Miscellaneous Patents (Class 380/59)
  • Patent number: 10142112
    Abstract: Several embodiments of memory devices and systems with command and control access are described herein. In one embodiment, a memory device includes a controller having a processor and a memory component operably coupled to the processor. The controller is configured to receive at least one command and control (C2) packet from a remote computer associated with a device vendor. The C2 packet includes a request for the controller to perform a restricted command, and a vendor signature. The memory component stores instructions executable by the processor to determine if the vendor signature is valid and to direct the controller to perform the restricted command if the vendor signature is determined to be valid.
    Type: Grant
    Filed: January 22, 2018
    Date of Patent: November 27, 2018
    Assignee: Micron Technology, Inc.
    Inventors: Robert W. Strong, Hemaprabhu Jayanna
  • Patent number: 10097535
    Abstract: The present invention provides methods and apparatuses that utilize a portable apparatus to securely operate a host electronic device. Typically, each portable apparatus includes a data storage unit which stores an operating system and other software. In one example, a portable apparatus can provide a virtual operating environment on top of a host's operating system for a host device. In another example, a portable apparatus containing its operating system can directly boot a host device with one or more hardware profiles. Furthermore, a device-dependent protection against software piracy, a user-dependent protection against sensitive data leaks, a controllable host operating environment to prevent unwanted information exposure, and a secure restoration procedure to prevent virus infection between the host device users may be incorporated. Moreover, a pre-defined information may also be utilized to authorize a connected-state guest operation environment in the host device.
    Type: Grant
    Filed: November 8, 2015
    Date of Patent: October 9, 2018
    Inventor: Evan S. Huang
  • Patent number: 9900159
    Abstract: Several embodiments of memory devices and systems with command and control access are described herein. In one embodiment, a memory device includes a controller having a processor and a memory component operably coupled to the processor. The controller is configured to receive at least one command and control (C2) packet from a remote computer associated with a device vendor. The C2 packet includes a request for the controller to perform a restricted command, and a vendor signature. The memory component stores instructions executable by the processor to determine if the vendor signature is valid and to direct the controller to perform the restricted command if the vendor signature is determined to be valid.
    Type: Grant
    Filed: July 21, 2015
    Date of Patent: February 20, 2018
    Assignee: Micron Technology, Inc.
    Inventors: Robert W. Strong, Hemaprabhu Jayanna
  • Patent number: 9781124
    Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include defining a first multiple of software container configurations and a second multiple of permission sets, and receiving, by a first computer, a request to perform a service operation on a second computer having multiple resources. Upon identifying one or more of the resources that are required for the service operation, a given software container configuration and a given permission set are selected based on the identified one or more resources, and the given software container configuration and the given permission set are conveyed to the second computer. Upon the second computer receiving the given software container configuration and the given permission set, a software container is generated. The software container is opened on the host computer prior to performing the service operation, and closed upon completing the service operation.
    Type: Grant
    Filed: June 11, 2015
    Date of Patent: October 3, 2017
    Assignee: International Business Machines Corporation
    Inventors: George Goldberg, Yosef Moatti, Dmitry Sotnikov, Yaron Weinsberg
  • Patent number: 9489539
    Abstract: A system for integrating modules of computer code may include a sandbox validator for receiving a first module and verifying that the first module complies with one or more sandbox constraints. A computing device may execute the first module within a runtime environment. A module integrator may operate within the runtime environment for receiving a request from the first module to access a service provided by a second module and only allowing the first module to access the service when the first module is authorized to access the service according to a service authorization table. The sandbox validator may ensure the first module correctly identifies itself when requesting a service provide by another module and that the first module includes runtime policing functions for non-deterministic operations. A service authorizer may generate an authorization policy for the first module, which is sent to the computing device along with the first module.
    Type: Grant
    Filed: May 3, 2015
    Date of Patent: November 8, 2016
    Assignee: Guest Tek Interactive Entertainment Ltd.
    Inventor: Gary R. Court
  • Patent number: 9467288
    Abstract: Techniques for encryption key destruction for secure data erasure via an external interface or physical key removal are described. Electrical destruction of key material retained in a memory of a storage device renders the device securely erased, even when the device is otherwise inoperable. The memory (e.g. non-volatile, such as flash) stores key material for encrypting/decrypting storage data for the device. An eraser provides power and commands to the memory, even when all or any portion of the device is inoperable. The commands (e.g. erase or write) enable zeroizing or destroying the key material, rendering data encrypted with the destroyed key material inaccessible, and therefore securely erased. Alternatively, the memory is a removable component (e.g. an external security device or smartcard) coupled to the device during storage operation. Removing and physically destroying the memory renders the device securely erased. The device and/or the memory are sealed to enable tamper detection.
    Type: Grant
    Filed: January 17, 2015
    Date of Patent: October 11, 2016
    Assignee: Seagate Technology LLC
    Inventors: Dmitry Obukhov, Bin Tan
  • Patent number: 9049021
    Abstract: A method and apparatus are proposed for cryptographic computations implemented in an electronic component. The method includes determining the cofactor of an elliptic curve E defined over a finite field Fq with q elements, the elliptic curve comprising a base point P having an order equal to n. The step of determining includes determining a value of floor((q+2ceil(b/2)+1+1)/n) when n>6?q, where the function ceil corresponds to the ceiling function, floor corresponds to the floor function, and b corresponds to the size q in number of bits of q.
    Type: Grant
    Filed: December 21, 2012
    Date of Patent: June 2, 2015
    Assignee: OBERTHUR TECHNOLOGIES
    Inventors: Emmanuelle Dottax, Sebastien Aumonier
  • Patent number: 8938624
    Abstract: Techniques for encryption key destruction for secure data erasure via an external interface or physical key removal are described. Electrical destruction of key material retained in a memory of a storage device renders the device securely erased, even when the device is otherwise inoperable. The memory (e.g. non-volatile, such as flash) stores key material for encrypting/decrypting storage data for the device. An eraser provides power and commands to the memory, even when all or any portion of the device is inoperable. The commands (e.g. erase or write) enable zeroizing or destroying the key material, rendering data encrypted with the destroyed key material inaccessible, and therefore securely erased. Alternatively, the memory is a removable component (e.g. an external security device or smartcard) coupled to the device during storage operation. Removing and physically destroying the memory renders the device securely erased. The device and/or the memory are sealed to enable tamper detection.
    Type: Grant
    Filed: September 15, 2011
    Date of Patent: January 20, 2015
    Assignee: LSI Corporation
    Inventors: Dmitry Obukhov, Bin Tan
  • Patent number: 8904036
    Abstract: Described are a secure geo-location obscurity network and ingress nodes, transit nodes and egress nodes used in such a network. In particular, a novel device is provided and comprises: a node for a network, the node comprising: a private portion for allowing high bandwidth secure private traffic to be received and transmitted by the node on a private pathway through the node; and a public portion for allowing low bandwidth secure public traffic to be received and transmitted by the node on a plurality of public pathways through the node.
    Type: Grant
    Filed: December 7, 2010
    Date of Patent: December 2, 2014
    Assignee: Chickasaw Management Company, LLC
    Inventors: James Andrew Reynolds, Philip Desch, Brett Burley, Gene Ward, Joe Kenny, Michael Howland, Christopher Allen Howland
  • Patent number: 8886711
    Abstract: A computer a network interface and a central processing unit. The network interface communicates with a network. The central processing unit (CPU) is operable to receive a networked file system access request packet and to identify a root directory based on the networked file system access request packet. The CPU then identifies a file directory based on the root directory and the networked file system access request packet. The CPU then identifies file object metadata based on the file directory and identifies a set of slice servers based on the file object metadata and the networked file system access request packet. The CPU then issues, via the network interface, a set of commands to a set of slice servers regarding the networked file system access request packet.
    Type: Grant
    Filed: November 17, 2010
    Date of Patent: November 11, 2014
    Assignee: Cleversafe, Inc.
    Inventors: Srinivas Palthepu, Greg Dhuse, Vance Thornton, Andrew Baptist, Jason Resch, Ilya Volvovski, John Quigley, Zachary Mark, Bart Cilfone, S. Christopher Gladwin
  • Patent number: 8868930
    Abstract: Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.
    Type: Grant
    Filed: February 16, 2012
    Date of Patent: October 21, 2014
    Assignee: International Business Machines Corporation
    Inventors: Chaim Koifman, Nadav Kedem, Avi Zohar
  • Patent number: 8832311
    Abstract: A method is provided for electronically masking the geographic location of a client device in a communication network comprising the following steps: (a) mapping a communication from a first diverter node at a first location to a second diverter node at a second location, and (b) causing the communication to appear as originating from a client device at the second location when the communication is received by a destination device, wherein the second location is different from the first location. Also provided is a device that may be used to implement such a method.
    Type: Grant
    Filed: August 4, 2011
    Date of Patent: September 9, 2014
    Assignee: Chickasaw Management Company, LLC
    Inventors: James Andrew Reynolds, Brett Burley, Gene Ward, Joe Kenney, Michael Howland, Christopher Allen Howland, Gilbert C. Medeiros, Carlos Flor, David Gutierrez, Philip Desch
  • Patent number: 8819454
    Abstract: Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.
    Type: Grant
    Filed: February 16, 2012
    Date of Patent: August 26, 2014
    Assignee: International Business Machines Corporation
    Inventors: Chaim Koifman, Nadav Kedem, Avi Zohar
  • Patent number: 8769311
    Abstract: Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.
    Type: Grant
    Filed: February 16, 2012
    Date of Patent: July 1, 2014
    Assignee: International Business Machines Corporation
    Inventors: Chaim Koifman, Nadav Kedem, Avi Zohar
  • Patent number: 8693690
    Abstract: Embodiments of the present invention provide a method and apparatus, including a client and security token, for managing cryptographic objects, such as public key cryptography standard (PKCS)#11 objects, in a computer system. A storage table for the cryptographic objects is established including rows for the cryptographic objects and columns corresponding to available attributes capable of being associated with the cryptographic objects. Actual attributes of the cryptographic objects are stored in ones of the plurality of columns corresponding to respective ones of the available attributes. The storage table is extensible such that additional columns are added corresponding to new attributes capable of being associated with the cryptographic objects.
    Type: Grant
    Filed: December 4, 2006
    Date of Patent: April 8, 2014
    Assignee: Red Hat, Inc.
    Inventor: Robert Relyea
  • Patent number: 8670799
    Abstract: Various embodiments are described herein for a mobile communication device that utilizes a smart battery. The mobile device includes a main processor for controlling the operation of the mobile communication device. The smart battery is coupled to the main processor and provides supply power. The smart battery includes a battery processor for controlling the operation of the smart battery and communicating with the main processor, and a battery module having one or more batteries for providing the supply power. A battery interface is provided for coupling between the main processor and the battery processor for providing communication therebetween. The battery interface comprises a data communication line and protection circuitry for protecting the main processor from electrostatic discharge. A communication protocol is also provided for communication between the main processor and the battery processor.
    Type: Grant
    Filed: August 31, 2012
    Date of Patent: March 11, 2014
    Assignee: BlackBerry Limited
    Inventors: Christopher Pattenden, Christopher Simon Book, Martin George Albert Guthrie, Jonathan Quinn Brubacher, Herbert Anthony Little
  • Patent number: 8666066
    Abstract: The method comprises, in an electronic component, carrying out a cryptographic calculation that includes the step of obtaining points P on an elliptic curve following the equation Y2+a1XY+a3Y=X3+a2X2+a4+X+a6 (1) where a1, a2, a3, a4 et a6 are elements of a set A of elements; where A is a ring of modular integers Z/qZ where q is a positive integer resulting from a number I of different prime numbers strictly higher than 3, I being an integer higher than or equal to 2, where A is a finite body Fq with q the power of a prime integer; where X and Y are the coordinates of the points P and are elements of A. The method comprises determining a diameter (11), and obtaining the coordinates X and Y of a point P (13) by applying a function (12) to said parameter. The Euler function ? of A corresponds to the equation ?(A) mod 3=1.
    Type: Grant
    Filed: January 8, 2010
    Date of Patent: March 4, 2014
    Assignee: Morpho
    Inventor: Thomas Icart
  • Patent number: 8649508
    Abstract: A system and method for implementing the Elliptic Curve scalar multiplication method in cryptography, where the Double Base Number System is expressed in decreasing order of exponents and further on using it to determine Elliptic curve scalar multiplication over a finite elliptic curve.
    Type: Grant
    Filed: September 29, 2008
    Date of Patent: February 11, 2014
    Assignee: Tata Consultancy Services Ltd.
    Inventor: Natarajan Vijayarangan
  • Patent number: 8606716
    Abstract: The invention relates to a product protection system, whereby a product piece is provided with a product-specific identification sequence (K) which is converted into a coded check sequence (C), by means of an encoding method (F1) using a secret encoding sequence (B). A product control sequence is applied to or on the product piece which comprises the coded check sequence (C), or a sequence derived therefrom. In order to check the authenticity of the product piece, the product control sequence is recorded by a control requester and transmitted by internet to a product protection server structure. A decoded check sequence is derived therein from the product control sequence by means of a decoding method using a decoding sequence. The authenticity of the decoded check sequence, or a sequence derived therefrom is checked and the result of the authenticity check transmitted by internet to the control requester.
    Type: Grant
    Filed: December 15, 2010
    Date of Patent: December 10, 2013
    Assignee: Tuev Rheinland Holding AG
    Inventors: Ralf Wilde, Sebastian Doose, Kurt Heinz
  • Patent number: 8595142
    Abstract: A method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier are disclosed. The system includes an issuer providing an issuer public key; a user device having a security module for generating a first set of attestation-signature values; a privacy certification authority computer for providing an authority public key and issuing second attestation values; and a verification computer for checking the validity of the first set of attestation signature values with the issuer public key and the validity of a second set of attestation-signature values with the authority public key, the second set of attestation-signature values being derivable by the user device from the second attestation values, where it is verifiable that the two sets of attestation-signature values relate to the user device.
    Type: Grant
    Filed: July 31, 2012
    Date of Patent: November 26, 2013
    Assignee: International Business Machines Corporation
    Inventor: Jan Camenisch
  • Patent number: 8595143
    Abstract: A method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier are disclosed. The system includes an issuer providing an issuer public key; a user device having a security module for generating a first set of attestation-signature values; a privacy certification authority computer for providing an authority public key and issuing second attestation values; and a verification computer for checking the validity of the first set of attestation signature values with the issuer public key and the validity of a second set of attestation-signature values with the authority public key, the second set of attestation-signature values being derivable by the user device from the second attestation values, where it is verifiable that the two sets of attestation-signature values relate to the user device.
    Type: Grant
    Filed: July 31, 2012
    Date of Patent: November 26, 2013
    Assignee: International Business Machines Corporation
    Inventor: Jan Camenisch
  • Patent number: 8488779
    Abstract: A method is provided for processing a digital information set having a plurality of information bytes. The method comprises receiving the information set, determining a set of initialization parameters, initializing a set of state variables using the set of initialization parameters, and generating a plurality of cryptors, each cryptor being a virtual dynamic array containing a monoalphabetic cipher. The method further comprises modifying the state variables and one or more of the cryptors, setting the index value for each cryptor in the plurality of cryptors; and selecting an ordered cryptor subset to be applied to an information byte. The information byte is processed using the ordered cryptor subset to produce a processed information byte. If the information byte is a plaintext byte, the processed byte is an encrypted byte, and vice versa. The actions of modifying, setting, selecting, and processing are then repeated for each remaining information byte.
    Type: Grant
    Filed: July 25, 2011
    Date of Patent: July 16, 2013
    Assignee: Grey Heron Technologies, LLC
    Inventor: David L. Parrish
  • Patent number: 8479258
    Abstract: A garage management and monitoring system defines and manages each operational event in a parking facility. Access events, management events, equipment operation events, equipment malfunction events, security events and defined anomaly events are labeled and parsed into a relational database, which is used for generating reports, creating logs, making management decisions, reconstructing accidents, and so on. The equipment includes a computer terminal, a reader, an identifying item or code capable of being read by the reader to control access to the facility, an IP camera, and a garage door or vehicle gate with safety sensors. Each defined event can be codified on the server and/or local controller to create an event library that is downloaded to the controller.
    Type: Grant
    Filed: January 6, 2011
    Date of Patent: July 2, 2013
    Inventors: Martin Herman Weik, III, Charles E. Wainwright
  • Patent number: 8474004
    Abstract: A system includes at least one telecommunications terminal having data processing capabilities, the telecommunications terminal being susceptible of having installed thereon software applications, wherein each software application has associated therewith a respective indicator adapted to indicate a level of security of the software application, the level of security being susceptible of varying in time; a software agent executed by the at least one telecommunications terminal, the software agent being adapted to conditionally allow the installation of software applications on the telecommunications terminal based on the respective level of security; a server in communications relationship with the software agent, the server being adapted to dynamically calculate the level of security of the software applications, and to communicate to the software agent the calculated level of security of the software applications to be installed on the telecommunications terminal.
    Type: Grant
    Filed: July 31, 2006
    Date of Patent: June 25, 2013
    Assignee: Telecom Italia S.p.A.
    Inventor: Manuel Leone
  • Patent number: 8402536
    Abstract: A configurable logic component is shown with a signature generator, responsive to a commanded configuration information signal from a processor, for providing a signed commanded configuration information signal, and with a memory device, responsive to the signed commanded configuration information signal from the signature generator, for storing the signed commanded configuration information signal in the configurable logic component for use by the processor in checking a current configuration of the configurable logic component against a trusted signed configuration file to ensure the current configuration matches the commanded configuration and allowing use of the configurable logic component in case of a match.
    Type: Grant
    Filed: April 16, 2008
    Date of Patent: March 19, 2013
    Assignee: Nokia Corporation
    Inventors: Terro Pekka Rissa, Seppo Tapio Turunen
  • Patent number: 8386790
    Abstract: A method is provided of authenticating a digitally signed message. A chain of messages is generated. A Winternitz pair of keys is generated for each respective message. A sequence number is assigned to each of the messages. Each of the sequence numbers cooperatively identify an order of Winternitz verifiers assigned to each of the messages. A signature to a first message in the chain of messages is signed using a digital signature algorithm private key. Signatures to each of the following messages in the chain of messages are signed using both Winternitz private keys and digital signature algorithm private keys. The signed messages are broadcast from a sender to a receiver. The first signed broadcast message is authenticated at the receiver by verifying the digital signature algorithm signature. At least some of the following signed broadcast messages are authenticated at the receiver by verifying only the Winternitz signature.
    Type: Grant
    Filed: February 25, 2010
    Date of Patent: February 26, 2013
    Assignee: GM Global Technology Operations LLC
    Inventors: Debojyoti Bhattacharya, Arzad A. Kherani
  • Patent number: 8381295
    Abstract: Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.
    Type: Grant
    Filed: July 9, 2010
    Date of Patent: February 19, 2013
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Salvatore J Stolfo, Tal Malkin, Angelos D Keromytis, Vishal Misra, Michael Locasto, Janak Parekh
  • Patent number: 8380485
    Abstract: The present invention is a device for and method of language processing that includes a communication database of communications, a transcription database of transcripts for the communication, an extractor for extracting a visual representation of each communication, a first displayer for displaying a visual representation of a communication and its transcription, a segmentor for segmenting a visual representation, a media player, a first editor for blanking portions of a transcription and adding text, a second editor for filling in blanks and adding text, a second displayer for displaying a transcription that were blanked along with the corresponding entries made by the second editor and adding textual information, and a third displayer for providing feedback.
    Type: Grant
    Filed: August 13, 2009
    Date of Patent: February 19, 2013
    Assignee: The United States of America as Represented by the Director, National Security Agency
    Inventor: Susan E. Callahan
  • Patent number: 8321955
    Abstract: Systems and methods utilizing the network layer and/or application layer to provide security in distributed computing systems in order to thwart denial of service attacks. The systems and methods of the present invention utilize puzzles placed at the network layer level and/or application layer level to protect against denial of service attacks. Further, the systems and methods of the present invention advantageously provide a robust and flexible solution to support puzzle issuance at arbitrary points in the network, including end hosts, firewalls, and routers and thereby a defense against denial of service attacks.
    Type: Grant
    Filed: April 22, 2008
    Date of Patent: November 27, 2012
    Inventors: Wu-chang Feng, Ed Kaiser
  • Patent number: 8306876
    Abstract: When a potential consumer finds a product catalog on the monitor of the consumer's PC showing digital images of products, the potential consumer orders a desired product from a vendor, at least after selecting a desired product from the digital image of the product catalog in a recognized condition by naked eye observation that the color of the digital image of a basic color reference involved in the product catalog is substantially identical to a color reference owned by the potential consumer.
    Type: Grant
    Filed: February 3, 2003
    Date of Patent: November 6, 2012
    Inventors: Akira Aoki, Hiroshi Shijyo, Mitsuko Shijyo
  • Patent number: 8278870
    Abstract: Various embodiments are described herein for a mobile communication device that authenticates a smart battery prior to use. The mobile device includes a main processor and a device memory. The device memory stores first and second portions of security information used for authentication. The smart battery includes a battery processor and a battery memory. The battery memory stores a third portion of security information used for authentication. The main processor sends an authentication request including the first portion of security information to the battery processor, and the battery processor generates a response based on the first and third portions of security information and sends the generated response to the main processor. The smart battery is authenticated if the generated response matches the second portion of security information.
    Type: Grant
    Filed: February 22, 2010
    Date of Patent: October 2, 2012
    Assignee: Research In Motion Limited
    Inventor: Herbert A. Little
  • Patent number: 8225111
    Abstract: A power supply that can be authenticated is disclosed. An apparatus according to aspects of the present invention includes an external power supply of an electronic product that modulates an output of the power supply with information encoded to identify the power supply to the product.
    Type: Grant
    Filed: December 19, 2005
    Date of Patent: July 17, 2012
    Assignee: Power Integrations, Inc.
    Inventors: Douglas John Bailey, Balu Balakrishnan
  • Patent number: 8209534
    Abstract: For achieving the protection of copyright, by suppressing illegal copy production thereof, in particular, when transmitting contents with using a wired or wireless LAN, as well as, for preventing the transmission of contents from deviating from a range of a personal use thereof, a contents transmitter apparatus and a contents receiver apparatus make an authentication, mutually, before transmitting contents therebetween.
    Type: Grant
    Filed: October 7, 2010
    Date of Patent: June 26, 2012
    Assignee: Hitachi, Ltd.
    Inventors: Chiyo Ono, Hiroo Okamoto
  • Publication number: 20120144209
    Abstract: A method according to one embodiment includes defining a new encryption band with a length that is consistent with a redundant array of inexpensive disks (RAID) parity strip; freeing a working extent in a working stride on the RAID. In an iterative process until each stride in a source band is depleted of data: marking a source extent in a source stride from which to gather data to be re-encrypted; marking parity inconsistent in the working stride in the new encryption band; performing a second iterative process; and freeing the working extent. The second iterative process is performed until each extent in a source stride is depleted of data. Additional systems, methods and computer program products are also presented.
    Type: Application
    Filed: December 1, 2010
    Publication date: June 7, 2012
    Applicant: International Business Corporation
    Inventors: David R. Kahler, Roderick G.C. Moore, Karl A. Nielsen
  • Patent number: 8189793
    Abstract: A key terminal apparatus includes a crypto-processing LSI that performs predetermined crypto-processing. Unique information identifying the crypto-processing LSI is embedded in the crypto-processing LSI. A predetermined master key corresponding to a predetermined key is embedded in the crypto-processing LSI. The crypto-processing LSI (a) receives an encrypted manufacturer key from the manufacturer key storage unit, (b) decrypts the encrypted manufacturer key using the predetermined master key to generate a manufacturer key, (c) generates a unique manufacturer key identical to the predetermined unique manufacturer key, based on the unique information embedded in the crypto-processing LSI and the generated manufacturer key, and (d) decrypts the received encrypted device key using the generated identical unique manufacturer key to generate a predetermined device key.
    Type: Grant
    Filed: August 7, 2008
    Date of Patent: May 29, 2012
    Assignee: Panasonic Corporation
    Inventors: Yoshikatsu Ito, Kouichi Kanemura
  • Patent number: 8181220
    Abstract: Method and apparatus are described wherein, in one example embodiment, there is provided one or more policy templates that may define a set of policy permissions or other attributes that may be desirable to specify in a policy. One or more policy templates may be specified in a user interface of a policy creation and maintenance program that may run oh the policy server and/or run on a workstation computer. Each policy template specified by a user may include permissions for how a user may access and use a document. The maintenance program may, in one embodiment, associate both templates to a policy used for a specific unit of digital content, or, for example, an electronic document. The permissions for the policy are determined by aggregating the permissions associated with each respective templates chosen by the user. According to another example embodiment, a user selects a policy template and defines one or more additional permissions to form an augmented policy.
    Type: Grant
    Filed: December 19, 2005
    Date of Patent: May 15, 2012
    Assignee: Adobe Systems Incorporated
    Inventors: Gary Gilchrist, Sangameswaran Viswanathan
  • Patent number: 8181260
    Abstract: Provided are methods, apparatus and computer programs for tracking the origins of data and controlling transmission of the data. In one embodiment, transmission of sensitive data by script operations is limited, to prevent transmission to any network location other than to the source of that sensitive data, by a new function within a scripting engine of an HTTP client that is responsive to origin tags placed within the data. Origin tags that are associated with data inputs are propagated to any output data items, so that transmission of derived information can also be controlled.
    Type: Grant
    Filed: July 15, 2008
    Date of Patent: May 15, 2012
    Assignee: International Business Machines Corporation
    Inventors: Julian L. Friedman, Peter Verdon
  • Patent number: 8156192
    Abstract: A multi-user e-mail messaging system is described that is interfaced through the Internet and includes a first user group sharing a first server, which first server is interfaced to the Internet. In this system, after an e-mail message has been originated by an originating user of the first user group, the e-mail message is directed onto an e-mail enhancement path, and additional content is added to the e-mail message using the e-mail enhancement path to produce an enhanced e-mail message. Thereafter, the enhanced e-mail message from the e-mail enhancement path to the intended recipient. In one feature, the path taken by an incoming e-mail message is different from an outgoing path taken by an e-mail message sent from the first user group. The outgoing path defined to the intended recipient includes the enhancement path.
    Type: Grant
    Filed: May 24, 2011
    Date of Patent: April 10, 2012
    Inventors: Scott T. Brown, Kelly A. Wanser
  • Patent number: 8132025
    Abstract: Creating a plaintext index from a text that is extracted from a file presents the risk of a leak of confidential information from the created index. To address this problem, provided is a computer system which has a computer, a storage subsystem coupled to the computer, and a network coupling the computer and the storage subsystem. The computer has an interface coupled to the network, a first processor coupled to the interface, and a memory coupled to the first processor. The storage subsystem has a disk device which stores data. A storage area of the disk device is divided into a plurality of storage areas including, at least, a first storage area and a second storage area. The first processor reads a part of data stored in the first storage area, encrypts the part of data read from the first storage area when the data stored in the first storage area is judged as encrypted data, and writes the encrypted part of data in the second storage area.
    Type: Grant
    Filed: January 22, 2008
    Date of Patent: March 6, 2012
    Assignee: Hitachi, Ltd.
    Inventors: Toru Tanaka, Yuichi Taguchi, Masayuki Yamamoto, Jun Mizuno
  • Patent number: 8079078
    Abstract: An encryption apparatus capable of effectively preventing encryption data from being illegally generated is provided. Based on apparatus identification data of an integrated circuit (IC), which is input from a computer, a secure application module (SAM) selects an encryption method from among a plurality of different encryption methods. Based on the code of the IC, the SAM selects plaintext data to be encrypted from among the plurality of different pieces of plaintext data. The SAM outputs encryption data such that the selected plaintext data is encrypted by the selected encryption method.
    Type: Grant
    Filed: December 30, 2004
    Date of Patent: December 13, 2011
    Assignee: Sony Corporation
    Inventors: Hideo Yamamoto, Naofumi Hanaki, Katsuyuki Teruyama, Tomohiko Nagayama, Masahiro Sueyoshi, Yoshiaki Hirano
  • Patent number: 8064598
    Abstract: A data blob has an operator's certificate that specifies a network. The data blob is encrypted by the network using a private key that authenticates that a user device owns a MAC address. The network sends the encrypted data blob to the user device, which decrypts it using a private key that is locally stored in the user device. From that the user device obtains the operator's certificate, locks the user device to a network specified by the operator's certificate, and sends a response message signed with the private key. The network grants access to the user device based on the signed response message. Various embodiments and further details are detailed. This technique is particularly useful for a WiMAX or WLAN/WiFi network in which there is no SIM card to lock the device to the network.
    Type: Grant
    Filed: February 26, 2008
    Date of Patent: November 22, 2011
    Assignee: Nokia Corporation
    Inventors: Antti Vaha-Sipila, Jarkko Oikarinen
  • Patent number: 8063800
    Abstract: An encoding method comprises generating a character map of an alphanumeric character string, identifying runs of like character type symbols in sequential positions, and removing the runs of character type symbols from the character map. The center for the center infix run is determined, and the characters of each character type are encoded into binary encoded substrings. A decoding method comprises parsing the one or more run fields in the alphanumeric header to determine a number of characters of each type of a plurality of character types represented in the binary encoded string, generating a character map having a string of character type symbols representing the binary encoded string, including determining a reduced character map, centering the character type symbols for a center infix run about the center of the reduced character map, completing a final character map, and decoding each binary encoded string.
    Type: Grant
    Filed: October 20, 2008
    Date of Patent: November 22, 2011
    Assignee: Symbol Technologies, Inc.
    Inventor: Frederick Schuessler
  • Patent number: 8060752
    Abstract: Sampling and transforming (“twisting”) of biometric data are performed at client based on information known at client only. Twisting includes shuffling the arrays of biometric data and may include changing of values in these arrays. Twisted biometric data are submitted to server. Amount of information contained in twisted data is enough to verify and/or identify the client using proposed correlation procedure, however, is not enough to restore the client's real biometrical data in case of interception of submitted data and in case of compromising security of server. As a result the privacy of the client is guaranteed in the highest degree.
    Type: Grant
    Filed: December 2, 2003
    Date of Patent: November 15, 2011
    Inventor: Victor Gorelik
  • Patent number: 8056122
    Abstract: A user authentication method of authenticating a user on an on-line basis using a user's e-mail address and hardware information is provided. The user authentication method includes the steps of: transmitting a user's authentication client platform hardware information and e-mail address to an authentication server module through an authentication client module installed in the authentication client platform; and the authentication client module determining user authentication according to whether or not the e-mail address and hardware information received from the authentication server module is identical to user's e-mail address and hardware information stored in an authentication database. A user's authentication request and authentication is confirmed through an e-mail in the case that authentication fails in the primary authentication process. The user authentication method performs authentication by using a user's hardware information and e-mail address, their uniqueness of which is verified.
    Type: Grant
    Filed: May 26, 2003
    Date of Patent: November 8, 2011
    Assignee: Fasoo.com Co., Ltd.
    Inventors: Ku Gon Cho, Ho Gab Kang, In Gee Kim, Kyu Soo Kim
  • Patent number: 8056124
    Abstract: A method and system for creating security policies for firewall and connection policies in an integrated manner is provided. The security system provides a user interface through which a user can define a security rule that specifies both a firewall policy and a connection policy. After the security rule is specified, the security system automatically generates a firewall rule and a connection rule to implement the security rule. The security system provides the firewall rule to a firewall engine that is responsible for enforcing the firewall rules and provides the connection rule to an IPsec engine that is responsible for enforcing the connection rules.
    Type: Grant
    Filed: July 15, 2005
    Date of Patent: November 8, 2011
    Assignee: Microsoft Corporation
    Inventors: Charles D. Bassett, Eran Yariv, Ian M. Carbaugh, Lokesh Srinivas Koppolu, Maksim Noy, Sarah A. Wahlert, Pradeep Bahl
  • Patent number: 8051471
    Abstract: An information processing device, comprising a reading unit that reads, from a recording medium that records information relevant to authentication, the information relevant to authentication, an acquisition unit that acquires information about a contact destination designated in association with the recording medium, when reading of the information from the recording medium by the reading unit remains continuously possible during a period of time between completion of a process instructed by a user who is authenticated based on the information recorded in the recording medium and elapse of a predetermined period of time after the completion, and a transmission unit that sends predetermined information to the contact destination specified by the acquired information.
    Type: Grant
    Filed: May 31, 2007
    Date of Patent: November 1, 2011
    Assignee: Fuji Xerox Co., Ltd.
    Inventor: Rie Shishido
  • Patent number: 8037311
    Abstract: A digital watermark is added to audio or visual content. An illustrative embodiment segments the content, permutes the segments, and transforms such data into another domain. The transformed data is altered slightly to encode a watermark. The altered data can then be inverse-transformed, and inverse-permuted, to return same to substantially its original form. Related watermark decoding methods are also detailed, as are ancillary features and techniques.
    Type: Grant
    Filed: April 2, 2007
    Date of Patent: October 11, 2011
    Assignee: Digimarc Corporation
    Inventors: Andrew Johnson, Michael Biggar
  • Patent number: 8015614
    Abstract: An information security device is provided that, when information is circulated through a chain, permits changing of a usage rule for the information or collection (deletion) of the information after the circulation. An information security device (200) includes: a receiving unit (201) that receives a content and a collection command; a content storing unit (202) that stores a content and its usage rule; a collection command confirmation unit (203) that checks the validity of a received collection command; a content deletion unit (204) that deletes a content; a chain information storage unit (205) that stores chain information containing sending and receiving information of a content; a destination list storage unit (206); a sending unit (207) that sends a content and a collection command; and a control unit (208) that controls the processing for a collection command. When a collection command is sent after content distribution, the content can be collected (deleted) in the destination of circulation.
    Type: Grant
    Filed: June 9, 2006
    Date of Patent: September 6, 2011
    Assignee: Panasonic Corporation
    Inventors: Natsume Matsuzaki, Kaoru Yokota, Masao Nonaka
  • Patent number: 7996673
    Abstract: A system for encrypting and decrypting messages using a browser in either a web or wireless device or secure message client software for transmission to or from a web server on the Internet connected to an email server or message server for the situation where the sender does not possess the credentials and public key of the recipients. The encryption and decryption is conducted using a standard web browser on a personal computer or a mini browser on a wireless device, or message client software on either a personal computer or wireless devices such that messages transmitted to the web or wireless browser or message client software can be completed and encrypted and signed by the user such that encrypted and signed data does not require credentials and public key of the recipients. A method for delivering and using private keys to ensure that such keys are destroyed after use is also provided.
    Type: Grant
    Filed: May 12, 2004
    Date of Patent: August 9, 2011
    Assignee: Echoworx Corporation
    Inventors: Viatcheslav Ivanov, Qinsheng Lai, Michael Graves Mansell, Michael Albert Roberts, Joseph Dominic Michael Sorbara
  • Patent number: 7987370
    Abstract: A digital watermark is added to audio or visual content. An illustrative embodiment segments the content, permutes the segments, and transforms such data into another domain. The transformed data is altered slightly to encode a watermark. The altered data can then be inverse-transformed, and inverse-permuted, to return same to substantially its original form. Related watermark decoding methods are also detailed, as are ancillary features and techniques.
    Type: Grant
    Filed: November 14, 2007
    Date of Patent: July 26, 2011
    Assignee: Digimarc Corporation
    Inventors: Andrew Johnson, Michael Biggar