Follow us on Twitter
twitter icon@FreshPatents

Crypto patents


This page is updated frequently with new Crypto-related patent applications.

new patent Transparent bridge for monitoring crypto-partitioned wide-area network
This disclosure is directed to monitoring a crypto-partitioned, or cipher-text, wide-area network (wan). A first computing device may be situated in a plain-text portion of a first enclave behind a first inline network encryptor (ine).
Architecture Technology Corporation

new patent Privately performing application security analysis
Systems and methods for analyzing applications on a mobile device for risk so as to maintain the privacy of the application user are provided. In the example method, the process receives a request from a mobile device.
Proofpoint, Inc.

new patent Subscriber identification system
A subscriber identification system for identifying a subscriber in a communications network includes: a first circuit module in which at least a subscriber id is stored, wherein the first circuit module comprises a first communications interface configured to receive a request signal for the subscriber id and to transmit the subscriber id in response to receiving the request signal; and a second circuit module in which at least a cryptographic key is stored, wherein the second circuit module comprises a second communications interface configured to receive an input parameter, wherein the second circuit module is configured to link the input parameter with the cryptographic key to obtain an output parameter, and wherein the second communications interface is configured to transmit the output parameter.. .
Deutsche Telekom Ag

new patent Vehicle communication system, onboard apparatus, and key issuing apparatus
A vehicle communication system includes an onboard apparatus, a mobile device, and a key issuing apparatus provided outside the vehicle for issuing a key for cryptographic communication between the mobile device and the onboard apparatus. The mobile device and the onboard apparatus store the key, and perform the cryptographic communication using the key.
Denso Corporation

new patent Network without abuse of a private key
A network includes a logical network and a physical network. The logical network includes a plurality of logical nodes.

new patent System and generating a server-assisted strong password from a weak secret
Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.. .
International Business Machines Corporation

new patent Secure communications using organically derived synchronized processes
This disclosure provides a system and method for secure communications. The method can enable secure machine-to-machine communications within discrete security groups having two or more communication nodes using a zero knowledge authentication process and related cryptography.
Olympus Sky Technologies, S.a.

new patent Secure key management and peer-to-peer transmission system with a controlled, double-tier cryptographic key structure and corresponding method thereof
Aspects of the disclosure provides a secure key management and data transmission system that includes a transmission system, a data consumer network device, a user network device, and a data transmission network. The transmission management system is configured to receive user-specific data from the user network device via the data transmission network and receive a request for a service corresponding to processing the user-specific data according to a proprietary process provided by the data consumer network device.
Swiss Reinsurance Company Ltd.

new patent Systems and methods for recovering information from a recording device
A recording device may record information continuously. Particular events which occur during recording may be of interest for review (e.g.
Axon Enterprise, Inc.

new patent Online payer authentication service
A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as the use of passwords.

new patent

Secure data handling in a breath alcohol calibration station

A breath alcohol device calibration system includes a computerized calibration module operable to calibrate a breath alcohol device, and an interface operable to couple the breath alcohol device to a remote server. The interface uses a connection employing a cryptographic function such that data stored on the breath alcohol device can be securely transferred from the breath alcohol device to the remote server using the calibration system.
Consumer Safety Technology, Llc

new patent

Carbazole-containing sulfonamides as cryptochrome modulators

The subject matter herein is directed to carbazole-containing sulfonamide derivatives and pharmaceutically acceptable salts or hydrates thereof of structural formula i wherein the variable r1, r2, r3, r4, r5, r6, r7, a, b, c′, d, e, f, g, h′, a, and b are accordingly described. Also provided are pharmaceutical compositions comprising the compounds of formula i to treat a cry-mediated disease or disorder, such as diabetes, obesity, metabolic syndrome, cushing's syndrome, and glaucoma..
Reset Therapeutics, Inc.

Data transmission using dynamically rendered message content prestidigitation

A communication method and system according to the present invention generates a unique cryptographically secure uri in response to receiving a user post. The user post and uri are stored temporarily. Llc

Secure data destruction in a distributed environment using key protection mechanisms

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key.
Amazon Technologies, Inc.

Binding data to a network in the presence of an entity

Implementations of the disclosure provide for binding data to a network in the presence of an entity. In one implementation, a cryptographic system is provided.
Red Hat, Inc.

Computer-implemented cryptographic improving a computer network, and terminal, system and computer-readable medium for the same

A method at a terminal in a multiple-node digital communications network, comprising any one or more of: generating at least one symmetric first key(s), across all participating nodes in the multiple-node digital communications network and securely distributing the at least one first key(s) in encrypted form to multiple participating nodes of the multiple-node digital communications network, using at least one asymmetrically established second key(s), the participating nodes including at least one message-transmitting node(s) and at least one message-receiving node(s); generating at least one symmetric third key(s) for one or more communication session that includes one or more communications from the at least one message-transmitting node(s) to the message-receiving node(s); encrypting at least one payload message using the at least one third key(s) at the at least one message-transmitting node(s), sending the encrypted at least one payload message, and receiving the encrypted at least one payload message at the at least one message-receiving node(s); encrypting the at least one third key(s) using the at least one first key(s), sending the encrypted at least one third key(s), and receiving the encrypted at least one third key(s) at the at least one message-receiving node(s); decrypting the at least one third key(s) using the securely distributed at least one first key(s), at the at least one message-receiving node(s); and decrypting the at least one encrypted payload message using the decrypted at least one third key(s), at the at least one message-receiving node(s). A terminal, system, and computer readable medium are also disclosed..
Trillium Incorporated

Secure delivery and storage of content

A content item service enables users to upload media for content items to be given to others. The content item service performs operations on uploaded media content, such as transcoding.
Amazon Technologies, Inc.

Future constraints for hierarchical chain of trust

A method of configuring a target domain providing a cryptographic identity for authenticating commands to be executed by an electronic device comprises receiving a domain configuration command, and authenticating the command based on a cryptographic identity provided by an authenticating domain which is an ancestor of the target domain in a hierarchical chain of trust. When authenticated, at least one target domain constraint specified by the command is combined with at least one future constraint specified by the authenticating domain to generate a combined constraint set to be satisfied by commands to be authenticated by the target domain.
Trustonic Limited

Generating cryptographic checksums

A method (400) of generating a cryptographic checksum for a message m(x) is provided. The method is performed by a communication device, such as a sender or a receiver, and comprises calculating (405) the cryptographic checksum as a first function g of a division of a second function of m(x), f(m(x)), modulo a generator polynomial p(x) of degree n, g(f(m(x)) mod p(x)).
Telefonaktiebolaget Lm Ericsson (publ)

Cryptographic hash generation system

A first module divides a string into a number of blocks. A second module associates the blocks with monoid elements in a list of first monoid elements to produce second monoid elements.
Securerf Corporation

Secure data transfer

The disclosure relates to a system, devices and methods for distributing and using a communication scheme to enable secure communication between communication nodes in a network. A method comprises determining, in the network node, a set of available ip addresses and a set of ports, dividing, in the network node, a time frame in time slots, associating, in the network node, each time slot with an ip address, with a port associated with the ip address and with a unique cryptographic key, distributing, from the network node, the communication scheme to the communication node, receiving, in the communication node, the communication scheme and communicating, in the communication node, with another communication node in possession of a corresponding communication scheme by hopping between the ip addresses and ports according to the communication scheme and encrypting the communication using the unique cryptographic key..
Saab Ab

Method and restoring access to digital assets

A method and apparatus may include receiving a request to restore access to digital assets of a digital wallet. The digital assets are accessed via m-number of cryptographic keys.
Conio Inc.

Software protection against differential fault analysis

An encryption module and method for performing an encryption/decryption process executes two cryptographic operations in parallel in multiple stages. The two cryptographic operations are executed such that different rounds of the two cryptographic operations are performed in parallel by the same instruction or the same finite state machine (fsm) state for hardware implementation..
Nxp B.v.

Cryptographic side channel resistance using permutation networks

A method (and structure) includes receiving a challenge for an authentication, in a chip having stored in a memory device therein a secret to be used in an authentication attempt of the chip by an external agent. The chip includes a hardware processing circuit to sequentially perform a processing related to the secret.
International Business Machines Corporation

Shape actuation encapsulant of a cryptographic module

To provide for a physical security mechanism that forms a complete envelope of protection around the cryptographic module to detect and respond to an unauthorized attempt at physical access, a tamper sensing encapsulant generally encapsulates the cryptographic module. The tamper sensing encapsulant includes a first shape actuation layer associated with an electrically conductive first trace element and a second shape actuation layer associated with an electrically conductive second trace element.
International Business Machines Corporation

Methods for treating cryptosporidiosis using triazolopyridazines

Methods for treating or prophylaxis of a cryptosporidium infection using compositions comprising a structure disclosed herein. Also provided are pharmaceutical compositions and kits for alleviating the symptoms of, for treating, or for preventing the occurrence of cryptosporidium infection.
University Of Vermont And State Agricultural College

Systems and methods to authenticate using vehicle

In one aspect, a vehicle includes an engine, a drive train and chassis, a battery, a wireless transceiver, and a vehicle computing system that controls the engine, drive train, chassis, battery, and wireless transceiver. The vehicle computing system includes a cryptographic processor that has program instructions to communicate with a device separate from the vehicle to provide authentication information to the device via the wireless transceiver..
Lenovo (singapore) Pte. Ltd.

Cryptographic evidence of persisted capabilities

Example implementations relate to cryptographic evidence of persisted capabilities. In an example implementation, in response to a request to access a persisted capability stored in a globally shared memory, a system may decide whether to trust the persisted capability by verification of cryptographic evidence accompanying the persisted capability.
Hewlett Packard Enterprise Development Lp

Secure cryptoprocessor for authorizing connected device requests

A computing device described herein utilizes a secure cryptoprocessor of the computing device to compute a response to a request for authorization received from another local or remote device. The secure cryptoprocessor computes the response based on protected authorization credentials stored by the secure cryptoprocessor for one or more devices.
Microsoft Technology Licensing, Llc

Merged video streaming, authorization, and metadata requests

Implementations disclose merged video streaming, authorization, and metadata request. A method includes receiving, by a streaming server, a first request to view a media item from a client device via a connection between the client device and the streaming server, and sending a second request to an authorization server to verify that the client device is authorized to play the media item.
Google Inc.

Thread ownership of keys for hardware-accelerated cryptography

An embedded processor with a cryptographic co-processor operating in a multithreading environment, with inter-thread security for cryptography operations. A secure memory block accessible by the co-processor stores a plurality of key entries, each key entry storing data corresponding to a cryptography key, and a thread owner field that identifies an execution thread is associated with that key.
Texas Instruments Incorporated

Vehicle network interface tool

A vehicle network interface tool electrically connects a computing device to an electronic control unit of a motor vehicle. The vehicle network interface tool includes a vehicle communications port to receive vehicle network data from the electronic control unit of the motor vehicle.

Using dispersal techniques to securely store cryptographic resources and respond to attacks

A dispersed storage network (dsn) includes a dsn memory, which in turn employs multiple distributed storage (ds) units to store encrypted secret material that can be decrypted using an unlock key. The unlock key is stored external to the ds unit, in some cases using multiple data slices dispersed throughout the dsn.
International Business Machines Corporation

Methods and systems for pki-based authentication

Methods, systems, and devices are provided for authenticating api messages using pki-based authentication techniques. A client system can generate a private/public key pair associated with the client system and sign an api message using the private key of the private/public key pair and a pki-based cryptographic algorithm, before sending the signed api message to a server system.

Systems and methods for secure collaboration with precision access management

Systems and methods for secure collaboration enable precise access management. Collaborator permissions are modified in the same manner as a collaborative document.

The event ledger

The present disclosure provides a globally accessible, un-forgeable, and permanent repository of published events in the form of an event ledger. A method according to the present disclosure includes receiving a request from a publisher to publish to an event ledger an event including a name of the publisher, a date and time at which the event occurred, a description of the event, and a cryptographic signature of the event signed using a private key of the publisher, receiving a certificate from the publisher including a public key of the publisher, validating the cryptographic signature of the event using the received certificate, and publishing the event to the event ledger..
International Business Machines Corporation

Systems and methods for operating secure elliptic curve cryptosystems

Various embodiments of the invention implement countermeasures designed to withstand attacks by potential intruders who seek partial or full retrieval of elliptic curve secrets by using known methods that exploit system vulnerabilities, including elliptic operation differentiation, dummy operation detection, lattice attacks, and first real operation detection. Various embodiments of the invention provide resistance against side-channel attacks, such as sample power analysis, caused by the detectability of scalar values from information leaked during regular operation flow that would otherwise compromise system security.
Maxim Integrated Products, Inc.

Secure elliptic curve cryptography instructions

A processor of an aspect includes a decode unit to decode an elliptic curve cryptography (ecc) point-multiplication with obfuscated input information instruction. The ecc point-multiplication with obfuscated input information instruction is to indicate a plurality of source operands that are to store input information for an ecc point-multiplication operation.
Intel Corporation

Chip-based quantum key distribution

There is provided an integrated-optic transmitter for transmitting light pulses to a further optical apparatus for generating a quantum cryptographic key according to at least one quantum cryptography technique. There is also provided an integrated-optic receiver for generating a quantum cryptographic key from light pulses received from a further optical apparatus.
The University Of Bristol

Communication device, communication system, and communication method

According to an embodiment, a communication device includes a storage, a receiver, a storage controller, an allocator, and an encryption processor. The storage has a predetermined number of storage areas capable of storing one or more shared keys shared with a destination device.
Kabushiki Kaisha Toshiba

Massively scalable blockchain ledger

A massively scalable blockchain ledger without scalability issue on each blockchain node and the blockchain ledger itself by partitioning the full value range of the cryptographic hash of the blockchain blocks into a configurable but large number of block buckets and auto-assign and auto-adjust these buckets roughly evenly amongst reliable blockchain mining nodes.. .

System and providing mobile voice, data, and text services to subscribers using cryptocurrency

Implementations of a cryptocurrency mobile services system and method for offering a global roaming and payment procedure is provided. In some implementations, a computer-implemented method for offering these mobile services comprise receiving over a network a plurality of competing offers for mobile services from a plurality of mobile services providers computing devices, respectively.

Protecting application programs from malicious software or malware

A computer system, includes a crypto mechanism that decrypts and integrity-checks secure object information as the secure object information moves into the computer system from an external storage and encrypts and updates an integrity value for secure object information as the secure object information moves out of the computer system to the external storage.. .
International Business Machines Corporation

Policies for secrets in trusted execution environments

A computing device executes one or more trusted execution environment (tee) processes in a tee of a processor. The one or more tee processes cryptographically protect a secret and a policy.
Google Llc

Apparatus and associated authenticating firmware

A firmware authentication element configured to, based on received firmware and predetermined cryptographic authentication information, provide for cryptographic based authentication of the received firmware to control execution of the received firmware by any one of a plurality of processors.. .

Data retention management in databases

An identifying data set is defined including semi-identifying attributes with semi-identifying attribute values corresponding to an entity. Descriptive records corresponding to the semi-identifying attributes are created.
Sap Se

Call center audio redaction process and system

The redaction process/system operates on temporarily captured/saved audio file during an agent-customer-call center (cc) call. Voice-based audio data is captured and processed by monitoring data input from cc-agent into a defined data field (field in a cc-agent-presented form).
Authority Software Llc

Secure node-to-multinode communication

The present disclosure relates to communication sessions between a first node and a plurality of other nodes. Two cryptographic keys are generated.
Kelisec Ab

Secure electronic mail system

An e-mail system is disclosed that overcomes many deficiencies of, but is backward compatible with, existing e-mail systems. Embodiments of the system may include various features, including but not limited to: (1) secure transfer of e-mail messages, without the need for users to replace existing e-mail clients or to change e-mail addresses; (2) tracking of all actions performed in connection with an e-mail transmission; (3) the ability for a recipient to view information about an e-mail message, optionally including information about how other addressees have responded to it, before deciding whether to retrieve the e-mail message; (4) the aggregation of entire e-mail conversations into a single threaded view; (5) the ability to include both private and public messages in a single e-mail communication; (6) sender control over downstream actions performed in connection with an e-mail message; (7) flexible control over cryptographic methods used to encrypt emails messages for storage..
Cirius Messaging Inc.

Multiple secrets in quorum based data processing

Methods are described for constructing a secret key by multiple participants such that any quorum combination of participants can generate a fixed number of key components that can be combined by a recipient to generate the secret key. The methods permit an identical secret key to be generated by a different sized quorum from different participants if required.
Pq Solutions Limited

Method and system for secure fido development kit with embedded hardware

A method for registration of a biometric template in a computing device includes: storing, in a first memory of a computing device, a biometric module; receiving, by an input device of the computing device, biometric data of a user; generating, by the biometric module of the computing device, a template based on the biometric data; generating, by a generation module of the computing device, a cryptographic key pair comprised of a private key and a corresponding public key using an encryption algorithm; encrypting, by an encryption module of the computing device, the generated template using the private key; storing, in a second memory of the computing device, the private key, wherein the second memory is a trusted execution environment; and storing, in the computing device, the encrypted template.. .
Mastercard International Incorporated

Authenticating nonces prior to encrypting and decrypting cryptographic keys

Data security is enhanced by receiving a request that identifies an encrypted data key, an authentication tag, and additional authenticated data that includes at least a nonce. In some cases, the authentication tag is cryptographically derivable from the encrypted data key and the additional authenticated data.
Amazon Technologies, Inc.

Secure authentication of devices without server assistance or pre-shared credentials

Systems and methods for establishing secure communication between electronic devices. In some aspects, at least two computing devices physically interact with each other multiple times, and sensors in each device detect and record the times of the physical interactions.
Idevices, Llc

Communication device, communication method, and communication system

A communication device includes a providing unit, a flow control unit, and a cryptography processing unit. The providing unit provides a cryptographic key generated using quantum key distribution technology.
Kabushiki Kaisha Toshiba

Dynamic cryptocurrency aliasing

Described herein is a system in which temporary aliases may be associated with, and maintained with respect to, cryptocurrency addresses. In some embodiments, the system enables a temporary alias to be used by a mobile application (e.g., a wallet application) in a cryptocurrency transaction.

Processing of financial transactions using debit networks

Methods and systems are disclosed for executing financial transactions between customers and merchants. An identifier of a financial account is received from the customer at a merchant system.
First Data Corporation

Format preserving encryption

Encrypting data without losing their format is important in computing systems, because many parties using confidential data rely on systems that require specific formatting for data. Information security depends on the systems and methods used to store and transmit data as well as the keys used to encrypt and decrypt those data.
Experian Health, Inc.

Systems and methods for dual-ported cryptoprocessor for host system and management controller shared cryptoprocessor resources

In accordance with these and other embodiments of the disclosure, an information handling system may include a host system comprising a host system processor, a management controller communicatively coupled to the host system processor and configured to provide management of the information handling system via management traffic communicated between the management controller and a dedicated management network external to the information handling system, and a cryptoprocessor having a first communications interface to the host system and a second communications interface to the management controller and configured to carry out cryptographic operations on data communicated to the cryptoprocessor from the host system and the management controller such that the cryptoprocessor is accessible to the host system and the management controller.. .
Dell Products L.p.

Network partition handling in fault-tolerant key management system

A method, system, and computer-program product for handling network partitions in a network is provided. For example, a method can include providing a first compute node and a second compute node on the network.
Quintessencelabs Pty Ltd.

Fault-tolerant key management system

A configuration for a key management system is provided for managing cryptographic keys in cryptosystems. The configuration includes the use of database replication to improve the reliability, accessibility, and partition tolerance of the key management system.
Quintessencelabs Pty Ltd.

Precursory client configuration for network access

Methods, systems, and devices for wireless communication are described for precursory client configuration for network access. A configurator station (sta) may receive, from a key management device, an identity key of a client sta and may receive, from the client sta, a network configuration probe that includes a first cryptographic value based at least in part on the identity key and a request for network access.
Qualcomm Incorporated

System and cryptographically signing web applications

Embodiments disclosed herein provide a method that includes receiving, at a client-side web browser, a minimal bootstrap payload from an application server; storing, by a client-side processor, the minimal bootstrap payload in a client-side local cache, where the locally cached minimal bootstrap payload is executed by the client-side processor before executing an application from the application server; the minimal bootstrap payload includes at least one public key and at least one uniform resource location (url) address of an application code payload.. .
Cyph, Inc.

Apparatus, system, and methods for a blockchain identity translator

Blockchain applications can generate public/private key pairs without knowing the true identity of the owner of the private key. Many applications, such as in healthcare or corporate banking, require known identities for legal or regulatory reasons.
Peer Ledger Inc.

Method of retaining transaction context

Methods of transaction authentication are provided. In one such method, at least one first transaction has been conducted, the or each first transaction generating data including first data comprising authentication data and second data identifying the or each first transaction, wherein a given first transaction is between a merchant and a card holder.
Visa Europe Limited

System for rapid tracking of genetic and biomedical information using a distributed cryptographic hash ledger

A hardware device and/or software system providing a method of timestamping, indexing, securing, and transmitting biomedical information (such as dna sequences, patient chart notes, lab tests, diagnoses, radiology results, and similar information) along with metadata associated with this information (such as date, time, author); using a public or private distributed cryptographic hash ledger method to create a stable, tamperproof index that permits auditing and tracing information transit over an or several electronic networks/transmission methods; optionally compressing and/or encrypting information using secure encryption methods such as quantum-safe/quantum-secure/quantum-resilient methods that secures the key and the payload independently, and then storing the information on a local electronic device or computer, such as a dna sequencing machine, or transmitting the information over an electronic network or storing it on a removable device.. .
Novus Paradigm Technologies Corporation

Method and system for enhanced validation of cryptograms in cloud-based systems

A method for enhanced validation of cryptograms for varying account number lengths includes: storing one or more primary account numbers and a plurality of formatting templates, each template being associated with an account number length; receiving a selection indicating a specific primary account number; identifying a specific formatting template where the associated account number length corresponds to a length of the specific primary account number; receiving an unpredictable number from a point of sale device; generating a cryptogram based on at least the unpredictable number and one or more algorithms; generating a data string, wherein the data string includes at least the generated cryptogram, the specific primary account number, and the unpredictable number, and wherein the data string is formatted based on the identified specific formatting template; and electronically transmitting the generated data string to the point of sale device.. .
Mastercard International Incorporated

Systems and methods for delegated cryptography

In some embodiments, an authentication method comprises receiving a request for a digital signature of data from a delegate computer over a secure channel using cryptography to provide authentication, wherein the secure channel comprises at least one wireless communications link; displaying information derived from the data; prompting a user for approval of the request with information derived from the data; in response to receiving approval from the user, creating the digital signature of the data using one or more private keys stored in a key enclave; and sending the digital signature to the delegate computer over the secure channel.. .
Kryptco, Inc.

Resource locators with keys

Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized.
Amazon Technologies, Inc.

Dynamic cryptographic polymorphism (dcp) system and method

Described herein is a method of enhancing the security of an internet transaction which includes the transmission of structurally formatted information, the method including the steps of: transmitting a request for the structurally formatted information across a network environment; receiving the request and sending a formulated response requiring calculation and decoding to determine the nature and content of the structurally formatted information; and receiving the structurally formatted information.. .
Kasada Pty Ltd

Systems and methods for storing administrator secrets in management controller-owned cryptoprocessor

A method may include storing a first set of secrets associated with an information handling system in a credential vault of a management controller configured to be coupled to a processor of a host system of the information handling system in order to provide management of the information handling system via management traffic communicated between the management controller and an external management network such that the first set of secrets are accessible responsive to a verified boot of the management controller and storing a second set of secrets associated with the information handling system in a storage of a cryptoprocessor owned by the management controller such that access to the second set of secrets may be granted in response to an administrator's provision of authorization to the cryptoprocessor, and such that access to the second set of secrets is prevented during runtime of the host system in absence of authorization.. .
Dell Products L.p.

Providing user authentication

In particular embodiments, a computing device accesses a device identifier that is encoded in the hardware of the computing device. The device identifier is used to generate a device key that will uniquely identify the particular computing device.
Facebook, Inc.

Systems and methods for preventing transmitted cryptographic parameters from compromising privacy

A method for secure cryptographic communication comprises transmitting information that identifies a group key from a first device to a second device. The method further comprises, in the first device, using the group key to encrypt an input vector, transmitting the encrypted input vector, encrypting privacy-sensitive information using a device key, an encryption algorithm, and the input vector, and transmitting the encrypted privacy-sensitive information to the second device..
Neology, Inc.

Apparatus and cryptographic operations using enhanced knowledge factor credentials

Provided is a process that includes: authenticating a user based on a sequence of transactions that specify a knowledge factor credential where the knowledge-factor credential is lower entropy than the sequence of user-entered transactions, such that possession of the fully entered knowledge-factor credential, without possession of the sequence of user-entered transactions, does not reveal all of the user-entered transactions by which the fully entered knowledge-factor credential was specified by the user.. .
Univaultage Llc

Method of pushing passwords, pushing system and terminal device

A method of pushing passwords, a pushing system and a terminal device are provided. The method includes establishing a sharing cryptographic library which stores a plurality of application program identification codes, account names and passwords, receiving first biological characteristic information of a user, and simultaneously receiving a push request including second biological characteristic information and a current application program identification code.
Guangdong Oppo Mobile Telecommunications Corp., Ltd.

Security processing engines, circuits and systems and adaptive processes and other processes

An electronic circuit (200) includes one or more programmable control-plane engines (410, 460) operable to process packet header information and form at least one command, one or more programmable data-plane engines (310, 320, 370) selectively operable for at least one of a plurality of cryptographic processes selectable in response to the at least one command, and a programmable host processor (100) coupled to such a data-plane engine (310) and such a control-plane engine (410). Other processors, circuits, devices and systems and processes for their operation and manufacture are disclosed..
Texas Instruments Incorporated

Secure exchange of cryptographically signed records

Systems and methods for securely exchanging cryptographically signed records are disclosed. In one aspect, after receiving a content request, a sender device can send a record to a receiver device (e.g., an agent device) making the request.
Magic Leap, Inc.

System and providing secure collaborative software as a service (saas) attestation service for authentication in cloud computing

An architecture and a method are disclosed for providing secure, scalable, and dynamic user configuration in the distributed network for the cloud computing to provide authentication and authorization for the plurality of the users to use the saas service. The system includes a hierarchical tree structure that configures the cloud-computing model by using the certificate less identity-based cryptography to establish the hierarchical relationship between the participating entities.
Institute For Development And Research In Banking Technology (idrbt)

Cryptographic material sharing among entities with no direct trust relationship or connectivity

A mechanism to share cryptographic material across entities that may not have a direct trust relationship between or among each other, or no network connectivity, or some combination thereof, but where participating entities do share a trust relationship (or trusted connection(s)) with a common entity, sometimes referred to herein as a “conduit” entity. This technique enables such entities to leverage their trust relationship with a common “conduit” entity to share cryptographic material between or among themselves..
Akamai Technologies, Inc.

Protecting polynomial hash functions from external monitoring attacks

Systems and methods for protecting from external monitoring attacks cryptographic data processing operations involving computation of a universal polynomial hash function, such as ghash function. An example method may comprise: receiving an input data block, an iteration result value, and a mask value; performing a non-linear operation to produce a masked result value, wherein a first operand of the non-linear operation is represented by a combination of the iteration result value and the input data block, and the second operand of the non-linear operation is represented by a secret hash value, and wherein one of the first operand or the second operand is masked using a mask value; determining, based on the mask value, a mask correction value; and producing a new iteration result value by applying the mask correction value to the masked result value..
Cryptography Research, Inc.

System and providing transaction verification

A transaction verification process performed by a transaction network operator in communication with a client computing device and a third party provider. A computing device may be equipped with an integrity verification module for verifying the system integrity of the computing device, and a cryptographic module for digitally signing transaction requests.
Google Llc

Adaptive system profile

An approach to generating and regenerating a profile value from features of a system (e.g., a computer system), allows for certain changes of features of the system over time. The system may correspond to a client computer or a particular component of the client computer or a user of a client computer, and may also correspond to a combination of the user (i.e., a biometric characterization of the user) and the client computer or a component of the computer.
Fondazione Universitaria Inuit-"tor Vergata"

Secure elastic storage in a dispersed storage network

A method for execution by a dispersed storage and task (dst) processing unit includes: generating an encoded data slice from a dispersed storage encoding of a data object and determining when the encoded data slice will not be stored in local dispersed storage. When the encoded data slice will not be stored in the local dispersed storage, the encoded data slice is stored via at least one elastic slice in an elastic dispersed storage, cryptographic material and an elastic storage pointer indicating a location of the elastic slice in the elastic dispersed storage are generated, and the cryptographic material and the elastic storage pointer are stored in the local dispersed storage..
International Business Machines Corporation

Method for remote subscription management of an euicc, corresponding terminal

Remote subscription management of an euicc comprising a private key and a public certificate, the public certificate comprising information allowing a subscription manager server to decide if it can agree to manage the euicc. The method includes: establishing a secure channel between the terminal and the subscription manager server by using the public certificate and dedicated cryptographic services of the euicc; sendingto the subscription manager server a subscription management request; verifying, based on the information in the public certificate in the subscription manager server, whether the euicc is entitled to be managed by the subscription manager server and, if yes: performing a key establishment procedure between the subscription manager server and the euicc by using the euicc public certificate; establishing between the subscription manager server and the euicc a secure channel with the established keys; and, executing by the subscription manager server the subscription management request on the euicc..
Gemalto Sa

Enhanced authentication based on secondary device interactions

Enhance authentication techniques may include receiving credential data of a secondary device by a primary device, generating a cryptogram using the credential data of the secondary device, and transmitting the cryptogram to an access device to request for authorization to use an account associated with a user of the primary device. The authorization can be granted based on verification of the cryptogram and an interaction activity pattern of interactions between the primary device and a set of communication devices including the secondary device..
Visa International Service Association

Encryption on computing device

A first component of a cryptographic key is received from a user via a user interface of a user computing device. A second component of the cryptographic key is received via a short-range communication interface that communicatively couples the user computing device to a physically separate storage device.
Data Guard Solutions, Inc.

Leveraging transport-layer cryptographic material

A client application cryptographically protects application data using an application-layer cryptographic key. The application-layer cryptographic key is derived from cryptographic material provided by a cryptographically protected network connection.
Amazon Technologies, Inc.

Binding digitally signed requests to sessions

A client establishes an cryptographically protected communications session and determines information usable to distinguish the session from other sessions. The client digitally signs the information using a cryptographic key that is independent of the session to enable a server to check whether the information matches the session that it established and whether the digital signature is correct.
Amazon Technologies, Inc.

Rfid secure authentication

Authentication systems and methods for a population of devices each associated with an rfid tag are described. For each device, a secret key is combined cryptographically with a publicly-readable unique identifier (uid) of an rfid tag to obtain a unique authorization signature.
Covidien Lp

Methods for secure cryptogram generation

Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. A secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram.

Modular exponentiation with transparent side channel attack countermeasures

A method of implementing security in a modular exponentiation function for cryptographic operations is provided. A key is obtained as a parameter when the modular exponentiation function is invoked.
Qualcomm Incorporated

System and managing cryptocurrency payments via the payment request api

Disclosed is an approach for processing cryptocurrency payments via a payment request application programming interface. A method includes receiving, from a site, at a browser and via the payment request application programming interface, a request associated with a potential purchase, wherein the request includes an identification of a cryptocurrency payment method accepted by the site and transmitting, to the site, from the browser and via the api, data indicating that a user of the browser can pay for the potential purchase via the cryptocurrency payment method accepted by the site.
Monticello Enterprises Llc

Management of authenticated variables

An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein..
Intel Corporation

Booting computer from user trusted device with an operating system loader stored thereon

In an approach to allowing a computer to boot from a user trusted device (utd), the computer comprises a data storage device storing operating system (os) services, and a version of an os loader. The utd is connectable to the computer and stores a boot loader, detectable by a firmware executing at the computer, and an os loader, and wherein the utd prevents an unauthenticated user to modify the boot loader and the os loader stored thereon.
International Business Machines Corporation

Booting a computer from a user trusted device with an operating system loader stored thereon

In an approach to allowing a computer to boot from a user trusted device (utd), the computer comprises a data storage device storing operating system (os) services, and a version of an os loader. The utd is connectable to the computer and stores a boot loader, detectable by a firmware executing at the computer, and an os loader, and wherein the utd prevents an unauthenticated user to modify the boot loader and the os loader stored thereon.
International Business Machines Corporation

Compositions and methods for treating toxoplasmosis, cryptosporidiosis, and other apicomplexan protozoan related diseases

Wherein the variables x, y, z, l, r1, and r3 are defined herein.. .

Cryptographic block identification apparatus, cryptographic block identification method, and non-transitory computer readable recording medium storing cryptographic block identification program

The present invention relates to a cryptographic block identification apparatus which, in order to analyze encryption logic used by malware to conceal communication, identifies a cryptographic block where encryption logic is stored within a program of the malware. The cryptographic block identification apparatus includes a block candidate extraction part and a cryptographic block identification part.
Mitsubishi Electric Corporation

System and cryptographically provable zero knowledge social networking

A social networking system, computer program product, and methods with a personal avatar executing on a first server node and a zero knowledge arbiter executing on a second server node in a network of the social networking system. The personal avatar communicates social networking system messages in a communication session using a zero knowledge protocol with the zero knowledge arbiter executing on the second server node operating in zero knowledge and using zero knowledge verifiable computing to enforce usage conditions on social networking system messages communicated in a communication session with the zero knowledge arbiter.
International Business Machines Corporation

Method and storing context information in a mobile device

A method and apparatus for storing and using context information in a wireless communication network are provided. Context information is encrypted and transmitted to a mobile device for storage.
Huawei Technologies Co., Ltd.

Virtual point of sale

A portable device includes a communication interface to communicate with a consumer endpoint device, and a reader to receive a payment credential of a payment card detected by the portable device, to support a virtual point-of-sale (pos), card present online transaction between the consumer endpoint device and a merchant server. The portable device can establish a secure session with a host system using a cryptographic key, and send an authorization request comprising the payment credential in the secure session with the host system, the authorization request seeking authorization of payment for the online transaction..
Ent. Services Development Corporation Lp

Animated two-dimensional barcode checks

Systems and methods are disclosed to provide an animated 2d barcode check that is used to securely and efficiently transmit financial information between mobile devices. The financial information includes a check written by a payer and transmitted to a merchant.
Paypal, Inc.

Validation and authentication of digital documents issued by an architect

A method and system for authenticating and validating electronic architectural documents. A document approved by a licensed architect has the architects digital seal and signature associated with or inserted into the document file.
Hks, Inc.

Cryptographic key exchange over an electrostatic channel

Various embodiments relating to exchanging a cryptographic key between a display device and an input device via electrostatic communication are disclosed. In one embodiment, an interactive communication device includes one or more electrodes and a radio transceiver.
Microsoft Technology Licensing, Llc

Information processing apparatus, controlling the same, and storage medium

The information processing apparatus stores a cryptographic module and a key that the cryptographic module generated. The information processing apparatus determines whether or not the stored key is a key that a cryptographic module for which integrity is not verified generated.
Canon Kabushiki Kaisha

Password manipulation for secure account creation and verification through third-party servers

A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers.
Airbnb, Inc.

Method for secure communication using asymmetric & symmetric encryption over insecure communications

Data may be protected using a combination of symmetric and asymmetric cryptography. A symmetric key may be generated and the data may be encrypted with the symmetric key.
Sony Interactive Entertainment Inc.

Multiple cryptographic key generation for two-way communication

The embodiments provide a cryptography key for two communicating devices that is based on information known only to the devices. Each of the communicating devices determines the information without communicating key information related to the encryption key with the other.
Microsoft Technology Licensing, Llc

Cryptography method

The embodiments provide cryptography that is performed in each of two communicating devices and is based on information known only to the devices. The information is determined in each of the devices at the time of communications.
Microsoft Technology Licensing, Llc

Cryptography using rf power measurement

The embodiments provide a cryptography key for two communicating devices that is based on information known only to the devices. The information may only be determined by the devices.
Microsoft Technology Licensing, Llc

Optimizing use of hardware security modules

Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.. .
International Business Machines Corporation

Computation of historical data

Secure computation of enterprise data in a cloud is provided, by a third party, such that values and data manipulation processes are encrypted through use cryptographic processes that are secure. A method can comprise performing operations including receiving security data representing an attribute included in a log file, generating encoded attribute data as a function of the attribute, a hash function, or salt data representing an alphanumeric string, and sending the encoded attribute data to a second device..
At&t Intellectual Property I, L.p.

System and processing an online transaction request

A computer server includes a transaction processor that is configured to receive from a pos terminal an incoming authorization request that includes an original numeric value, a token cryptogram and an identification number identifying an identity token; confirm that the token cryptogram was generated from the original numeric value and a cryptographic key associated with the token; determine primary and secondary numeric values from the original numeric value and a user profile associated with the identification number; confirm that the secondary numeric value is not greater than the balance in a loyalty points account associated with the identification number; transmit to an authorization server a revised authorization request that includes the identification number and the primary numeric value; and receive from the authorization server a confirmation message confirming that the primary numeric value is not greater than the balance in a payment account associated with the identification number.. .
The Toronto-dominion Bank

Automated schedule systems and methods

Automated matching, notification, and acceptance/rejection of appointment or opening in a calendar/schedule via network-based systems and methods, including application over social networks and website based connection between users and service providers. Notifications include offers of rewards and/or incentives, which are in the form of discounts, promotions, and/or a currency such as a cryptocurrency..

Secure operation apparatuses and methods therefor

As may be implemented in accordance with one or more embodiments, and apparatus and/or method may involve a first circuit that initiates secure operations by interfacing with a user and providing operation trigger data that is signed cryptographically and secured from alteration, based on the interfacing. A second circuit, including a secure element, stores data secured from access by the first circuit, and executes secure operations separately from operations executed by the first circuit based on one or more commands provided by the first circuit.
Nxp B.v.

Application code hiding apparatus by modifying code in memory and hiding application code using the same

An application code hiding apparatus includes a secret code dividing part, a secret code caller generating part, a code analyzing part, a dummy code generating part, a code encrypting part, a code disposing part, a code decryptor generating part, a disposed code importer generating part, a code loader generating part, a memory inner code modifier generating part and a decrypted code caller generating part.. .
Soongsil University Research Consortium Techno-park

Application-driven storage systems for a computing system

Systems and methods that allow secure application-driven arbitrary compute in storage devices in a cloud-based computing system are provided. A computing system including a compute controller configured to: (1) provide access to host compute resources, and (2) operate in at least one of a first mode or a second mode is provided.
Microsoft Technology Licensing, Llc

Method for key rotation

A method for key rotation includes initiating key rotation for a user account of a multi-factor authentication platform enabling one-time password authentication using a first symmetric cryptographic key; generating, at an authenticating device, a second symmetric cryptographic key; transmitting, at the authenticating device, the second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.. .
Duo Security, Inc.

Secure transfer and use of secret material in a shared environment

Aspects related to the secure transfer and use of secret material are described. In one embodiment, an encrypted secret key and encrypted revocation data are imported into a trusted execution environment and decrypted with private provider and vendor keys.
Amazon Technologies, Inc.

Perimeter encryption

Encryption keys for an enterprise are stored at a perimeter device such as a gateway, and rules are applied at the network perimeter to control whether and how these keys are used for cryptographic processing of communications passing through the perimeter device. The encrypted status of communications, e.g.
Sophos Limited

Pufs from sensors and their calibration

Several methods may be used to exploit the natural physical variations of sensors, to generate cryptographic physically unclonable functions (puf) that may strengthen the cybersecurity of microelectronic systems. One method comprises extracting a stream of bits from the calibration table of each sensor to generate reference patterns, called puf challenges, which can be stored in secure servers.
Arizona Board Of Regents Acting For And On Behalf Of Northern Arizona University

Secure communication of iot devices for vehicles

Method for establishing secure communication between a plurality of iot devices in one or more vehicles include: provisioning the plurality of iot devices by providing a unique identification, a digital identity token and a cryptographic key to each of the plurality of iot devices; establishing a secure communication line between the plurality of iot devices by authenticating respective communication lines between respective iot devices and issuing a digital certificate to the respective communication lines; grouping the plurality of iot devices into different groups based on a predetermined criteria; and including a group membership for a group of the different groups in an attribute certificate indicating group characterization.. .
T-central, Inc.

Numeric pattern normalization for cryptographic signatures

A system for numeric pattern normalization for cryptographic signatures is provided. The system includes a resolving client, and an at least one signature server.
Centurylink Intellectual Property Llc

Multi-hop secure content routing based on cryptographic partial blind signatures and embedded terms

At a transmitter node, a commitment value c is obtained as a function of a message m. The commitment value c and transmitter terms of use ta for the message m are then sent to a receiver node without disclosing the message m.
Qualcomm Incorporated

Token and cryptogram using transaction specific information

Systems and methods for token processing are disclosed. An access device can provide access device data to a mobile communication device.
Visa International Service Association

Controlling verification of key-value stores

Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (um) is controlled. The controlling includes generating a request for a data operation on the set of data.
Microsoft Technology Licensing, Llc

Cryptographic key production from a physical unclonable function

Some embodiments are directed to an electronic cryptographic device configured to determine a cryptographic key. The cryptographic device has a physically unclonable function, a debiasing unit, and a key reconstruction unit.
Intrinsic Id B.v.

System and methods for opportunistic cryptographic key management on an electronic device

A system and method for opportunistic cryptographic key management includes generating a security capability assessment on a first electronic device based on security capabilities of the device, selecting a key management mode based on the security capability assessment, generating a cryptographic key based on the key management mode, and storing the cryptographic key based on the key management mode.. .
Duo Security, Inc.

Method and system for group-oriented encryption and decryption with selection and exclusion functions

A method and system for group-oriented encryption and decryption that supports the implementation of the designation and revocation functions of decryption users in a large-scale group. During the encryption, the system acquires a corresponding aggregate function according to an encryption mode; acquires any selected subset s and public parameters, and outputs an aggregate value of the subset s; generates a ciphertext of to-be-transmitted information according to the public parameters, a to-be-transmitted message and the aggregate value; acquires the encryption mode and the subset s comprised in the received ciphertext, operates the subset s and an identity of a current decryptor according to the encryption mode, and outputs a new subset s′; acquires an aggregate function corresponding to the encryption mode during the decryption; outputs an aggregate value of the new subset s′; and decrypts the received ciphertext according to the public parameters and the aggregate value, so as to obtain the to-be-transmitted information..
University Of Science And Technology Beijing

Dual-mode processing of cryptographic operations

Systems and methods for dual mode hardware acceleration for cryptographic operations are provided. According to one embodiment, data upon which a cryptographic operation is to be performed is receive by a computer system that includes a host cpu and a cryptographic hardware accelerator.
Fortinet, Inc.

Clock computing machines

A new computational machine is invented, called a clock machine, that is a novel alternative to computing machines (digital computers) based on logic gates. In an embodiment, computation is performed with one or more clock machines that use time.

Electronic voting system

A method is described that involves creating a private key and a public key cryptographic key pair, generating a unique and random identifier for a voter's vote and accepting an election vote from said voter. The vote and identifier are electronically signed with the private key to create a digital signature.

Provisioning account numbers and cryptographic tokens

Disclosed herein are systems and methods for real-time provisioning of new card numbers to users of a consumer computing system. A consumer computing system (“ccs”) may have servers and databases situated within a banking infrastructure in order to provide various features to users via a software application executed by a client device.
Square, Inc.

Method for encrypting transactions at a dynamic transaction card

One variation of a method for controlling a dynamic transaction card includes: at a first time, accessing a first cryptogram; at a second time, establishing a wireless connection with a mobile computing device; in response to establishing the wireless connection with the mobile computing device, accessing a first token associated with the first cryptogram from the mobile computing device via the wireless connection; generating a first magnetic stripe sequence command representing the first cryptogram and the first token; and in response to detecting a magnetic stripe card reader proximal a magnetic stripe emulator integrated into the dynamic transaction card at a third time succeeding the second time, driving the magnetic stripe emulator according to the first magnetic stripe sequence command.. .
Cardlab Aps.

System and forming, storing, managing, and executing contracts

A system and method for computable contracts that includes a contract management system accessible by involved parties, managing a formation stage of a contract document by obtaining object components, assembling a contract object graph from the object components, and committing the contract object graph to post formation execution; and in an execution environment during a post-formation stage, executing the contract object graph where instances of execution include receiving a contract state update, and appending at least one update object component to the contract object graph in accordance with the contract state update. Variations of the system and method may apply peer-to-peer negotiation and execution, use a cryptographic directed acyclic contract object graph, and/or interface with distributed ledgers..
Clause, Inc.

Secure crypto module including security layers

An electromagnetic radiation (emr) receiver is located upon a printed circuit board (pcb) glass security layer. Emr flux is transmitted by the glass security layer and received by the emr receiver.
International Business Machines Corporation

Parallel and hierarchical password protection on specific document sections

The present disclosure involves systems and computer implemented methods for protecting portions of electronic documents. An example method includes receiving a request for access to an electronic file having sections, at least one section encrypted using a first key based on a first password.
Sap Se

Method and system of using a local hosted cache and cryptographic hash functions to reduce network traffic

The described method and system enables a client at a branch office to retrieve data from a local hosted cache instead of an application server over a wan to improve latency and reduce overall wan traffic. A server at the data center may be adapted to provide either a list of hashes or the requested data based on whether a hosted cache system is enabled.
Microsoft Technology Licensing, Llc

Systems and methods for tracking controlled items

According to the present disclosure, a method for tracking a controlled item can include transforming a genetic code with a cryptographic hash function into a core code. The core code can be associated with a label code and a weight.

Heating device utilizing computational or processing components

A heating unit and a heating system are provided that utilize computational and/or processing components to generate and deliver varying levels of heat. The disclosed heating unit/system beneficially captures heat that is a byproduct of other activities, e.g., computing activities, for heating purposes.

Cryptographic signature system and related systems and methods

The disclosed devices, systems, and methods relate to a validation system which can be used to authenticate photos and videos. The system can have various steps including; a user taking a photo or video, sensor data being collected by a processing system, the sensor data being hashed to create a cryptographic signature, and the cryptographic signature being stored.
Praxik, Llc

Cryptographic primitive for user authentication

A method of biometric authentication includes receiving a biometric input from a user for authentication of the user to access a system. The method includes receiving a set of elements of a field and a random number from an authentication server via a network.
Fujitsu Limited

Unique token authentication cryptogram

Embodiments of the invention are directed to systems and methods for validating transactions using a cryptogram. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a communication device provisioned with a token.

Method and cryptographic conversion in a data storage system

When data is encrypted and stored for a long time, encryption key(s) and/or algorithm(s) should be updated so as not to be compromised due to malicious attack. To that end, stored encrypted data is converted in the storage system with new set of cryptographic criteria.
Hitachi, Ltd.

Password-based generation and management of secret cryptographic keys

A user computer generates a secret cryptographic key through communication with a server. A secret user value is provided at the user computer.
International Business Machines Corporation

Key derivation for a module using an embedded universal integrated circuit card

A module with an embedded universal integrated circuit card (euicc) can include a received euicc profile and a set of cryptographic algorithms. The received euicc profile can include an initial shared secret key for authentication with a wireless network.
M2m And Lot Technologies, Llc

Secure circuit for encryption key generation

Techniques are disclosed relating to relating to a public key infrastructure (pki). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism.
Apple Inc.

Secure circuit for encryption key generation

Techniques are disclosed relating to relating to a public key infrastructure (pki). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism.
Apple Inc.

Establishing entropy on a system

Servers in datacenters, mobile devices and virtualized servers without human interaction may experience difficulties in establishing entropy in a virtualized computing environment. Entropy is an important foundation for cryptography and a lack of entropy has led to weaknesses that can be used to break cryptographic systems in the past..
Amazon Technologies, Inc.

Digital asset account management

Systems and methods related to a cryptocurrency system that enables transactions to be performed by transferring digital assets corresponding to amounts between appropriate entities are described. The cryptocurrency system includes a digital assets service provider computer that can host digital asset accounts associated with consumers and resource providers at which digital assets can be received.

System and cryptographically verified data driven contracts

A system and method are disclosed that methodologies concerning cryptographically verified blockchain-based contract data inputs and off-chain side-effects. The system and method provide a deterministic and cryptographically verifiable chain of transactions, recorded on a blockchain (distributed ledger) system.
Pokitdok, Inc.

Encrypted memory access using page table attributes

Encrypted memory access using page table attributes is disclosed. One example is a memory system including a memory controller at a memory interface.
Hewlett Packard Enterprise Development Lp

Notifications in a computer system

Certain embodiments provide means for managing automated access to computers, e.g., using ssh user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, kerberos credentials, and cryptographic keys.
Ssh Communications Security Oyj

Extracting information in a computer system

Certain embodiments provide means for managing automated access to computers, e.g., using ssii user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, kerberos credentials, and cryptographic keys.
Ssh Communications Security Oyj

Validation for requests

A customer can demonstrate control over an element, such as a domain, by receiving a certificate from a certificate authority. After receiving a request for a certificate for a certain domain name, the certificate authority uses a public key cryptography protocol to generate a request for information regarding the domain name.
Amazon Technologies, Inc.

Method and system for an efficient shared-derived secret provisioning mechanism

Embodiments of systems and methods disclosed herein include an embedded secret provisioning system that is based on a shared-derivative mechanism. Embodiments of this mechanism use a trusted third-party topology, but only a single instance of a public-private key exchange is required for initialization.
Rubicon Labs, Inc.

Secured data transmission using identity-based cryptography

A system is provided for secure data transmission. The system stores a public master key, private decryption key and secure messaging module for securely transmitting and receiving a digital model data file for transmission via a work order message.
The Boeing Company

System and accelerating cryptography operations on a portable computing device

Systems, methods, and computer programs are disclosed for accelerating cryptography operations on a portable computing device. One such method comprises receiving a request for a processor on a portable computing device to execute a cryptography algorithm.
Qualcomm Incorporated

Managing verifiable, cryptographically strong transactions

A central service provider manages verifiable and cryptographically strong transactions in a block chain network. For each transaction, the central service provider maintains and updates one or more directed graphs that describe the traceable positions of an asset held by parties of the block chain network.
The Bank Of New York Mellon

Authentication via group signatures

Methods and systems are provided for authenticating a message μ, at a user computer of a group signature scheme, to a verifier computer. The method includes, at the user computer, storing a user id m for the user computer and a user signing key which comprises a signature on the user id m under a secret key of a selectively-secure signature scheme.
International Business Machines Corporation

Distributed, centrally authored block chain network

A central service provider manages and writes transaction details to a private block chain network. Blocks of transaction records written onto the block chain by the central service provider are distributed to members of the block chain, thereby enabling data resiliency and self-verifiability.
The Bank Of New York Mellon

Generation of hash values within a blockchain

Provided is a process including: obtaining a plurality of records to be protected; forming a tamper-evident log configured to prevent an attacker from undetectably modifying any of the plurality of records stored in the tamper-evident log, wherein the cryptographic hash value of a given entry in the tamper-evident log is sequence agnostic to the sequence of entries in virtue of being based on values that do not specify a position in the sequence of entries; and storing the tamper-evident log in memory.. .
Altr Solutions, Inc.

Replaceable item authentication

A replaceable item for a host device includes a non-volatile memory and logic. The non-volatile memory stores passwords or authentication values, and/or a cryptographic key.
Hewlett-packard Development Company, L.p.

Proofs of plaintext knowledge and group signatures incorporating same

Systems and methods are provided for proving plaintext knowledge of a message m, encrypted in a ciphertext, to a verifier computer. The method includes, at a user computer, encrypting the message m via a predetermined encryption scheme to produce a ciphertext u, and generating a plurality l of challenges ci, i=1 to l, dependent on the ciphertext u.
International Business Machines Corporation

Block cryptographic encrypting/decrypting messages and cryptographic devices for implementing this method

A block cipher method and apparatus using round repetition for providing, from a plaintext message, a ciphertext message and a global tag is disclosed; the plaintext message is converted into a plurality of ordered plaintext blocks which are successively processed during a round for computing: a cryptogram by encrypting input data using a single cryptographic key, said cryptogram comprising a first segment and a second segment; a ciphertext block by performing a first operation using, as operands: said first segment said current plaintext block and said second segment; at each next round said input data is newly determined based on the current ciphertext block and an updated reproducible data; the ciphertext message is determined by concatenating the ciphertext blocks and the global tag by a second operation using computed authentication local tags as operands.. .
Nagravision S.a.

Mutable secure communication

Secure communication provides data confidentiality, data integrity, and authentication. In one embodiment, encryption and signatures are used to construct a signcryption, which provides confidentiality and integrity.

Iterative encryption and random generation and serialization of cryptographic functions

Cryptography provides a wide variety of functions. For example, encryption provides data confidentiality and signatures provide data integrity.

Virtual currency exchange management

According to an example for virtual currency exchange management, a list of virtual currencies that can be exchanged between a first application and a second application is determined, and a virtual currency exchange rate between a first virtual currency in the first application and a second virtual currency in the second application is calculated. The user is authenticated to the first and second application, and in the event that authentication is successful, the first virtual currency associated with the user is decremented based on the exchange rate and the second virtual currency associated with the user is incremented based on the exchange rate.
White Shoe Media, Inc.

Systems and enabling secure transaction

Embodiments of the present invention provide systems and methods of generating a secure transaction, particularly when the transaction is made using a mobile computing device. This is achieved by eliminating the need for cryptographic keys to be stored on the mobile computing device, by firstly creating a strong link between users and their devices, and storing this pre-defined link with a trusted authentication service (i.e.
Cryptomathic Ltd

Embedding cloud-based functionalities in a communication device

Techniques for enhancing the security of a communication device may include providing an application agent and a transaction application that executes on a communication device. The application agent may receive, from the application, a cryptogram key generated by a remote computer, and store the cryptogram key on the communication device.

Reliability enhancement methods for physically unclonable function bitstring generation

A hardware-embedded delay physical unclonable function (“help puf”) leverages entropy by monitoring path stability and measuring path delays from core logic macros. Reliability and security enhancing techniques for the help puf reduce bit flip errors during regeneration of the bitstring across environmental variations and improve cryptographic strength along with the corresponding difficulty of carrying out model building attacks.

Technologies for trusted i/o with a channel identifier filter and processor-based cryptographic engine

Technologies for trusted i/o include a computing device having a processor, a channel identifier filter, and an i/o controller. The i/o controller may generate an i/o transaction that includes a channel identifier and a memory address.
Intel Corporation

Technologies for trusted i/o protection of i/o data with header information

Technologies for trusted i/o include a computing device having a hardware cryptographic agent, a cryptographic engine, and an i/o controller. The hardware cryptographic agent intercepts a message from the i/o controller and identifies boundaries of the message.
Intel Corporation

Authentication and control of encryption keys

An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword.
Apple Inc.

Method for processing data

Method for processing data, in which a petri net is encoded, written into a memory and read and executed by at least one instance, wherein transitions of the petri net read from at least one tape and/or write on at least one tape symbols or symbol strings, with the aid of at least one head. [fig.
Whitecryption Corporation

Ensuring data integrity of executed transactions

A central service provider manages a blockchain network that writes the cryptographic hash of each executed transaction in a block to the blockchain network. For each executed transaction, the central service provider generates and transmits a transaction receipt such that a party can verify that the transaction was appropriately executed.
The Bank Of New York Mellon

Method and causing a delay in processing requests for internet resources received from client devices

A method and apparatus for causing a delay in processing requests for internet resources received from client devices is described. A server receives from a client device a request for a resource.
Cloudflare, Inc.

Malicious client detection based on usage of negotiable protocols

A destination server communicates with a computer system using cryptographically protected communications utilizing a first negotiable feature. The destination server detects a triggering event and, in response to the triggering event, causes the cryptographic protected communications with the computer system to change from the first negotiable feature to a second negotiable feature.
Amazon Technologies, Inc.

Method and system for facilitating secure communication

According to a first aspect of the present disclosure, a method for facilitating secure communication in a network is conceived, comprising: encrypting, by a source node in the network, a cryptographic key using a device key as an encryption key, wherein said device key is based on a device identifier that identifies a destination node in the network; transmitting, by said source node, the encrypted cryptographic key to the destination node. According to a second aspect of the present disclosure, a corresponding non-transitory, tangible computer program product is provided.
Nxp B.v.

System for cryptographic key sharing among networked key servers

A technique for key sharing among multiple key servers connected to one another over a communication network is provided herein. Each key sever of the multiple key servers stores respective cryptographic keys, and provides the keys to a local device group connected with the key server, to enable the device group to encrypt messages with the keys.
Cisco Technology, Inc.

Authenticated device-based storage operations

Data storage operation commands are digitally signed to enhance data security in a distributed system. A data storage client and a compute-enabled data storage device may share access to a cryptographic key.
Amazon Technologies, Inc.

Method and system for cryptographic decision-making of set membership

A cryptographic decision-making of set membership is a method or system which make a secure decision-making for positive membership e∈s or negative membership e∉s in an unforgeable and non-repudiation way for any element e and a set s. The proposed method of the present invention comprises: acquire a set u={e1, .
University Of Science And Technology Beijing

Cryptography on an elliptical curve

A cryptographic calculation includes obtaining a point p(x,y) from a parameter t on an elliptical curve y2=f(x); and from polynomials x1(t), x2(t), x3(t) and u(t) satisfying: f(x1(t))·f(x2(t))·f(x3(t))=u(t)2 in fq, with q=3 mod 4. Firstly a value of the parameter t is obtained.

Secure in-band upgrade using key revocation lists and certificate-less asymmetric tertiary key pairs

A method includes securely booting a device using a bootloader, where the bootloader is digitally signed using a first cryptographic key associated with the bootloader. The method also includes executing one or more kernel or user applications using the device, where the one or more kernel or user applications are digitally signed using one or more second cryptographic keys associated with the one or more kernel or user applications.
Honeywell International Inc.

Fuel dispenser utilizing tokenized user guidance and prompting for secure payment

A fuel dispenser comprises fuel flow piping defining a flow path from a source of fuel toward a fueling nozzle. A plurality of fuel handling components are disposed along the fuel flow piping.
Gilbarco Inc.

Cryptographic separation of users

Techniques are disclosed relating to securely storing data in a computing device. In one embodiment, a computing device includes a secure circuit configured to maintain key bags for a plurality of users, each associated with a respective one of the plurality of users and including a first set of keys usable to decrypt a second set of encrypted keys for decrypting data associated with the respective user.
Apple Inc.

Efficient implementation for differential privacy using cryptographic functions

The system described may implement a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations of the system may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol.
Apple Inc.

Accessory authentication for electronic devices

Improved techniques to control utilization of accessory devices with electronic devices are disclosed. The improved techniques can use cryptographic approaches to authenticate electronic devices, namely, electronic devices that interconnect and communicate with one another.
Apple Inc.

Application code hiding apparatus using dummy code and hiding application code using the same

An application code hiding apparatus includes a secret code dividing part, a secret code caller generating part, a code analyzing part, a dummy code generating part, a code encrypting part, a code disposing part, a code decryptor generating part, a loader generating part, a decrypted code caller generating part and an unloader generating part. The secret code dividing part divides an application code into a secret code and a normal code.
Soongsil University Research Consortium Techno-par K

Proving digital photograph authorship using ecg biometrics

Techniques for proving digital photograph authorship using ecg biometrics are described. Electrodes are located on the exterior of a digital camera and are electrically coupled to an ecg circuit.
Intel Corporation

Method and management server for revoking group server identifiers of compromised group servers

Method and management server for revoking group server identifiers of compromised group servers. One method includes determining, with a management server, an identity-based cryptographic signing key based on a group server identifier.
Motorola Solutions, Inc.

Method and server for issuing cryptographic keys to communication devices

Method and server for issuing a cryptographic key. One method includes distributing a first group key to a first communication device and a second communication device.
Motorola Solutions, Inc.

Root of trust of geolocation

A root-of-trust of geolocation is provided for an apparatus that includes a trust anchor module with a cryptographic processor and a secure memory. The apparatus further includes a main processor coupled to the trust anchor module and configured to receive a digital geolocation certificate, the geolocation certificate including information identifying the apparatus, information regarding a physical location of the apparatus, information identifying an authorized entity that has verified the physical location of the apparatus, and a digital signature of the authorized entity.
Cisco Technology, Inc.

A the verification of the correct content of an encoded message

The method comprising: a) receiving, by an encoding module computer device (103), from a user (100), a message (101) including a content to be encoded; b) generating, by the encoding module (103), a generated encoding (104) of the content of the provided message (101) using encoding information (112); c) sending, by the encoding module computer device (103), the generated encoding (104) to a reception module computer device (106) and verifying, by the reception module computer device (106), that the generated encoding (104) corresponds to the encoding of the content of the message (101) by using a generated verification information (105) and public information (107), wherein the at least one code (102) having a cryptographic relationship with the public information (107) and the message (101), and the public information (107) and the message (101) having a cryptographic or a public relationship.. .
Scytl Secure Eletronic Voting, Sa

Cryptographic applications for a blockchain system

A method is provided for delegating behavior of a smart contract associated with a blockchain to code that is not part of the blockchain. A system directs execution by a virtual machine of the smart contract.
Microsoft Technology Licensing, Llc

Method, server, and communication device for updating identity-based cryptographic private keys of compromised communication devices

Method, server, and communication device for updating identity-based cryptographic private keys of compromised communication devices. One method includes receiving, at a server, a security status indicating that the security of a first communication device has been compromised.
Motorola Solutions, Inc.

Using everyday objects as cryptographic keys

This disclosure involves the notion of using physical objects to generate public key-based authenticators and, in particular, to use “everyday” physical objects to create a generator seed for a key generator that will use that seed to generate a key pair comprising a public key, and its associated private key. In a preferred approach, the physical object is used to create a digital representation (of the physical object) that, together with some uniqueness associated to the user, gives rise to a key generator seed value.
International Business Machines Corporation


A method for tracking relationships between binaries and their associated characteristics using a universal identifier applicable to innumerable verticals (eg. Health care, manufacturing, it, multimedia, genomics, etc.) and storing said universal identifier in a cryptographic currency block chain..

Single clock cycle cryptographic engine

One embodiment provides an apparatus. The apparatus includes a cryptographic engine to encrypt or decrypt a 64-bit input data block based, at least in part, on a 128-bit input key.
Intel Corporation

Hardened white box implementation 2

A processor device has an executable implementation of a cryptographic algorithm implemented being white-box-masked by a function f. The implementation comprises an implemented computation step s by which input values x are mapped to output values s=s[x], and which is masked to a white-box-masked computation step t′ by means of an invertible function f.
Giesecke & Devrient Gmbh

Modular security control device

A modular security control device for controlling an apparatus or an installation includes a basic control apparatus which is configured such that an apparatus or an installation which is at least connectable to the basic control apparatus is at least controllable via a sequence of a control program in the basic control apparatus, and includes a security module which is configured to provide or perform a cryptographic functionality for the basic control apparatus, where the security module is connected to the basic control apparatus by a data connection via a data interface, the basic control apparatus is configured to interact with the security module to achieve a security function of the security control device, and where the basic control apparatus is configured to query an identity and/or authenticity of the security module.. .
Siemens Aktiengesellschaft

Data owner controlled data storage privacy protection technique

This patent describes methods which allow the primary owners of sensitive data to retain more access control over the data they share with secondary service providers, even when the secondary service provider electronically stores some form of this information in a service provider maintained database. When these methods are applied by both data owner and service provider the data can only be accessed and used by the service provider during data owner controlled access sessions.

Cluster federation and trust in a cloud environment

An improved scalable object storage system allows multiple clusters to work together. In one embodiment, a trust and federation relationship is established between a first cluster and a second cluster.
Rackspace Us, Inc.

Public key infrastructure based on the public certificates ledger

Systems and methods for managing public key certificates and supporting the users thereof. The certificates are cryptographically encapsulated objects that bind the identities of their owners to public keys and provide digital signature mechanisms for other users to verify the binding and correctness of other attributes of the certificate.
Business Information Exchange System Corp.

Signing key log management

Cryptographic keys can include logging properties that enable those keys to be used only if the properties can be enforced by the cryptographic system requested to perform one or more actions using the keys. The logging property can specify how to log use of a respective key.
Amazon Technologies, Inc.

Communications security systems and methods

Various examples are directed to systems and methods for communications security. For example, a computing device may generate a connection between the computing device and a client device.
Intel Corporation

Computing system having an on-the-fly encryptor and an operating method thereof

A path for transmitting encrypted data is completely separated from a path for transmitting unencrypted data. To this end, a virtual secure memory is created on an address space.
Samsung Electronics Co., Ltd.

Apparatus and data encryption, data decryption

Disclosed are an apparatus and method for data encryption and an apparatus and method for data decryption. The data encryption apparatus includes a key exchanger configured to generate a session key using a key exchange protocol, a cipher key generator configured to generate at least one of a cipher key and a key table from the session key, and an encryptor configured to encrypt data with the at least one of the cipher key and the key table generated from the session key..
Samsung Sds Co., Ltd.

Cryptographic system and method

A system for cryptographic processing comprises message unit (1, 7, 12) for providing a first message representation (3, 6, 11), wherein the first message representation is a representation of a message. The system comprises key unit (2) for providing a key representation (4, 9, 14), wherein the key representation is an encrypted representation of a first key of a first cryptographic algorithm and a second key of a second cryptographic algorithm, wherein the first cryptographic algorithm is different from the second cryptographic algorithm.
Koninklijke Philips N.v.

Crypto topics:
  • Digital Signature
  • Hash Function
  • Private Key
  • Public Key
  • Computer Program
  • Certificate
  • Coordinates
  • Camera Module
  • Executable
  • Network Device
  • Access Rights
  • Cell Phone
  • Network Server
  • Hypertext Transfer Protocol
  • Virtual Private Network

  • Follow us on Twitter
    twitter icon@FreshPatents


    This listing is a sample listing of patent applications related to Crypto for is only meant as a recent sample of applications filed, not a comprehensive history. There may be associated servicemarks and trademarks related to these patents. Please check with patent attorney if you need further assistance or plan to use for business purposes. This patent data is also published to the public by the USPTO and available for free on their website. Note that there may be alternative spellings for Crypto with additional patents listed. Browse our RSS directory or Search for other possible listings.


    file did exist - 11166

    1 - 1 - 255