Security Kernel Or Utility Patents (Class 713/164)
  • Patent number: 11151247
    Abstract: A malicious code detection module identifies potentially malicious instructions in memory of a computing device. The malicious code detection module examines the call stack for each thread running within the operating system of the computing device. Within each call stack, the malicious code detection module identifies the originating module for each stack frame and determines whether the originating module is backed by an image on disk. If an originating module is not backed by an image on disk, the thread containing that originating module is flagged as potentially malicious, execution of the thread optionally is suspended, and an alert is generated for the user or administrator.
    Type: Grant
    Filed: July 13, 2017
    Date of Patent: October 19, 2021
    Assignee: Endgame, Inc.
    Inventor: Joseph W. Desimone
  • Patent number: 11138296
    Abstract: One embodiment provides a method, including: generating, using an information handling device, digital content; providing an indication of the digital content to at least one other device; and receiving, from the at least one other device, a digital signature for the digital content. Other aspects are described and claimed.
    Type: Grant
    Filed: March 1, 2019
    Date of Patent: October 5, 2021
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Russell Speight VanBlon, Mark Patrick Delaney, John Carl Mese, Nathan J. Peterson
  • Patent number: 11133925
    Abstract: Systems are provided for managing access to a log of dataset that is generated when the dataset is accessed. A system stores, with respect to each of a log producer and a log accessor, an encrypted symmetric key for dataset that is encrypted using a corresponding public key. The system returns the encrypted symmetric key for the log producer, such that the log producer can decrypt the dataset that is encrypted using the symmetric key. A log of the dataset is generated when the log producer accesses the dataset.
    Type: Grant
    Filed: May 29, 2018
    Date of Patent: September 28, 2021
    Assignee: Palantir Technologies Inc.
    Inventors: Vaughan Shanks, Andrew Lampert
  • Patent number: 11126771
    Abstract: Methods and systems for verifying, via formal verification, a hardware design for a data transformation pipeline comprising one or more data transformation elements that perform a data transformation on one or more inputs, wherein the formal verification is performed under conditions that simplify the data transformations calculations that the formal verification tool has to perform.
    Type: Grant
    Filed: April 1, 2019
    Date of Patent: September 21, 2021
    Assignee: Imagination Technologies Limited
    Inventor: Sam Elliott
  • Patent number: 11106793
    Abstract: Systems and methods of disarming malicious code in protected content in a computer system having a processor are provided. The method includes determining that a received input file intended for a recipient is protected, the recipient may be connected to a network; accessing a credential associated with the intended recipient for accessing the protected input file; accessing the content of the protected input file based on the credential; modifying at least a portion of digital values of the content of the input file configuring to disable any malicious code included in the input file, thereby creating a modified input file; and protecting the modified input file based on the credential associated with the intended recipient. The method also includes forwarding the protected modified input file to the intended recipient in the network.
    Type: Grant
    Filed: June 21, 2019
    Date of Patent: August 31, 2021
    Assignee: Votiro Cybersec Ltd.
    Inventor: Aviv Grafi
  • Patent number: 11108777
    Abstract: Functionality is disclosed herein for providing temporary access to a resource. A software product that is executing in response to a request from a customer may access one or more resources of a software provider. The resources that may be accessed by a software product may be identified within an access policy. The customer is prevented from accessing the resource when the software product is not executing.
    Type: Grant
    Filed: June 4, 2019
    Date of Patent: August 31, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Graeme David Baer, Jacques Daniel Thomas, Nicholas Andrew Gochenaur
  • Patent number: 11102003
    Abstract: Techniques for implementing a ledger-independent token service are provided. According to one set of embodiments, a computer system executing the service can receive, from a user, a request to create a token on a distributed ledger network. The computer system can further provide to the user one or more token templates, where each token template corresponds to a type of physical or digital asset and defines a set of one or more attributes and one or more control functions associated with the type. The computer system can then receive, from the user, a selection of a token template in the one or more token templates and create the token on the distributed ledger network, where the created token includes the set of one or more attributes and one or more control functions defined in the selected token template.
    Type: Grant
    Filed: February 25, 2019
    Date of Patent: August 24, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: John Marley Gray, Gregory Philip Cignavitch, Supriya Madhuram, Nayana Singh Patel
  • Patent number: 11075777
    Abstract: Disclosed are various approaches for providing on-demand virtual private network (VPN) connectivity on a per-application basis. An application is determined to have begun execution on a computing device. The application is identified. A determination that the application is authorized to access a VPN connection is made, and the VPN connection is created.
    Type: Grant
    Filed: October 15, 2019
    Date of Patent: July 27, 2021
    Assignee: AIRWATCH LLC
    Inventors: Suman Aluvala, Craig Farley Newell, Naga Sandeep Reddy Kaipu, Sulay Shah
  • Patent number: 11074349
    Abstract: A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree. The first device then sends the validator to the second device.
    Type: Grant
    Filed: January 4, 2019
    Date of Patent: July 27, 2021
    Assignee: CRYPTOGRAPHY RESEARCH, INC.
    Inventors: Paul C. Kocher, Pankaj Rohatgi, Joshua M. Jaffe
  • Patent number: 11063758
    Abstract: Methods, non-transitory computer readable media, and network traffic management apparatuses that obtain one or more custom selection rules and one or more custom priority rules via a graphical user interface (GUI). One or more of the custom selection rules are applied to a cipher suite database to generate a result set of cipher suites. The cipher suite database includes a plurality of cipher suite sets. One or more of the custom priority rules are applied to the result set of cipher suites to generate an ordered result set of cipher suites. A cipher string is generated based on the ordered result set of cipher suites. The cipher string is stored in a secure socket layer (SSL) profile to be used during negotiation of secure network sessions.
    Type: Grant
    Filed: October 6, 2017
    Date of Patent: July 13, 2021
    Assignee: F5 NETWORKS, INC.
    Inventor: Saxon Amdahl
  • Patent number: 11063757
    Abstract: Embodiments of the present invention include a system for utilizing setting information, including a first electronic device and a second electronic device communicably connected to an information processing apparatus via a network. The first electronic device includes first circuitry to: obtain, from a first memory, setting information relating to setting of the first electronic device; accept selection of a saving destination of the setting information; encrypt the setting information in an encryption method determined in accordance with the saving destination; and store the encrypted setting information in the saving destination.
    Type: Grant
    Filed: May 31, 2018
    Date of Patent: July 13, 2021
    Assignee: RICOH COMPANY, LTD.
    Inventors: Masataka Yamazaki, Yoh Masuyama
  • Patent number: 11063759
    Abstract: In various embodiments, the present invention is directed to a decentralized and secure method for developing machine learning models using homomorphic encryption and blockchain smart contracts technology to realize a secure, decentralized system and privacy-preserving computing system incentivizes the sharing of private data or at least the sharing of resultant machine learning models from the analysis of private data. In various embodiments, the method uses a homomorphic encryption (HE)-based encryption interface designed to ensure the security and the privacy-preservation of the shared learning models, while minimizing the computation overhead for performing calculation on the encrypted domain and, at the same time, ensuring the accuracy of the quantitative verifications obtained by the verification contributors in the cipherspace.
    Type: Grant
    Filed: April 29, 2019
    Date of Patent: July 13, 2021
    Assignee: The University of Akron
    Inventors: Jin Kocsis, Yifu Wu, Gihan Janith Mendis Imbulgoda Liyangahawatte
  • Patent number: 11058953
    Abstract: Some implementations relate detection of malicious games. In some implementations, a computer-implemented method includes obtaining a list of games that includes a plurality of games, analyzing the plurality of games to identify at least one likely malicious game, and creating a ticket.
    Type: Grant
    Filed: July 26, 2019
    Date of Patent: July 13, 2021
    Assignee: Roblox Corporation
    Inventors: Arthur Remy Malan, Diana Lee, Michael McHale
  • Patent number: 11042642
    Abstract: A computer-implemented method, non-transitory, computer-readable medium, and computer-implemented system are provided for data transmission in a trusted execution environment (TEE) system. The method can be executed by a thread on a TEE side of the TEE system. The method includes obtaining first data; calling a predetermined function using the first data as an input parameter to switch to a non-TEE side; obtaining a write offset address by reading a first address; obtaining a read offset address by reading a second address; determining whether a quantity of bytes of the first data is less than or equal to a quantity of writable bytes; if so, writing the first data into third addresses starting from the write offset address; updating the write offset address in the first address; and returning to the TEE side.
    Type: Grant
    Filed: June 29, 2020
    Date of Patent: June 22, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Qi Liu, Boran Zhao, Ying Yan, Changzheng Wei
  • Patent number: 11042661
    Abstract: A computing device comprising a frontend and a backend is operably coupled to a plurality of storage devices. The backend comprises a plurality of buckets. Each bucket is operable to build a failure-protected stripe that spans two or more of the plurality of the storage devices. The frontend is operable to encrypt data as it enters the plurality of storage devices and decrypt data as it leaves the plurality of storage devices.
    Type: Grant
    Filed: February 13, 2019
    Date of Patent: June 22, 2021
    Inventors: Maor Ben Dayan, Omri Palmon, Liran Zvibel, Kanael Arditti, Ori Peleg
  • Patent number: 11017113
    Abstract: A database transaction is executed in a computer of a system of networked computers having secure processing enclaves. Within the secure processing enclave, a database transaction log record for the executed database transaction is generated and cryptographically secured using a private key held in secure storage of the secure processing enclave. A state of the distributed database is recorded in a series of transaction log records which is replicated in distributed computer storage accessible to the networked computers. Consensus messages are transmitted and received via secure communication links between the secure processing enclaves of the networked computers, to incorporate the database transaction log record into the series of transaction log records in accordance with a distributed consensus protocol, which is implemented based on consensus protocol logic held within the secure processing enclave.
    Type: Grant
    Filed: November 26, 2018
    Date of Patent: May 25, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Kapil Vaswani, Manuel Costa
  • Patent number: 11005645
    Abstract: A data partition unit partitions character string data D into N pieces of element data w1, w2, . . . , wN from a front to an end of the character string data D. A partial character string generation unit generates a set A={A1, A2, . . . , AN} and an element Ai={(wi), (wiwi+1), . . . , (wiwi+1 . . . wN)} of the set A where i=1, . . . , N, from the element data w1, w2, . . . , wN. A position information assignment unit generates a set B={B1, B2, . . . , BN} and an element Bi={(i, wi, (i, wiwi+1), . . . , (i, wiwi+1 . . . wN)} of the set B by associating each of (wi), (wiwi+1), . . . , (wiwi+1 . . . wN) which are components of the element Ai with position information i. An encryption unit encrypts each of (i, wi), (i, wiwi+1), . . . , (i, wiwi+1 . . . wN) which are components included in the element Bi.
    Type: Grant
    Filed: January 15, 2016
    Date of Patent: May 11, 2021
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Takato Hirano, Yutaka Kawai
  • Patent number: 11003461
    Abstract: A boot process security system includes a processing system including a plurality of registers, and at least one memory system that includes instructions that, when executed by the processing system, cause the processing system to provide a BIOS. During a Driver eXecution Environment (DXE) sub-process that is included in a boot process and that occurs prior to passing control of the boot process to any third-party drivers, the BIOS programs at least one of the plurality of registers in order to configure at least one secure subsystem. The BIOS then verifies, during the boot process, that the at least one secure subsystem has been configured to provide a predetermined configuration, and locks the at least one secure subsystem. The BIOS then confirms that the at least one secure subsystem has been locked prior to passing control of the boot process to any third-party drivers.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: May 11, 2021
    Assignee: Dell Products L.P.
    Inventors: Wei G. Liu, Juan Francisco Diaz, Jayanth Raghuram, Murali Manohar Shanmugam
  • Patent number: 10999214
    Abstract: A method, apparatus and system for a secure memory with restricted access by processors. System has a plurality of processor units (PUs) coupled to a block of memory with at least one section secured (BMSS) against hacking by not allowing all PUs to access BMSS. One or more PUs has access to BMSS and is implemented with a dedicated function(s) that no other PU can perform such as a security function for encryption key checks. A thread running on a given PU that lacks access to a given memory location in BMSS is transferred to another PU with i) access to given memory location in BMSS; ii) implemented dedicated function; and/or iii) locked down instruction memory not free to run other code. Any attempt to breach protocol issues a fault. Existing code is hardened against less secure user code by only permitting authorized routines to transfer to the implemented PU.
    Type: Grant
    Filed: March 19, 2018
    Date of Patent: May 4, 2021
    Inventor: Donald Kevin Cameron
  • Patent number: 10997592
    Abstract: A system generates at least one of a customer token or device token configured to facilitate a mobile wallet transaction, transmits the customer token or device token to a server system for verification of the mobile wallet transaction, receives a screen display to present to the user, the screen display including the account balance information for the account held by the user at the financial institution, receives determination of rewards information regarding rewards available to the user if the user uses the account to perform the transaction, wherein the screen display comprises the rewards information, and provides an indication from the user that the user wishes to perform the mobile wallet transaction to transfer funds to a recipient, wherein the funds are transmitted to the recipient responsive to the provision of the indication from the user.
    Type: Grant
    Filed: December 6, 2016
    Date of Patent: May 4, 2021
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Ashish Bhoopen Kurani
  • Patent number: 10985925
    Abstract: A method and apparatus for a certificate authority system providing authentication to a plurality of devices associated with an organization are described. The method may include receiving, at the certificate authority system, a request from a device to sign authentication information of the device, wherein the device is associated with the organization. The method may also include sending a challenge to the device to perform an action with a system other than the certificate authority system, and receiving the response to the challenge from the device. Furthermore, the method may include verifying that the response was generated correctly based on the challenge, and signing the authentication information of the device with one or more keys of the certificate authority system as an authentication of an identity of the device.
    Type: Grant
    Filed: July 22, 2019
    Date of Patent: April 20, 2021
    Assignee: STRIPE, INC.
    Inventors: Carl Jackson, Bryan Berg, David Terrance Bartley, Evan Broder
  • Patent number: 10969976
    Abstract: Systems and methods for fast storage allocation for encrypted storage are disclosed. An example method may include receiving, by a processing device executing an operating system, an identification of a first storage block that has been released by a first virtual machine; tracking, by the operating system, an encryption status corresponding to the first storage block to indicate whether the first storage block contains encrypted content; receiving a request to allocate storage to a second virtual machine; analyzing, by the operating system, the first storage block to determine that the first storage block contains encrypted content in view of the encryption status corresponding the first storage block; and allocating the first storage block containing the encrypted content to the second virtual machine without clearing the encrypted content of the first storage block.
    Type: Grant
    Filed: November 11, 2019
    Date of Patent: April 6, 2021
    Assignee: Red Hat, Inc.
    Inventors: Henri Han Van Riel, Nitesh Narayan Lal
  • Patent number: 10972264
    Abstract: A method is provided that protects electronic Identity information based on key derived operation. The method includes using an electronic Identity server to send an application derived identifier of the application and user electronic Identity code to a host security module that randomly generates an application master key, encrypts the application derived identifier with the application master key, and gets an application encryption key. The host security module encrypts the user electronic Identity code with the application encryption key, and gets an encryption document. The electronic Identity server codes the encryption document and an application identity code, and gets an application electronic Identity code. The electronic Identity server uses the application electronic Identity code as the user identifier.
    Type: Grant
    Filed: June 17, 2020
    Date of Patent: April 6, 2021
    Assignee: THE THIRD INSTITUTE OF THE MINISTRY OF PUBLIC SECURITY
    Inventors: Xiang Zou, Minghui Yang, Lishun Ni, Yixin Xu, Jun Huang
  • Patent number: 10965701
    Abstract: A threat actor identification system that obtains domain data for a set of domains, generates domain clusters, determines whether the domain clusters are associated with threat actors, and presents domain data for the clusters that are associated with threat actors to brand owners that are associated with the threat actors. The clusters may be generated based on similarities in web page content, domain registration information, and/or domain infrastructure information. For each cluster, a clustering engine determines whether the cluster is associated with a threat actor, and for clusters that are associated with threat actors, corresponding domain information is stored for presentation to brand owners to whom the threat actor poses a threat.
    Type: Grant
    Filed: January 14, 2019
    Date of Patent: March 30, 2021
    Assignee: Proofpoint, Inc.
    Inventors: Gaurav Mitesh Dalal, Hung-Jen Chang, Ali Mesdaq
  • Patent number: 10963557
    Abstract: There is described a computer device, including at least a processor and a memory, configured to control process components on the computer device, the computer device comprising: an operating system, a privilege access management service cooperating with the operating system and an agent; wherein the agent is configured to: intercept a request to instantiate a new process component in a user account of a logged-in user, wherein the request originates from an instance of a particular process component amongst a set of process components and wherein the user account has assigned thereto default user privileges by the privilege access management service; determine whether to permit the intercepted request including by: validating a relationship between the new process component and the particular process component; and establishing a set of identified owners by identifying owners of the new process component, the particular process and any parents thereof; permit the intercepted request if the relationship is v
    Type: Grant
    Filed: September 7, 2018
    Date of Patent: March 30, 2021
    Assignee: AVECTO LIMITED
    Inventors: John Goodridge, Thomas Couser, James William Maude
  • Patent number: 10956477
    Abstract: A method for detecting a cyberattack on a network device is described. The method features receiving script text and performing a normalization operation on the script text to produce a normalized script text. The normalized script text includes a plurality of analytic tokens each being an instance of a sequence of characters grouped together as a useful semantic unit for natural language processing (NLP). Thereafter, a NLP model is applied to the normalized script text to classify a script associated with the script text as malicious or benign. Responsive to the script being classified as malicious, generating an alert message provided to an administrator to identify the malicious script.
    Type: Grant
    Filed: December 13, 2018
    Date of Patent: March 23, 2021
    Assignee: FireEye, Inc.
    Inventors: Chunsheng Fang, Daniel Bohannon
  • Patent number: 10949574
    Abstract: An apparatus for detecting a physical manipulation on a security module that stores security-relevant data includes a sensor device for generating sensor data that describe a physical influence on the security module, and a first and a second monitoring device, wherein the first monitoring device is set up to receive the sensor data from the sensor device and to take the sensor data as a basis for generating first monitoring data, and the second monitoring device is set up to receive the first monitoring data from the first monitoring device and to use the received first monitoring data to detect a manipulation of the security module. Two monitoring devices communicating with one another that in each case can discern a manipulation on the security module are used to ensure a high level of security for the security module.
    Type: Grant
    Filed: April 3, 2018
    Date of Patent: March 16, 2021
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventor: Rainer Falk
  • Patent number: 10951632
    Abstract: Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.
    Type: Grant
    Filed: October 14, 2019
    Date of Patent: March 16, 2021
    Assignee: CUPP Computing AS
    Inventors: Ami Oz, Shlomo Touboul
  • Patent number: 10944567
    Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for communicating and sharing blockchain data. One of the methods includes sending, by a consensus node of a blockchain network, current state information associated with a current block of a blockchain to a trusted node with proof of authority outside of the blockchain network; sending a hash value to the trusted node for retrieving an account state stored in the historic state tree; receiving the account state in response to sending the hash value; and verifying that the account state is part of the blockchain based on the hash value.
    Type: Grant
    Filed: December 13, 2019
    Date of Patent: March 9, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Haizhen Zhuo
  • Patent number: 10936191
    Abstract: An exemplary access control system controls access to a computing system such as a data storage system. For example, the exemplary access control system includes a remote management system that receives a request to operate on an element of the computing system and generates a message based on the request and a first token for the remote management system that is associated with the request. The message includes data representative of a second token for the remote management system. The remote management system signs the message and transmits the signed message to the computing system, which is configured to verify and use the signed message, including the second token included in the signed message, to obtain and use a local access token to access and operate on the element in accordance with the request.
    Type: Grant
    Filed: December 5, 2018
    Date of Patent: March 2, 2021
    Assignee: Pure Storage, Inc.
    Inventors: Sitaraman Suthamali Lakshminarayanan, Christopher Holtz, Jonathan McLachlan, Li Zhao, David M'Raihi, Yu Tan
  • Patent number: 10922179
    Abstract: A method for execution by a dispersed storage network (DSN), the method begins by determining a slice name of an encoded data slice to verify, obtaining the encoded data slice and optionally compressing the encoded data slice, determining a dispersed storage (DS) unit of the stored set of DS units to produce a selected DS unit, sending the compressed encoded data slice request message to the selected DS unit, receiving a compressed encoded data slice response message to produce a selected compressed encoded data slice, determining a compressed encoded data slice partial of the encoded data slice, determining whether a sum of compressed encoded data slice partials compares favorably to the selected compressed encoded data slice, indicating a failed test when the processing module determines that the comparison is not favorable and indicating a passed test when the processing module determines that the comparison is favorable.
    Type: Grant
    Filed: May 30, 2019
    Date of Patent: February 16, 2021
    Assignee: PURE STORAGE, INC.
    Inventors: Jason K. Resch, Greg R. Dhuse
  • Patent number: 10924377
    Abstract: Embodiments described include systems and methods for executing in an embedded browser an application script for network applications of different origins. A client application can establish a first session with a first network application of a first entity at a first origin via an embedded browser within the client application and a second session with a second network application of a second entity at a second origin via the embedded browser within the client application. A scripting engine within the client application of a client device of a user at a third origin can identify an application script having instructions to interact with the first network application and the second network application, and can execute the instructions to perform a task across the first network application of the first entity at the first origin and the second network application of the second entity at the second origin.
    Type: Grant
    Filed: September 11, 2018
    Date of Patent: February 16, 2021
    Assignee: Citrix Systems, Inc.
    Inventor: Abhishek Chauhan
  • Patent number: 10922404
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for a checkout system executable code monitoring, and user account compromise determination system. The system monitors executable code initiating and executing on checkout systems, including determining hashes of the executable code. The system determines whether the executable code is malicious based on the hash, and associated information of the executable code. Additionally, the system monitors user access to checkout systems, and determines user accounts associated with being compromised. User interfaces are generated describing checkout systems associated with a risk of being compromised, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data stores to determine information relevant to the user interaction.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: February 16, 2021
    Assignee: Palantir Technologies Inc.
    Inventors: Adam Healy, Benjamin Jackson, Khoa Pham, Sanjay Paul, Zhi Qiang Liu
  • Patent number: 10909244
    Abstract: An example method includes storing a scenario event list that defines one or more events associated with a training exercise, and configuring, based on the events defined in the scenario event list, one or more software agents to emulate one or more cyber-attacks against a host computing system during the training exercise, which includes configuring the software agents to save a state of one or more resources of the host computing system prior to emulating the cyber-attacks and to restore the state of the resources upon conclusion of the cyber-attacks. The example method further includes deploying the software agents for execution on the host computing system during the training exercise to emulate the cyber-attacks against the host computing system using one or more operational networks.
    Type: Grant
    Filed: July 3, 2019
    Date of Patent: February 2, 2021
    Assignee: ARCHITECTURE TECHNOLOGY CORPORATION
    Inventors: Matthew P. Donovan, Robert A. Joyce, Judson Powers, Dahyun Hollister
  • Patent number: 10902112
    Abstract: There is provided a system (1) comprising: a processing unit (11) equipped with execution modes including a non-secure mode (3) in which access to a protected region of a memory is prohibited by a support function (12) and a secure mode (2) in which access to the protected region is permitted; and a hypervisor (20) which runs in the secure mode. The hypervisor includes: a first setting unit (23) for setting a first operation condition (21), which includes enabling a first OS (30) running in the secure mode to access the protected region and the unprotected region of the memory; and a second setting unit (24) for setting a second operation condition (22a), which includes enabling a second OS (41) running in the non-secure mode to access the unprotected region, using the support function to prevent the second OS (41) from accessing the secure region, and enabling a transition to the secure mode by accessing of the second OS to a first device shared with the first OS.
    Type: Grant
    Filed: August 25, 2016
    Date of Patent: January 26, 2021
    Assignee: Sekisui House, Ltd.
    Inventors: Hidekazu Kato, Shoi Egawa
  • Patent number: 10896065
    Abstract: An operating system interface, responsive to detecting a non-privileged thread request with a scheduling attribute set to a critical setting to request access to at least one privileged core, selectively schedules the non-privileged thread request into a privileged core queue associated with the at least one privileged core only when a resource availability of the at least one privileged class core meets a threshold level of availability, the at least one privileged core providing a higher throughput than at least one regular core. The operating system interface, responsive to detecting a privileged thread request with the scheduling attribute set to the critical setting, automatically scheduling the privileged thread request into the privileged core queue.
    Type: Grant
    Filed: December 1, 2017
    Date of Patent: January 19, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Bruce Mealey, Suresh E. Warrier
  • Patent number: 10887085
    Abstract: The subject matter discloses a computerized system for securing data, comprising a first node, comprising a first memory storage configured to store a first share of a cryptographic key and a communication module, a second node, in communication with the first node, comprising a second memory storage configured to store a second share of the cryptographic key, wherein the first share and the second share of the cryptographic key are required to perform a cryptographic operation using a multi-party computation (MPC) process, wherein the second node further comprises a control unit configured to change an operation mode of the second share from enable to disable, wherein the disable operation mode prevents performing the cryptographic operation using the MPC process.
    Type: Grant
    Filed: February 2, 2018
    Date of Patent: January 5, 2021
    Assignee: UNBOUND TECH LTD.
    Inventors: Guy Pe'er, Valery Osheter, Saar Peer, George Wainblat, Oz Mishli
  • Patent number: 10878105
    Abstract: Disclosed herein are methods and systems of identifying vulnerabilities of an application. An exemplary method comprises identifying at least one function in executable code of the application according to at least one rule for modification of functions, adding an interception code to the executable code of the application upon launching of the application, executing the application with the added interception code, collecting, by the interception code, data relating to function calls performed by the application during execution, analyzing the collected data based on criteria for safe execution of applications, wherein the criteria comprises a range of permissible values of arguments of intercepted function calls and identifying inconsistencies between the analyzed data and the criteria for safe execution of applications, wherein the inconsistencies indicate vulnerabilities in the application.
    Type: Grant
    Filed: September 6, 2018
    Date of Patent: December 29, 2020
    Assignee: AO KASPERSKY LAB
    Inventors: Alexander V. Kalinin, Sergey A. Rumyantsev, Igor Y. Kumagin
  • Patent number: 10871956
    Abstract: Systems, methods and computer program products for providing a multi-tenant application execution environment that provides an object metadata service for managing application configuration in the multi-tenant environment. In one embodiment, a system has an application manager, a bundle manager, and a deployment manager. The application manager captures application metadata for a corresponding version of an application and defines a corresponding bundle which contains metadata that configures the version of the application. The bundle manager validates each bundle and stores the validated bundle in a bundle library in a data storage device. The deployment manager retrieves a master schema and one or more of the bundles from the bundle library and installs the retrieved master schema and the retrieved bundles, generating a tenant schema which is accessible by a corresponding tenant of the multi-tenant environment that has subscribed to the version of the application.
    Type: Grant
    Filed: February 12, 2019
    Date of Patent: December 22, 2020
    Assignee: OPEN TEXT CORPORATION
    Inventors: Sachin Gopaldas Totale, Chaithanya Lekkalapudi, Pawel Tomasz Zieminski, Ravikumar Meenakshisundaram
  • Patent number: 10860229
    Abstract: A request associated with one or more privileges assigned to a first entity may be received. Each of the one or more privileges may correspond to an operation of an integrated circuit. Information corresponding to the first entity and stored in a memory that is associated with the integrated circuit may be identified. Furthermore, the memory may be programmed to modify the information stored in the memory that is associated with the integrated circuit in response to the request associated with the one or more privileges assigned to the first entity.
    Type: Grant
    Filed: August 31, 2015
    Date of Patent: December 8, 2020
    Assignee: CRYPTOGRAPHY RESEARCH INC.
    Inventors: Benjamin Che-Ming Jun, William Craig Rawlings, Ambuj Kumar, Mark Evan Marson
  • Patent number: 10855468
    Abstract: The present invention provides a method for performing Elliptic Curve Cryptography (ECC) on data, the ECC implemented on multiple arithmetic layers. By performing multi-precision multiplication by implementing product-scanning to process columns of intermediary results in order to obtain a multiplication result by computing unsigned multiplication of data, accumulating a result of the multiplication and preserving a generated carry flag such that propagation of the carry flag is delayed, the present invention improves performance.
    Type: Grant
    Filed: May 12, 2017
    Date of Patent: December 1, 2020
    Assignees: LG Electronics, Inc., UNICAMP
    Inventor: Diego F. Aranha
  • Patent number: 10824765
    Abstract: An electronic control unit for a vehicle, the electronic control unit comprising a processor comprising: a processor core; storage, the storage storing data comprising instructions for the processor core; a tamper-resistant hardware security module which is coupled to the storage for reading and writing; and an external interface; the electronic control unit further comprising further storage connected to the processor through the external interface and containing further data; in which the hardware security module is arranged to cause a determination whether the data in the storage has been tampered with and, on a determination that the data has been tampered with, to cause the further data to be loaded into the storage from the further storage over the external interface. Other apparatus and methods for improving the security of electronic control circuits are disclosed.
    Type: Grant
    Filed: July 12, 2016
    Date of Patent: November 3, 2020
    Assignee: TRW Limited
    Inventor: Martin John Thompson
  • Patent number: 10826855
    Abstract: A computing system includes a server comprising email policy rules to be applied to emails containing sensitive information, a mail server to provide the emails, and a client computing device enrolled with the server to access the mail server. An email privacy filter is to be applied to emails from the mail server intended for the client computing device. The email privacy filter interfaces with the server to receive the email policy rules therefrom. The email privacy filter identifies sensitive information within the email. The email privacy filter then applies the email policy rules, in response to identification of sensitive information within the email, to determine if the email is to be hidden from view on the client computing device so as to prevent display of the sensitive information to an unauthorized viewer.
    Type: Grant
    Filed: October 19, 2018
    Date of Patent: November 3, 2020
    Assignee: CITRIX SYSTEMS, INC.
    Inventor: Srinivasa Maddipati
  • Patent number: 10817357
    Abstract: A disclosed method of operating a representational state transfer (REST) server to respond to receiving a batch request includes: extracting a first requested item from the batch request; opening an output stream to a client network; writing a response opening of a batch response to the output stream; writing a first response item opening of the batch response to the output stream; in response to determining that a first REST service indicated by the first requested item is authorized to be invoked based on access control lists (ACLs), invoking the first REST service to stream a first response item body of the batch response to the output stream; writing a first response item closing of the batch response to the output stream; and writing a response closing of the batch response to the output stream, wherein the batch response is in valid JavaScript Object Notation (JSON).
    Type: Grant
    Filed: April 30, 2018
    Date of Patent: October 27, 2020
    Assignee: ServiceNow, Inc.
    Inventors: David Tamjidi, Natallia Rabtsevich Rodriguez
  • Patent number: 10812374
    Abstract: Systems and methods provide for segment routing (SR) with fast reroute in a container network. An SR ingress can receive a packet from a first container destined for a container service. The ingress can generate an SR packet including a segment list comprising a first segment to a first container service host, a second segment to a second service host, and a third segment to the service. The ingress can forward the SR packet to a first SR egress corresponding to the first host using the first segment. The first egress can determine whether the first service and/or host is reachable. If so, the first egress can forward the SR packet to the first host or the packet to the service. If not, the first egress can perform a fast reroute and forward the SR packet to a second SR egress corresponding to the second host using the second segment.
    Type: Grant
    Filed: September 21, 2018
    Date of Patent: October 20, 2020
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Giles Douglas Yorke Heron, Edward A. Warnicke, William Mark Townsley, Yoann Desmouceaux
  • Patent number: 10810321
    Abstract: A method, system, computer-readable media, and apparatus for ensuring a secure cloud environment is provided, where public cloud services providers can remove their code from the Trusted Computing Base (TCB) of their cloud services consumers. The method for ensuring a secure cloud environment keeps the Virtual Machine Monitor (VMM), devices, firmware and the physical adversary (where a bad administrator/technician attempts to directly access the cloud host hardware) outside of a consumer's Virtual Machine (VM) TCB. Only the consumer that owns this secure VM can modify the VM or access contents of the VM (as determined by the consumer).
    Type: Grant
    Filed: October 14, 2016
    Date of Patent: October 20, 2020
    Assignee: Intel Corporation
    Inventors: David M. Durham, Ravi L. Sahita, Barry E. Huntley, Nikhil M. Deshpande
  • Patent number: 10802939
    Abstract: Disclosed are a method for scanning cache of an application, an electronic device and a computer-readable storage medium. The method may include: acquiring a list of applications to be scanned; querying a historical scanning record of each application in the list of applications to be scanned; determining a scanning priority of each application and whether the application needs to be scanned according to the historical scanning record of each application; scanning applications that need to be scanned in the list of applications to be scanned in a descending order of the scanning priorities, so as to acquire cache sizes of respective applications that need to be scanned; and scanning applications that need not to be scanned in the list of applications to be scanned in a descending order of the scanning priorities, so as to acquire cache sizes of respective applications that need not to be scanned.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: October 13, 2020
    Assignee: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE CO., LTD.
    Inventor: Changmao Yang
  • Patent number: 10803975
    Abstract: The present disclosure relates to systems and methods for facilitating trusted handling of genomic and/or other sensitive information. Certain embodiments may use a virtualized execution environment to execute code and/or programs that wish to access and/or otherwise use genomic and/or other sensitive information. In some embodiments, data requests from the code and/or programs may be routed through a transparent data access proxy configured to transform requests and/or associated responses to protect the integrity of the genomic and/or other sensitive information.
    Type: Grant
    Filed: August 23, 2018
    Date of Patent: October 13, 2020
    Assignee: Intertrust Technologies Corporation
    Inventors: W. Knox Carey, Jarl A. Nilsson, Bart Grantham
  • Patent number: 10789076
    Abstract: Example methods, apparatus and articles of manufacture to update virtual machine templates are disclosed. A disclosed example method to update a virtual machine template (105) includes updating a management policy (110), starting a virtual machine (116) based on the virtual machine template (105) in a network cordoned sandbox (170), triggering the virtual machine (116) to update per the updated management policy (110), and saving the virtual machine (116) as an updated virtual machine template (106).
    Type: Grant
    Filed: November 20, 2017
    Date of Patent: September 29, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Paul Kennedy
  • Patent number: 10783239
    Abstract: A system for protecting a computer from malicious software uses a whitelist to determine is a program is safe to run. As new malicious software is created, attempts at execution of executables including such malicious software are prevented being that the new malicious software is not listed in the whitelist. When such attempts are made, the executable is forwarded to a server where further analysis is performed to determine if the executable contains suspect code (e.g., malicious software) including running the executable in a sandbox to analyze how the executable behaves and running industry virus scanners against the executable to see if those scanners can find a virus. If such research finds that the executable is well-behaved, the executable is added to the whitelist and future execution is allowed.
    Type: Grant
    Filed: December 14, 2018
    Date of Patent: September 22, 2020
    Assignee: PC MATIC, INC.
    Inventor: Robert J. Woodworth, Jr.