Block/data Stream Enciphering Patents (Class 380/37)
  • Patent number: 10771241
    Abstract: Computer-implemented methods, systems, and non-transitory, computer-readable media for server-based time authentication of blockchain-type ledgers are provided. One computer implemented method includes: determining at least one ledger that needs time authentication and includes one or more consecutive data blocks. For each ledger, determining ledger information corresponding to the ledger and including a plurality of items, such as: an identifier of the ledger, a block height of a starting block of the ledger, a block height of an ending block of the ledger, and a root hash of a Merkle tree formed by the one or more consecutive data blocks in the ledger. The ledger information is sent to a trusted time authentication agency for time authentication on each of the plurality of items. A time certificate, including a timestamp, the ledger information, and a digital signature of the time authentication agency is received from the time authentication agency.
    Type: Grant
    Filed: February 27, 2020
    Date of Patent: September 8, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Xinying Yang
  • Patent number: 10757220
    Abstract: In one example, a processing system including at least one processor obtains a transport control protocol flow associated with a video session that streams a video from a server to a client. The transport control protocol flow comprises a plurality encrypted packets exchanged between the server and the client. The processing system then reconstructs a hypertext transfer protocol transaction that is part of the streaming video session. The reconstructing is performed without decrypting the plurality of encrypted packets.
    Type: Grant
    Filed: December 11, 2018
    Date of Patent: August 25, 2020
    Assignees: AT&T Intellectual Property I, L.P., Georgia Tech Research Corporation
    Inventors: Emir Halepovic, Tarun Mangla, Mostafa H. Ammar, Ellen Witte Zegura
  • Patent number: 10735435
    Abstract: In a communication system, a management node includes: a high-order count value holding unit holding a high-order count value; and a high-order count value distribution unit updating the high-order count value under a high-order update condition and distributing the updated high-order count value to normal nodes. In the communication system, a normal node includes: a count value holding unit holding a count value; a low-order update unit updating a low-order count value held in the count value holding unit under a low-order update condition; and a high-order update unit updating a high-order count value held in the count value holding unit to the high-order count value distributed from the management node together with a reset of the low-order count value.
    Type: Grant
    Filed: August 4, 2016
    Date of Patent: August 4, 2020
    Assignee: DENSO CORPORATION
    Inventors: Takeshi Sugashima, Akira Komedani
  • Patent number: 10713044
    Abstract: A processor includes packed data registers and a decode unit to decode an instruction. The instruction is to indicate a first source operand having at least one lane of bits, and a second source packed data operand having a number of sub-lane sized bit selection elements. An execution unit is coupled with the packed data registers and the decode unit. The execution unit, in response to the instruction, stores a result operand in a destination storage location. The result operand includes, a different corresponding bit for each of the number of sub-lane sized bit selection elements. A value of each bit of the result operand corresponding to a sub-lane sized bit selection element is that of a bit of a corresponding lane of bits, of the at least one lane of bits of the first source operand, which is indicated by the corresponding sub-lane sized bit selection element.
    Type: Grant
    Filed: September 4, 2015
    Date of Patent: July 14, 2020
    Assignee: Intel Corporation
    Inventors: Roger Espasa, Guillem Sole, David Guillen Fandos
  • Patent number: 10693626
    Abstract: There is provided a method of generating a ciphertext. The method includes encrypting an input data to produce an encrypted data, and randomizing the encrypted data to produce the ciphertext. In particular, the randomizing process includes performing an exclusive-or (xor) operation on the encrypted data with a cipher pad, whereby the cipher pad is generated based on an xor-homomorphic function of a first key using a second key generated based on the encrypted data. There is also provided a corresponding system for generating a ciphertext, a corresponding method and system for decrypting a ciphertext, and a corresponding method and system for searching ciphertexts in a database, such as at an untrusted server.
    Type: Grant
    Filed: April 23, 2015
    Date of Patent: June 23, 2020
    Assignee: AGENCY FOR SCIENCE, TECHNOLOGY AND RESEARCH
    Inventors: Shuqin Ren, Benjamin Hong Meng Tan, Khin Mi Mi Aung, Sivaraman Sundaram
  • Patent number: 10680886
    Abstract: A wireless sensor preferably has a case which is intrinsically safe and has no exposed parts which can become not intrinsically safe due to the passage of time or through contact with chemicals typically encountered in a location where the wireless sensor is used. It preferably has no integral visual display other than lights, and it preferably includes at least one signal light. The sensor preferably includes a wireless transceiver for allowing remote read and remote control of the sensor. The sensor preferably includes piezoelectric pressure detectors for allowing a user to locally interact with the sensor by pressing on the case. Data can be automatically harvested from the sensors by a portable electronic data-retrieving device which is usually geographically remote from the sensors when the portable electronic data-retrieving device and the sensors are in range of a wireless system which allows them to communicate when they are geographically proximate each other.
    Type: Grant
    Filed: August 31, 2015
    Date of Patent: June 9, 2020
    Assignee: Schneider Electric Systems USA, Inc.
    Inventors: Philip George Hunt, Mark V. Bertolina, Brooks Stevens Read, Bruce Henry Thompson, Richard Bruce McKinstry, Richard Allan Chaney
  • Patent number: 10671545
    Abstract: Examples perform asynchronous encrypted live migration of virtual machines (VM) from a source host to a destination host. The encryption of the memory blocks of the VM is performed optionally before a request for live migration is received or after said request. The more resource intensive decryption of the memory blocks of the VM is performed by the destination host in a resource efficient manner, reducing the downtime apparent to users. Some examples contemplate decrypting memory blocks of the transmitted VM on-demand and opportunistically, according to a pre-determined rate, or in accordance with parameters established by a user.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: June 2, 2020
    Assignee: VMware, Inc.
    Inventors: Gabriel Tarasuk-Levin, Reilly Grant
  • Patent number: 10673616
    Abstract: Techniques for mitigating side-channel attacks on cryptographic algorithms are provided. An example method according to these techniques includes applying a block cipher algorithm to an input data to generate a cryptographic output, such that applying the block cipher to input data comprises modifying an output of a stage of the block cipher algorithm such that each output of the stage of the block cipher algorithm has a constant Hamming weight, and outputting the cryptographic output.
    Type: Grant
    Filed: January 11, 2017
    Date of Patent: June 2, 2020
    Assignee: Qualcomm Incorporated
    Inventors: Rosario Cammarota, Indranil Banerjee, Matthew McGregor
  • Patent number: 10673826
    Abstract: Systems, devices, and methods for encrypting genetic information are provided herein. Also provided herein are systems, devices, and methods for encrypting compressed genetic data, transmitting encrypted compressed genetic data, and receiving, storing, accessing encrypted compressed genetic data. In some cases, a user interface is in communication with a system or device provided herein.
    Type: Grant
    Filed: February 9, 2016
    Date of Patent: June 2, 2020
    Assignee: ARC BIO, LLC
    Inventors: David Andrew Sinclair, Alejandro Quiroz-Zarate, Roberto Olivares-Amaya, Thomas J. Watson, Jr., Jason Michael Anderson, Pablo G. Coste
  • Patent number: 10664815
    Abstract: Network systems and methods are disclosed for maintaining purchase history databases useful for targeted marketing while preventing users from obtaining access to customer financial accounts.
    Type: Grant
    Filed: September 4, 2008
    Date of Patent: May 26, 2020
    Assignee: CATALINA MARKETING CORPORATION
    Inventors: Tina Louise Warhover, Joseph Paul Cilella, Patricia Corliss Brynjolfsson, Gail VanNoller, Elmer Robinson, Jr.
  • Patent number: 10642992
    Abstract: A computing device includes an interface configured to interface and communicate with a dispersed storage network (DSN), a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory. The processing circuitry is configured to execute the operational instructions to perform various operations and functions. The computing device encrypts data using a key to generate encrypted data and processes it and a password based on a deterministic function to generate transformed data. The computing device masks the key based on a masking function based on the transformed data to generate a masked key, and then combines the encrypted data and the masked key to generate a secure package that is encoded in accordance with dispersed error encoding parameters produce a set of encoded data slices (EDSs) and transmits the set of EDSs to a plurality of storage units (SUs) to be distributedly stored therein.
    Type: Grant
    Filed: April 30, 2018
    Date of Patent: May 5, 2020
    Assignee: PURE STORAGE, INC.
    Inventor: Jason K. Resch
  • Patent number: 10630482
    Abstract: An example secure embedded device includes a secure non-volatile memory coupled to a processor. The processor provides a scramble or cipher key and uses a scramble algorithm or a cipher algorithm to scramble or cipher information received from an external device into transformed information. The processor writes a least a portion of the transformed information to a plurality of memory locations of the secure non-volatile memory. The plurality of memory locations is based on the scramble or cipher key.
    Type: Grant
    Filed: April 13, 2017
    Date of Patent: April 21, 2020
    Assignee: Cypress Semiconductor Corporation
    Inventors: Arnaud Boscher, Nicolas Prawitz
  • Patent number: 10594476
    Abstract: A hardware cipher module to cipher a packet. The cipher module includes a key scheduling engine and a ciphering engine. The key scheduling engine is configured to receive a compact key and iteratively generate a set of round keys, including a first round key, based on the compact key and determine, based upon a cipher mode indication and a type of ciphering whether to generate a key-scheduling-done indication after the first round key is generated and before all of the set of round keys are generated or to generate the key-scheduling-done indication after all of the set of round keys is generated. The ciphering engine is configured to begin to cipher the packet with one of the set of round keys as a result of receiving the key schedule done indication.
    Type: Grant
    Filed: April 30, 2018
    Date of Patent: March 17, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Ron Diamant, Nafea Bshara, Erez Izenberg
  • Patent number: 10572895
    Abstract: A streaming media player receives a media stream from a first broadcast chain. Streaming performance feedback originating from the streaming media player is received at a processing system including an analytics module. The feedback includes identifying information sufficient to verify that a user of the media player is a valid user. In response to verifying that the feedback is from a valid user, identifying information is stripped out, and the feedback is transmitted to a media proposal server. The media proposal server determines, based on the streaming feedback, that media items scheduled for broadcast on a second, different broadcast chain, are to be replaced. Replacement media items, which have been identified, based at least in part, on feedback from the first broadcast chain, are transmitted to the second broadcast chain via a media distribution server.
    Type: Grant
    Filed: April 12, 2018
    Date of Patent: February 25, 2020
    Assignee: iHeartMedia Management Services, Inc.
    Inventors: Mark R. Allen, Jeffrey Lee Littlejohn
  • Patent number: 10567158
    Abstract: A cryptographic device (200) is provided to compute a key dependent cryptographic function for an input message. The cryptographic device has a data store arranged to store multiple variables (w) on which the cryptographic device acts to compute the cryptographic function, a variable (w) being distributed over multiple shares (wj) and represented in the data store as multiple encoded shares (xj), an encoded share being an encoding (xj=Encj (wj, sj)) of a share (wj) together with a state (sj), the multiple states (sj) corresponding to the same variable (w) having a relationship with the input message (M) so that there exists an injective mapping (?) from the input message (M) to the multiple states (?(M)=(s0, . . . , sn?1)).
    Type: Grant
    Filed: October 10, 2016
    Date of Patent: February 18, 2020
    Assignee: KONINKLIJKE PHILIPS N.V.
    Inventors: Ronald Rietman, Sebastiaan Jacobus Antonius De Hoogh, Paulus Mathias Hubertus Mechtildis Antonius Gorissen, Willem Charles Mallon, Ludovicus Marinus Gerardus Maria Tolhuizen, Hendrik Dirk Lodewijk Hollmann
  • Patent number: 10536264
    Abstract: Embodiments include a computing processor control flow enforcement system including a processor, a block cipher encryption circuit, and an exclusive-OR (XOR) circuit. The control flow enforcement system uses a block cipher encryption to authenticate a return address when returning from a call or interrupt. The block cipher encryption circuit executes a block cipher encryption on a first number including an identifier to produce a first encrypted result and executes a block cipher encryption on a second number including a return address and a stack location pointer to produce a second encrypted result. The XOR circuit performs an XOR operation on the first encrypted result and the second encrypted result to produce a message authentication code tag.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: January 14, 2020
    Assignee: Intel Corporation
    Inventors: Santosh Ghosh, Manoj R Sastry, Jesse R. Walker, Ravi L. Sahita, Abhishek Basak, Vedvyas Shanbhogue, David M. Durham
  • Patent number: 10511330
    Abstract: To reduce the processing amount of a field multiplication. a denotes a k-th order vector whose elements are a0, . . . , ak?1 (a0, . . . , ak?1?GF(xq)). A denotes an n-by-k matrix formed by vertically connecting a identity matrix and a Vandermonde matrix. b denotes an n-th order vector obtained by multiplying the vector a and the matrix A whose elements are b0, . . . , bn?1 (b0, . . . , bn?1?GF(xq)). A vector conversion part 11 generates a ?-th order vector b? using ? elements bp0, . . . , bp??1 of the vector b. An inverse matrix generation part 12 generates a ?-by-? inverse matrix A??1. A plaintext computation part 13 computes elements ae0, . . . , ae??1 of the vector a by multiplying the vector b? and the inverse matrix A??1.
    Type: Grant
    Filed: May 11, 2016
    Date of Patent: December 17, 2019
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventor: Dai Ikarashi
  • Patent number: 10484340
    Abstract: Data encryption system includes a data generation device, a security key mapping device, an internet transmission security device, and a receiver. The data generation device is used for generating raw data. The security key mapping device is linked to the data generation device for encrypting the raw data to generate a plurality of encrypted data blocks according to a security key. The internet transmission security device is linked to the security key mapping device for transmitting and protecting the plurality of encrypted data blocks. The receiver is linked to the internet transmission security device for receiving the plurality of encrypted data blocks.
    Type: Grant
    Filed: October 18, 2016
    Date of Patent: November 19, 2019
    Assignee: LEADOT INNOVATION, INC.
    Inventor: Justin Wang
  • Patent number: 10452854
    Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.
    Type: Grant
    Filed: September 10, 2018
    Date of Patent: October 22, 2019
    Assignee: Security First Corp.
    Inventors: Mark S. O'Hare, Rick L. Orsini, Roger S. Davenport, Steven Winick
  • Patent number: 10447666
    Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of RI, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.
    Type: Grant
    Filed: January 2, 2018
    Date of Patent: October 15, 2019
    Inventor: Elad Barkan
  • Patent number: 10382952
    Abstract: A method, system, and/or computer program product generate a secondary security key from a primary security key. One or more processors, receive a primary security key. The processor(s) retrieve a first numeric code that is an alternate numeric representation of a first character in the primary security key. The processor(s) retrieve a second numeric code that is an alternate numeric representation of a second character in the primary security key. The processor(s) add the first numeric code to the second numeric code to generate a running total value. The processor(s) designate the running total value as a secondary security key, and encrypt data with the secondary security key.
    Type: Grant
    Filed: May 19, 2016
    Date of Patent: August 13, 2019
    Assignee: International Business Machines Corporation
    Inventors: Mark V. Chitti, Kirby G. Dahman, Ronda L. McCain, Kurt A. Rybczyk, Keith C. Williams
  • Patent number: 10372948
    Abstract: A memory device is provided which comprises a memory array, a first scrambling circuit and a second scrambling circuit. The first scrambling circuit is configured to provide first scrambled data with a first scrambling pattern in response to input data. The second scrambling circuit is configured to provide second scrambled data with a second scrambling pattern in response to the first scrambled data.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: August 6, 2019
    Assignee: TAIWAN SEMICONDUCTOR MANUFACTURING COMPANY LTD.
    Inventors: Kai-Chun Lin, Ku-Feng Lin, Hung-Chang Yu, Yu-Der Chih
  • Patent number: 10348485
    Abstract: Examples describe herein relate to chaining operations under a molecular encryption scheme, including, but not limited to, defining a composite operation, wherein the composite operation comprises two or more separate operations, receiving input for the composite operation, invoking the composite operation for the input, performing the composite operation based on the input, and determining output corresponding to the input.
    Type: Grant
    Filed: February 22, 2017
    Date of Patent: July 9, 2019
    Assignee: FORNETIX LLC
    Inventors: Gerald J. Stueve, Stephen Edwards, Lina M. Baquero, Charles White
  • Patent number: 10348486
    Abstract: A method for at least partially updating encrypted data stored on one or more servers includes dividing the encrypted data into equal sized chunks; encrypting each chunk using an all-or-nothing encryption scheme (AONE) with an encryption key, wherein an additional randomness per chunk is embedded into the AONE; outputting a plurality of ciphertext blocks for each chunk; storing the encrypted chunks on the one or more servers such that an i-th ciphertext block of each encrypted chunk is stored on an i-th server, wherein a result of a predetermined function performed on the randomness for all encrypted chunks is stored with each encrypted chunk; determining one or more chunks to update; reverting the predetermined function by accessing all the encrypted chunks; decrypting the one or more chunks to update based on the result of, updating the decrypted chunks; re-encrypting the updated decrypted chunks, and storing the re-encrypted chunks.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: July 9, 2019
    Assignee: NEC CORPORATION
    Inventor: Ghassan Karame
  • Patent number: 10325109
    Abstract: An embodiment of the invention may include a method, computer program product, and system for securing data. The embodiment may include receiving, by a management program, identification of a selected cryptographic security module. The selected cryptographic security module is graphically selected by an authorized operator via a graphic user interface. The selected cryptographic security module contains unique individual symbols that contain references to functions and is selected from a plurality of mutually exclusive cryptographic security modules. Based on the received identification of the selected cryptographic security module, the embodiment may include generating, by the management program, a global configuration file. The embodiment may include transmitting, by the management program, a notification to an agent program on a client computer.
    Type: Grant
    Filed: September 14, 2017
    Date of Patent: June 18, 2019
    Assignee: International Business Machines Corporation
    Inventors: Jose M. Gomez Claros, Alan W. McLachlan, Andrew R. Schmidt
  • Patent number: 10271096
    Abstract: A source device and a method of transmitting content are provided. The source device includes a controller configured to check a version of a content protection method supported by a sink device from the repeater, to encrypt the content based on a version of the content protection method applied to the content, and to set a value of type information of the content protection method based on the version of the content protection method applied to the content and the version of the content protection method supported by the sink device, and a communicator including communication circuitry configured to transmit the encrypted content and the type information of the content protection method to the repeater, wherein the type information of the content protection method for determining whether the content received from the source device is output to the sink device from the repeater, based on the version of the content protection method supported by the sink device.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: April 23, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Sung-bo Oh
  • Patent number: 10243941
    Abstract: Systems and methods are provided and include a control module that receives a communication packet from a communication node that includes at least one of a vehicle sensor and a vehicle system via a controller area network bus. The control module determines whether the communication packet from the communication node indicates that the vehicle sensor or the vehicle system associated with the communication node is operating outside of a predetermined acceptable operating range. The control module sends an authentication message to the communication node in response to the communication packet indicating that the vehicle sensor or vehicle system is operating outside of the predetermined acceptable operating range. The control module determines whether a valid authentication code is received from the communication node and performs a remedial action for the communication node in response to the valid authentication code not being received from the communication node.
    Type: Grant
    Filed: November 1, 2016
    Date of Patent: March 26, 2019
    Assignee: DENSO International America, Inc.
    Inventor: Michael Bima
  • Patent number: 10230528
    Abstract: Systems and methods for memory protection for implementing trusted execution environment. An example processing system comprises: an on-package memory; a memory encryption engine (MEE) comprising a MEE cache, the MEE to: responsive to failing to locate, within the MEE cache, an encryption metadata associated with a data item loaded from an external memory, retrieve at least part of the encryption metadata from the OPM, and validate the data item using the encryption metadata.
    Type: Grant
    Filed: May 4, 2015
    Date of Patent: March 12, 2019
    Assignee: Intel Corporation
    Inventors: Binata Bhattacharyya, Amy L. Santoni, Raghunandan Makaram, Francis X. McKeen, Simon P. Johnson, George Z. Chrysos, Siddhartha Chhabra
  • Patent number: 10230697
    Abstract: A non-transitory computer-readable recording medium storing computer-readable instructions that, when executed by a first user terminal, cause the first user terminal to perform a method including: receiving a first message including a first attached file, generating at least one encryption key for encrypting the first message by taking into account a type of the first attached file, encrypting the first attached file of the first message by using the encryption key, adding sender information of the first message to the first message, and transmitting the first message including the sender information to a message server, may be provided.
    Type: Grant
    Filed: July 6, 2016
    Date of Patent: March 12, 2019
    Assignee: Line Corporation
    Inventors: Ki Bin Shin, Jong Il Won
  • Patent number: 10148425
    Abstract: An encryption system and method has processors and a memory system, the memory system configured to hold at least one macroblock, an encryption key, and machine-readable instructions for encrypting the macroblock. The instructions include instructions for dividing the macroblock into subblocks by rows and encrypting the rows, for dividing the macroblock into subblocks by columns and encrypting the columns, and for performing a combining cipher of the cipher blocks to produce a final ciphertext of the macroblock. In alternative embodiments, the macroblock is divided in dimensions in addition to rows and columns. In embodiments, ciphertext is chained by using its ciphertext as part of a key for later macroblocks of a sequence, or propagated into later sequences of macroblocks.
    Type: Grant
    Filed: August 3, 2017
    Date of Patent: December 4, 2018
    Assignee: Massively Parallel Technologies, Inc.
    Inventor: Kevin D. Howard
  • Patent number: 10142103
    Abstract: A system and method for generating pseudorandom numbers by initializing a counter value for a call-counter, sending a bit-wise form of the counter value from the counter to a mixing function, and mixing the counter value to generate the pseudorandom number. The mixing function may be a XOR tree, substitution-permutation, or double-mix Feistel. The pseudorandom number generator can operate by mixing the bits of the call-counter, repeatedly mixing its own output, or a combination thereof. The counter is incremented by a predetermined value. In order to provide backward secrecy, the pseudorandom number is processed by a one-way function or is hashed with a cryptographic hash function, and the result thereof is used as an input value for a subsequent cycle of the mixing function. Also, several mixing functions can be operated in parallel with their output XORed.
    Type: Grant
    Filed: December 7, 2015
    Date of Patent: November 27, 2018
    Assignee: THE BOEING COMPANY
    Inventor: Laszlo Hars
  • Patent number: 10114766
    Abstract: A system includes a plurality of data input ports, each port corresponding to one of a plurality of different levels of security classification; a security device, configured for cryptographic processing, coupled to receive incoming data from each of the plurality of input ports, wherein the incoming data includes first data having a first classification level; a key manager configured to select and tag-identified first set of keys from a plurality of key sets, each of the key sets corresponding to one of the different levels of security classification, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device for storage.
    Type: Grant
    Filed: November 18, 2016
    Date of Patent: October 30, 2018
    Assignee: Secturion Systems, Inc.
    Inventor: Richard J. Takahashi
  • Patent number: 10078749
    Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.
    Type: Grant
    Filed: August 16, 2017
    Date of Patent: September 18, 2018
    Assignee: Apple Inc.
    Inventors: Timothy R. Paaske, Weihua Mao, Shu-Yi Yu
  • Patent number: 10069622
    Abstract: A cryptography apparatus includes multiple multiplication units and logic circuitry. The multiplication units are arranged in two or more multiplication levels, and are configured to operate in accordance with Galois-Field (GF) arithmetic over respective Galois fields. The logic circuitry is configured to receive input data whose word-size exceeds a maximal input word-size among the multiplication units, to hold a cryptographic key including multiple sub-keys whose number does not exceed a number of the multiplication units, and to perform a cryptographic operation on the input data by applying the sub-keys to the multiplication units.
    Type: Grant
    Filed: October 20, 2016
    Date of Patent: September 4, 2018
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventor: Moshe Alon
  • Patent number: 10025617
    Abstract: A system for providing a steganographic message to a hypervisor may include a memory having computer readable instructions and one or more processors for executing the computer readable instructions. The computer readable instructions may include identifying a plurality of selected bits of usage data of a virtual machine. Further according to the computer readable instructions, a desired message may be encoded as a steganographic message stored in the plurality of selected bits in the usage data. Encoding the desired message may include manipulating one or more resources of the virtual machine to cause a change in the plurality of selected bits in the usage data. The usage data may be provided to the hypervisor, and the steganographic message may be observable in the usage data.
    Type: Grant
    Filed: November 28, 2017
    Date of Patent: July 17, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Eli M. Dow, Thomas D. Fitzsimmons, Frank R. LeFevre, Jessie Yu
  • Patent number: 10013517
    Abstract: High level synthesis for a circuit design may include detecting, using a processor, an encrypted, high level programming language (HLL) core for inclusion in a circuit design, decrypting, using the processor, the encrypted HLL core into volatile memory, and generating, using the processor, an encrypted, intermediate representation (IR) of the circuit design including an encrypted IR of the HLL core. An encrypted hardware description language (HDL) circuit design may be generated, using the processor, from the encrypted IR of the circuit design. The encrypted HDL circuit design includes an encrypted HDL core that is functionally equivalent to the encrypted HLL core.
    Type: Grant
    Filed: January 6, 2016
    Date of Patent: July 3, 2018
    Assignee: XILINX, INC.
    Inventors: Sheng Zhou, Bin Ochotta, Alec J. Wong, Pradip K. Jha, Qin Zhang
  • Patent number: 10009168
    Abstract: An encryption system and method has processors and a memory system, the memory system configured to hold at least one macroblock, an encryption key, and machine readable instructions for encrypting the macroblock. The instructions include instructions for dividing the macroblock into at subblocks by rows and encrypting the rows, for dividing the macroblock into subblocks by columns and encrypting the columns, and for performing a combining cipher of the first, second, third and fourth cipher blocks to produce a final ciphertext of the macroblock. In alternative embodiments, the macroblock is divided in a third, or fourth dimension in addition to rows and columns. In embodiments, ciphertext is chained by using it ciphertext as part of a key for later macroblocks of a sequence, or propagated into later sequences of macroblocks.
    Type: Grant
    Filed: November 26, 2013
    Date of Patent: June 26, 2018
    Assignee: Massively Parallel Technologies, Inc.
    Inventor: Kevin D. Howard
  • Patent number: 9996708
    Abstract: A processing system includes a processing core and a hardware accelerator communicatively coupled to the processing core. The hardware accelerator includes a data register having a plurality of data bits and a key register having a plurality of key bits. The hardware accelerator also includes a data mode selector module to select one of an encrypt mode or a decrypt mode for processing the plurality of data bits. The hardware accelerator further includes a key mode selector module to select one of the encrypt mode or the decrypt mode for processing the plurality of key bits.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: June 12, 2018
    Assignee: Intel Corporation
    Inventors: Sudhir K. Satpathy, Sanu K. Mathew, Kirk S. Yap, Vinodh Gopal
  • Patent number: 9979718
    Abstract: A means for managing security and access to resources associated with blocks/sub-components of a distributed validating network, such as a blockchain network. Tags are created that can be applied to blocks so that a designated entity/user can locate the block though presentation of keywords associated with the tag. Additionally, a security token is generated that is assigned or otherwise provided to the designated entity/user which is configured to grant the designated entity access to resources in the block. Further, logic may be defined and applied to either the tag, the block and/or the security token that provides control over the access granted to the designated entities/users. The logic may define the period of time for which a designated entity/user is granted access to the block and/or the block's resources or the logic may define an amount of access granted to the designated entity/user.
    Type: Grant
    Filed: May 11, 2016
    Date of Patent: May 22, 2018
    Assignee: BANK OF AMERICA CORPORATION
    Inventor: Manu Jacob Kurian
  • Patent number: 9967092
    Abstract: A secure memory, key expansion logic, and decryption logic are provided for a microprocessor that executes encrypted instructions. The secure memory stores a plurality of decryption key primitives. The key expansion logic selects two or more decryption key primitives from the secure memory and then derives a decryption key from them. The decryption logic uses the decryption key to decrypt an encrypted instruction fetched from the instruction cache. The decryption key primitives are selected on the basis of an encrypted instruction address, one of them is rotated by an amount also determined by the encrypted instruction address, and then they are additively or subtractively accumulated, also on the basis of the encrypted instruction address.
    Type: Grant
    Filed: October 15, 2015
    Date of Patent: May 8, 2018
    Assignee: VIA TECHNOLOGIES, INC.
    Inventors: G. Glenn Henry, Terry Parks, Brent Bean, Thomas A. Crispin
  • Patent number: 9960908
    Abstract: A hardware cipher module to cipher a packet. The cipher module includes a key scheduling engine and a ciphering engine. The key scheduling engine is configured to receive a compact key and iteratively generate a set of round keys, including a first round key, based on the compact key and determine, based upon a cipher mode indication and a type of ciphering whether to generate a key-scheduling-done indication after the first round key is generated and before all of the set of round keys are generated or to generate the key-scheduling-done indication after all of the set of round keys is generated. The ciphering engine is configured to begin to cipher the packet with one of the set of round keys as a result of receiving the key schedule done indication.
    Type: Grant
    Filed: September 29, 2015
    Date of Patent: May 1, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Ron Diamant, Nafea Bshara, Erez Izenberg
  • Patent number: 9954676
    Abstract: A method of performing a keyed cryptographic operation mapping an input message to an output message, wherein the cryptographic operation includes at least one round including a non-linear mapping function configured to map input data to output data, including: splitting the input data into n split input data, wherein the splitting of the input data varies based upon the value of the input message; inputting each split input data into the non-linear mapping function to obtain n split output data, wherein a combination the n split output data indicates an output data, wherein the output data results when the input data is input to the non-linear mapping function.
    Type: Grant
    Filed: January 17, 2017
    Date of Patent: April 24, 2018
    Assignee: NXP B.V.
    Inventor: Wil Michiels
  • Patent number: 9940772
    Abstract: Chip cards are used to secure credit and debit payment transactions. To prevent fraudulent transactions, the card must protect cryptographic keys used to authenticate transactions. In particular, cards should resist differential power analysis and/or other attacks. To address security risks posed by leakage of partial information about keys during cryptographic transactions, cards may be configured to perform periodic cryptographic key update operations. The key update transformation prevents adversaries from exploiting partial information that may have been leaked about the card's keys. Update operations based on a hierarchical structure can enable efficient transaction verification by allowing a verifying party (e.g., an issuer) to derive a card's current state from a transaction counter and its initial state by performing one operation per level in the hierarchy, instead of progressing through all update operations performed by the card.
    Type: Grant
    Filed: October 24, 2007
    Date of Patent: April 10, 2018
    Assignee: CRYPTOGRAPHY RESEARCH, INC.
    Inventor: Paul C. Kocher
  • Patent number: 9921975
    Abstract: A cryptographic processing device comprises a cipher control circuit operative to execute at least one of encryption of plaintext data and decryption of ciphertext data on the basis of conversion parameter data; and a memory cell array that includes a plurality of memory cells, the plurality of memory cells including: a memory cell in a variable state, in which a resistance value reversibly changes between a plurality of changeable resistance value ranges in accordance with an electric signal applied thereto; and a memory cell in an initial state, which does not change to the variable state unless a forming stress for changing the memory cell in the initial state to the variable state is applied thereto, a resistance value of the memory cell in the initial state being within an initial resistance value range which does not overlap with the plurality of changeable resistance value ranges, wherein in the memory cell array, data including the conversion parameter data is stored on the basis of whether each of th
    Type: Grant
    Filed: April 13, 2015
    Date of Patent: March 20, 2018
    Assignee: Panasonic Intellectual Property Management Co., Ltd.
    Inventors: Yoshikazu Katoh, Takuji Maeda, Shinji Inoue, Masato Suto
  • Patent number: 9904807
    Abstract: A memory system includes a controller configured to write data to a nonvolatile memory. The controller includes a buffer unit configured to hold write data including a plurality of pieces of unit data, a sequencer configured to receive the write data from the buffer unit and individually output the plurality of pieces of unit data sequentially, and a plurality of cores, each being configured to encrypt at least one of the pieces of unit data output from the sequencer. The buffer is further configured to output the plurality of pieces of unit data sequentially to the sequencer, such that a last piece of unit data is output consecutively after a preceding piece of unit data is output.
    Type: Grant
    Filed: August 25, 2015
    Date of Patent: February 27, 2018
    Assignee: TOSHIBA MEMORY CORPORATION
    Inventor: Kiyotaka Matsuo
  • Patent number: 9891944
    Abstract: A computer-implemented method may include identifying a plurality of selected bits of usage data of a virtual machine. A desired message may be encoded, by a computer processor, as a steganographic message stored in the plurality of selected bits in the usage data. Encoding the desired message may include manipulating one or more resources of the virtual machine to cause a change in the plurality of selected bits in the usage data. The usage data may be provided to the hypervisor, and the steganographic message may be observable in the usage data.
    Type: Grant
    Filed: March 17, 2016
    Date of Patent: February 13, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Eli M. Dow, Thomas D. Fitzsimmons, Frank R. LeFevre, Jessie Yu
  • Patent number: 9887972
    Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of R1, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.
    Type: Grant
    Filed: March 22, 2017
    Date of Patent: February 6, 2018
    Inventor: Elad Barkan
  • Patent number: 9882879
    Abstract: Methods, apparatus and articles of manufacture for using steganography to protect cryptographic information on a mobile device are provided herein. A method includes querying a user to select one or more items of data stored on a computing device to be used in connection with one or more cryptographic actions associated with said computing device, and protecting one or more items of cryptographic information within the one or more selected items of data.
    Type: Grant
    Filed: June 27, 2013
    Date of Patent: January 30, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Yedidya Dotan, Lawrence N. Friedman, William M. Duane, John Brainard
  • Patent number: 9860219
    Abstract: Embodiments of the present invention relate to runtime instantiation of broadcast encryption schemes. In one embodiment, a method of and computer program product for runtime instantiation of broadcast encryption schemes is provided. A broadcast encryption definition is read. The broadcast encryption definition defines a broadcast encryption scheme and includes a plurality of function definitions. Based on the plurality of function definitions, it is determined whether the broadcast encryption definition defines encrypting or decrypting content. Based on the plurality of function definitions a type of the broadcast encryption scheme is determined.
    Type: Grant
    Filed: October 28, 2016
    Date of Patent: January 2, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: John B. Geagan, III
  • Patent number: 9846596
    Abstract: Described is a system for a cloud control operations plane. In operation, a job is broadcast to a plurality of physical hosts, one or more of the physical hosts having a control operations plane (COP) node and a service node associated with the COP node. The COP nodes jointly create a private job assignment. A set of job assignments is redundantly distributed to individual COP nodes pursuant to the private job assignments, such that each individual COP node is only aware of its own assignment and corresponding job. The service nodes then each complete a task associated with the job and generate an output. When a set of service nodes performing a redundant job complete their task, the corresponding COP nodes jointly perform a private result checking protocol to generate a final output. The final output is then sent to the user.
    Type: Grant
    Filed: June 24, 2014
    Date of Patent: December 19, 2017
    Assignee: HRL Laboratories, LLC
    Inventors: Aleksey Nogin, Kirill Minkovich, Karim El Defrawy, Joshua W. Baron, Eric P. Tressler, Gavin D. Holland