Patents Issued in April 30, 2020
-
Publication number: 20200134168Abstract: A system and method are disclosed to improve password security assigned to a user, the method comprising: a method for performing enhanced security authentication, the method comprises: generating one-time password, by a security server, by filtering original password characters, wherein a security server provides a display on a hardware display screen, in which a plurality of keys are arranged and at least one selected from the arranged keys is used to filter original password characters; storing, by a memory unit, the original password and the one-time password generated; determining, by the security server, whether a user's password entered on the hardware display screen be accepted by comparing the entered password with the one-time password. The system comprises a storage module and a computer program for performing the method.Type: ApplicationFiled: October 30, 2018Publication date: April 30, 2020Inventor: YOUNG MAN HWANG
-
Publication number: 20200134169Abstract: A method is used in managing passwords. A proposed new password is received. The proposed new password is associated with contextual information indicating a context in which the proposed password is to be used. A machine learning model is dynamically selected from a set of machine learning models based on the contextual information. A quality metric is derived from the proposed new password based on the selected machine learning model.Type: ApplicationFiled: October 31, 2018Publication date: April 30, 2020Inventor: Naveen Sunkavally
-
Publication number: 20200134170Abstract: A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing for program code and hardware-protects it from alteration. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition.Type: ApplicationFiled: May 15, 2019Publication date: April 30, 2020Inventors: Frank N. Newman, Dan Newman
-
Publication number: 20200134171Abstract: System and method for providing secure execution environments in a computer system uses an enclave virtual computing instance to create a secure execution environment, which is deployed in response to a request for such a secure execution environment for content from a software process running in the computer system.Type: ApplicationFiled: October 31, 2018Publication date: April 30, 2020Inventors: Ye Li, David Ott, Andrei Warkentin, Cyprien Laplace, Alexander Fainkichen
-
Publication number: 20200134172Abstract: There is provided a method of patching a binary having vulnerability which is performed by a computing device. The method comprises loading a first binary to be patched, into a memory, generating a second binary by patching to call a stack frame initialization function from a vulnerable function of the first binary, executing the stack frame initialization function by calling the vulnerable function when the second binary is executed and initializing a stack frame area of the vulnerable function so as to automatically initialize a variable declared in the vulnerable function.Type: ApplicationFiled: November 13, 2018Publication date: April 30, 2020Inventors: Hwan Kuk KIM, Tae Eun KIM, Dae Il JANG, Han Chul BAE, Jong Ki KIM, Soo Jin YOON, Jee Soo JURN, Geon Bae NA
-
Publication number: 20200134173Abstract: This disclosure relates to systems and methods generating and distributing protected software applications. In certain embodiments, integrity checking mechanisms may be implemented using integrity checking code in software code prior to compilation into machine code. Following compilation and execution of the application, the introduced code may check the integrity of the application by determining whether the application behaves and/or otherwise functions as expected. By introducing integrity checking in this manner, integrity checking techniques may be injected into the application prior to compilation into machine code and/or independent of the particular manner in which the application is compiled.Type: ApplicationFiled: October 31, 2019Publication date: April 30, 2020Inventor: Marko CAKLOVIC
-
Publication number: 20200134174Abstract: Computer-implemented methods and systems are provided for the detection of software presence remotely through the web browser by detecting the presence of webinjects in a web browser that visits a detection webpage. The methods can include delivering a detection webpage to a web browser, in which the detection webpage has detection code configured to detect a presence of the webinject in the detection webpage; and inspecting, by the detection code, rendering of content of the detection webpage in the browser to detect webinject content in the detection webpage by the webinject, the webinject content including one or more Hypertext Markup Language (HTML) components. The method can further include, if webinject content is detected, generating a fingerprint for each of the one or more HTML components; transmitting the one or more fingerprints to an external server; and classifying, by the external server, the webinject based on the one or more fingerprints.Type: ApplicationFiled: November 19, 2019Publication date: April 30, 2020Inventor: Tiago Bagulho Monteiro Pereira
-
Publication number: 20200134175Abstract: In some examples, a system constructs, based on event data representing a plurality of events in a system, a representation of the plurality of events, the representation including information relating the events, and computes issue indications corresponding to potential issues in the system. The system adds information based on the issue indications to the representation to form an enriched representation, and searches the enriched representation to find a chain of events representing an issue in the system.Type: ApplicationFiled: October 25, 2018Publication date: April 30, 2020Inventors: Manish Marwah, Mijung Kim, Martin Arlitt
-
Publication number: 20200134176Abstract: A system for performing code security scan includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a plurality of identifiers each identifying a software security analysis tool of one of several categories, including SAST, DAST and OSA tools. The processor receives an identification of code to be scanned. The processor selects at least two identifiers from the plurality of identifiers. The at least two identifiers identify at least two select software security analysis tools for execution on the identified code. The processor receives an execution result from each select software security analysis tool after performing execution on the identified code. The processor aggregates the execution result from each select software security analysis tool. A user interface displays an aggregation of the execution result from each select software security analysis tool.Type: ApplicationFiled: December 18, 2019Publication date: April 30, 2020Inventor: Adam James Youngberg
-
Publication number: 20200134177Abstract: Systems and methods for multi-tiered sandbox based network threat detection are provided. According to one embodiment, a file is received by a virtual sandbox appliance. The file is caused to exhibit a first set of behaviors by running the file within a virtualization application based environment of the virtual sandbox appliance. The virtualization application based environment acts as an intermediary between executable code, an operating system (OS) application programming interface (API), and an instruction set of a particular computer architecture. The file is further caused to exhibit a second set of behaviors by running the file within a container based environment of the virtual sandbox appliance. Differences, if any, between the first set of behaviors and the second set of behaviors are determined. Finally, the file is classified as malicious when the differences are greater than a predefined or configurable threshold.Type: ApplicationFiled: December 30, 2019Publication date: April 30, 2020Applicant: Fortinet, Inc.Inventor: Michael F. Chalmandrier-Perna
-
Publication number: 20200134178Abstract: Techniques for efficient program deobfuscation through system application program interface (API) instrumentation are disclosed. In some embodiments, a system/process/computer program product for efficient program deobfuscation through system API instrumentation includes monitoring changes in memory after a system call event during execution of a malware sample in a computing environment; and generating a signature based on an analysis of the monitored changes in memory after the system call event during execution of the malware sample in the computing environment.Type: ApplicationFiled: December 23, 2019Publication date: April 30, 2020Inventor: Robert Jung
-
Publication number: 20200134179Abstract: Various implementations disclosed herein provide a method for vulnerability detection using a crawler bank. In various implementations, the method includes accessing a plurality of network sources by a crawler bank. In some embodiments, the crawler bank includes a plurality of crawlers. Each crawler may be designated to specifically crawl at least one of the network sources. In some implementations, the method includes crawling each of the network sources to identify one or more featured content. In some implementations, the crawlers look to identify vulnerability reports on the network sources. In some implementations, crawlers look to identify vulnerability reports based on a predetermined set of rules. The predetermined set of rules may include a name of a product, a name of a vendor or manufacturer, a name and a version of a product, a product part number, etc. In some implementations, the method includes transmitting each of the identified featured content to the server.Type: ApplicationFiled: October 26, 2018Publication date: April 30, 2020Inventors: Ketan Sateesh Nilangekar, Amol Narayan Godbole
-
Publication number: 20200134180Abstract: Embodiments are directed to enhanced protections against adversarial machine learning threats utilizing cryptography and hardware assisted monitoring in hardware accelerators. An embodiment of a system includes one or more processors including a trusted execution environment (TEE), the TEE including a machine learning (ML) service enclave, the ML service enclave including monitoring software; a hardware accelerator including a cryptographic engine and metering hardware, the hardware accelerator to perform processing related to an ML model and the metering hardware to generate statistics regarding data transfers; and an interface with one or more data owners, the ML service enclave to provide access control and data protection for ML data related to the ML model, including establishing secret encryption keys with the data owners and the hardware accelerator; and the monitoring software to analyze the statistics to identify suspicious patterns in the data transfers.Type: ApplicationFiled: December 23, 2019Publication date: April 30, 2020Applicant: Intel CorporationInventors: Reshma Lal, Luis S. Kida, Pradeep M. Pappachan
-
Publication number: 20200134181Abstract: Techniques for monitoring based on a memory layout of an application are disclosed. A memory layout may be received, obtained, and/or generated from an application executing on a computer. Based on one or more attributes of a plurality of memory regions of the memory layout a memory layout fingerprint is generated. Additionally, memory region fingerprints are generated based on the one or more attributes for respective memory regions. The memory layout fingerprint and the memory region fingerprints are compared to respective previous memory layout fingerprints and the memory region fingerprints in order to determine whether malicious code and/or application drifting has occurred.Type: ApplicationFiled: December 24, 2019Publication date: April 30, 2020Inventor: Shlomi Boutnaru
-
Publication number: 20200134182Abstract: Embodiments of the specification provide a method and an apparatus for updating shared data in a multi-core processor environment. The multi-processor environment comprises a multi-core processor. The multi-core processor comprises a plurality of separate processing units (referred to as cores, or core processing units (CPUs) in the specification); the multi-core processor is configured to process a multi-threaded task; the multi-threaded task has shared data to update. The method is executed by any CPU. The method may comprise: requesting, by a first CPU, for a lock to execute a critical section function on the shared data, wherein the lock provides permission to update the shared data, and the critical section function updates the shared data; and setting, by the first CPU if the lock is occupied by a second CPU, a memory index corresponding to the critical section function in a memory of the lock for the second CPU to execute the critical section function based on the memory index.Type: ApplicationFiled: October 22, 2019Publication date: April 30, 2020Inventors: Ling MA, Changhua HE
-
Publication number: 20200134183Abstract: Embodiments are described for recovery, via a sideband management bus, of firmware of a device such as an FPGA (Field Programmable Gate Array) card installed within an IHS (Information Handling System). A remote access controller of the IHS generates a security key for the device and transmits it to the device. The remote access controller requests the device to report the current version of the firmware in use by the device. The response from the device is authenticated based on the security key. If the current firmware version reported by the device is consistent with the master firmware version, the device is halted and the current firmware of the device is replaced with the master firmware. The device is initialized based on the master firmware used to update the device firmware.Type: ApplicationFiled: October 25, 2018Publication date: April 30, 2020Applicant: Dell Products, L.P.Inventors: Johan Rahardjo, Pavan Kumar Gavvala
-
Publication number: 20200134184Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and a device are provided. The device the package determination component 430 determines one or more packages distributed in firmware of a BMC. The device determines a respective update of each of the one or more packages. The device determines a first set of security vulnerabilities of the each package that is addressed by the respective update. The device further determines a second set of security vulnerabilities of the each package after the respective update is applied. The device generates a first file indicating the first set of security vulnerabilities and the second set of security vulnerabilities.Type: ApplicationFiled: October 26, 2018Publication date: April 30, 2020Inventors: ANURAG BHATIA, Samvinesh Christopher, Winston Thangapandian
-
Publication number: 20200134185Abstract: In one or more embodiments, one or more systems, methods, and/or process may allow a customer to install and boot their own firmware securely, without compromising secure boot. A baseboard management controller (BMC) may include a BMC firmware stored via a BMC partition of a non-volatile storage, a customer firmware image including a customer firmware and a signed customer boot block (CBB) file including a CBB, a hidden root key (HRK) hash of the CBB based on a HRK, and a manufacturer signature. The BMC firmware may, when an alternate path to boot the CBB is detected, verify the manufacturer signature on the CBB and the HRK hash, verify the HRK hash based on the unique HRK, and when the manufacturer signature and the HRK hash have been verified, hardware lock the BMC partition, disable the HRK, and transfer control to the CBB.Type: ApplicationFiled: October 26, 2018Publication date: April 30, 2020Inventors: Eugene David Cho, Michael Emery Brown, Marshal F. Savage
-
Publication number: 20200134186Abstract: Provided is an electronic control unit (ECU) security function setting system including an ECU and a tester connected to the ECU through a communication network. The tester includes a security function requester configured to request a security function loader to the ECU when the ECU is in a security function setting mode; an user authenticator configured to receive a user authentication request from the ECU and perform an user authentication; and a firmware transmitter configured to transmit stored security function firmware to the ECU when the user authentication is passed, and the ECU activates an instruction present in the received security function firmware and perform a security function setting.Type: ApplicationFiled: December 27, 2019Publication date: April 30, 2020Applicant: FESCARO CO., LTD.Inventors: Seok Min HONG, Hyun Jeong LEE
-
Publication number: 20200134187Abstract: A method and system for improving memory storage and threat detection is provided. The method includes requesting and authorizing permission for executing analysis code for determining if a service device is in compliance with general data protection regulations. In response, executable code is uploaded to the database hardware controller and a first database and a second database is analyzed with respect to patterns associated with the general data protection regulations. Associated results code is generated and transmitted the service device. The results code is executed with respect to the first database and the second database resulting in a storage space increase in the first database and the second database thereby improving operational functions of the first database and the second database.Type: ApplicationFiled: October 24, 2018Publication date: April 30, 2020Inventors: Krzysztof Rudek, Grzegorz P. Szczepanik, Lukasz Jakub Palus, Tomasz Hanusiak
-
Publication number: 20200134188Abstract: Mechanisms are provided for accessing security vulnerability issue information. The mechanisms monitor security analyst interactions with security vulnerability issues via the security management system to generate analyst interaction log data, and generate one or more security analyst models corresponding to one or more security analysts by performing a machine learning operation on the analyst interaction log data. The mechanisms generate an analyst-issue model based on the one or more security vulnerability issue models and the one or more security analyst models, and generate an issue recommendation for a security analyst based on the analyst-issue model.Type: ApplicationFiled: October 24, 2018Publication date: April 30, 2020Inventors: Ebrahim Bagheri, Mohammadreza Barouni Ebrahimi, Samaneh Bayat, Zeinab Noorian
-
Publication number: 20200134189Abstract: The present disclosure is directed to a novel system for using a distributed blockchain ledger to conduct, manage, and store application assessment data. In particular, computing systems may be used to perform assessments on the various applications within the enterprise environment and store the assessments as data records within the blockchain. The entity system may further comprise one or more blockchain interjectors which may trigger the addition of updated data records for one or more application assessments in the blockchain. In this way, the system provides for a highly efficient way to perform application assessments.Type: ApplicationFiled: October 25, 2018Publication date: April 30, 2020Applicant: Bank of America CorporationInventors: Lonnie Jason Carter, Cris Jay Gwin, Theresa Kruse Leahy
-
Publication number: 20200134190Abstract: A compliance of a system is managed. Internal parameters of the system are received. One or more compliance control documents that relate to the system are identified. Each compliance control document is decomposed into one or more auditable units. Auditable units that are relevant to the system, are identified. Relevant auditable units are mapped to a corresponding available executable code. Each mapped executable code is executed. A risk associated with each relevant auditable unit that is deemed to be not compliant is identified. For each compliance control document, a compliance risk is calculated based on the identified risk. A report of compliance risk for each document is created to be displayed on a user interface of a computing device.Type: ApplicationFiled: October 27, 2018Publication date: April 30, 2020Inventors: Constantin Adam, Muhammed Fatih Bulut, Milton Hernandez, Anup Kalia, John Rofrano, Maja Vukovic
-
Publication number: 20200134191Abstract: Techniques for selectively initiating security scanning operations on remote devices are described. Embodiments determine to perform a security scanning operation on a remote device in a media processing environment. A signal chain within the media processing environment that includes the remote device is determined. Embodiments determine an operational status of the signal chain, based on a media processing schedule for the signal chain. Upon determining that the operational status indicates that the remote device is available for performance of the security scanning operation, performance of the security scanning operation on the remote device is initiated.Type: ApplicationFiled: October 29, 2018Publication date: April 30, 2020Inventors: Michael J. STREIN, Craig L. BEARDSLEY, Efthimis STEFANIDIS, Vladislav FELDMAN
-
Publication number: 20200134192Abstract: A system, method, and computer-readable medium for a security vulnerability detection operation. The security vulnerability operation includes configuring a firmware security profiling environment with a trusted host and a trusted service processor; receiving a firmware update file via the trusted service processor; using the trusted service processor to identify a security vulnerability within the firmware update file; and, installing the firmware update file to the information handling system only when no security vulnerability is identified by the trusted service processor, the installing being performed by the trusted host.Type: ApplicationFiled: October 31, 2018Publication date: April 30, 2020Applicant: Dell Products L.P.Inventors: Chitrak Gupta, Rama Rao Bisa, Elie A. Jreij, Sushma Basavarajaiah, Kala Sampathkumar, Mainak Roy
-
Publication number: 20200134193Abstract: A system for performing de-duplication of findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores normalized findings of application code performed by at least one software security analysis tool. Each normalized finding is identifiable by a fingerprint. The processor receives a first finding in a first vendor-provided format from a first software security analysis tool that performs a scan of application code. The processor receives a second finding in a second vendor-provided format from a second software security analysis tool. The processor normalizes the findings to a standardized taxonomy. The processor determines a first fingerprint and a second fingerprint that respectively identify the normalized first and second findings.Type: ApplicationFiled: July 8, 2019Publication date: April 30, 2020Inventors: Adam Youngberg, Stephen Kent
-
Publication number: 20200134194Abstract: A system for validating software security analysis findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a source truth dataset including criteria for validating characteristics of findings. The processor receives a finding from a software security analysis tool that performs scan on application code. The processor identifies a characteristic from the finding. The processor selects a criterion from the non-transitory computer readable medium for validating the identified characteristic. The processor determines a validity score for the finding based on whether the selected criterion is met. The processor determines whether the finding is false positive by comparing the validity score to a predetermined validity threshold. If the finding is true positive, a graphical user interface displays the finding.Type: ApplicationFiled: August 26, 2019Publication date: April 30, 2020Inventors: Adam Youngberg, David Filbey, Kishore Prabakaran Fernando
-
Publication number: 20200134195Abstract: A system for assessing software risks includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores category risk scores based on findings generated by software security analysis tools of different categories. The processor receives at least one first finding from a first category of software security analysis tools and at least one second finding from a second category of software security analysis tools. A first category risk score is computed based on the at least one first finding. A second category risk score is computed based on the at least one second finding. An overall risk score for application code is determined by computing a weighted average based on the first category risk score and the second category risk score. A graphical user interface displays the overall risk score.Type: ApplicationFiled: October 4, 2019Publication date: April 30, 2020Inventors: Adam James Youngberg, David Filbey
-
Publication number: 20200134196Abstract: Methods and systems are disclosed for automatically assessing and mitigating operational risks associated with using a software component in a software application. As a part of a method, one or more software components of the software application is accessed and software component characteristic information is received about each of the one or more software components, responsive to the accessing. The software component characteristic information includes information about a characteristic of a software component that is related to an operational risk associated with using the software component in the software application. Responsive to receiving the software component characteristic information, and based on the software component characteristic information, operational risk assessment information is generated using one or more rules. The generated operational risk assessment information is outputted where at least one step of the method is performed by a processor.Type: ApplicationFiled: December 20, 2019Publication date: April 30, 2020Inventors: Desmond M. Collins, Yohann Duchenay, James Flynn, Aidan Moore, Cian O'Mahony
-
Publication number: 20200134197Abstract: One example method includes receiving user input concerning a data protection policy for an entity, where the user input is in the form of written input and/or audio input, when the user input comprises audio input, translating the audio input into text, determining an intention of the user with respect to data protection for the entity by translating the text to common terms by interpreting terms of the text that have the same meaning as being similar words and applying context to the words, identifying a data protection policy that best corresponds to the intention of the user concerning data protection for the entity, and applying the data protection policy to the entity.Type: ApplicationFiled: October 25, 2018Publication date: April 30, 2020Inventors: Yossef Saad, Assaf Natanzon
-
Publication number: 20200134198Abstract: A method for managing data includes identifying, in response to a storage request from a tenant system, a first data protection pool based on a data classification analysis and initiating storage of data associated with the storage request in a first storage system associated with the first data protection pool.Type: ApplicationFiled: October 31, 2018Publication date: April 30, 2020Inventors: Anand Rudrabhatla, Peter Marelas
-
Publication number: 20200134199Abstract: Techniques are provided to allow full search for encrypted data within a database. In some embodiments, searchable data may be separated into different searchable tables in a database in such a way that encrypted data is stored as plaintext but has no usable link to other data within the source database. In some embodiments, performing a query on a particular user data may result in the retrieval of an encrypted identifier, which may then be decrypted via an encryption module. A second search based on the decrypted identifier may produce a set of relevant search results from a source table.Type: ApplicationFiled: September 27, 2018Publication date: April 30, 2020Inventor: Adam Conway
-
Publication number: 20200134200Abstract: Methods and systems for performing a computational operation on a server host are provided. Exemplary methods include: receiving an encrypted service request from a client host, the client host encrypting a service request to produce the encrypted service request using a shared secret, the service request specifying the computational operation; decrypting, in a secure enclave, the encrypted service request using the shared secret to produce a decrypted service request, the secure enclave preventing other software running on the server host from accessing the shared secret and other data stored in a memory space; performing the computational operation, in the secure enclave, using the decrypted service request to generate a service result; encrypting, in the secure enclave, the service result using the shared secret to create an encrypted service result; and providing the encrypted service result to the client host, the client host decrypting the encrypted service result.Type: ApplicationFiled: October 25, 2018Publication date: April 30, 2020Inventors: Ellison Anne Williams, Ryan Carr
-
Publication number: 20200134201Abstract: The method, computer system, and computer program product for using a key management server to protect visible content. The method, computer program product, and computer system may include a key management server which may receive, from an encryption device, an identification of one or more portions of clear information visible on a physical document. The key management server may receive, from the encryption device, one or more permission parameters. The permission parameters may include a time duration parameter, a location parameter, a start and end time parameter, or a device identification parameter. Further, the key management server may receive, from a decryption device, a request to access a portion of the clear information. The key management server may transmit, to the decryption device, information permitting access to the portion of clear information.Type: ApplicationFiled: October 25, 2018Publication date: April 30, 2020Inventors: Rinkesh I. Bansal, Chintan Thaker, SANJAY B. PANCHAL, VINOD A. VALECHA
-
Publication number: 20200134202Abstract: A method of efficient rekey in a transparent decrypting storage array includes receiving an instruction to rekey data on a storage array, wherein the instruction identifies first encryption information and second encryption information. The method further includes decrypting, by a processing device of a storage array controller, the data using the first encryption information to generate decrypted data. The method further includes encrypting the decrypted data using the second encryption information to generate encrypted data.Type: ApplicationFiled: October 26, 2018Publication date: April 30, 2020Inventors: Constantine P. Sapuntzakis, Kiron Vijayasankar, Yuval Frandzel
-
Publication number: 20200134203Abstract: A federated smart user identification (ID) having embedded tiered/hierarchical entitlements. The federated smart user ID comprises an encrypted key having multiple key strings that create sub-zones/barriers within the key. Each key string includes logical code and is attached/associated with at least one of (i) a computing system, service, application or the like, and (ii) an entitlement zone of the system, service, application or the like. Thus, the individual key strings define which systems, services, applications and the like the user has access to and the entitlements/authorizations within those systems, services, applications that the user has. In addition, key strings can dynamically be added to or deleted from the key to thereby change system/service access authorization and/or system/service-level entitlement.Type: ApplicationFiled: October 30, 2018Publication date: April 30, 2020Applicant: BANK OF AMERICA CORPORATIONInventor: Manu Jacob Kurian
-
Publication number: 20200134204Abstract: A method for performing secure computations on records, comprising: receiving a request to apply an arithmetic computation on a record; assigning a respective partial record to each of a plurality of computational processes; instructing each of the computational processes sharing a computation scheme to perform the following: submitting the arithmetic computation to the computation scheme to assemble a processed partial record from the respective partial record components; instructing each of the plurality of computational processes to verify an integrity of at least one of the plurality of processed partial records by: broadcasting combined encryptions of one of the plurality of processed partial record components to all other of the plurality of computational processes and analyzing received combined encryptions to detect integrity in the other of the processed partial record components; and when the detected integrity is valid, calculating a response to the request by combining the received processed partiType: ApplicationFiled: October 31, 2018Publication date: April 30, 2020Applicants: NEC Corporation Of America, Bar-Ilan UniversityInventors: Jun FURUKAWA, Yehuda LINDELL
-
Publication number: 20200134205Abstract: A data processing apparatus and a data processing method thereof for an Internet of Things (IoT) system are provided. The data processing apparatus generates a plurality of diagnosis rule data, diagnoses each of the device data received from at least one IoT apparatus to generate a plurality of diagnosis log data, packages the device data, the diagnosis log data and the diagnosis rule data respectively based on a preset data amount to generate a plurality of device files, a plurality of diagnosis log files and a plurality of diagnosis rule files individually, stores each device file, each diagnosis log file and each diagnosis rule file in an interplanetary file system individually, and stores hash values of each device file, each diagnosis log file and each diagnosis rule file in a blockchain system individually.Type: ApplicationFiled: November 26, 2018Publication date: April 30, 2020Inventors: Yu-Cheng HSIAO, Ying-Hsun LAI
-
Publication number: 20200134206Abstract: A method for creating a smart contract detailing an ordered set of events is disclosed. A smart contract can include information about multiple events and responses for each event. The events and response can be arranged in a predefined order. The responses can include adding new records to a blockchain.Type: ApplicationFiled: June 13, 2018Publication date: April 30, 2020Inventors: Ajith Thekadath, Timothy P. Tidwell, Venkata Javaji, Mondo Jacobs
-
Publication number: 20200134207Abstract: Various approaches for implementing multi-tenant data protection are described. In an edge computing system deployment, a system includes memory and processing circuitry coupled to the memory. The processing circuitry is configured to obtain a workflow execution plan that includes workload metadata defining a plurality of workloads associated with a plurality of edge service instances executing respectively on one or more edge computing devices. The workload metadata is translated to obtain workload configuration information for the plurality of workloads. The workload configuration information identifies a plurality of memory access configurations and service authorizations identifying at least one edge service instance authorized to access one or more of the memory access configurations. The memory is partitioned into a plurality of shared memory regions using the memory access configurations.Type: ApplicationFiled: December 20, 2019Publication date: April 30, 2020Inventors: Kshitij Arun Doshi, Ned M. Smith, Francesc Guim Bernat, Timothy Verrall
-
Publication number: 20200134208Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.Type: ApplicationFiled: December 23, 2019Publication date: April 30, 2020Applicant: Intel CorporationInventors: Pradeep M. Pappachan, Luis S. Kida, Reshma Lal
-
Publication number: 20200134209Abstract: Provided is a method for blockchain-based recordkeeping and implementable by a terminal device. The method comprises: obtaining target data; computing a data digest of the target data, and extracting a key segment from the target data; signing, in a secure operation environment included in the terminal device, the data digest and/or the key segment based on a private key associated with the terminal device to generate a signature; and submitting to a blockchain the data digest, the key segment, and the signature, for one or more nodes in the blockchain to verify the signature based on a public key corresponding to the private key, and to record the data digest and the key segment in the blockchain in response to the signature being verified to be valid.Type: ApplicationFiled: October 30, 2019Publication date: April 30, 2020Inventors: Hong ZHANG, Haitao JIANG, Linqing WANG, Xinyu WENG, Fuqiang LI, Feng LIN, Jun WU, Xiaodong ZENG, Lei YANG
-
Publication number: 20200134210Abstract: A device for providing secure transmission of data between a transmitter and a receiver includes an interface circuit that includes a first input circuit arranged to receive data to be transmitted, the first input circuit comprising programmable logic for transforming said data to be transmitted, the programmable logic being built in the first input circuit by a first controller; a first output circuit arranged to receive the data transformed by the first input circuit, the first output circuit comprising programmable logic for retransforming said transformed data, the programmable logic being built by a second controller, and a first comparator arranged to compare said data retransformed by the first output circuit and the data to be transmitted, the programmable logic of the first input circuit being inverse and complementary to the programmable logic of the first output circuit. Also disclosed is a method implemented by the device described above.Type: ApplicationFiled: September 21, 2017Publication date: April 30, 2020Inventors: Pierino VIDONI, Marta Dorothea ALTENKAMP
-
Publication number: 20200134211Abstract: Aspects of the technology described herein maintain the privacy of confidential information to be communicated to a user through a computing device. The technology keeps confidential information private by assessing the privacy context of the communication. The privacy context can be determined by determining a privacy level of the information to be communicated and the privacy level of the environment into which the information is to be communicated. The privacy context can be used to select an appropriate communication channel for the information. The privacy context can also be used to determine whether all available content is shared or just a portion of it.Type: ApplicationFiled: October 25, 2018Publication date: April 30, 2020Inventors: Adi L. MILLER, Roni KARASSIK, Daniel AVIGDOR
-
Publication number: 20200134212Abstract: A device receives a first data item. The device stores the first data item in non-volatile memory. The device subsequently receives a second data item, where the second data item was previously generated from the first data item and a cryptographic key. The device performs a function such as, for example, an exclusive-or operation on the first data item and the second data item to generate the cryptographic key. The device uses the generated cryptographic key to encrypt data which may be transmitted over a wireless interface.Type: ApplicationFiled: October 31, 2018Publication date: April 30, 2020Applicant: L3 Technologies, Inc.Inventors: Jerry Hutchison, Todd Ditzman
-
Publication number: 20200134213Abstract: Systems and methods are provided for determining an access request provided by an application that seeks to interact with one or more backend systems through a computing system. One or more predefined restrictions can be enforced on the application, the computing system, or the one or more backend systems.Type: ApplicationFiled: September 27, 2019Publication date: April 30, 2020Inventors: James Ding, Gonçalo Silva Santos, Richard Helzberg, Thomas Playford
-
Publication number: 20200134214Abstract: A card includes a secure element hosting applications instances. An external interface receive, from an external card reader, an application selection command selecting one application instance from a set of one or more selectable application instances. A biometric interface is configured to acquire biometrics of a user via biometric sensor. A processor compares the acquired biometric data to reference biometric data stored in the card and set the selectable application instance set depending on the outcome of the biometric data comparison. An instance of a non-biometric application is provided in the set only in case of positive comparison. A non-biometric application is thus now biometric-secured. Personalized parameters configuring the instance of a same application may be determined based on the acquired biometrics, allowing configurations of the card to be proposed for several different users.Type: ApplicationFiled: October 24, 2019Publication date: April 30, 2020Inventors: Yann-Loïc AUBIN, Simon VAQUIER
-
Publication number: 20200134215Abstract: Systems, apparatus and methods for managing an object's lifecycle in an object store. A distributed ledger is used to record transactions between a client and an object store. The distributed ledger records the transaction and also attests to the object authenticity. Thus, the transactions can be verified and may assist in resolving issues that arise with respect to the stored objects.Type: ApplicationFiled: October 25, 2018Publication date: April 30, 2020Inventors: Assaf Natanzon, Jehuda Shemer, Kfir Wolfson
-
Publication number: 20200134216Abstract: Systems and methods are disclosed for updating shared databases using blockchain technology. Methods comprise receiving aircraft data from a first user among a plurality of users; validating the received aircraft data; storing the validated aircraft data to the shared database; receiving a request for data from a second user among the plurality of users; and providing the validated aircraft data to the second user from the shared database.Type: ApplicationFiled: October 26, 2018Publication date: April 30, 2020Inventors: Sriram P. R, Norman J. BALCHUNAS, JR., Swetha BALASA, Pushpa Basavapura Veerabhadra REDDY
-
Publication number: 20200134217Abstract: A processing system may obtain an operations set associated with database sources of a database system from a client entity, the operations set including a statement, the statement including a query, identify data sets from the operations set, transmit, a request to a first owner to permit access to a first data set, and a request to a second owner to permit access to a second data set, and receive approvals from the first and second owners. The processing system may retrieve a first portion of data stored in the first data set and a second portion of data stored in the second data set in accordance with the approvals, execute the operations set in accordance with the first portion of data and the second portion of data to generate a result set, and provide the client entity access to the result set.Type: ApplicationFiled: October 29, 2018Publication date: April 30, 2020Inventors: Andrew Vishnyakov, Dan Flynn