Having Separate Add-on Board Patents (Class 713/192)
-
Patent number: 11397834Abstract: A method for storing encrypted data in a non-volatile memory device, that includes receiving, by a processor, an indication of a power interruption event; disabling, based on the indication, decryption of encrypted data read from a volatile memory module; copying the encrypted data from the volatile memory module to cache; and copying the encrypted data from the cache to the non-volatile memory device.Type: GrantFiled: July 31, 2020Date of Patent: July 26, 2022Assignee: EMC IP Holding Company LLCInventors: Walter A. O'Brien, III, Thomas N. Dibb
-
Patent number: 11394700Abstract: Described are platforms, systems, and methods for providing an in-line, transparent Transmission Control Protocol (TCP)/Transport Layer Security (TLS) proxy. In one aspect, a programmable input output (IO) device comprises at least one advanced reduced instruction set computer (RISC) machine (ARM) core communicably coupled to at least one central processing unit (CPU) core of a host device; a programmable P4 pipeline comprising a cryptographic offload subsystem; and a memory unit. The programmable IO device executing instruction stored on the memory unit comprising: establishing a session for an incoming TCP connection received from a remote host via the at least one ARM core; processing data packets received from the remote host via the programmable P4 pipeline; decrypting the received data packets via the cryptographic offload subsystem; and providing the decrypted data packets to the host device.Type: GrantFiled: January 31, 2020Date of Patent: July 19, 2022Assignee: PENSANDO SYSTEMS INC.Inventors: Sameer Kittur, Raghava Kodigenahalli Sivaramu, Alok Rathore, Vijay Sampath, Vipin Jain
-
Patent number: 11303653Abstract: An information security system that includes an information security engine configured to monitor data transmissions within a network and to detect a first attack by a malicious software element. The information security engine is further configured to detect a second attack by the malicious software element within a predetermined time interval from the first attack and to transfer the malicious software element from the network to an emulated network in response to detecting the second attack. The information security engine is further configured to generate an attack log comprising behavior characteristics for attacks performed by the malicious software element in the emulated network and to train a machine learning model based on behavior characteristics from the attack log.Type: GrantFiled: August 12, 2019Date of Patent: April 12, 2022Assignee: Bank of America CorporationInventors: Jo-Ann Taylor, Michael J. Sbandi, Benjamin F. Tweel
-
Patent number: 11258581Abstract: A method is provided for transmitting encrypted packets from a first node to a second node of a communication network. The first node pads each plaintext packet with a respective padding content. The padded plaintext packets are then encrypted and transmitted to the second node. For each plaintext packet, the first node randomly selects the padding size in a range comprised between a minimum padding size and a maximum padding size. If the size of a plaintext packet is lower than a predefined minimum packet size, the minimum padding size is set equal to the difference between predefined minimum packet size and the plaintext packet size.Type: GrantFiled: December 15, 2016Date of Patent: February 22, 2022Assignee: Telecom Italia S.p.A.Inventor: Mauro Cociglio
-
Patent number: 11204832Abstract: A method is provided for detecting a cold boot attack in a data processing system. The data processing system includes a processor, a memory with ECC, and a monitor circuit. In the method, during a boot process of the data processing system, the monitor circuit counts read and write accesses to the memory and maintains a count of the number of errors in the memory detected by the ECC. The read and write access count and the error count are used to detect suspicious activity that may indicate a cold boot attack on the memory. A data processing system that implements the method is also provided.Type: GrantFiled: April 2, 2020Date of Patent: December 21, 2021Assignee: NXP B.V.Inventor: Jan-Peter Schat
-
Patent number: 11171990Abstract: A security system within a digital network receives a request to access a feature of the digital network from a remote computing device. The security system obtains obtains characteristic data corresponding to the remote computing device and generates a security score corresponding to the remote computing device based at least in part on the characteristic data. The security system compares the security score to an access threshold, allowing the remote computing device to access to the feature of the digital network if the security score exceeds the access threshold.Type: GrantFiled: November 1, 2018Date of Patent: November 9, 2021Assignee: Entreda, Inc.Inventors: Siddharth Yenamandra, Farshad Ghaffari
-
Patent number: 11146388Abstract: A method of encrypting a data file includes: opening the data file; selecting, via a first user interface, a portion of the data file; encrypting, via an encryption component, the selected portion of the data file as one of a first level of encryption associated with a first authorized user and a second level of encryption associated with a second authorized user so as to create an encrypted data file; and saving the encrypted data file. The encryption component includes an out-of-band encryption key component having stored therein, a first encryption key associated with the first level of encryption and a second encryption key associated with the second level of encryption.Type: GrantFiled: October 28, 2019Date of Patent: October 12, 2021Assignee: United States of America as represented by the Secretary of the NavyInventors: Matthew Galligan, Nhan Nguyen, John P. Waxler, William Dennis Bressler
-
Patent number: 11113402Abstract: Methods, systems and apparatuses may provide for technology that includes a system on chip (SoC) having a root of trust and an embedded controller to conduct functional safety operations and non-functional safety operations with respect to the SoC. The technology may also include an enhanced serial peripheral interface (eSPI) coupled to the SoC and the embedded controller, wherein the eSPI is to tunnel communications associated with the functional safety operations between the embedded controller and the root of trust.Type: GrantFiled: March 29, 2019Date of Patent: September 7, 2021Assignee: Intel CorporationInventors: Mikal Hunsaker, Mark Feuerstraeter, Asad Azam, Zhenyu Zhu, Navtej Singh
-
Patent number: 11062040Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for enabling blockchain-based service of process. One method includes: receiving a request generated based on a blockchain-based application for delivering a notice associated with a legal action from a serving party to another party. The serving party is determined to be a registered user of the blockchain-based application. A time that the request is received is recorded on the blockchain. If the party to be served is determined to be a registered user of the blockchain-based application, identifying one or more manners of delivering the notice based on available communication methods included in the registration information of the serving party and registration information of the party to be served. The notice to the party to be served is determined based on at least one of the one or more manners.Type: GrantFiled: December 13, 2019Date of Patent: July 13, 2021Assignee: Advanced New Technologies Co., Ltd.Inventor: Zhiguo Li
-
Patent number: 11042655Abstract: A method for data decryption comprises receiving, over an AXI bus operating in burst mode, data access requests for data units stored in a memory, subdividing the requests received into requests for encrypted data units and requests for non-encrypted data units, forwarding both requests for encrypted data units and requests for non-encrypted data units towards the memory, retrieving the respective sets of data units over the AXI bus, and applying Advanced Encryption Standard, AES, processing to the requests for encrypted data units by calculating decryption masks for the encrypted data units and applying the decryption masks calculated to the encrypted data units retrieved. Subdividing the requests into requests for encrypted data units and requests for non-encrypted data units is performed depending on data start addresses and security information conveyed by the requests.Type: GrantFiled: March 7, 2019Date of Patent: June 22, 2021Assignee: STMICROELECTRONICS S.r.l.Inventors: Giuseppe Guarnaccia, Rosalino Critelli
-
Patent number: 10999059Abstract: An integrated circuit comprising a CPU coupled to a system bus, a network interface configured to interface with an external device, and a crypto neuromorphic core coupled to the system bus. The cryptographic core comprising a processor or core, an internal bus, and a non-transitory computer-readable memory, wherein the crypto neuromorphic core is isolated from the CPU and the network interface via the system bus and the crypto neuromorphic core runs its own operating system. The crypto neuromorphic core is configured to: contain a secure core comprising a secure processor and dedicated/protected memory; store a private key in the dedicated/protected memory accessible to the secure core but not accessible to other components of the crypto neuromorphic core, the central processing unit, and the network interface; add data to a blockchain using the private key via the network interface; and read data from the blockchain via the network interface.Type: GrantFiled: January 29, 2019Date of Patent: May 4, 2021Inventor: Alexander Yuan Shi
-
Patent number: 10901704Abstract: A software cryptography library management program allows a user to provide a software cryptography library via a graphical user interface. A cryptography toolbox program displays to the user a plurality of cryptographic operation modules in a cryptography toolbox view such that each of the cryptographic operation modules is a graphical shape representation of an operation that performs one or more of application programming interfaces from the provided software cryptography library. A cryptography design program allows the user to place cryptographic operation modules in a drawing area to form a cryptosystem. The user sends a command to a simulation engine to simulate the cryptosystem using the application programming interfaces. The user may send a different command to a code generation engine to generate code from the cryptosystem using the application programming interfaces.Type: GrantFiled: July 19, 2020Date of Patent: January 26, 2021Assignee: XMODN SECURITY, LLCInventor: Nader Mazen Rabadi
-
Patent number: 10896265Abstract: An example apparatus can include a memory device and a controller coupled to the memory device configured to receive a command including command information to access a register from a host device. The controller can grant access to the register in response to the controller determining the command is valid and/or deny access to the register in response to the controller determining the command is invalid. The controller can determine the command is valid by calculating an answer using a seed from the command in a formula and verifying the calculated answer matches an answer from the command. The command, once verified as valid, can allow the host device to access configuration registers and/or data registers.Type: GrantFiled: August 2, 2018Date of Patent: January 19, 2021Assignee: Micron Technology, Inc.Inventor: Kevin R. Duncan
-
Patent number: 10891083Abstract: A method and associated system for randomizing data to be stored in a memory storage device including, receiving a plurality of data bytes to be randomized at a memory controller and written to a page of a memory storage device, wherein the page comprises a plurality of data sectors and wherein each of the plurality of data sectors are configured to store a plurality of data bytes, randomizing a first portion of the plurality of data bytes using a first randomizer initialized by a first seed to generate a first portion of randomized data bytes and randomizing a second portion of the plurality of data bytes using a second randomizer initialized by a second seed to generate a second portion of randomized data bytes, wherein the first seed is uncorrelated with the second seed.Type: GrantFiled: March 14, 2018Date of Patent: January 12, 2021Assignee: MICROSEMI SOLUTIONS (US), INC.Inventors: Unnikrishnan Sivaraman Nair, Rino Micheloni, Alessia Marelli
-
Patent number: 10878113Abstract: Techniques are disclosed relating to data storage. In various embodiments, a computing device includes first and second processors and memory having stored therein a first encrypted operating system executable by the first processor and a second encrypted operating system executable by the second processor. The computing device also includes a secure circuit configured to receive, via a first mailbox mechanism of the secure circuit, a first request from the first processor for a first cryptographic key usable to decrypt the first operating system. The secure circuit is further configured to receive, via a second mailbox mechanism of the secure circuit, a second request from the second processor for a second cryptographic key usable to decrypt the second operating system, and to provide the first and second cryptographic keys.Type: GrantFiled: September 27, 2018Date of Patent: December 29, 2020Assignee: Apple Inc.Inventors: Wade Benson, Michael J. Smith, Joshua P. de Cesare
-
Patent number: 10853504Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.Type: GrantFiled: November 22, 2019Date of Patent: December 1, 2020Assignee: Apple Inc.Inventors: Timothy R. Paaske, Mitchell D. Adler, Conrad Sauerwald, Fabrice L. Gautier, Shu-Yi Yu
-
Patent number: 10839370Abstract: A transaction device for securing a transaction includes an NFC controller, a communication interface, an application processor, a display and a user input device. The NFC controller is configured to receive, via a contactless NFC interface, data related to the transaction from an external device. The communication interface is configured to receive an application program for the transaction device. The application processor is coupled to the NFC controller and configured to process the application program. The display is coupled to the application processor and configured to display transaction information. The user input device is linked to the NFC controller and configured to receive a user acknowledgement of the transaction.Type: GrantFiled: July 18, 2018Date of Patent: November 17, 2020Assignee: VERIMATRIXInventor: Jean-Bernard Blanchet
-
Patent number: 10810138Abstract: This disclosure is directed to a processing device including a memory to store data, processing circuitry to process data, the processing circuitry including a memory controller to control access to the memory and encryption circuitry to encrypt and decrypt data, and I/O circuitry. The I/O circuitry includes an I/O port to write data to a storage device and to read data from the storage device and an enable encryption bit associated with the I/O port, the I/O port to receive a request to read data from the memory, to send a read command to the memory controller with an enable encryption attribute set when the enable encryption bit is set, and to send a read command to the memory controller with the enable encryption attribute not set when the enable encryption bit is not set.Type: GrantFiled: June 14, 2018Date of Patent: October 20, 2020Assignee: Intel CorporationInventors: Samantha Edirisooriya, Robert Z. Papp
-
Patent number: 10735409Abstract: A communication adapter for authentication of a user includes a receiving unit for receiving encrypted credentials, a decryption unit for decrypting the encrypted credentials and an output unit for outputting the decrypted credentials to a terminal device.Type: GrantFiled: March 23, 2017Date of Patent: August 4, 2020Assignee: Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.Inventors: Erik Krempel, Mario Kaufmann
-
Patent number: 10715509Abstract: Systems and methods for encryption key shredding to protect non-persistent data are described. In one embodiment, the storage system device may include a storage drive and a controller. In some embodiments, the controller may be configured to power on the storage drive, identify an encryption key on the storage drive created upon powering on the storage drive, and encrypt data in a cache of the storage drive using the encryption key. In some embodiments, the controller may be configured to power off the storage drive and delete the encryption key upon powering off the storage drive. In some cases, the storage drive may include at least one of a solid state drive and a hard disk drive. In some embodiments, the storage drive may include a hybrid storage drive that includes both a solid state drive and a hard disk drive.Type: GrantFiled: October 30, 2018Date of Patent: July 14, 2020Assignee: SEAGATE TECHNOLOGY LLCInventors: Stacey Secatch, Kristofer C. Conklin, Dana L. Simonson, Robert W. Moss
-
Patent number: 10701061Abstract: The invention introduces a method for blocking unauthorized applications, at least containing: receiving an input parameter from an application; determining whether the application is authenticated by inspecting content of the input parameter; randomly generating a session key, storing the session key in a file and storing the file in a path that can be accessed by a motherboard support service and the application only when the application is authenticated; and replying with the path and a filename of the file to the application.Type: GrantFiled: September 18, 2017Date of Patent: June 30, 2020Assignee: VIA TECHNOLOGIES, INC.Inventors: Guanghui Wu, Jinglin Liu
-
Patent number: 10685145Abstract: The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.Type: GrantFiled: April 12, 2019Date of Patent: June 16, 2020Assignee: SOCIONEXT INC.Inventors: Seiji Goto, Jun Kamada, Taiji Tamiya
-
Patent number: 10666661Abstract: The present invention relates to an authorization processing method and a device. An authorization server receives an authorization update request including a first identifier of an access device; sends, to the access device, an authorization update response including signature request information, where the signature request information instructs the access device to sign verification information; receives a signature verification request sent by the access device, where the signature verification request includes the first identifier, the verification information, and a signature of the verification information; determines that the signature of the verification information in the signature verification request is valid; and updates the authorization relationship according to the first identifier.Type: GrantFiled: February 9, 2018Date of Patent: May 26, 2020Assignee: Huawei Technologies Co., Ltd.Inventor: Yaoye Zhang
-
Patent number: 10552621Abstract: An Internet-of-Things (IoT) device platform to communicate in a trusted portion of an IoT network is disclosed. The trusted IoT platform can include a secure IoT system-on-chip (SoC) and can be integrated into various devices such that each of the devices may implement “roots of trust” to establish a trusted portion, or a trusted backbone, of the IoT network.Type: GrantFiled: September 24, 2018Date of Patent: February 4, 2020Assignee: INTEL CORPORATIONInventors: Ned M. Smith, Victoria C. Moore, Reshma Lal
-
Patent number: 10481900Abstract: The present disclosure relates to a method for updating a firmware component of a measurement and control technology device. The method includes: a segment-by-segment reception of a first firmware image; an authentication of the first firmware image based upon a first encryption method; a creation of a second authentication datum for the first firmware image via an algorithm that differs from the first encryption method; a re-transmission of the data used for updating the firmware component as a second firmware image; an authentication of the second-firmware image based upon the second authentication datum; and in the case of a successful authentication of the second firmware image, enabling and execution of the firmware program code.Type: GrantFiled: April 10, 2017Date of Patent: November 19, 2019Assignee: Endress+Hauser Conducta GmbH+Co. KGInventor: Björn Haase
-
Patent number: 10482034Abstract: Instantiating an attestation facilitation component that allows a remote application to attest to a secure state of a secure memory application executing upon a secure platform of a computer system regardless of a type of either the secure platform or a health attestation service. Instantiation comprises identifying a property that includes at least one of the secure platform type and the health attestation service type. The instantiation is customized with the identified property. The attestation facilitation component verifies that a report generated by the secure platform represents that the secure memory application is operating in a secure state, and accesses a token generated by the health attestation service that represents that the secure platform is operating in a secure state. The attestation facilitation component generates a quote that allows the remote application to verify that the secure platform and the secure memory application are both operating in secure states.Type: GrantFiled: November 29, 2016Date of Patent: November 19, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Lei Kou, Pushkar Vijay Chitnis, Simon Leet
-
Patent number: 10417428Abstract: Methods and systems for operating a remote desktop client from a computing system hosting a secure boot device. In some embodiments, a method comprises initiating execution of an operating system from the computing system hosting the secure boot device, the computing system communicatively connected within a secure enterprise network, the computing system being untrusted within the secure enterprise network and based on verification of received authentication credentials, booting an operating system from the secure boot device and establishing a secure communication tunnel with a service appliance.Type: GrantFiled: January 18, 2016Date of Patent: September 17, 2019Assignee: Unisys CorporationInventors: Steven L. Rajcan, Matthew Mohr, Jim Trocki, Mark K. Vallevand
-
Patent number: 10326596Abstract: Various embodiments are generally directed to techniques for secure message authentication and digital signatures, such as with a cipher-based hash function, for instance. Some embodiments are particularly directed to a secure authentication system that implements various aspects of the cipher-based hash function in dedicated hardware or circuitry. In various embodiments, the secure authentication system may implement one or more elements of the Whirlpool hash function in dedicated hardware. For instance, the compute-intensive substitute byte and mix rows blocks of the block cipher in the Whirlpool hash function may be implemented in dedicated hardware or circuitry using a combination of Galois Field arithmetic and fused scale/reduce circuits. In some embodiments, the microarchitecture of the secure authentication system may be implemented with delayed add key to limit the memory requirement to three sequential registers.Type: GrantFiled: October 1, 2016Date of Patent: June 18, 2019Assignee: INTEL CORPORATIONInventors: Vikram Suresh, Sudhir Satpathy, Sanu Mathew
-
Patent number: 10042649Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.Type: GrantFiled: January 10, 2017Date of Patent: August 7, 2018Assignee: Intel CorporationInventors: James A. Sutton, II, David W. Grawrock
-
Patent number: 10027637Abstract: A method for operating a cloud gateway is provided. The method includes generating a plurality of rules relating users and groups to data access at a plurality of cloud service providers. The method includes encrypting, at one of a plurality of connectors, outgoing data that is moving through a cloud gateway en route from a proxy server to one of the plurality of cloud service providers, responsive to a data write request associated with a first user, the encrypting in accordance to one of the plurality of rules as related to the first user. The method includes decrypting, at one of the plurality of connectors, incoming data that is moving through the cloud gateway en route from one of the plurality of cloud service providers to the server, responsive to a data read request associated with a second user, the decrypting in accordance to one of the plurality of rules as related to the second user.Type: GrantFiled: March 12, 2015Date of Patent: July 17, 2018Assignee: Vormetric, Inc.Inventor: Saravanan Coimbatore
-
Patent number: 10007808Abstract: A computer system, includes a crypto mechanism that decrypts and integrity-checks Secure Object information as the Secure Object information moves into the computer system from an external storage and encrypts and updates an integrity value for Secure Object information as the Secure Object information moves out of the computer system to the external storage.Type: GrantFiled: November 6, 2017Date of Patent: June 26, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Richard Harold Boivie, Dimitrios Pendarakis
-
Patent number: 9990208Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.Type: GrantFiled: January 10, 2017Date of Patent: June 5, 2018Assignee: Intel CorporationInventors: James A. Sutton, II, David W. Grawrock
-
Patent number: 9967263Abstract: A file security management apparatus and method which protect various types of systems for executing files, entering from the outside, from malicious code, and which prevent data from being divulged from the systems and also prevent the systems from operating erroneously, thereby ultimately protecting the systems. The file security management apparatus includes a conversion module configured to convert an incoming file, received by a system, into a monitoring target file; a search module configured to identify a selection for the execution of the monitoring target file, and to output incoming files, configured in the monitoring target file, into a search window; and a security module configured to decrypt the monitoring target file to the incoming file, and to perform processing so that the incoming file is executed via a corresponding application program in an isolated drive set as an isolated environment.Type: GrantFiled: May 22, 2014Date of Patent: May 8, 2018Assignee: SOFTCAMP CO., LTD.Inventor: Steve Bae
-
Patent number: 9928080Abstract: Trusted firmware on a host server is used for managing access to a hardware security module (HSM) connected to the host server. The HSM stores confidential information associated with an operating system. As part of access management, the firmware detects a boot device identifier associated with a boot device configured to boot the operating system on the host server. The firmware then receives a second boot device identifier from the HSM. The boot device identifier and the second boot device identifier are then compared by the firmware. Based on the comparison, the firmware determines that the boot device identifier matches with the second boot device identifier. Based on this determination, the firmware grants the operating system access to the HSM.Type: GrantFiled: September 30, 2014Date of Patent: March 27, 2018Assignee: International Business Machines CorporationInventors: Volker M. M. Boenisch, Reinhard Buendgen, Franziska Geisert, Jakob C. Lang, Mareike Lattermann, Angel Nunez Mencias
-
Patent number: 9888118Abstract: Systems and methods of contact center data integration with customer relationship management (CRM) applications on client computing devices in contact center environments are provided. A workspace routing connector application, responsive to an actuation command, can integrate the contact center enterprise with the different enterprise. A configuration component of the workspace routing connector application can select a contact center parameter from a contact center enterprise server. The workspace routing connector application can display, in a graphical user interface, an available CRM application and a CRM script based on the contact center parameter, and can receive an indication of selection of the CRM application. Responsive to selection of the CRM application, the CRM script can provide, from the contact center enterprise server via the computer network, for display by a client computing device in a contact center environment, contact center data related to the contact center parameter.Type: GrantFiled: June 10, 2016Date of Patent: February 6, 2018Assignee: SOFTPHONE SRLInventors: Alan Lugiai, Francesco Falanga
-
Patent number: 9881183Abstract: Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, and a computer-readable medium communicatively coupled to the processor.Type: GrantFiled: July 16, 2015Date of Patent: January 30, 2018Assignee: Dell Products L.P.Inventors: Amy Christine Nelson, Kenneth W. Stufflebeam, Jr.
-
Patent number: 9858429Abstract: A method of data transfer in an electronic device including a secure module, which includes a processor and a secure element, an application processor, and a sensor, may include: switching an operation mode of the processor to a bypass mode; performing a cross-authentication, by the application processor and the secure element; generating a session key, by the application processor and the secure element, when the cross-authentication is succeeded; switching the operation mode of the processor to a normal mode; encrypting, by the secure module, sensing data provided by the sensor using the session key; transferring the encrypted sensing data from the processor to the application processor; and/or acquiring, by the application processor, the sensing data by decrypting the encrypted sensing data using the session key.Type: GrantFiled: December 1, 2015Date of Patent: January 2, 2018Assignee: Samsung Electronics Co., Ltd.Inventors: Seung-Ho Lee, Ki-Hyoun Kwon, Sung-Hoon Son, Jun-Ho Lee, Jerome Han
-
Patent number: 9836308Abstract: Trusted firmware on a host server is used for managing access to a hardware security module (HSM) connected to the host server. The HSM stores confidential information associated with an operating system. As part of access management, the firmware detects a boot device identifier associated with a boot device configured to boot the operating system on the host server. The firmware then receives a second boot device identifier from the HSM. The boot device identifier and the second boot device identifier are then compared by the firmware. Based on the comparison, the firmware determines that the boot device identifier matches with the second boot device identifier. Based on this determination, the firmware grants the operating system access to the HSM.Type: GrantFiled: December 18, 2014Date of Patent: December 5, 2017Assignee: International Business Machines CorporationInventors: Volker M. M. Boenisch, Reinhard Buendgen, Franziska Geisert, Jakob C. Lang, Mareike Lattermann, Angel Nunez Mencias
-
Patent number: 9747426Abstract: Embodiments include a method, a computing device, and a computer program product. An embodiment provides a method implemented in a computing environment. The method includes receiving a designation of an individualized digital identifier. The method also includes associating a human-perceptible form of the designated individualized digital identifier with each element of a group of human-perceivable elements displayed by the computing environment.Type: GrantFiled: October 4, 2013Date of Patent: August 29, 2017Assignee: Invention Science Fund I, LLCInventors: Alexander J. Cohen, Edward K. Y. Jung, Royce A. Levien, Robert W. Lord, Mark A. Malamud, William Henry Mangione-Smith, John D. Rinaldo, Jr., Lowell L. Wood, Jr.
-
Patent number: 9652635Abstract: The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.Type: GrantFiled: November 27, 2013Date of Patent: May 16, 2017Assignee: SOCIONEXT INC.Inventors: Seiji Goto, Jun Kamada, Taiji Tamiya
-
Patent number: 9602274Abstract: A secure password generation method and system is provided. The method includes enabling by a processor of a computing system, password translation software. The computer processor generates and stores the random translation key. A first password is received and a second associated password is generated. The computer processor associates the second password with a secure application. The computer processor stores the random translation key within an external memory device and disables a connection between the computing system and the external memory device.Type: GrantFiled: September 11, 2015Date of Patent: March 21, 2017Assignee: International Business Machines CorporationInventor: Arnaud Lund
-
Patent number: 9594638Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.Type: GrantFiled: April 15, 2013Date of Patent: March 14, 2017Assignee: Amazon Technologies, Inc.Inventors: Nachiketh Rao Potlapally, Rachit Chawla, Jeremy Ryan Volkman, Michael David Marr
-
Patent number: 9569061Abstract: An automated process collects and organizes field data from an inspection of a building or other structure such as pipe supports, bridges, buildings, over head supports, and smoke stacks.Type: GrantFiled: December 26, 2013Date of Patent: February 14, 2017Assignee: GLOBEX CORPORATIONInventor: Steve Stanic
-
Patent number: 9565016Abstract: A protection mechanism for the execution of an encryption algorithm is disclosed. In the mechanism the encryption algorithm has its execution preceded by an update of a counter stored in a reprogrammable non-volatile memory. Storing the value of the counter into the memory corresponds with the execution of the algorithm.Type: GrantFiled: October 22, 2014Date of Patent: February 7, 2017Assignee: Proton World International N.V.Inventors: Alexandre Wostyn, Jean-Louis Modave
-
Patent number: 9547506Abstract: In one embodiment, a computer system provides a process for executing software that cannot be executed in a first configuration. The computer system determines source media for the software stored in a first data store, the source media being in the first configuration. The computer system retrieves metadata relating to executing the software from the source media. The computer system next transforms the retrieved metadata to generate a second configuration of the source media according to a transformation rule set, where the software can be executed in the second configuration, and stores the transformed metadata in a second data store. Next, the computer system presents the second configuration of the source media based on the transformed metadata. Thereafter, the computer system satisfies a request relating to executing the software using the transformed metadata in the second data store, wherein the request is satisfied based on the second configuration.Type: GrantFiled: October 31, 2013Date of Patent: January 17, 2017Assignee: VMware, Inc.Inventor: Darius Davis
-
Patent number: 9479527Abstract: Systems and methods for managing jobs to be scanned based on existence of processing nodes are described. One of the methods includes obtaining identification information regarding operation of a first set of the processing nodes from an inventory and creating a job for scanning the processing nodes of the first set for security vulnerability. The job includes the identification information. The method further includes verifying the inventory to determine the first identifying information of the first set of processing nodes for removal from the job and loading the job having second identifying information for a second set of processing nodes that remain after the verifying operation.Type: GrantFiled: October 15, 2015Date of Patent: October 25, 2016Assignee: Zynga Inc.Inventors: Kevin McGinley, Rich Tener
-
Simplifying IKE process in a gateway to enable datapath scaling using a two tier cache configuration
Patent number: 9473298Abstract: Computational complexity, specifically, cryptographic operations, is removed from the IKE(Internet Key Exchange) process in a VPN gateway appliance, thereby enabling scaling of the number of datapaths that can be managed by a single IKE process. A two-tier cache configuration enables necessary cryptographic operations on packets in the gateway but does so without placing additional computational burdens on the IKE process. One cache containing security association data is local to the IPSec component of the datapath instance. The second cache is higher level and is populated by IKE with security association data upon completion of IKE Phase 2 negotiations. The local cache is searched first for security policy data and if found is used to encrypt/decrypt the data packet. If not found locally, the IKE centralized cache is searched and if found, the local cache is updated with the security association data.Type: GrantFiled: January 8, 2015Date of Patent: October 18, 2016Assignee: Blue Cedar Networks, Inc.Inventor: Kenneth J. Wante -
Patent number: 9419794Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.Type: GrantFiled: September 23, 2014Date of Patent: August 16, 2016Assignee: Apple Inc.Inventors: R. Stephen Polzin, Fabrice L. Gautier, Mitchell D. Adler, Conrad Sauerwald, Michael L. H. Brouwer
-
Patent number: 9405913Abstract: A method to defend effectively against cold-boot attacks includes checking state data stored in a state memory to which the system software has access. At least two of the state data items are checked (111; 112) to determine deviations from parameters that are defined for a normal state of the computer. If deviations from the parameters are determined for at least two of the checked state data items, at least subareas of the main memory are cleared or overwritten (120); otherwise, the main memory is not cleared or overwritten (130); then, the system startup of the computer is carried out by means of the configured system software (140).Type: GrantFiled: November 10, 2014Date of Patent: August 2, 2016Assignee: Wincor Nixdorf International GmbHInventor: Volker Krummel
-
Patent number: 9384367Abstract: In accordance with some embodiments, a single trusted platform module per platform may be used to handle conventional trusted platform tasks as well as those that would arise prior to the existence of a primary trusted platform module in conventional systems. Thus one single trusted platform module may handle measurements of all aspects of the platform including the baseboard management controller. In some embodiments, a management engine image is validated using a read only memory embedded in a chipset such as a platform controller hub, as the root of trust. Before the baseboard management controller (BMC) is allowed to boot, it must validate the integrity of its flash memory. But the BMC image may be stored in a memory coupled to a platform controller hub (PCH) in a way that it can be validated by the PCH.Type: GrantFiled: September 4, 2012Date of Patent: July 5, 2016Assignee: Intel CorporationInventors: Robert C. Swanson, Palsamy Sakthikumar, Mallik Bulusu, Robert Bruce Bahnsen