By Generation Of Certificate Patents (Class 713/175)
-
Patent number: 11343095Abstract: The disclosed technology is generally directed to secure transactions. In one example of the technology, a first enclave to be used for executing a cryptlet binary of a first cryptlet is identified. The first enclave may be a secure execution environment that stores an enclave private key, and the first cryptlet may be associated with at least a first counterparty. A cryptlet binding that is associated with the first cryptlet may be generated, and may include counterparty information that is associated with at least the first counterparty. Cryptlet binding information may be provided to a cryptlet binding key graph, and a location of a first hardware security module (HSM) that stores a key that is associated with the first counterparty may be received from the cryptlet binding key graph.Type: GrantFiled: September 19, 2017Date of Patent: May 24, 2022Assignee: Microsoft Technology Licensing, LLCInventor: John Marley Gray
-
Patent number: 11336927Abstract: Some embodiments relate to a content matching system (101) comprising a first device (100), a matching server (300), and a second device (200). The content matching system enables the second device to consume content matching with content which is consumable on the first device, even if the first and second devices do not have access to the same streaming service.Type: GrantFiled: January 8, 2019Date of Patent: May 17, 2022Assignee: REZZONATION B.V.Inventors: Sander Anton Martine Weegels, Henricus Petronella Maria Derckx, Anthony John Slack
-
Patent number: 11329829Abstract: A log, comprising a sequence of temporally ordered digital entries, is authenticated by entering a new entry into the log only after expiration of a minimum time interval. A digital signature and timestamp are generated for each entry in the log and are included in each respective entry. In a validity verification phase, the timestamp of at least one of the entries is examined to determine whether it indicates entry into the log at a time relative to a preceding entry in the log after less than an expected minimum time interval. If so, a remedial action is taken.Type: GrantFiled: June 1, 2019Date of Patent: May 10, 2022Assignee: Guardtime SAInventor: Henri Lakk
-
Patent number: 11301840Abstract: A provisioning system is provided for terminals such as point of sale terminals. An interface device interfaces with a smart card and a provisioning server, providing initialization keys and security codes that are stored on the smart card. At a terminal, an initialization key from the smart card may be provided to the terminal if a correct security code is entered at the terminal. The terminal may then provide a terminal authorization package to the smart card. The terminal authorization package is stored on the smart card. At the interface device, the terminal authorization package is provided to the provisioning server. The terminal may then securely communicate transactions with an issuer server.Type: GrantFiled: June 26, 2015Date of Patent: April 12, 2022Assignee: Block, Inc.Inventors: Malcolm Smith, Kshitiz Vadera, Afshin Rezayee
-
Patent number: 11290269Abstract: Embodiments of the invention are directed to techniques for enabling self-certification of an electronic device to result in the issuance of a security certificate that the electronic device may use to authenticate itself to another entity. In some embodiments, the device is caused to initiate the self-certification process upon determining that a status of a current security certificate is no longer valid. In some embodiments, an electronic device may communicate with a certificate authority, which may generate a set of policy data that indicates permissions for the electronic device. The electronic device may then generate an electronic record to be associated with the security certificate, which it may sign using a private key. The certificate authority may then verify the authenticity of the signed electronic record using a public key associated with the electronic device. The electronic record may be appended to some collection of records.Type: GrantFiled: December 13, 2017Date of Patent: March 29, 2022Assignee: VISA INTERNATIONAL SERVICE ASSOCIATIONInventors: Avinash Arumugam, Quan Wang, Kelvan Howard, Jerry Wald
-
Patent number: 11290285Abstract: A certificate identification system comprises multiple source devices configured to generate an artifact which comprises features indicating user data and an action, a certificate database configured to store certificates comprising user identity information corresponds to its signatory, and an identity manager in signal communication with the source devices and the certificate database.Type: GrantFiled: February 8, 2019Date of Patent: March 29, 2022Assignee: Bank of America CorporationInventors: Govinda Rajulu Nelluri, Srinivasa Rao Dakshinyam
-
Patent number: 11283793Abstract: Techniques for securing user sessions using a time-based one-time password (TOTP) generated from a shared secret. The shared secret can be a cryptographic hash of one or more user credentials. In response to a successful authentication based on the user credential(s), a session is created. The authentication is performed in connection with an initial access request from a client application. A subsequent access request for a protected resource during the session is processed by extracting a session cookie and a TOTP and generating a corresponding TOTP using the shared secret. The TOTP can be generated by combining the shared secret with one or more additional parameters such as a Uniform Resource Locator associated with the resource, or the session cookie. Access to the protected resource is conditioned upon the session, which is identified by the session cookie, being valid and upon the TOTPs matching.Type: GrantFiled: October 18, 2018Date of Patent: March 22, 2022Assignee: Oracle International CorporationInventors: Ranjan Khanna, Sreenivasa R. Chitturi
-
Patent number: 11277399Abstract: Example method includes: establishing a secure tunnel with an unauthenticated client device associated with a user of a restricted network; receiving user credentials associated with the user and transmitted from the unauthenticated client device within the secure tunnel; validating the received user credentials; and transmitting at least a client certificate and device configuration information to the unauthenticated client device within the secure tunnel such that the unauthenticated client device is able to access the restricted network after installing the client certificate and applying the device configurations based on the received device configuration information.Type: GrantFiled: April 30, 2019Date of Patent: March 15, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Antoni Milton, Timothy Cappalli
-
Patent number: 11271745Abstract: Embodiments of this specification provide methods and systems for operating an IoT device An exemplary method comprises: receiving, by a user equipment, an operation instruction for the IoT device from a user, wherein the user equipment is communicatively coupled with the IoT device; identifying, by the user equipment, a biometric feature of the user; verifying, by the user equipment, an identity of the user based on the biometric feature; signing, by the user equipment, the operation instruction using a first user key of the user in response to the identity of the user being verified; transmitting, by the user equipment, the signed operation instruction to the IoT device; verifying, by the IoT device, the signed operation instruction using a second user key of the user; and executing, by the IoT device, the operation instruction in response to the signed operation instruction being verified.Type: GrantFiled: May 6, 2021Date of Patent: March 8, 2022Assignee: ADVANCED NEW TECHNOLOGIES CO., LTD.Inventors: Qi Huang, Hui Liao
-
Patent number: 11265303Abstract: Embodiments provide a system and method for stateless session synchronization between inspectors for high availability deployments. Man in the Middle inspectors of a communication session between a client and server exchange a shared key that is used as a common seed value in a mapping function algorithm. Each inspector generates identical key-pairs using the common mapping function algorithm, and the inspectors generate the session keys from the key-pairs. Inspectors use the session keys to decrypt and either actively or passively inspect data transferred in a session between a client and server.Type: GrantFiled: March 30, 2020Date of Patent: March 1, 2022Assignee: International Business Machines CorporationInventors: Kuo-Chun Chen, Wei-Hsiang Hsiung, Cheng-Ta Lee, Wei-Shiau Suen, Ming Hsun Wu
-
Patent number: 11251940Abstract: An approach is provided for deterring a tampering of content. Content is signed by using an asymmetric key cryptography. The signed content is stored in a distributed ledger which is accessible to a plurality of subscribers of the distributed ledger. The signing of the content using the asymmetric key cryptography together with the storing of the signed content in the distributed ledger provide a non-repudiable identification of an owner of the content and a non-repudiable proof of an ownership of the content.Type: GrantFiled: March 22, 2019Date of Patent: February 15, 2022Assignee: Kyndryl, Inc.Inventors: Michael C. Davis, Robert S. Milligan, Gordan G. Greenlee, Christopher L. Molloy, Steven A. Waite
-
Patent number: 11252572Abstract: A method is provided for registration of a device as a Network Application Function, NAF, in a Generic Bootstrapping Architecture, GBA. The device performs a GBA bootstrap operation with a Bootstrapping Server Function, BSF, and sends to a NAF registration function a request to register as a NAF. The device receives NAF registration information from the NAF registration function, and performs a NAF registration with the BSF. The NAF registration function receives from the device a request to register as a NAF, confirms that that the device is authorised to act as a NAF, and transmits the NAF registration information to the device.Type: GrantFiled: May 26, 2016Date of Patent: February 15, 2022Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Patrik Salmela, Joona Kannisto, Mohit Sethi, Kristian Slavov
-
Patent number: 11216572Abstract: An information processing system 100 includes a client node 1 and an issuing node 2 for issuing a coupon having terms of use Q1. The client node 1 includes a use request unit 155 that requests to use the coupon by presenting user data D held by a user of the client node 1. The issuing node 2 includes: a use request verification unit 253 for verifying whether the information included in the user data D satisfies the terms of use Q1 upon the use request from the use request unit 155; and a use authorization unit 254 that authorizes the client node 1 to use the coupon when the information satisfies the terms of use Q1.Type: GrantFiled: July 18, 2019Date of Patent: January 4, 2022Assignee: TOHOKU UNIVERSITYInventors: Masao Sakai, Eisuke Koizumi, Junya Iwazaki, Masashi Hisai
-
Patent number: 11218304Abstract: Systems and methods for detecting breached user login records in a zero-knowledge architecture. A breach detection module obtains login data that has been breached from breached data sources and service providers. The breached data is hashed with a system key and the breached data hashes are hashed in a hardware security module (HSM) using a hashing method and a non-exportable key. Clients provide user login data that has been hashed using the hashing method by the client device to the breach detection module. The breach detection module hashes the hashed user login data and compares the hashed user login hashes with the hashed breached data hashes and sends a breach alert to the client device if any hashes match.Type: GrantFiled: September 23, 2019Date of Patent: January 4, 2022Assignee: KEEPER SECURITY, INC.Inventors: Craig B. Lurey, Darren S. Guccione
-
Patent number: 11210650Abstract: Technologies related to credit payment based on a mobile terminal embedded secure element are disclosed. In an implementation, a payment request is received from a mobile computing device associated with a user account. The payment information including a payment amount is generated based on the payment request. The payment information is then sent to the mobile computing device. A payment authorization encrypted by a private key is received based on asymmetric encryption from the mobile computing device. A public key corresponding to the private key is used to verify the payment authorization, and a transaction log is generated for collecting a payment according to the payment amount if the payment authorization is successfully verified.Type: GrantFiled: December 19, 2019Date of Patent: December 28, 2021Assignee: Advanced New Technologies Co., Ltd.Inventors: Xing Chen, Lei Wang, Kai Tang
-
Patent number: 11210383Abstract: Authentication tokens, systems, and methods are described. An illustrative method is disclosed to include receiving an electronic file including a digital image, receiving biometric information that is associated with a person, modifying the electronic file with the biometric information such that one or more pixels in the digital image are replaced with the biometric information, and storing the modified electronic file as a digital authentication token to be used in connection with authorized publications of original digital work.Type: GrantFiled: June 28, 2021Date of Patent: December 28, 2021Assignees: Nant Holdings IP, LLC, ImmunityBio, Inc.Inventors: Luna Witchey, John Zachary Sanborn, Patrick Soon-Shiong, Nicholas James Witchey
-
Patent number: 11190504Abstract: A computer server controls access to a hosted service using digital certificates that are requested from each client attempting to access the service. When a particular client accesses the hosted service, the host service requests a digital certificate from the particular client and issues a challenge message. The particular client signs the challenge message and provides a client digital certificate to the hosted service. The hosted service confirms that the signature on the challenge message matches the client digital certificate, and that the client digital certificate is signed by a trusted entity. Trusted entities are defined by an administrator by uploading, to the hosted service, one or more trusted digital certificates associated with a trusted entities. Using the trusted digital certificates, the hosted service confirms that the digital certificate provided by the particular client is signed by at least one of the trusted entities.Type: GrantFiled: May 17, 2017Date of Patent: November 30, 2021Assignee: Amazon Technologies, Inc.Inventors: Malcolm Russell Ah Kun, Uday Bheema, Ankur Goyal, Chao Li, Alexey A. Nikitin, Himesh Pandya, Prasanna Subash, Zhenghong Sun, Nathan Bartholomew Thomas, Harshit Kumar Tiwari, Venkatesh Velaga, Lihao Wang, Brian Scott Waters, Jeffery David Wells, Anand Krishnamoorthy
-
Patent number: 11170078Abstract: In one example an apparatus comprises a memory and a processor to receive, in an edge node of a secure network, a first file, determine that the first file is addressed to a recipient outside the secure network, and in response to a determination that the first file is addressed to a destination outside the secure network, to generate a watermark that identifies a transmitter of the document, a recipient of the document, and comprises a digital signature of the first file, embed the watermark in the first file to generate a watermarked file, and pass the watermarked file to an input/output system for transmission out of the secure network. Other examples may be described.Type: GrantFiled: March 22, 2019Date of Patent: November 9, 2021Assignee: INTEL CORPORATIONInventors: Oleg Pogorelik, Shefy Gur-Ary, Adir Abraham, David Alhanati, Angelo Moscati, Alex Nayshtut, Denis Klimov
-
Patent number: 11153309Abstract: Concepts and technologies are disclosed herein for multifactor authentication for Internet-of-things devices. An access request can be received from an Internet-of-things device. The access request can include identifying information associated with the Internet-of-things device and a certificate. The certificate can be validated and a stored version of the identifying information can be obtained. If the stored version of the identifying information is determined to match the identifying information included with the access request, access to a resource can be allowed.Type: GrantFiled: March 13, 2018Date of Patent: October 19, 2021Assignees: AT&T Mobility II LLC, AT&T Intellectual Property II, L.P.Inventors: Russell Vegh, Senthil Ramakrishnan, Roger Mahler
-
Patent number: 11132355Abstract: Systems and methods are disclosed for certifying an equipment by connecting to a distributed ledger; capturing a physical location and a schematic location of the equipment; performing a test on the equipment; taking a picture of the equipment being tested; and certifying a test result and rendering the test results as immutable records on the distributed ledger.Type: GrantFiled: January 18, 2019Date of Patent: September 28, 2021Assignee: Time Lock Documentation LLCInventor: Christopher Eberhardt
-
Patent number: 11132672Abstract: A user may be willing to purchase items or participate in a pay-for service offered by a service provider. A service provider may wish to verify characteristics of the user prior to allowing transactions to take place, and may want to secure the transactions once the transactions are allowed. A credential issued to a user and a transaction application uploaded to a user device may be used to secure transactions between the user and a service provider interface, such as a webserver or a point-of-sale. The transaction application may capture real-time user data and comparing the real-time user data to prior user data stored on the credential, authenticate the service provider interface to the user and the user to the service provider interface; and establish an encrypted session between the service provider interface and the transaction application adapted to authenticate the transactions between the user and the service provider interface.Type: GrantFiled: November 29, 2012Date of Patent: September 28, 2021Assignee: CARDLOGIXInventor: Bruce Ross
-
Patent number: 11133931Abstract: The present invention relates to security service providing apparatus and method for supporting lightweight security which provides lightweight security by using an error coefficient and a hash of a chain block used for time synchronization with the terminal for generation of an encryption key to improve security complexity while securing security for communication with terminals and also securing security for an encryption key through the blockchain. According to the present invention, for security for the communication session between the service providing apparatus and the terminal, the encryption key of the terminal is generated as the hash through the hash algorithm by combining the time difference generated in the time synchronization process with the terminal and the hash generated based on the information related to the encryption key of the other terminal stored in the blockchain to generate a symmetrical encryption key which cannot be inferred and has high security.Type: GrantFiled: November 13, 2019Date of Patent: September 28, 2021Assignee: GREEN IT KOREA CO., LTD.Inventors: Won Sig Kang, Chang Seop Park
-
Patent number: 11128442Abstract: A system for performing authentication of users of a distributed register network is provided. In particular, the system may comprise a distributed register network comprising one or more decentralized nodes, each of which may store a separate copy of a distributed data register. The system may further comprise one or more specialized nodes which authenticate users that trigger the generation of blocks in a linked structures of the distributed register network, where the blocks are associated with requests that are submitted by the user. In this way, the system verifies the authenticity of the blocks in the linked structures, thereby providing a more robust distributed register network.Type: GrantFiled: June 23, 2020Date of Patent: September 21, 2021Assignee: BANK OF AMERICA CORPORATIONInventors: Nimish Ravindra Deshpande, Prashant Khare
-
Patent number: 11128988Abstract: In one illustrative example, a mobility node (e.g. an SMF) may receive a message which indicates a request for creating a session for a user equipment (UE). A user plane function (UPF) instance for the session may be selected based on a set of parameters. The set of parameters may include one or more location(s) of one or more multi-access edge computing (MEC) resources and applications of interest for the UE. Location data associated with the MEC resources and applications may be determined from server addresses obtained from UPF processing of domain name server (DNS) queries associated with the applications. In preferred implementations, the server addresses are client subnet location-dependent server addresses obtained from client subnet-based DNS queries. The server addresses or location data derived therefrom may be regularly submitted to the SMF for improved UPF selection based on locations of MEC resources and applications.Type: GrantFiled: May 15, 2020Date of Patent: September 21, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Timothy Peter Stammers, Robert Michael Batz
-
Patent number: 11128612Abstract: Techniques are disclosed for provisioning device-specific credentials to an Internet of Things device that accesses a cloud-based IoT service. The IoT service receives, from the IoT device, a request for device-specific credentials. The request comprises a provisioning certificate including information identifying a group of devices associated with the IoT device. The provisioning certificate is authenticated by evaluating the information with expected information. The device-specific credentials are generated based, at least in part, on the information provided in the provisioning certificate. The device-specific credentials are sent to the IoT device, and the IoT device installs and activates the device-specific credentials. The device-specific credentials are associated with the IoT device in a registry of the IoT service.Type: GrantFiled: September 25, 2019Date of Patent: September 21, 2021Assignee: Amazon Technologies, Inc.Inventors: Rameez Loladia, Ramkishore Bhattacharyya, Ashutosh Thakur, Atulya S. Beheray
-
Patent number: 11108571Abstract: Implementations of the present disclosure include generating, by a consensus node, a certificate signing request (CSR); sending the CSR to a first certificate authority (CA); receiving a first public key certificate of the consensus node from the first CA, and a first one or more public key certificates issued by a first one or more CAs. The consensus nodes also sends the CSR to a second CA, receives a second public key certificate of the consensus node from the second CA, and a second one or more public key certificates issued by a second one or more CAs. The consensus node further configures a first truststore including the first public key certificate and the first one or more public key certificates, and a second truststore including the second public key certificate and the second one or more public key certificates.Type: GrantFiled: November 30, 2020Date of Patent: August 31, 2021Assignee: Advanced New Technologies Co., Ltd.Inventors: Dong Pan, Xuebing Yan, Shenglong Chen
-
Patent number: 11101997Abstract: Cryptographic key provisioning by determining future cryptographic key demand according to historic key demand and key access requirements, determining cryptographic key provisioning resources for the future cryptographic key demand, and providing cryptographic keys, prior to the determined future cryptographic key demand using the cryptographic key provisioning resources.Type: GrantFiled: July 1, 2019Date of Patent: August 24, 2021Assignee: International Business Machines CorporationInventors: Vinod A. Valecha, Rinkesh I. Bansal, Sanjay B. Panchal, Chintan Thaker
-
Patent number: 11089094Abstract: Systems for managing user collaboration over objects stored on a cloud-based service platform. A server in a cloud-based platform maintains a set of read/write metadata that is associated in one-to-one correspondence to stored objects that are accessible by two or more collaborators. The server does not maintain a list of peers that communicate over peer-to-peer connections, rather the server exposes a semaphore for access to the metadata that pertains to a particular one of the stored objects. The server responds to download requests from the collaborators so as to deliver executable signaling protocol computer code to the collaborators' user devices. The signaling protocol code includes semaphore access by the collaborators' user devices using an application programming interface. Two or more accesses over the same semaphore establishes a leader and at least one follower. Corresponding ephemeral peer-to-peer connections are established between the leader and the at least one follower.Type: GrantFiled: September 10, 2018Date of Patent: August 10, 2021Assignee: Box, Inc.Inventors: Matthew A. Basta, Christopher Ling, Tarrence Van As
-
Patent number: 11088848Abstract: Provided are a computer program product, system, and method for using public keys provided by an authentication server to verify digital signatures. A plurality of public keys from a plurality of public-private key pairs and stored in a local key store. A request is received to access computational resources in the system. A challenge is returned in response to the request. A response to the challenge is received comprising a purported digitally signed challenge. A determination is made as to whether the purported digitally signed challenge is verified using a first public key of the public keys in the local key store. A determination is made as to whether the purported digitally signed challenge is verified using a second public key of the public keys in the local key store in response to determining that the first public key did not verify the purported digitally signed challenge.Type: GrantFiled: June 6, 2019Date of Patent: August 10, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Thomas Fiege, Michael P. Groover, Mark E. Hack
-
Patent number: 11080246Abstract: Systems and techniques are provided for a decentralized database associating public keys and communications addresses. A signed secret message may be sent by a validator computing device of a peer-to-peer network for a decentralized database to a communications address from a request for verification entry in a verification queue of the decentralized database. A second request for verification including the communications address and a user-signed secret message may be received. The user-signed secret message may be verified using a public key from the request for verification entry in the verification queue. The communications address and public key may be written to a verified database of the decentralized database when verifying the user-signed secret message causes a number of user-signed secret messages received in requests for verification with the communications address and successfully verified to meet a threshold number.Type: GrantFiled: December 11, 2018Date of Patent: August 3, 2021Assignee: CELO FOUNDATIONInventors: Rene Reinsberg, Sepandar Kamvar, Marek Olszewski
-
Patent number: 11076291Abstract: According to an aspect of an embodiment of the present disclosure, operations related to emulated mobile device determinations may include obtaining sensor data associated with an entity. The sensor data may include sensor output values associated with one or more sensors of a physical mobile device. The operations may also include analyzing the obtained sensor data. The analyzing may include performing one or more determinations. The determinations may include determining whether the obtained sensor data includes static data. The determinations may also include determining whether the obtained sensor data includes computer-simulated data. In addition, the determinations may include determining whether the obtained sensor data includes reused sensor data. In some embodiments, the operations may include determining whether the obtained sensor data includes emulated sensor data based on one or more of the determinations.Type: GrantFiled: January 10, 2017Date of Patent: July 27, 2021Assignee: PayPal, Inc.Inventor: Shlomi Boutnaru
-
Patent number: 11057421Abstract: Embodiments of the invention are directed to systems, methods and computer program products for enhanced detection of polymorphic malicious content within an entity. In this regard, the present invention receives information associated with an incidence of an electronic file; receives an first hash value of the electronic file from a first network device and a second hash value of the electronic file from a second network device; compares the first hash value with the second hash value; determines that the electronic file is polymorphic based on at least the match; initiates an execution of a quantum optimization algorithm using a quantum optimizer to determine one or more hash value states; receive information associated with an incidence of the electronic file at the third network device; determine that the electronic file is malware; and initiate an intrusion detection protocol configured to deny the electronic file access to the third network device.Type: GrantFiled: October 7, 2019Date of Patent: July 6, 2021Assignee: BANK OF AMERICA CORPORATIONInventors: Eric Eugene Sifford, William August Stahlhut
-
Patent number: 11057368Abstract: A request to issue a digital certificate may be received. A hash value corresponding to an application that has provided the request for the digital certificate may be identified. A determination may be made as to whether the hash value corresponding to the application matches with a known hash value. In response to determining that the hash value corresponding to the application matches with the known hash value the digital certificate may be issued to the application.Type: GrantFiled: July 19, 2018Date of Patent: July 6, 2021Assignee: Fortanix, Inc.Inventors: Andrew Leiserson, Jethro Gideon Beekman, Manas Agarwal
-
Patent number: 11048806Abstract: Disclosed is a method for controlling access to a secure zone of an electronic equipment from a computer file, the equipment including a memory including a reference access right to the electronic equipment. The method includes: —acquiring a reference authenticator via the computer file; acquiring an authenticator from the user; authenticating the user by comparing the authenticator from the user with the reference authenticator; acquiring an access right via the computer file when, at the end of the authentication, the authenticator from the user is compliant with the reference authenticator; and opening an access session to the at least one corresponding secure zone, when the acquired access right corresponds to the reference access right in the memory.Type: GrantFiled: October 25, 2018Date of Patent: June 29, 2021Assignee: ALSTOM TRANSPORT TECHNOLOGIESInventors: Xavier Degeneve, Baptiste Fouques
-
Patent number: 11030300Abstract: Systems and methods for generating and validating certified electronic credentials are disclosed. A publisher may receive a certified electronic credential order from a credentialer and prepare a plurality of certified electronic credentials. The publisher may associate each credential with authentication information and a credential record, and retain a database of associated authentication information and credential records. The publisher may provide validation services, receiving a validation request through a credentialer's validation portal, and provide a response through the credentialer's portal indicative of the validity, additional information about the credential and/or the credential holder. The credential holder may assign a personal access key to control or limit the validation of a credential. A validating entity may receive credential validation through the credentialer with a heightened degree of confidence in the validation and lack of forgery.Type: GrantFiled: May 12, 2020Date of Patent: June 8, 2021Assignee: PARADIGM, INC.Inventors: Peter Alan Johnson, Christopher Simon Jackson, Robert Allen Huffman
-
Patent number: 11023608Abstract: A method and system for providing secure delivery, transport, modification, exchange of digital design and build files that have been bundled into a digital asset within a complex digital supply chain. The system also provides for quality standards when the digital asset is used to manufacture a physical part, and provides for secure feedback to stakeholders for the purpose of digital logistics, data analytics, or liability. The system includes, but is not limited to, manufacturing, licensing, modification and delegation policy, generating authorization certificates, authenticating manufacturing devices and provide qualitative and quantitative file consumption data.Type: GrantFiled: September 12, 2018Date of Patent: June 1, 2021Assignee: IDENTIFY3D, INC.Inventors: Chris Adkins, Joseph Inkenbrandt, Stephan Thomas
-
Patent number: 10999071Abstract: A method is for executing an application in a cloud system. The method includes receiving a request from a first user for executing an application in the cloud system; receiving, from the first user, user data of the first user related to the execution of the requested application; storing the received user data in a first storage area of a computing environment of the cloud system; in the computing environment, executing the requested application based on the stored user data of the first user to obtain an execution result; and storing the execution result in a second storage area of the computing environment, the access permission of the first user to the first storage area being a write-only permission, and the access permission of the first user to the second storage area being a read-only permission. As such, data privacy protection and security can be provided in the cloud system.Type: GrantFiled: July 13, 2018Date of Patent: May 4, 2021Assignee: Siemens AktiengesellschaftInventors: Xian Tao Meng, Bin Zhang, Ming Jie, Armin Roux
-
Patent number: 10999080Abstract: A verification server provides certificate verification services to users of third-party application sites. In some embodiments, a verifier component of a user's client device provides the verification server with a certificate of a third-party application site, and the verification server indicates whether the certificate is successfully verified. In response to successful verification, the verifier component of the user's client device takes an action such as permitting the user's credentials to be provided to the third-party application site. In some embodiments, verifier components of numerous client devices provide certificates to the verification server, based on which the verification server learns which certificates are valid for a given third-party application site.Type: GrantFiled: July 18, 2018Date of Patent: May 4, 2021Assignee: Okta, Inc.Inventors: Marcus Hartwig, Samer Fanek, Thomas Belote
-
Patent number: 10984348Abstract: A cloud-based data integration system comprises a communication gateway, a system database including a ticket booking record, and a processor executing a plurality of service modules. The communication gateway is configured to receive a booking message from a distributor of a plurality of distributors connected to the integration system. A booking module of the service modules is configured to validate the booking message and determine a supplier of a plurality of suppliers connected to the integration system that corresponds to the booking message, create a booking in the ticket booking record based on the booking message, and transmit the booking to the supplier corresponding to the booking of the plurality of suppliers connected to the integration system.Type: GrantFiled: March 1, 2018Date of Patent: April 20, 2021Assignee: Gateway Ticketing Systems, Inc.Inventors: Michael M. Andre, James W. Fritchman
-
Patent number: 10979216Abstract: Provided are a computer program product, system, and method for generating public/private key pairs to deploy public keys at computing devices to verify digital signatures. A plurality of public-private key pairs are generated to store in a key store. A set of public keys of the public-private key pairs is distributed to the computing systems to use to verify purported digitally signed challenges. One of the public-private key pairs is selected to use a private key of the selected one of the public-private key pairs as a current private key to use to digitally sign challenges from the computing systems. A determination is made to retire the current private key. Another one of the public-private key pairs is selected and the current private key is set to a private key of the selected another one of the public-private key pairs to use to digitally sign challenges from the computing systems.Type: GrantFiled: August 29, 2019Date of Patent: April 13, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Thomas Fiege, Michael P. Groover, Mark E. Hack
-
Patent number: 10977367Abstract: It is determined whether an installed firmware of a device matches a reference firmware for the device. In response to a determination that the installed firmware of the device does not match the reference firmware for the device, different types of content sections of the installed firmware of the device are extracted. At least one of the content sections is identified as a dynamic section. A portion of the installed firmware selected to exclude at least the dynamic section is compared with a corresponding portion of the reference firmware to determine a comparison result. A security action is performed based at least in part on the comparison result.Type: GrantFiled: February 6, 2018Date of Patent: April 13, 2021Assignee: Facebook, Inc.Inventors: B. Thomas Adler, Sahil Rihan, Srishti Srivastava
-
Patent number: 10979430Abstract: A computer-facilitated service receives a request from a user to access resources provided by the computer-facilitated service. In response to the request, the computer-facilitated service selects an authentication method that can be performed by a remote authentication provider. The computer-facilitated service causes the remote authentication provider to perform the authentication method. In response to an authentication decision provided by the remote authentication provider, the computer-facilitated service determines whether the user has been authenticated by the remote authentication provider. If so, the computer-facilitated service fulfills the request from the user to access the resources.Type: GrantFiled: May 17, 2017Date of Patent: April 13, 2021Assignee: Adnazon Technologies, Inc.Inventors: Daniel Wade Hitchcock, Bharath Kumar Bhimanaik
-
Patent number: 10972467Abstract: Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused.Type: GrantFiled: January 22, 2020Date of Patent: April 6, 2021Assignee: AirWatch LLCInventors: Alan Dabbiere, Erich Stuntebeck
-
Patent number: 10972285Abstract: In a distributed system, data is shared between three or more electronic devices. The first device generates and signs an object that includes the data. A second device receives the signed object and determines whether the signed object is valid. If valid, the second device will generate a validated signed object and send it to a third device. The third device will validate the object by determining whether the object includes valid signatures of both the first and second devices.Type: GrantFiled: July 2, 2018Date of Patent: April 6, 2021Assignee: Google LLCInventors: Michael Burrows, Himabindu Pucha, Raja Daoud, Jatin Lodhia, Ankur Taly
-
Patent number: 10959287Abstract: A computing device that forms a group in accordance with a peer-to-peer protocol in which a device may be identified based on a credential of a user. The credential may be used to determine a unique identifier for the user such that the same identifier is used on any device operated by the same user. Such an identifier may be used in connection with a peer-to-peer protocol that supports persistent peer-to-peer groups. As a result, the unique identifier for the user may be retained by remote devices that have paired with any device operated by a particular user such that those remote devices may automatically establish a connection with any other device operated by the same user that similarly uses the same unique identifier for the user.Type: GrantFiled: February 8, 2019Date of Patent: March 23, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Henrique Filgueiras, Mukund Sankaranarayan, Amer A. Hassan, Mitesh K. Desai, Mahmoud S. Elhaddad
-
Patent number: 10958433Abstract: A method provides an origin certificate that can be issued as a digital certificate online. The method includes receiving an origin digital certificate and an encrypted client device private key from an offline certificate authority wherein the client device private key is encrypted according to a private key encryption key PrKEK. The method further includes receiving from the client device, a request for a client device digital certificate and the encrypted client device private key, selecting a digital certificate template for the client device, the digital certificate template having attributes that vary according to the client devices, building the client device digital certificate from the origin digital certificate and the selected digital certificate template, signing the client device digital certificate with an online certificate authority signing key, and transmitting the signed client device digital certificate and the encrypted device private key.Type: GrantFiled: January 31, 2018Date of Patent: March 23, 2021Assignee: ARRIS Enterprises LLCInventors: Alexander Medvinsky, Eric J. Sprunk, Xin Qiu, Paul Moroney
-
Patent number: 10911247Abstract: The present application provides a photon-based CA authentication method, including: receiving, by a photon-based CA authentication terminal, an optical signal from a photon terminal, where the optical signal includes a user ID; verifying the user ID included in the optical signal; and providing, in response to successful user ID verification, a user certificate to a client to perform CA certificate authentication.Type: GrantFiled: April 19, 2018Date of Patent: February 2, 2021Assignee: Kuang-Chi Intelligent Photonic Technology Ltd.Inventors: Ruopeng Liu, Xudong Wang
-
Patent number: 10911603Abstract: Embodiments of the present invention provide a service allocation method and apparatus. The method includes: firstly, generating, by a core network side device, a first dedicated network identifier according to an association relationship sent by user equipment UE, where the first dedicated network identifier is used to identify the association relationship; secondly, sending, by the core network side device, the first dedicated network identifier to the UE; receiving, by the core network side device, a service request message sent by the UE; and finally, allocating a service to the UE according to the service request message and the first dedicated network identifier. Because each wireless router has a unique first dedicated network identifier, the core network side device can provide, according to the first dedicated network identifier, a targeted service or tariff policy for UE corresponding to each wireless router.Type: GrantFiled: April 22, 2015Date of Patent: February 2, 2021Assignee: Huawei Technologies Co., Ltd.Inventors: Changzhu Li, Guangxue Sun
-
Patent number: 10910682Abstract: A DC power control device including: an instructing unit configured to instruct another device connected to a DC bus line to read a voltage value and a current value on the DC bus line; and a correction reference value deciding unit configured to acquire the voltage value and the current value read by the other device and to decide a correction reference value in transmitting and receiving DC power to and from the other device through the DC bus line using the acquired values.Type: GrantFiled: October 6, 2015Date of Patent: February 2, 2021Assignee: Sony CorporationInventor: Tadashi Morita
-
Patent number: 10903987Abstract: This application provides a key configuration method and an apparatus. A key management center obtains a service key, and performs encryption and/or integrity protection on the service key to obtain a token. The key management center sends the token to a first network element, the first network element forwards the token to a second network element, and the second network element obtains the service key based on the token. The service key is used to perform encryption and/or integrity protection on data transmitted between the first network element and the second network element. Therefore, security key configuration can be implemented through interaction between the key management center and the network elements, thereby laying a foundation for end-to-end security communication between the first network element and the second network element.Type: GrantFiled: May 14, 2018Date of Patent: January 26, 2021Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Bo Zhang, Lu Gan