By Generation Of Certificate Patents (Class 713/175)
-
Patent number: 10887113Abstract: A system and method for integrating hierarchical authentication systems and non-hierarchical authentication systems. The system and method is provided in one configuration as a mobile app that functions to allow a mobile device to access highly sensitive data while simultaneously ensuring a highly secured environment utilizing both hierarchical authentication systems and non-hierarchical authentication systems to provide a highly reliable authentication process.Type: GrantFiled: November 21, 2017Date of Patent: January 5, 2021Assignee: Queralt, Inc.Inventors: Michael Queralt, John W. Tolbert
-
Patent number: 10885501Abstract: The present invention relates to an accredited certificate issuance system based on a block chain and a method using the same, and an accredited certificate authentication system based on a block chain and a method using the same, which disenable a leak of a personal key by autonomously generating, storing and managing the personal key by a random number generator mounted in a terminal in which it is impossible to install a function or an additional program for physically accessing; enable a public key for accredited certification to be stored in a block chain of electronic wallets mounted in block chain retention servers via a P2P network-based distribution database, not in a server of an accredited certificate authority (CA), and thus incur almost no costs for maintenance and for operating the established accredited certificate issuance system; and can perform an accredited certification process without ActiveX.Type: GrantFiled: July 7, 2016Date of Patent: January 5, 2021Assignee: Coinplug, Inc.Inventors: Joon Sun Uhr, Jay Wu Hong, Joo Han Song
-
Patent number: 10862885Abstract: Systems, methods, and related technologies for device identification are described. In certain aspects, packet data associated with a device can be analyzed and a score determined. The score and the threshold can be compared to determine a device identification for the device.Type: GrantFiled: March 20, 2017Date of Patent: December 8, 2020Assignee: ForeScout Technologies, Inc.Inventors: Yang Zhang, Siying Yang
-
Patent number: 10848480Abstract: A system, method, computer program product and apparatus provide an improvement to administration and management of security certificates in enterprise scale networks. An exemplary embodiment integrates a network device manager (NDM) with Simple Certificate Enrollment Protocol (SCEP) for administration and management of network equipment and for handling certificates for enterprise-scale implementation. The network device manager may control the settings and is configured to communicate with the firmware of end devices. The SCEP thus has a medium in the network device manager through which the SCEP features can be communicated to the end devices. In an exemplary embodiment, aspects of the system may for example, automatically check expiration of and renew certificates that are expiring.Type: GrantFiled: July 13, 2018Date of Patent: November 24, 2020Inventors: Hooman Majidzadeh Rezvani, Oleksandr Osadchyy, Oleksandr Zinchenko, Daisaku Nagano, Ankur Chhabra
-
Patent number: 10848449Abstract: Techniques are disclosed relating to exchanging tokens for processing messages. A first system may access information identifying a first requested amount of tokens for a message to be processed by a second system. The first system may cause a first transaction to be written to a distributed ledger that records a transfer of the first requested amount from an account of the first system to an account of the second system. The first system may send a message to the second system. The first system may provide information identifying a second requested amount of tokens for a message to be processed by the first system. The first system may process a message from a third system in response to verifying that there is a second transaction that records a transfer of the second requested amount from an account of the third system to the account of the first system.Type: GrantFiled: September 19, 2018Date of Patent: November 24, 2020Assignee: salesforce.com, inc.Inventor: Anurodh Pokharel
-
Patent number: 10841305Abstract: Systems, methods, and software can be used to provide authentication for a software service. In some aspects, an identity provider (IDP) receives an identity authentication request from a client device. The IDP transmits an on-premises verification initiation request for a digest authentication to on-premises directory provider (OPDP). The IDP receives an on-premises verification initiation request. The an on-premises verification initiation request includes one or more digest authentication attributes. The IDP transmits the one or more digest authentication attributes. The IDP receives a digest, wherein the digest is calculated based on the one or more digest authentication attributes and one or more identity authentication credentials. The IDP transmits the digest, and receives an on-premises verification response that indicates a result of the digest authentication.Type: GrantFiled: October 2, 2017Date of Patent: November 17, 2020Assignee: BlackBerry LimitedInventors: Manvinder Singh, Mendel Elliot Spencer
-
Patent number: 10834080Abstract: Embodiments of this application disclose a message forwarding method and apparatus, and a storage medium. The method includes: receiving a target message sent by a terminal of a first account to a terminal of a second account; suspending forwarding a message of the terminal of the first account to the terminal of the second account when the first account or the target message has a risk; obtaining identity authentication question information and first answer information corresponding to the identity authentication question information; sending the identity authentication question information to the terminal of the first account; and receiving second answer information that is returned by the terminal of the first account and that corresponds to the identity authentication question information; and resuming forwarding the message of the terminal of the first account to the terminal of the second account when the first answer information and the second answer information match.Type: GrantFiled: April 2, 2019Date of Patent: November 10, 2020Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITEDInventor: Wuyu Han
-
Patent number: 10812468Abstract: Methods and apparatus consistent with the present disclosure may prevent a computer process from failing when a firewall located between a client device and a server identifies that a process at the firewall should be bypassed using fingerprint information associated with a connection attempt. When fingerprint information stored at a firewall matches previously received fingerprint information, the firewall may allow processes typically performed at the firewall to be bypassed, thereby, allowing communications to pass between the client device and the server without inspection. When that fingerprint information does not match previously received fingerprint information, the firewall may perform a process that causes the client device to fail the first connection attempt. Because of this, methods consistent with the present disclosure may allow communications from an application program to be passed through a firewall without relying on an ever growing list of trusted application programs.Type: GrantFiled: December 7, 2017Date of Patent: October 20, 2020Assignee: SONICWALL INC.Inventors: Raj Raman, Aleksandr Dubrovsky
-
Patent number: 10810279Abstract: Among other things, this document describes systems, devices, and methods for improving the delivery of resources embedded on a web page. In one embodiment, a content delivery network analyzes markup language documents that clients have requested to embedded resources, such as linked references to images, scripts, fonts, cascading style sheets, or other types of content. This analysis may be conducted on the content server and/or asynchronously, in a dedicated analytical environment, to produce delivery instructions. Where embedded resources have hostnames for which the content delivery network is authoritative, and where certain conditions are met, servers can be instructed to push additional certificates for such hostnames over the primary connection. When embedded resources have hostnames for which the platform is not authoritative, and where certain conditions are met, servers can be instructed to pre-fetch and push such resources with a signature from the authoritative origin.Type: GrantFiled: February 7, 2018Date of Patent: October 20, 2020Assignee: Akamai Technologies, Inc.Inventors: Utkarsh Goel, Moritz Steiner, Michael A. Bishop, Martin T. Flack, Stephen L. Ludin
-
Patent number: 10812475Abstract: A system, method, and non-transitory computer-readable storage medium for authenticating access to an instance have been disclosed. The system comprises a processor and a memory that includes instructions executable by the processor to cause the system to receive an access request to the instance from a client device and to send an encryption request of information to a security device. The information includes an expiration time and the security device encrypts the information using a private key that is secured in the security device. The memory includes further instructions executable by the processor to cause the system to receive the encrypted information from the security device and to send the encrypted information to the client device. The encrypted information is decryptable by the instance using a public key associated with the private key in response to the client device providing the encrypted information to the instance.Type: GrantFiled: April 18, 2017Date of Patent: October 20, 2020Assignee: ServiceNow, Inc.Inventors: Ivan Valentine Covdy, Ashok Ganesan
-
Patent number: 10798216Abstract: The disclosed technology is generally directed to IoT communications. For example, such technology is usable in provisioning IoT devices in an automatic manner with no manual steps. In one example of the technology, upon initial boot, identification information is automatically sent to a provisioning service endpoint stored in the IoT device. The identification information includes an identification (ID) of the first IoT device. Cryptographic information is received from the provisioning service. The cryptographic information is associated with an IoT hub selected from a plurality of IoT hubs based, in part, on the ID of the first IoT device. A message is automatically sent to the IoT hub in response to receiving the cryptographic information. A new configuration file and a firmware update are received from the IoT hub without requiring a user association. The new configuration file and the firmware update are automatically installed.Type: GrantFiled: October 15, 2016Date of Patent: October 6, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Nicole Berdy, Konstantin Dotchkoff, Arjmand Samuel, Affan Dar
-
Patent number: 10791196Abstract: A secure communication platform includes a user database that allows users from different secure communication networks to perform directory look-ups to access keys, and other information, for recipients outside of their network. Users from different secure communication networks may request, from the database, user information of users outside their secure communication. The user information may allow the users of different secure communication networks to exchange secure communications. The secure communication platform provides a high degree of trust regarding the sender's identity, allowing the receiving network to trust the sender, and allowing the secure communications to flow across different secure communication networks.Type: GrantFiled: August 29, 2017Date of Patent: September 29, 2020Assignee: Wickr Inc.Inventors: Arjun Bhatnagar, Christopher Howell
-
Patent number: 10778448Abstract: Techniques are disclosed for locally distributing online certificate status protocol (OCSP) responses to a client computer. A certificate authority (CA) proactively sends OCSP responses to an agent application (e.g., an antivirus application configured to handle OCSP responses) residing in the client computer. The agent application stores the OCSP responses in a cache. Thereafter, when a browser application sends an OCSP request to the CA, the agent application intercepts the request and determines whether a corresponding OCSP response is locally cached. If so, the agent application sends the cached OCSP response to the browser application. If not, the agent application retrieves the corresponding OCSP response from the CA and sends the response to the browser application.Type: GrantFiled: August 24, 2018Date of Patent: September 15, 2020Assignee: DigiCert, Inc.Inventors: Sanjay Modi, Richard Andrews
-
Patent number: 10749905Abstract: A system, method, and computer program product are provided for providing security in Network Function Virtualization (NFV) based communication networks and Software Defined Networks (SDNs). In use, a system implements one or more network changes or security configuration changes to an NFV based communication network or a SDN to change an attack surface. In one embodiment, implementing the one or more network changes or security configuration changes to the NFV based communication network or the SDN may occur periodically to change the attack surface. In another embodiment, implementing the one or more network changes or the security configuration changes to the NFV based communication network or the SDN to change the attack surface may occur based on detection of a malicious event or a suspicious event.Type: GrantFiled: July 24, 2018Date of Patent: August 18, 2020Assignee: AMDOCS DEVELOPMENT LIMITEDInventors: Daniel Sela, Ofer Hermoni, Yosef Asaf Hermush, Eyal Felstaine
-
Patent number: 10728044Abstract: In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data. The user migrates trust to another device by providing the root certificate and intermediate certificate as a certificate chain to a second device, which then adds a new intermediate certificate to create a longer certificate chain with the same root certificate. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate from the second user device, and matches that with the user identification data stored in a database.Type: GrantFiled: February 20, 2020Date of Patent: July 28, 2020Assignee: BEYOND IDENTITY INC.Inventors: Nelson Melo, Michael Clark, James Clark
-
Patent number: 10721077Abstract: A first digital identification document is transmitted from an identification authority to a mobile device of an identified individual. This first digital identification document is digitally signed and includes a set of attributes about the identified individual. In the same manner, a second digital identification document is also transmitted to the identified individual's mobile device. The second digital identification document is also digitally signed but includes a different set of attributes about the identified individual. The identified individual is then confronted by a series of challengers, wherein each challenger requires a different amount of information about the identified individual. Based on the identity of each challenger, the identified individual selects an appropriate identification document and transmits it to the applicable challenger's device.Type: GrantFiled: November 19, 2018Date of Patent: July 21, 2020Assignee: International Business Machines CorporationInventor: Richard Redpath
-
Patent number: 10699001Abstract: Systems and methods for generating and validating certified electronic credentials are disclosed. A publisher may receive a certified electronic credential order from a credentialer and prepare a plurality of certified electronic credentials. The publisher may associate each credential with authentication information and a credential record, and retain a database of associated authentication information and credential records. The publisher may provide validation services, receiving a validation request through a credentialer's validation portal, and provide a response through the credentialer's portal indicative of the validity, additional information about the credential and/or the credential holder. The credential holder may assign a personal access key to control or limit the validation of a credential. A validating entity may receive credential validation through the credentialer with a heightened degree of confidence in the validation and lack of forgery.Type: GrantFiled: April 3, 2018Date of Patent: June 30, 2020Assignee: PARADIGM, INC.Inventors: Peter Alan Johnson, Christopher Simon Jackson, Robert Allen Huffman
-
Processing platform and method to process domain name transactions for a remote domain name registry
Patent number: 10701029Abstract: Within a particular Top Level Domain (TLD), domain name allocation and domain name ownership may be subject to certain restrictions requiring verification. A processing platform and method is disclosed to process verification of a domain name and/or a domain name entity such as a registrant for domain name transactions with a domain name registry. The processing platform and domain name registry may be remotely located relative to one another.Type: GrantFiled: June 6, 2017Date of Patent: June 30, 2020Inventors: Hui Zhou, Cedarampattu Mohan, Xuhui Wang, Steven Singer -
Patent number: 10680831Abstract: In general, the disclosure describes examples where a single software-defined network (SDN) controller establishes tunnels and controls communication on these tunnels between a plurality of virtual computing environments (VCEs). The SDN controller establishes the logical tunnel mesh to interconnect the plurality of VCEs in the multi-cloud network via respective connect gateway routers. To establish the logical tunnel mesh, the SDN controller is configured to determine one or more logical tunnels from the logical tunnel mesh to establish one or more communication links between a first VCE and a second VCE of the plurality of VCEs in the multi-cloud network. The SDN controller is configured to advertise the one or more logical tunnels to the first VCE and the second VCE.Type: GrantFiled: September 27, 2018Date of Patent: June 9, 2020Assignee: Juniper Networks, Inc.Inventor: Sanju C. Abraham
-
Patent number: 10681148Abstract: The systems and methods described herein can enable the selection of customized content in networked systems that prevent the transfer of session data between different domains. The systems and methods described herein enable the exchange of data between third-party entities that would be blocked in networked systems that prevent cross-domain data exchange. The systems and methods can provide multi-sourced content without sacrificing security of the client device and browser environment.Type: GrantFiled: April 24, 2018Date of Patent: June 9, 2020Assignee: Google LLCInventors: Gang Wang, Yian Gao
-
Patent number: 10681143Abstract: A system, method, node, user equipment and computer program for establishment of a secure connection between a user equipment (100) and a media gateway (130) at setup of a communication session with another party (150) is described. The media gateway (130) is controlled by a control server (120). The control server (120) receives a communication session setup request from the user equipment (100) and determines an indication of a security certificate of the media gateway (130). The control server (120) then sends the indication of the security certificate of the media gateway (130) to the user equipment (100), wherein the indication is sent before or in parallel to sending the communication session setup request towards said other party (150). The user equipment (100) then initiates a negotiation of security related parameters, based on the received indication of the security certificate of the media gateway (130).Type: GrantFiled: September 3, 2014Date of Patent: June 9, 2020Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Yunjie Lu, Huoming Dong
-
Patent number: 10673627Abstract: Using three pieces of element data w1, w2, and w3 obtained by partitioning storage data D, an encryption unit generates three sets of a first set A1 in which the first to third pieces of element data are sequentially arranged, a second set A2 in which the second to third pieces of element data are sequentially arranged, and a third set A3 composed of the third piece of element data. The encryption unit encrypts each piece of element data included in each set with a random number R(1) by a CBC mode.Type: GrantFiled: January 18, 2016Date of Patent: June 2, 2020Assignee: MITSUBISHI ELECTRIC CORPORATIONInventors: Yutaka Kawai, Takato Hirano
-
Patent number: 10659366Abstract: Network devices, such as load balancers may be configured to forward client metadata to back-end nodes using defined fields of a security protocol. For example, client metadata may be inserted into an extension field or certificate defined by a security protocol that is used for a secure connection between the load balancer and the back-end node. In some instances, a source IP address based on a received request may be inserted into the extension field or certificate defined by the security protocol before the request is forwarded to the back-end node. The back-end node may extract the client metadata and use the client metadata for any of a number of processes (e.g., billing, tracking, security, logging, etc.).Type: GrantFiled: November 4, 2015Date of Patent: May 19, 2020Assignee: Amazon Technologies, Inc.Inventor: Nima Sharifi Mehr
-
Patent number: 10652732Abstract: Embodiments are directed to provisioning a general-use basis for authentication of a processor device. During manufacture, a hardware processor stores a secret value and shares a derived value produced based on the secret value with a secure service. These values may be used in a limited-use initial authentication process to authenticate the hardware processor. A general-use basis for authentication not so limited as the initial authentication process is established subsequent to the manufacture of the hardware processor. The general-use basis for authentication may include a public-private key pair, and is established upon successful completion of the initial authentication process. Authentication using the general-use process produces an authentication traceable to the manufacture of the hardware processor.Type: GrantFiled: February 24, 2016Date of Patent: May 12, 2020Assignee: Intel CorporationInventors: Ernie F. Brickell, Rachid El Bansarkhani
-
Patent number: 10652030Abstract: A method and system for generating multiple profiles corresponding to different digital certificates. The profile includes intrinsic attributes and derived attributes associated with a digital certificate. The system enables a customer system to filter digital certificates based on a suitability of the various digital certificates for use with a given application to be executed by or on behalf of the customer system. The suitability may be determined based on a comparison of certificate requirements associated with a customer system's request and one or more of the intrinsic attributes and derived attributes.Type: GrantFiled: March 5, 2018Date of Patent: May 12, 2020Assignee: Amazon Technologies, Inc.Inventors: Marcel Andrew Levy, Peter Zachary Bowen, Todd Lawrence Cignetti, Brandonn Gorman, Ronald Andrew Hoskinson, Brenda Lee Leary, Timothy Sterling Loverin, James Spencer, Nicholas Wexler
-
Patent number: 10623570Abstract: An apparatus, a method, and a computer program receive a request message from a mobile device to connect with an agent and authenticate the request message and provisioning a database for enabled services and service location. A service provider is identified and selected from a plurality of service providers. As a result, the request message is transmitted to the service provider in order to determine availability of the service provider.Type: GrantFiled: March 20, 2018Date of Patent: April 14, 2020Assignee: West CorporationInventors: Michael T. Mateer, James K. Boutcher, Jesse Andersen
-
Patent number: 10616239Abstract: A system includes a communication module that receives a request to post content to an event gallery associated with an event. The request in turn includes geo-location data for a device sending the content, and identification data identifying the device or a user of the device. The system further has an event gallery module to perform a first authorization operation that includes determining that the geo-location data corresponds to a geo-location fence associated with an event. The event gallery module also performs a second authorization operation that includes using the identification data to verify an attribute of the user. Finally, based on the first and second authorization operations, the event gallery module may selectively authorize the device to post the content to the event gallery.Type: GrantFiled: March 18, 2016Date of Patent: April 7, 2020Assignee: Snap Inc.Inventors: Nicholas Richard Allen, Sheldon Chang
-
Patent number: 10594498Abstract: A method for secure transmission of user-authenticating information is provided. The method includes steps of: a service-providing server (a) determining whether a public key of the user is registered in a blockchain network, and instructing a user-authenticating information generator to generate user-authenticating information for reference, instructing an encrypting engine to encrypt the generated user-authenticating information for reference by using the public key of the user retrieved from the blockchain network, and instructing a message-sending part to transmit the encrypted user-authenticating information for reference to a mobile device of the user; and (b) in case that user-authenticating information for comparison is acquired from the user device and if the user-authenticating information for comparison is determined as identical to the user-authenticating information for reference, providing the user device with the service desired by the user.Type: GrantFiled: May 22, 2019Date of Patent: March 17, 2020Assignee: Coinplug, Inc.Inventors: Joon Sun Uhr, Jay Wu Hong, Joo Han Song
-
Patent number: 10595352Abstract: A method and system of establishing a short-range wireless communications connection between a host device and a client device, wherein the host device includes a host certificate and a host key, the method including the steps of: transmitting an advertisement using a short-range wireless communications (SRWC) protocol from the host device to the client device; receiving a connection request message from the client device; receiving a client device verification message, wherein the client device verification message includes an encrypted client certificate, wherein the encrypted client certificate is a certificate that is encrypted using a client key; decrypting the encrypted certificate using the host key to obtain the client certificate; verifying the client certificate using the host certificate; generating a shared secret; encrypting the shared secret using the host key; and sending the encrypted shared secret to the client device.Type: GrantFiled: November 29, 2017Date of Patent: March 17, 2020Assignee: GM GLOBAL TECHNOLOGY OPERATIONS LLCInventors: Brian E. McColgan, Ramie Phillips, III
-
Patent number: 10581595Abstract: Provided are a computer program product, system, and method for generating public/private key pairs to deploy public keys at computing devices to verify digital signatures. A plurality of public-private key pairs are generated to store in a key store. A set of public keys of the public-private key pairs is distributed to the computing systems to use to verify purported digitally signed challenges. One of the public-private key pairs is selected to use a private key of the selected one of the public-private key pairs as a current private key to use to digitally sign challenges from the computing systems. A determination is made to retire the current private key. Another one of the public-private key pairs is selected and the current private key is set to a private key of the selected another one of the public-private key pairs to use to digitally sign challenges from the computing systems.Type: GrantFiled: March 1, 2017Date of Patent: March 3, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Thomas Fiege, Michael P. Groover, Mark E. Hack
-
Patent number: 10574849Abstract: An import unit of an image forming apparatus performs control as follows. If an import target setting value corresponds to a device setting, the import unit determines whether the setting value complies with the security rule. If it is determined that the setting value complies with the security rule, the import unit executes the import processing of the setting value. If it is determined that the setting value does not comply with the security rule, the import unit does not execute the import processing of the setting value. Further, if an import target setting value corresponds to an individual setting, the import unit executes the import processing of the setting value regardless of the security rule.Type: GrantFiled: April 10, 2019Date of Patent: February 25, 2020Assignee: Canon Kabushiki KaishaInventor: Hideo Asahara
-
Patent number: 10567399Abstract: A server communicates over a network with a data inspection device (DID) having access to at least portions of a data file, and assists the DID with matching the data file to known data files represented on the server. A hash tree is constructed for each known data file. To construct each hash tree: the known data file is fragmented into contiguous fragments; spaced fragments separated based on an offset schema are selected from the contiguous fragments; and nodes of the hash tree are generated based on hashes of the spaced fragments, but not the skipped fragments. A hash of a fragment of the data file is received from the DID, and it is compared to the hash trees constructed using the offset schema. Compare results are sent to the data inspection device indicating a match or a mismatch between the received hash and the hash trees.Type: GrantFiled: March 28, 2017Date of Patent: February 18, 2020Assignee: Cisco Technology, Inc.Inventors: Foster Glenn Lipkey, John Joseph Groetzinger, Aaron Frederick Louks
-
Patent number: 10542011Abstract: A system includes a communication module that receives a request to post content to an event gallery associated with an event. The request in turn includes geo-location data for a device sending the content, and identification data identifying the device or a user of the device. The system further has an event gallery module to perform a first authorization operation that includes determining that the geo-location data corresponds to a geo-location fence associated with an event. The event gallery module also performs a second authorization operation that includes using the identification data to verify an attribute of the user. Finally, based on the first and second authorization operations, the event gallery module may selectively authorize the device to post the content to the event gallery.Type: GrantFiled: March 18, 2016Date of Patent: January 21, 2020Assignee: Snap Inc.Inventors: Nicholas Richard Allen, Sheldon Chang
-
Patent number: 10540271Abstract: A system of testing updated software may include a cloud-based production environment. The system may also include a cloud-based testing environment. The system may also include a cloud-based production processing unit configured to receive in response to document, execute an initial software by inputting the document, and determine an initial software result and an initial software process based the document. The system may also include a cloud-based testing processing unit configured to receive the document, execute an updated software by inputting the document, and determine an updated software result and an updated software process based on the document. The system may also include a testing comparison unit configured to compare the initial software result and the updated software result, and compare the initial software process and the updated software process.Type: GrantFiled: August 20, 2018Date of Patent: January 21, 2020Assignee: GLOBAL HEALTHCRAE EXCHANGE, LLCInventors: Steve Cochran, Hatem El-Sebaaly, Eric Bersagel, Mukund Jaiswal, Daniel Milburn
-
Patent number: 10536537Abstract: A master oracle may receive an oracle network identifier for an oracle network. The master oracle may receive a plurality of data messages respectively generated by the oracles. The master oracle may verify, based on respective public keys for the oracles, that each of the data messages are digitally signed by a different corresponding one of the oracles. The master oracle may aggregate the data messages into an aggregated data message. The master oracle may digitally sign the aggregated data message with a private key and public key pair. The master oracle may transmit the aggregated data message to a participant node of a distributed ledger network. A smart contract stored on a blockchain may verify the aggregated data. After receiving and verifying the aggregated data message the smart contract may execute to perform operations based on the aggregated data message.Type: GrantFiled: June 13, 2019Date of Patent: January 14, 2020Assignee: ACCENTURE GLOBAL SOLUTIONS LIMITEDInventors: Anh-Dung Le, Luca Schiatti, Giuseppe Giordano
-
Patent number: 10530781Abstract: A medical device has a device component with an operating state controllable by predefining a predefined value for an operating parameter. A data network interface receives a data message from a central network computer. The data message indicates whether the central network computer is in a blocked state concerning potential user inputs into an input unit of the network computer. The medical device further has an input unit for the potential input of an input value and at least one control unit configured to predefine the predefined value as a function of the input value to the device component as well as to block the input unit for inputs of a user. The control unit is further configured to block the input unit for the input of the input value as a function of the indicated state of the central network computer.Type: GrantFiled: December 20, 2017Date of Patent: January 7, 2020Assignee: Drägerwerk AG & Co. KGaAInventors: Stefan Schlichting, Joshua Abell
-
Patent number: 10524122Abstract: Methods and systems are provided for validating a signature in a multi-tenant environment. A server or other computing device that is part of a distributed network may request a certificate collection from an identified tenant store. The requested certificate collection may be loaded in a virtual store that is accessible by the server or other computing device. The sever or other computing device may then access one or more certificates from the virtual store to validate a signature.Type: GrantFiled: January 23, 2017Date of Patent: December 31, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Tariq Sharif, Yamin Wang, Jinghua Chen
-
Patent number: 10516542Abstract: A certificate authority receives a request to issue a digital certificate from a customer. In response to the request, the certificate authority determines a network endpoint to be specific to the digital certificate that is to serve information usable to determine whether the digital certificate is valid. The certificate authority issues, to the customer, a digital certificate that specifies a network address for the network endpoint and records information about requests made to the network endpoint to obtain the information usable to determine whether the digital certificate is valid.Type: GrantFiled: March 8, 2017Date of Patent: December 24, 2019Assignee: Amazon Technologies, Inc.Inventors: Marcel Andrew Levy, Peter Zachary Bowen, Jonathan Kozolchyk, Nicholas Wexler
-
Patent number: 10489596Abstract: A method includes storing configuration data for a Trusted Platform Module (TPM) in a pre-boot environment such as Unified Extensible Firmware Interface (UEFI), reading the configuration data, and automatically configuring the TPM based upon the configuration data. The configuring includes storing values of TPM parameters in non-volatile memory of the TPM. A method includes UEFI firmware of a circuit board on an assembly line configuring a TPM. An information handling system includes UEFI firmware and a TPM. The UEFI firmware configures the TPM from a configuration file stored in memory of the UEFI firmware.Type: GrantFiled: March 7, 2017Date of Patent: November 26, 2019Assignee: DELL PRODUCTS, LPInventors: Andrew J. O'Rourke, Darin R. Dearwater, Johan Rahardjo, Jeffrey R. Azulay
-
Patent number: 10491762Abstract: An apparatus that executes a job, broadcasts a wireless signal prior to establishing a connection by wireless communication with an external apparatus. The wireless signal includes information relating to the apparatus, by which it can be identified whether execution of a job by the apparatus is possible, in a predetermined packet.Type: GrantFiled: February 7, 2018Date of Patent: November 26, 2019Assignee: CANON KABUSHIKI KAISHAInventor: Taketomo Naruse
-
Patent number: 10484394Abstract: A system includes a communication module that receives a request to post content to an event gallery associated with an event. The request in turn includes geo-location data for a device sending the content, and identification data identifying the device or a user of the device. The system further has an event gallery module to perform a first authorization operation that includes determining that the geo-location data corresponds to a geo-location fence associated with an event. The event gallery module also performs a second authorization operation that includes using the identification data to verify an attribute of the user. Finally, based on the first and second authorization operations, the event gallery module may selectively authorize the device to post the content to the event gallery.Type: GrantFiled: March 18, 2016Date of Patent: November 19, 2019Assignee: Snap Inc.Inventors: Nicholas Richard Allen, Sheldon Chang
-
Patent number: 10475272Abstract: Disclosed are techniques that use devices with corresponding identity wallet applications that execute on an electronic processor device of the devices, and which identity wallets store identity information and encrypt the stored identity information. A distributed ledger system, and a broker system that interfaces to the wallet and the distributed ledger are used for various information exchange cases pertaining to access to facilities.Type: GrantFiled: May 15, 2017Date of Patent: November 12, 2019Assignee: TYCO INTEGRATED SECURITY, LLCInventors: Richard Campero, Sean Davis, Graeme Jarvis, Terezinha Rumble
-
Patent number: 10469482Abstract: The disclosed embodiments include encrypted data retrieval systems and methods to provide access to encrypted data. In one of such embodiments, the method includes receiving a request to access encrypted data. The method also includes analyzing the request to determine a credential of a source electronic device seeking to access the encrypted data. The method further includes determining, based on the credential of the source electronic device, a category of the request. In response to determining the category of the request, the method further includes selecting additional credentials with which to authenticate the request. The method further includes providing an indication of the credentials to at least one operator, wherein the at least one operator is authorized to enter the additional credentials to release the encrypted data. In response to receiving the additional credentials, the method further includes transmitting the encrypted data to the source electronic device.Type: GrantFiled: September 5, 2017Date of Patent: November 5, 2019Assignee: MASERGY COMMUNICATIONS, INC.Inventors: David Venable, Jake Warren, Chris Dudek
-
Patent number: 10462184Abstract: The disclosed computer-implemented method for enforcing access-control policies in an arbitrary physical space may include (i) identifying a collection of devices that are located within a predetermined physical space, (ii) determining the physical location of each device in the collection of devices, (iii) establishing, based on the collection of devices, (a) a list of controlled devices that are subject to an access-control policy and (b) a list of monitoring devices that are capable of monitoring user activity within a physical proximity, (iv) matching each controlled device with at least one monitoring device that is capable of monitoring user activity within physical proximity to the controlled device, and (v) monitoring, for each controlled device and by each monitoring device matched to the controlled device, user activity within proximity to the controlled device. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: June 28, 2016Date of Patent: October 29, 2019Assignee: Symantec CorporationInventors: Lei Gu, Ilya Sokolov, Bruce McCorkendale
-
Patent number: 10454689Abstract: A client maintains a pinned collection of trusted digital certificates. An original digital certificate in the collection may be updated by sending a request to the certificate authority that issued the original digital certificate. The certificate authority generates an updated certificate, signs the updated certificate with a private key of the updated certificate, and also signs the updated certificate with the private key of the original digital certificate. The server provides the updated certificate to the client. The client can validate the signature created with the updated private key using the updated public key of the certificate authority, and the signature created with the original private key can be validated using the original public key of the certificate authority. If both signatures are valid, a continuity of trust may be established, and the updated certificate added to the collection of trusted digital certificates.Type: GrantFiled: August 27, 2015Date of Patent: October 22, 2019Assignee: Amazon Technologies, Inc.Inventor: Nima Sharifi Mehr
-
Patent number: 10447480Abstract: Blockchain blocks are provided with either or both of two element types that enable later verification of block validity. One element type is identifiers, such as signatures, of trusted validators that approve entry of the block into the blockchain. Another element is a history hash tree that encodes data from not only the current block, but also at least one previous block.Type: GrantFiled: December 30, 2016Date of Patent: October 15, 2019Assignee: Guardtime SAInventors: Risto Alas, Hema Krishnamurthy
-
Patent number: 10447683Abstract: Techniques are disclosed for provisioning device-specific credentials to an Internet of Things device that accesses a cloud-based IoT service. The IoT service receives, from the IoT device, a request for device-specific credentials. The request comprises a provisioning certificate including information identifying a group of devices associated with the IoT device. The provisioning certificate is authenticated by evaluating the information with expected information. The device-specific credentials are generated based, at least in part, on the information provided in the provisioning certificate. The device-specific credentials are sent to the IoT device, and the IoT device installs and activates the device-specific credentials. The device-specific credentials are associated with the IoT device in a registry of the IoT service.Type: GrantFiled: November 17, 2016Date of Patent: October 15, 2019Assignee: Amazon Technologies, Inc.Inventors: Rameez Loladia, Ramkishore Bhattacharyya, Ashutosh Thakur, Atulya S. Beheray
-
Patent number: 10437525Abstract: Methods for distributed storage in accordance with embodiments of the invention enable secret sharing. One embodiment includes encoding source data using an encoding system to produce a plurality of sets of encoded data, where: the source data can be recovered from at least a portion of less than all of the plurality of sets of encoded data; and the source data cannot be recovered using less than a threshold number of the plurality of sets of encoded data; storing each of the plurality of sets of encoded data on a storage device from a set of storage devices on which encoded data is stored; determining a set of storage devices that are available using a decoding system, where the set of storage devices that are available does not include all of the storage devices in the set of storage devices on which encoded data is stored.Type: GrantFiled: May 27, 2016Date of Patent: October 8, 2019Assignees: California Institute of Technology, The Research Foundation For the State University of New York, New Jersey Institute of TechnologyInventors: Wentao Huang, Michael Langberg, Joerg Kliewer, Jehoshua Bruck
-
Patent number: 10440051Abstract: Embodiments of the invention are directed to systems, methods and computer program products for enhanced detection of polymorphic malicious content within an entity. In this regard, the present invention receives information associated with an incidence of an electronic file; receives an first hash value of the electronic file from a first network device and a second hash value of the electronic file from a second network device; compares the first hash value with the second hash value; determines that the electronic file is polymorphic based on at least the match; initiates an execution of a quantum optimization algorithm using a quantum optimizer to determine one or more hash value states associated with the electronic file for a third network device; and initiates a control signal configured to store the one or more hash value states in a database associated with the third network device.Type: GrantFiled: March 3, 2017Date of Patent: October 8, 2019Assignee: Bank of America CorporationInventors: Eric Eugene Sifford, William August Stahlhut
-
Patent number: 10439816Abstract: A method is provided for generating a public/private key pair on an IC and to provision an IoT device having the IC. In the method, a first entity manufacturers an integrated circuit (IC) for use in a device. The IC, or chip, has a root secret embedded therein. A public key is generated on the IC using a unique identifier (ID) and the root secret. The IC is provided to a second entity for manufacturing the device using the IC. A reference IC is provided to a third entity. The reference IC has the same embedded root secret as the IC. The reference IC is configured to use the unique ID of the IC and the embedded root secret to generate a derived public key. The third entity is enabled to verify that the public key of the IC is associated with the unique ID by using the derived public key of the reference IC. The method allows the IoT device to be provisioned without using a public key infrastructure.Type: GrantFiled: September 8, 2017Date of Patent: October 8, 2019Assignee: NXP B.V.Inventor: Marno Herman Josephus van der Maas