Patents by Inventor Afshin Latifi

Afshin Latifi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8909942
    Abstract: A secure data storage system includes a mechanism that can be activated to inhibit access to stored data. In one embodiment, access to stored data can be prevented without having to erase or modify such data. An encryption key, or data used to generate the encryption key, is stored in an MRAM module integrated within the data storage system. The data storage system uses the encryption key to encrypt data received from a host system, and to decrypt the encrypted data when it is subsequently read by a host system. To render the stored data inaccessible, an operator (or an automated process) can expose the MRAM module to a magnetic field of sufficient strength to erase key data therefrom.
    Type: Grant
    Filed: March 30, 2012
    Date of Patent: December 9, 2014
    Assignee: Western Digital Technologies, Inc.
    Inventors: Dmitry S. Obukhov, Afshin Latifi, Justin Jones
  • Patent number: 8788841
    Abstract: Techniques for representation and verification of data are disclosed. The techniques are especially useful for representation and verification of the integrity of data (integrity verification) in safe computing environments and/or systems (e.g., Trusted Computing (TC) systems and/or environments). Multiple independent representative values can be determined independently and possibly in parallel for respective portions of the data. The independent representative values can, for example, be hash values determined at the same time for respective distinct portions of the data. The integrity of the data can be determined based on the multiple hash values by, for example, processing them to determine a single hash value that can serve as an integrity value.
    Type: Grant
    Filed: October 23, 2008
    Date of Patent: July 22, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Onur Aciicmez, Jean-Pierre Seifert, Xinwen Zhang, Afshin Latifi
  • Patent number: 8631468
    Abstract: Techniques for controlling access are disclosed. The techniques can be used for reference monitoring in various computing systems (e.g., computing device) including those that may be relatively more susceptible to threats (e.g., mobile phones). Allowed access can be disallowed. In other words, permission to access a component can be effectively withdrawn even though access may be on-going. After permission to access a component has been allowed, one or more disallow access conditions or events can be effectively monitored in order to determine whether to withdraw the permission to access the component. As a result, allowed access to the component can be disallowed. Access can be disallowed by effectively considering the behavior of a component in the aggregate and/or over a determined amount of time. By way of example, a messaging application can be disallowed access to a communication port if the messaging application sends more messages than an acceptable limit during a session or in 4 hours.
    Type: Grant
    Filed: November 10, 2008
    Date of Patent: January 14, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Xinwen Zhang, Jean-Pierre Seifert, Onur Aciicmez, Afshin Latifi
  • Patent number: 8621551
    Abstract: Techniques for managing and protecting computing environments are disclosed. A safe computing environment can be provided for ensuring the safety and/or management of a device. The safe computing environment can be secured by a safe component that isolates and protects it from unsafe computing environments which may also be operating. As a result, various security and management activities can be securely performed from a safe computing environment. A safe computing environment can, for example, be provided on a device as a safe virtual computing environment (e.g., a safe virtual machine) protected by a safe virtual computing monitor (e.g., a safe virtual machine monitor) from one or more other virtual computing environments that are not known or not believed to be safe for the device. It will also be appreciated that the safe components can, for example, be provided as trusted components for a device.
    Type: Grant
    Filed: April 18, 2008
    Date of Patent: December 31, 2013
    Assignee: Samsung Electronics Company, Ltd.
    Inventors: Xinwen Zhang, Liang Xie, Jean-Pierre Seifert, Onur Aciicmez, Afshin Latifi
  • Patent number: 8595834
    Abstract: Techniques for detecting unauthorized use (e.g., malicious attacks) of the computing systems (e.g., computing devices) are disclosed. Unauthorized use can be detected based on patterns of use (e.g., behavioral patterns of use typically associated with a human being) of the computing systems. Acceptable behavioral pattern data can be generated for a computing system by monitoring the use of a support system (e.g., an operating system, a virtual environment) operating on the computing system. For example, a plurality of system support provider components of a support system (e.g., system calls, device drivers) can be monitored in order to generate the acceptable behavioral pattern data in a form which effectively defines an acceptable pattern of use (usage pattern) for the monitored system support provider components, thereby allowing detection of unauthorized use of a computing system by detecting any deviation from the acceptable pattern of use of the monitored system support provider components.
    Type: Grant
    Filed: February 4, 2008
    Date of Patent: November 26, 2013
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Liang Xie, Xinwen Zhang, Jean-Pierre Seifert, Onur Aciicmez, Afshin Latifi
  • Patent number: 8510805
    Abstract: Improved techniques for controlling access to accessible components of computing environments are disclosed. The techniques, among other things, can be used to provide Mandatory Access Control (MAC) mechanisms for mobile and embedded systems. One or more accessible components (e.g., accessible resources) which a component may attempt to access are determined so that one or more access permissions can be stored in a manner that they can be obtained if the component attempts to access the one or more accessible components, thereby allowing access to the one or more accessible components to be determined based on access permissions that are readily available. Generally, access permissions can be identified and stored in anticipation of need. Access permissions can be identified, for example, based on the likelihood of use, or all possible access permissions can be determined and stored. A safe (e.g.
    Type: Grant
    Filed: April 23, 2008
    Date of Patent: August 13, 2013
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Xinwen Zhang, Jean-Pierre Seifert, Onur Aciicmez, Afshin Latifi
  • Patent number: 7847710
    Abstract: Techniques for hashing and decompression of data are disclosed. Hashing and decompression of compressed data can be integrated in order to effectively hash and decompress the compressed data at the same time. The integrated hashing and decompression techniques of the invention are useful for any computing environment and/or system where compressed data is hashed and decompressed. The invention is especially useful for safe computing environment and/or system (e.g., a Trusted Computing (TC) computing environment) where hashing decompression of compressed data can be routinely performed. The Integrity of a computing environment and/or system can be protected by integrating the decompressing and hashing of the compressed data or effectively hashing and decompressing the compressed data at the same time. A combined hashing and decompression function can be provided based on conventional hashing and compression functions by integrating their similar components and in an efficient manner.
    Type: Grant
    Filed: November 10, 2008
    Date of Patent: December 7, 2010
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Onur Aciicmez, Jean-Pierre Seifert, Xinwen Zhang, Afshin Latifi
  • Publication number: 20100122314
    Abstract: Techniques for controlling access are disclosed. The techniques can be used for reference monitoring in various computing systems (e.g., computing device) including those that may be relatively more susceptible to threats (e.g., mobile phones). Allowed access can be disallowed. In other words, permission to access a component can be effectively withdrawn even though access may be on-going. After permission to access a component has been allowed, one or more disallow access conditions or events can be effectively monitored in order to determine whether to withdraw the permission to access the component. As a result, allowed access to the component can be disallowed. Access can be disallowed by effectively considering the behavior of a component in the aggregate and/or over a determined amount of time. By way of example, a messaging application can be disallowed access to a communication port if the messaging application sends more messages than an acceptable limit during a session or in 4 hours.
    Type: Application
    Filed: November 10, 2008
    Publication date: May 13, 2010
    Applicant: Samsung Electronics Co., Ltd.
    Inventors: Xinwen ZHANG, Jean-Pierre SEIFERT, Onur ACIICMEZ, Afshin LATIFI
  • Publication number: 20100117873
    Abstract: Techniques for hashing and decompression of data are disclosed. Hashing and decompression of compressed data can be integrated in order to effectively hash and decompress the compressed data at the same time. The integrated hashing and decompression techniques of the invention are useful for any computing environment and/or system where compressed data is hashed and decompressed. The invention is especially useful for safe computing environment and/or system (e.g., a Trusted Computing (TC) computing environment) where hashing decompression of compressed data can be routinely performed. The Integrity of a computing environment and/or system can be protected by integrating the decompressing and hashing of the compressed data or effectively hashing and decompressing the compressed data at the same time. A combined hashing and decompression function can be provided based on conventional hashing and compression functions by integrating their similar components and in an efficient manner.
    Type: Application
    Filed: November 10, 2008
    Publication date: May 13, 2010
    Applicant: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Onur ACIICMEZ, Jean-Pierre SEIFERT, Xinwen ZHANG, Afshin LATIFI
  • Publication number: 20100106976
    Abstract: Techniques for representation and verification of data are disclosed. The techniques are especially useful for representation and verification of the integrity of data (integrity verification) in safe computing environments and/or systems (e.g., Trusted Computing (TC) systems and/or environments). Multiple independent representative values can be determined independently and possibly in parallel for respective portions of the data. The independent representative values can, for example, be hash values determined at the same time for respective distinct portions of the data. The integrity of the data can be determined based on the multiple hash values by, for example, processing them to determine a single hash value that can serve as an integrity value.
    Type: Application
    Filed: October 23, 2008
    Publication date: April 29, 2010
    Applicant: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Onur ACIICMEZ, Jean-Pierre SEIFERT, Xinwen ZHANG, Afshin LATIFI
  • Publication number: 20090300049
    Abstract: Improved verification techniques for verification of the integrity of various computing environments and/or computing systems are disclosed. Verifiable representative data can effectively represent verifiable content of a computing environment, thereby allowing the integrity of the computing environment to be verified based on the verifiable representative data instead of the content being represented. Verifiable representative data can effectively include selected portions of the content (e.g., selected content which may be of general and/or specific security interest) and can be generally smaller than the verifiable content it represents. As such, it may generally be more efficient to use the verifiable representative data instead of the content it represents. Verifiable representative data can also be organized. By way of example, unstructured content (e.g., a configuration file written in text) can be effectively transformed based on a scheme (e.g.
    Type: Application
    Filed: June 3, 2008
    Publication date: December 3, 2009
    Applicant: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Xinwen ZHANG, Jean-Pierre Seifert, Onur Aciicmez, Afshin Latifi
  • Publication number: 20090271844
    Abstract: Improved techniques for controlling access to accessible components of computing environments are disclosed. The techniques, among other things, can be used to provide Mandatory Access Control (MAC) mechanisms for mobile and embedded systems. One or more accessible components (e.g., accessible resources) which a component may attempt to access are determined so that one or more access permissions can be stored in a manner that they can be obtained if the component attempts to access the one or more accessible components, thereby allowing access to the one or more accessible components to be determined based on access permissions that are readily available. Generally, access permissions can be identified and stored in anticipation of need. Access permissions can be identified, for example, based on the likelihood of use, or all possible access permissions can be determined and stored. A safe (e.g.
    Type: Application
    Filed: April 23, 2008
    Publication date: October 29, 2009
    Applicant: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Xinwen ZHANG, Jean-Pierre SEIFERT, Onur ACIICMEZ, Afshin LATIFI
  • Publication number: 20090265756
    Abstract: Techniques for managing and protecting computing environments are disclosed. A safe computing environment can be provided for ensuring the safety and/or management of a device. The safe computing environment can be secured by a safe component that isolates and protects it from unsafe computing environments which may also be operating. As a result, various security and management activities can be securely performed from a safe computing environment. A safe computing environment can, for example, be provided on a device as a safe virtual computing environment (e.g., a safe virtual machine) protected by a safe virtual computing monitor (e.g., a safe virtual machine monitor) from one or more other virtual computing environments that are not known or not believed to be safe for the device. It will also be appreciated that the safe components can, for example, be provided as trusted components for a device.
    Type: Application
    Filed: April 18, 2008
    Publication date: October 22, 2009
    Applicant: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Xinwen Zhang, Liang Xie, Jean-Pierre Seifert, Onur Aciicmez, Afshin Latifi
  • Publication number: 20090199296
    Abstract: Techniques for detecting unauthorized use (e.g., malicious attacks) of the computing systems (e.g., computing devices) are disclosed. Unauthorized use can be detected based on patterns of use (e.g., behavioral patterns of use typically associated with a human being) of the computing systems. Acceptable behavioral pattern data can be generated for a computing system by monitoring the use of a support system (e.g., an operating system, a virtual environment) operating on the computing system. For example, a plurality of system support provider components of a support system (e.g., system calls, device drivers) can be monitored in order to generate the acceptable behavioral pattern data in a form which effectively defines an acceptable pattern of use (usage pattern) for the monitored system support provider components, thereby allowing detection of unauthorized use of a computing system by detecting any deviation from the acceptable pattern of use of the monitored system support provider components.
    Type: Application
    Filed: February 4, 2008
    Publication date: August 6, 2009
    Applicant: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Liang Xie, Xinwen Zhang, Jean-Pierre Seifert, Onur Aciicmez, Afshin Latifi