Patents by Inventor Lior Malka

Lior Malka has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10310874
    Abstract: Embodiments are provided for formal objects and executors. In one embodiment, a formal object serialization allows retrieving the object value using a Get method, writing the object value using a Write method, and reading the object value using a Read method. In one embodiment, a formal object validation uses a validator to validate assignments to the object value. Formal validation and serialization may be combined. In one embodiment, a formal executor is guaranteed to be closed regardless of whether an error has occurred or not.
    Type: Grant
    Filed: June 18, 2016
    Date of Patent: June 4, 2019
    Inventor: Lior Malka
  • Publication number: 20180232541
    Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to determine whether a target address of a register for an execution instruction is valid or invalid based on a comparison between the target address and one or more valid target addresses stored in a storage, increase a number of invalid target addresses if the target address is invalid, and determine whether the number of invalid target addresses is greater than an invalid target address threshold. Various embodiments may also include initiating a security measure to prevent a security breach if the number of invalid target addresses is greater than the invalid target address threshold or executing the execution instruction if the number of invalid target addresses is less than or equal to the invalid target address threshold.
    Type: Application
    Filed: April 9, 2018
    Publication date: August 16, 2018
    Applicant: INTEL CORPORATION
    Inventors: KOICHI YAMADA, PALANIVELRAJAN SHANMUGAVELAYUTHAM, LIOR MALKA, ASHISH BIJLANI
  • Patent number: 9940484
    Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to determine whether a target address of a register for an execution instruction is valid or invalid based on a comparison between the target address and one or more valid target addresses stored in a storage, increase a number of invalid target addresses if the target address is invalid, and determine whether the number of invalid target addresses is greater than an invalid target address threshold. Various embodiments may also include initiating a security measure to prevent a security breach if the number of invalid target addresses is greater than the invalid target address threshold or executing the execution instruction if the number of invalid target addresses is less than or equal to the invalid target address threshold.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: April 10, 2018
    Assignee: INTEL CORPORATION
    Inventors: Koichi Yamada, Palanivelrajan Shanmugavelayutham, Lior Malka, Ashish Bijlani
  • Publication number: 20170366528
    Abstract: Embodiments are provided for establishing secondary secure channels in any network, including networks that enforce a single channel per neighbor policy. In one embodiment, requests to open a new channel are handled only in a listen mode and identifiers are used to authenticate the first and second secure channels. The channels provide secure communication. In one embodiment, a second channel is provisioned using the primary secure channel. In one embodiment, a method of storing data for provisioning secondary secure channels is provided.
    Type: Application
    Filed: June 18, 2016
    Publication date: December 21, 2017
    Inventor: Lior Malka
  • Publication number: 20170366514
    Abstract: Obfuscation transforms original code into an obfuscated code that is less intelligible, but behaves like the original. In one embodiment, a data sequence describing an obfuscator is processed by a reader who outputs an obfuscator. The data sequence may be stored or transmitted and the obfuscator may be used for code obfuscation. In one embodiment, additional readers are used to create objects associated with the obfuscated code. In one embodiment, a generator produces encrypted files and obfuscated code that can decrypt and encrypt the files.
    Type: Application
    Filed: June 17, 2016
    Publication date: December 21, 2017
    Inventor: Lior Malka
  • Publication number: 20170366406
    Abstract: Embodiments are provided for sealed network servers. A sealed network does not require administrators and may run on hardware and software that has been stripped of privileged capabilities. In one embodiment, a server is added using a root. A root is the first instance of a sealed network. All roots verify that the server identifier is unique, and if so, then a node generates the server using an obfuscator. Any obfuscator may be used. In one embodiment, an application is added to a server in a sealed network. In one embodiment, a method of finding a public application in a sealed network is described.
    Type: Application
    Filed: June 18, 2016
    Publication date: December 21, 2017
    Inventor: Lior Malka
  • Publication number: 20170364335
    Abstract: Embodiments are provided for formal objects and executors. In one embodiment, a formal object serialization allows retrieving the object value using a Get method, writing the object value using a Write method, and reading the object value using a Read method. In one embodiment, a formal object validation uses a validator to validate assignments to the object value. Formal validation and serialization may be combined. In one embodiment, a formal executor is guaranteed to be closed regardless of whether an error has occurred or not.
    Type: Application
    Filed: June 18, 2016
    Publication date: December 21, 2017
    Inventor: Lior Malka
  • Publication number: 20170366545
    Abstract: Embodiments are provided for external applications in a sealed network. A sealed network does not require administrators and may run on hardware and software that has been stripped of privileged capabilities. External applications connect to the sealed network from devices outside of the network. In one embodiment, an obfuscator generates an external application associated with a user. In one embodiment, an indirect external application provides an application programming interface. In one embodiment, an external party delegates a function to a sealed network.
    Type: Application
    Filed: June 18, 2016
    Publication date: December 21, 2017
    Inventor: Lior Malka
  • Publication number: 20170365193
    Abstract: Secure communication provides data confidentiality, data integrity, and authentication. In one embodiment, encryption and signatures are used to construct a signcryption, which provides confidentiality and integrity. In one embodiment, an identifier and the output of a cryptographic function applied to a token are used to establish a secure channel. In one embodiment, a secure channel is mutated into a new secure channel using a renew message and a construct containing elements for establishing a secure channel.
    Type: Application
    Filed: June 18, 2016
    Publication date: December 21, 2017
    Inventor: Lior Malka
  • Publication number: 20170365191
    Abstract: Cryptography provides a wide variety of functions. For example, encryption provides data confidentiality and signatures provide data integrity. In one embodiment, a plurality of encryption functions is iteratively applied to produce a ciphertext. In one embodiment, a data sequence describing a cryptographic function is processed by a reader who outputs the cryptographic function. The data sequence may be stored or transmitted and the cryptographic function may be used for cryptographic purposes. In another embodiment, a generator produces random cryptographic functions.
    Type: Application
    Filed: June 17, 2016
    Publication date: December 21, 2017
    Inventor: Lior Malka
  • Publication number: 20170366509
    Abstract: Networks primitives are provided for establishing and maintaining channels and secure channels. In one embodiment, requests to open a new channel are handled only in a listen mode and, after authentication, the channel provides secure communication. In one embodiment, a secure channel is initialized and fixed if broken so that a plurality of threads may share it. In one embodiment, a no listen mode is applied if the number of new channels handled per time period is more than a threshold.
    Type: Application
    Filed: June 17, 2016
    Publication date: December 21, 2017
    Inventor: Lior Malka
  • Publication number: 20170364687
    Abstract: Embodiments are provided for initializing a sealed network. A sealed network does not require administrators and may run on hardware and software that has been stripped of privileged capabilities. In one embodiment, an obfuscator generates a root, which is the first instance of a sealed network, and the root presents a control panel allowing an authorized operator to further guide the network. In one embodiment, a new instance is added to a sealed network via the control panel. In one embodiment, a unique identifier is found in a network.
    Type: Application
    Filed: June 18, 2016
    Publication date: December 21, 2017
    Inventor: Lior Malka
  • Publication number: 20170357815
    Abstract: Obfuscation transforms original code into an obfuscated code that is less intelligible, but behaves like the original. In one embodiment, a code representation obtained by applying a code template to input data is given to a code host that selects a location for the code representation and returns a reference. The reference can be used to replace the data and thus may be used for code obfuscation. The original code may not be required or modified. In another embodiment, a method is described that receives requests, either from a human or a device, and provides unique executable obfuscated instances along with unique data files.
    Type: Application
    Filed: June 10, 2016
    Publication date: December 14, 2017
    Inventor: Lior Malka
  • Patent number: 9405937
    Abstract: A processor and method are described for managing different privilege levels associated with different types of program code, including binary translation program code. For example, one embodiment of a method comprises entering into one of a plurality of privilege modes responsive to detecting the execution of a corresponding one of a plurality of different types of program code including native executable program code, translated executable program code, and binary translation program code. In one embodiment, the binary translation program code includes sub-components each of which are associated with a different privilege level for improved security.
    Type: Grant
    Filed: June 28, 2013
    Date of Patent: August 2, 2016
    Assignee: INTEL CORPORATION
    Inventors: Lior Malka, Koichi Yamada, Palanivelrajan Shanmugavelayutham, Barry E. Huntley, Scott D. Rodgers, James D. Beaney, Jr.
  • Publication number: 20160180115
    Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to determine whether a target address of a register for an execution instruction is valid or invalid based on a comparison between the target address and one or more valid target addresses stored in a storage, increase a number of invalid target addresses if the target address is invalid, and determine whether the number of invalid target addresses is greater than an invalid target address threshold. Various embodiments may also include initiating a security measure to prevent a security breach if the number of invalid target addresses is greater than the invalid target address threshold or executing the execution instruction if the number of invalid target addresses is less than or equal to the invalid target address threshold.
    Type: Application
    Filed: December 23, 2014
    Publication date: June 23, 2016
    Applicant: INTEL CORPORATION
    Inventors: KOICHI YAMADA, PALANIVELRAJAN SHANMUGAVELAYUTHAM, LIOR MALKA, ASHISH BIJLANI
  • Publication number: 20150007304
    Abstract: A processor and method are described for managing different privilege levels associated with different types of program code, including binary translation program code. For example, one embodiment of a method comprises entering into one of a plurality of privilege modes responsive to detecting the execution of a corresponding one of a plurality of different types of program code including native executable program code, translated executable program code, and binary translation program code. In one embodiment, the binary translation program code includes sub-components each of which are associated with a different privilege level for improved security.
    Type: Application
    Filed: June 28, 2013
    Publication date: January 1, 2015
    Inventors: Lior Malka, Koichi Yamada, Palanivelrajan Shanmugavelayutham, Barry E. Huntley, Scott D. Rodgers, James D. Beaney, JR.