Access Limiting Patents (Class 711/163)
  • Patent number: 10402564
    Abstract: A computer-implemented method for analyzing operations of privilege changes is presented. The computer-implemented method includes inputting a program and performing source code analysis on the program by generating a privilege control flow graph (PCFG), generating a privilege data flow graph (PDFG), and generating a privilege call context graph (PCCG). The computer-implemented method further includes, based on the source code analysis results, instrumenting the program to perform inspections on execution states at privilege change operations, and performing runtime inspection and anomaly prevention.
    Type: Grant
    Filed: June 15, 2017
    Date of Patent: September 3, 2019
    Assignee: NEC Corporation
    Inventors: Junghwan Rhee, Yuseok Jeon, Zhichun Li, Kangkook Jee, Zhenyu Wu, Guofei Jiang
  • Patent number: 10402374
    Abstract: Embodiments of the disclosure provide techniques managing a log-structured solid state drive (SSD) format in a distributed storage system. SSDs in the distributed storage system maintains a journal of logical changes to storage objects to persist prepared and committed changes in the latency path. The journal includes metadata entries that describe changes and reference data pages. Dense data structures (such as a logical block addressing table) index the metadata entries. To reduce the amount of overhead in I/O operations, the distributed storage system maintains the dense data structures in memory rather than on disk.
    Type: Grant
    Filed: August 26, 2014
    Date of Patent: September 3, 2019
    Assignee: VMware, Inc.
    Inventors: William Earl, Christos Karamanolis, Kiran Joshi
  • Patent number: 10394576
    Abstract: To enable a fast configuration of a control or of a total plant, a control for the safe control of at least one machine is provided having at least one input unit for receiving input signals from at least one signal generator; having at least one output unit for outputting output signals to the at least one machine; having a control unit for generating the output signals in dependence on the input signals; and having a connection unit having at least one connection socket for connecting an external input device that can be used or configuring the control, wherein the connection unit has at least one connection terminal for connecting the signal generators and/or the machine and is separable from the control and wherein the connection socket can be removed from the connection unit or from the control and comprises a memory with configuration data of the control.
    Type: Grant
    Filed: October 13, 2017
    Date of Patent: August 27, 2019
    Assignee: SICK AG
    Inventor: Markus Saumer
  • Patent number: 10379745
    Abstract: A system and method of enabling simultaneous kernel mode access and user mode access to an NVMe device using the NVMe interface are disclosed. The method includes creating a first set of queue(s) by at least reserving a first range of memory addresses in the kernel space; providing a location address and size of the first set of queues to a controller of the NVMe device; receiving a request for user mode access from a user application process running on the host computer system; and performing the following in response to receiving the request for user mode access: creating a second set of queue(s) by at least reserving a second range of memory addresses mapped for use by the user application process, and providing a location address and size of the second set of queues to the user application process and the controller of the NVMe device.
    Type: Grant
    Filed: October 19, 2016
    Date of Patent: August 13, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Konstantin Vyshetsky, Carlos Olle Francisco, Manoj Guthula
  • Patent number: 10372669
    Abstract: A respective volatility attribute associated with each of one or more tables of a computerized database is used to determine circumstances under which a page of table data is paged out of memory, by preferentially retaining pages from volatile database tables in memory. Various optional additional uses of a volatility attribute to manage a database are disclosed. Preferably, database parameters are automatically monitored over time and database table volatility state is automatically determined and periodically adjusted.
    Type: Grant
    Filed: December 10, 2014
    Date of Patent: August 6, 2019
    Assignee: International Business Machines Corporation
    Inventors: Rafal P. Konik, Roger A. Mittelstadt, Brian R. Muras, Mark W. Theuer
  • Patent number: 10365838
    Abstract: A N-way merge technique efficiently updates metadata in accordance with a N-way merge operation managed by a volume layer of a storage input/output (I/O) stack executing on one or more nodes of a cluster. The metadata is embodied as mappings from logical block addresses (LBAs) of a logical unit (LUN) accessible by a host to durable extent keys, and is organized as a multi-level dense tree. The mappings are organized such that a higher level of the dense tree contains more recent mappings than a next lower level, i.e., the level immediately below. The N-way merge operation is an efficient (i.e., optimized) way of updating the volume metadata mappings of the dense tree by merging the mapping content of all three levels in a single iteration, as opposed to merging the content of the first level with the content of the second level in a first iteration of a two-way merge operation and then merging the results of the first iteration with the content of the third level in a second iteration of the operation.
    Type: Grant
    Filed: November 21, 2017
    Date of Patent: July 30, 2019
    Assignee: NetApp, Inc.
    Inventors: Janice D'Sa, Ling Zheng, Blake H. Lewis
  • Patent number: 10360394
    Abstract: A system may register a use case with the use case including an application. An application identifier may be assigned to the application. The system may generate a transformation associated with the use case. The transformation may include logic to derive an output variable from a source variable. The system may also execute the transformation to derive output data for the output variable from source data of the source variable. The system may further lookup an access permission for the application using the application identifier in response to an access request.
    Type: Grant
    Filed: November 18, 2015
    Date of Patent: July 23, 2019
    Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.
    Inventors: Ravi Arasan, Carmen Patricia Argüello, Sandeep Bose, Kunal Chandrashekhar Joshi, Matthew Kent Meyer, Himanshu Prabhakar, Gurusamy Ramasamy, Jeremy D. Seideman, Roopesh R. Varier
  • Patent number: 10355861
    Abstract: Cryptographic affinities are generated to improve security in data centers. When a blade server is hot swapped, the cryptographic affinities protect electronic data stored within the blade server. The cryptographic affinities are generated based on hashing a unique chassis identifier. If the blade server is installed in a different chassis, the cryptographic affinities lock out the different chassis from read, write, and other access operations. The cryptographic affinities may even require deleting or reformatting before rekeying is commenced.
    Type: Grant
    Filed: March 28, 2017
    Date of Patent: July 16, 2019
    Assignee: Dell Products, LP
    Inventors: Sushma Basavarajaiah, Rama R. Bisa, Chitrak Gupta, Mukund P. Khatri
  • Patent number: 10353864
    Abstract: A respective volatility attribute associated with each of one or more tables of a computerized database is used to determine circumstances under which a page of table data is paged out of memory, by preferentially retaining pages from volatile database tables in memory. Various optional additional uses of a volatility attribute to manage a database are disclosed. Preferably, database parameters are automatically monitored over time and database table volatility state is automatically determined and periodically adjusted.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: July 16, 2019
    Assignee: International Business Machines Corporation
    Inventors: Rafal P. Konik, Roger A. Mittelstadt, Brian R. Muras, Mark W. Theuer
  • Patent number: 10346050
    Abstract: Systems, methods, and computer-readable media are disclosed for virtualizing memory compute function resources to improve resource utilization and system performance are disclosed. A virtualized hypervisor may be provided that is configured to instantiate a respective memory function controller of each memory controller present in a system/device. The virtualized hypervisor may be further configured to maintain the memory function controllers and their corresponding memory compute functionality as shareable resources that can be allocated to system components upon request. The virtualized hypervisor may allocate a memory function controller and its corresponding memory compute functionality to a system component, and may further provide the system component with an exclusive grant of memory compute pages that can be utilized by the allocated memory function controller to execute a memory compute function to perform one or more operations (e.g., one or more computations) on behalf of the system component.
    Type: Grant
    Filed: October 26, 2016
    Date of Patent: July 9, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Edgar R. Cordero, Ananda Haridass, Arun Joseph, Diyanesh B. C. Vidyapoornachary
  • Patent number: 10331499
    Abstract: Multiple lock assemblies are distributed on a chip, each lock assembly manage a lock application message for applying for a lock and a lock release message for releasing a lock that are sent by one small core. Specifically, embodiments include receiving a lock message sent by a small core, where the lock message carries a memory address corresponding to a lock requested by a first thread in the small core; calculating, using the memory address of the requested lock, a code number of a lock assembly to which the requested lock belongs; and sending the lock message to the lock assembly corresponding to the code number, to request the lock assembly to process the lock message.
    Type: Grant
    Filed: August 25, 2017
    Date of Patent: June 25, 2019
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Weizhi Xu, Zhimin Tang, Zhimin Zhang, Fenglong Song
  • Patent number: 10324863
    Abstract: Generally, this disclosure provides systems, methods and computer readable media for a protected memory view in a virtual machine (VM) environment enabling nested page table access by trusted guest software outside of VMX root mode. The system may include an editor module configured to provide access to a nested page table structure, by operating system (OS) kernel components and by user space applications within a guest of the VM, wherein the nested page table structure is associated with one of the protected memory views. The system may also include a page handling processor configured to secure that access by maintaining security information in the nested page table structure.
    Type: Grant
    Filed: June 24, 2013
    Date of Patent: June 18, 2019
    Assignee: Intel Corporation
    Inventors: Michael Lemay, David M. Durham, Ravi L. Sahita, Andrew V. Anderson
  • Patent number: 10318438
    Abstract: An apparatus includes a memory, an interface and read restriction logic. The read restriction logic is configured to receive via the interface a request to read a data value from a specified address of the memory, to retrieve the data value from the specified address, to check, upon finding that the specified address falls in an address range that is predefined as restricted, whether the retrieved data value belongs to a predefined set of permitted data values, to respond to the request with the retrieved data value when the retrieved data value belongs to the set of permitted data values, and, otherwise, when the retrieved data value does not belong to the set of permitted data values, to respond to the request with a dummy data value.
    Type: Grant
    Filed: December 7, 2017
    Date of Patent: June 11, 2019
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Ziv Hershman, Dan Morav
  • Patent number: 10318440
    Abstract: An example method for remapping a group of system registers. The method may include receiving, by a secure access control mechanism, a request to remap one of a group of system registers from an association with a first access policy group to an association with a second access policy group. The method may include storing the remapping array at a memory of the secure access control mechanism, where a first value stored in a first entry of the remapping array maps the one of the group of system registers to the second access policy group. The method may include remapping, by the secure access control mechanism, the one of a group of system registers from the association with the first access policy group to the association with the second access policy group using the remapping array.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: June 11, 2019
    Assignee: Intel Corporation
    Inventors: Nagaraju N. Kodalapura, Vladimir Beker, Raghunandan Makaram
  • Patent number: 10313424
    Abstract: A cloud application processing method and related apparatus are provided. The method is performed by a cloud service provider, and may include determining that a working state of a first virtual machine satisfies a condition for adding a virtual machine, determining, according to an emergency policy corresponding to a first application running on the first virtual machine, a second application that has an emergency relationship with the first application, and instructing a second virtual machine on which the second application is hosted to run the first application deployed on the second virtual machine, creating a third virtual machine, deploying and starting the first application on the third virtual machine, and instructing the second virtual machine to stop running the first application after the first application is started on the third virtual machine.
    Type: Grant
    Filed: October 21, 2016
    Date of Patent: June 4, 2019
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Jie Zhu, Yi Zhang, Jin Qin
  • Patent number: 10304557
    Abstract: A data storage device includes a flash memory and a controller. The controller is coupled to the flash memory and includes a ROM which stores a boot code. In an initialization procedure of the data storage device, the controller does not access the flash memory and receives a debug code from an external device, and executes the boot code and the debug code to complete the initialization procedure.
    Type: Grant
    Filed: May 26, 2017
    Date of Patent: May 28, 2019
    Assignee: SILICON MOTION, INC.
    Inventor: Wen-Chun Jian
  • Patent number: 10296467
    Abstract: A host central processing unit subsystem that writes information to external memory may provide policy to the external memory. Then every time a write comes from the host subsystem, a memory controller within the memory may check the write against the policy stored in the memory and decide whether or not to implement the write.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: May 21, 2019
    Assignee: Intel Corporation
    Inventors: Vinodh Gopal, Gilbert M. Wolrich, Kirk S. Yap
  • Patent number: 10296741
    Abstract: An embodiment involves secure memory implementation for secure execution of virtual machines. Data is processed in a first mode and a second mode, and commands are sent to a chip interconnect bus using real addresses, wherein the chip interconnect bus includes a number of bits for the real addresses. A memory controller is operatively coupled to a memory component. A secure memory range is specified by using range registers. If the real address is detected to be in the secure memory range to match a memory component address, a real address bit is set. If the real address is in the memory address hole, a security access violation is detected. If the real address is not in the secure address range and the real address bit is set, the security access violation is detected.
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: May 21, 2019
    Assignee: International Business Machines Corporation
    Inventors: William E. Hall, Guerney D. H. Hunt, Ronald N. Kalla, Jentje Leenstra, Paul Mackerras, William J. Starke, Jeffrey A. Stuecheli
  • Patent number: 10289873
    Abstract: The present disclosure includes systems and techniques relating to information flow and hardware security for digital devices and microprocessor systems. In general, in one implementation, a technique includes: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving a security property specifying a restriction relating to the one or more labels for implementing a secure information flow in the hardware configuration; designating each of the one or more labels to a corresponding security level in accordance with the specified restriction; and automatically assigning a respective value to each of the one or more labels in the hardware design, wherein each respective value is determined in accordance with the corresponding security level designated for each of the one or more labels.
    Type: Grant
    Filed: April 28, 2016
    Date of Patent: May 14, 2019
    Assignee: Tortuga Logic Inc.
    Inventors: Jason K. Oberg, Jonathan Valamehr, Ryan Kastner, Timothy Sherwood
  • Patent number: 10282685
    Abstract: Described herein is a computer implemented method for maintaining a plurality of issues, each issue having an associated rank value, the rank values of the plurality of issues defining an order of the plurality of issues. The method comprises receiving a rank operation request to change the rank of a subject issue; determining relevant issues to the rank operation request; and attempting to acquire locks on each of the relevant issues. In response to successfully acquiring locks on each of the relevant issues a new rank value for the subject issue is calculated and saved.
    Type: Grant
    Filed: February 13, 2015
    Date of Patent: May 7, 2019
    Assignee: ATLASSIAN PTY LTD
    Inventors: Mark Lassau, Matt Quail, Nikolay Petrov, Ivo Bosticky, Michael Elias
  • Patent number: 10268601
    Abstract: In a system executing a program, a method comprises detecting one or more input/output calls associated with the program and re-randomizing memory associated with the program in response to the one or more input/output calls. A related system is also described.
    Type: Grant
    Filed: June 17, 2016
    Date of Patent: April 23, 2019
    Assignee: Massachusetts Institute of Technology
    Inventors: Hamed Okhravi, Thomas R. Hobson, David O. Bigelow, Robert Rudd, David M. Perry, Kristin S. Dahl, William W. Streilein
  • Patent number: 10261949
    Abstract: A method for operating a network element includes obtaining a write request that specifies a variable length data. The method includes identifying a row of a table based on the write request. The method includes processing the row to identify an empty portion of a variable length data storage portion of the row. The method includes determining an offset that that specifies the location of the empty portion. The method includes storing the offset and a length of the variable length data in a fixed length storage element of the fixed length data storage portion. The method includes storing the variable length data in the empty portion of the variable length data storage portion.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: April 16, 2019
    Assignee: Arista Networks, Inc.
    Inventors: Michael Greenwald, Stephen Schleimer, Daniel Greene
  • Patent number: 10248786
    Abstract: Systems, apparatuses and methods may provide for detecting an attempt by an operating system (OS) to access a non-OS managed resource and injecting, in response to the attempt, an access event into a platform security component via a guest kernel associated with the OS. Additionally, a response to the attempt may be made based on a policy response from the platform security component. In one example, the attempt is detected with respect to one or more extended page table (EPT) permissions set by a security virtual machine monitor (SVMM). Moreover, injecting the access event into the platform security component may include invoking a previously registered policy callback.
    Type: Grant
    Filed: December 24, 2015
    Date of Patent: April 2, 2019
    Assignee: Intel Corporation
    Inventors: Harshawardhan Vipat, Manohar R. Castelino, Barry E. Huntley, Kuo-Lang Tseng
  • Patent number: 10241801
    Abstract: An apparatus includes a register file and a binary translator to create a plurality of strands and a plurality of iteration windows, where each iteration window of the plurality of iteration windows is allocated a set of continuous registers of the register file. The apparatus further includes a buffer to store strand documentation for a strand from the plurality of strands, where the strand documentation for the strand is to include an indication of a current register base for the strand. The apparatus further includes an execution circuit to execute an instruction to update the current register base for the strand in the strand documentation for the strand based on a fixed step value and an iteration window size.
    Type: Grant
    Filed: December 23, 2016
    Date of Patent: March 26, 2019
    Assignee: INTEL CORPORATION
    Inventors: Jayesh Iyer, Sergey P. Scherbinin, Alexander Y. Ostanevich, Dmitry M. Maslennikov, Denis G. Motin, Alexander V. Ermolovich, Andrey Chudnovets, Sergey A. Rozhkov, Boris A. Babayan
  • Patent number: 10235048
    Abstract: Embodiments of the present disclosure relate to the field of computer data processing, and provide a data processing method and a smart device, which can effectively resolve a problem of abnormal rewriting of data in a read-only partition of an embedded multimedia card (eMMC) while ensuring that normal upgrading is not affected. The method includes receiving a write protection cancellation command sent by a central processing unit, executing the write protection cancellation command on a specified partition that is in the read-only partition and that is used to store an upgrade file, receiving the upgrade file sent by the central processing unit, writing the upgrade file to the specified partition, after completing writing the upgrade file, sending a write completion message to the central processing unit, receiving a write protection command sent by the central processing unit, and executing the write protection command on the specified partition.
    Type: Grant
    Filed: June 30, 2014
    Date of Patent: March 19, 2019
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Zhigang Li, Guojun Shi, Yingchun Zhao
  • Patent number: 10235401
    Abstract: A method includes storing data entities in data storage blocks, a logical structure of the storage of the data entities in the data storage blocks is a database including the data entities stored in tables, receiving a request message including an instruction to execute operations using data of the data entities being logically stored in one or more rows of the data entities in the table and physically stored in the data storage blocks of a processing set, determining that the data entity to be used for execution of the operations is stored across the data storage blocks, generating a processing subset in response to the determining that the data entity is stored across the data storage blocks, and executing the operations using a portion of the data stored in the processing subset.
    Type: Grant
    Filed: October 25, 2016
    Date of Patent: March 19, 2019
    Assignee: International Business Machines Corporation
    Inventors: Gregor Moehler, Torsten Steinbach, Knut Stolze, Mathias Trumpp
  • Patent number: 10229142
    Abstract: A method includes storing data entities in data storage blocks, a logical structure of the storage of the data entities in the data storage blocks is a database including the data entities stored in tables, receiving a request message including an instruction to execute operations using data of the data entities being logically stored in one or more rows of the data entities in the table and physically stored in the data storage blocks of a processing set, determining that the data entity to be used for execution of the operations is stored across the data storage blocks, generating a processing subset in response to the determining that the data entity is stored across the data storage blocks, and executing the operations using a portion of the data stored in the processing subset.
    Type: Grant
    Filed: September 14, 2015
    Date of Patent: March 12, 2019
    Assignee: International Business Machines Corporation
    Inventors: Gregor Moehler, Torsten Steinbach, Knut Stolze, Mathias Trumpp
  • Patent number: 10223447
    Abstract: A playlist preview is generated to provide a preview of media content items identified by a media playlist. The playlist preview can be created by selecting all or some of the media content items in the playlist, determining preview portions of the selected media content items, and arranging the preview portions with or without a transition effect. The playlist preview can be easily shared with other users through, for example, social media sites.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: March 5, 2019
    Assignee: SPOTIFY AB
    Inventor: Tristan Jehan
  • Patent number: 10216176
    Abstract: A substrate processing apparatus includes a plurality of arms used for transferring a substrate, a plurality of processing sections for processing the substrate, a recipe storage section storing at least one recipe for designating at least one of the plurality of arms as a usable arm and at least one of the plurality of processing sections as a usable processing section and for specifying processing conditions in the usable processing section, and a control unit for, according to the at least one recipe, controlling the plurality of arms and the plurality of processing sections so that a substrate is transferred using the usable arm and is processed in the usable processing section under the processing conditions.
    Type: Grant
    Filed: April 29, 2014
    Date of Patent: February 26, 2019
    Assignee: ASM IP HOLDING B.V.
    Inventor: Takashi Wada
  • Patent number: 10210325
    Abstract: A system that includes a vault management console configured to determine a measurement request for virtual machine operating characteristics metadata. The system further includes a guest virtual machine that includes virtual machine measurement points and a hypervisor control point. The system further includes a hypervisor associated with the guest virtual machine that is configured to communicate the measurement request to the hypervisor control point. The hypervisor is further configured to receive a packet with the virtual machine operating characteristics metadata and to communicate the packet to the virtual vault machine. The hypervisor device driver is configured to receive the packet from the hypervisor and to communicate the virtual machine operating characteristics to an analysis tool.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: February 19, 2019
    Assignee: Armor Defense Inc.
    Inventors: Jeffery Ray Schilling, Chase Cooper Cunningham, Tawfiq Mohan Shah, Srujan Das Kotikela
  • Patent number: 10210086
    Abstract: Provided are techniques for fast cache demotions in storage controllers with metadata. A track in a demotion structure is selected. In response to determining that the track in the demotion structure does not have invalidate metadata set, demoting the track from cache. In response to determining that the track has invalidate metadata set, the track is moved from the demotion structure to an invalidate metadata structure. One or more tasks are created to process the invalidate metadata structure, wherein each of the one or more tasks selects a different track in the invalidate metadata structure, invalidates metadata for that track, and demotes that track.
    Type: Grant
    Filed: August 16, 2017
    Date of Patent: February 19, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Kyler A. Anderson, Kevin J. Ash, Lokesh M. Gupta
  • Patent number: 10204052
    Abstract: A directory maintenance method and apparatus are provided. The method includes sending, by a main memory according to a correspondence between a cache line in a directory and a cache, listening information to each cache corresponding to a cache line at a preset frequency; receiving, by each cache corresponding to the cache line, the listening information, and sending a listening response according to the listening information; and receiving, by the main memory, the listening response, and updating the directory according to the listening response, where the listening response includes a state of the cache line in the cache sending the listening response. The directory maintenance method and apparatus that are disclosed in the present invention can lower an impact of listening caused due to replacement on normal processing of a processor, and reduce degradation of system performance.
    Type: Grant
    Filed: March 2, 2015
    Date of Patent: February 12, 2019
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Chenghong He, Yongbo Cheng, Kejia Lan
  • Patent number: 10185736
    Abstract: In various embodiments, methods and systems for optimizing database transactions based on replicable differential data store data structure are provided. A write operation request, having a key for a write operation on a replicable differential store data structure, is accessed. An intent write lock on a differential state and a write lock on the key are acquired. The differential state comprises a result set of currently committing transactions. A transaction instance, of the write operation, is generated for a write set, the transaction instance comprising a modification to the key. The write-set comprises an uncommitted set of writes for in-flight transactions. A determination is made that the write operation is committed. A result of the transaction instance is persisted when the write operation is committed. It is contemplated that the differential state and a consolidated state can be merged, the consolidated state comprises a result set of previously committed transactions.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: January 22, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Mihail Gavril Tarta, Gopal Kakivaya, Preetha Lakshmi Subbarayalu
  • Patent number: 10185726
    Abstract: Systems, computer program products and methods implementing access control for compound structures including subfields are described. A policy system receives a database schema and a data access policy. The database schema defines multiple subfields of a data column. The policy includes one or more rules limiting access to the subfields. A policy analyzer of the policy system creates an access control metadata that stores correspondence between the subfields and the rules. The policy analyzer represents the subfields in the access control metadata using relations between subfields and other components of the database. The policy analyzer provides the access control metadata to a policy enforcer for enforcing the policy on the subfields.
    Type: Grant
    Filed: August 26, 2016
    Date of Patent: January 22, 2019
    Assignee: BlueTalon, Inc.
    Inventors: Prasad Mujumdar, Rakesh Khanduja, Pratik Verma
  • Patent number: 10169253
    Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: January 1, 2019
    Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam, Tal Garfinkel, Dan Boneh
  • Patent number: 10162636
    Abstract: A control apparatus, an integrated circuit, and a management method for a stack are provided. The management method for the stack includes: obtaining an instruction of running a task with a first function; changing a pointer of the stack in an internal memory from pointing to an internal memory to an external memory before executing the first function, wherein the stack in the internal memory is used by the task; executing the first function, wherein first temporary information that is needed to be stored during a period of executing the first function is stored into the external memory pointed to by the pointer of stack; and adjusting the pointer of the stack to point to the internal memory after finishing executing the first function. According to the above-mentioned management method for the stack, the cost is reduced, and low power consumption can be achieved.
    Type: Grant
    Filed: November 8, 2016
    Date of Patent: December 25, 2018
    Assignee: MediaTek Singapore Pte. Ltd.
    Inventor: Hua Fu
  • Patent number: 10163107
    Abstract: In some examples, methods and systems may institute technical fallback by determining, by a payment processing system, and based on analysis of the communication status indicator and the data obtained when a magnetic stripe of the payment object is introduced in magnetic stripe object reader, whether the payment object was swiped while an EMV object reader was communicatively coupled to the POS terminal. If the magnetic stripe of the payment object was swiped while the EMV object reader was connected to the POS terminal, the payment processing system extracts a transaction count indicating a number of times the customer has attempted to insert a chip of the payment object into the EMV object reader prior to swiping magstripe. By comparing the transaction count with a threshold count, the payment processing system authorizes the payment transaction as a technical fallback transaction if the transaction count is greater than the threshold count.
    Type: Grant
    Filed: March 31, 2016
    Date of Patent: December 25, 2018
    Assignee: Square, Inc.
    Inventors: Michael Wells White, Jason Holmes, Martin Mroz, David Terra, Charles Nicholson
  • Patent number: 10162668
    Abstract: Some embodiments of the present invention include a method comprising: accessing units of network storage that encode state data of respective virtual machines, wherein the state data for respective ones of the virtual machines are stored in distinct ones of the network storage units such that the state data for more than one virtual machine are not commingled in any one of the network storage units.
    Type: Grant
    Filed: September 11, 2017
    Date of Patent: December 25, 2018
    Assignee: VMware, Inc.
    Inventors: Daniel K. Hiltgen, Rene W. Schmidt
  • Patent number: 10157276
    Abstract: A system including a guest virtual machine with one or more virtual machine measurement points configured to collect virtual machine operating characteristics metadata and a hypervisor control point configured to receive virtual machine operating characteristics metadata from the virtual machine measurement points. The hypervisor control point is further configured to send the virtual machine operating characteristics metadata to a hypervisor associated with the guest virtual machine. The system further includes the hypervisor configured to receive the virtual machine operating characteristics metadata and to forward the virtual machine operating characteristics metadata to a hypervisor device driver in a virtual vault machine. The system further includes the virtual vault machine configured to determine a classification for the guest virtual machine based on the virtual machine operating characteristics metadata and to send the determined classification to a vault management console.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: December 18, 2018
    Assignee: Armor Defense Inc.
    Inventors: Jeffery Ray Schilling, Chase Cooper Cunningham, Tawfiq Mohan Shah, Srujan Das Kotikela
  • Patent number: 10140329
    Abstract: Processing transactions in a distributed computing system that includes multiple processing modules includes: storing data items in a data storage system accessible to multiple processes running in the distributed computing system, where the data items are totally ordered according to an ordering rule, and at least some of the processes are running on different processing modules; and processing transactions using a plurality of the multiple processes. Processing a transaction using one of the plurality of the multiple processes includes: receiving a set of requests for accessing data items stored in the data storage system (where the requests are in a first order), obtaining locks on the data items sequentially in the first order if each of the locks is obtained within a first time interval, and, if any of the locks is not obtained within the first time interval, restarting the transaction being processed.
    Type: Grant
    Filed: March 22, 2016
    Date of Patent: November 27, 2018
    Assignee: Ab Initio Technology LLC
    Inventor: Craig W. Stanfill
  • Patent number: 10140182
    Abstract: A method for execution by a resource allocation module includes facilitating migration of a first set of encoded data slices stored at a storage unit for decommissioning to a newly commissioned storage unit, and facilitating migration of a remaining set of encoded data slices stored at the storage unit for decommissioning as foster encoded data slices to at least one other storage unit. For each foster encoded data slice, it is determined whether to facilitate migration of the foster encoded data slice to the newly commissioned storage unit. When determining to facilitate the migration of the foster encoded data slice, the migration of the foster encoded data slice to the newly commissioned storage unit is facilitated. An association of the newly commissioned storage unit and identity of the foster encoded data slice is updated in response to detecting successful migration of the foster encoded data slice.
    Type: Grant
    Filed: December 14, 2017
    Date of Patent: November 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: Thomas F. Shirley, Jr., Gary W. Grube, Bart R. Cilfone, Ravi V. Khadiwala, Greg R. Dhuse, Thomas D. Cocagne, Michael Colin Storm, Yogesh R. Vedpathak, Wesley B. Leggette, Jason K. Resch, Andrew D. Baptist, Ilya Volvovski
  • Patent number: 10133864
    Abstract: Methods and systems are disclosed for implementing a secure application execution environment using Derived User Accounts (SAE DUA) for Internet content. Content is received and a determination is made if the received content is trusted or untrusted content. The content is accessed in a protected derived user account (DUA) such as a SAE DUA if the content is untrusted otherwise the content is accessed in a regular DUA if the content is trusted.
    Type: Grant
    Filed: September 22, 2015
    Date of Patent: November 20, 2018
    Assignee: Google LLC
    Inventor: Úlfar Erlingsson
  • Patent number: 10126983
    Abstract: Methods, apparatus and articles of manufacture are disclosed to enforce life cycle rules in a modularized virtualization topology using virtual hard disks. An example method includes, in response to a request to access a first virtual hard disk in a virtual computing environment, identifying, with a processor, a life cycle stage. The example method also includes determining, with the processor, whether a condition associated with the life cycle stage applies to the first virtual hard disk. The example method also includes refusing, with the processor, to mount, refusing to dis-mount, mounting or dis-mounting the first virtual hard disk if the condition is satisfied.
    Type: Grant
    Filed: June 24, 2015
    Date of Patent: November 13, 2018
    Assignee: VMWARE, INC.
    Inventor: Ilan Uriel
  • Patent number: 10114948
    Abstract: Technologies for securing an electronic device include determining addresses of one or more memory pages, injecting for each memory page a portion of identifier data into the memory page, storing an indication of the identifier data injected into each of the memory pages, determining an attempt to access at least one of the memory pages, determining any of the identifier data present on a memory page associated with the attempt, comparing the indication of the identifier data with the determined identifier data present on the memory page, and, based on the comparison, determining whether to allow the access.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: October 30, 2018
    Assignee: McAfee, LLC
    Inventor: Jonathan Edwards
  • Patent number: 10114905
    Abstract: A computer-implemented method for providing a plurality of security schemes and allowing a particular user of a computer system from among a plurality of users of the computer system to select a security scheme to be associated with the user independent of the security scheme selected by a remainder of the plurality of users of the computer system, thereby providing user customizable security to the computer system. At least one of the security schemes is comparatively more secure than another. Selections of security schemes are included with account information of the particular user and are used in connection with authorizing the particular user to use the computer system. First and second users can each select different security schemes based on their personal preferred balance between convenience and security and have their respective access to the computer system managed in relation to the selections included with their respective accounts.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: October 30, 2018
    Assignee: EASYWEB INNOVATIONS, INC.
    Inventor: John D. Codignotto
  • Patent number: 10108955
    Abstract: Disclosed are various embodiments of a file service which meters costs associated with aggregated file storage. A separate storage area is created for each of a plurality of cost center managers. A default storage area is created that is not associated with any of the cost center managers. Each storage area is divided into a plurality of logical partitions. Each logical partition corresponds to a content user. A content user is allowed to access a file in the corresponding logical partition of the corresponding storage area.
    Type: Grant
    Filed: March 14, 2011
    Date of Patent: October 23, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Piragash Velummylum, Johanna S. Olson, Korwin J. Smith, James H. Wood, Wenlin Ma
  • Patent number: 10103873
    Abstract: A processing system includes a processing core and a hardware accelerator communicatively coupled to the processing core. The hardware accelerator includes a random number generator to generate a byte order indicator. The hardware accelerator also includes a first switching module communicatively coupled to the random value indicator generator. The switching module receives an byte sequence in an encryption round of the cryptographic operation and feeds a portion of the input byte sequence to one of a first substitute box (S-box) module or a second S-box module in view of a byte order indicator value generated by the random number generator.
    Type: Grant
    Filed: April 1, 2016
    Date of Patent: October 16, 2018
    Assignee: Intel Corporation
    Inventors: Raghavan Kumar, Sanu K. Mathew, Sudhir K. Satpathy, Vikram B. Suresh
  • Patent number: 10095891
    Abstract: An apparatus includes an interface and a processor. The interface is configured for communicating over a bus. The processor is configured to disrupt on the bus a transaction in which a bus-master device attempts to access a peripheral device without authorization, by forcing one or more dummy values on at least one line of the bus in parallel to at least a part of the transaction.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: October 9, 2018
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Ziv Hershman, Oren Tanami, Dan Morav
  • Patent number: 10089438
    Abstract: The highly secure method and system acquires, processes and produces health care (HC) data and service records from multiple local devices, notwithstanding different operating systems (OS) in such devices, and all accessed and controlled by a cloud computing network. Devices have memories, displays, keypads, cameras and microphones. The system operates on acquired data including image, keypad-text, audio, and speech-converted-to text data generated by respective devices. The method downloads commands to devices (notwithstanding different OS) which delete-acquired-data upon a request to save (upload) data to the cloud computing network. Further data security includes a disable-print-screen command prohibiting local storage of stored acquired data into local devices.
    Type: Grant
    Filed: June 23, 2015
    Date of Patent: October 2, 2018
    Assignee: Symplast LLC
    Inventors: Shashidhar Kusuma, Munish K. Batra, Bhupesh Vasisht
  • Patent number: 10091241
    Abstract: A method of making a “zero knowledge” connection between a computer (2) and an electronic unit (5). At the start of the method, the configuration unit (1) is connected with the computer (2), and a web server is initiated in the configuration unit (1) via the trusted execution environment. A secure network connection is made to a server (3) by the configuration unit (1) and, via the network connection, the items of information required for connection with the electronic units, to which a connection can be made, are synchronized with the trusted execution environment. After synchronization occurs, an electronic unit (5) is selected by the web server via an input of the computer (2), to which electronic unit (5) a connection is made via the trusted execution environment using the stored, synchronized items of information, and via the web server prescribed menu-driven maintenance or configuration steps can be executed.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: October 2, 2018
    Assignee: SKIDATA AG
    Inventor: York Keyser