US Pat. No. 10,200,195

METHOD FOR LEVERAGING A SECURE TELECOMMUNICATION SESSION

Uniken, Inc., Chatham To...

8. A method for establishing relative identity relationship between a first agent and second agent, the method comprising:a first computing device operable by a user and including a software application stored in a memory, the first computing device generating a first absolute key for the first agent;
generating a first partial relative key for the first agent;
wherein the first absolute key and the first partial relative key define a relative identity of the first agent based on an identity of the first computing device, an identity of the software application, and an identity of the user, wherein the relative identity is unique for a relationship between the first agent and the second agent;
generating an intermediate key by taking a mathematical function, hash, or algorithm of the first absolute key, the first partial relative key, and a second partial relative key for the second agent;
generating an encryption key by using a mathematical function, hash, or algorithm of the intermediate key and a second absolute key for the second agent;
wherein the relative identity relationship is characterized by the encryption key, and the encryption key is used to encrypt subsequent communications between the first agent and second agent.

US Pat. No. 10,348,496

METHOD FOR LEVERAGING A SECURE TELECOMMUNICATION SESSION

Uniken, Inc., Chatham To...

1. A computing device for establishing a secure trustworthy communication channel, the computing device comprising:a memory; and
one or more processors configured to:
receive, from a first other computing device, an identification of a first entity associated with the first other computing device,
establish a secure connection with a second other computing device using an encryption key, wherein the encryption key is based on a key of the computing device and a second key from the second other computing device,
transmit, to the second other computing device, the identification of the first entity associated with the first other computing device using the secure connection,
receive, from the second other computing device, an authentication message indicating that the first entity is authenticated based on the identification of the first entity, and
after receiving the authentication message:
generate another encryption key using an identification of an entity associated with the computing device and the identification of the first entity,
generate a first additional key and a second additional key based on an absolute key of a second entity associated with the second other computing device, wherein the first additional key is for storage in the memory, and
transmit, to the first other computing device using the secured connection, the second additional key and one or more activation instructions for storing the second additional key in a memory of the second other computing device.

US Pat. No. 10,389,529

ENTROPY-BASED AUTHENTICATION OF MOBILE FINANCIAL TRANSACTION

Uniken, Inc., Chatham To...

1. A method implemented by an electronic device for leveraging a secure communication channel between a first agent of the electronic device and a second agent of another electronic device to authenticate an activity occurring on another communication channel that is outside of the secure communication channel, the method comprising:generating, by the electronic device, a first absolute key and a first partial relative key, wherein the first absolute key and the first partial relative key define a relative identity of the first agent that is unique to a relationship between the first agent and the second agent;
receiving, by the electronic device, a message from the other electronic device indicating that the other communication channel is established and that the activity is about to occur, wherein the message includes a second partial relative key that defines a relative identity of the second agent that is unique to the relationship between the first agent and the second agent;
generating, by the electronic device, a first intermediate key based on the first absolute key, the first partial relative key, and the second partial relative key;
transmitting, by the electronic device, the first intermediate key to the other electronic device;
generating, by the electronic device, a first encryption key based on the first absolute key and a second intermediate key received from the other electronic device after generating the first intermediate key;
opening, by the electronic device, the secure communication channel based on a validation of the first encryption key and a validation of a second encryption key that is generated by the other electronic device, wherein the second encryption key is based on a second absolute key generated by the other electronic device and the first intermediate key, and wherein the second absolute key defines the relative identity of the second agent that is unique to the relationship between the first agent and the second agent;
receiving, by the electronic device, an authentication request from the other electronic device using the secure communication channel to authenticate the activity, wherein the authentication request includes an indication of at least one activity type of the activity;
displaying, by the electronic device, an authentication request display that is based on the indication of the at least one activity type of the activity; and
after displaying the authentication request display, transmitting, by the electronic device, an authentication reply to the other electronic device using the secure communication channel for authentication and execution of the activity occurring on the other communication channel that is outside of the secure communication channel.

US Pat. No. 10,432,600

NETWORK-BASED KEY DISTRIBUTION SYSTEM, METHOD, AND APPARATUS

Uniken, Inc., Chatham To...

1. An apparatus comprising:a first electronic data port configured to transmit electronic data to one or more electronic devices and receive electronic data from the one or more electronic devices;
a second electronic data port configured to transmit electronic data to one or more management servers and receive electronic data from the one or more management servers; and
at least one processor that, when executing one or more network-based key distribution operations, is configured to:
receive, from an electronic device of the one or more electronic devices, a verification message indicating that the electronic device is not corrupt before receiving a unique universal identifier (UUID) from the electronic device,
receive, from the electronic device, the UUID, wherein the UUID is associated with an application stored in a memory of the electronic device,
receive, from a management server of the one or more management servers, a server key stored in a credential store and that is associated with the UUID received from the electronic device, and
establish one or more secure channels for electronic data communication with the electronic device based on the received UUID and the server key.

US Pat. No. 10,659,444

NETWORK-BASED KEY DISTRIBUTION SYSTEM, METHOD, AND APPARATUS

Uniken, Inc., Chatham To...

1. An electronic device comprising:a memory storing an application containing a client file; and
at least one processor that, when executing one or more network-based key distribution operations, is configured to:
execute a mobile threat detection (MTD) function to determine whether the electronic device is corrupt,
when determining that the electronic device is not corrupt, transmit a verification message to a gateway indicating that the electronic device is not corrupt and identify whether an encrypted user key (UKc-Enc) is stored in the electronic device,
when the UKc-Enc is not stored in the electronic device, decrypt an application key (AKc) and transmit the AKc and a unique universal identifier (UUID) that is associated with the application to the gateway for establishing a secure application specific communication channel between the electronic device and the gateway, and
when the UKc-Enc is stored in the electronic device, decrypt the UKc-Enc to form a user key (UKc), extract a UUID from the UKc, and transmit the UUID from the UKc to the gateway for establishing the secure application specific communication channel between the electronic device and the gateway.