Key Derived From Addressable Memory Element Patents (Class 380/264)
  • Patent number: 10715524
    Abstract: A storage integration object is created in a database of a data warehouse system. The storage integration object identifies a storage location in a storage platform of a cloud storage provider system and a cloud identity object maintained by a network-based data warehouse system. The cloud identity object is associated, at the storage platform of the cloud storage provider, with a proxy identity object granted permission to access the storage location. An external stage object is created based on the storage integration object. The external stage object identifies the storage location and includes an association with the storage integration object. A command to load or unload data at the storage location is received. In response to the command, the data is loaded or unloaded, via the proxy identity object, at the storage location using the external stage object.
    Type: Grant
    Filed: November 14, 2019
    Date of Patent: July 14, 2020
    Assignee: Snowflake Inc.
    Inventors: Polita Paulus, Peter Povinec, Saurin Shah, Srinidhi Karthik Bisthavalli Srinivasa
  • Patent number: 10686598
    Abstract: One-to-many cryptographic systems and methods are disclosed, including numerous industry applications. Embodiments of the present invention can generate and regenerate the same symmetric key from a random token. The one-to-many cryptographic systems and methods include a cryptographic module being in communication with one or more remote locations. The cryptographic module is configured to encrypt data received from the remote locations and to decrypt data for receipt by the remote locations. The cryptographic module includes a key generator configured to use two or more inputs to reproducibly generate the symmetric key and a cryptographic engine configured to use the symmetric key for encrypting and decrypting data. Corresponding methods are also provided.
    Type: Grant
    Filed: February 26, 2018
    Date of Patent: June 16, 2020
    Assignee: CORD3 INNOVATION INC.
    Inventors: Glen Arthur Henderson, Brent Eric Nordin, Daniel Marcel Joseph Seguin, Prateek Srivastava, Ian Hugh Curry
  • Patent number: 10659437
    Abstract: A circuit arrangement includes an encryption circuit and a decryption circuit. A cryptographic shell circuit has a transmit channel and a receive channel in parallel with the transmit channel. The transmit channel includes an encryption interface circuit coupled to the encryption circuit. The encryption interface circuit determines first cryptographic parameters based on data in a plaintext input packet and inputs the first cryptographic parameters and plaintext input packet to the encryption circuit. The receive channel includes a decryption interface circuit coupled to the decryption circuit. The decryption interface circuit determines second cryptographic parameters based on data in a ciphertext input packet and inputs the second cryptographic parameters and ciphertext input packet to the decryption circuit.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: May 19, 2020
    Assignee: Xilinx, Inc.
    Inventors: Ravi Sunkavalli, Anujan Varma, Chuan Cheng Pan, Patrick C. McCarthy, Hanh Hoang
  • Patent number: 10601577
    Abstract: Embodiments of the present application disclose an operation method. The method includes: obtaining, by the input/output interface, an input ciphertext; performing, by the decryption circuit, a modular exponentiation operation according to the ciphertext and a preset operation parameter; and using, by the microprocessor, an operation result obtained after the modular exponentiation operation as a plaintext obtained after decryption.
    Type: Grant
    Filed: January 25, 2019
    Date of Patent: March 24, 2020
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Cui Hu, ZhuFeng Tan, Shaojie Sun
  • Patent number: 10567155
    Abstract: Methods of securing a cryptographic device against implementation attacks are described. A disclosed method comprises the steps of: generating secret values (324) using a pseudorandom generator (510); providing a key (330), an input (324) having a number of chunks and the secret values to an encryption module (340); indexing the chunks and the secret values (324); processing the input chunk wise by encrypting the secret values (324) indexed by the chunks using the key (330) and the encryption module (340); generating for each chunk a pseudorandom output (330?) of the encryption module (340), providing the pseudorandom output as the key (330?) when processing the next chunk; and performing a final transformation on the last pseudorandom output (330?) from the previous step by using it as a key to encrypt a fixed plaintext.
    Type: Grant
    Filed: April 29, 2016
    Date of Patent: February 18, 2020
    Assignee: NXP B.V.
    Inventors: Marcel Medwed, Ventzislav Nikov, Martin Feldhofer
  • Patent number: 10531291
    Abstract: The present disclosure relates to a 5G or pre-5G communication system for supporting a higher data transfer rate beyond a 4G communication system such as LTD. A method of a terminal connected to another base station (BS) for a second communication system in a wireless environment, the method comprising receiving, via the another BS from a BS for the first communication system, a radio resource control (RRC) connection reconfiguration message comprising information regarding a first key, generating a secure key for a security of the first communication system based on the first key, an identifier (ID) for indicating an algorithm for applying to the first key, a distinguisher for indicating a function of the algorithm indicated by the ID, and transmitting, to the BS, a signal based on the generated secure key.
    Type: Grant
    Filed: March 30, 2017
    Date of Patent: January 7, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Beomsik Bae, Joohyung Lee, Sukjin Yun, Doyoung Jung
  • Patent number: 10530777
    Abstract: Techniques for securely sealing and unsealing enclave data across platforms are presented. Enclave data from a source enclave hosted on a first computer may be securely sealed to a sealing enclave on a second computer, and may further be securely unsealed for a destination enclave on a third computer. Securely transferring an enclave workload from one computer to another is disclosed.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: January 7, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Manuel Costa
  • Patent number: 10521586
    Abstract: The invention relates to a secured comparative processing method of the type in which a processor of an electronic component compares a set of proof data received by the processor as an input with main secret data stored in said electronic component, characterised in that the processor executes, in parallel with the comparison with the secret data, a series of complementary operations on the set of proof data which generate on the electronic component a variation in behaviour which is a function of the proof data which the component receives as an input and which is added to the variation in behaviour linked to the comparison with the main secret data, the series of complementary operations including a series of base operations repeated K times, and the execution of said series being preceded by an adjustment of execution parameters of said series, the parameters including: the identifier of the series of base operations to be executed, the series of base operations being comprised within a set of predefined
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: December 31, 2019
    Assignee: IDEMIA IDENTITY & SECURITY
    Inventors: Mael Berthier, Victor Servant
  • Patent number: 10505715
    Abstract: An example method of cryptographically modifying an input data segment includes performing, in a first stage, a first bit substitution operation based on a first stage input segment and a first cryptographic key sequence. The method also includes performing, in a subsequent second stage, a bit dispersal based on a second stage input segment and a second cryptographic key sequence. The method also includes performing, in a subsequent third stage, a second bit substitution operation based on a third stage input segment and a third cryptographic key sequence. The first, second, and third stage input segments are all derived from the input data segment.
    Type: Grant
    Filed: November 17, 2017
    Date of Patent: December 10, 2019
    Assignee: MARPEX, INC.
    Inventor: Douglas Bradley Lowry
  • Patent number: 10498718
    Abstract: A network protocol is provided to identify and authenticate devices from different vendors that are deployed in a network. Each vendor is provided a vendor key unique to the vendor by a network management server. A vendor server associated with the vendor provisions a device with a first hash value generated using the vendor key among other device attributes. When the device is deployed in the network, the network management server queries the device. The device generates a second hash value using the first hash value and sends it in a response to the network management server. The network management server computes a local hash value using the vendor key and the attributes received from the response. The network management server authenticates the device if the local hash value matches with the second hash value.
    Type: Grant
    Filed: June 16, 2017
    Date of Patent: December 3, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Bijendra Singh, Richard Dyson, Christopher Warren Jones, Praveen Kumar Madhanagopal
  • Patent number: 10484351
    Abstract: A system and method are provided for certificate selection in infrastructures such as those planned to be used for V2V messaging, wherein the vehicle (or other moving object)'s location is used to aid in the selection of certificates. In one aspect, there is provided a method of selecting certificates for vehicle-to-vehicle messaging, the method comprising: determining a location for a vehicle; and adapting reuse of certificates in a certificate pool for the vehicle according to the location. In another aspect, there is provided a method of selecting certificates for vehicle-to-vehicle messaging, the method comprising: determining an amount of messaging activity; and adapting reuse of certificates in a certificate pool for the vehicle according to the amount of messaging activity.
    Type: Grant
    Filed: January 19, 2017
    Date of Patent: November 19, 2019
    Assignee: ETAS Embedded Systems Canada Inc.
    Inventors: Brian M. Romansky, Constantine Grantcharov, Nevine Maurice Nassif Ebeid
  • Patent number: 10382207
    Abstract: An image processing apparatus is provided. The image processing apparatus includes a storage configured to store an operating system (OS) of the image processing apparatus, a script file including a program code and a first electronic signature, and an interpreter program provided to execute the program code on the OS; and at least one processor configured to perform an authentication of the first electronic signature with the OS in response to the interpreter program executing the program code on the OS, and selectively permit or block the execution of the program code according to whether the first electronic signature passes or fails to pass the authentication.
    Type: Grant
    Filed: April 5, 2017
    Date of Patent: August 13, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Chang-woo Lee, Nam-gwon Lee
  • Patent number: 10374609
    Abstract: Systems and methods for generating and deploying integrated circuit (IC) applications are provided. Partial reconfiguration functionality of an IC may be used to build reconfigurable application platforms that enable application execution on the IC. These apps may include partial reconfiguration bitstreams that allow ease of access to programming without cumbersome compilation via a set of complex tools. The apps may be acquired via a purchasing website or other mechanism, where the bitstreams may be downloaded to the IC, thus increasing usability of the IC as well providing addition revenue streams.
    Type: Grant
    Filed: February 6, 2017
    Date of Patent: August 6, 2019
    Assignee: Altera Corporation
    Inventors: Joshua Walstrom, Mark Bourgeault
  • Patent number: 10356083
    Abstract: A mobile communication device causes a communication session to be established with a host server of a communication network. The mobile device performs communication operations in the communication session for activating a communication service, such as a data synchronization service, with the host server. In the communication session, the mobile device also receives configuration information which includes information for use in constructing a request message for obtaining a digital certificate from a certificate authority (CA). After receipt of the configuration information, the mobile device constructs the request message for the digital certificate and causes it to be sent to the host server. In response, the host server requests and obtains the digital certificate from the CA on behalf of the mobile device, and thereafter “pushes” the received digital certificate to the mobile device. The mobile device receives the digital certificate and stores it for use in subsequent communications.
    Type: Grant
    Filed: June 6, 2018
    Date of Patent: July 16, 2019
    Assignee: BlackBerry Limited
    Inventors: Christopher Lyle Bender, Sam Cheng-Fu Shih, Neil Patrick Adams
  • Patent number: 10339299
    Abstract: Techniques are described for runtime checking of function metadata prior to execution of a function in an environment. An application may include any appropriate number of components at one or more levels in a hierarchical arrangement, and each component may be packaged with metadata that describes the component. A function, or any component, may be packaged with metadata that includes term(s) governing the usage of the function. The term(s) may be checked, at runtime, during execution of the application to determine whether the function is to be executed. A function may also be hashed at runtime for verification of function version. Function(s) may be individually and independently executed as containerized nano functions within the environment.
    Type: Grant
    Filed: March 7, 2017
    Date of Patent: July 2, 2019
    Assignee: Kashmoo, Inc.
    Inventors: Mark D. Magnuson, Timothy J. Magnuson
  • Patent number: 10242212
    Abstract: Embodiments of the present disclosure include systems and methods for providing query service of secured contents. A data collection service collects data and security context associated with the data from a data source and stores the data with the security attributes in a datastore, where the security attributes are derived from the security context and used to determine access to the data so that access to the data is consistent with the security context. Upon receiving a query and a user context of a requester making the query of the datastore, a set of query results is obtained. Based on the user context and security attributes, it is determined whether the requestor has a proper right to access the query results. If the requestor has a proper right to access the query results, access to the query results is granted.
    Type: Grant
    Filed: April 18, 2016
    Date of Patent: March 26, 2019
    Assignee: QUEST SOFTWARE, INC.
    Inventors: Abel Tegegne, Elena Vinogradov, Guangning Hu
  • Patent number: 10104526
    Abstract: A method and apparatus for issuing an incident-issued credential for an incident area network. One embodiment provides an identity server including an electronic processor configured to receive an agency-issued credential and retrieve a first set of attributes from the agency-issued credential. The electronic processor is also configured to map the first set of attributes to a scope of a service available through an incident area network. The electronic processor is further configured to generate the incident-issued credential for the incident area network including the scope and issue the incident-issued credential to a user device.
    Type: Grant
    Filed: June 1, 2016
    Date of Patent: October 16, 2018
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: Anthony R. Metke, Adam C. Lewis, Shanthi E. Thomas
  • Patent number: 10025811
    Abstract: In a client, an encryption key is created using plain text data, a first tag is created using the encryption key, and the plain text data are encrypted under the encryption key to create encrypted data. The first tag is transmitted to the server to confirm whether the encrypted data is duplicated and after transmitting the first tag, the encrypted data is transmitted to the server in accordance with the request of the encrypted data from the server.
    Type: Grant
    Filed: February 23, 2016
    Date of Patent: July 17, 2018
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Keonwoo Kim, Taek-Young Youn, Ku Young Chang, Nam-Su Jho
  • Patent number: 9979558
    Abstract: Network and device configuration systems and methods are described. In an embodiment, a first user interface configured to receive from a user configuration information regarding a first network provided. Program code stored in computer accessible memory is configured to generate a barcode that includes information related to the first network configuration information, wherein the barcode can be scanned by a device having a barcode scanner and a network interface to configure the network interface to access the first network.
    Type: Grant
    Filed: January 3, 2017
    Date of Patent: May 22, 2018
    Assignee: IKAN HOLDINGS LLC
    Inventors: Fabio Zsigmond, Sion Elie Douer, Geraldo Yoshizawa, Frederico Wagner
  • Patent number: 9971878
    Abstract: The disclosed computer-implemented method for handling fraudulent uses of brands may include (1) enabling a subscriber of a brand-protection service to select an action to perform when a fraudulent use of a brand is detected in Internet traffic that is transmitted via any of a plurality of Internet-traffic chokepoints that are managed by the brand-protection service, (2) monitoring, at each of the plurality of Internet-traffic chokepoints, Internet traffic for fraudulent uses of brands, (3) detecting, while monitoring the Internet traffic, the fraudulent use of the brand, and (4) performing the action in response to detecting the fraudulent use of the brand. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 26, 2014
    Date of Patent: May 15, 2018
    Assignee: Symantec Corporation
    Inventor: Carey Nachenberg
  • Patent number: 9942274
    Abstract: A method for protecting application servers from network-based attacks and verifying the security posture of end client systems is disclosed. A trust broker system receives a request from a user agent associated with a client system remote from the trust broker to connect to applications and resources associated with the trust broker. The trust broker system verifies the integrity of the client system and verifies the identity of a user of the client system. The trust broker system then determines the access level permitted to the identified user and based on the access level. The trust broker system establishes a connection with the user agent and transmits session information to the server system. The trust broker system sends the user agent connection information, wherein the connection information enables the requesting user agent to connect to the requested server system.
    Type: Grant
    Filed: January 25, 2016
    Date of Patent: April 10, 2018
    Assignee: VIDDER, INC.
    Inventors: Junaid Islam, Brent Bilger, Ted Schroeder
  • Patent number: 9858440
    Abstract: A computer-implemented method, the method includes identifying a piece of data to be served from a server system to a client device that is remote from the server system; creating a plurality of expressions that, when executed, provide a result that corresponds to the piece of data; and providing the plurality of expressions to the client device with code for executing the plurality of expressions.
    Type: Grant
    Filed: May 23, 2014
    Date of Patent: January 2, 2018
    Assignee: Shape Security, Inc.
    Inventors: Xinran Wang, Yao Zhao
  • Patent number: 9860314
    Abstract: A data synchronization method, in a network element operating in a network, includes generating an event at the network element that needs to be synchronized with other devices in the network; based on assigned tokens for the network element, generating a row key for the event; and providing the row key to a Highly-Available (HA) key-value storage system for synchronization therewith, wherein the HA key-value storage system includes a plurality of nodes including the network element and the other devices.
    Type: Grant
    Filed: August 19, 2014
    Date of Patent: January 2, 2018
    Assignee: Ciena Corporation
    Inventors: Mallikarjunappa Kore, Aung Htay, Kumaresh Malli
  • Patent number: 9841924
    Abstract: A system of replicating data stored on a source node. Replication can be configured between two controllers, the source node on the one hand, and a target node on the other. A synchronization relationship between the source node and the target node is established and maintained. The synchronization relationship can be quickly and easily created for disaster recovery, real-time backup and failover, thereby ensuring that data on the source node is fully-protected at an off-site location or on another server or VM, for example, at another data center, a different building or elsewhere in the cloud. Processes described herein streamline the entire replication setup process, thereby significantly reducing error rates in conventional systems and making the replication process more user friendly than in conventional systems.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: December 12, 2017
    Assignee: SoftNAS Operating Inc.
    Inventor: Rick Gene Braddy
  • Patent number: 9824238
    Abstract: A computer-implemented method, the method includes identifying a piece of data to be served from a server system to a client device that is remote from the server system; creating a plurality of expressions that, when executed, provide a result that corresponds to the piece of data; and providing the plurality of expressions to the client device with code for executing the plurality of expressions.
    Type: Grant
    Filed: May 23, 2014
    Date of Patent: November 21, 2017
    Assignee: Shape Security, Inc.
    Inventors: Xinran Wang, Yao Zhao
  • Patent number: 9712508
    Abstract: Technologies for one-touch device personalization include at least two mobile computing devices configured to communicate with a personalization server. The first mobile computing device tracks changes to device personalization data and backs up the personalization data to the personalization server. The personalization server associates the personalization data to authenticated user credentials. The personalization server may store the personalization data in an operating-system-independent format. Later, a second mobile computing device sends a request for personalization including those user credentials. After authenticating the user credentials, the personalization server sends the personalization data to the second mobile computing device, which installs the personalization data. Installing the personalization data establishes a configuration of the second mobile computing device corresponding to a previous configuration of the first mobile computing device.
    Type: Grant
    Filed: March 13, 2013
    Date of Patent: July 18, 2017
    Assignee: Intel Corporation
    Inventors: Gyan Prakash, James F. Bodio
  • Patent number: 9681292
    Abstract: Techniques for handling ciphering keys in a mobile station comprising a mobile equipment (ME) and a Universal Subscriber Identity Module (USIM) are disclosed. An example method includes obtaining a UMTS cipher key (CK), integrity key (IK), and ciphering key sequence number (CKSN) from the USIM, deriving a 128-bit ciphering key (Kc-128) from the CK and the IK, and storing the Kc-128 and the CKSN on the mobile equipment, separate from the USIM. The stored CKSN is associated with the stored Kc-128, so that the Kc-128's correspondence to the most current UMTS security context can be tracked. This example method applies to the generation and storage of a 128-bit ciphering key for either the packet-switched or circuit-switched domains. A corresponding user equipment apparatus is also disclosed.
    Type: Grant
    Filed: August 17, 2010
    Date of Patent: June 13, 2017
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Christian Herrero Verón, Monica Wifvesson
  • Patent number: 9652200
    Abstract: Various embodiments relate to a method, system, and non-transitory machine-readable medium encoded with instructions for execution by a processor for performing modular exponentiation, the non-transitory machine-readable medium including: instructions for iteratively calculating a modular exponentiation, bd mod n, including: instructions for squaring a working value, c; and instructions for conditionally multiplying the working value, c, by a base value, b, dependent on a bit of an exponent, d, including: instructions for unconditionally multiplying the working value, c, by a lookup table entry associated with the base value.
    Type: Grant
    Filed: February 18, 2015
    Date of Patent: May 16, 2017
    Assignee: NXP B.V.
    Inventors: Joppe Bos, Michaël Peeters
  • Patent number: 9641324
    Abstract: A method for authenticating request messages is disclosed. An authentication service device performs centralized allocation and management for authentication random numbers; when a User Equipment (UE) uses a protected service, the key negotiation process needs to be performed only once, whereupon the authentication is performed with multiple Application Servers (ASs) in turn according to the policy of using an authentication random number. Further, the corresponding authentication service device, AS, and UE are disclosed.
    Type: Grant
    Filed: May 14, 2010
    Date of Patent: May 2, 2017
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Chao Sun
  • Patent number: 9430670
    Abstract: A system, method, and computer program product for accessing web pages on a network are provided. In use, different users are provided access to a plurality of sections of a file selected by the different users based on a community value for at least one community dimension assigned to each section of the file selected by the different users. In particular, a user is conditionally provided access to a section of a file selected by the user, based on a comparison of a user value indicating a community with which the user is associated to the community value for the at least one community dimension assigned to the section of the file selected by the user.
    Type: Grant
    Filed: February 2, 2015
    Date of Patent: August 30, 2016
    Assignee: SALESFORCE.COM, INC.
    Inventor: Alexandre Dayon
  • Patent number: 9363276
    Abstract: A method for testing cryptographic algorithms includes: receiving one or more request files, wherein each request files is associated with a cryptographic algorithm and includes a plurality of tests; formatting the plurality of tests in each of the request files based on algorithm formatting rules; transmitting the request files; receiving a plurality of test results for each of the transmitted request files, wherein each test result corresponds to a test included in the respective request file and is generated by execution of the corresponding test using the cryptographic algorithm associated with the respective request file; generating a response file for each of the request files, wherein the response files includes a plurality of test results that correspond to each test included in the corresponding request file; formatting the plurality of tests results in each of the generated response files based on result formatting rules; and transmitting the response files.
    Type: Grant
    Filed: October 8, 2014
    Date of Patent: June 7, 2016
    Assignee: CORSEC SECURITY, INC.
    Inventors: Matthew Alan Appler, John Robert Morris, Elizabeth Meyers Rabe, David Patrick Holmes
  • Patent number: 9282120
    Abstract: A method for protecting application servers from network-based attacks and verifying the security posture of end client systems is disclosed. A trust broker system receives a request from a user agent associated with a client system remote from the trust broker to connect to applications and resources associated with the trust broker. The trust broker system verifies the integrity of the client system and verifies the identity of a user of the client system. The trust broker system then determines the access level permitted to the identified user and based on the access level. The trust broker system establishes a connection with the user agent and transmits session information to the server system. The trust broker system sends the user agent connection information, wherein the connection information enables the requesting user agent to connect to the requested server system.
    Type: Grant
    Filed: March 11, 2013
    Date of Patent: March 8, 2016
    Assignee: VIDDER, INC.
    Inventors: Junaid Islam, Brent Bilger, Ted Schroeder
  • Patent number: 9112679
    Abstract: A system obtains assurance by a content provider that a content control key is securely stored in a remote security module for further secure communications between the content provider and the security module. A security module manufacturer, which has a pre-established trustful relation with the security module, imports a symmetric transport key into the security module. The symmetric transport key is unique to the security module. The content provider shares the symmetric transport key with the security module manufacturer. The content provider exchanging messages with the security module through a security module communication manager in order to get the proof that the security module stores the content control key. At least a portion of the messages exchanged between the content provider and the security module are protected using the symmetric transport key. The symmetric transport key is independent of said content control key.
    Type: Grant
    Filed: July 23, 2013
    Date of Patent: August 18, 2015
    Assignee: Assa Abloy AB
    Inventors: Dominique Fedronic, Eric Le Saint, John Babbidge, Hong Liu
  • Patent number: 9049009
    Abstract: A cipher key is generated by first information shared in secrete between a data transmitting unit 10 and a data receiving unit 20, second information derived from duplication control information of transmit data and third information which is time change information shared between the data transmitting unit and the data receiving unit to cipher data by a CPU 12 by using the above-mentioned cipher key to transmit, from the data transmitting unit 10 to the data receiving unit 20, transmit data in which the duplication control information and the time change information are added to the ciphered data.
    Type: Grant
    Filed: April 12, 2013
    Date of Patent: June 2, 2015
    Assignee: SONY CORPORATION
    Inventors: Tomoyuki Asano, Yoshitomo Osawa, Teruyoshi Komuro, Ryuji Ishiguro
  • Patent number: 9042551
    Abstract: A semiconductor structure including a device configured to receive an input data-word. The device including a logic structure configured to generate an encrypted data-word by encrypting the input data-word through an encrypting operation. The device further including an eFuse storage device configured to store the encrypted data-word as eFuse data by blowing fuses in accordance with the encrypted data-word.
    Type: Grant
    Filed: June 4, 2012
    Date of Patent: May 26, 2015
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: John A. Fifield, Gerald P. Pomichter, Jr.
  • Patent number: 8983061
    Abstract: A method and apparatus cryptographically process data including a plurality of data segments. The cryptographic process includes (a) receiving a plurality of data segments, (b) selecting, for each data segment, a set of encryption information based on data contained in a predetermined portion of the data segment to be encrypted, and (c) encrypting each data segment using the set of encryption information selected for the data segment. At least one of an encryption algorithm, an encryption key, and an encryption parameter may be changed for each data segment based on the data contained in the predetermined portion. The predetermined portion may include a first predetermined portion for selecting a first set of encryption information, and a second predetermined portion for selecting a second set of encryption information, the encryption information including an encryption algorithm, an encryption key, and optionally an encryption parameter.
    Type: Grant
    Filed: February 13, 2004
    Date of Patent: March 17, 2015
    Assignee: IVI Holdings Ltd.
    Inventor: Masashi Watanabe
  • Patent number: 8949621
    Abstract: According to one embodiment, a device includes a first data generator configured to generate a second key (HKey) by encrypting a host constant (HC) with the first key (NKey); a second data generator configured to generate a session key (SKey) by encrypting a random number (RN) with the second key (HKey); a one-way function processor configured to generate an authentication information (Oneway-ID) by processing the secret identification information (SecretID) with the session key (SKey) in one-way function operation; and a data output interface configured to output the encrypted secret identification information (E-SecretID) and the authentication information (Oneway-ID) to outside of the device.
    Type: Grant
    Filed: June 14, 2012
    Date of Patent: February 3, 2015
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Yuji Nagai, Taku Kato, Tatsuyuki Matsushita
  • Patent number: 8943577
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: January 27, 2015
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Patent number: 8938074
    Abstract: An apparatus and methods of securely communicating a message between a first device and a second device using a message specific identifier is disclosed. The method begins by assembling the message specific identifier from one or more attributes associated with the message and the first device. An encryption key request is transmitted to a server, wherein the encryption key request is based upon the message specific identifier. An encryption key is received from the server, wherein the encryption key is based on the message specific identifier and a random character set. The message is encrypted using the received encryption key and the encrypted message is sent to the second device.
    Type: Grant
    Filed: December 17, 2012
    Date of Patent: January 20, 2015
    Assignee: Patton Protection Systems, LLC
    Inventor: Steven J. Drucker
  • Patent number: 8935541
    Abstract: A method and apparatus for preventing a user from interpreting optional stored data information even when the user extracts the optional stored data, by managing data associated with a flash memory in a flash translation layer, the method comprising searching at least one page of the flash memory when writing data to the flash memory, determining whether authority information corresponding to respective searched pages includes an encryption storage function, generating, corresponding to respective searched pages, a page key according to an encrypting function when the authority information includes the encryption storage function encrypting the data using the generated page key and storing the encrypted data in the respective searched pages, and storing the data in the respective searched pages without encryption when the authority information does not include the encryption storage function.
    Type: Grant
    Filed: August 8, 2012
    Date of Patent: January 13, 2015
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Chang-Woo Min, Jin-Ha Jun
  • Patent number: 8924674
    Abstract: A data object is stored in a hosted storage system and includes an access control list specifying access permissions for data object stored in the hosted storage system. The hosted storage system provides hosted storage to a plurality of clients that are coupled to the hosted storage system. A request to store a second data object is received. The request includes an indicator that the first data object stored in the hosted storage system should be used as an access control list for the second data object. The second data object is stored in the hosted storage system. The first data object is assigned as an access control list for the second data object stored in the hosted storage system.
    Type: Grant
    Filed: November 4, 2013
    Date of Patent: December 30, 2014
    Assignee: Google Inc.
    Inventors: David R. Hanson, Erkki Ville Juhani Aikas
  • Patent number: 8918857
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: December 23, 2014
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Patent number: 8914871
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: December 16, 2014
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Patent number: 8904512
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: December 2, 2014
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Patent number: 8885833
    Abstract: A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device.
    Type: Grant
    Filed: April 11, 2011
    Date of Patent: November 11, 2014
    Assignee: Microsoft Corporation
    Inventors: Benjamin E. Nick, Magnus Bo Gustaf Nyström, Cristian M. Ilac, Niels T. Ferguson, Nils Dussart
  • Patent number: 8867744
    Abstract: Wireless security is enforced at L1, in addition to or in lieu of other layers. AP's can switch dynamically from serving to scanning. Scanners listen for authorized frame headers. Scanners either receive, or allow authorized frames to be received, at their destination. Scanners kill unauthorized frames while they are still transmitting; scanners continue listening for and killing unauthorized frame headers until frame ending time demands their return to serving, multiplying their effectiveness. AP's include dual-mode multi-frequency omni-directional antennae, used to prevent third parties from snooping messages received at those AP's.
    Type: Grant
    Filed: November 7, 2011
    Date of Patent: October 21, 2014
    Assignee: Meru Networks
    Inventors: Senthil Palanisamy, Vaduvur Bharghavan
  • Patent number: 8832464
    Abstract: A processor including instruction support for implementing hash algorithms may issue, for execution, programmer-selectable hash instructions from a defined instruction set architecture (ISA). The processor may include a cryptographic unit that may receive instructions for execution. The instructions include hash instructions defined within the ISA. In addition, the hash instructions may be executable by the cryptographic unit to implement a hash that is compliant with one or more respective hash algorithm specifications. In response to receiving a particular hash instruction defined within the ISA, the cryptographic unit may retrieve a set of input data blocks from a predetermined set of architectural registers of the processor, and generate a hash value of the set of input data blocks according to a hash algorithm that corresponds to the particular hash instruction.
    Type: Grant
    Filed: March 31, 2009
    Date of Patent: September 9, 2014
    Assignee: Oracle America, Inc.
    Inventors: Christopher H. Olson, Jeffrey S. Brooks, Robert T. Golla
  • Patent number: 8782352
    Abstract: A lock mechanism can be supported in a transactional middleware system to protect transaction data in a shared memory when there are concurrent transactions. The transactional middleware machine environment comprises a semaphore provided by an operating system running on a plurality of processors. The plurality of processors operates to access data in the shared memory. The transactional middleware machine environment also comprises a test-and-set (TAS) assembly component that is associated with one or more processes. Each said process operates to use the TAS assembly component to perform one or more TAS operations in order to obtain a lock for data in the shared memory. Additionally, a process operates to be blocked on the semaphore and waits for a release of a lock on data in the shared memory, after the TAS component has performed a number of TAS operations and failed to obtain the lock.
    Type: Grant
    Filed: March 7, 2012
    Date of Patent: July 15, 2014
    Assignee: Oracle International Corporation
    Inventors: Xugang Shen, Xiangdong Li
  • Patent number: 8724804
    Abstract: According to an embodiment, a first linear transformation unit performs a linear transformation from mask data to first mask data. A second linear transformation unit performs a linear transformation from mask data to second mask data. A first calculator calculates first data based upon data to be processed and the first mask data. A selecting unit selects the first data or the second mask data. A non-linear transformation unit performs a non-linear transformation on the selected first data or second mask data. A second calculator calculates second data based upon the first data after the non-linear transformation and the mask data. A third linear transformation unit performs a linear transformation on the second data. The second data after the linear transformation by the third linear transformation unit is retained as new data to be processed, and the second mask data after the non-linear transformation is retained as new mask data.
    Type: Grant
    Filed: September 12, 2012
    Date of Patent: May 13, 2014
    Assignee: Kabushiki Kaisha Toshiba
    Inventor: Takeshi Kawabata
  • Patent number: RE47246
    Abstract: An ASIC for implementing digital rights management includes a processor for requesting encrypted digital data from a server and decrypting the data, and a player for transforming the decrypted data to analog signals. Preferably, the ASIC is tamper-resistant. Preferably, all the management code of the ASIC is stored on a ROM in the ASIC. A device for receiving, decrypting and displaying encrypted digital data includes the ASIC, and also a transceiver for communicating with the server, a display mechanism for displaying the analog signals, and a nonvolatile memory for storing the encrypted data. A system for storing and displaying digital data includes both the server and the device. Preferably, the server is configured to send to the device only the encrypted digital data and associated decryption keys.
    Type: Grant
    Filed: April 22, 2009
    Date of Patent: February 19, 2019
    Assignee: SanDisk IL Ltd.
    Inventor: Dani Dariel