Patents by Inventor Jean-Pierre Seifert

Jean-Pierre Seifert has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8924987
    Abstract: In an integrated approach, an integrated application and operating system (IAOS) component integrates at least one computer application program with at least one operating system (OS) function. The IAOS component is an upper level system relative to a lower level system. The lower level system includes an OS operable to perform a reduced set of OS functions. The OS may be optimized for the IAOS component. For example, the OS may be optimized for Web-based and/or Browser-based applications of the IAOS component. In a flat approach, at least one component is an adjacent component in an upper level system, thereby allowing extension of the upper level system to accommodate various needs. An adjacent component can include at least one OS component and/or function not provided by the OS, serve as an interface to another layer and/or the OS, or provide Real-Time Operating System.
    Type: Grant
    Filed: September 14, 2009
    Date of Patent: December 30, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Victoria S. Coleman, Jean-Pierre Seifert, Doreen Cheng, Xinwen Zhang
  • Patent number: 8892482
    Abstract: Embodiments provide a method for maintaining digital assets of a user. The digital assets reside on at least one device and/or at least one cloud. The method further comprises aggregating the digital assets, and obtaining information identifying digital assets available for access by an access device. The digital assets available for access by the access device include a digital asset residing on a cloud or on a device other than the access device.
    Type: Grant
    Filed: June 6, 2013
    Date of Patent: November 18, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Doreen Cheng, Yu Song, Swaroop S. Kalasapur, Victoria Stavridou-Coleman, Jean-Pierre Seifert
  • Patent number: 8788841
    Abstract: Techniques for representation and verification of data are disclosed. The techniques are especially useful for representation and verification of the integrity of data (integrity verification) in safe computing environments and/or systems (e.g., Trusted Computing (TC) systems and/or environments). Multiple independent representative values can be determined independently and possibly in parallel for respective portions of the data. The independent representative values can, for example, be hash values determined at the same time for respective distinct portions of the data. The integrity of the data can be determined based on the multiple hash values by, for example, processing them to determine a single hash value that can serve as an integrity value.
    Type: Grant
    Filed: October 23, 2008
    Date of Patent: July 22, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Onur Aciicmez, Jean-Pierre Seifert, Xinwen Zhang, Afshin Latifi
  • Patent number: 8782801
    Abstract: Techniques for protecting content to ensure its use in a trusted environment are disclosed. A trusted security component provided for a device can verify the internal integrity of the stored content and the host before it allows the content to come in contact with the host. As a counter part, a trusted security component provided for the host can verify and attest to the integrity of the host and/or specific host computing environment that can be provided for the content stored in the device. The trusted security component provided for a device effectively verify the host integrity based on the information attested to by the trusted security component provided for the host. If the trusted security component trusts the host, it allows the trusted host to provide a trusted host computing environment trusted to be safe for the content stored in the device.
    Type: Grant
    Filed: August 15, 2007
    Date of Patent: July 15, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Xinwen Zhang, Onur Aciicmez, Jean-Pierre Seifert, Qingwei Ma
  • Patent number: 8752130
    Abstract: In one embodiment, a multi-stakeholder environment is controlled by first assigning a first domain to a first stakeholder and a second domain to a second stakeholder. Then a first access policy is defined for the first domain and access is restricted to the first domain for the second stakeholder according to the first access policy. In another embodiment, an access request is handled in a multi-stakeholder environment by first receiving parameters forwarded by hooks in system call functions in a kernel of the multi-stakeholder environment, wherein the parameters contain information about a first stakeholder requesting access to a domain corresponding to a second stakeholder. Then it is determined whether to allow the first stakeholder to access the domain based at least partially upon security settings corresponding to the domain.
    Type: Grant
    Filed: December 21, 2007
    Date of Patent: June 10, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Xinwen Zhang, Jean-Pierre Seifert, Wookhee Min, Onur Aciicmez
  • Patent number: 8631468
    Abstract: Techniques for controlling access are disclosed. The techniques can be used for reference monitoring in various computing systems (e.g., computing device) including those that may be relatively more susceptible to threats (e.g., mobile phones). Allowed access can be disallowed. In other words, permission to access a component can be effectively withdrawn even though access may be on-going. After permission to access a component has been allowed, one or more disallow access conditions or events can be effectively monitored in order to determine whether to withdraw the permission to access the component. As a result, allowed access to the component can be disallowed. Access can be disallowed by effectively considering the behavior of a component in the aggregate and/or over a determined amount of time. By way of example, a messaging application can be disallowed access to a communication port if the messaging application sends more messages than an acceptable limit during a session or in 4 hours.
    Type: Grant
    Filed: November 10, 2008
    Date of Patent: January 14, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Xinwen Zhang, Jean-Pierre Seifert, Onur Aciicmez, Afshin Latifi
  • Patent number: 8621551
    Abstract: Techniques for managing and protecting computing environments are disclosed. A safe computing environment can be provided for ensuring the safety and/or management of a device. The safe computing environment can be secured by a safe component that isolates and protects it from unsafe computing environments which may also be operating. As a result, various security and management activities can be securely performed from a safe computing environment. A safe computing environment can, for example, be provided on a device as a safe virtual computing environment (e.g., a safe virtual machine) protected by a safe virtual computing monitor (e.g., a safe virtual machine monitor) from one or more other virtual computing environments that are not known or not believed to be safe for the device. It will also be appreciated that the safe components can, for example, be provided as trusted components for a device.
    Type: Grant
    Filed: April 18, 2008
    Date of Patent: December 31, 2013
    Assignee: Samsung Electronics Company, Ltd.
    Inventors: Xinwen Zhang, Liang Xie, Jean-Pierre Seifert, Onur Aciicmez, Afshin Latifi
  • Patent number: 8595834
    Abstract: Techniques for detecting unauthorized use (e.g., malicious attacks) of the computing systems (e.g., computing devices) are disclosed. Unauthorized use can be detected based on patterns of use (e.g., behavioral patterns of use typically associated with a human being) of the computing systems. Acceptable behavioral pattern data can be generated for a computing system by monitoring the use of a support system (e.g., an operating system, a virtual environment) operating on the computing system. For example, a plurality of system support provider components of a support system (e.g., system calls, device drivers) can be monitored in order to generate the acceptable behavioral pattern data in a form which effectively defines an acceptable pattern of use (usage pattern) for the monitored system support provider components, thereby allowing detection of unauthorized use of a computing system by detecting any deviation from the acceptable pattern of use of the monitored system support provider components.
    Type: Grant
    Filed: February 4, 2008
    Date of Patent: November 26, 2013
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Liang Xie, Xinwen Zhang, Jean-Pierre Seifert, Onur Aciicmez, Afshin Latifi
  • Publication number: 20130275498
    Abstract: In a first embodiment of the present invention, a method for managing digital assets of a user over multiple home network-enabled devices, the method comprising: receiving information, from a plurality of home network-enabled personal devices, regarding digital assets accessed by the personal devices, wherein the plurality of personal devices are owned or operated by the user and the information is automatically gathered by each personal device tracking its own usage; storing the information; and providing, to one of the plurality of personal devices, identifications of digital assets accessed by the personal devices by accessing the stored information.
    Type: Application
    Filed: June 6, 2013
    Publication date: October 17, 2013
    Inventors: Doreen Cheng, Yu Song, Swaroop S. Kalasapur, Victoria Stavridou-Coleman, Jean-Pierre Seifert
  • Patent number: 8510805
    Abstract: Improved techniques for controlling access to accessible components of computing environments are disclosed. The techniques, among other things, can be used to provide Mandatory Access Control (MAC) mechanisms for mobile and embedded systems. One or more accessible components (e.g., accessible resources) which a component may attempt to access are determined so that one or more access permissions can be stored in a manner that they can be obtained if the component attempts to access the one or more accessible components, thereby allowing access to the one or more accessible components to be determined based on access permissions that are readily available. Generally, access permissions can be identified and stored in anticipation of need. Access permissions can be identified, for example, based on the likelihood of use, or all possible access permissions can be determined and stored. A safe (e.g.
    Type: Grant
    Filed: April 23, 2008
    Date of Patent: August 13, 2013
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Xinwen Zhang, Jean-Pierre Seifert, Onur Aciicmez, Afshin Latifi
  • Patent number: 8473429
    Abstract: In a first embodiment of the present invention, a method for managing digital assets of a user over multiple home network-enabled devices is provided. In this method, information is received from a plurality of home network-enabled personal devices within a user's personal cloud. The information includes usage information regarding the user's use of digital assets on those home network-enabled personal devices. Later, digital assets from the personal cloud, including assets located on non-personal devices outside a user's control (but still in the personal cloud) can be accessed using the gathered usage information.
    Type: Grant
    Filed: July 7, 2009
    Date of Patent: June 25, 2013
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Doreen Cheng, Yu Song, Swaroop S. Kalasapur, Victoria Stavridou-Coleman, Jean-Pierre Seifert
  • Patent number: 8453236
    Abstract: Methods, software/firmware and apparatus for implementing a tamper-aware virtual trusted platform module (TPM). Under the method, respective threads comprising a virtual TPM thread and a security-patrol threads are executed on a host processor. In one embodiment, the host processor is a multi-threaded processor having multiple logical processors, and the respective threads are executed on different logical processors. While the virtual TPM thread is used to perform various TPM functions, the security-patrol thread monitors for physical attacks on the processor by implementing various numerical calculation loops, wherein an erroneous calculation is indicative of a physical attack. In response to detection of such an attack, various actions can be taken in view of one or more predefined security policies, such as logging the event, shutting down the platform and/or informing a remote management entity.
    Type: Grant
    Filed: September 3, 2009
    Date of Patent: May 28, 2013
    Assignee: Intel Corporation
    Inventors: Jean-Pierre Seifert, Ryan R. Ware
  • Patent number: 8218772
    Abstract: In one embodiment, a method for establishing a secure multicast channel between a service provider and a terminal is provided. A request is received from the service provider for a configuration of the terminal. A configuration of the terminal at a first time is sent to the service provider. A security key is obtained, wherein the security is bound to the configuration of the terminal at the first time. Then the security key is decrypted using a configuration of the terminal at a second time, wherein the decryption fails if the configuration of the terminal at the second time is not identical to the configuration of the terminal at the first time. A secure multicast channel is then established with the service provider using the security key.
    Type: Grant
    Filed: June 30, 2008
    Date of Patent: July 10, 2012
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Onur Aciicmez, Xinwen Zhang, Jean-Pierre Seifert
  • Patent number: 8220029
    Abstract: A method and system for enforcing trusted computing (TC) policies in a security module architecture for a hypervisor. Upon receiving a request from a subject for access to an object, TC-related attribute values are obtained for the subject and the object based on a virtualized trusted platform module (vTPM). Access control decisions are the made based at least on the TC-related attribute values and TC-related policies.
    Type: Grant
    Filed: November 13, 2007
    Date of Patent: July 10, 2012
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Xinwen Zhang, Jean-Pierre Seifert
  • Patent number: 8201232
    Abstract: Improved techniques for obtaining authentication identifiers, authentication, and receiving services are disclosed. Multiple devices can be used for receiving service from a servicing entity (e.g., Service Providers). More particularly, a first device can be used to authenticate a first entity (e.g., one or more persons) for receiving services from the servicing entity, but the services can be received by a second device. Generally, the first device can be a device better suited, more preferred and/or more secure for authentication related activates including “Identity Management.” The second device can be generally more preferred for receiving and/or using the services. In addition, a device can be designated for authentication of an entity. The device releases an authentication identifier only if the entity has effectively authorized its release, thereby allowing “User Centric” approaches to “Identity Management.
    Type: Grant
    Filed: June 26, 2008
    Date of Patent: June 12, 2012
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Xinwen Zhang, Jean-Pierre Seifert, Onur Aciicmez
  • Patent number: 8136153
    Abstract: In an embodiment of the present invention, the ability for a user or process to set or modify affinities is restricted in order to method for control a multi-processor environment. This may be accomplished by using a reference monitor that controls a process' capability to retrieve and set its or another process' affinity. This aids in the prevention of security breaches.
    Type: Grant
    Filed: November 8, 2007
    Date of Patent: March 13, 2012
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Xinwen Zhang, Jean-Pierre Seifert, Onur Aciicmez, Qingwei Ma
  • Patent number: 8112634
    Abstract: Methods and devices for increasing or hardening the security of data stored in a storage device, such as a hard disk drive, are described. A storage device provides for increased or hardened security of data stored in hidden and non-hidden partitions of a storage medium in the device. An algorithm may be utilized for deriving a key that is used to encrypt or decrypt text before it is read from or written to the hard disk. The algorithm accepts as input a specific media location factor, such as an end address or start address of the block where the text is being read from or written to, and a secret key of the storage component. The output of the algorithm is a final key that may be used in the encryption and decryption process. Thus, in this manner, the final key is dependent on the location of the block where the data is being written or read, thereby making it more difficult to tamper with the data, which may be stored in a hidden or non-hidden partition of a hard disk.
    Type: Grant
    Filed: June 4, 2008
    Date of Patent: February 7, 2012
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Onur Aciicmez, Xinwen Zhang, Jean-Pierre Seifert
  • Patent number: 8108519
    Abstract: Techniques for Inter-Process Communication (IPC) in a more secure manner are disclosed. A communication component operating outside of an operating system can obtain operating-system data pertaining to processes that also operate outside of the operating system. The operating-system data can be more reliable than information that may have been provided by the processes, thereby allowing more secure IPC and consequently a more secure computing environment and/or system. A communication component can also be operable to make control decisions regarding the IPC data (e.g., IPC messages) based on the information provided and/or originated by the operating system (or operating-system data) and/or effectively provide the operating-system data pertaining to a sender process to its intended recipient process. A recipient process can also be operable to obtain the operating-system data pertaining to a sender process.
    Type: Grant
    Filed: February 2, 2009
    Date of Patent: January 31, 2012
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Xinwen Zhang, Wenjuan Xu, Onur Aciicmez, Jean-Pierre Seifert
  • Patent number: 8055848
    Abstract: A method and system is provided for securing micro-architectural instruction caches (I-caches). Securing an I-cache involves maintaining a different substantially random instruction mapping policy into an I-cache for each of multiple processes, and for each process, performing a substantially random mapping scheme for mapping a process instruction into the I-cache based on the substantially random instruction mapping policy for said process. Securing the I-cache may further involve dynamically partitioning the I-cache into multiple logical partitions, and sharing access to the I-cache by an I-cache mapping policy that provides access to each I-cache partition by only one logical processor.
    Type: Grant
    Filed: July 31, 2008
    Date of Patent: November 8, 2011
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Onur Aciicmez, Jean-Pierre Seifert, Qingwei Ma, Xinwen Zhang
  • Patent number: 8051459
    Abstract: A Security Enhanced Linux (SELinux) system implementing extended policy models and method for their enforcement, is provided. Extended attributes are defined to specify extended policies. The SELinux policy model is extended to include the extended policies. The extended policies are enforced in addition to SELinux Type Enforcement. In one implementation, defining extended attributes involves defining TC-related attributes to specify TC-related policies. Further, extending the SELinux policy model includes extending the SELinux policy model to include the TC-related policies, in addition to SELinux Type Enforcement. Furthermore, enforcing the extended policies includes enforcing the TC-related policies in addition to SELinux Type Enforcement.
    Type: Grant
    Filed: December 14, 2007
    Date of Patent: November 1, 2011
    Assignee: Samsung Electronics Co. Ltd.
    Inventors: Xinwen Zhang, Jean-Pierre Seifert, Masoom Alam