Data Processing Protection Using Cryptography Patents (Class 713/189)
  • Patent number: 11928225
    Abstract: Systems, computer program products, and methods are described herein for implementing real-time redaction in a workflow configurable environment. The present invention is configured to electronically receive, from a user input device, a request to load at least one user interface associated with an application; initiate a real-time content redaction engine on contents of the one or more fields associated with the at least one user interface in response to receiving the request, wherein initiating further comprises: parsing one or more embedded structures associated with the one or more fields; identifying private information in the one or more fields based on at least parsing the one or more embedded structures; and masking the private information in the one or more fields; and load the at least one user interface associated with the application in response to masking the private information in the one or more fields.
    Type: Grant
    Filed: June 1, 2023
    Date of Patent: March 12, 2024
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Nagaraju Buddhiraju, Deepali Dadhich, Lekshan Bhathiya Jayasinghe
  • Patent number: 11930118
    Abstract: An authentication method includes: receiving a command of an upper host; parsing an option parameter in the command; determining a value of a fingerprint authentication identifier in the option parameter, and if the value is a first preset value, prompting a user to input a fingerprint and verifying the fingerprint input to obtain a user operation verification result; if the value is a second preset value, prompting the user to press a key and verifying the key pressed to obtain a user operation verification result; determining the user operation verification result, and if the user operation verification result is success, setting an authentication mode confirmation identifier, obtaining client data from the command, generating data to be signed, signing the data to be signed to generate a signature result, sending the signature result to the upper host; if the user operation verification result is failure, reporting an error.
    Type: Grant
    Filed: January 26, 2021
    Date of Patent: March 12, 2024
    Assignee: FEITIAN TECHNOLOGIES CO., LTD.
    Inventors: Zhou Lu, Huazhang Yu
  • Patent number: 11921849
    Abstract: A system for defending against a side channel attack. The system includes a reuse distance buffer configured to measure one or more reuse distances for a microarchitecture block according to information of marker candidates and information of target events of a microarchitecture block; and a defense actuator configured to determine existence of a side channel attack in the microarchitecture block according to the one or more reuse distances for the microarchitecture block.
    Type: Grant
    Filed: February 22, 2021
    Date of Patent: March 5, 2024
    Assignee: The George Washington University
    Inventors: Guru Prasadh Venkataramani, Milo{hacek over (s)} Doroslova{hacek over (c)}ki, Hongyu Fang
  • Patent number: 11922145
    Abstract: Implementations are directed to developing and facilitating a data collaboration using a data collaboration tool that bundles data pipelines and governing contracts into a data collaboration app. The data collaboration tool may include an authoring mode and may include an electronic canvas that visually represents all contracts and pipelines of the data collaboration app on a single canvas and visually represents traceability from the contracts to the pipeline elements they enable. A developer may use authoring mode to develop a template app that includes placeholder elements, including a reference to an anonymous placeholder participant. The template app may be shared, and a recipient may invite data collaborators to fill in the placeholder elements and deploy the app, enabling the data collaborators to trigger the data pipelines to execute in a data trustee environment to generate insights from each other's assets without exposing the assets to the collaborators or the developer.
    Type: Grant
    Filed: March 1, 2022
    Date of Patent: March 5, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yisroel Gershon Taber, Ittay Levy Ophir, Lev Rozenbaum, Nerya Cohen
  • Patent number: 11924348
    Abstract: An example operation may include one or more of establishing a communication channel between a sending system and a receiving system, executing an oblivious transfer protocol between the sending system and the receiving system via the established communication channel, wherein the oblivious transfer protocol provides the receiving system with a functional encryption key based on a data vector of the receiving system without the sending system learning the data vector, committing to the functional encryption key using a cryptographic commitment and signing the functional encryption key commitment with a digital key of the receiving system, and storing the signed functional encryption key commitment to a blockchain.
    Type: Grant
    Filed: February 27, 2021
    Date of Patent: March 5, 2024
    Assignee: International Business Machines Corporation
    Inventors: Yacov Manevich, Nitin Gaur, Petr Novotny, Sarbajit K. Rakshit
  • Patent number: 11921874
    Abstract: A file protection method of a computer apparatus including a processor, the method including extracting classes from an executable file of a package file, classifying the classes into class groups, adding a loading code to a first class group among the class groups, the loading code configured to cause sequential loading of the class groups to a memory in a random loading order in response to execution of the package file, adding an integrity code to a second class group among the class groups, the integrity code configured to verify an integrity of a corresponding class group among the class groups or a previous class group among the class groups, the previous class group including the loading code configured to cause the corresponding class group to load, and regenerating the package file using the class groups after the adding the loading code and the adding the integrity code.
    Type: Grant
    Filed: May 28, 2021
    Date of Patent: March 5, 2024
    Assignee: LINE Plus Corporation
    Inventors: Sang Min Chung, Seol hwa Han, SangHun Jeon
  • Patent number: 11924351
    Abstract: A transient blockchain proxy server consolidates many individual requests to add data to a blockchain by aggregating hashed data from these requests and sending the aggregated hashed data to the blockchain network as a single request. The blockchain network adds a new block to the blockchain with the aggregated hashed data and returns a transaction identifier for the new block to the transient blockchain proxy server, which passes the transaction identifier back to all the requestors who then can directly use the blockchain network to verify the hashed data using the transaction identifier. The transient blockchain proxy server buffers all incoming requests until one of the pending requests reaches a send timepoint that is the blockchain network delay plus a buffer time before a guaranteed time of verification. All incoming requests are then consolidated and sent as a single transaction to the blockchain network. Tiered verification-time services are enabled.
    Type: Grant
    Filed: February 9, 2023
    Date of Patent: March 5, 2024
    Assignee: Hong Kong Applied Science and Technology Research Institute Company Limited
    Inventors: Tak Wing Lam, Tak Fuk Wong
  • Patent number: 11924325
    Abstract: Techniques are presented for controlling or influencing use of and/or access to a resource. This resource may be a device, such as an IoT (Internet of Things) device or a process. Techniques include a method comprising generating a blockchain transaction (TxA) indicative of a condition on use of, or access to, the resource for a specified period of time, the blockchain transaction comprising a multi-signature script requiring a plurality of signatures for completion of the blockchain transaction; providing a first subset of the plurality of signatures to the blockchain transaction (TxA) to generate a partially signed signature script to partially complete the blockchain transaction (SI 14); and responsive to the condition on the use of, or access to, the resource being satisfied, providing a second subset of the plurality of signatures (S204) to the blockchain transaction to fully complete the blockchain transaction.
    Type: Grant
    Filed: April 17, 2022
    Date of Patent: March 5, 2024
    Assignee: nChain Licensing AG
    Inventors: Stephane Vincent, Craig Steven Wright
  • Patent number: 11924233
    Abstract: A method includes receiving, at a first server from a second server, a first file attribute associated with a file. The method includes making a determination, at the first server based on the first file attribute, of availability of a classification for the file from a cache of the first server. The method includes, in response to the determination indicating that the classification is not available from the cache, sending a notification to the second server indicating that the classification for the file is not available. The method also includes receiving a first classification for the file from the second server at the first server. The first classification is generated by the second server responsive to the notification.
    Type: Grant
    Filed: December 22, 2021
    Date of Patent: March 5, 2024
    Assignee: SPARKCOGNITION, INC.
    Inventors: Lucas McLane, Jarred Capellman
  • Patent number: 11917067
    Abstract: Systems, methods, and apparatuses relating to circuitry to implement an instruction to create and/or use data that is restricted in how it can be used are described. In one embodiment, a hardware processor comprises a decoder of a core to decode a single instruction into a decoded single instruction, the single instruction comprising a first input operand of a handle including a ciphertext of an encryption key (e.g.
    Type: Grant
    Filed: December 28, 2019
    Date of Patent: February 27, 2024
    Assignee: Intel Corporation
    Inventor: Jason W. Brandt
  • Patent number: 11907383
    Abstract: Systems, computer program products, and methods are described herein for implementing real-time redaction in a workflow configurable environment. The present invention is configured to electronically receive, from a user input device, a request to load at least one user interface associated with an application; initiate a real-time content redaction engine on contents of the one or more fields associated with the at least one user interface in response to receiving the request, wherein initiating further comprises: parsing one or more embedded structures associated with the one or more fields; identifying private information in the one or more fields based on at least parsing the one or more embedded structures; and masking the private information in the one or more fields; and load the at least one user interface associated with the application in response to masking the private information in the one or more fields.
    Type: Grant
    Filed: June 1, 2023
    Date of Patent: February 20, 2024
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Nagaraju Buddhiraju, Deepali Dadhich, Lekshan Bhathiya Jayasinghe
  • Patent number: 11907704
    Abstract: Various systems and methods for enabling derivation and distribution of an attestation manifest for a software update image are described. In an example, these systems and methods include orchestration functions and communications, providing functionality and components for a software update process which also provides verification and attestation among multiple devices and operators.
    Type: Grant
    Filed: May 2, 2022
    Date of Patent: February 20, 2024
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Kshitij Arun Doshi, John J. Browne, Vincent J. Zimmer, Francesc Guim Bernat, Kapil Sood
  • Patent number: 11907408
    Abstract: A device comprising a processing unit having a plurality of processors is provided. At least one encryption unit is provided as part of the device for encrypting data written by the processors to external storage and decrypting data read from that storage. The processors are divided into different sets, with state information held in the encryption unit for performing encryption/decryption operations for requests for different sets of processors. This enables interleaved read completions or write requests from different sets of processors to be handled by the encryption unit, since associated state information for each set of processors is independently maintained.
    Type: Grant
    Filed: March 29, 2021
    Date of Patent: February 20, 2024
    Assignee: GRAPHCORE LIMITED
    Inventors: Graham Cunningham, Daniel Wilkinson
  • Patent number: 11901003
    Abstract: Leveraging stochastic physical characteristics of resistive switching devices to generate data having very low cross correlation among bits of that data is disclosed. Data generated from stochastic physical characteristics can also be referred to as physical unclonable feature—or function—(PUF) data. Additionally, error correction functions for PUF data generated from resistive switching memory cells are provided. The error correction functions facilitate additional redundancy and longevity of PUF data, among other benefits. Different embodiments include addressing arrangements to incorporate ECC parity bits among generated PUF data bits, even for differential PUF bits respectively defined by multiple memory cells in different portions of a resistive memory array.
    Type: Grant
    Filed: March 30, 2022
    Date of Patent: February 13, 2024
    Assignee: Crossbar, Inc.
    Inventor: Mehdi Asnaashari
  • Patent number: 11893112
    Abstract: There is provided a device of protecting an Integrated Circuit from perturbation attacks. The device includes a sensing unit configured to detect a perturbation attack, the sensing unit comprising a set of digital sensors comprising at least two sensors, the sensors being arranged in parallel. Each digital sensor provides a digitized bit output having a binary value, in response to input data, the sensing unit being configured to deliver at least one binary vector comprising a multi-bit value, the multi-bit value comprising at least two bit outputs provided by the set of digital sensors. The sensing device further comprising an analysis unit, the analysis unit being configured to receive at least one binary vector provided by the sensing unit, the analysis unit being configured to detect a perturbation attack from the at least one binary vector.
    Type: Grant
    Filed: November 21, 2018
    Date of Patent: February 6, 2024
    Assignee: SECURE-IC SAS
    Inventors: Sylvain Guilley, Adrien Facon, Nicolas Bruneau
  • Patent number: 11895102
    Abstract: An identity authentication management (IAM) service is established as a master over a master identity database of the centralized identity authentication management service. When adding an additional node to the computing infrastructure, a non-master copy of the master identity database is distributed to the additional node. Ongoing coordination between the master identity database and the non-master copy is established so as to synchronize differences between the master identity database and the non-master copy of the identity database. The additional node hosts a fully-functional authentication management service using the non-master copy of the master identity database and is able to respond to READ requests for data by accessing the non-master copy—without interaction with the centralized identity authentication management service.
    Type: Grant
    Filed: July 31, 2020
    Date of Patent: February 6, 2024
    Assignee: Nutanix, Inc.
    Inventors: Vinod Gupta, Sunil Chandrabhan Agrawal
  • Patent number: 11893144
    Abstract: A system includes a virtual machine to transmit an input/output request to a data storage system and a hypervisor configured to maintain a map of the virtual machine to a virtual disk, wherein the virtual disk is a slice of a persistent storage device. A virtual machine server is configured to maintain a map of the virtual disk to a start address and an end address and to update the input/output request with the start address, the end address, and a virtual disk identifier associated with the virtual machine. A processor determines whether the start address and the end address are valid, and if the start address and the end address are valid, then process the input/output request. The response is transmitted to the input/output request.
    Type: Grant
    Filed: August 3, 2022
    Date of Patent: February 6, 2024
    Assignee: Dell Products L.P.
    Inventors: Ankit Singh, Vinod Parackal Saby, Deepaganesh Paulraj
  • Patent number: 11887508
    Abstract: There is provided an information processing apparatus that generates an encrypted bit string in which a hash value calculated by using keyed hashing from a keyword for an information search is mapped into a bit string having a predetermined length, selects a predetermined number of bits from the encrypted bit string on the basis of a dynamically generated random number, inverts the predetermined number of selected bits, and sends the encrypted bit string and inverted-bit-number information to an external apparatus. The inverted-bit-number information indicates a number of bits inverted by a bit inverting unit.
    Type: Grant
    Filed: May 28, 2019
    Date of Patent: January 30, 2024
    Assignee: SONY CORPORATION
    Inventors: Atsushi Uchida, Shinya Maruyama
  • Patent number: 11876835
    Abstract: Various embodiments are generally directed to techniques to enforce policies for computing platform resources, such as to prevent denial of service (DoS) attacks on the computing platform resources. Some embodiments are particularly directed to ISA instructions that allow trusted software/applications to securely enforce policies on a platform resource/device while allowing untrusted software to control allocation of the platform resource. In many embodiments, the ISA instructions may enable secure communication between a trusted application and a platform resource. In several embodiments, a first ISA instruction implemented by microcode may enable a trusted application to wrap policy information for secure transmission through an untrusted stack.
    Type: Grant
    Filed: October 15, 2021
    Date of Patent: January 16, 2024
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan
  • Patent number: 11876900
    Abstract: A system includes a communication channel monitor configured to calculate a hash value of a first encrypted code segment based on a measurement. A security module may derive a first encryption key using a key decryption function operation from the hash value of the first encrypted code segment. A processor decrypts the first encrypted code segment with a seed key retrieved from a storage device, and if the decryption is successful then executes the first decrypted code segment. The processor may retrieve a second one of the encrypted code segments, wherein the second encrypted code segment is a next encrypted code segment for execution after the first encrypted code segment according to a sequence of execution, decrypt the second encrypted code segment with the first encryption key, and if the decryption is successful then execute the second decrypted code segment.
    Type: Grant
    Filed: May 18, 2022
    Date of Patent: January 16, 2024
    Assignee: Dell Products L.P.
    Inventors: Nicholas D. Grobelny, Richard M. Tonry, Balasingh P. Samuel
  • Patent number: 11870915
    Abstract: A secure programming system can receive a job control package having a security kernel and a target payload of content for programming into a pre-defined set of trusted devices. A device programmer can install a security kernel on the trusted devices and reboot the trusted devices using the security kernel to validate the proper operation of the security kernel. The target payload can then be securely installed on the trusted devices and validated.
    Type: Grant
    Filed: June 28, 2022
    Date of Patent: January 9, 2024
    Assignee: Data I/O Corporation
    Inventors: Rajeev Gulati, David R. Christie, Edwin R. Musch, Benjamin M. Deagen
  • Patent number: 11862987
    Abstract: A contactless battery system includes a sealable case, a battery unit disposed within the sealable case, and at least one wireless power transmission coupler connected to the battery unit and disposed within the sealable case. The battery unit includes an arrangement of serially connected battery cells in a fixed number of banks of battery cells to deliver a set voltage and current. The wireless power transmission coupler is disposed with respect to at least one face of the sealable case to enable magnetic inductive signaling for charging, discharging, and communication with the battery unit. A battery management controller communicates bidirectionally with the contactless battery systems and with electrically powered equipment to control charging. A distribution system manages distribution of the contactless battery systems to a plurality of depots adapted to store, charge, or exchange depleted contactless battery systems under control of at least one management unit.
    Type: Grant
    Filed: December 7, 2022
    Date of Patent: January 2, 2024
    Assignee: InductEV Inc.
    Inventors: Andrew W. Daga, Francis J. McMahon, Matthew L. Ward
  • Patent number: 11863975
    Abstract: Systems and methods of protecting an initial NAS message are described. The NAS message is encrypted using the home PLMN public key during initial registration with the network using a registration request message. An AMF of the serving PLMN sends a serving PLMN public key which is then used to encrypt information including an S-NSSAI of later initial NAS messages after initial registration is completed. The S-NSSAI may not be sent in the later initial NAS message if the S-NSSAI is provided at an access stratum level. The RRC message may contain an indication that the S-NSSAI is encrypted using the serving PLMN public key.
    Type: Grant
    Filed: October 30, 2019
    Date of Patent: January 2, 2024
    Assignee: Apple Inc.
    Inventors: Alexandre Saso Stojanovski, Robert Zaus, Farid Adrangi, Raimund Wloka, Abhijeet Ashok Kolekar, Ahmed Soliman, Sudeep K. Palat
  • Patent number: 11853451
    Abstract: A method for providing and searching a searchable encrypted database. The system obtains plain text data and first and second encryption keys. The plain text data is parsed using a priori knowledge of the plain text data structure to identify data blocks and associated metadata components. The data blocks are encrypted using the first encryption key to provide encrypted data blocks. The metadata components are encrypted with the second encryption key to provide encrypted metadata components. The encrypted data blocks and encrypted metadata components are stored in a storage vault to provide a searchable encrypted database whilst discarding the plain text data and the first encryption key. A search term is encrypted with the second encryption key to provide an encrypted search term used to search the searchable encrypted database to determine whether it matches one or more of the encrypted metadata components, and a search result is returned.
    Type: Grant
    Filed: August 16, 2021
    Date of Patent: December 26, 2023
    Assignee: Issured Limited
    Inventors: David Beardsworth, Jeddiah Stone, Jonathan Empson
  • Patent number: 11853413
    Abstract: Some embodiments are directed to a computing device (100) configured for execution of a computer program protected against address probing. The device is configured to run at least one anomaly detector (140) for detecting an address probing on the computer program, and to selectively replace an originating computer program code part with a replacement computer program code part wherein an address probing countermeasure is added.
    Type: Grant
    Filed: December 2, 2019
    Date of Patent: December 26, 2023
    Assignee: Koninklijke Philips N.V.
    Inventors: Koustubha Bhat, Hendrik Jaap Bos, Cristiano Giuffrida, Erik van der Kouwe
  • Patent number: 11856402
    Abstract: Techniques for identity-based message integrity protection and verification between a user equipment (UE) and a wireless network entity, include use of signatures derived from identity-based keys. To protect against attacks from rogue network entities before activation of a security context with a network entity, the UE verifies integrity of messages by checking a signature using an identity-based public key PKID derived by the UE based on (i) an identity value (ID) of the network entity and (ii) a separate public key PKPKG of a private key generator (PKG) server. The network entity generates signatures for messages using an identity-based private key SKID obtained from the PKG server, which generates the identity-based private key SKID using (i) the ID value of the network entity and (ii) a private key SKPKG that is known only by the PKG server and corresponds to the public key PKPKG.
    Type: Grant
    Filed: November 15, 2021
    Date of Patent: December 26, 2023
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Shu Guo, Lijia Zhang, Qian Sun, Huarui Liang, Fangli Xu, Yuqin Chen, Haijing Hu, Dawei Zhang, Hao Duo, Lanpeng Chen
  • Patent number: 11853457
    Abstract: The disclosure relates to a computed-implemented method, a computer program, and a computer system for selectively verifying personal data. The method comprises receiving, by an identity application of a client device, personal data of a user. The method further comprises computing, via a cryptographic hash function, one or more cryptographic hashes from elements of the personal data. The method further comprises storing the cryptographic hashes, an internal identifier and a timestamp as an entry in a distributed database. The internal identifier is unique within the distributed database. The method further comprises receiving a user request from the user. The method further comprises selecting one or more of the elements of personal data for verification. The method further comprises requesting verification of the selected elements of personal data. The method further comprises determining an authorization indication in response to the verification request.
    Type: Grant
    Filed: August 2, 2022
    Date of Patent: December 26, 2023
    Assignee: SAP SE
    Inventors: Oliver Latka, Anja Wilbert
  • Patent number: 11842057
    Abstract: A system for controlling processor operations is disclosed that includes a first function configured to be performed by one or more algorithms operating on a processor to identify one or more participating storage controllers, each having a software controller handle, and to cache the software controller handles during a query to a driver. A second function configured to be performed by one or more algorithms operating on the processor to invoke the driver with the cached software controller handles.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: December 12, 2023
    Assignee: DELL PRODUCTS L.P.
    Inventors: Rahumath Ali Thenmalaikaan Abdul Jabbar, Krishnakumar Narasimhan
  • Patent number: 11836260
    Abstract: A data processing system is provided, which comprises receiving circuitry for receiving, from a requester, a request to use decrypted data obtained by decrypting encrypted data. Trusted execution circuitry provides a trusted execution environment. The trusted execution circuitry is configured to: securely store a policy, acquire a key within the trusted execution environment, where the key is associated with the decrypted or encrypted data, and respond to the request based on the policy and one or more characteristics of the requester.
    Type: Grant
    Filed: November 25, 2020
    Date of Patent: December 5, 2023
    Assignee: ARM LIMITED
    Inventors: Gustavo Federico Petri, Guilhem Floréal Bryant, Dominic Phillip Mulligan, Anthony Charles Joseph Fox
  • Patent number: 11829482
    Abstract: An apparatus comprises a processing device configured to receive, at a host operating system of a virtual machine host, a request to execute a virtual machine and to obtain, from a virtual trusted platform module running on the virtual machine host, credentials for logging in to a guest operating system of the virtual machine. The processing device is further configured to provide, to pre-boot authentication software associated with the virtual machine, the credentials obtained from the virtual trusted platform module, and to automatically log in to the guest operating system of the virtual machine utilizing the pre-boot authentication software and the provided credentials.
    Type: Grant
    Filed: July 21, 2021
    Date of Patent: November 28, 2023
    Assignee: Dell Products L.P.
    Inventors: Parminder Singh Sethi, Suren Kumar
  • Patent number: 11822661
    Abstract: A method for carrying out a secured startup sequence of a control unit, which includes a host that is configured to execute a loader program and one or multiple application programs, and a hardware security module (HSM) which includes a program memory and a data memory. The method includes a starting of the host and of the HSM; an authentication of the loader program by the HSM with the aid of a loader program signature stored in the program memory of the HSM; and, an execution of the loader program by the host if the authentication of the loader program is successful.
    Type: Grant
    Filed: June 23, 2021
    Date of Patent: November 21, 2023
    Assignee: ROBERT BOSCH GMBH
    Inventors: Andreas Soenkens, Bjoern Kasper, Jens Schmuelling, Thorsten Schwepp
  • Patent number: 11822662
    Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.
    Type: Grant
    Filed: July 7, 2022
    Date of Patent: November 21, 2023
    Assignee: Advanced Elemental Technologies, Inc.
    Inventors: Victor Henry Shear, Peter Robert Williams, Jaisook Rho, Timothy St. John Redmond
  • Patent number: 11815939
    Abstract: A memory control unit of a memory device includes at least one hardware processor; and memory storing instructions that cause the at least one hardware processor to perform operations comprising: generating a scrambler seed and a logical block address (LBA) for a block of write data received by the memory control unit from a host device; generating a flash translation layer (FTL) to map the LBA to a physical address (PA); scrambling the block of data using the scrambler seed; encrypting the scrambler seed, the LBA, and the PA in the FTL using an encryption key; initiating writing a scrambled block of data and encrypted LBA and scrambler seed to a memory array; and decrypting the FTL using an incorrect encryption key in response to an erase command received by the memory control unit from the host device.
    Type: Grant
    Filed: May 19, 2022
    Date of Patent: November 14, 2023
    Inventor: Stephen Hanna
  • Patent number: 11816230
    Abstract: This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.
    Type: Grant
    Filed: December 29, 2022
    Date of Patent: November 14, 2023
    Assignee: Intertrust Technologies Corporation
    Inventors: Gilles Boccon-Gibod, Gary F. Ellison
  • Patent number: 11809564
    Abstract: Systems and procedures are provided for importing cryptographic credentials of a customer to an IHS (Information Handling System). During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an encrypted access code for unlocking the IHS and also includes encrypted credentials provided by the customer. Upon delivery and initialization of the IHS, the inventory certificate is retrieved by a pre-boot validation process. A cryptographic challenge is issued that presents the encrypted access code. Further initialization of the IHS is halted until a response to the challenge is received from the customer that provides the decrypted access code. When the decrypted access code is received, further initialization of the IHS is enabled and the encrypted credentials from the inventory certificate are imported to the IHS, thus allowing the customer to establish an independent root of trusted components using the IHS.
    Type: Grant
    Filed: October 22, 2021
    Date of Patent: November 7, 2023
    Assignee: Dell Products, L.P.
    Inventors: Marshal F. Savage, Mukund P. Khatri, Jason Matthew Young
  • Patent number: 11809568
    Abstract: An embodiment includes executing, by a hypervisor, a bootloader with access to a first logical partition of a non-volatile memory, the first logical partition storing a keystore. The embodiment also includes loading, by the bootloader, a kernel with access to the first logical partition of the non-volatile memory. The embodiment also includes receiving, by the bootloader, an encryption key from the keystore. The embodiment also includes performing, by the bootloader, a cryptographic algorithm using the encryption key on the kernel. The embodiment also includes executing, by the bootloader in an event that the performing of the cryptographic algorithm produces a first result, the kernel with access to the first logical partition of the non-volatile memory. The embodiment also includes halting, by the bootloader in an event that the performing of the cryptographic algorithm fails to produce the first result, booting of the kernel and generating an error message.
    Type: Grant
    Filed: May 12, 2021
    Date of Patent: November 7, 2023
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Joel Wolfrath, Christopher J. Engel, Matthew Vaught, Michael William Bowcutt, Phillip Scramlin
  • Patent number: 11811915
    Abstract: A method including authenticating, by a processor, received biometric information; selectively transmitting, by the processor based at least in part on a result of authenticating the received biometric information, a decryption request to decrypt an encrypted assigned private key; receiving, by the processor based at least in part on selectively transmitting the decryption request, a decrypted assigned private key; and decrypting, by the processor, encrypted content based at least in part on utilizing the decrypted assigned private key is disclosed. Various other aspects are contemplated.
    Type: Grant
    Filed: June 5, 2022
    Date of Patent: November 7, 2023
    Assignee: UAB 360 IT
    Inventor: Mindaugas Valkaitis
  • Patent number: 11804964
    Abstract: Example embodiments of systems and methods for data transmission between a contactless card, a client device, and one or more servers are provided. One or more applets of the contactless card are configured to dynamically generate an encrypted payload appended to a link, wherein the contactless card is configured to transmit the link with the appended payload to the client device via one or more gestures. The one or more servers are configured to receive the payload from the client device via one or more applications, parse and decrypt the payload after launch of one or more applications, and transmit one or more notifications to the client device based on a status associated with decryption of the payload. The client device is granted access to a plurality of services associated with the one or more servers based on the one or more notifications received from the one or more servers.
    Type: Grant
    Filed: March 15, 2021
    Date of Patent: October 31, 2023
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Jeffrey Rule, Kevin Osborn
  • Patent number: 11796972
    Abstract: An on-demand production system for accessories for use with electronic devices is configured to generate digital templates defining the design of the accessories and provide the digital templates to retail or other locations. The retail or other locations may receive access to the digital templates automatically and/or electronically within a week, a day, or even minutes, of the digital template being created. When a customer requests an accessory, the digital template may be accessed. Using an electronic production machine and a supply of stock material, the accessory can be cut, formed, printed, or otherwise produced based on instructions or designs of the digital template. The electronic production machine may automatically read the digital template to automate the production at a retail location. The electronic production machine may produce the accessory on-demand, and production of the accessory may be completed within two hours, or potentially within ten minutes, of a request.
    Type: Grant
    Filed: August 24, 2021
    Date of Patent: October 24, 2023
    Assignee: ZAGG Inc
    Inventor: Randall Hales
  • Patent number: 11792190
    Abstract: The implementations provide a method and an apparatus for establishing a trusted cluster. The method is used to form a trusted computing cluster by using N trusted computing units, the method including: grouping the N trusted computing units into a plurality of groups; identifying a first trusted computing unit in each group, and causing first trusted computing units in the plurality of groups to each respectively perform inter-unit trust authentication with other trusted computing units in a same group in parallel; performing inter-group trust authentication between/among the plurality of groups in parallel to obtain the N trusted computing units on which trust authentication succeeds; and propagating secret information in the N trusted computing units on which trust authentication succeeds, so that the N trusted computing units obtain the same secret information to form the trusted computing cluster.
    Type: Grant
    Filed: November 16, 2021
    Date of Patent: October 17, 2023
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Qunshan Huang, Xingyu Chen, Ling Xie, Lei Wang
  • Patent number: 11789621
    Abstract: Summarizing the invention, a computer-implemented method is provided. The computer-implemented method comprises: allocating, by an operating system kernel, a physical memory block for a privileged function; storing, by the operating system kernel, the privileged function in the physical memory block; creating, by the operating system kernel, an entry for the physical memory block in a mapping table, wherein the entry associates the physical memory block to a virtual memory block in an address space of a program; setting, by the operating system kernel, a security bit for the entry in the mapping table; executing, by a processor, the program in unprivileged mode; and if the program requests the privileged function: checking, by the processor, whether the security bit is set; if the security bit is set, switching, by the processor, execution to kernel mode for performing the privileged function.
    Type: Grant
    Filed: November 27, 2020
    Date of Patent: October 17, 2023
    Assignee: JOHANNES GUTENBERG-UNIVERSITAT MAINZ
    Inventor: André Brinkmann
  • Patent number: 11792166
    Abstract: A method can be used for generating personalized profile package data for integrated circuit cards. The method includes encrypting data records corresponding to profile data with a respective data protection key thereby obtaining encrypted data records. Each record includes a number of personalization fields to store different types of personalization values. The method also includes encrypting a file for a profile package with a master encryption key thereby obtaining an encrypted file for the profile package. The file includes fields to be personalized corresponding to one or more of the personalization fields to store different types of personalization values. The encrypted file for the profile package and encrypted data records are transmitted to a data preparation entity where the encrypted data records and the encrypted file can be decrypted and combined to obtain personalized profile packages.
    Type: Grant
    Filed: October 18, 2019
    Date of Patent: October 17, 2023
    Assignee: STMicroelectronics S.r.l.
    Inventors: Marco Alfarano, Sofia Massascusa
  • Patent number: 11783042
    Abstract: Resource access control in a system-on-chip (“SoC”) may employ an agent executing on a processor of the SoC and a trust management engine of the SoC. The agent, such as, for example, a high-level operating system or a hypervisor, may be configured to allocate a resource comprising a memory region to an access domain and to load a software image associated with the access domain into the memory region. The trust management engine may be configured to lock the resource against access by any entity other than the access domain, to authenticate the software image associated with the access domain, and to initiate booting of the access domain in response to a successful authentication of the software image associated with the access domain.
    Type: Grant
    Filed: June 17, 2020
    Date of Patent: October 10, 2023
    Assignee: QUALCOMM Incorporated
    Inventors: Steven Halter, Samar Asbe, Miguel Ballesteros, Girish Bhat, Mahadevamurty Nemani
  • Patent number: 11783041
    Abstract: The present disclosure relates to an electronic device, such as a system on chip, that may perform firmware updates based on user consent. The system on chip includes a nonvolatile memory (NVM), a main processor, a security NVM, and a security processor. The nonvolatile memory (NVM) stores first firmware and a user permission indicator. The main processor Loads the first firmware to boot a security processor. The security NVM contains first version information. The security processor compares version information of the first firmware to the first version information based on the user permission indicator and executes the first firmware in response to the matching of the comparison result. In some examples, the security processor is implemented on the same chip as the main processor.
    Type: Grant
    Filed: August 8, 2022
    Date of Patent: October 10, 2023
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Keunyoung Park, Dongjin Park, Jungtae Kim
  • Patent number: 11785036
    Abstract: Aspects of the disclosure relate to real-time validation of data transmissions based on security profiles. A computing platform may collect, in real-time, information associated with a plurality of data transmissions between applications, where the information may include, for each data transmission, an indication of a source application and a destination application. Then, the computing platform may retrieve, from a repository and for each data transmission, a first security profile associated with the source application, and a second security profile associated with the destination application. The computing platform may then compare, for each data transmission, the first security profile to the second security profile. Subsequently, the computing platform may detect, based on a determination that the first security profile does not match the second security profile, a potentially unauthorized data transmission.
    Type: Grant
    Filed: February 25, 2022
    Date of Patent: October 10, 2023
    Assignee: Bank of America Corporation
    Inventors: George Albero, Guisen Saffel
  • Patent number: 11783648
    Abstract: A server that shares key information to a portable terminal includes processing circuitry configured to deliver the key information to the portable terminal. The key information is associated with an object equipped with a control device, and the control device performs a predetermined control to the object when the control device receives the key information from an external terminal. The key information includes restriction information, where the restriction information sets a restriction content for the predetermined control.
    Type: Grant
    Filed: December 15, 2020
    Date of Patent: October 10, 2023
    Assignee: TOYOTA JIDOSHA KABUSHIKI KAISHA
    Inventors: Ryuichi Suzuki, Yuki Ito, Hiroyasu Shiokawa, Yasumasa Kobayashi, Naoki Yamamuro, Makoto Akahane
  • Patent number: 11775652
    Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.
    Type: Grant
    Filed: December 10, 2021
    Date of Patent: October 3, 2023
    Assignee: Intel Corporation
    Inventors: Baiju Patel, Prashant Dewan
  • Patent number: 11777740
    Abstract: A method for securely sharing and authenticating a last secret can include splitting a secret into a first split and a second split, the secret comprising a cryptographic element and controlling access to a first key, the secret comprising at least one of a password, a second key, and a tokenized value, and the first key controlling access to a secure computing system, encrypting the first split by an encryption key established between the dealer computing system and the combining computing system, encrypting the second split by the encryption key established between the dealer computing system and the combining computing system, transmitting the encrypted first split to a first share-holder, transmitting the encrypted second split to a second share-holder, designcrypting the encrypted first split, and designcrypting the encrypted second split.
    Type: Grant
    Filed: March 24, 2022
    Date of Patent: October 3, 2023
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Phillip H. Griffin, Jeffrey J. Stapleton
  • Patent number: 11775656
    Abstract: Secure multi-party information retrieval is disclosed. One example is a system including a query processor to request secure retrieval of candidate terms similar to a query term. A collection of information processors, where a given information processor receives the request and generates a random permutation. A plurality of data processors, where a given data processor generates clusters of a plurality of terms in a given dataset, where the clusters are based on similarity scores for pairs of terms, and selects a representative term from each cluster. The given information processor determines similarity scores between a secured query term received from the query processor and secured representative terms received from the given data processor, where the secured terms are based on the permutation, and the given data processor filters, without knowledge of the query term, the candidate terms of the plurality of terms based on the determined similarity scores.
    Type: Grant
    Filed: May 1, 2015
    Date of Patent: October 3, 2023
    Assignee: Micro Focus LLC
    Inventors: Mehran Kafai, Hongwei Shang, April Slayden Mitchell
  • Patent number: 11777981
    Abstract: A server system sends, via a linearly ordered communication orbit, to computational machines at a first subset of nodes in a computer network, a set of local environment verification tests and a set of mappings that map results of the local environment verification tests into a set of risk scores. Requests sent by the server system cause the computational machines at the plurality of nodes to: locally evaluate the set of local environment verification tests to produce test results, and locally map the test results using the set of mappings into a set of risk scores. Queries sent by the server cause the computational machines at the plurality of nodes to return to the server system at least a portion of the test results and risk scores. The server, identifies, based on the received test results and risk scores, computational machines and/or control categories having risk scores satisfying predefined criteria.
    Type: Grant
    Filed: January 20, 2023
    Date of Patent: October 3, 2023
    Assignee: TANIUM INC.
    Inventors: James B. Hoscheit, Peyton T. Ball, E. Egon Rinderer, John Phillip Ham