Patents Issued in April 30, 2020
  • Publication number: 20200134168
    Abstract: A system and method are disclosed to improve password security assigned to a user, the method comprising: a method for performing enhanced security authentication, the method comprises: generating one-time password, by a security server, by filtering original password characters, wherein a security server provides a display on a hardware display screen, in which a plurality of keys are arranged and at least one selected from the arranged keys is used to filter original password characters; storing, by a memory unit, the original password and the one-time password generated; determining, by the security server, whether a user's password entered on the hardware display screen be accepted by comparing the entered password with the one-time password. The system comprises a storage module and a computer program for performing the method.
    Type: Application
    Filed: October 30, 2018
    Publication date: April 30, 2020
    Inventor: YOUNG MAN HWANG
  • Publication number: 20200134169
    Abstract: A method is used in managing passwords. A proposed new password is received. The proposed new password is associated with contextual information indicating a context in which the proposed password is to be used. A machine learning model is dynamically selected from a set of machine learning models based on the contextual information. A quality metric is derived from the proposed new password based on the selected machine learning model.
    Type: Application
    Filed: October 31, 2018
    Publication date: April 30, 2020
    Inventor: Naveen Sunkavally
  • Publication number: 20200134170
    Abstract: A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing for program code and hardware-protects it from alteration. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition.
    Type: Application
    Filed: May 15, 2019
    Publication date: April 30, 2020
    Inventors: Frank N. Newman, Dan Newman
  • Publication number: 20200134171
    Abstract: System and method for providing secure execution environments in a computer system uses an enclave virtual computing instance to create a secure execution environment, which is deployed in response to a request for such a secure execution environment for content from a software process running in the computer system.
    Type: Application
    Filed: October 31, 2018
    Publication date: April 30, 2020
    Inventors: Ye Li, David Ott, Andrei Warkentin, Cyprien Laplace, Alexander Fainkichen
  • Publication number: 20200134172
    Abstract: There is provided a method of patching a binary having vulnerability which is performed by a computing device. The method comprises loading a first binary to be patched, into a memory, generating a second binary by patching to call a stack frame initialization function from a vulnerable function of the first binary, executing the stack frame initialization function by calling the vulnerable function when the second binary is executed and initializing a stack frame area of the vulnerable function so as to automatically initialize a variable declared in the vulnerable function.
    Type: Application
    Filed: November 13, 2018
    Publication date: April 30, 2020
    Inventors: Hwan Kuk KIM, Tae Eun KIM, Dae Il JANG, Han Chul BAE, Jong Ki KIM, Soo Jin YOON, Jee Soo JURN, Geon Bae NA
  • Publication number: 20200134173
    Abstract: This disclosure relates to systems and methods generating and distributing protected software applications. In certain embodiments, integrity checking mechanisms may be implemented using integrity checking code in software code prior to compilation into machine code. Following compilation and execution of the application, the introduced code may check the integrity of the application by determining whether the application behaves and/or otherwise functions as expected. By introducing integrity checking in this manner, integrity checking techniques may be injected into the application prior to compilation into machine code and/or independent of the particular manner in which the application is compiled.
    Type: Application
    Filed: October 31, 2019
    Publication date: April 30, 2020
    Inventor: Marko CAKLOVIC
  • Publication number: 20200134174
    Abstract: Computer-implemented methods and systems are provided for the detection of software presence remotely through the web browser by detecting the presence of webinjects in a web browser that visits a detection webpage. The methods can include delivering a detection webpage to a web browser, in which the detection webpage has detection code configured to detect a presence of the webinject in the detection webpage; and inspecting, by the detection code, rendering of content of the detection webpage in the browser to detect webinject content in the detection webpage by the webinject, the webinject content including one or more Hypertext Markup Language (HTML) components. The method can further include, if webinject content is detected, generating a fingerprint for each of the one or more HTML components; transmitting the one or more fingerprints to an external server; and classifying, by the external server, the webinject based on the one or more fingerprints.
    Type: Application
    Filed: November 19, 2019
    Publication date: April 30, 2020
    Inventor: Tiago Bagulho Monteiro Pereira
  • Publication number: 20200134175
    Abstract: In some examples, a system constructs, based on event data representing a plurality of events in a system, a representation of the plurality of events, the representation including information relating the events, and computes issue indications corresponding to potential issues in the system. The system adds information based on the issue indications to the representation to form an enriched representation, and searches the enriched representation to find a chain of events representing an issue in the system.
    Type: Application
    Filed: October 25, 2018
    Publication date: April 30, 2020
    Inventors: Manish Marwah, Mijung Kim, Martin Arlitt
  • Publication number: 20200134176
    Abstract: A system for performing code security scan includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a plurality of identifiers each identifying a software security analysis tool of one of several categories, including SAST, DAST and OSA tools. The processor receives an identification of code to be scanned. The processor selects at least two identifiers from the plurality of identifiers. The at least two identifiers identify at least two select software security analysis tools for execution on the identified code. The processor receives an execution result from each select software security analysis tool after performing execution on the identified code. The processor aggregates the execution result from each select software security analysis tool. A user interface displays an aggregation of the execution result from each select software security analysis tool.
    Type: Application
    Filed: December 18, 2019
    Publication date: April 30, 2020
    Inventor: Adam James Youngberg
  • Publication number: 20200134177
    Abstract: Systems and methods for multi-tiered sandbox based network threat detection are provided. According to one embodiment, a file is received by a virtual sandbox appliance. The file is caused to exhibit a first set of behaviors by running the file within a virtualization application based environment of the virtual sandbox appliance. The virtualization application based environment acts as an intermediary between executable code, an operating system (OS) application programming interface (API), and an instruction set of a particular computer architecture. The file is further caused to exhibit a second set of behaviors by running the file within a container based environment of the virtual sandbox appliance. Differences, if any, between the first set of behaviors and the second set of behaviors are determined. Finally, the file is classified as malicious when the differences are greater than a predefined or configurable threshold.
    Type: Application
    Filed: December 30, 2019
    Publication date: April 30, 2020
    Applicant: Fortinet, Inc.
    Inventor: Michael F. Chalmandrier-Perna
  • Publication number: 20200134178
    Abstract: Techniques for efficient program deobfuscation through system application program interface (API) instrumentation are disclosed. In some embodiments, a system/process/computer program product for efficient program deobfuscation through system API instrumentation includes monitoring changes in memory after a system call event during execution of a malware sample in a computing environment; and generating a signature based on an analysis of the monitored changes in memory after the system call event during execution of the malware sample in the computing environment.
    Type: Application
    Filed: December 23, 2019
    Publication date: April 30, 2020
    Inventor: Robert Jung
  • Publication number: 20200134179
    Abstract: Various implementations disclosed herein provide a method for vulnerability detection using a crawler bank. In various implementations, the method includes accessing a plurality of network sources by a crawler bank. In some embodiments, the crawler bank includes a plurality of crawlers. Each crawler may be designated to specifically crawl at least one of the network sources. In some implementations, the method includes crawling each of the network sources to identify one or more featured content. In some implementations, the crawlers look to identify vulnerability reports on the network sources. In some implementations, crawlers look to identify vulnerability reports based on a predetermined set of rules. The predetermined set of rules may include a name of a product, a name of a vendor or manufacturer, a name and a version of a product, a product part number, etc. In some implementations, the method includes transmitting each of the identified featured content to the server.
    Type: Application
    Filed: October 26, 2018
    Publication date: April 30, 2020
    Inventors: Ketan Sateesh Nilangekar, Amol Narayan Godbole
  • Publication number: 20200134180
    Abstract: Embodiments are directed to enhanced protections against adversarial machine learning threats utilizing cryptography and hardware assisted monitoring in hardware accelerators. An embodiment of a system includes one or more processors including a trusted execution environment (TEE), the TEE including a machine learning (ML) service enclave, the ML service enclave including monitoring software; a hardware accelerator including a cryptographic engine and metering hardware, the hardware accelerator to perform processing related to an ML model and the metering hardware to generate statistics regarding data transfers; and an interface with one or more data owners, the ML service enclave to provide access control and data protection for ML data related to the ML model, including establishing secret encryption keys with the data owners and the hardware accelerator; and the monitoring software to analyze the statistics to identify suspicious patterns in the data transfers.
    Type: Application
    Filed: December 23, 2019
    Publication date: April 30, 2020
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Luis S. Kida, Pradeep M. Pappachan
  • Publication number: 20200134181
    Abstract: Techniques for monitoring based on a memory layout of an application are disclosed. A memory layout may be received, obtained, and/or generated from an application executing on a computer. Based on one or more attributes of a plurality of memory regions of the memory layout a memory layout fingerprint is generated. Additionally, memory region fingerprints are generated based on the one or more attributes for respective memory regions. The memory layout fingerprint and the memory region fingerprints are compared to respective previous memory layout fingerprints and the memory region fingerprints in order to determine whether malicious code and/or application drifting has occurred.
    Type: Application
    Filed: December 24, 2019
    Publication date: April 30, 2020
    Inventor: Shlomi Boutnaru
  • Publication number: 20200134182
    Abstract: Embodiments of the specification provide a method and an apparatus for updating shared data in a multi-core processor environment. The multi-processor environment comprises a multi-core processor. The multi-core processor comprises a plurality of separate processing units (referred to as cores, or core processing units (CPUs) in the specification); the multi-core processor is configured to process a multi-threaded task; the multi-threaded task has shared data to update. The method is executed by any CPU. The method may comprise: requesting, by a first CPU, for a lock to execute a critical section function on the shared data, wherein the lock provides permission to update the shared data, and the critical section function updates the shared data; and setting, by the first CPU if the lock is occupied by a second CPU, a memory index corresponding to the critical section function in a memory of the lock for the second CPU to execute the critical section function based on the memory index.
    Type: Application
    Filed: October 22, 2019
    Publication date: April 30, 2020
    Inventors: Ling MA, Changhua HE
  • Publication number: 20200134183
    Abstract: Embodiments are described for recovery, via a sideband management bus, of firmware of a device such as an FPGA (Field Programmable Gate Array) card installed within an IHS (Information Handling System). A remote access controller of the IHS generates a security key for the device and transmits it to the device. The remote access controller requests the device to report the current version of the firmware in use by the device. The response from the device is authenticated based on the security key. If the current firmware version reported by the device is consistent with the master firmware version, the device is halted and the current firmware of the device is replaced with the master firmware. The device is initialized based on the master firmware used to update the device firmware.
    Type: Application
    Filed: October 25, 2018
    Publication date: April 30, 2020
    Applicant: Dell Products, L.P.
    Inventors: Johan Rahardjo, Pavan Kumar Gavvala
  • Publication number: 20200134184
    Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and a device are provided. The device the package determination component 430 determines one or more packages distributed in firmware of a BMC. The device determines a respective update of each of the one or more packages. The device determines a first set of security vulnerabilities of the each package that is addressed by the respective update. The device further determines a second set of security vulnerabilities of the each package after the respective update is applied. The device generates a first file indicating the first set of security vulnerabilities and the second set of security vulnerabilities.
    Type: Application
    Filed: October 26, 2018
    Publication date: April 30, 2020
    Inventors: ANURAG BHATIA, Samvinesh Christopher, Winston Thangapandian
  • Publication number: 20200134185
    Abstract: In one or more embodiments, one or more systems, methods, and/or process may allow a customer to install and boot their own firmware securely, without compromising secure boot. A baseboard management controller (BMC) may include a BMC firmware stored via a BMC partition of a non-volatile storage, a customer firmware image including a customer firmware and a signed customer boot block (CBB) file including a CBB, a hidden root key (HRK) hash of the CBB based on a HRK, and a manufacturer signature. The BMC firmware may, when an alternate path to boot the CBB is detected, verify the manufacturer signature on the CBB and the HRK hash, verify the HRK hash based on the unique HRK, and when the manufacturer signature and the HRK hash have been verified, hardware lock the BMC partition, disable the HRK, and transfer control to the CBB.
    Type: Application
    Filed: October 26, 2018
    Publication date: April 30, 2020
    Inventors: Eugene David Cho, Michael Emery Brown, Marshal F. Savage
  • Publication number: 20200134186
    Abstract: Provided is an electronic control unit (ECU) security function setting system including an ECU and a tester connected to the ECU through a communication network. The tester includes a security function requester configured to request a security function loader to the ECU when the ECU is in a security function setting mode; an user authenticator configured to receive a user authentication request from the ECU and perform an user authentication; and a firmware transmitter configured to transmit stored security function firmware to the ECU when the user authentication is passed, and the ECU activates an instruction present in the received security function firmware and perform a security function setting.
    Type: Application
    Filed: December 27, 2019
    Publication date: April 30, 2020
    Applicant: FESCARO CO., LTD.
    Inventors: Seok Min HONG, Hyun Jeong LEE
  • Publication number: 20200134187
    Abstract: A method and system for improving memory storage and threat detection is provided. The method includes requesting and authorizing permission for executing analysis code for determining if a service device is in compliance with general data protection regulations. In response, executable code is uploaded to the database hardware controller and a first database and a second database is analyzed with respect to patterns associated with the general data protection regulations. Associated results code is generated and transmitted the service device. The results code is executed with respect to the first database and the second database resulting in a storage space increase in the first database and the second database thereby improving operational functions of the first database and the second database.
    Type: Application
    Filed: October 24, 2018
    Publication date: April 30, 2020
    Inventors: Krzysztof Rudek, Grzegorz P. Szczepanik, Lukasz Jakub Palus, Tomasz Hanusiak
  • Publication number: 20200134188
    Abstract: Mechanisms are provided for accessing security vulnerability issue information. The mechanisms monitor security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data, and generate one or more security analyst models corresponding to one or more security analysts by performing a machine learning operation on the analyst interaction log data. The mechanisms generate an analyst-issue model based on the one or more security vulnerability issue models and the one or more security analyst models, and generate an issue recommendation for a security analyst based on the analyst-issue model.
    Type: Application
    Filed: October 24, 2018
    Publication date: April 30, 2020
    Inventors: Ebrahim Bagheri, Mohammadreza Barouni Ebrahimi, Samaneh Bayat, Zeinab Noorian
  • Publication number: 20200134189
    Abstract: The present disclosure is directed to a novel system for using a distributed blockchain ledger to conduct, manage, and store application assessment data. In particular, computing systems may be used to perform assessments on the various applications within the enterprise environment and store the assessments as data records within the blockchain. The entity system may further comprise one or more blockchain interjectors which may trigger the addition of updated data records for one or more application assessments in the blockchain. In this way, the system provides for a highly efficient way to perform application assessments.
    Type: Application
    Filed: October 25, 2018
    Publication date: April 30, 2020
    Applicant: Bank of America Corporation
    Inventors: Lonnie Jason Carter, Cris Jay Gwin, Theresa Kruse Leahy
  • Publication number: 20200134190
    Abstract: A compliance of a system is managed. Internal parameters of the system are received. One or more compliance control documents that relate to the system are identified. Each compliance control document is decomposed into one or more auditable units. Auditable units that are relevant to the system, are identified. Relevant auditable units are mapped to a corresponding available executable code. Each mapped executable code is executed. A risk associated with each relevant auditable unit that is deemed to be not compliant is identified. For each compliance control document, a compliance risk is calculated based on the identified risk. A report of compliance risk for each document is created to be displayed on a user interface of a computing device.
    Type: Application
    Filed: October 27, 2018
    Publication date: April 30, 2020
    Inventors: Constantin Adam, Muhammed Fatih Bulut, Milton Hernandez, Anup Kalia, John Rofrano, Maja Vukovic
  • Publication number: 20200134191
    Abstract: Techniques for selectively initiating security scanning operations on remote devices are described. Embodiments determine to perform a security scanning operation on a remote device in a media processing environment. A signal chain within the media processing environment that includes the remote device is determined. Embodiments determine an operational status of the signal chain, based on a media processing schedule for the signal chain. Upon determining that the operational status indicates that the remote device is available for performance of the security scanning operation, performance of the security scanning operation on the remote device is initiated.
    Type: Application
    Filed: October 29, 2018
    Publication date: April 30, 2020
    Inventors: Michael J. STREIN, Craig L. BEARDSLEY, Efthimis STEFANIDIS, Vladislav FELDMAN
  • Publication number: 20200134192
    Abstract: A system, method, and computer-readable medium for a security vulnerability detection operation. The security vulnerability operation includes configuring a firmware security profiling environment with a trusted host and a trusted service processor; receiving a firmware update file via the trusted service processor; using the trusted service processor to identify a security vulnerability within the firmware update file; and, installing the firmware update file to the information handling system only when no security vulnerability is identified by the trusted service processor, the installing being performed by the trusted host.
    Type: Application
    Filed: October 31, 2018
    Publication date: April 30, 2020
    Applicant: Dell Products L.P.
    Inventors: Chitrak Gupta, Rama Rao Bisa, Elie A. Jreij, Sushma Basavarajaiah, Kala Sampathkumar, Mainak Roy
  • Publication number: 20200134193
    Abstract: A system for performing de-duplication of findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores normalized findings of application code performed by at least one software security analysis tool. Each normalized finding is identifiable by a fingerprint. The processor receives a first finding in a first vendor-provided format from a first software security analysis tool that performs a scan of application code. The processor receives a second finding in a second vendor-provided format from a second software security analysis tool. The processor normalizes the findings to a standardized taxonomy. The processor determines a first fingerprint and a second fingerprint that respectively identify the normalized first and second findings.
    Type: Application
    Filed: July 8, 2019
    Publication date: April 30, 2020
    Inventors: Adam Youngberg, Stephen Kent
  • Publication number: 20200134194
    Abstract: A system for validating software security analysis findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a source truth dataset including criteria for validating characteristics of findings. The processor receives a finding from a software security analysis tool that performs scan on application code. The processor identifies a characteristic from the finding. The processor selects a criterion from the non-transitory computer readable medium for validating the identified characteristic. The processor determines a validity score for the finding based on whether the selected criterion is met. The processor determines whether the finding is false positive by comparing the validity score to a predetermined validity threshold. If the finding is true positive, a graphical user interface displays the finding.
    Type: Application
    Filed: August 26, 2019
    Publication date: April 30, 2020
    Inventors: Adam Youngberg, David Filbey, Kishore Prabakaran Fernando
  • Publication number: 20200134195
    Abstract: A system for assessing software risks includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores category risk scores based on findings generated by software security analysis tools of different categories. The processor receives at least one first finding from a first category of software security analysis tools and at least one second finding from a second category of software security analysis tools. A first category risk score is computed based on the at least one first finding. A second category risk score is computed based on the at least one second finding. An overall risk score for application code is determined by computing a weighted average based on the first category risk score and the second category risk score. A graphical user interface displays the overall risk score.
    Type: Application
    Filed: October 4, 2019
    Publication date: April 30, 2020
    Inventors: Adam James Youngberg, David Filbey
  • Publication number: 20200134196
    Abstract: Methods and systems are disclosed for automatically assessing and mitigating operational risks associated with using a software component in a software application. As a part of a method, one or more software components of the software application is accessed and software component characteristic information is received about each of the one or more software components, responsive to the accessing. The software component characteristic information includes information about a characteristic of a software component that is related to an operational risk associated with using the software component in the software application. Responsive to receiving the software component characteristic information, and based on the software component characteristic information, operational risk assessment information is generated using one or more rules. The generated operational risk assessment information is outputted where at least one step of the method is performed by a processor.
    Type: Application
    Filed: December 20, 2019
    Publication date: April 30, 2020
    Inventors: Desmond M. Collins, Yohann Duchenay, James Flynn, Aidan Moore, Cian O'Mahony
  • Publication number: 20200134197
    Abstract: One example method includes receiving user input concerning a data protection policy for an entity, where the user input is in the form of written input and/or audio input, when the user input comprises audio input, translating the audio input into text, determining an intention of the user with respect to data protection for the entity by translating the text to common terms by interpreting terms of the text that have the same meaning as being similar words and applying context to the words, identifying a data protection policy that best corresponds to the intention of the user concerning data protection for the entity, and applying the data protection policy to the entity.
    Type: Application
    Filed: October 25, 2018
    Publication date: April 30, 2020
    Inventors: Yossef Saad, Assaf Natanzon
  • Publication number: 20200134198
    Abstract: A method for managing data includes identifying, in response to a storage request from a tenant system, a first data protection pool based on a data classification analysis and initiating storage of data associated with the storage request in a first storage system associated with the first data protection pool.
    Type: Application
    Filed: October 31, 2018
    Publication date: April 30, 2020
    Inventors: Anand Rudrabhatla, Peter Marelas
  • Publication number: 20200134199
    Abstract: Techniques are provided to allow full search for encrypted data within a database. In some embodiments, searchable data may be separated into different searchable tables in a database in such a way that encrypted data is stored as plaintext but has no usable link to other data within the source database. In some embodiments, performing a query on a particular user data may result in the retrieval of an encrypted identifier, which may then be decrypted via an encryption module. A second search based on the decrypted identifier may produce a set of relevant search results from a source table.
    Type: Application
    Filed: September 27, 2018
    Publication date: April 30, 2020
    Inventor: Adam Conway
  • Publication number: 20200134200
    Abstract: Methods and systems for performing a computational operation on a server host are provided. Exemplary methods include: receiving an encrypted service request from a client host, the client host encrypting a service request to produce the encrypted service request using a shared secret, the service request specifying the computational operation; decrypting, in a secure enclave, the encrypted service request using the shared secret to produce a decrypted service request, the secure enclave preventing other software running on the server host from accessing the shared secret and other data stored in a memory space; performing the computational operation, in the secure enclave, using the decrypted service request to generate a service result; encrypting, in the secure enclave, the service result using the shared secret to create an encrypted service result; and providing the encrypted service result to the client host, the client host decrypting the encrypted service result.
    Type: Application
    Filed: October 25, 2018
    Publication date: April 30, 2020
    Inventors: Ellison Anne Williams, Ryan Carr
  • Publication number: 20200134201
    Abstract: The method, computer system, and computer program product for using a key management server to protect visible content. The method, computer program product, and computer system may include a key management server which may receive, from an encryption device, an identification of one or more portions of clear information visible on a physical document. The key management server may receive, from the encryption device, one or more permission parameters. The permission parameters may include a time duration parameter, a location parameter, a start and end time parameter, or a device identification parameter. Further, the key management server may receive, from a decryption device, a request to access a portion of the clear information. The key management server may transmit, to the decryption device, information permitting access to the portion of clear information.
    Type: Application
    Filed: October 25, 2018
    Publication date: April 30, 2020
    Inventors: Rinkesh I. Bansal, Chintan Thaker, SANJAY B. PANCHAL, VINOD A. VALECHA
  • Publication number: 20200134202
    Abstract: A method of efficient rekey in a transparent decrypting storage array includes receiving an instruction to rekey data on a storage array, wherein the instruction identifies first encryption information and second encryption information. The method further includes decrypting, by a processing device of a storage array controller, the data using the first encryption information to generate decrypted data. The method further includes encrypting the decrypted data using the second encryption information to generate encrypted data.
    Type: Application
    Filed: October 26, 2018
    Publication date: April 30, 2020
    Inventors: Constantine P. Sapuntzakis, Kiron Vijayasankar, Yuval Frandzel
  • Publication number: 20200134203
    Abstract: A federated smart user identification (ID) having embedded tiered/hierarchical entitlements. The federated smart user ID comprises an encrypted key having multiple key strings that create sub-zones/barriers within the key. Each key string includes logical code and is attached/associated with at least one of (i) a computing system, service, application or the like, and (ii) an entitlement zone of the system, service, application or the like. Thus, the individual key strings define which systems, services, applications and the like the user has access to and the entitlements/authorizations within those systems, services, applications that the user has. In addition, key strings can dynamically be added to or deleted from the key to thereby change system/service access authorization and/or system/service-level entitlement.
    Type: Application
    Filed: October 30, 2018
    Publication date: April 30, 2020
    Applicant: BANK OF AMERICA CORPORATION
    Inventor: Manu Jacob Kurian
  • Publication number: 20200134204
    Abstract: A method for performing secure computations on records, comprising: receiving a request to apply an arithmetic computation on a record; assigning a respective partial record to each of a plurality of computational processes; instructing each of the computational processes sharing a computation scheme to perform the following: submitting the arithmetic computation to the computation scheme to assemble a processed partial record from the respective partial record components; instructing each of the plurality of computational processes to verify an integrity of at least one of the plurality of processed partial records by: broadcasting combined encryptions of one of the plurality of processed partial record components to all other of the plurality of computational processes and analyzing received combined encryptions to detect integrity in the other of the processed partial record components; and when the detected integrity is valid, calculating a response to the request by combining the received processed parti
    Type: Application
    Filed: October 31, 2018
    Publication date: April 30, 2020
    Applicants: NEC Corporation Of America, Bar-Ilan University
    Inventors: Jun FURUKAWA, Yehuda LINDELL
  • Publication number: 20200134205
    Abstract: A data processing apparatus and a data processing method thereof for an Internet of Things (IoT) system are provided. The data processing apparatus generates a plurality of diagnosis rule data, diagnoses each of the device data received from at least one IoT apparatus to generate a plurality of diagnosis log data, packages the device data, the diagnosis log data and the diagnosis rule data respectively based on a preset data amount to generate a plurality of device files, a plurality of diagnosis log files and a plurality of diagnosis rule files individually, stores each device file, each diagnosis log file and each diagnosis rule file in an interplanetary file system individually, and stores hash values of each device file, each diagnosis log file and each diagnosis rule file in a blockchain system individually.
    Type: Application
    Filed: November 26, 2018
    Publication date: April 30, 2020
    Inventors: Yu-Cheng HSIAO, Ying-Hsun LAI
  • Publication number: 20200134206
    Abstract: A method for creating a smart contract detailing an ordered set of events is disclosed. A smart contract can include information about multiple events and responses for each event. The events and response can be arranged in a predefined order. The responses can include adding new records to a blockchain.
    Type: Application
    Filed: June 13, 2018
    Publication date: April 30, 2020
    Inventors: Ajith Thekadath, Timothy P. Tidwell, Venkata Javaji, Mondo Jacobs
  • Publication number: 20200134207
    Abstract: Various approaches for implementing multi-tenant data protection are described. In an edge computing system deployment, a system includes memory and processing circuitry coupled to the memory. The processing circuitry is configured to obtain a workflow execution plan that includes workload metadata defining a plurality of workloads associated with a plurality of edge service instances executing respectively on one or more edge computing devices. The workload metadata is translated to obtain workload configuration information for the plurality of workloads. The workload configuration information identifies a plurality of memory access configurations and service authorizations identifying at least one edge service instance authorized to access one or more of the memory access configurations. The memory is partitioned into a plurality of shared memory regions using the memory access configurations.
    Type: Application
    Filed: December 20, 2019
    Publication date: April 30, 2020
    Inventors: Kshitij Arun Doshi, Ned M. Smith, Francesc Guim Bernat, Timothy Verrall
  • Publication number: 20200134208
    Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.
    Type: Application
    Filed: December 23, 2019
    Publication date: April 30, 2020
    Applicant: Intel Corporation
    Inventors: Pradeep M. Pappachan, Luis S. Kida, Reshma Lal
  • Publication number: 20200134209
    Abstract: Provided is a method for blockchain-based recordkeeping and implementable by a terminal device. The method comprises: obtaining target data; computing a data digest of the target data, and extracting a key segment from the target data; signing, in a secure operation environment included in the terminal device, the data digest and/or the key segment based on a private key associated with the terminal device to generate a signature; and submitting to a blockchain the data digest, the key segment, and the signature, for one or more nodes in the blockchain to verify the signature based on a public key corresponding to the private key, and to record the data digest and the key segment in the blockchain in response to the signature being verified to be valid.
    Type: Application
    Filed: October 30, 2019
    Publication date: April 30, 2020
    Inventors: Hong ZHANG, Haitao JIANG, Linqing WANG, Xinyu WENG, Fuqiang LI, Feng LIN, Jun WU, Xiaodong ZENG, Lei YANG
  • Publication number: 20200134210
    Abstract: A device for providing secure transmission of data between a transmitter and a receiver includes an interface circuit that includes a first input circuit arranged to receive data to be transmitted, the first input circuit comprising programmable logic for transforming said data to be transmitted, the programmable logic being built in the first input circuit by a first controller; a first output circuit arranged to receive the data transformed by the first input circuit, the first output circuit comprising programmable logic for retransforming said transformed data, the programmable logic being built by a second controller, and a first comparator arranged to compare said data retransformed by the first output circuit and the data to be transmitted, the programmable logic of the first input circuit being inverse and complementary to the programmable logic of the first output circuit. Also disclosed is a method implemented by the device described above.
    Type: Application
    Filed: September 21, 2017
    Publication date: April 30, 2020
    Inventors: Pierino VIDONI, Marta Dorothea ALTENKAMP
  • Publication number: 20200134211
    Abstract: Aspects of the technology described herein maintain the privacy of confidential information to be communicated to a user through a computing device. The technology keeps confidential information private by assessing the privacy context of the communication. The privacy context can be determined by determining a privacy level of the information to be communicated and the privacy level of the environment into which the information is to be communicated. The privacy context can be used to select an appropriate communication channel for the information. The privacy context can also be used to determine whether all available content is shared or just a portion of it.
    Type: Application
    Filed: October 25, 2018
    Publication date: April 30, 2020
    Inventors: Adi L. MILLER, Roni KARASSIK, Daniel AVIGDOR
  • Publication number: 20200134212
    Abstract: A device receives a first data item. The device stores the first data item in non-volatile memory. The device subsequently receives a second data item, where the second data item was previously generated from the first data item and a cryptographic key. The device performs a function such as, for example, an exclusive-or operation on the first data item and the second data item to generate the cryptographic key. The device uses the generated cryptographic key to encrypt data which may be transmitted over a wireless interface.
    Type: Application
    Filed: October 31, 2018
    Publication date: April 30, 2020
    Applicant: L3 Technologies, Inc.
    Inventors: Jerry Hutchison, Todd Ditzman
  • Publication number: 20200134213
    Abstract: Systems and methods are provided for determining an access request provided by an application that seeks to interact with one or more backend systems through a computing system. One or more predefined restrictions can be enforced on the application, the computing system, or the one or more backend systems.
    Type: Application
    Filed: September 27, 2019
    Publication date: April 30, 2020
    Inventors: James Ding, Gonçalo Silva Santos, Richard Helzberg, Thomas Playford
  • Publication number: 20200134214
    Abstract: A card includes a secure element hosting applications instances. An external interface receive, from an external card reader, an application selection command selecting one application instance from a set of one or more selectable application instances. A biometric interface is configured to acquire biometrics of a user via biometric sensor. A processor compares the acquired biometric data to reference biometric data stored in the card and set the selectable application instance set depending on the outcome of the biometric data comparison. An instance of a non-biometric application is provided in the set only in case of positive comparison. A non-biometric application is thus now biometric-secured. Personalized parameters configuring the instance of a same application may be determined based on the acquired biometrics, allowing configurations of the card to be proposed for several different users.
    Type: Application
    Filed: October 24, 2019
    Publication date: April 30, 2020
    Inventors: Yann-Loïc AUBIN, Simon VAQUIER
  • Publication number: 20200134215
    Abstract: Systems, apparatus and methods for managing an object's lifecycle in an object store. A distributed ledger is used to record transactions between a client and an object store. The distributed ledger records the transaction and also attests to the object authenticity. Thus, the transactions can be verified and may assist in resolving issues that arise with respect to the stored objects.
    Type: Application
    Filed: October 25, 2018
    Publication date: April 30, 2020
    Inventors: Assaf Natanzon, Jehuda Shemer, Kfir Wolfson
  • Publication number: 20200134216
    Abstract: Systems and methods are disclosed for updating shared databases using blockchain technology. Methods comprise receiving aircraft data from a first user among a plurality of users; validating the received aircraft data; storing the validated aircraft data to the shared database; receiving a request for data from a second user among the plurality of users; and providing the validated aircraft data to the second user from the shared database.
    Type: Application
    Filed: October 26, 2018
    Publication date: April 30, 2020
    Inventors: Sriram P. R, Norman J. BALCHUNAS, JR., Swetha BALASA, Pushpa Basavapura Veerabhadra REDDY
  • Publication number: 20200134217
    Abstract: A processing system may obtain an operations set associated with database sources of a database system from a client entity, the operations set including a statement, the statement including a query, identify data sets from the operations set, transmit, a request to a first owner to permit access to a first data set, and a request to a second owner to permit access to a second data set, and receive approvals from the first and second owners. The processing system may retrieve a first portion of data stored in the first data set and a second portion of data stored in the second data set in accordance with the approvals, execute the operations set in accordance with the first portion of data and the second portion of data to generate a result set, and provide the client entity access to the result set.
    Type: Application
    Filed: October 29, 2018
    Publication date: April 30, 2020
    Inventors: Andrew Vishnyakov, Dan Flynn