公开(公告)号：US20240364537A1

公开(公告)日：2024-10-31

申请号：US18771365

申请日：2024-07-12

Applicant: Comcast Cable Communications, LLC

Inventor： Ross GILSON

IPC: H04L9/32 ,  G06F12/0813 ,  G06F12/0864 ,  G06F12/14 ,  H04L9/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/40

CPC classification number: H04L9/3247 ,  G06F12/0813 ,  G06F12/0864 ,  G06F12/1408 ,  H04L9/0618 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/3239 ,  H04L63/0471 ,  H04L63/061 ,  G06F2212/1052 ,  G06F2212/6032 ,  H04L9/50 ,  H04L2209/603

Abstract: Systems and methods are described for managing digital rights. A transaction may be generated and may comprise an identifier and a decryption key. The decryption key may be configured to decrypt at least a portion of an encrypted content asset accessible by one or more user devices. The transaction may be caused to be stored in a distributed database.

公开(公告)号：US12101304B2

公开(公告)日：2024-09-24

申请号：US17552600

申请日：2021-12-16

Applicant: Bank of America Corporation

Inventor： Neha Joshi ,  Linda Haddad ,  Katherine Jameson ,  Lauren K. Alleman

IPC: H04L9/40 ,  H04L51/42

CPC classification number: H04L63/0471 ,  H04L51/42

Abstract: Apparatus and methods disclosed herein provide technical solutions improving the security of email messages. An email message may be encrypted so that a predetermined passcode is not required to access the email message. Apparatus and methods may route email messages through a remote portal. The email message may only be transmitted to the recipient via the portal. In some instances, the contents of an email message may not be transmitted from the portal to the recipient. Rather, the recipient may only access the email message from within the portal. Such restricted access may be preferably less complex because the recipient's computer terminal may automatically connect to the portal.

公开(公告)号：US12095822B2

公开(公告)日：2024-09-17

申请号：US17403558

申请日：2021-08-16

Applicant: Citrix Systems, Inc.

Inventor： Abhishek Chauhan

IPC: H04L9/40 ,  G06F21/62

CPC classification number: H04L63/205 ,  G06F21/6245 ,  H04L63/0471 ,  H04L63/10 ,  H04L63/0263

Abstract: Embodiments described include a method for implementing a privacy policy by a device intermediary to a plurality of clients and one or more servers. The method can include identifying, by a device intermediary to a plurality of clients and one or more servers, network traffic of a user that has not selected an option of a plurality of options of a privacy policy managed by the device. The method can include receiving, by the device, an indicator of a selection by the user of the option from the plurality of options of the privacy policy. The method can include handling, by the device, network traffic of the user according to the selected option of the privacy policy.

公开(公告)号：US12088569B1

公开(公告)日：2024-09-10

申请号：US18100312

申请日：2023-01-23

Applicant: The Government of the United States as represented by the Director, National Security Agency

Inventor： Joshua E. Cline ,  Dan A. DeVries ,  William J. Layton ,  Zachary Smith ,  Brendan S. Surrusco ,  Andrew H. White ,  David F. Wiecek ,  Mitchell E. Buchman

IPC: H04L9/40 ,  G06F21/60 ,  H04L45/74 ,  H04W28/06

CPC classification number: H04L63/0471 ,  G06F21/602 ,  H04L45/74 ,  H04L63/0272 ,  H04W28/06

Abstract: The present invention provides an encrypting device including an encryption unit and a communications unit. Paired encrypting devices allow for communication of trusted data between trusted devices over an untrusted network. Data received by the encryption unit is encrypted and provided with a connectionless header for delivery to the communications unit. Data received by the communications units is provided with a complex header for delivery to the paired encrypting device. The encrypting devices may be implemented in hardware or may be virtualized on a server or a plurality of severs. Arrangement of the encrypting devices in a hub-and-spoke topology allows for communication amongst a plurality of trusted devices. The encrypting devices can be used to covert commercially available equipment suitable for high assurance environments.

公开(公告)号：US11956223B2

公开(公告)日：2024-04-09

申请号：US17333184

申请日：2021-05-28

Applicant: Journey.ai

Inventor： Brett Shockley ,  Alexander John Shockley ,  Michael Joseph Frendo ,  Shmuel Shaffer ,  Kenneth Keiter ,  James M. Behmke

IPC: H04L29/06 ,  G06F3/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/64 ,  G06Q20/38 ,  G06Q20/40 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L63/0471 ,  G06F3/062 ,  G06F3/0655 ,  G06F3/067 ,  G06F21/602 ,  G06F21/62 ,  G06F21/645 ,  G06Q20/38215 ,  G06Q20/3829 ,  G06Q20/383 ,  G06Q20/401 ,  H04L9/0643 ,  H04L9/0819 ,  H04L9/0825 ,  H04L9/083 ,  H04L9/0833 ,  H04L9/0891 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3218 ,  H04L9/3236 ,  H04L9/3242 ,  H04L9/3247 ,  H04L9/3263 ,  H04L9/3265 ,  H04L9/3268 ,  H04L63/0421 ,  H04L63/0442 ,  H04L63/083 ,  H04L63/101 ,  H04L63/102

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

公开(公告)号：US20240106811A1

公开(公告)日：2024-03-28

申请号：US18340667

申请日：2023-06-23

Applicant: Comcast Cable Communications, LLC

Inventor： Charles A. Helfinstine

IPC: H04L9/40 ,  H04L9/32 ,  H04L67/02 ,  H04L67/52

CPC classification number: H04L63/0471 ,  H04L9/3268 ,  H04L63/0428 ,  H04L63/0478 ,  H04L63/166 ,  H04L67/02 ,  H04L67/52

Abstract: A privacy gateway may communicate with user devices located at a plurality of premises. The privacy gateway may receive a data packet, from one of the user devices, indicating destinations, such as other computing devices, located external to the premises. The privacy gateway may decrypt at least a portion of the data packet to determine that at least a portion of data in the packet is associated with the user device. The privacy gateway may remove the data associated with the user device from the data packet and replace the removed data with data associated with the privacy gateway. The privacy gateway may send the data packet with the replaced data to a destination device. The privacy gateway may receive a response to the data packet from the destination device. The privacy gateway may encrypt a portion of the response and send the response to the user device.

公开(公告)号：US20240098071A1

公开(公告)日：2024-03-21

申请号：US18243557

申请日：2023-09-07

Applicant: SECTURION SYSTEMS, INC.

Inventor： JORDAN ANDERSON ,  RICHARD J. TAKAHASHI ,  SEAN LITTLE ,  LEE NOEHRING

IPC: H04L9/40 ,  G06F21/60 ,  H04L9/14

CPC classification number: H04L63/0428 ,  G06F21/602 ,  H04L9/14 ,  H04L63/0471 ,  H04L63/0478 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/0876 ,  H04L2209/76

Abstract: Systems and methods to securely send or write data to a cloud storage or server. In one embodiment, a method includes: establishing a connection to a client using a client-side transport protocol; receiving, over the connection, data from the first client; decrypting, using a client session key, the received data to provide first decrypted data; encrypting the first decrypted data using a stored payload key (that is associated with the client) to provide first encrypted data; encrypting, using a cloud session key, the first encrypted data using a remote-side transport protocol to provide second encrypted data; and sending the second encrypted data to the cloud storage or server.

公开(公告)号：US11936521B2

公开(公告)日：2024-03-19

申请号：US18296348

申请日：2023-04-05

Applicant: Oracle International Corporation

Inventor： Prachi Maheshwari ,  Igors Sajenko ,  David Dale Becker ,  Maxim Baturin

IPC: G06F12/00 ,  G06F3/06 ,  G06F8/61 ,  G06F8/658 ,  G06F9/4401 ,  G06F9/455 ,  G06F9/50 ,  G06F11/14 ,  H04L9/08 ,  H04L9/40 ,  H04L12/46 ,  H04L41/0806 ,  H04L67/10

CPC classification number: H04L41/0806 ,  G06F3/0604 ,  G06F3/0622 ,  G06F3/0655 ,  G06F3/0659 ,  G06F3/067 ,  G06F3/0679 ,  G06F8/61 ,  G06F8/658 ,  G06F9/4406 ,  G06F9/45558 ,  G06F9/505 ,  G06F9/5055 ,  G06F9/5077 ,  G06F9/5088 ,  G06F11/1451 ,  G06F11/1469 ,  H04L9/0897 ,  H04L12/4641 ,  H04L63/0471 ,  H04L63/0478 ,  H04L63/0485 ,  H04L63/06 ,  H04L63/0876 ,  H04L63/162 ,  H04L63/20 ,  H04L67/10 ,  G06F2009/45562 ,  G06F2009/45587 ,  G06F2009/45595 ,  G06F2201/84

Abstract: Techniques discussed herein relate to providing in-memory workflow management at an edge device (e.g., a computing device distinct from and operating remotely with respect to a data center). The edge device can operate as a computing node in a computing cluster of edge devices and implement a hosting environment (e.g., a distributed data plane). A work request can be obtained by an in-memory workflow manager of the edge device. The work request may include an intended state of a data plane resource (e.g., a computing cluster, a virtual machine, etc.). The in-memory workflow manager can determine the work request has not commenced and initialize an in-memory execution thread to execute orchestration tasks to configure a data plane of the computing cluster according to the intended state. Current state data corresponding to the configured data plane may be provided to the user device and eventually displayed.

公开(公告)号：US11909727B2

公开(公告)日：2024-02-20

申请号：US17900838

申请日：2022-08-31

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： Hari Krishna Annam ,  Mohit Gupta ,  Soumendra Bhattacharya

IPC: G06F21/00 ,  H04L9/40 ,  H04L9/32 ,  H04L9/08 ,  H04W12/02 ,  H04W84/12 ,  H04W12/06

CPC classification number: H04L63/0471 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/3213 ,  H04L9/3226 ,  H04L63/0442 ,  H04L63/0823 ,  H04W12/02 ,  H04W12/068 ,  H04W84/12 ,  H04L63/0281 ,  H04L2209/56

Abstract: An Internet-connected device, such as a car, refrigerator, or even a laptop can use a second device, such as a cell phone, to support cryptographic operations and communication with token service providers or other processing services requiring pre-provisioned capabilities that may include cryptographic secrets. By removing the need to store personally sensitive data in “Internet of Things” (IoT) devices, a user's personal information and other sensitive financial information may be contained to a relatively small number of devices. This may help prevent theft of goods or services by IoT devices that are not always under the close control of the user.

公开(公告)号：US11895099B2

公开(公告)日：2024-02-06

申请号：US17463961

申请日：2021-09-01

Applicant: Journey.ai

Inventor： Brett Shockley ,  Alexander John Shockley ,  Michael Joseph Frendo ,  Shmuel Shaffer ,  Kenneth Keiter ,  James M. Behmke

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/32 ,  H04L9/08 ,  H04L9/06 ,  G06F3/06 ,  H04L9/30 ,  G06F21/60 ,  G06F21/62 ,  G06F21/64 ,  G06Q20/40 ,  H04L9/14 ,  G06Q20/38

CPC classification number: H04L63/0471 ,  G06F3/062 ,  G06F3/067 ,  G06F3/0655 ,  G06F21/602 ,  G06F21/62 ,  G06F21/645 ,  G06Q20/383 ,  G06Q20/3829 ,  G06Q20/38215 ,  G06Q20/401 ,  H04L9/0643 ,  H04L9/083 ,  H04L9/0819 ,  H04L9/0825 ,  H04L9/0833 ,  H04L9/0891 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3218 ,  H04L9/3236 ,  H04L9/3242 ,  H04L9/3247 ,  H04L9/3263 ,  H04L9/3265 ,  H04L9/3268 ,  H04L63/0421 ,  H04L63/0442 ,  H04L63/083 ,  H04L63/101 ,  H04L63/102

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.