Patents by Inventor Michael KIPERBERG
Michael KIPERBERG has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11269992Abstract: Systems and methods for protecting vulnerable code by obtaining an input file comprising code representing executable files; generating a protected executable file by replacing an unencrypted version of each vulnerable function of the input file with a VM-exit generating instruction; and generating a database file including an encrypted version of each vulnerable function deleted from the input file. The protected executable file, database file are stored on a target device. A UEFI application initializes a hypervisor which accesses the decryption key using a TPM device and loads an operating system. When the hypervisor detects an attempt to execute an encrypted version of a vulnerable function it decrypts the encrypted version of the vulnerable function.Type: GrantFiled: March 22, 2019Date of Patent: March 8, 2022Inventors: Michael Kiperberg, Raziel Ben Yehuda, Asaf Algawi, Roee Shimon Leon, Amit Resh, Nezer Jacob Zaidenberg
-
Publication number: 20210049263Abstract: Systems and methods for protecting vulnerable code by obtaining an input file comprising code representing executable files; generating a protected executable file by replacing an unencrypted version of each vulnerable function of the input file with a VM-exit generating instruction; and generating a database file including an encrypted version of each vulnerable function deleted from the input file. The protected executable file, database file are stored on a target device. A UEFI application initializes a hypervisor which accesses the decryption key using a TPM device and loads an operating system. When the hypervisor detects an attempt to execute an encrypted version of a vulnerable function it decrypts the encrypted version of the vulnerable function.Type: ApplicationFiled: March 22, 2019Publication date: February 18, 2021Inventors: MICHAEL KIPERBERG, RAZIEL BEN YEHUDA, ASAF ALGAWI, ROEE SHIMON LEON, AMIT RESH, NEZER JACOB ZAIDENBERG
-
Patent number: 9756048Abstract: The present disclosure relates to systems and methods for enabling execution of encrypted managed programs in common managed execution environments. In particular the disclosure relates to method of loading and associating an extension module to the managed execution environment configured to receive execution event notifications. The events corresponding to the execution of encrypted methods are intercepted and passed on to a decryption module operable to execute within an hypervisor environment, such that the managed encrypted program is decrypted, executed in a secured location, preventing access of untrusted party. The decryption module is further configured to discard decrypted instruction if cooperation of the extension module is required, or upon program termination.Type: GrantFiled: November 11, 2015Date of Patent: September 5, 2017Assignee: TRULY PROTECT OYInventors: Michael Kiperberg, Amit Resh, Nezer Zaidenberg
-
Patent number: 9753865Abstract: The present disclosure relates systems and methods for executing an encrypted code section in a shieldable CPU memory cache. Functional characteristics of the software product of a vendor, such as gaming or video, may be partially encrypted to allow for protected and functional operability and avoid hacking and malicious usage of non-licensed user. The encrypted instructions may be written to the CPU memory cache and decrypted only once the CPU memory cache is switched into a shielded state. The decrypted code instructions may be executed from a designated cache-line of said CPU memory cache still in the shielded state.Type: GrantFiled: September 12, 2016Date of Patent: September 5, 2017Assignee: TRULY PROTECT OYInventors: Michael Kiperberg, Amit Resh, Nezer Zaidenberg
-
Publication number: 20160378690Abstract: The present disclosure relates systems and methods for executing an encrypted code section in a shieldable CPU memory cache. Functional characteristics of the software product of a vendor, such as gaming or video, may be partially encrypted to allow for protected and functional operability and avoid hacking and malicious usage of non-licensed user. The encrypted instructions may be written to the CPU memory cache and decrypted only once the CPU memory cache is switched into a shielded state. The decrypted code instructions may be executed from a designated cache-line of said CPU memory cache still in the shielded state.Type: ApplicationFiled: September 12, 2016Publication date: December 29, 2016Inventors: MICHAEL KIPERBERG, AMIT RESH, NEZER ZAIDENBERG
-
Patent number: 9471511Abstract: The present disclosure relates to techniques for system and methods for software-based management of protected data-blocks insertion into the memory cache mechanism of a computerized device. In particular the disclosure relates to preventing protected data blocks from being altered and evicted from the CPU cache coupled with buffered software execution. The technique is based upon identifying at least one conflicting data-block having a memory mapping indication to a designated memory cache-line and preventing the conflicting data-block from being cached. Functional characteristics of the software product of a vendor, such as gaming or video, may be partially encrypted to allow for protected and functional operability and avoid hacking and malicious usage of non-licensed user.Type: GrantFiled: November 24, 2013Date of Patent: October 18, 2016Assignee: Truly Protect OYInventors: Michael Kiperberg, Amit Resh, Nezer Zaidenberg
-
Publication number: 20160094555Abstract: The present disclosure relates to systems and methods for enabling execution of encrypted managed programs in common managed execution environments. In particular the disclosure relates to method of loading and associating an extension module to the managed execution environment configured to receive execution event notifications. The events corresponding to the execution of encrypted methods are intercepted and passed on to a decryption module operable to execute within an hypervisor environment, such that the managed encrypted program is decrypted, executed in a secured location, preventing access of untrusted party. The decryption module is further configured to discard decrypted instruction if cooperation of the extension module is required, or upon program termination.Type: ApplicationFiled: November 11, 2015Publication date: March 31, 2016Inventors: MICHAEL KIPERBERG, AMIT RESH, NEZER ZAIDENBERG
-
Patent number: 9195821Abstract: The current disclosure relates to techniques for system and methods for software-based management of remote software authentication of at least one entity machine, addressing various vulnerabilities of software authentication based upon the genuinity based scheme. The disclosure is using challenge execution on at least one suspect machine, providing a technique for CPU event monitoring of a combined count of at least two events monitored on the entity machine during execution of the authentication challenge. The authentication challenge allows further detection functionality of virtual machine or a hypervisor installed. The techniques measures execution time of authentication challenge, comparing the received challenge result with the expected challenge result and accordingly rejects or allows the entity machine through the authentication process.Type: GrantFiled: November 24, 2013Date of Patent: November 24, 2015Assignee: Truly Protect OYInventors: Michael Kiperberg, Amit Resh, Nezer Zaidenberg
-
Patent number: 9104841Abstract: Various embodiments for enabling and protecting execution of encrypted electronic content in a client system. In various embodiments, there is a method for managing the state of the cache memory of the client system. In various embodiments, there is a method for protocol stack validation to confirm readiness of the client system to execute encrypted electronic content. In various embodiments, there is a method for protocol stack execution.Type: GrantFiled: May 8, 2013Date of Patent: August 11, 2015Assignee: TRULY PROTECT OYInventors: Michael Kiperberg, Nezer Zaidenberg
-
Publication number: 20150150084Abstract: The current disclosure relates to techniques for system and methods for software-based management of remote software authentication of at least one entity machine, addressing various vulnerabilities of software authentication based upon the genuinity based scheme. The disclosure is using challenge execution on at least one suspect machine, providing a technique for CPU event monitoring of a combined count of at least two events monitored on the entity machine during execution of the authentication challenge. The authentication challenge allows further detection functionality of virtual machine or a hypervisor installed. The techniques measures execution time of authentication challenge, comparing the received challenge result with the expected challenge result and accordingly rejects or allows the entity machine through the authentication process.Type: ApplicationFiled: November 24, 2013Publication date: May 28, 2015Inventors: MICHAEL KIPERBERG, AMIT RESH, NEZER ZAIDENBERG
-
Publication number: 20150149732Abstract: The present disclosure relates to techniques for system and methods for software-based management of protected data-blocks insertion into the memory cache mechanism of a computerized device. In particular the disclosure relates to preventing protected data blocks from being altered and evicted from the CPU cache coupled with buffered software execution. The technique is based upon identifying at least one conflicting data-block having a memory mapping indication to a designated memory cache-line and preventing the conflicting data-block from being cached. Functional characteristics of the software product of a vendor, such as gaming or video, may be partially encrypted to allow for protected and functional operability and avoid hacking and malicious usage of non-licensed user.Type: ApplicationFiled: November 24, 2013Publication date: May 28, 2015Inventors: MICHAEL KIPERBERG, AMIT RESH, NEZER ZAIDENBERG
-
Publication number: 20140337637Abstract: Various embodiments for enabling and protecting execution of encrypted electronic content in a client system. In various embodiments, there is a method for managing the state of the cache memory of the client system. In various embodiments, there is a method for protocol stack validation to confirm readiness of the client system to execute encrypted electronic content. In various embodiments, there is a method for protocol stack execution.Type: ApplicationFiled: May 8, 2013Publication date: November 13, 2014Applicant: UNIVERSITY OF JYVASKYLAInventors: Michael KIPERBERG, Nezer ZAIDENBERG