Patents by Inventor Yuan Xiang
Yuan Xiang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20170213027Abstract: There is described a method of protecting an item of software so as to obfuscate a condition which causes a variation in control flow through a portion of the item of software dependent on whether the condition is satisfied, wherein satisfaction of the condition is based on evaluation of one or more condition variables. The method comprises: (i) modifying the item of software such that the control flow through said portion is not dependent on whether the condition is satisfied; and (ii) inserting a plurality of identity transformations into expressions in said portion of the modified item of software, wherein the identity transformations are defined and inserted such that, in the absence of tampering, they maintain the results of the expressions if the condition is satisfied and such that they alter the results of the expressions if the condition is not satisfied, wherein each identity transformation is directly or indirectly dependent on at least one of the one or more condition variables.Type: ApplicationFiled: March 30, 2015Publication date: July 27, 2017Inventors: Yuan Xiang Gu, Harold Johnson
-
Patent number: 9698973Abstract: Systems and techniques for securing accessible computer-executable program code and systems are provided. One or more base functions may be generated and blended with existing program code, such that it may be difficult or impossible for a potential attacker to distinguish the base functions from the existing code. The systems and code also may be protected using a variety of other blending and protection techniques, such as fractures, variable dependent coding, dynamic data mangling, and cross-linking, which may be used individually or in combination, and/or may be blended with the base functions.Type: GrantFiled: March 28, 2013Date of Patent: July 4, 2017Assignee: IRDETO B.V.Inventors: Harold Johnson, Yuan Xiang Gu, Michael Wiener
-
Publication number: 20170147331Abstract: A method and system for renewing software at the component-level is provided. A client program includes a base component for loading a software component into at least one loadable region of the program to update the program. Code in the software component is for writing state data associating the state of the update in storage, upon execution of the software component, and testing the state data to verify condition of the updated program and disallowing rollback and roll-forward attacks, the state data comprising hash chain values. The state data for verifying the correctness of the updated program is entangled with application data used for the program functionality. A server includes: an update pool having a plurality of software updates deployed in each client, and a policy control for monitoring and controlling at least one of: the length of time the client runs until the software update is invoked, a chain of the updates; and the granularity of the update.Type: ApplicationFiled: February 7, 2017Publication date: May 25, 2017Applicant: IRDETO B.V.Inventors: Clifford LIEM, Hongrui DONG, Sam MARTIN, Yuan Xiang GU, Michael WIENER
-
Patent number: 9588756Abstract: A method and system for renewing software at the component-level is provided. A client program includes a base component for loading a software component into at least one loadable region of the program to update the program. Code in the software component is for writing state data associating the state of the update in storage, upon execution of the software component, and testing the state data to verify condition of the updated program and disallowing rollback and roll-forward attacks, the state data comprising hash chain values. The state data for verifying the correctness of the updated program is entangled with application data used for the program functionality. A server includes: an update pool having a plurality of software updates deployed in each client, and a policy control for monitoring and controlling at least one of: the length of time the client runs until the software update is invoked, a chain of the updates; and the granularity of the update.Type: GrantFiled: March 22, 2012Date of Patent: March 7, 2017Assignee: Irdeto B.V.Inventors: Clifford Liem, Hongrui Dong, Sam Martin, Yuan Xiang Gu, Michael Weiner
-
Publication number: 20170011216Abstract: Methods and nodes for securing execution of a web application by determining that a call dependency from a first to a second function needs to be protected, adding a Partial Execution Stub (PES) function comprising code to establish a communication connection with a trusted module. Methods and nodes for secured execution of a web application by invoking a function of the web application, invoking a Partial Execution Stub (PES) function during execution of the function of the web application, sending, from the PES function, a message call with current execution information to a trusted module and receiving, a verification result from the trusted module.Type: ApplicationFiled: September 20, 2016Publication date: January 12, 2017Inventors: Yuan Xiang Gu, Garney David Adams
-
Publication number: 20170010192Abstract: A method and a machine for drying blood smears and an automatic smearing device are provided. In the method, a dry gas is used as a drying medium to dry a blood film on a blood smear in drying the blood smear, thus reducing drying time and the number of blood smears which are dried together. The dry gas is obtained by: first, removing a liquid from a pressurized gas, second, filtering a vapor, and finally, decompressing the dried pressurized gas to be a non-pressurized gas having lower humidity. In addition, the dry gas is further heated for further reducing the humidity of the dry gas. In order to prevent cell distortion from occurring, the heated dry gas is caused to gently flow over the blood smear in a direction which the blood film is spread.Type: ApplicationFiled: September 20, 2016Publication date: January 12, 2017Inventors: Liang ZHANG, Xuerong LI, Yuan XIANG
-
Publication number: 20160335431Abstract: A method to secure a non-native application. The non-native application is processed to obtain an application stub to be triggered within a virtual machine. The processing of the non-native application also provide a native code function upon which the application stub depends. The non-native function is part of a trusted module that extends application security services from the trusted module to the virtual machine. The trusted module is a native code application that creates a trusted zone as a root of trustiness extending to the virtual machine by an execution-enabling mechanism between the application tab and the non-native function.Type: ApplicationFiled: July 28, 2016Publication date: November 17, 2016Inventors: Garney David Adams, Yuan Xiang Gu, Jack Jiequn Rong
-
Patent number: 9471776Abstract: Methods and nodes for securing execution of a web application by determining that a call dependency from a first to a second function needs to be protected, adding a Partial Execution Stub (PES) function comprising code to establish a communication connection with a trusted module. Methods and nodes for secured execution of a web application by invoking a function of the web application, invoking a Partial Execution Stub (PES) function during execution of the function of the web application, sending, from the PES function, a message call with current execution information to a trusted module and receiving, a verification result from the trusted module.Type: GrantFiled: March 30, 2012Date of Patent: October 18, 2016Assignee: Irdeto B.V.Inventors: Yuan Xiang Gu, Garney David Adams
-
Patent number: 9460281Abstract: A method to secure a non-native application. The non-native application is processed to obtain an application stub to be triggered within a virtual machine. The processing of the non-native application also provide a native code function upon which the application stub depends. The non-native function is part of a trusted module that extends security services from the trusted module to the virtual machine. The trusted module is a native code application that creates a trusted zone as a root of trustiness extending to the virtual machine by an execution-enabling mechanism between the application tab and the non-native function.Type: GrantFiled: March 31, 2011Date of Patent: October 4, 2016Assignee: Irdeto B.V.Inventors: Garney David Adams, Yuan Xiang Gu, Jack Jiequn Rong
-
Publication number: 20160239647Abstract: Methods and devices for thwarting code and control flow based attacks on software. The source code of a subject piece of software is automatically divided into basic blocks of logic. Selected basic blocks are amended so that their outputs are extended. Similarly, other basic blocks are amended such that their inputs are correspondingly extended. The amendments increase or create dependencies between basic blocks such that tampering with one basic block's code causes other basic blocks to malfunction when executed.Type: ApplicationFiled: January 12, 2016Publication date: August 18, 2016Inventors: Harold Joseph Johnson, Yuan Xiang Gu, Yongxin Zhou
-
Patent number: 9213826Abstract: A method and system that provides secure modules that can address Java platform weaknesses and protect Java bytecode during execution time. The secure modules are implemented in C/C++ as an example. Because implementation of the security modules is made in C/C++, this enables use of security technology that secures C/C++ software code.Type: GrantFiled: November 12, 2010Date of Patent: December 15, 2015Assignee: Irdeto B.V.Inventors: Yuan Xiang Gu, Garney Adams, Jack Rong
-
Publication number: 20150326389Abstract: Systems and techniques for securing accessible computer-executable program code and systems are provided. One or more base functions may be generated and blended with existing program code, such that it may be difficult or impossible for a potential attacker to distinguish the base functions from the existing code. The systems and code also may be protected using a variety of other blending and protection techniques, such as fractures, variable dependent coding, dynamic data mangling, and cross-linking, which may be used individually or in combination, and/or may be blended with the base functions.Type: ApplicationFiled: March 28, 2013Publication date: November 12, 2015Inventors: Harold Johnson, Yuan Xiang Gu, Michael Wiener
-
Patent number: 9141787Abstract: A system and method for transforming a software application comprising binary code and optionally associated data, from an original form to a more secure form. The method includes performing a combination of binary transmutations to the application, and interlocking the transmutations by generating and placing interdependencies between the transmutations, wherein a transmutation is an irreversible change to the application. Different types of the transmutations are applied at varied granularities of the application. The transmutations are applied to the application code and the implanted code as well. The result is a transformed software application which is semantically equivalent to the original software application but is resistant to static and/or dynamic attacks.Type: GrantFiled: May 6, 2010Date of Patent: September 22, 2015Assignee: Irdeto B.V.Inventors: Yuan Xiang Gu, Paul McRae, Bogdan Nicolescu, Valery Levitsky, Xijian Zhu, Hongrui Dong, Daniel Elie Murdock
-
Publication number: 20150213239Abstract: Methods and devices for thwarting code and control flow based attacks on software. The source code of a subject piece of software is automatically divided into basic blocks of logic. Selected basic blocks are amended so that their outputs are extended. Similarly, other basic blocks are amended such that their inputs are correspondingly extended. The amendments increase or create dependencies between basic blocks such that tampering with one basic block's code causes other basic blocks to malfunction when executed.Type: ApplicationFiled: April 8, 2015Publication date: July 30, 2015Inventors: Harold Joseph Johnson, Yuan Xiang Gu, Yongxin Zhou
-
Patent number: 9086227Abstract: A light collection system including a light concentrating device and a reflective curving-surface device is provided. The light concentrating device receives at least a portion of an incident light and forwardly emits the portion of the incident light after concentrating and passing it through a first focal region, so as to obtain a first-stage output light. The reflective curving-surface device has an entrance aperture for receiving the first-stage output light. The reflective curving-surface device includes a reflective inner curving surface, and at least a portion of the reflective inner curving surface has a second focal region. The first focal region and the second focal region are confocal or approximately confocal within a range. As a result, at least a portion of the first-stage output light is confocally converted into a forwardly emitted second-stage output light.Type: GrantFiled: January 22, 2009Date of Patent: July 21, 2015Assignee: Industrial Technology Research InstituteInventors: Liang-De Wang, Yuan-Xiang Zou, Li-Chi Pan, Pin Chang
-
Publication number: 20150161384Abstract: Methods and nodes for securing execution of a web application by determining that a call dependency from a first to a second function needs to be protected, adding a Partial Execution Stub (PES) function comprising code to establish a communication connection with a trusted module. Methods and nodes for secured execution of a web application by invoking a function of the web application, invoking a Partial Execution Stub (PES) function during execution of the function of the web application, sending, from the PES function, a message call with current execution information to a trusted module and receiving, a verification result from the trusted module.Type: ApplicationFiled: March 30, 2012Publication date: June 11, 2015Inventors: Yuan Xiang Gu, Garney David Adams
-
Publication number: 20150113518Abstract: A method and system for renewing software at the component-level is provided. A client program includes a base component for loading a software component into at least one loadable region of the program to update the program. Code in the software component is for writing state data associating the state of the update in storage, upon execution of the software component, and testing the state data to verify condition of the updated program and disallowing rollback and roll-forward attacks, the state data comprising hash chain values. The state data for verifying the correctness of the updated program is entangled with application data used for the program functionality. A server includes: an update pool having a plurality of software updates deployed in each client, and a policy control for monitoring and controlling at least one of: the length of time the client runs until the software update is invoked, a chain of the updates; and the granularity of the update.Type: ApplicationFiled: March 22, 2012Publication date: April 23, 2015Applicant: Irdeto Canada CorporationInventors: Clifford Liem, Hongrui Dong, Sam Martin, Yuan Xiang Gu, Michael Weiner
-
Publication number: 20150082425Abstract: Systems and techniques for securing accessible computer-executable program code and systems are provided. One or more base functions may be generated and blended with existing program code, such that it may be difficult or impossible for a potential attacker to distinguish the base functions from the existing code. The systems and code also may be protected using a variety of other blending and protection techniques, such as fractures, variable dependent coding, dynamic data mangling, and cross-linking, which may be used individually or in combination, and/or may be blended with the base functions.Type: ApplicationFiled: March 28, 2013Publication date: March 19, 2015Inventors: Harold Johnson, Yuan Xiang Gu, Michael Wiener, Yongxin Zhou
-
Publication number: 20150074803Abstract: Methods and devices for thwarting code and control flow based attacks on software. The source code of a subject piece of software is automatically divided into basic blocks of logic. Selected basic blocks are amended so that their outputs are extended. Similarly, other basic blocks are amended such that their inputs are correspondingly extended. The amendments increase or create dependencies between basic blocks such that tampering with one basic block's code causes other basic blocks to malfunction when executed.Type: ApplicationFiled: April 30, 2014Publication date: March 12, 2015Applicant: IRDETO CANADA CORPORTATIONInventors: Harold Joseph Johnson, Yuan Xiang Gu, Yongxin Zhou
-
Publication number: 20150067875Abstract: Systems and techniques for securing accessible computer-executable program code and systems are provided. One or more base functions may be generated and blended with existing program code, such that it may be difficult or impossible for a potential attacker to distinguish the base functions from the existing code. The systems and code also may be protected using a variety of other blending and protection techniques, such as fractures, variable dependent coding, dynamic data mangling, and cross-linking, which may be used individually or in combination, and/or may be blended with the base functions.Type: ApplicationFiled: March 28, 2013Publication date: March 5, 2015Applicant: IRDETO CANADA CORPORATIONInventors: Harold Johnson, Yuan Xiang Gu, Michael Wiener, Yongxin Zhou