Computer Program Modification Detection By Cryptography Patents (Class 713/187)
  • Patent number: 11562095
    Abstract: A database protection system (DPS) mitigates injection attacks. DPS receives an unrestricted database query, extract a syntax tree, and evaluates whether it recognizes the query. To this end, DPS applies a hash function over the extracted syntax tree, and then determines whether the resulting hash has been seen by DPS before. If so, DPS retrieves a previously-generated prepared statement associated with the syntax tree, and that prepared statement is then forward to the database server in lieu of sending the original query. If the syntax tree is not recognized, DPS creates a new prepared statement, generates a hash of the syntax tree, and stores the hash and the new prepared statement, and forwards the new prepared statement. The prepared statements are configured based on the native wire protocol used by the database server, and DPS includes additional functionality by which it can learn the semantics of this protocol if necessary.
    Type: Grant
    Filed: January 28, 2021
    Date of Patent: January 24, 2023
    Assignee: International Business Machines Corporation
    Inventors: Galia Diamant, Leonid Rodniansky, Cheng-Ta Lee, Chun-Shuo Lin, Richard Ory Jerrell
  • Patent number: 11544384
    Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: January 3, 2023
    Assignee: International Business Machines Corporation
    Inventors: Kristofer A. Duer, John T. Peyton, Jr., Babita Sharma, David E. Stewart, Jason N. Todd, Shu Wang
  • Patent number: 11537709
    Abstract: The present invention relates to a device (1) such as a connected object comprising a first electronic circuit (2) comprising: a first processing unit (6) for executing a program, a first memory (8) for memorizing data during the execution of the program, a debug port (10) dedicated to checking the execution of the program from outside the first circuit, a second electronic circuit (4) connected to the debug port (10), comprising: a second memory (14) memorizing reference data related to the program, a second processing unit (12) for implementing the following steps automatically and autonomously via the debug port (10): checking the integrity of the data memorized by the first memory (8) and/or the compliance of the program's execution by the first processing unit (6) with a reference execution, assisted by the reference data.
    Type: Grant
    Filed: June 25, 2020
    Date of Patent: December 27, 2022
    Assignee: IDEMIA IDENTITY & SECURITY FRANCE
    Inventors: Fabien Blanco, Jean-Yves Bernard
  • Patent number: 11496317
    Abstract: A method of validating software including maintaining, in a trusted computing system, a copy of at least portions of data of the software, the software comprising data in an untrusted computing system. The method includes, with the trusted computing system, specifying selected data from data included in the copy as hash data, generating an executable file for generating a hash based on the specified hash data, executing the executable file to generate a check hash using the specified selected data from the copy as the hash data, and determining whether the software is valid based, at least in part, on a comparison of the check hash to an access hash generated by execution of the executable file by the untrusted computing system using the specified selected data from the untrusted computing system as the hash data.
    Type: Grant
    Filed: January 21, 2016
    Date of Patent: November 8, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Chris Tofts, Brian Quentin Monahan, Adrian John Baldwin
  • Patent number: 11468171
    Abstract: A variety of applications can include apparatus and/or methods of controlling a secure boot mode for a memory system. In an embodiment, a system includes a memory component and a processing device, where the processing device is configured to control a boot process for the system to operate the memory component and perform a cryptographic verification with a host to conduct an authentication of the host. The processing device can interact with the host, in response to the authentication, to receive a setting to control the boot process in a secure boot mode. The processing can interact with another processing device of the system to store the setting and to receive a secure boot signal from the other processing device, where the secure boot signal is a signal to assert or de-assert the secure boot mode depending on a value of the setting. Additional apparatus, systems, and methods are disclosed.
    Type: Grant
    Filed: November 25, 2020
    Date of Patent: October 11, 2022
    Assignee: Micron Technology, Inc.
    Inventors: Robert W. Strong, Dustin J. Carter, Neil Levine
  • Patent number: 11449331
    Abstract: Disclosed is a vehicular update system including a communication device configured to communicate between a server and a controller included in a vehicle, a memory, and a controller configured to, (i) when a public key set including a root public key for verifying a root signature is stored in the memory, acquire the root signature from the server and verify root metadata based on the acquired root signature and the root public key of the public key set pre-stored in the memory, and configured to, (ii) when the public key set is not stored in the memory, acquire, from the server, root metadata including a public key set and a root signature obtained by performing a digital signature on a hash value of the public key set using a root private key, verify the root metadata based on the root public key of the acquired root metadata and the root signature, and store the public key set.
    Type: Grant
    Filed: January 25, 2018
    Date of Patent: September 20, 2022
    Assignee: LG ELECTRONICS INC.
    Inventors: Junsang Park, Sangwook Lee, Kyusuk Han
  • Patent number: 11449264
    Abstract: A processing device receives a command to arm a memory device for self-destruction. In response to the command, a self-destruction countdown timer is commenced. An expiry of the self-destruction countdown timer and based on detecting the expiry of the self-destruction countdown timer, data stored by the memory device is destructed.
    Type: Grant
    Filed: May 13, 2020
    Date of Patent: September 20, 2022
    Assignee: Micron Technology, Inc.
    Inventor: Robert W. Strong
  • Patent number: 11424909
    Abstract: A system and method secures data including sensitive data parts for exporting and securely analyzes the secure exported data. In one embodiment, the secure data may be analyzed using at least two compute elements. In one embodiment, the system may use the AES process to secure the sensitive parts of the data.
    Type: Grant
    Filed: December 10, 2019
    Date of Patent: August 23, 2022
    Assignee: BAFFLE, INC.
    Inventors: Ameesh Divatia, Harold Byun
  • Patent number: 11423160
    Abstract: A virtual environment system for validating executable data using authorized hash outputs is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. If the system determines that the executable data is unsafe to run, the system may generate a hash output of the executable data and store the hash output in a database of unauthorized executable data. In this way, the system may securely generate a repository of authorized and unauthorized hashes such that the system may ensure that unsafe executable data is blocked from being processed within a network environment.
    Type: Grant
    Filed: April 16, 2020
    Date of Patent: August 23, 2022
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: George Albero, Emanuel David Guller, Edward Lee Traywick, Scot Lincoln Daniels, Rick Wayne Sumrall, Elijah Clark, Konata Stinson, Jake Michael Yara
  • Patent number: 11418333
    Abstract: A system includes a communication channel monitor configured to calculate a hash value of a first encrypted code segment based on a measurement. A security module may derive a first encryption key using a key decryption function operation from the hash value of the first encrypted code segment. A processor decrypts the first encrypted code segment with a seed key retrieved from a storage device, and if the decryption is successful then executes the first decrypted code segment. The processor may retrieve a second one of the encrypted code segments, wherein the second encrypted code segment is a next encrypted code segment for execution after the first encrypted code segment according to a sequence of execution, decrypt the second encrypted code segment with the first encryption key, and if the decryption is successful then execute the second decrypted code segment.
    Type: Grant
    Filed: January 10, 2020
    Date of Patent: August 16, 2022
    Assignee: Dell Products L.P.
    Inventors: Nicholas D. Grobelny, Richard M. Tonry, Balasingh P. Samuel
  • Patent number: 11343230
    Abstract: A method for configuring resources at an information handling system may include determining, during initialization, a wide area network (WAN) Internet Protocol (IP) address associated with the information handling system, and retrieving a list of trusted IP addresses from a storage location at the information handling system. The method may further include configuring a first resource at the information handling system to operate in a first state in response to determining that the WAN IP address is included at the list of trusted IP addresses, and configuring the first resource at the information handling system to operate in a second state in response to determining that the WAN IP address is not included at the list of trusted IP addresses.
    Type: Grant
    Filed: June 9, 2020
    Date of Patent: May 24, 2022
    Assignee: Dell Products L.P.
    Inventors: Ibrahim Sayyed, Daniel L. Hamlin
  • Patent number: 11343258
    Abstract: Methods and devices for determining whether a mobile device has been compromised. The mobile device has a managed portion of memory and an unmanaged portion of memory, a managed profile and an unmanaged profile, and the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory. The managed profile is governed by a device policy set by a remote administrator. File tree structure information for the managed profile of the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in the managed portion of memory. It is determined from the file tree structure information that the mobile device has been compromised and, based on that determination, an action is taken.
    Type: Grant
    Filed: August 15, 2019
    Date of Patent: May 24, 2022
    Assignee: BlackBerry Limited
    Inventors: Chang Fung Yang, Robert Joseph Lombardi, Chi Hing Ng, Johnathan George White
  • Patent number: 11334670
    Abstract: The present disclosure relates to a method for integrity verification of a software stack or part of a software stack resident on a host machine. A management entity generates a measurement log for a disk image associated with the software stack or the part of a software stack. A verifier entity retrieves the generated measurement log and compares the generated measurement log with a reference measurement of a verification profile previously assigned by the verifier entity to the software stack or the part of a software stack to verify the software stack or the part of a software stack.
    Type: Grant
    Filed: January 28, 2020
    Date of Patent: May 17, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Sidnei Roberto Selzler Franco, Ludovic Emmanuel Paul Noel Jacquin, Jonathan Meller, Guilherme De Campos Magalhaes
  • Patent number: 11323506
    Abstract: Sharing data in a data exchange across multiple cloud computing platforms and/or cloud computing platform regions is described. An example computer-implemented method can include receiving data sharing information from a data provider for sharing a data set in a data exchange from a first cloud computing entity to a set of second cloud computing entities. In response to receiving the data sharing information, the method may also include creating an account with each of the set of second cloud computing entities. The method may also further include sharing the data set from the first cloud computing entity with the set of second cloud computing entities using at least the corresponding account of that second cloud computing entity.
    Type: Grant
    Filed: July 16, 2021
    Date of Patent: May 3, 2022
    Assignee: Snowflake Inc.
    Inventors: Pui Kei Johnston Chu, Benoit Dageville, Matthew Glickman, Christian Kleinerman, Prasanna Krishnan, Justin Langseth
  • Patent number: 11301561
    Abstract: A method performed by one or more processors, and an apparatus is disclosed. The method may comprise identifying a request from a custom computer program within a sandbox to perform an operation not permitted within the sandbox, and receiving a first indication of security privileges associated with a provider of the custom computer program. The method may also comprise selectively causing the operation to be performed based on the first indication of security privileges.
    Type: Grant
    Filed: January 11, 2019
    Date of Patent: April 12, 2022
    Assignee: Palantir Technologies Inc.
    Inventors: Thomas Powell, Kyle Patron, Mark Elliot
  • Patent number: 11281472
    Abstract: An information handling system includes a basic input/output system having a virtual advanced configuration and power interface device. A processor may download a device driver for a particular virtual advanced configuration and power interface device, wherein the device driver includes a code for a security feature and a signed file that includes a list of identifiers of compromised information handling systems. The processor may determine whether the information handling system is compromised based on the list of identifiers of compromised information handling systems in the signed file, and execute the code for the security feature.
    Type: Grant
    Filed: February 3, 2020
    Date of Patent: March 22, 2022
    Assignee: Dell Products L.P.
    Inventors: Craig Chaiken, Balasingh P. Samuel, Steven Downum
  • Patent number: 11281778
    Abstract: A method of verifying an application, according to an embodiment, includes: storing application codes; loading a part of the application codes into a memory; and verifying the application by using the codes loaded into the memory.
    Type: Grant
    Filed: November 28, 2016
    Date of Patent: March 22, 2022
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Dong-uk Kim, Ji-hoon Kim, Chang-sup Ahn
  • Patent number: 11275834
    Abstract: Systems and method of identifying malware in backups are provided. Backups are subjected to analysis for malware signatures based on malware signature files that are received after the backup is produced. This approach allows the distinction between clean and infected restore points. The testing of backups for malware infection may be performed by a backup provider or an third party.
    Type: Grant
    Filed: January 12, 2018
    Date of Patent: March 15, 2022
    Inventors: Richard Offer, Jennifer Coopersmith
  • Patent number: 11277480
    Abstract: A computer system, method, and device perform targeted acquisition of data. The system includes an examiner device having a processor and a memory, an agent in the form of an executable program for finding and transferring targeted data, and a target endpoint system. The examiner device is configured to deploy the agent to the target endpoint system. The agent is configured to establish a connection with the examiner device. The examiner device is configured to send a request for targeted data to the agent. The agent is configured to locate the targeted data on the target endpoint system. The agent is configured to transfer the targeted data to the examiner device.
    Type: Grant
    Filed: September 30, 2020
    Date of Patent: March 15, 2022
    Assignee: Magnet Forensics Investco Inc.
    Inventors: Jad John Saliba, Andrew Gordon Roberts, Nicholas Bruce Alexander Cosentino, Kevin Brightwell
  • Patent number: 11269986
    Abstract: A memory stores a program to be executed by a microprocessor. The program includes a first program part and a second program part. An authenticator is configured to authenticate the program and includes a module that is external to the microprocessor and configured to authenticate said first program part when the microprocessor is inactive. The authenticator further activates the microprocessor to execute the first program part and authenticate said second program part using instructions of the first program part if the module has authenticated the first program part. The microprocessor then executes the second program part if the microprocessor has authenticated said second program part.
    Type: Grant
    Filed: October 22, 2019
    Date of Patent: March 8, 2022
    Assignees: STMicroelectronics (Grand Ouest) SAS, STMicroelectronics (Rousset) SAS
    Inventors: Vincent Berthelot, Layachi Daineche
  • Patent number: 11238151
    Abstract: There is provided a method of patching a binary having vulnerability which is performed by a computing device. The method comprises loading a first binary to be patched, into a memory, generating a second binary by patching to call a stack frame initialization function from a vulnerable function of the first binary, executing the stack frame initialization function by calling the vulnerable function when the second binary is executed and initializing a stack frame area of the vulnerable function so as to automatically initialize a variable declared in the vulnerable function.
    Type: Grant
    Filed: November 13, 2018
    Date of Patent: February 1, 2022
    Assignee: KOREA INTERNET & SECURITY AGENCY
    Inventors: Hwan Kuk Kim, Tae Eun Kim, Dae Il Jang, Han Chul Bae, Jong Ki Kim, Soo Jin Yoon, Jee Soo Jurn, Geon Bae Na
  • Patent number: 11232199
    Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to defend against dynamic-link library (DLL) side-loading attacks. An example apparatus includes a fingerprint generator to determine a first DLL fingerprint of a first DLL stored at a first OS path referenced by an operating system (OS) event generated by a computing device, and, in response to determining that a second DLL having the same name as the first DLL is stored at a second OS path superseding the first OS path, determine a second DLL fingerprint of the second DLL, a fingerprint comparator to determine whether at least one of the first or the second DLL fingerprint satisfies a deviation threshold based on a comparison of the first and the second DLL fingerprint to a reference DLL fingerprint, and a security action enforcer to execute a security action to protect a computing device from an attack.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: January 25, 2022
    Assignee: MCAFEE, LLC
    Inventors: Craig Schmugar, Jyothi Mehandale
  • Patent number: 11232195
    Abstract: The disclosure relates to systems and methods for managing state using relatively small assistance from protected hardware. Obfuscated code segments may communicate with supporting protected hardware, store encrypted state values in main memory, and/or communicate via secure channels to secure platform hardware components. In various embodiments, consistent state may be achieved, at least in part, by computing secure tag information and storing the secure tag information in a secure and/or otherwise protected device register. Consistent with embodiments disclosed herein, the tag information may be used to derive keys used to encrypt and/or decrypt stored state information. Tag information may further be used in connection with verification operations prior to using the information to derive associated keys.
    Type: Grant
    Filed: July 29, 2020
    Date of Patent: January 25, 2022
    Assignee: Intertrust Technologies Corporation
    Inventor: Stephen G. Mitchell
  • Patent number: 11231911
    Abstract: In one embodiment, a method for developing a virtual programmable logic controller (PLC) application using a graphical user interface (GUI) is disclosed. The method including receiving, from a first portion of the GUI representing a tool box, a first selection of a first object from a set of objects represented in the GUI, wherein each of the set of objects performs a respective function. The method also includes inserting, into a horizontal section of a second portion of the GUI representing the virtual PLC application, the first object, wherein the horizontal section includes a second object that executes simultaneously as the first object in the horizontal section. The method also includes compiling code implementing the first object and the second object to generate the virtual PLC application, and adding a shortcut of the virtual PLC application to a virtual tray of an operating system.
    Type: Grant
    Filed: February 25, 2021
    Date of Patent: January 25, 2022
    Assignee: PROGRAMMABLE LOGIC CONSULTING, LLC
    Inventor: Harold Bayless
  • Patent number: 11218497
    Abstract: A technique includes determining relations among a plurality of entities that are associated with a computer system; and selectively grouping behavior anomalies that are exhibited by the plurality of entities into collections based at least in part on the determined relations among the entities. The technique includes selectively reporting the collections to a security operations center.
    Type: Grant
    Filed: February 20, 2017
    Date of Patent: January 4, 2022
    Assignee: Micro Focus LLC
    Inventors: Tomasz Jaroslaw Bania, William G. Horne, Pratyusa K. Manadhata, Tomas Sander
  • Patent number: 11216389
    Abstract: A container from a first root of trust associated with a first root entity may be received. The container may correspond to a mapping of a resource of an integrated circuit that is associated with the first root entity. The container may be verified based on a key that corresponds to the first root of trust and that is stored in the integrated circuit at manufacturing of the integrated circuit. An identification may be made that an assignment of the resource from the container corresponds to assigning the resource from the first root of trust to a new root of trust. A new key corresponding to the new root of trust may be generated. Information corresponding to the new key may be stored into a memory of the integrated circuit. Furthermore, the new key may be used to delegate the resource to a subsequent container.
    Type: Grant
    Filed: December 1, 2016
    Date of Patent: January 4, 2022
    Assignee: CRYPTOGRAPHY RESEARCH, INC.
    Inventors: Ambuj Kumar, William Craig Rawlings
  • Patent number: 11204992
    Abstract: The disclosed computer-implemented method for safely executing unreliable malware may include (i) intercepting a call to an application programming interface (API) in a computing operating system, the API being utilized by malware for disseminating malicious code, (ii) determining an incompatibility between the API call and the computing operating system that prevents successful execution of the API call, (iii) creating a proxy container for receiving the API call, (iv) modifying, utilizing the proxy container, the API call to be compatible with the computing operating system, (v) sending the modified API call from the proxy container to the computing operating system for retrieving the API utilized by the malware, and (vi) performing a security action during a threat analysis of the malware by executing the API to disseminate the malicious code in a sandboxed environment. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 4, 2019
    Date of Patent: December 21, 2021
    Assignee: CA, INC.
    Inventors: Bahaa Naamneh, Felix Leder
  • Patent number: 11194908
    Abstract: Synthesizing sanitization code for applications based upon a probabilistic prediction model includes receiving a set of applications. The set of applications is partitioned into a first subset of applications and a second subset of applications. The first subset has one or more malicious payloads associated therewith, and the second subset has one or more non-malicious payloads associated therewith. A probabilistic prediction model is computed based upon the malicious payloads associated with the first subset of applications. One or more predicted malicious payloads are predicted from the probabilistic prediction model.
    Type: Grant
    Filed: January 8, 2019
    Date of Patent: December 7, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Peng Liu, Yunhui Zheng, Marco Pistoia, Omer Tripp
  • Patent number: 11189164
    Abstract: The present disclosure is directed to methods and apparatus that manage the flow of traffic. Methods and systems consistent with the present disclosure may allow biometric information of individuals to be collected when access privileges associated with particular individuals are validated or updated. These methods may allow a supervisor to temporarily or permanently authorize certain employees to access components that are located within a traffic control cabinet and these methods may allow changes in traffic signal light timing to be authorized according to a set of rules. Such authorization rules may require proposed signal light timing changes to be approved by a supervisor before a proposed change is implemented. Methods and systems consistent with the present disclosure may also cause components within a control cabinet to be disabled or disconnected when a signal light control cabinet is accessed by unauthorized persons.
    Type: Grant
    Filed: April 25, 2019
    Date of Patent: November 30, 2021
    Assignee: Cubic Corporation
    Inventor: William S. Overstreet
  • Patent number: 11190358
    Abstract: An acceptance hash code is disclosed herein. An acceptance hash code is a value generated by a device using a hash function. The acceptance hash code itself may represent a legally enforceable document. The acceptance hash code may be structured in a manner such that a device operated by a user can transmit a legally enforceable document over a network using a smaller file size than is possible with conventional secure transaction techniques. In addition, the manner in which the acceptance hash code is generated allows a receiving device to verify that the document elements of the document are as expected and to verify an identity of a user that allegedly executed the document. Thus, even if a malicious user attempts to alter document elements or perform other fraudulent activity, the receiving device can use the acceptance hash code to identify such activity and prevent a transaction from being completed.
    Type: Grant
    Filed: August 9, 2018
    Date of Patent: November 30, 2021
    Assignee: Secure Open Systems, Inc.
    Inventor: David Duane Bettger
  • Patent number: 11151256
    Abstract: Systems and methods for detecting IHS attacks by monitoring chains of configuration changes made to Basic Input/Output System (BIOS) or Unified Extensible Firmware Interface (UEFI) attributes are described. In some embodiments, an IHS may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: monitor a chain of BIOS/UEFI configuration changes; compare the chain of BIOS/UEFI configuration changes against an Indication of Attack (IoA); and report an alert in response to the chain of BIOS/UEFI configuration changes matching the IoA.
    Type: Grant
    Filed: May 13, 2019
    Date of Patent: October 19, 2021
    Assignee: Dell Products, L.P.
    Inventors: Ricardo L. Martinez, Girish S. Dhoble, Nicholas D. Grobelny
  • Patent number: 11138108
    Abstract: Devices and techniques for logical-to-physical (L2P) map (e.g., table) synchronization in a managed memory device are described herein. For example, a plaintext portion of an L2P map may be updated in a managed memory device. In response to updating the plaintext portion of the L2P map, the updated portion can be obfuscated to create an obfuscated version of the updated portion of the L2P map. Both the updated portion and the obfuscated version of the updated portion can be saved in storage of the memory device. When a request from a host for the updated portion of the L2P map is received, the memory device can provide the obfuscated version of the portion from the storage.
    Type: Grant
    Filed: August 22, 2019
    Date of Patent: October 5, 2021
    Assignee: Micron Technology, Inc.
    Inventors: Jonathan Scott Parry, Nadav Grosz
  • Patent number: 11108753
    Abstract: A computer system and methods for securing files in a file system with storage resources accessible to an authenticable user using an untrusted client device in a semi-trusted client threat model. Each file is secured in the file system in one or more ciphertext blocks along with the file metadata. Each file is assigned a unique file key FK to encrypt the file. A wrapping key WK assigned to the file is used for encrypting the file key FK to produce a wrapped file key WFK. A key manager is in charge of generating and storing keys. The file is encrypted block by block to produce corresponding ciphertext blocks and corresponding authentication tags. The authentication tags are stored in the file metadata, along with an ID of the wrapping key WK, wrapped file key WFK, last key rotation time, an Access Control List (ACL), etc. The integrity of ciphertext blocks is ensured by authentication tags and the integrity of the metadata is ensured by a message authentication code (MAC).
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: August 31, 2021
    Assignee: ZETTASET, INC.
    Inventor: Eric A. Murray
  • Patent number: 11109231
    Abstract: The present invention provides an approach for granting access and respectively denying access to an instruction set of a device. The technical teaching provides the advantage that unauthorized access can be effectively prevented. Hence, maintenance work can be performed by specialized staff and security sensitive parts of the instruction sets are secured.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: August 31, 2021
    Assignee: ABB Schweiz AG
    Inventors: Matus Harvan, Roman Schlegel, Sebastian Obermeier, Thomas Locher
  • Patent number: 11082483
    Abstract: Sharing data in a data exchange across multiple cloud computing platforms and/or cloud computing platform regions is described. An example computer-implemented method can include receiving data sharing information from a data provider for sharing a data set in a data exchange from a first cloud computing entity to a set of second cloud computing entities. In response to receiving the data sharing information, the method may also include creating an account with each of the set of second cloud computing entities. The method may also further include sharing the data set from the first cloud computing entity with the set of second cloud computing entities using at least the corresponding account of that second cloud computing entity.
    Type: Grant
    Filed: April 1, 2021
    Date of Patent: August 3, 2021
    Assignee: Snowflake Inc.
    Inventors: Pui Kei Johnston Chu, Benoit Dageville, Matthew Glickman, Christian Kleinerman, Prasanna Krishnan, Justin Langseth
  • Patent number: 11062037
    Abstract: A shared networked storage may be separated from a key vault system. A storage request with data to be stored and the storage request with a confidentiality rating may be received. The confidentiality rating may indicate a level of confidentiality the data is associated with. The storage request with the data and the confidentiality rating may be received via a shared networked storage access interface by a security layer. The data to be stored by the key vault system and the confidentiality rating may be encrypted on request of the security layer and into a data container. The shared networked storage may be categorized into Cloud zones. Each Cloud zone may be assigned a trust level. The data container may be stored in one of the Cloud zones of the shared networked storage. The trust level of the one of the Cloud zones may correspond to the confidentiality rating.
    Type: Grant
    Filed: September 17, 2019
    Date of Patent: July 13, 2021
    Assignee: International Business Machines Corporation
    Inventors: Marcus Breuer, Itzhack Goldberg, Thorsten Muehge, Erik Rueger, Matthias Seul
  • Patent number: 11055387
    Abstract: Techniques for electronic signature process management are described. Some embodiments provide an electronic signature service (“ESS”) configured to manage electronic identity cards. In some embodiments, the ESS generates and manages an electronic identity card for a user, based on personal information of the user, activity information related to the user's actions with respect to the ESS, and/or social networking information related to the user. The electronic identity card of a signer may be associated with an electronic document signed via the ESS, so that users may obtain information about the signer of the document. The ESS may also generate a trust score for the user based on activity information related to the user's actions with respect to the ESS and/or other factors. The trust score may be used to recommend authentication mechanisms to use with respect to electronic signature transactions.
    Type: Grant
    Filed: September 28, 2019
    Date of Patent: July 6, 2021
    Assignee: DOCUSIGN, INC.
    Inventors: Thomas H. Gonser, Donald G. Peterson, Douglas P. Rybacki, Ashley Carroll, Michael Strickland
  • Patent number: 11023579
    Abstract: A method and apparatus for monitoring a volatile memory in a computer system. Samples of compressed data from locations in the volatile memory in the computer system are read. Data in the volatile memory is reconstructed using the samples of compressed data. The data is an image of the volatile memory. The image enables determining whether an undesired process is present in the volatile memory.
    Type: Grant
    Filed: December 1, 2016
    Date of Patent: June 1, 2021
    Assignee: National Technology & Engineering Solutions of Sandia, LLC
    Inventors: Jason W. Wheeler, Tu-Thach Quach, Conrad D. James, James Bradley Aimone, Arun F. Rodrigues
  • Patent number: 11005845
    Abstract: A second device seeking to access a network can be detected using a first device communicatively coupled to the network. Responsive to detecting the second device seeking to access the network, the first device can be caused to communicatively uncouple from the network and whether the second device poses a risk of corrupting the network's intended functioning if the second device accesses the network can be determined by the first device.
    Type: Grant
    Filed: October 18, 2018
    Date of Patent: May 11, 2021
    Inventors: Jeremy R. Fox, Kelley Anders, Gregory J. Boss, Sarbajit K. Rakshit
  • Patent number: 11003757
    Abstract: Techniques are provided for client application authentication and include receiving a request to authenticate an application and, based on the received request to authenticate the application, sending a request to perform a push communication, including a short-term shared key, to a digital distribution system, wherein the digital distribution system is a distribution source of the application. The digital distribution system attempts to send the push communication including the short-term shared key to the application. The techniques may proceed by receiving a request for resources from the provider client application and determining whether the application has the short-term shared key. When it is determined that the application has provided the short-term shared key, the requested resources to the application may be provided, otherwise, the requested resources may be denied.
    Type: Grant
    Filed: October 17, 2017
    Date of Patent: May 11, 2021
    Assignee: ATLASSIAN PTY LTD.
    Inventor: Jerry Cheng
  • Patent number: 10997008
    Abstract: A controller controls a control target device and includes: a storage unit to record event history data of an event occurring during operation of the controller; a hash value calculation unit to calculate a hash value on the basis of the event history data; and a communication unit to transmit the hash value to another controller external to the controller.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: May 4, 2021
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventor: Eietsu Domeki
  • Patent number: 10999355
    Abstract: Sharing data in a data exchange across multiple cloud computing platforms and/or cloud computing platform regions is described. An example computer-implemented method can include receiving data sharing information from a data provider for sharing a data set in a data exchange from a first cloud computing entity to a set of second cloud computing entities. In response to receiving the data sharing information, the method may also include creating an account with each of the set of second cloud computing entities. The method may also further include sharing the data set from the first cloud computing entity with the set of second cloud computing entities using at least the corresponding account of that second cloud computing entity.
    Type: Grant
    Filed: March 10, 2020
    Date of Patent: May 4, 2021
    Assignee: Snowflake Inc.
    Inventors: Pui Kei Johnston Chu, Benoit Dageville, Matthew Glickman, Christian Kleinerman, Prasanna Krishnan, Justin Langseth
  • Patent number: 10990993
    Abstract: A multi-lender architecture is configured to provide a loan applicant with automated pre-qualification and automobile loan eligibility evaluation for multiple candidate lenders. Lender output data may include sensitive data. The lender output data is stored in a data object of a first format and one or more fields of the data object are encrypted at the field level. The encrypted data object may be transmitted through multiple application layers or terminals. The encrypted data object may be reformatted at one or more application layers or terminals without decryption. A reformatted encrypted data object containing the lender output data may be decrypted at the last layer before forwarding the lender output data to the loan applicant.
    Type: Grant
    Filed: May 22, 2020
    Date of Patent: April 27, 2021
    Assignee: Capital One Services, LLC
    Inventors: Dinesh Sundaram, Trent Jones
  • Patent number: 10970413
    Abstract: Provided is a process including: receiving one or more write requests; selecting a first subset of the values as corresponding to higher-security fields; segmenting a first value in the first subset; instructing a first computing device to store a first subset of segments among the plurality of segments in memory; and instructing a second computing device to store a second subset of segments among the plurality of segments in memory.
    Type: Grant
    Filed: February 4, 2019
    Date of Patent: April 6, 2021
    Assignee: ALTR Solutions, Inc.
    Inventor: Christopher Edward Struttmann
  • Patent number: 10956576
    Abstract: A variety of applications can include apparatus and/or methods of controlling a secure boot mode for a memory system. In an embodiment, a system includes a memory component and a processing device, where the processing device is configured to control a boot process for the system to operate the memory component and perform a cryptographic verification with a host to conduct an authentication of the host. The processing device can interact with the host, in response to the authentication, to receive a setting to control the boot process in a secure boot mode. The processing can interact with another processing device of the system to store the setting and to receive a secure boot signal from the other processing device, where the secure boot signal is a signal to assert or de-assert the secure boot mode depending on a value of the setting. Additional apparatus, systems, and methods are disclosed.
    Type: Grant
    Filed: September 6, 2018
    Date of Patent: March 23, 2021
    Assignee: Micron Technology, Inc.
    Inventors: Robert W. Strong, Dustin J. Carter, Neil Levine
  • Patent number: 10956575
    Abstract: Examples disclosed herein relate to determining malware using firmware of a computing device. Firmware can be used to determine that an indication is present that malware is present on the computing device. The firmware can be executed to perform a security action in response to the indication that malware is present on the computing device.
    Type: Grant
    Filed: November 20, 2017
    Date of Patent: March 23, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: John Scott Harsany, Suhas Shivanna, Luis E Luciani, Jr.
  • Patent number: 10951790
    Abstract: An image capturing device may capture image data for processing to form an image. The image capturing device may perform a hashing procedure on the image data, wherein performing the hashing procedure generates a hash value of the image data. The image capturing device may provide, to an image authentication device, the hash value of the image data, wherein the hash value of the image data is to be used by the image authentication device to validate the image based on a request to authenticate the image received from a receiving device. The image capturing device may process the image data to form the image for display to a user. The image capturing device may provide, after providing the hash value of the image data to the image authentication device, the image for display to the user.
    Type: Grant
    Filed: November 22, 2019
    Date of Patent: March 16, 2021
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Ashish Sardesai, Dante J. Pacella
  • Patent number: 10936300
    Abstract: Various embodiments provide for the live updating of system software or firmware, such as BIOS information, without the need for a reboot. A payload containing BIOS update information can be generated and signed with an encryption key. The information in the payload is able to be updated through a live update, and can be selected in part based on the configuration and BIOS version of the computing device to be updated. Upon an update being triggered, a target device is placed into a management mode wherein normal work is suspended and the device is isolated. The payload is verified and decrypted, and appropriate functions called in order to update the relevant BIOS information. After the update is verified, the device exits management mode and resumes a typical workflow. If the update is not successful, or unable to be performed via live update, a conventional update can be performed that includes a reboot.
    Type: Grant
    Filed: June 6, 2019
    Date of Patent: March 2, 2021
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Jiming Sun, Tsung Ho Wu, Bradshaw Darrow Austin
  • Patent number: 10924554
    Abstract: Methods and systems for customizing applications in enterprise mobility management systems are described herein. A client agent software application on a mobile device may be customized to embed or make available enterprise server URLs, a session cookie for authentication, and various other data during the device enrollment process. The customization of the client agent may be based on the device, user, and/or enrollment session. After the device is enrolled in the enterprise system, the embedded data may be accessed by the client agent application to support seamless single-sign-on during first-time use. Additional customized applications based on device, user, and/or enrollment session, may be generated and provided to mobile devices during or after device enrollment. Customized applications may be based on application templates, such as packaged web applications or specific implementations of hosted applications.
    Type: Grant
    Filed: September 18, 2014
    Date of Patent: February 16, 2021
    Assignee: Citrix Systems, Inc.
    Inventors: Georgy Momchilov, Gary Barton
  • Patent number: 10924468
    Abstract: Described embodiments provide systems and methods for launching a connection to a resource link from a client device. A device can authenticate the client device for access to a plurality of resource links accessible via one or more servers. The device can provide a list of the plurality of resource links responsive to the authentication, and receive a request from the client device, identifying a first resource link to access. The device can cause first authenticated credentials for the first resource link to be stored on the client device responsive to the request. The first authenticated credentials can correspond to the client device and provide access the first resource link. The client device can be configured to launch a connection to the first resource link from the client device using the first authenticated credentials stored on the client device.
    Type: Grant
    Filed: July 27, 2018
    Date of Patent: February 16, 2021
    Assignee: Citrix Systems, Inc.
    Inventors: Viswanath Yarangatta Suresh, Arkesh Kumar, Dileep Reddem, Anil Kumar Gavini