By Generation Of Certificate Patents (Class 713/175)
  • Patent number: 10887113
    Abstract: A system and method for integrating hierarchical authentication systems and non-hierarchical authentication systems. The system and method is provided in one configuration as a mobile app that functions to allow a mobile device to access highly sensitive data while simultaneously ensuring a highly secured environment utilizing both hierarchical authentication systems and non-hierarchical authentication systems to provide a highly reliable authentication process.
    Type: Grant
    Filed: November 21, 2017
    Date of Patent: January 5, 2021
    Assignee: Queralt, Inc.
    Inventors: Michael Queralt, John W. Tolbert
  • Patent number: 10885501
    Abstract: The present invention relates to an accredited certificate issuance system based on a block chain and a method using the same, and an accredited certificate authentication system based on a block chain and a method using the same, which disenable a leak of a personal key by autonomously generating, storing and managing the personal key by a random number generator mounted in a terminal in which it is impossible to install a function or an additional program for physically accessing; enable a public key for accredited certification to be stored in a block chain of electronic wallets mounted in block chain retention servers via a P2P network-based distribution database, not in a server of an accredited certificate authority (CA), and thus incur almost no costs for maintenance and for operating the established accredited certificate issuance system; and can perform an accredited certification process without ActiveX.
    Type: Grant
    Filed: July 7, 2016
    Date of Patent: January 5, 2021
    Assignee: Coinplug, Inc.
    Inventors: Joon Sun Uhr, Jay Wu Hong, Joo Han Song
  • Patent number: 10862885
    Abstract: Systems, methods, and related technologies for device identification are described. In certain aspects, packet data associated with a device can be analyzed and a score determined. The score and the threshold can be compared to determine a device identification for the device.
    Type: Grant
    Filed: March 20, 2017
    Date of Patent: December 8, 2020
    Assignee: ForeScout Technologies, Inc.
    Inventors: Yang Zhang, Siying Yang
  • Patent number: 10848480
    Abstract: A system, method, computer program product and apparatus provide an improvement to administration and management of security certificates in enterprise scale networks. An exemplary embodiment integrates a network device manager (NDM) with Simple Certificate Enrollment Protocol (SCEP) for administration and management of network equipment and for handling certificates for enterprise-scale implementation. The network device manager may control the settings and is configured to communicate with the firmware of end devices. The SCEP thus has a medium in the network device manager through which the SCEP features can be communicated to the end devices. In an exemplary embodiment, aspects of the system may for example, automatically check expiration of and renew certificates that are expiring.
    Type: Grant
    Filed: July 13, 2018
    Date of Patent: November 24, 2020
    Inventors: Hooman Majidzadeh Rezvani, Oleksandr Osadchyy, Oleksandr Zinchenko, Daisaku Nagano, Ankur Chhabra
  • Patent number: 10848449
    Abstract: Techniques are disclosed relating to exchanging tokens for processing messages. A first system may access information identifying a first requested amount of tokens for a message to be processed by a second system. The first system may cause a first transaction to be written to a distributed ledger that records a transfer of the first requested amount from an account of the first system to an account of the second system. The first system may send a message to the second system. The first system may provide information identifying a second requested amount of tokens for a message to be processed by the first system. The first system may process a message from a third system in response to verifying that there is a second transaction that records a transfer of the second requested amount from an account of the third system to the account of the first system.
    Type: Grant
    Filed: September 19, 2018
    Date of Patent: November 24, 2020
    Assignee: salesforce.com, inc.
    Inventor: Anurodh Pokharel
  • Patent number: 10841305
    Abstract: Systems, methods, and software can be used to provide authentication for a software service. In some aspects, an identity provider (IDP) receives an identity authentication request from a client device. The IDP transmits an on-premises verification initiation request for a digest authentication to on-premises directory provider (OPDP). The IDP receives an on-premises verification initiation request. The an on-premises verification initiation request includes one or more digest authentication attributes. The IDP transmits the one or more digest authentication attributes. The IDP receives a digest, wherein the digest is calculated based on the one or more digest authentication attributes and one or more identity authentication credentials. The IDP transmits the digest, and receives an on-premises verification response that indicates a result of the digest authentication.
    Type: Grant
    Filed: October 2, 2017
    Date of Patent: November 17, 2020
    Assignee: BlackBerry Limited
    Inventors: Manvinder Singh, Mendel Elliot Spencer
  • Patent number: 10834080
    Abstract: Embodiments of this application disclose a message forwarding method and apparatus, and a storage medium. The method includes: receiving a target message sent by a terminal of a first account to a terminal of a second account; suspending forwarding a message of the terminal of the first account to the terminal of the second account when the first account or the target message has a risk; obtaining identity authentication question information and first answer information corresponding to the identity authentication question information; sending the identity authentication question information to the terminal of the first account; and receiving second answer information that is returned by the terminal of the first account and that corresponds to the identity authentication question information; and resuming forwarding the message of the terminal of the first account to the terminal of the second account when the first answer information and the second answer information match.
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: November 10, 2020
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Wuyu Han
  • Patent number: 10812468
    Abstract: Methods and apparatus consistent with the present disclosure may prevent a computer process from failing when a firewall located between a client device and a server identifies that a process at the firewall should be bypassed using fingerprint information associated with a connection attempt. When fingerprint information stored at a firewall matches previously received fingerprint information, the firewall may allow processes typically performed at the firewall to be bypassed, thereby, allowing communications to pass between the client device and the server without inspection. When that fingerprint information does not match previously received fingerprint information, the firewall may perform a process that causes the client device to fail the first connection attempt. Because of this, methods consistent with the present disclosure may allow communications from an application program to be passed through a firewall without relying on an ever growing list of trusted application programs.
    Type: Grant
    Filed: December 7, 2017
    Date of Patent: October 20, 2020
    Assignee: SONICWALL INC.
    Inventors: Raj Raman, Aleksandr Dubrovsky
  • Patent number: 10810279
    Abstract: Among other things, this document describes systems, devices, and methods for improving the delivery of resources embedded on a web page. In one embodiment, a content delivery network analyzes markup language documents that clients have requested to embedded resources, such as linked references to images, scripts, fonts, cascading style sheets, or other types of content. This analysis may be conducted on the content server and/or asynchronously, in a dedicated analytical environment, to produce delivery instructions. Where embedded resources have hostnames for which the content delivery network is authoritative, and where certain conditions are met, servers can be instructed to push additional certificates for such hostnames over the primary connection. When embedded resources have hostnames for which the platform is not authoritative, and where certain conditions are met, servers can be instructed to pre-fetch and push such resources with a signature from the authoritative origin.
    Type: Grant
    Filed: February 7, 2018
    Date of Patent: October 20, 2020
    Assignee: Akamai Technologies, Inc.
    Inventors: Utkarsh Goel, Moritz Steiner, Michael A. Bishop, Martin T. Flack, Stephen L. Ludin
  • Patent number: 10812475
    Abstract: A system, method, and non-transitory computer-readable storage medium for authenticating access to an instance have been disclosed. The system comprises a processor and a memory that includes instructions executable by the processor to cause the system to receive an access request to the instance from a client device and to send an encryption request of information to a security device. The information includes an expiration time and the security device encrypts the information using a private key that is secured in the security device. The memory includes further instructions executable by the processor to cause the system to receive the encrypted information from the security device and to send the encrypted information to the client device. The encrypted information is decryptable by the instance using a public key associated with the private key in response to the client device providing the encrypted information to the instance.
    Type: Grant
    Filed: April 18, 2017
    Date of Patent: October 20, 2020
    Assignee: ServiceNow, Inc.
    Inventors: Ivan Valentine Covdy, Ashok Ganesan
  • Patent number: 10798216
    Abstract: The disclosed technology is generally directed to IoT communications. For example, such technology is usable in provisioning IoT devices in an automatic manner with no manual steps. In one example of the technology, upon initial boot, identification information is automatically sent to a provisioning service endpoint stored in the IoT device. The identification information includes an identification (ID) of the first IoT device. Cryptographic information is received from the provisioning service. The cryptographic information is associated with an IoT hub selected from a plurality of IoT hubs based, in part, on the ID of the first IoT device. A message is automatically sent to the IoT hub in response to receiving the cryptographic information. A new configuration file and a firmware update are received from the IoT hub without requiring a user association. The new configuration file and the firmware update are automatically installed.
    Type: Grant
    Filed: October 15, 2016
    Date of Patent: October 6, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Nicole Berdy, Konstantin Dotchkoff, Arjmand Samuel, Affan Dar
  • Patent number: 10791196
    Abstract: A secure communication platform includes a user database that allows users from different secure communication networks to perform directory look-ups to access keys, and other information, for recipients outside of their network. Users from different secure communication networks may request, from the database, user information of users outside their secure communication. The user information may allow the users of different secure communication networks to exchange secure communications. The secure communication platform provides a high degree of trust regarding the sender's identity, allowing the receiving network to trust the sender, and allowing the secure communications to flow across different secure communication networks.
    Type: Grant
    Filed: August 29, 2017
    Date of Patent: September 29, 2020
    Assignee: Wickr Inc.
    Inventors: Arjun Bhatnagar, Christopher Howell
  • Patent number: 10778448
    Abstract: Techniques are disclosed for locally distributing online certificate status protocol (OCSP) responses to a client computer. A certificate authority (CA) proactively sends OCSP responses to an agent application (e.g., an antivirus application configured to handle OCSP responses) residing in the client computer. The agent application stores the OCSP responses in a cache. Thereafter, when a browser application sends an OCSP request to the CA, the agent application intercepts the request and determines whether a corresponding OCSP response is locally cached. If so, the agent application sends the cached OCSP response to the browser application. If not, the agent application retrieves the corresponding OCSP response from the CA and sends the response to the browser application.
    Type: Grant
    Filed: August 24, 2018
    Date of Patent: September 15, 2020
    Assignee: DigiCert, Inc.
    Inventors: Sanjay Modi, Richard Andrews
  • Patent number: 10749905
    Abstract: A system, method, and computer program product are provided for providing security in Network Function Virtualization (NFV) based communication networks and Software Defined Networks (SDNs). In use, a system implements one or more network changes or security configuration changes to an NFV based communication network or a SDN to change an attack surface. In one embodiment, implementing the one or more network changes or security configuration changes to the NFV based communication network or the SDN may occur periodically to change the attack surface. In another embodiment, implementing the one or more network changes or the security configuration changes to the NFV based communication network or the SDN to change the attack surface may occur based on detection of a malicious event or a suspicious event.
    Type: Grant
    Filed: July 24, 2018
    Date of Patent: August 18, 2020
    Assignee: AMDOCS DEVELOPMENT LIMITED
    Inventors: Daniel Sela, Ofer Hermoni, Yosef Asaf Hermush, Eyal Felstaine
  • Patent number: 10728044
    Abstract: In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data. The user migrates trust to another device by providing the root certificate and intermediate certificate as a certificate chain to a second device, which then adds a new intermediate certificate to create a longer certificate chain with the same root certificate. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate from the second user device, and matches that with the user identification data stored in a database.
    Type: Grant
    Filed: February 20, 2020
    Date of Patent: July 28, 2020
    Assignee: BEYOND IDENTITY INC.
    Inventors: Nelson Melo, Michael Clark, James Clark
  • Patent number: 10721077
    Abstract: A first digital identification document is transmitted from an identification authority to a mobile device of an identified individual. This first digital identification document is digitally signed and includes a set of attributes about the identified individual. In the same manner, a second digital identification document is also transmitted to the identified individual's mobile device. The second digital identification document is also digitally signed but includes a different set of attributes about the identified individual. The identified individual is then confronted by a series of challengers, wherein each challenger requires a different amount of information about the identified individual. Based on the identity of each challenger, the identified individual selects an appropriate identification document and transmits it to the applicable challenger's device.
    Type: Grant
    Filed: November 19, 2018
    Date of Patent: July 21, 2020
    Assignee: International Business Machines Corporation
    Inventor: Richard Redpath
  • Patent number: 10699001
    Abstract: Systems and methods for generating and validating certified electronic credentials are disclosed. A publisher may receive a certified electronic credential order from a credentialer and prepare a plurality of certified electronic credentials. The publisher may associate each credential with authentication information and a credential record, and retain a database of associated authentication information and credential records. The publisher may provide validation services, receiving a validation request through a credentialer's validation portal, and provide a response through the credentialer's portal indicative of the validity, additional information about the credential and/or the credential holder. The credential holder may assign a personal access key to control or limit the validation of a credential. A validating entity may receive credential validation through the credentialer with a heightened degree of confidence in the validation and lack of forgery.
    Type: Grant
    Filed: April 3, 2018
    Date of Patent: June 30, 2020
    Assignee: PARADIGM, INC.
    Inventors: Peter Alan Johnson, Christopher Simon Jackson, Robert Allen Huffman
  • Patent number: 10701029
    Abstract: Within a particular Top Level Domain (TLD), domain name allocation and domain name ownership may be subject to certain restrictions requiring verification. A processing platform and method is disclosed to process verification of a domain name and/or a domain name entity such as a registrant for domain name transactions with a domain name registry. The processing platform and domain name registry may be remotely located relative to one another.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: June 30, 2020
    Inventors: Hui Zhou, Cedarampattu Mohan, Xuhui Wang, Steven Singer
  • Patent number: 10680831
    Abstract: In general, the disclosure describes examples where a single software-defined network (SDN) controller establishes tunnels and controls communication on these tunnels between a plurality of virtual computing environments (VCEs). The SDN controller establishes the logical tunnel mesh to interconnect the plurality of VCEs in the multi-cloud network via respective connect gateway routers. To establish the logical tunnel mesh, the SDN controller is configured to determine one or more logical tunnels from the logical tunnel mesh to establish one or more communication links between a first VCE and a second VCE of the plurality of VCEs in the multi-cloud network. The SDN controller is configured to advertise the one or more logical tunnels to the first VCE and the second VCE.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: June 9, 2020
    Assignee: Juniper Networks, Inc.
    Inventor: Sanju C. Abraham
  • Patent number: 10681148
    Abstract: The systems and methods described herein can enable the selection of customized content in networked systems that prevent the transfer of session data between different domains. The systems and methods described herein enable the exchange of data between third-party entities that would be blocked in networked systems that prevent cross-domain data exchange. The systems and methods can provide multi-sourced content without sacrificing security of the client device and browser environment.
    Type: Grant
    Filed: April 24, 2018
    Date of Patent: June 9, 2020
    Assignee: Google LLC
    Inventors: Gang Wang, Yian Gao
  • Patent number: 10681143
    Abstract: A system, method, node, user equipment and computer program for establishment of a secure connection between a user equipment (100) and a media gateway (130) at setup of a communication session with another party (150) is described. The media gateway (130) is controlled by a control server (120). The control server (120) receives a communication session setup request from the user equipment (100) and determines an indication of a security certificate of the media gateway (130). The control server (120) then sends the indication of the security certificate of the media gateway (130) to the user equipment (100), wherein the indication is sent before or in parallel to sending the communication session setup request towards said other party (150). The user equipment (100) then initiates a negotiation of security related parameters, based on the received indication of the security certificate of the media gateway (130).
    Type: Grant
    Filed: September 3, 2014
    Date of Patent: June 9, 2020
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Yunjie Lu, Huoming Dong
  • Patent number: 10673627
    Abstract: Using three pieces of element data w1, w2, and w3 obtained by partitioning storage data D, an encryption unit generates three sets of a first set A1 in which the first to third pieces of element data are sequentially arranged, a second set A2 in which the second to third pieces of element data are sequentially arranged, and a third set A3 composed of the third piece of element data. The encryption unit encrypts each piece of element data included in each set with a random number R(1) by a CBC mode.
    Type: Grant
    Filed: January 18, 2016
    Date of Patent: June 2, 2020
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Yutaka Kawai, Takato Hirano
  • Patent number: 10659366
    Abstract: Network devices, such as load balancers may be configured to forward client metadata to back-end nodes using defined fields of a security protocol. For example, client metadata may be inserted into an extension field or certificate defined by a security protocol that is used for a secure connection between the load balancer and the back-end node. In some instances, a source IP address based on a received request may be inserted into the extension field or certificate defined by the security protocol before the request is forwarded to the back-end node. The back-end node may extract the client metadata and use the client metadata for any of a number of processes (e.g., billing, tracking, security, logging, etc.).
    Type: Grant
    Filed: November 4, 2015
    Date of Patent: May 19, 2020
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10652732
    Abstract: Embodiments are directed to provisioning a general-use basis for authentication of a processor device. During manufacture, a hardware processor stores a secret value and shares a derived value produced based on the secret value with a secure service. These values may be used in a limited-use initial authentication process to authenticate the hardware processor. A general-use basis for authentication not so limited as the initial authentication process is established subsequent to the manufacture of the hardware processor. The general-use basis for authentication may include a public-private key pair, and is established upon successful completion of the initial authentication process. Authentication using the general-use process produces an authentication traceable to the manufacture of the hardware processor.
    Type: Grant
    Filed: February 24, 2016
    Date of Patent: May 12, 2020
    Assignee: Intel Corporation
    Inventors: Ernie F. Brickell, Rachid El Bansarkhani
  • Patent number: 10652030
    Abstract: A method and system for generating multiple profiles corresponding to different digital certificates. The profile includes intrinsic attributes and derived attributes associated with a digital certificate. The system enables a customer system to filter digital certificates based on a suitability of the various digital certificates for use with a given application to be executed by or on behalf of the customer system. The suitability may be determined based on a comparison of certificate requirements associated with a customer system's request and one or more of the intrinsic attributes and derived attributes.
    Type: Grant
    Filed: March 5, 2018
    Date of Patent: May 12, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Marcel Andrew Levy, Peter Zachary Bowen, Todd Lawrence Cignetti, Brandonn Gorman, Ronald Andrew Hoskinson, Brenda Lee Leary, Timothy Sterling Loverin, James Spencer, Nicholas Wexler
  • Patent number: 10623570
    Abstract: An apparatus, a method, and a computer program receive a request message from a mobile device to connect with an agent and authenticate the request message and provisioning a database for enabled services and service location. A service provider is identified and selected from a plurality of service providers. As a result, the request message is transmitted to the service provider in order to determine availability of the service provider.
    Type: Grant
    Filed: March 20, 2018
    Date of Patent: April 14, 2020
    Assignee: West Corporation
    Inventors: Michael T. Mateer, James K. Boutcher, Jesse Andersen
  • Patent number: 10616239
    Abstract: A system includes a communication module that receives a request to post content to an event gallery associated with an event. The request in turn includes geo-location data for a device sending the content, and identification data identifying the device or a user of the device. The system further has an event gallery module to perform a first authorization operation that includes determining that the geo-location data corresponds to a geo-location fence associated with an event. The event gallery module also performs a second authorization operation that includes using the identification data to verify an attribute of the user. Finally, based on the first and second authorization operations, the event gallery module may selectively authorize the device to post the content to the event gallery.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: April 7, 2020
    Assignee: Snap Inc.
    Inventors: Nicholas Richard Allen, Sheldon Chang
  • Patent number: 10594498
    Abstract: A method for secure transmission of user-authenticating information is provided. The method includes steps of: a service-providing server (a) determining whether a public key of the user is registered in a blockchain network, and instructing a user-authenticating information generator to generate user-authenticating information for reference, instructing an encrypting engine to encrypt the generated user-authenticating information for reference by using the public key of the user retrieved from the blockchain network, and instructing a message-sending part to transmit the encrypted user-authenticating information for reference to a mobile device of the user; and (b) in case that user-authenticating information for comparison is acquired from the user device and if the user-authenticating information for comparison is determined as identical to the user-authenticating information for reference, providing the user device with the service desired by the user.
    Type: Grant
    Filed: May 22, 2019
    Date of Patent: March 17, 2020
    Assignee: Coinplug, Inc.
    Inventors: Joon Sun Uhr, Jay Wu Hong, Joo Han Song
  • Patent number: 10595352
    Abstract: A method and system of establishing a short-range wireless communications connection between a host device and a client device, wherein the host device includes a host certificate and a host key, the method including the steps of: transmitting an advertisement using a short-range wireless communications (SRWC) protocol from the host device to the client device; receiving a connection request message from the client device; receiving a client device verification message, wherein the client device verification message includes an encrypted client certificate, wherein the encrypted client certificate is a certificate that is encrypted using a client key; decrypting the encrypted certificate using the host key to obtain the client certificate; verifying the client certificate using the host certificate; generating a shared secret; encrypting the shared secret using the host key; and sending the encrypted shared secret to the client device.
    Type: Grant
    Filed: November 29, 2017
    Date of Patent: March 17, 2020
    Assignee: GM GLOBAL TECHNOLOGY OPERATIONS LLC
    Inventors: Brian E. McColgan, Ramie Phillips, III
  • Patent number: 10581595
    Abstract: Provided are a computer program product, system, and method for generating public/private key pairs to deploy public keys at computing devices to verify digital signatures. A plurality of public-private key pairs are generated to store in a key store. A set of public keys of the public-private key pairs is distributed to the computing systems to use to verify purported digitally signed challenges. One of the public-private key pairs is selected to use a private key of the selected one of the public-private key pairs as a current private key to use to digitally sign challenges from the computing systems. A determination is made to retire the current private key. Another one of the public-private key pairs is selected and the current private key is set to a private key of the selected another one of the public-private key pairs to use to digitally sign challenges from the computing systems.
    Type: Grant
    Filed: March 1, 2017
    Date of Patent: March 3, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Thomas Fiege, Michael P. Groover, Mark E. Hack
  • Patent number: 10574849
    Abstract: An import unit of an image forming apparatus performs control as follows. If an import target setting value corresponds to a device setting, the import unit determines whether the setting value complies with the security rule. If it is determined that the setting value complies with the security rule, the import unit executes the import processing of the setting value. If it is determined that the setting value does not comply with the security rule, the import unit does not execute the import processing of the setting value. Further, if an import target setting value corresponds to an individual setting, the import unit executes the import processing of the setting value regardless of the security rule.
    Type: Grant
    Filed: April 10, 2019
    Date of Patent: February 25, 2020
    Assignee: Canon Kabushiki Kaisha
    Inventor: Hideo Asahara
  • Patent number: 10567399
    Abstract: A server communicates over a network with a data inspection device (DID) having access to at least portions of a data file, and assists the DID with matching the data file to known data files represented on the server. A hash tree is constructed for each known data file. To construct each hash tree: the known data file is fragmented into contiguous fragments; spaced fragments separated based on an offset schema are selected from the contiguous fragments; and nodes of the hash tree are generated based on hashes of the spaced fragments, but not the skipped fragments. A hash of a fragment of the data file is received from the DID, and it is compared to the hash trees constructed using the offset schema. Compare results are sent to the data inspection device indicating a match or a mismatch between the received hash and the hash trees.
    Type: Grant
    Filed: March 28, 2017
    Date of Patent: February 18, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Foster Glenn Lipkey, John Joseph Groetzinger, Aaron Frederick Louks
  • Patent number: 10542011
    Abstract: A system includes a communication module that receives a request to post content to an event gallery associated with an event. The request in turn includes geo-location data for a device sending the content, and identification data identifying the device or a user of the device. The system further has an event gallery module to perform a first authorization operation that includes determining that the geo-location data corresponds to a geo-location fence associated with an event. The event gallery module also performs a second authorization operation that includes using the identification data to verify an attribute of the user. Finally, based on the first and second authorization operations, the event gallery module may selectively authorize the device to post the content to the event gallery.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: January 21, 2020
    Assignee: Snap Inc.
    Inventors: Nicholas Richard Allen, Sheldon Chang
  • Patent number: 10540271
    Abstract: A system of testing updated software may include a cloud-based production environment. The system may also include a cloud-based testing environment. The system may also include a cloud-based production processing unit configured to receive in response to document, execute an initial software by inputting the document, and determine an initial software result and an initial software process based the document. The system may also include a cloud-based testing processing unit configured to receive the document, execute an updated software by inputting the document, and determine an updated software result and an updated software process based on the document. The system may also include a testing comparison unit configured to compare the initial software result and the updated software result, and compare the initial software process and the updated software process.
    Type: Grant
    Filed: August 20, 2018
    Date of Patent: January 21, 2020
    Assignee: GLOBAL HEALTHCRAE EXCHANGE, LLC
    Inventors: Steve Cochran, Hatem El-Sebaaly, Eric Bersagel, Mukund Jaiswal, Daniel Milburn
  • Patent number: 10536537
    Abstract: A master oracle may receive an oracle network identifier for an oracle network. The master oracle may receive a plurality of data messages respectively generated by the oracles. The master oracle may verify, based on respective public keys for the oracles, that each of the data messages are digitally signed by a different corresponding one of the oracles. The master oracle may aggregate the data messages into an aggregated data message. The master oracle may digitally sign the aggregated data message with a private key and public key pair. The master oracle may transmit the aggregated data message to a participant node of a distributed ledger network. A smart contract stored on a blockchain may verify the aggregated data. After receiving and verifying the aggregated data message the smart contract may execute to perform operations based on the aggregated data message.
    Type: Grant
    Filed: June 13, 2019
    Date of Patent: January 14, 2020
    Assignee: ACCENTURE GLOBAL SOLUTIONS LIMITED
    Inventors: Anh-Dung Le, Luca Schiatti, Giuseppe Giordano
  • Patent number: 10530781
    Abstract: A medical device has a device component with an operating state controllable by predefining a predefined value for an operating parameter. A data network interface receives a data message from a central network computer. The data message indicates whether the central network computer is in a blocked state concerning potential user inputs into an input unit of the network computer. The medical device further has an input unit for the potential input of an input value and at least one control unit configured to predefine the predefined value as a function of the input value to the device component as well as to block the input unit for inputs of a user. The control unit is further configured to block the input unit for the input of the input value as a function of the indicated state of the central network computer.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: January 7, 2020
    Assignee: Drägerwerk AG & Co. KGaA
    Inventors: Stefan Schlichting, Joshua Abell
  • Patent number: 10524122
    Abstract: Methods and systems are provided for validating a signature in a multi-tenant environment. A server or other computing device that is part of a distributed network may request a certificate collection from an identified tenant store. The requested certificate collection may be loaded in a virtual store that is accessible by the server or other computing device. The sever or other computing device may then access one or more certificates from the virtual store to validate a signature.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: December 31, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Tariq Sharif, Yamin Wang, Jinghua Chen
  • Patent number: 10516542
    Abstract: A certificate authority receives a request to issue a digital certificate from a customer. In response to the request, the certificate authority determines a network endpoint to be specific to the digital certificate that is to serve information usable to determine whether the digital certificate is valid. The certificate authority issues, to the customer, a digital certificate that specifies a network address for the network endpoint and records information about requests made to the network endpoint to obtain the information usable to determine whether the digital certificate is valid.
    Type: Grant
    Filed: March 8, 2017
    Date of Patent: December 24, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Marcel Andrew Levy, Peter Zachary Bowen, Jonathan Kozolchyk, Nicholas Wexler
  • Patent number: 10489596
    Abstract: A method includes storing configuration data for a Trusted Platform Module (TPM) in a pre-boot environment such as Unified Extensible Firmware Interface (UEFI), reading the configuration data, and automatically configuring the TPM based upon the configuration data. The configuring includes storing values of TPM parameters in non-volatile memory of the TPM. A method includes UEFI firmware of a circuit board on an assembly line configuring a TPM. An information handling system includes UEFI firmware and a TPM. The UEFI firmware configures the TPM from a configuration file stored in memory of the UEFI firmware.
    Type: Grant
    Filed: March 7, 2017
    Date of Patent: November 26, 2019
    Assignee: DELL PRODUCTS, LP
    Inventors: Andrew J. O'Rourke, Darin R. Dearwater, Johan Rahardjo, Jeffrey R. Azulay
  • Patent number: 10491762
    Abstract: An apparatus that executes a job, broadcasts a wireless signal prior to establishing a connection by wireless communication with an external apparatus. The wireless signal includes information relating to the apparatus, by which it can be identified whether execution of a job by the apparatus is possible, in a predetermined packet.
    Type: Grant
    Filed: February 7, 2018
    Date of Patent: November 26, 2019
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Taketomo Naruse
  • Patent number: 10484394
    Abstract: A system includes a communication module that receives a request to post content to an event gallery associated with an event. The request in turn includes geo-location data for a device sending the content, and identification data identifying the device or a user of the device. The system further has an event gallery module to perform a first authorization operation that includes determining that the geo-location data corresponds to a geo-location fence associated with an event. The event gallery module also performs a second authorization operation that includes using the identification data to verify an attribute of the user. Finally, based on the first and second authorization operations, the event gallery module may selectively authorize the device to post the content to the event gallery.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: November 19, 2019
    Assignee: Snap Inc.
    Inventors: Nicholas Richard Allen, Sheldon Chang
  • Patent number: 10475272
    Abstract: Disclosed are techniques that use devices with corresponding identity wallet applications that execute on an electronic processor device of the devices, and which identity wallets store identity information and encrypt the stored identity information. A distributed ledger system, and a broker system that interfaces to the wallet and the distributed ledger are used for various information exchange cases pertaining to access to facilities.
    Type: Grant
    Filed: May 15, 2017
    Date of Patent: November 12, 2019
    Assignee: TYCO INTEGRATED SECURITY, LLC
    Inventors: Richard Campero, Sean Davis, Graeme Jarvis, Terezinha Rumble
  • Patent number: 10469482
    Abstract: The disclosed embodiments include encrypted data retrieval systems and methods to provide access to encrypted data. In one of such embodiments, the method includes receiving a request to access encrypted data. The method also includes analyzing the request to determine a credential of a source electronic device seeking to access the encrypted data. The method further includes determining, based on the credential of the source electronic device, a category of the request. In response to determining the category of the request, the method further includes selecting additional credentials with which to authenticate the request. The method further includes providing an indication of the credentials to at least one operator, wherein the at least one operator is authorized to enter the additional credentials to release the encrypted data. In response to receiving the additional credentials, the method further includes transmitting the encrypted data to the source electronic device.
    Type: Grant
    Filed: September 5, 2017
    Date of Patent: November 5, 2019
    Assignee: MASERGY COMMUNICATIONS, INC.
    Inventors: David Venable, Jake Warren, Chris Dudek
  • Patent number: 10462184
    Abstract: The disclosed computer-implemented method for enforcing access-control policies in an arbitrary physical space may include (i) identifying a collection of devices that are located within a predetermined physical space, (ii) determining the physical location of each device in the collection of devices, (iii) establishing, based on the collection of devices, (a) a list of controlled devices that are subject to an access-control policy and (b) a list of monitoring devices that are capable of monitoring user activity within a physical proximity, (iv) matching each controlled device with at least one monitoring device that is capable of monitoring user activity within physical proximity to the controlled device, and (v) monitoring, for each controlled device and by each monitoring device matched to the controlled device, user activity within proximity to the controlled device. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 28, 2016
    Date of Patent: October 29, 2019
    Assignee: Symantec Corporation
    Inventors: Lei Gu, Ilya Sokolov, Bruce McCorkendale
  • Patent number: 10454689
    Abstract: A client maintains a pinned collection of trusted digital certificates. An original digital certificate in the collection may be updated by sending a request to the certificate authority that issued the original digital certificate. The certificate authority generates an updated certificate, signs the updated certificate with a private key of the updated certificate, and also signs the updated certificate with the private key of the original digital certificate. The server provides the updated certificate to the client. The client can validate the signature created with the updated private key using the updated public key of the certificate authority, and the signature created with the original private key can be validated using the original public key of the certificate authority. If both signatures are valid, a continuity of trust may be established, and the updated certificate added to the collection of trusted digital certificates.
    Type: Grant
    Filed: August 27, 2015
    Date of Patent: October 22, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10447480
    Abstract: Blockchain blocks are provided with either or both of two element types that enable later verification of block validity. One element type is identifiers, such as signatures, of trusted validators that approve entry of the block into the blockchain. Another element is a history hash tree that encodes data from not only the current block, but also at least one previous block.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: October 15, 2019
    Assignee: Guardtime SA
    Inventors: Risto Alas, Hema Krishnamurthy
  • Patent number: 10447683
    Abstract: Techniques are disclosed for provisioning device-specific credentials to an Internet of Things device that accesses a cloud-based IoT service. The IoT service receives, from the IoT device, a request for device-specific credentials. The request comprises a provisioning certificate including information identifying a group of devices associated with the IoT device. The provisioning certificate is authenticated by evaluating the information with expected information. The device-specific credentials are generated based, at least in part, on the information provided in the provisioning certificate. The device-specific credentials are sent to the IoT device, and the IoT device installs and activates the device-specific credentials. The device-specific credentials are associated with the IoT device in a registry of the IoT service.
    Type: Grant
    Filed: November 17, 2016
    Date of Patent: October 15, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Rameez Loladia, Ramkishore Bhattacharyya, Ashutosh Thakur, Atulya S. Beheray
  • Patent number: 10437525
    Abstract: Methods for distributed storage in accordance with embodiments of the invention enable secret sharing. One embodiment includes encoding source data using an encoding system to produce a plurality of sets of encoded data, where: the source data can be recovered from at least a portion of less than all of the plurality of sets of encoded data; and the source data cannot be recovered using less than a threshold number of the plurality of sets of encoded data; storing each of the plurality of sets of encoded data on a storage device from a set of storage devices on which encoded data is stored; determining a set of storage devices that are available using a decoding system, where the set of storage devices that are available does not include all of the storage devices in the set of storage devices on which encoded data is stored.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: October 8, 2019
    Assignees: California Institute of Technology, The Research Foundation For the State University of New York, New Jersey Institute of Technology
    Inventors: Wentao Huang, Michael Langberg, Joerg Kliewer, Jehoshua Bruck
  • Patent number: 10440051
    Abstract: Embodiments of the invention are directed to systems, methods and computer program products for enhanced detection of polymorphic malicious content within an entity. In this regard, the present invention receives information associated with an incidence of an electronic file; receives an first hash value of the electronic file from a first network device and a second hash value of the electronic file from a second network device; compares the first hash value with the second hash value; determines that the electronic file is polymorphic based on at least the match; initiates an execution of a quantum optimization algorithm using a quantum optimizer to determine one or more hash value states associated with the electronic file for a third network device; and initiates a control signal configured to store the one or more hash value states in a database associated with the third network device.
    Type: Grant
    Filed: March 3, 2017
    Date of Patent: October 8, 2019
    Assignee: Bank of America Corporation
    Inventors: Eric Eugene Sifford, William August Stahlhut
  • Patent number: 10439816
    Abstract: A method is provided for generating a public/private key pair on an IC and to provision an IoT device having the IC. In the method, a first entity manufacturers an integrated circuit (IC) for use in a device. The IC, or chip, has a root secret embedded therein. A public key is generated on the IC using a unique identifier (ID) and the root secret. The IC is provided to a second entity for manufacturing the device using the IC. A reference IC is provided to a third entity. The reference IC has the same embedded root secret as the IC. The reference IC is configured to use the unique ID of the IC and the embedded root secret to generate a derived public key. The third entity is enabled to verify that the public key of the IC is associated with the unique ID by using the derived public key of the reference IC. The method allows the IoT device to be provisioned without using a public key infrastructure.
    Type: Grant
    Filed: September 8, 2017
    Date of Patent: October 8, 2019
    Assignee: NXP B.V.
    Inventor: Marno Herman Josephus van der Maas