Message Digest Travels With Message Patents (Class 713/181)
-
Patent number: 9654294Abstract: Various examples are directed to systems and methods for coordinating a non-repudiable atomic commit transaction. A client may direct a transaction request to a transaction manager, where the transaction request comprises a transaction origin token. The transaction manager may create a transaction submission token and provide it to the client. The transaction manager may create a digest of a first work item to be executed by a first resource manager and send the digest to the first resource manager. The first resource manager may send the transaction manager a work item receipt token. The transaction manager may send the resource manager the transaction origin token.Type: GrantFiled: February 26, 2015Date of Patent: May 16, 2017Assignee: Red Hat, Inc.Inventors: Thomas John Jenkinson, Paul Fletcher Robinson
-
Patent number: 9628281Abstract: A long-term signature verification server receives long-term signature data configured using signing target data, verification information for verifying the signing target data, and long-term verification information for verifying the authenticity of original data from a verifier terminal. The server verifies the signing target data and the verification information for a predetermined period of time, forms long-term verification information forming information by extracting predetermined information included in the long-term signature data, and transmits the long-term verification information forming information to the verifier terminal.Type: GrantFiled: July 24, 2014Date of Patent: April 18, 2017Assignee: SEIKO INSTRUMENTS INC.Inventors: Shinichi Murao, Masakazu Uehata, Koichi Shibata
-
Patent number: 9569905Abstract: A method is described that involves creating a private key and a public key cryptographic key pair, generating a unique and random identifier for a voter's vote and accepting an election vote from said voter. The vote and identifier are electronically signed with the private key to create a digital signature. The vote and identifier are provided in a human readable format to the voter.Type: GrantFiled: November 11, 2011Date of Patent: February 14, 2017Inventors: Barry Cohen, Ira Cohen
-
Patent number: 9563769Abstract: A system and method for securely loading data in a cache memory associated with at least one secure processor that performs data processing by using at least one untrusted external memory storing data to be processed, at least one secure internal cache memory to load or store data, and at least one secure cache translator operating as a memory management unit. The secure cache translator stores, into a secure cache digest table, parameters arranged on persistent and variable data pages. The parameters comprise at least a root digest based on node digests calculated on at least one persistent data page according to a Merkle tree structure. The integrity of the data pages is verified during transfers between the secure internal cache memory and the external memory by comparing a calculated root digest with the root digest stored in the secure cache digest table.Type: GrantFiled: June 10, 2015Date of Patent: February 7, 2017Assignee: NAGRAVISION S.A.Inventors: Didier Hunacek, Marco Macchetti, Patrick Servet
-
Patent number: 9565558Abstract: In one or more embodiments, a network provider can receive a request to access a public network via a wireless network implemented via one or more wireless access points. The network provider can receive, via an unsecured wireless communication from a mobile device utilizing the wireless network and via a hypertext transfer protocol secure (HTTPS), an encryption key usable to secure wireless communications from the mobile device utilizing the wireless network. The encryption key can be encrypted via a public encryption key, received from the network provider or previously stored by the mobile device, associated with the network provider. The network provider can decrypt the encryption key and can provide the encryption key to a wireless access point implementing the wireless network and communicating with the mobile device. The wireless access point and the mobile device can communicate in a secure fashion based on the encryption key.Type: GrantFiled: October 21, 2011Date of Patent: February 7, 2017Assignee: AT&T Intellectual Property I, L.P.Inventor: Assad Radpour
-
Patent number: 9529876Abstract: A computer manages methods for determining accurate document transformation by rendering the source document into a non-rasterized format, where the non-rasterized format is a rendered source document. The computer rendering the target document into a non-rasterized format, where the non-rasterized format is a rendered target document. The computer comparing one or more aspects of the rendered source document to corresponding one or more aspects of the rendered target document. The computer determining, based, at least in part, on the compared one or more aspects, whether or not the source document was accurately transformed to the target document.Type: GrantFiled: June 5, 2014Date of Patent: December 27, 2016Assignee: International Business Machines CorporationInventors: Michael Baessler, Thomas A. P. Hampp-Bahnmueller, Philipp Hoffmann, Markus Lorch, Juergen Maletz, Daniel Pittner, Werner Schollenberger, Dirk Seider
-
Patent number: 9529874Abstract: A computer manages methods for determining accurate document transformation by rendering the source document into a non-rasterized format, where the non-rasterized format is a rendered source document. The computer rendering the target document into a non-rasterized format, where the non-rasterized format is a rendered target document. The computer comparing one or more aspects of the rendered source document to corresponding one or more aspects of the rendered target document. The computer determining, based, at least in part, on the compared one or more aspects, whether or not the source document was accurately transformed to the target document.Type: GrantFiled: December 19, 2013Date of Patent: December 27, 2016Assignee: International Business Machines CorporationInventors: Michael Baessler, Thomas A. P. Hampp-Bahnmueller, Philipp Hoffmann, Markus Lorch, Juergen Maletz, Daniel Pittner, Werner Schollenberger, Dirk Seider
-
Patent number: 9477714Abstract: Methods and apparatus are described for scoring documents in response, in part, to parameters related to the document, source, and/or cluster score. Methods and apparatus are also described for scoring a cluster in response, in part, to parameters related to documents within the cluster and/or sources corresponding to the documents within the cluster. In one embodiment, the invention may detect at least one document within the cluster; analyze a parameter corresponding to the document; and compute a cluster score based, in part, on the parameter, wherein the cluster score corresponds with at least one document within the cluster.Type: GrantFiled: September 17, 2014Date of Patent: October 25, 2016Assignee: Google Inc.Inventors: Krishna Bharat, Jeffrey A. Dean, Michael Curtiss, Amitabh Singhal, Michael Schmitt
-
Patent number: 9438416Abstract: Systems (100) and methods (600) for generating encrypted data. The methods involve: combining a cryptographic key with state initialization bits to generate first combination bits; producing a first keystream by performing a permutation function ƒ using the first combination bits as inputs thereto; and using the first keystream to encrypt first data (e.g., authentication data or message body data) so as to produce first encrypted data. The permutation function ƒ comprises a round function ƒround that is iterated R times. The round function ƒround consists of (1) a substitution layer in which the first combination bits are substituted with substitute bits, (2) a permutation layer in which the substitute bits are re-arranged, (3) a mixing layer in which multiple of the permutation layer are combined together, and (4) an addition layer in which a constant is added to the output of the mixing layer.Type: GrantFiled: July 18, 2014Date of Patent: September 6, 2016Assignee: Harris CorporationInventors: Michael T. Kurdziel, Matthew Kelly, Alan Kaminsky, Marcin Lukowiak, Stanislaw Radziszowski
-
Patent number: 9401921Abstract: A system and method generates a message integrity check. The message integrity check value is computed by hashing one or more block checksums from procedure specific parameters of an RPC and then encrypting the resulting hash value. The computed message integrity check is appended to the RPC to thereby provide a level of security approaching or equal to the level of Integrity defined by the RPCSEC_GSS protocol specification.Type: GrantFiled: December 24, 2013Date of Patent: July 26, 2016Assignee: NetApp, Inc.Inventor: Peter F. Corbett
-
Patent number: 9344405Abstract: A method for establishing a secure communication session over communication paths between one or more client devices and one or more server computers according to a communication protocol includes initiating the session including passing communication through a proxy on a device on the communication paths, passing session initiation information between the client devices and the server computers via the proxy, passing encrypted content between the client devices and the server computers over secure communication sessions, each established for exclusive access from one client device and one server computer based on the exchanged session initiation information between said client device and said server computer whereby the proxy does not have access to the content, and modifying, using the proxy, at least some information passing between a client device and a server computer such that the communication to and from the server computer adheres to the communication protocol.Type: GrantFiled: June 17, 2013Date of Patent: May 17, 2016Assignee: Massachusetts Institute of TechnologyInventors: Roger I. Khazan, Daniil M. Utin
-
Patent number: 9332435Abstract: A User Equipment (UE), network-side device, system and method are disclosed for external authentication using an Extensible Authentication Protocol (EAP). The method includes, when the UE is initially attached to an Evolved Packet System (EPS) network via an Evolved UMTS Terrestrial Radio Access Network (E-UTRAN), the UE transmitting EAP authentication information required for the EAP authentication to a packet data network gateway and, after receiving EAP request, the UE transmitting a bearing resource modification request message carrying EAP response to the packet data network gateway. With the method, the UE can use the EAP authentication to implement authentication and authorization by an external authentication and authorization server via a GGSN/PDN GW in a process of connecting the UE to the EPS via a 3GPP access.Type: GrantFiled: October 19, 2012Date of Patent: May 3, 2016Assignee: ZTE CorporationInventors: Xingyue Zhou, Shuang Liang, Chunhui Zhu
-
Patent number: 9306905Abstract: A computer implemented system and method for providing users with secured access to application servers have been disclosed. The system and method envisaged by the present disclosure are not restricted to providing users with secured access to application servers. The system and the method also ensure that transactions performed by the users through the application servers remain secured and hack-resistant. The present disclosure envisages a system that acts as a secured, trusted gateway between the users and the application servers associated with providers of sensitive services such as banking and financial institutions. In case of the system envisaged by the present disclosure, rather than directly accessing an application server, users are made to contact the system of the disclosure and upon verification of their respective identities, are allowed to access the application servers associated with providers of sensitive services.Type: GrantFiled: December 15, 2012Date of Patent: April 5, 2016Assignee: TATA CONSULTANCY SERVICES LTD.Inventor: Prasanna Bidare
-
Patent number: 9300682Abstract: Identification, characterization and attribution of executable content within and across an enterprise infrastructure (e.g., hosts, subnets, routers, etc.) to provide situational awareness for cyber security for purposes of supporting proactive defense and response. Copies of executable content collected at one or more locations within an infrastructure (e.g., hosts, network edges, etc.) may be passed to a central analysis server whereby various characteristics of the executable content may be extracted or gleaned from the copies such as author marks (e.g., directory names), tool marks (e.g., compiler settings), behaviors (e.g., function extraction), patterns (e.g., byte sequences), text, and/or the like. The characteristics may be analyzed in various manners to build profiles of actors or organizations associated with (e.g., responsible for) executable content within the enterprise infrastructure.Type: GrantFiled: August 9, 2013Date of Patent: March 29, 2016Assignee: Lockheed Martin CorporationInventors: James B. Burnham, Robert W. Hale, Timothy A. Sewell
-
Patent number: 9246929Abstract: A security system and service, which improves the performance of SECaaS services, is described. A security server system tracks the content that has successfully passed through its security modules and distributes this information to the end user client devices as hashlist information. The remote client devices can then safely bypass the cloud for a significant fraction of Web object requests by using information on a locally stored hashlist to validate Web objects.Type: GrantFiled: September 9, 2013Date of Patent: January 26, 2016Assignee: Polytechnic Institute of New York UniversityInventors: Justin Cappos, Nasir Memon, Sai Teja Peddinti, Keith Ross
-
Patent number: 9225737Abstract: A computer-implemented method for identifying abnormal computer behavior includes receiving, at a computer server subsystem, data that characterizes subsets of particular document object models for web pages rendered by particular client computers; identifying clusters from the data that characterize the subsets of the particular document object models; and using the clusters to identify alien content on the particular client computers, wherein the alien content comprises content in the document object models that is not the result of content that is the basis of the document object model served.Type: GrantFiled: October 16, 2013Date of Patent: December 29, 2015Assignee: Shape Security, Inc.Inventors: Justin D. Call, Subramanian Varadarajan, Xiaohan Huang, Xiaoming Zhou, Marc R. Hansen
-
Patent number: 9196099Abstract: A tachograph and a toll onboard unit as communication partners, which each have a data interface for a data communication via a vehicle data bus to which the communication partners are coupled. The tachograph and/or the toll onboard unit are implemented as a transmitter of data to ascertain a cryptographic check value as a function of user data, which are to be transmitted to the communication partner, and to transmit the cryptographic check value in addition to the user data to the communication partner. The toll onboard unit or the tachograph, respectively, as a receiver of data, is implemented to receive user data and the cryptographic check value associated with the user data from the communication partner and to check the received user data for corruption as a function of the received cryptographic check value.Type: GrantFiled: September 25, 2008Date of Patent: November 24, 2015Assignee: Continental Automotive GmbHInventors: Thomas Grill, Erwin Hess, Raphael Lo Conte, Gerhard Rombach
-
Patent number: 9191324Abstract: A MAC aggregation technique utilizing a large field addition operation is disclosed. The large field addition operation defines the addition of two or more MACs mod p, where the two or MACs may comprise constituent MACs or aggregate MACs, and where p is a prime number that is large relative to the size of the MACs. The disclosed MAC aggregation technique yields an aggregate MAC much shorter than the concatenation of constituent MACs while achieving security even in the case where constituent MACs may be aggregated in duplicate.Type: GrantFiled: August 22, 2012Date of Patent: November 17, 2015Assignee: Alcatel LucentInventor: Vladimir Y. Kolesnikov
-
Patent number: 9189632Abstract: The present invention relates to communication technologies and discloses a method and an apparatus for protecting security of data, so as to solve the problem of the prior art in which the security of data transmission between a communication terminal which has a characteristic of small data transmission and the network cannot be guaranteed. Information relevant to security context is stored if a communication terminal has a characteristic of small data transmission; current security context is obtained according to the information relevant to security context; and security protection of communication data is performed by employing the current security context. The embodiments of the present invention may be applied to a communication system having a characteristic of small data transmission, such as an MTC and the like.Type: GrantFiled: July 16, 2013Date of Patent: November 17, 2015Assignee: Huawei Technologies Co., Ltd.Inventors: Lijia Zhang, Yixian Xu, Jing Chen
-
Patent number: 9177169Abstract: Systems and methods for activating a token to enable a user to enter a transaction based on information received from a recovery key and a passcode are described herein.Type: GrantFiled: February 11, 2013Date of Patent: November 3, 2015Assignee: WWPass CorporationInventors: Eugene Shablygin, Eric Scace, Mikhail Vysogrets, Vasily Zakharov, Oleg Bolotov
-
Patent number: 9164810Abstract: The present disclosure relates to systems and methods for context-aware adaptive computing. In one embodiment, the present disclosure includes a method comprising receiving a request at a first information handling system (IHS) to perform an application computation. The method also includes determining a user's context, the user operating the first IHS, and ascertaining a battery state of the first IHS. The method further includes allocating the application computation between the first IHS and a second IHS based at least on the user's context and the battery state of the first IHS. The present disclosure also includes associated systems and apparatuses.Type: GrantFiled: April 16, 2013Date of Patent: October 20, 2015Assignee: Dell Products L.P.Inventors: Will A. Egner, Sunil Jason Kumar, Christopher Labrador, Richard William Schuckle
-
Patent number: 9166792Abstract: According to an embodiment, a data management device includes a receiver; a first calculator; a second calculator; and a transmitter. The receiver is configured to receive at least one piece of encrypted data obtained by encrypting a piece of data and at least one message authentication code for the piece of encrypted data. The first calculator is configured to aggregate pieces of encrypted data received to calculate aggregated encrypted data corresponding to a sum of the pieces of data encrypted. The second calculator is configured to sum up message authentication codes received to calculate a total value of the message authentication codes for the aggregated encrypted data. The transmitter is configured to transmit the aggregated encrypted data and the total value of the message authentication codes.Type: GrantFiled: February 13, 2014Date of Patent: October 20, 2015Assignee: Kabushiki Kaisha ToshibaInventors: Shinji Yamanaka, Yuichi Komano, Satoshi Ito
-
Patent number: 9122605Abstract: The present application relates to a method for determining multiple simultaneous fault conditions on complex systems. The method comprises receiving symptoms of a complex system from monitors. When some of the symptoms suggest the existence of multiple simultaneous fault conditions, then the method creates a symptom signature, creates one or more failure mode signatures, and creates an error code for each failure mode signature in regard to the symptom signature. Each failure mode signature is associated with only one failure mode. A Hamming distance is determined for each failure mode indicated as possibly causing the original fault condition. Each failure mode with the minimum Hamming distance and same Hamming Code are grouped together as being one of the multiple simultaneous fault conditions. All remaining failure modes with other Hamming distances are then assigned into one of the simultaneous fault conditions.Type: GrantFiled: September 23, 2013Date of Patent: September 1, 2015Assignee: HONEYWELL INTERNATIONAL INC.Inventors: Douglas Allen Bell, Tim Felke
-
Patent number: 9098728Abstract: Disclosed is a viewing apparatus including a transmission unit having light transparency, through which an image is viewed, the viewing apparatus comprising: an identification information obtaining unit which obtains identification information to identify a user of the viewing apparatus; and a processor which performs: authentication processing which authenticates the user based on the identification information; judgment processing which judges whether a hidden image included in advance in the image can be viewed or not, based on a result of the authentication processing; and adjustment processing which adjusts light passing through the transmission unit to switch whether the hidden image can be viewed or not, based on a result of the judgment processing.Type: GrantFiled: February 6, 2012Date of Patent: August 4, 2015Assignee: CASIO COMPUTER CO., LTD.Inventors: Yasuo Kishigami, Chie Fukuda, Tomoko Yamazaki
-
Patent number: 9100193Abstract: In a method for protecting sensor data from manipulation, in the context of an authentication of the sensor, a number used once is sent from a control unit to the sensor, the sensor generating with the use of the number used once a cryptographic authentication message and sending at least a first part of the cryptographic authentication message to the control unit. In addition, the sensor data are provided with a cryptographic integrity protection, time-variant parameters being added to the sensor data and the sensor data being sent with the cryptographic integrity protection and the added time-variant parameters from the sensor to the control unit. For calculation of the initial parameters, at least a second part of the cryptographic authentication message is utilized.Type: GrantFiled: September 8, 2010Date of Patent: August 4, 2015Assignee: ROBERT BOSCH GMBHInventors: James Newsome, Robert Szerwinski, Jan Hayek
-
Patent number: 9071634Abstract: A fault prediction system comprises a processor, a data storage device and a network connection. The processor acts to commence monitoring of a newly notified device upon the network irrespective of whether details of the device are stored in a database on the data storage device or not.Type: GrantFiled: October 30, 2009Date of Patent: June 30, 2015Assignee: NCR CorporationInventors: Anderson J. Wood, Robert E. Daniel, Tina M. Stafford
-
Publication number: 20150149786Abstract: A network storage system for a download intensive environment is provided. The network storage comprises at least a data storage server (DSS) that includes an interface enabling connection of the DSS to a network at a location that enables at least a view of network transactions performed by a plurality of clients; a storage unit; and a system adapted to monitor the network transactions occurring on the network and identification of the network transactions as belonging to a registered client of the DSS, and storing in the storage the transactions with an identification corresponding to the registered client.Type: ApplicationFiled: February 5, 2015Publication date: May 28, 2015Applicant: REDUXIO SYSTEMS LTD.Inventors: Nir PELEG, Or SAGI, Amnon STRASSER
-
Patent number: 9043602Abstract: Systems and methods for generating and using ephemeral identifiers are provided. One example method includes determining, by one or more computing devices, a current time-count. The method includes determining, by the one or more computing devices, a time-modified identifier based at least in part on a static identifier and the current time-count. The method includes determining, by the one or more computing devices, an ephemeral identifier based at least in part on the time-modified identifier and a rotation key. One example system includes a plurality of beacon devices, at least one observing entity, and at least one verifying entity.Type: GrantFiled: December 3, 2014Date of Patent: May 26, 2015Assignee: Google Inc.Inventors: Ken Krieger, Michel Weksler
-
Publication number: 20150127949Abstract: Systems and methods for more efficient mesh associations are disclosed. In some aspects, a non-member device may join a mesh network via a four way message exchange with any member device of the mesh network. The four way message exchange between the mesh member device and the non-member device provides for authentication and association between the two devices. As a result of the four way message exchange, a common group key is provided to the non-member device. The common group key is utilized by all mesh member devices to encrypt and decrypt group addressed mesh messages exchanged between any of the mesh member devices. Association identifiers for each of the two devices are also provided during the exchange. PHY/MAC capabilities may also be exchanged. In some aspects, IP address assignment for the two devices may also be accomplished during the four way message handshake.Type: ApplicationFiled: October 24, 2014Publication date: May 7, 2015Inventors: Abhishek Pramod Patil, Soo Bum Lee, George Cherian, Santosh Paul Abraham
-
Patent number: 9015853Abstract: Methods and systems of concealing access patterns to data storage, such as within servers of a cloud computing environment are presented. Server data storage is securely partitioned into smaller electronic data storage partitions of predetermined size. The client side maintains a shuffling buffer and position map for these blocks as stored on the electronic data storage partitions of the server. Concealment is performed with respect to accesses from the client to server using an oblivious sorting protocol. Access operation is concealed with each block being randomly assigned to any of the data storage partitions, and whenever a block is accessed, the block is logically removed from its current partition and logically assigned to a fresh random partition selected from all partitions, while the client maintains tracking of which partition each block is associated with at any point of time.Type: GrantFiled: June 17, 2013Date of Patent: April 21, 2015Assignee: The Regents of the University of CaliforniaInventors: Emil Stefanov, Elaine Shi, Dawn Song
-
Patent number: 9015488Abstract: An efficient solution for secure implementation of indirect addressing (IA) is described. IA may be used, for example, in networks of which the routing algorithms are not capable of multicast but also contain very constrained devices that, although requiring multicast, are not capable of repeated unicast. This ID is useful in wireless networks containing low-power low-cost devices.Type: GrantFiled: October 20, 2010Date of Patent: April 21, 2015Assignee: Koninklijke Philips N.V.Inventor: Thomas Andreas Maria Kevenaar
-
Patent number: 9009484Abstract: A method for securing communication between a plurality of members. The method includes a first member sending a first input to a second member, receiving a second input from the second member, and generating, by an n-bit generator, an initial message digest using the first input and the second input. Communications between the first member and the second member are encrypted using the initial message digest.Type: GrantFiled: June 28, 2013Date of Patent: April 14, 2015Assignee: PACid Technologies, LLCInventor: Guy Fielder
-
Patent number: 9009482Abstract: Methods, systems, and apparatus are disclosed which enable flexible insertion of forensic watermarks into a digital content signal using a common customization function. The common customization function flexibly employs a range of different marking techniques that are applicable to a wide range of forensic marking schemes. These customization functions are also applicable to pre-processing and post-processing operations that may be necessary for enhancing the security and transparency of the embedded marks, as well as improving the computational efficiency of the marking process. The common customization function supports a well-defined set of operations specific to the task of forensic mark customization that can be carried out with a modest and preferably bounded effort on a wide range of devices. This is accomplished through the use of a generic transformation technique for use as a “customization” step for producing versions of content forensically marked with any of a multiplicity of mark messages.Type: GrantFiled: September 26, 2013Date of Patent: April 14, 2015Assignee: Verance CorporationInventor: Joseph M. Winograd
-
Patent number: 9003194Abstract: By way of example only, in various embodiments, the present system and system is designed to reduce the size of data on a computer through compression, to improve hash, message digest, and checksum technology and their application to information and data storage, to improve uniqueness by using mutual exclusion in hash and checksum tests, to improve checksum tests providing better computer security, to create an XML compression format and to move binary compression formats to XML or other markup language, to utilize variable length hashes and message digests, and to create an XML based checksum that can be used to verify the integrity of files.Type: GrantFiled: October 27, 2011Date of Patent: April 7, 2015Assignee: Elsevier, Inc.Inventor: Nathan Scott Ross
-
Publication number: 20150095653Abstract: A non-transitory computer readable recording medium has stored thereon an application package including at least one file, the application package including an executable file created by compiling a program code, a manifest file including a hash value of the at least one file included in the application package, a digest information file including a hash value of the manifest file, a certificate file including a hash value of the digest information file, the hash value of the digest information file being digitally signed using a private key, security information including a public key corresponding to the private key, the security information being encrypted using an encryption key, and a native library including an application programming interface (API) configured to execute the executable file.Type: ApplicationFiled: August 28, 2014Publication date: April 2, 2015Applicant: SAMSUNG ELECTRONICS CO., LTD.Inventors: Woo-chul SHIM, Bong-seon KIM
-
Patent number: 8996887Abstract: Methods, systems, and apparatus, including a method for providing data. The method comprises receiving a first request from a first virtual machine (VM) to store data, obtaining the data and an access control list (ACL) of authorized users, obtaining a data key that has a data key identifier, encrypting the data key and the ACL using a wrapping key to generate a wrapped blob, encrypting the data, storing the wrapped blob and the encrypted data, and providing the data key identifier to users on the ACL. The method further comprises receiving a second request from a second VM to obtain a data snapshot, obtaining an unwrapped blob, obtaining the data key and the ACL from the unwrapped blob, authenticating a user associated with the second request, authorizing the user against the ACL, decrypting the data using the data key, and providing a snapshot of the data to the second VM.Type: GrantFiled: February 24, 2012Date of Patent: March 31, 2015Assignee: Google Inc.Inventors: Andrew Kadatch, Michael A. Halcrow
-
Patent number: 8997179Abstract: Technologies related to shared secret identification for secure communication are generally described. In some examples, devices may exchange hashes, such as file deduplication hashes, to identify a matching hash. The identified matching hash represents a shared data item which may be used as a shared secret to encrypt and/or decrypt subsequent secure communications between the devices. Each device retrieves the shared data item from its respective secure memory and may use the shared data item to encrypt and/or decrypt subsequent secure communications. An eavesdropper may observe the hash exchange, but will not be able to decrypt the secure communications without access to the shared data item, because hashes may be effectively non-invertible.Type: GrantFiled: September 26, 2012Date of Patent: March 31, 2015Assignee: Empire Technology Development LLCInventor: Ezekiel Kruglick
-
Publication number: 20150089237Abstract: A method and apparatus are described for performing cipher communication in a wireless local area network system. A pseudo noise (PN) code sequence for a plaintext Medium Access Control (MAC) protocol data unit (MPDU) is obtained. An additional authentication data (AAD) is constructed by using at least one field in a header of the plaintext MPDU. A Nonce is constructed from the PN code sequence, an Address 2 field in the header of the plaintext MPDU and a Priority field in the header of the plaintext MPDU. A counter mode (CTR) is generated with cipher block chaining (CBC)-MAC Protocol (CCMP) header. Encrypted data and Message Integrity Code (MIC) are generated by using a temporal key, the AAD, and the Nonce. An encrypted MPDU is generated to be transmitted to a peer station by combining the plaintext MPDU header, the CCMP header, the encrypted data and the MIC.Type: ApplicationFiled: November 26, 2014Publication date: March 26, 2015Applicant: LG ELECTRONICS INC.Inventors: Eun Sun KIM, Yong Ho SEOK
-
Publication number: 20150089236Abstract: A real-time frame authentication protocol is presented for in-vehicle networks. A frame identifier is made anonymous to unauthorized entities but identifiable by the authorized entities. Anonymous identifiers are generated on a per-frame basis and embedded into each data frame transmitted by a sending ECU. Receiving ECUs use the anonymous identifiers to filter incoming data frames before verifying data integrity. Invalid data frame are filtered without requiring any additional run-time computations.Type: ApplicationFiled: September 23, 2014Publication date: March 26, 2015Inventors: Kyu Suk Han, Swapna Divya Potluri, Kang G. Shin
-
Patent number: 8990576Abstract: Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value vi associated therewith, wherein the value vi is given by vi=h (vi+1), for a given hash function or other one-way function h. An initial distribution of helper values may be stored for the one-way chain of length s, e.g., at positions given by i=2j for 0?j?log2 s. A given one of the output values vi at a current position in the one-way chain may be computed utilizing a first helper value previously stored for another position in the one-way chain between the current position and an endpoint of the chain. After computation of the given output value, the positions of the helper values are adjusted so as to facilitate computation of subsequent output values.Type: GrantFiled: July 12, 2013Date of Patent: March 24, 2015Inventor: Bjorn Markus Jakobsson
-
Patent number: 8990319Abstract: A computer-implemented method for negotiating a time and a medium for communications between users is described. The method is performed at a server including one or more processors and memory storing one or more programs. The method includes receiving a request from a first user to negotiate a time and a medium for communication with a second user. The request includes a plurality of acceptable mediums of communication. The method also includes generating a first notification based on the request. The first notification includes the plurality of acceptable mediums of communication. The method furthermore includes transmitting the first notification to the second user, and receiving a response to the first notification from the second user. The response indicates whether the second user has accepted one of the acceptable mediums of communication.Type: GrantFiled: January 7, 2011Date of Patent: March 24, 2015Assignee: Fuji Xerox Co., Ltd.Inventors: Jason Wiese, Jacob Biehl, Althea Turner
-
Patent number: 8989387Abstract: A method and system for ascertaining an object status of an object associated to an authenticity certificate. A first hashing result of an object identifier encoded within a decrypted first encrypted step certificate is extracted. A second hashing result is obtained from hashing the object to be authenticated. A third hashing result of an object identifier encoded within a decrypted second encrypted step certificate is extracted. A fourth hashing result is obtained from hashing the object to be authenticated. It is determining that the first hashing result is equal to the second hashing result and that the third hashing result is equal to the fourth hashing result, from which it is ascertained the object status of the object is that the object is an authentic object, a counterfeited object, or a stolen object. The ascertained object status is displayed on a screen of an authenticity verification equipment.Type: GrantFiled: April 2, 2013Date of Patent: March 24, 2015Assignee: International Business Machines CorporationInventors: Frederic Bauchot, Gerard Marmigere, Christophe Mialon, Pierre Secondo
-
Patent number: 8983061Abstract: A method and apparatus cryptographically process data including a plurality of data segments. The cryptographic process includes (a) receiving a plurality of data segments, (b) selecting, for each data segment, a set of encryption information based on data contained in a predetermined portion of the data segment to be encrypted, and (c) encrypting each data segment using the set of encryption information selected for the data segment. At least one of an encryption algorithm, an encryption key, and an encryption parameter may be changed for each data segment based on the data contained in the predetermined portion. The predetermined portion may include a first predetermined portion for selecting a first set of encryption information, and a second predetermined portion for selecting a second set of encryption information, the encryption information including an encryption algorithm, an encryption key, and optionally an encryption parameter.Type: GrantFiled: February 13, 2004Date of Patent: March 17, 2015Assignee: IVI Holdings Ltd.Inventor: Masashi Watanabe
-
Patent number: 8977859Abstract: In one aspect, the present invention comprises one or more processors that generate a first checksum value for a data block and a second checksum value for the data block, wherein the first checksum value is generated by applying a first checksum algorithm to the data block and the second checksum value is generated by applying a second checksum algorithm, different from the first checksum algorithm, to the data block; one or more processors operable to create a data entry comprising data identifying: the first and second checksum values, the first and second checksum algorithms, and at least one of the identified attributes of the data block, the data entry not comprising the data block, and wherein the data block can be recovered using the data entry; and one or more processors that store the data entry in a computer-readable medium. Other aspects comprise related systems, methods, and software.Type: GrantFiled: May 3, 2005Date of Patent: March 10, 2015Assignee: Elsevier, Inc.Inventor: Nathan Scott Ross
-
Patent number: 8977860Abstract: A method and apparatus for maintaining a tamper proof device log are described. In one embodiment, the method comprises maintaining an embedded log in the device, the embedded log being a chain of log entries. In one embodiment, the method may also comprise publishing at least one log entry to a location external to the device.Type: GrantFiled: May 20, 2013Date of Patent: March 10, 2015Assignee: Ricoh Co., Ltd.Inventors: John Barrus, Michael Gormish, Sergey Chemishkian
-
Patent number: 8972735Abstract: Methods and apparatus to certify digital signatures are disclosed. An example method includes retrieving, from a first database, a first geographical location associated with an identification number associated with a network device and identified in a request to certify a digital signature, comparing the first geographical location associated with the identification number to a second geographical location to verify the second geographical location, determining that the first geographical location matches the second geographical location, and certifying the digital signature to indicate an authenticity of the digital signature based on the verification of the second geographical location and a comparison of (a) biometric information associated with a user associated with the request and (b) stored biometric information.Type: GrantFiled: April 3, 2014Date of Patent: March 3, 2015Assignee: AT&T Intellectual Property I, L.P.Inventors: Brian M. Novack, David L. Dunmire, Daniel L. Madsen, Michael D. Cheaney, Timothy R. Thompson
-
Patent number: 8959615Abstract: According to one embodiment, a storage system includes a host device and a secure storage. The host device and the secure storage produce a bus key which is shared only by the host device and the secure storage by authentication processing, and which is used for encoding processing. The host device produces a message authentication code including a message which can be stored in the secure storage based on the bus key, and sends the produced message authentication code to the secure storage. The secure storage stores the message included in the message authentication code in accordance with instructions of the host device. The host device verifies whether the message stored in the secure storage is intended contents.Type: GrantFiled: February 25, 2013Date of Patent: February 17, 2015Assignee: Kabushiki Kaisha ToshibaInventors: Yuji Nagai, Yasufumi Tsumagari, Shinichi Matsukawa, Hiroyuki Sakamoto, Hideki Mimura
-
Patent number: 8949606Abstract: A method transmits a message between a transmitter and a receiver on a bus using an identifier associated with the transmitter/receiver path for the purpose of authentication and a message counter. The identifier is dynamically selected from an identification sequence depending on the message counter value and is integrated into the message check sum but not transmitted via the bus. A control device and a vehicle are adapted to carry out the method for transmitting a message.Type: GrantFiled: June 18, 2010Date of Patent: February 3, 2015Assignees: Audi AG, Volkswagen AG, TTTech Computertechnik AGInventors: Sven Schachtner, Thomas Bizenberger, Bernhard Gstoettenbauer
-
Patent number: 8935778Abstract: Aspects of the present invention maintain data integrity of a monitored data object in a monitored storage repository. A first security value for the monitored data object is determined. The first security value is stored along with an authentic copy of the monitored data object in the secure repository. The second security value for the monitored data object is determined after a predetermined time interval. The first security value is compared with the second security value. An alert is generated in response to determining a difference between the second security value and the first security value.Type: GrantFiled: April 29, 2011Date of Patent: January 13, 2015Assignee: International Business Machines CorporationInventors: Jay Harish Hira, Narayanan Krishnan
-
Patent number: 8935533Abstract: A new approach for a transport protocol for sensor data collection, such as a smart grid is described. In one embodiment of the invention, each server avoids keeping security and communication state per client through the notion of a secure “state-token”. The state token is issued with each server message and is subsequently attached to corresponding client messages delivered to the server. An implementation is provided in which the server encrypts and authenticates the associated session state, and then gives the resulting encryption for the client to temporarily store and return to the server with a next message. In this way, a server does not keep session state after sending the encryption back to a client and can quickly restore session state when the next message from the client arrives.Type: GrantFiled: December 20, 2011Date of Patent: January 13, 2015Assignee: Alcatel LucentInventors: Young Jin Kim, Vladimir Kolesnikov, Marina K. Thottan