Data Processing Protection Using Cryptography Patents (Class 713/189)
  • Patent number: 10997297
    Abstract: This disclosure relates to a storage device comprising non-volatile storage and a controller. The non-volatile storage may comprise a firmware image, a known data pattern (KDP) in plaintext, and an encrypted KDP. The controller may be coupled to the non-volatile storage, and may be configured to update the firmware image of the non-volatile storage. For this update, the controller may first receive a symmetric key from a host by way of a public key encryption process. Next, the controller may decrypt the encrypted KDP using the symmetric key. If the decrypted KDP matches the KDP in plaintext, the symmetric key may be validated and the firmware image update may be downloaded. The firmware image update may then replace the firmware image in non-volatile storage.
    Type: Grant
    Filed: December 6, 2019
    Date of Patent: May 4, 2021
    Assignee: Western Digital Technologies, Inc.
    Inventor: Tino Lin
  • Patent number: 10999078
    Abstract: A software distribution processing device stores a common key for each ECU and a verification key for an electronic signature of software updating data, verifies an electronic signature of the updating data received from management server equipment by use of the verification key, attaches an electronic signature using the common key for each ECU to the updating data succeeded in verification of the electronic signature, and then transmits to each ECU the updating data attached with the electronic signature using the common key for each ECU.
    Type: Grant
    Filed: July 1, 2016
    Date of Patent: May 4, 2021
    Assignee: KDDI CORPORATION
    Inventors: Hideaki Kawabata, Seiichiro Mizoguchi, Ayumu Kubota
  • Patent number: 10997121
    Abstract: In an embodiment, a database platform receives a request from a client for creation of an attachable-and-detachable database session, and responsively creates the requested attachable-and-detachable database session for the client. The database platform sets the attachable-and-detachable database session as a current database session for the client at the database platform. The database platform determines that the client has detached from the attachable-and-detachable database session, and thereafter continues to maintain the attachable-and-detachable database session in data storage at the database platform.
    Type: Grant
    Filed: July 17, 2020
    Date of Patent: May 4, 2021
    Assignee: Snowflake Inc.
    Inventors: Tyler Jones, Peter Povinec
  • Patent number: 10999248
    Abstract: An information processing method of processing data frames flowing over an onboard network includes a frame collecting step of obtaining, from each of received data frames, a payload included in the data frame and configured of at least one field, and recording in a reception log as one record, and a field extracting step of calculating, regarding each of a plurality of payload splitting pattern candidates indicating different regions within payloads of the plurality of data frames, one or more features relating to time-sequence change of values of the payload in the region, from the plurality of records, selecting a payload splitting pattern indicating a region of a field within the payload, based on the features, and outputting field extracting results indicating the region indicated by the selected payload splitting pattern candidate, and a category of the field based on the features.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: May 4, 2021
    Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Takeshi Kishikawa, Manabu Maeda, Tomoyuki Haga
  • Patent number: 10990675
    Abstract: This disclosure and the exemplary embodiments described herein, provide methods and systems for detecting a ransomware infection in one or more files. According to an exemplary embodiment, a low frequency encryption analysis and a high frequency encryption analysis of a plurality of received files is performed to determine if the one or more of the files are encrypted. If a file is encrypted, a watcher is utilized to monitor file events associated with the files for determining if one or more of the files are infected with ransomware.
    Type: Grant
    Filed: June 4, 2019
    Date of Patent: April 27, 2021
    Assignee: DATTO, INC.
    Inventor: Kurt Hansen
  • Patent number: 10990984
    Abstract: A system, method and program product for processing software development kits (SDKs). A system is provided that includes a container creation system that wraps an inputted SDK in a penalty container to create a wrapped SDK, wherein the wrapped SDK includes re-instrumented code that redirects application programming interface (API) calls between the SDK and an associated App and operating system through a wrapper in order to monitor runtime behavior; wherein the container creation system instantiates a policy module that is configurable by an SDK provider and App developer to implement a mutual policy configuration for the penalty container; and wherein the penalty container includes a penalty manager notifies the SDK provider and App developer of SDK violations of the mutual policy configuration.
    Type: Grant
    Filed: September 7, 2018
    Date of Patent: April 27, 2021
    Assignee: International Business Machines Corporation
    Inventors: Vijay Ekambaram, Saravanan Sadacharam, Vijay Kumar Ananthapur Bache
  • Patent number: 10990709
    Abstract: A user or a provider of an IHS (Information Handling System) may prefer to disable, on a temporary or permanent basis, hardware components of the IHS. For instance, a user may prefer to prevent all microphone inputs through disabling of the microphone device of the IHS. Disabling hardware components via the operating system of IHS is cumbersome, especially for temporary hardware configurations. Embodiments provide the capability for securely managing certain hardware components of an IHS without reliance on the operating system of an IHS, while providing assurances that a hardware component is actually disabled. Embodiments assure disabling of a hardware component by providing the ability to terminate power to the component, where the power is terminated based on commands transmitted by a trusted resource via an out-of-band signal pathway to the hardware component.
    Type: Grant
    Filed: January 17, 2019
    Date of Patent: April 27, 2021
    Assignee: Dell Products, L.P.
    Inventors: Charles D. Robison, Daniel L. Hamlin
  • Patent number: 10979987
    Abstract: According to one embodiment, a sensor system includes a sensor node that collects data; and a data collection apparatus that is wirelessly connected to the sensor node. The sensor node encrypts the sensor data measured by the sensor device using the received encryption key according to the received measurement parameter and transmits the encrypted sensor data to the data collection apparatus. The data collection apparatus decrypts the sensor data received from the sensor node, stores the decrypted sensor data in a storage unit when the sensor data is normally decrypted, and discards non-decrypted sensor data and transmits the measurement parameter and the encryption key to the sensor node when the sensor data is not normally decrypted.
    Type: Grant
    Filed: July 26, 2019
    Date of Patent: April 13, 2021
    Assignee: Hitachi, Ltd.
    Inventors: Tsukasa Fujimori, Masatoshi Morishita, Yasuyuki Okuma
  • Patent number: 10972288
    Abstract: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
    Type: Grant
    Filed: December 24, 2019
    Date of Patent: April 6, 2021
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: William Frederick Hingle Kruse, Conor Patrick Cahill, Jeffrey Cicero Canton, Dmitry Frenkel, Harshad Vasant Kulkarni, Colin Watson, Andrew Paul Mikulski
  • Patent number: 10969991
    Abstract: A multi-chip package, a controlling method of the multi-chip package and a security chip are provided. The multi-chip package includes a memory chip and a security chip. The security chip is coupled between the memory chip and a host. The security chip includes a processing circuit. The processing circuit is for enabling a security path to input an input-output signal into the processing circuit for executing a security procedure and accessing the memory chip, if a command is received by the processing circuit and the command includes a security requirement.
    Type: Grant
    Filed: August 15, 2018
    Date of Patent: April 6, 2021
    Assignee: MACRONIX INTERNATIONAL CO., LTD.
    Inventors: Chia-Jung Chen, Chin-Hung Chang, Ken-Hui Chen
  • Patent number: 10972543
    Abstract: Novel tools and techniques might provide for implementing customer-based Internet of Things (“IoT”)—transparent privacy functionality. Various methods, systems, and apparatuses might provide connectivity between a network interface device (“NID”) and each of one or more first user devices of a plurality of user devices associated with the customer premises and/or a user who is associated with the customer premises. In some cases, at least one virtual network function (“VNF”) might be sent to each of the one or more first user devices. The NID might restrict, in some cases using the VNF, access by a third party to the information regarding the at least one portion of the at least one of one or more first user devices connected to the network or one or more applications running on one or more first user devices connected to the network.
    Type: Grant
    Filed: August 5, 2019
    Date of Patent: April 6, 2021
    Assignee: CenturyLink Intellectual Property LLC
    Inventors: Michael K. Bugenhagen, Charles I. Cook
  • Patent number: 10965448
    Abstract: Examples for distributed and secure storage of a data block amongst a network of nodes are presented. An example embodiment may involve logically partitioning the network of nodes into non-overlapping zones, each zone containing a subset of the nodes and generating a private key for use within a particular zone. The embodiment may further involve encrypting the data block with the private key, partitioning the data block as encrypted into sub-blocks, and distributing the sub-blocks amongst a subset of the nodes that is within the particular zone. The embodiment may also involve using a secret sharing process to divide the private key into a number of shares equivalent to a number of nodes in the particular subset of the nodes and distributing the shares of the private key amongst the particular subset of the nodes, such that each node therein receives exactly one of the shares of the private key.
    Type: Grant
    Filed: May 3, 2018
    Date of Patent: March 30, 2021
    Assignee: Board of Trustees of the University of Illinois
    Inventors: Ravi Kiran Raman, Lav Raj Varshney
  • Patent number: 10963414
    Abstract: The following description is directed to a configurable logic platform. In one example, a configurable logic platform includes host logic and a reconfigurable logic region. The reconfigurable logic region can include logic blocks that are configurable to implement application logic. The host logic can be used for encapsulating the reconfigurable logic region. The host logic can include a host interface for communicating with a processor. The host logic can include a management function accessible via the host interface. The management function can be adapted to cause the reconfigurable logic region to be configured with the application logic in response to an authorized request from the host interface. The host logic can include a data path function accessible via the host interface. The data path function can include a layer for formatting data transfers between the host interface and the application logic.
    Type: Grant
    Filed: February 27, 2019
    Date of Patent: March 30, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Islam Atta, Christopher Joseph Pettey, Asif Khan, Robert Michael Johnson, Mark Bradley Davis, Erez Izenberg, Nafea Bshara, Kypros Constantinides
  • Patent number: 10965451
    Abstract: An authentication method includes: at a first device, selecting an original key in which a first identifier has a first value and a second identifier has a second value from m original keys and generating an authentication key based on the selected original key and the authentication identifier; at a second device, selecting an authentication key generated from the original key in which the first identifier has the first value and the second identifier has the second value from n authentication keys, generating response data based on challenge data and the authentication key, and notifying the generated response data to the first device; at the first device, generating verification data based on the challenge data and the authentication key, and authenticating the authentication target device by comparing the verification data with the response data.
    Type: Grant
    Filed: October 23, 2019
    Date of Patent: March 30, 2021
    Assignee: Canon Kabushiki Kaisha
    Inventors: Ichiro Iijima, Kenjiro Hori, Hirotaka Ittogi
  • Patent number: 10965734
    Abstract: A method and system for managing an application with multiple modes are described. A device manager that manages a mobile device may monitor the mobile device. The device manager may detect that a first type of application that runs in a managed mode (or in multiple managed modes) and an unmanaged mode is installed on the mobile device. When the application is executed on the device, the application executes in accordance with the selected application mode, e.g., based on location, user, role, industry presence, or other predefined context.
    Type: Grant
    Filed: March 7, 2019
    Date of Patent: March 30, 2021
    Assignee: Citrix Systems, Inc.
    Inventors: Zhongmin Lang, Gary Barton, Nitin Desai, James R. Walker
  • Patent number: 10956931
    Abstract: A Proof of View verification system is disclosed. The Proof of View verification system has a Proof of View verification module, comprising computer-executable code stored in non-volatile memory, and a processor. The Proof of View verification module and the processor are configured to receive a request for a content view to view a piece of content, record a content view data in a database chunk, hash the database chunk into a hashed database chunk, append the hashed database chunk to a block on a blockchain of the Proof of View verification system, and compare the content view data with the block on the blockchain. The blockchain is publicly available.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: March 23, 2021
    Inventor: Robert James Mark Hain
  • Patent number: 10949545
    Abstract: Data privacy information pertaining to particular data hosted by a first workload provisioned to a first location can be received. The first workload can be monitored to determine whether the first workload is accessed by a second workload, determine whether the second workload is indicated as being authorized, in the data privacy information, to access the particular data hosted by first workload, and determine whether the second workload has access to the particular data hosted by the first workload. If so, information identifying the second workload and a manner in which the second workload accessed the particular data hosted by the first workload can be stored to a data storage.
    Type: Grant
    Filed: March 2, 2020
    Date of Patent: March 16, 2021
    Inventors: Sergio Varga, Jørgen E. Borup, Thiago Cesar Rotta, Marco Aurelio Stelmar Netto, Kris Blöndal
  • Patent number: 10949550
    Abstract: This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.
    Type: Grant
    Filed: November 7, 2019
    Date of Patent: March 16, 2021
    Assignee: Intertrust Technologies Corporation
    Inventors: Gilles Boccon-Gibod, Gary F. Ellison
  • Patent number: 10951399
    Abstract: The present invention discloses a binary stream hash modulus encryption and decryption method, including: creating a clear-text set M according to a clear-text file; taking the clear-text set M as an initial set and performing several times of byte order iterative encryption on a reference string to obtain a cipher-text set C; wherein a key set P and an algorithm set A are combined during the iterative encryption; and calling the key set P for the cipher-text set C to perform several times of byte decryption on the reference string, wherein the key set P and the algorithm set A are jointly used during the encryption and shared during the encryption and decryption. By using the present invention, the file cannot be decoded even if intercepted by another person, an existing Internet platform is still used in a transmission environment, but transmitted information is encrypted information.
    Type: Grant
    Filed: August 20, 2019
    Date of Patent: March 16, 2021
    Inventors: Yujuan Si, Liuqi Lang
  • Patent number: 10949552
    Abstract: An apparatus includes an authentication arrangement for a communication connection, using a communication protocol, between two data processing devices of the apparatus. The data processing devices each have an interface unit for the communication connection and a computation unit. The interface units each have an encryption/decryption device, where the encryption/decryption device is at least partially produced by hardware for encrypting at least some of the user data to be transmitted via the communication connection as part of the authentication arrangement. The encryption/decryption device can be applied in a communication layer of the communication protocol to the user data prepared for the physical user data transmission or to the physically received user data. Each data processing device has a security unit, implemented as dedicated hardware that the computation unit cannot access and/or in a manner logically isolated from the computation unit.
    Type: Grant
    Filed: July 5, 2018
    Date of Patent: March 16, 2021
    Assignee: Audi AG
    Inventors: Changsup Ahn, Kamil Zawadzki, Markus Klein, Hans-Georg Gruber
  • Patent number: 10949549
    Abstract: This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.
    Type: Grant
    Filed: February 15, 2019
    Date of Patent: March 16, 2021
    Assignee: Intertrust Technologies Corporation
    Inventors: Gilles Boccon-Gibod, Gary F. Ellison
  • Patent number: 10944545
    Abstract: A method of obfuscated performance of a predetermined function, wherein for the predetermined function there is a corresponding plurality of first functions so that, for a set of inputs for the function, a corresponding set of outputs may be generated by (a) representing the set of inputs as a corresponding set of values, wherein each value comprises at least part of each input of a corresponding plurality of the inputs, (b) generating a set of one or more results from the set of values, where each result is generated by applying a corresponding first function to a corresponding set of one or more values in the set of values, and (c) forming each output as either a part of a corresponding one of the results or as a combination of at least part of each result of a corresponding plurality of the results; wherein the method comprises: obtaining, for each value in the set of values, one or more corresponding transformed versions of said value, wherein a transformed version of said value is the result of applying
    Type: Grant
    Filed: March 31, 2014
    Date of Patent: March 9, 2021
    Assignee: IRDETO B.V.
    Inventor: Michael Wiener
  • Patent number: 10943004
    Abstract: In some embodiments, securing device commands includes a first electronic device receiving a command authorization request message from a second electronic device, including a device command to be performed by the second electronic device, a command argument, and a first message authentication code (MAC) generated by applying a hash function to the device command, the command argument and a first counter value. The first electronic device generates a second MAC by applying the hash function to the device command, the command argument and a second counter value synchronized with the first counter value. The first electronic device compares the first MAC and the second MAC to authenticate the device command and transmit a command approval message or a command denial message. The command approval message causes the second electronic device to perform the device command and the command denial message causes the second electronic device to reject the device command.
    Type: Grant
    Filed: June 12, 2020
    Date of Patent: March 9, 2021
    Assignee: Capital One Services, LLC
    Inventors: David Kelly Wurmfeld, Kevin Osborn
  • Patent number: 10942724
    Abstract: A deployment system provides the ability to deploy a multi-node distributed application, such as a cloud computing platform application that has a plurality of interconnected nodes performing specialized jobs. The deployment system may update a currently running cloud computing platform application according to a deployment manifest and a versioned release bundle that includes jobs and application packages. The deployment system determines changes to the currently running cloud computing platform application and distributes changes to each job to deployment agents executing on VMs. The deployment agents apply the updated jobs to their respective VMs (e.g., launching applications), thereby deploying an updated version of cloud computing platform application.
    Type: Grant
    Filed: December 10, 2015
    Date of Patent: March 9, 2021
    Assignee: Pivotal Software, Inc.
    Inventors: Vadim Spivak, Kent Skaar, Oleg Shaldibin
  • Patent number: 10929513
    Abstract: Presented is a television and methods for decrypting digital data, which is encrypted using one of a plurality of different encryption techniques. A television can receive a digital content stream from a service provider. The digital stream includes the digital content, a decryption module, and metadata. A television can further extract the decryption module as instructed by the metadata from the digital content stream. A television can further decrypt the digital content with the extracted decryption module and a decryption key.
    Type: Grant
    Filed: March 12, 2020
    Date of Patent: February 23, 2021
    Assignee: Ericsson AB
    Inventor: Alan Rouse
  • Patent number: 10931449
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for updating data in blockchain are provided. One of the methods includes: obtaining one or more requests for updating a plurality of pieces of data in one or more blockchains and updating the plurality of pieces of data in the one or more blockchains.
    Type: Grant
    Filed: June 4, 2020
    Date of Patent: February 23, 2021
    Assignee: ADVANCED NEW TECHNOLOGIES CO., LTD.
    Inventors: Yayang Guan, Yuan Chen, Kai Wang
  • Patent number: 10931637
    Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: February 23, 2021
    Assignee: Palo Alto Networks, Inc.
    Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
  • Patent number: 10931447
    Abstract: A data receiving device includes: a receiving unit that receives data, a list of individual identifiers, and a MAC generated by the repeater device; a pseudo-random function processing unit that derives a secret key by performing arithmetic by a predetermined pseudo-random function; a MAC generating function processing unit that generates MAC by performing arithmetic by a predetermined MAC generating function; a pseudo-random function processing controller that performs control to generate recursively a secret key corresponding to the individual identifier of each communication device from the first hierarchy to the N-th hierarchy; a MAC generating function processing controller that performs control to generate recursively a MAC corresponding to each communication device from the N-th hierarchy to the first hierarchy; and a comparator that compares the received MAC with the generated MAC corresponding to the communication device of the first hierarchy.
    Type: Grant
    Filed: July 11, 2018
    Date of Patent: February 23, 2021
    Assignee: RENESAS ELECTRONICS CORPORATION
    Inventor: Daisuke Moriyama
  • Patent number: 10929401
    Abstract: Policy-based storage and retrieval combined with a distribution algorithm results in automatic and even distribution of policy-based storage structures across a set of nodes and dynamic, automated homing or ownership of policy-based storage structures. Large numbers of policy-based storage structures may be distributed without manual administration, allowing for rapid creation and destruction of storage structures. The overall load may be distributed and balanced across the server pool. Multiple entries having the same key value in a database- or table-like structure allow for distribution of policy-based storage and retrieval by key value and for queue semantics to be utilized for microqueues in the large database- or table-like structure.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: February 23, 2021
    Assignee: TIBCO SOFTWARE INC.
    Inventors: Jean-Noel Moyne, Suresh Subramani, Tom M. Kim, Firat Kart
  • Patent number: 10929526
    Abstract: Aspects of the disclosure are related to a method, apparatus, and system for using display content from a rich operating system (OS) environment as a background image in a trusted user interface (UI), comprising: capturing a display buffer of the rich OS environment; passing the captured display buffer to a Trusted Application; and displaying, with the Trusted Application, the captured display buffer as the background image in the trusted UI, wherein the Trusted Application is executed in a Trusted Execution Environment (TEE).
    Type: Grant
    Filed: March 1, 2016
    Date of Patent: February 23, 2021
    Assignee: QUALCOMM Incorporated
    Inventors: Haijun Zhao, Jilei Hou, Liang Zhang
  • Patent number: 10924508
    Abstract: The present disclosure is directed to preventing computer data from being usurped and exploited by individuals or organizations with nefarious intent. Methods and systems consistent with the present disclosure may store keys and keying data for each of a plurality of connections in separate memory locations. These memory locations may store data that maps a virtual address to a physical memory address associated with storing information relating to a secure connection. These separate memory locations may have a unique instance for each individual communication connection session, for example each transport layer security (TLS) connection may be assigned memory via logical addresses that are mapped to one or more physical memory addresses on a per-core basis. Such architectures decouple actual physical addresses that are used in conventional architectures that assign a single large continuous physical memory partition that may be accessed via commands that access physical memory addresses directly.
    Type: Grant
    Filed: December 21, 2017
    Date of Patent: February 16, 2021
    Assignee: SonicWALL Inc.
    Inventors: Raj Raman, Aleksandr Dubrovsky
  • Patent number: 10924262
    Abstract: The present disclosure provides a computer-implemented method for processing dynamic data by dynamic data processing device. The device comprises a homomorphic encryption module and a plurality of computing modules running in parallel. The method comprises carrying out, by the homomorphic encryption module, fully homomorphic encryption to dynamic data received from an object which generates the dynamic data; updating, by the computing module which is not in bootstrapping, the encrypted state variable; and carrying out, by the computing module which completes bootstrapping, the first update to the encrypted state variable. The first update to the encrypted state variable after completion of bootstrapping is carried out by x(t+Nboot)?ANbootx(t)+?j=0Nboot?1ANboot?1?jB(r(t+j)?y(t+j)).
    Type: Grant
    Filed: August 7, 2019
    Date of Patent: February 16, 2021
    Assignee: Crypto Lab Inc.
    Inventors: Hyungbo Shim, Junghee Cheon, Yongsoo Song, Miran Kim, Junsoo Kim, Chanhwa Lee
  • Patent number: 10915417
    Abstract: First audit information corresponding to a first set of log entries associated with a transformation performed on first data is obtained, where the first audit information includes a first commutative result produced by applying a commutative function to object identifiers associated with the first set of log entries. Second audit information corresponding to a second set of log entries associated with the transformation performed on second data is obtained, with the second data being a different representation of the first data and where the second audit information includes a second commutative result produced by applying the commutative function to object identifiers associated with the second set of log entries. The first commutative result is compared with the second commutative result to validate whether the second data matches the first data. One or more actions are performed depending on whether the second data is the successful transformation of the first data.
    Type: Grant
    Filed: March 19, 2019
    Date of Patent: February 9, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Anil Kumar, Naveen Anand Subramaniam, Rishabh Animesh, James Caleb Kirschner, Paul D. Franklin, Brian Gouldsberry, Qingqing Xiao
  • Patent number: 10902118
    Abstract: Disclosed are systems and methods for training and retraining a model for detection of malicious activity from container files, which contain at least two or more objects constituting logically separate data regions. Parameters of each object chosen from at least one safe container and one malicious container are determined which uniquely characterize the functional relation of the mentioned object to at least one selected object. Convolutions are formed separately for each container on the basis of the determined parameters of the objects, which are used to train a machine learning model for detecting malicious container files.
    Type: Grant
    Filed: September 7, 2018
    Date of Patent: January 26, 2021
    Assignee: AO KASPERSKY LAB
    Inventors: Vladimir V. Krylov, Alexander V. Liskin, Alexey E. Antonov
  • Patent number: 10903980
    Abstract: Multiple, separately administrated computer systems storing slices of the cipher text of a Personally Identifiable Information (PII) data item that is represented by a token. The token is used as a substitute of the data item. The data item is encrypted using a public key. To recover the data item, a complete set of the slices is retrieved from the separate computer systems and decrypted using the private key corresponding to the public key. Instances and circumstances of the usages of the data item can be recorded under the token in a blockchain ledger in connection with the retrieval and/or decryption of the cipher text. A data item owner may use the data item and the public key to recreate the cipher text, retrieve the token stored with the cipher text in the separate computer systems, and then query the ledger for a usage history of the data item.
    Type: Grant
    Filed: October 8, 2018
    Date of Patent: January 26, 2021
    Assignee: DATA REPUBLIC PTY LTD
    Inventors: Ryan Matthew Peterson, Julia Clavien, Daniel James Gilligan, Paul Milton McCarney, Daniel Kevin Austin
  • Patent number: 10903979
    Abstract: Batched execution of encryption operations is performed. A batched set of data for which format-preserving encryption is to be performed is obtained. The batched set of data includes a plurality of fields of data, which are independent of one another. Multiple rounds of format-preserving encryption are performed on the plurality of fields of data to provide an output of format-preserved encrypted data. A round of format-preserving encryption includes calling an encryption function to perform one or more encryption operations on the plurality of fields of data in parallel.
    Type: Grant
    Filed: November 30, 2018
    Date of Patent: January 26, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Michael J. Jordan, Tamas Visegrady, John C. Dayka, Michael C. Osborne
  • Patent number: 10903976
    Abstract: Systems and methods for an end-to-end secure operation using a query matrix Q_M having dimensions d×s. Exemplary methods include: extracting a set of term components {T} of the operation using a term generation function; partitioning a range of a keyed hash function H(T) into a set of vectors {c_T}; setting Q_M (j,m)=E(B_j,m) when c_T[j]=m for j=0, . . . , (d?1) and for m=0, . . . , (s?1), E(B_j,m) being a non-zero bitmask corresponding to element T from the set of term components {T} encrypted using a homomorphic encryption scheme E; and setting Q_M (j,m)=E(0) when c_T[j]?m for j=0, . . . , (d?1) and for m=0, . . . , (s?1), E(0) being a zero bitmask encrypted using the homomorphic encryption scheme E.
    Type: Grant
    Filed: January 19, 2018
    Date of Patent: January 26, 2021
    Assignee: Enveil, Inc.
    Inventors: Ellison Anne Williams, Ryan Carr
  • Patent number: 10904218
    Abstract: Technologies are provided in embodiments to protect private data. Embodiments are configured to intercept a network flow en route from a server to a client device, identify a request for a private data item in an object of the network flow, identify the private data item in a data store, provide, to the client device, a modified object including an authorization request, and send the private data item to the server when valid authorization information is received. Embodiments are also configured to receive authorization information from the client device, determine whether the authorization information is valid, and obtain the private data item if the authorization information is determined to be valid. Embodiments may also be configured to determine an unlocking mechanism for the private data item, and create a modified object including the authorization request based, at least in part, on the unlocking mechanism.
    Type: Grant
    Filed: November 25, 2013
    Date of Patent: January 26, 2021
    Assignee: McAfee, LLC
    Inventor: Igor Muttik
  • Patent number: 10902132
    Abstract: An apparatus, method and system are disclosed which may be used for assessing the trustworthiness of a particular proprietary microelectronics device design representation in a manner that will maintain its confidentiality and, among other things, thwart attempts at unauthorized access, misappropriation and reverse engineering of the confidential proprietary aspects contained in the design representation and/or its bit stream design implementation format. The disclosed method includes performing a process for assessing/verifying a particular microelectronics device design representation and then providing some indication of the trustworthiness of that representation. An example utility/tool which implements the disclosed method is described that is particularly useful for trust assessment and verification of FPGA designs.
    Type: Grant
    Filed: August 25, 2017
    Date of Patent: January 26, 2021
    Assignee: Graf Research Corporation
    Inventors: Jonathan Peter Graf, Ali Asgar Ali Akbar Sohanghpurwala, Scott Jeffery Harper
  • Patent number: 10896246
    Abstract: A method for concealing original data to protect personal information is provided. The method includes steps of: a data obfuscation device (a) if the original data is acquired, inputting the original data or its modified data into a learning network, and allowing the learning network to (i) apply a network operation to the original data or the modified data using learned parameters of the learning network and thus to (ii) output characteristic information on the original data or the modified data; and (b) updating the original data or the modified data via backpropagation using part of (i) 1-st losses calculated by referring to the characteristic information and its corresponding 1-st ground truth, and (ii) 2-nd losses calculated by referring to (ii-1) a task specific output generated by using the characteristic information and (ii-2) a 2-nd ground truth corresponding to the task specific output, to thereby generate obfuscated data.
    Type: Grant
    Filed: March 3, 2020
    Date of Patent: January 19, 2021
    Assignee: DEEPING SOURCE INC.
    Inventor: Tae Hoon Kim
  • Patent number: 10896013
    Abstract: Examples disclosed herein relate to identifying a pool of printing devices, wherein each of the printing devices is associated with one of a plurality of owner entities, receiving a print job from a user, selecting a printing device from the pool of printing devices for the print job, causing the print job to be printed by the selected printing device, and crediting an account of the owner entity associated with the selected printing device.
    Type: Grant
    Filed: July 6, 2016
    Date of Patent: January 19, 2021
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventor: Alin Vana
  • Patent number: 10897367
    Abstract: A data protection policy enforcement operation is provided for enforcing data protection policies in collaborative framework environments which permit a plurality of collaborators to jointly work on projects requiring access to project data assets. For this purpose, a method includes establishing, by a computer device, a plurality of rules for evaluating actions performed in a collaborative environment, the collaborative environment including a plurality of collaborators and a plurality of data assets associated with collaboration between the collaborators; in response to a request to perform an action in the collaborative environment, applying the rules to the plurality of data assets related to the data assets to create a plurality of determinations; in response to each of the plurality of determinations being allowed, allowing the action to be performed; and, in response to at least one of the plurality of determinations being denied, preventing the action from being performed.
    Type: Grant
    Filed: July 26, 2019
    Date of Patent: January 19, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Roger C. Raphael, Rajesh M. Desai, Olena Woolf, Arron La
  • Patent number: 10891396
    Abstract: An electronic circuit includes an operator including logic gates configured to perform either one or both of encryption and decryption operations. The electronic circuit further includes a controller configured to control the operator to operate in a first mode in which each of the logic gates outputs a first logic value during a first time period of a clock signal, and operate in a second mode in which a number of first logic gates, each of which outputs the first logic value, among the logic gates, and a number of second logic gates, each of which outputs a second logic value, among the logic gates, are maintained constant during a second time period of the clock signal, in response to a control value indicating that either one or both of the encryption and decryption operations are performed.
    Type: Grant
    Filed: April 17, 2017
    Date of Patent: January 12, 2021
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Hong-Mook Choi, Yun-Ho Youm, Sang-Hyun Park, Hyesoo Lee
  • Patent number: 10892887
    Abstract: Methods, systems, and techniques for storing a binary large object involve receiving, at a first node comprising part of a first blockchain, the binary large object; hashing the binary large object; sending the binary large object from the first node to at least one other node that is part of the first blockchain without using the first blockchain; and after the binary large object has been disseminated to at least the number of nodes on the first blockchain required to achieve consensus, storing a hash of the binary large object on the first blockchain. Sending the binary large object involves disseminating the binary large object to at least a number of nodes on the first blockchain required to achieve consensus.
    Type: Grant
    Filed: December 31, 2019
    Date of Patent: January 12, 2021
    Assignee: NORTH PEAK RESOURCES LTD.
    Inventor: Thomas Thompson
  • Patent number: 10884917
    Abstract: The present disclosure generally relates to data storage devices comprising one or more memory packages. At least one memory package of the storage device comprises a first stack of memory dies coupled together by a first chip select line and a second stack of memory dies coupled together by a second chip select line. Both the first stack and the second stack comprise a plurality of non-volatile memory dies and a dissimilar memory die disposed on top of the plurality of non-volatile memory dies. Within both the first stack and the second stack, the plurality of non-volatile memory dies is a different type of memory than the dissimilar memory die. Additionally, within both the first stack and the second stack, the plurality of non-volatile memory dies is configured to store host data, and the dissimilar memory die is configured to store cached data.
    Type: Grant
    Filed: December 5, 2018
    Date of Patent: January 5, 2021
    Assignee: WESTERN DIGITAL TECHNOLOGIES, INC
    Inventors: Robert W. Ellis, Stephen Gold
  • Patent number: 10885216
    Abstract: Secure substring searching on encrypted data may involve a first preprocessing comprising fragmenting a plaintext string slated for remote secure storage, in a plurality of overlapping plaintext substrings. A second preprocessing encrypts these substrings into ciphertexts (e.g., utilizing Frequency-Hiding Order Preserving Encryption) further including position information of the substring. A search index and a secret state result from the first and second preprocessing. The ciphertexts and search index are outsourced to a database within an unsecure server. An engine within the server determines candidate ciphertexts matching a query request received from a secure client. The engine returns ciphertexts to the client for decryption according to the secret state. Preprocessing may be delegated to a third party for outsourcing search index/ciphertexts to the server, and the secret state to the client.
    Type: Grant
    Filed: January 18, 2018
    Date of Patent: January 5, 2021
    Assignee: SAP SE
    Inventors: Florian Hahn, Nicolas Loza, Florian Kerschbaum
  • Patent number: 10884838
    Abstract: Maintaining core dump privacy during application fault handling. A core memory dump is received for an application from a runtime engine. Areas of the core memory dump are analyzed to identify structural data in the form of internal structures of the runtime engine. The identified structural data is retained in a modified core memory dump, and remaining non-structural data in the areas of the core memory dump is processed to ensure it is not readable by unauthorized entities in the modified core memory dump. The modified core memory dump is outputted for fault analysis.
    Type: Grant
    Filed: November 4, 2019
    Date of Patent: January 5, 2021
    Assignee: International Business Machines Corporation
    Inventors: Christopher N. Bailey, Paul K. Bullis
  • Patent number: 10878116
    Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for secure distributed backup for personal device and cloud data. An example method disclosed herein includes, in response to a request for a file from a client device, obtaining a map corresponding to the file from a remote device, and requesting, by executing an instruction with a processor, a first file chunk from a first cloud storage location based on the map. The example method further includes requesting, by executing an instruction with the processor, a second file chunk from a second cloud storage location based on the map, and generating, by executing an instruction with the processor, the file by combining the first file chunk and the second file chunk. The example method also includes causing transmission of the file to the client device.
    Type: Grant
    Filed: January 21, 2019
    Date of Patent: December 29, 2020
    Assignee: Mcafee, LLC
    Inventors: Mitesh Kumar, Srikanth Nalluri, Dattatraya Kulkarni, Kamlesh Halder, Kranthikumar Gadde, Kaushal Kumar Dhruw, Krishnapur Venkatasubrahmanyam, Susmita Nayak
  • Patent number: 10877549
    Abstract: In one embodiment, a multicore processor includes cores that can independently execute instructions, each at an independent voltage and frequency. The processor may include a power controller having logic to provide for configurability of power management features of the processor. One such feature enables at least one core to operate at an independent performance state based on a state of a single power domain indicator present in a control register. Other embodiments are described and claimed.
    Type: Grant
    Filed: February 8, 2019
    Date of Patent: December 29, 2020
    Assignee: Intel Corporation
    Inventors: Malini K. Bhandaru, Eric J. Dehaemer, Scott P. Bobholz, Raghunandan Makaram, Vivek Garg
  • Patent number: 10880082
    Abstract: In some examples, a device includes a memory controller to, during a power-on process of the device: read encrypted data from a nonvolatile memory, decrypt, using a first key, the encrypted data to produce decrypted data, encrypt, using a second key different from the first key produced as part of rekeying, the decrypted data to produce new encrypted data, and write the new encrypted data to the nonvolatile memory. A power-on code is to prevent booting of the device until all data in the nonvolatile memory has been encrypted using the second key.
    Type: Grant
    Filed: October 19, 2017
    Date of Patent: December 29, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Robert C. Elliott, Melvin K. Benedict, Michael White