating the user by comparing the authenticator from the user with the reference authenticator; acquiring an access right via the computer file when, at the end of the authentication, the authenticator from the user is compliant with the reference authenticator; and opening an access session to the at least one corresponding secure zone, when the acquired access right corresponds to the reference access right in the memory.
    Type: Grant
    Filed: October 25, 2018
    Date of Patent: June 29, 2021
    Assignee: ALSTOM TRANSPORT TECHNOLOGIES
    Inventors: Xavier Degeneve, Baptiste Fouques
  • Patent number: 11030300
    Abstract: Systems and methods for generating and validating certified electronic credentials are disclosed. A publisher may receive a certified electronic credential order from a credentialer and prepare a plurality of certified electronic credentials. The publisher may associate each credential with authentication information and a credential record, and retain a database of associated authentication information and credential records. The publisher may provide validation services, receiving a validation request through a credentialer's validation portal, and provide a response through the credentialer's portal indicative of the validity, additional information about the credential and/or the credential holder. The credential holder may assign a personal access key to control or limit the validation of a credential. A validating entity may receive credential validation through the credentialer with a heightened degree of confidence in the validation and lack of forgery.
    Type: Grant
    Filed: May 12, 2020
    Date of Patent: June 8, 2021
    Assignee: PARADIGM, INC.
    Inventors: Peter Alan Johnson, Christopher Simon Jackson, Robert Allen Huffman
  • Patent number: 11023608
    Abstract: A method and system for providing secure delivery, transport, modification, exchange of digital design and build files that have been bundled into a digital asset within a complex digital supply chain. The system also provides for quality standards when the digital asset is used to manufacture a physical part, and provides for secure feedback to stakeholders for the purpose of digital logistics, data analytics, or liability. The system includes, but is not limited to, manufacturing, licensing, modification and delegation policy, generating authorization certificates, authenticating manufacturing devices and provide qualitative and quantitative file consumption data.
    Type: Grant
    Filed: September 12, 2018
    Date of Patent: June 1, 2021
    Assignee: IDENTIFY3D, INC.
    Inventors: Chris Adkins, Joseph Inkenbrandt, Stephan Thomas
  • Patent number: 10999080
    Abstract: A verification server provides certificate verification services to users of third-party application sites. In some embodiments, a verifier component of a user's client device provides the verification server with a certificate of a third-party application site, and the verification server indicates whether the certificate is successfully verified. In response to successful verification, the verifier component of the user's client device takes an action such as permitting the user's credentials to be provided to the third-party application site. In some embodiments, verifier components of numerous client devices provide certificates to the verification server, based on which the verification server learns which certificates are valid for a given third-party application site.
    Type: Grant
    Filed: July 18, 2018
    Date of Patent: May 4, 2021
    Assignee: Okta, Inc.
    Inventors: Marcus Hartwig, Samer Fanek, Thomas Belote
  • Patent number: 10999071
    Abstract: A method is for executing an application in a cloud system. The method includes receiving a request from a first user for executing an application in the cloud system; receiving, from the first user, user data of the first user related to the execution of the requested application; storing the received user data in a first storage area of a computing environment of the cloud system; in the computing environment, executing the requested application based on the stored user data of the first user to obtain an execution result; and storing the execution result in a second storage area of the computing environment, the access permission of the first user to the first storage area being a write-only permission, and the access permission of the first user to the second storage area being a read-only permission. As such, data privacy protection and security can be provided in the cloud system.
    Type: Grant
    Filed: July 13, 2018
    Date of Patent: May 4, 2021
    Assignee: Siemens Aktiengesellschaft
    Inventors: Xian Tao Meng, Bin Zhang, Ming Jie, Armin Roux
  • Patent number: 10984348
    Abstract: A cloud-based data integration system comprises a communication gateway, a system database including a ticket booking record, and a processor executing a plurality of service modules. The communication gateway is configured to receive a booking message from a distributor of a plurality of distributors connected to the integration system. A booking module of the service modules is configured to validate the booking message and determine a supplier of a plurality of suppliers connected to the integration system that corresponds to the booking message, create a booking in the ticket booking record based on the booking message, and transmit the booking to the supplier corresponding to the booking of the plurality of suppliers connected to the integration system.
    Type: Grant
    Filed: March 1, 2018
    Date of Patent: April 20, 2021
    Assignee: Gateway Ticketing Systems, Inc.
    Inventors: Michael M. Andre, James W. Fritchman
  • Patent number: 10977367
    Abstract: It is determined whether an installed firmware of a device matches a reference firmware for the device. In response to a determination that the installed firmware of the device does not match the reference firmware for the device, different types of content sections of the installed firmware of the device are extracted. At least one of the content sections is identified as a dynamic section. A portion of the installed firmware selected to exclude at least the dynamic section is compared with a corresponding portion of the reference firmware to determine a comparison result. A security action is performed based at least in part on the comparison result.
    Type: Grant
    Filed: February 6, 2018
    Date of Patent: April 13, 2021
    Assignee: Facebook, Inc.
    Inventors: B. Thomas Adler, Sahil Rihan, Srishti Srivastava
  • Patent number: 10979430
    Abstract: A computer-facilitated service receives a request from a user to access resources provided by the computer-facilitated service. In response to the request, the computer-facilitated service selects an authentication method that can be performed by a remote authentication provider. The computer-facilitated service causes the remote authentication provider to perform the authentication method. In response to an authentication decision provided by the remote authentication provider, the computer-facilitated service determines whether the user has been authenticated by the remote authentication provider. If so, the computer-facilitated service fulfills the request from the user to access the resources.
    Type: Grant
    Filed: May 17, 2017
    Date of Patent: April 13, 2021
    Assignee: Adnazon Technologies, Inc.
    Inventors: Daniel Wade Hitchcock, Bharath Kumar Bhimanaik
  • Patent number: 10979216
    Abstract: Provided are a computer program product, system, and method for generating public/private key pairs to deploy public keys at computing devices to verify digital signatures. A plurality of public-private key pairs are generated to store in a key store. A set of public keys of the public-private key pairs is distributed to the computing systems to use to verify purported digitally signed challenges. One of the public-private key pairs is selected to use a private key of the selected one of the public-private key pairs as a current private key to use to digitally sign challenges from the computing systems. A determination is made to retire the current private key. Another one of the public-private key pairs is selected and the current private key is set to a private key of the selected another one of the public-private key pairs to use to digitally sign challenges from the computing systems.
    Type: Grant
    Filed: August 29, 2019
    Date of Patent: April 13, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Thomas Fiege, Michael P. Groover, Mark E. Hack
  • Patent number: 10972467
    Abstract: Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused.
    Type: Grant
    Filed: January 22, 2020
    Date of Patent: April 6, 2021
    Assignee: AirWatch LLC
    Inventors: Alan Dabbiere, Erich Stuntebeck
  • Patent number: 10972285
    Abstract: In a distributed system, data is shared between three or more electronic devices. The first device generates and signs an object that includes the data. A second device receives the signed object and determines whether the signed object is valid. If valid, the second device will generate a validated signed object and send it to a third device. The third device will validate the object by determining whether the object includes valid signatures of both the first and second devices.
    Type: Grant
    Filed: July 2, 2018
    Date of Patent: April 6, 2021
    Assignee: Google LLC
    Inventors: Michael Burrows, Himabindu Pucha, Raja Daoud, Jatin Lodhia, Ankur Taly
  • Patent number: 10958433
    Abstract: A method provides an origin certificate that can be issued as a digital certificate online. The method includes receiving an origin digital certificate and an encrypted client device private key from an offline certificate authority wherein the client device private key is encrypted according to a private key encryption key PrKEK. The method further includes receiving from the client device, a request for a client device digital certificate and the encrypted client device private key, selecting a digital certificate template for the client device, the digital certificate template having attributes that vary according to the client devices, building the client device digital certificate from the origin digital certificate and the selected digital certificate template, signing the client device digital certificate with an online certificate authority signing key, and transmitting the signed client device digital certificate and the encrypted device private key.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: March 23, 2021
    Assignee: ARRIS Enterprises LLC
    Inventors: Alexander Medvinsky, Eric J. Sprunk, Xin Qiu, Paul Moroney
  • Patent number: 10959287
    Abstract: A computing device that forms a group in accordance with a peer-to-peer protocol in which a device may be identified based on a credential of a user. The credential may be used to determine a unique identifier for the user such that the same identifier is used on any device operated by the same user. Such an identifier may be used in connection with a peer-to-peer protocol that supports persistent peer-to-peer groups. As a result, the unique identifier for the user may be retained by remote devices that have paired with any device operated by a particular user such that those remote devices may automatically establish a connection with any other device operated by the same user that similarly uses the same unique identifier for the user.
    Type: Grant
    Filed: February 8, 2019
    Date of Patent: March 23, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Henrique Filgueiras, Mukund Sankaranarayan, Amer A. Hassan, Mitesh K. Desai, Mahmoud S. Elhaddad
  • Patent number: 10911247
    Abstract: The present application provides a photon-based CA authentication method, including: receiving, by a photon-based CA authentication terminal, an optical signal from a photon terminal, where the optical signal includes a user ID; verifying the user ID included in the optical signal; and providing, in response to successful user ID verification, a user certificate to a client to perform CA certificate authentication.
    Type: Grant
    Filed: April 19, 2018
    Date of Patent: February 2, 2021
    Assignee: Kuang-Chi Intelligent Photonic Technology Ltd.
    Inventors: Ruopeng Liu, Xudong Wang
  • Patent number: 10910682
    Abstract: A DC power control device including: an instructing unit configured to instruct another device connected to a DC bus line to read a voltage value and a current value on the DC bus line; and a correction reference value deciding unit configured to acquire the voltage value and the current value read by the other device and to decide a correction reference value in transmitting and receiving DC power to and from the other device through the DC bus line using the acquired values.
    Type: Grant
    Filed: October 6, 2015
    Date of Patent: February 2, 2021
    Assignee: Sony Corporation
    Inventor: Tadashi Morita
  • Patent number: 10911603
    Abstract: Embodiments of the present invention provide a service allocation method and apparatus. The method includes: firstly, generating, by a core network side device, a first dedicated network identifier according to an association relationship sent by user equipment UE, where the first dedicated network identifier is used to identify the association relationship; secondly, sending, by the core network side device, the first dedicated network identifier to the UE; receiving, by the core network side device, a service request message sent by the UE; and finally, allocating a service to the UE according to the service request message and the first dedicated network identifier. Because each wireless router has a unique first dedicated network identifier, the core network side device can provide, according to the first dedicated network identifier, a targeted service or tariff policy for UE corresponding to each wireless router.
    Type: Grant
    Filed: April 22, 2015
    Date of Patent: February 2, 2021
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Changzhu Li, Guangxue Sun
  • Patent number: 10903987
    Abstract: This application provides a key configuration method and an apparatus. A key management center obtains a service key, and performs encryption and/or integrity protection on the service key to obtain a token. The key management center sends the token to a first network element, the first network element forwards the token to a second network element, and the second network element obtains the service key based on the token. The service key is used to perform encryption and/or integrity protection on data transmitted between the first network element and the second network element. Therefore, security key configuration can be implemented through interaction between the key management center and the network elements, thereby laying a foundation for end-to-end security communication between the first network element and the second network element.
    Type: Grant
    Filed: May 14, 2018
    Date of Patent: January 26, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Bo Zhang, Lu Gan
  • Patent number: 10885501
    Abstract: The present invention relates to an accredited certificate issuance system based on a block chain and a method using the same, and an accredited certificate authentication system based on a block chain and a method using the same, which disenable a leak of a personal key by autonomously generating, storing and managing the personal key by a random number generator mounted in a terminal in which it is impossible to install a function or an additional program for physically accessing; enable a public key for accredited certification to be stored in a block chain of electronic wallets mounted in block chain retention servers via a P2P network-based distribution database, not in a server of an accredited certificate authority (CA), and thus incur almost no costs for maintenance and for operating the established accredited certificate issuance system; and can perform an accredited certification process without ActiveX.
    Type: Grant
    Filed: July 7, 2016
    Date of Patent: January 5, 2021
    Assignee: Coinplug, Inc.
    Inventors: Joon Sun Uhr, Jay Wu Hong, Joo Han Song
  • Patent number: 10887113
    Abstract: A system and method for integrating hierarchical authentication systems and non-hierarchical authentication systems. The system and method is provided in one configuration as a mobile app that functions to allow a mobile device to access highly sensitive data while simultaneously ensuring a highly secured environment utilizing both hierarchical authentication systems and non-hierarchical authentication systems to provide a highly reliable authentication process.
    Type: Grant
    Filed: November 21, 2017
    Date of Patent: January 5, 2021
    Assignee: Queralt, Inc.
    Inventors: Michael Queralt, John W. Tolbert