Data Processing Protection Using Cryptography Patents (Class 713/189)
  • Patent number: 10666421
    Abstract: A method is provided for encrypting a code of a computer program using an encryption key selected from among at least two encryption keys. Such a method includes: obtaining a descriptive grammar of the language of the code to be encrypted; encoding the code by using the descriptive grammar delivering a character string within which at least one start instruction of the code is encoded as a representation in the character string; encryption of the character string by using the encryption key belonging to the set of encryption keys, delivering an encrypted string. A method of decryption includes the inverse steps and also makes use of the descriptive grammar of the code.
    Type: Grant
    Filed: June 6, 2016
    Date of Patent: May 26, 2020
    Assignee: INGENICO GROUP
    Inventor: Eric Brier
  • Patent number: 10666591
    Abstract: Embodiments of the disclosure relate to proxying at least one email resource from at least one email service to at least one client device, determining whether the email resources are accessible to the client devices via at least one unauthorized application on the client devices, and modifying the email resources to be inaccessible via the unauthorized applications on the client devices in response to a determination that the email resources are accessible via the unauthorized applications on the client devices.
    Type: Grant
    Filed: January 19, 2018
    Date of Patent: May 26, 2020
    Assignee: Airwatch LLC
    Inventor: Erich Stuntebeck
  • Patent number: 10659487
    Abstract: The present disclosure describes a system that notifies users regarding specific user decisions with respect to solution phishing emails. The system notifies users when users perform specific actions with respect to the untrusted phishing emails. The system pauses execution of these actions and prompts the user to confirm whether to take the actions or to revert back to review the actions. In contrast from anti-ransomware technologies which are entirely in control, the system gives the user autonomy in deciding actions relating to untrusted phishing emails. The system interrupts execution of actions related to untrusted phishing emails in order to give users a choice on whether to proceed with actions.
    Type: Grant
    Filed: July 19, 2019
    Date of Patent: May 19, 2020
    Assignee: KnowBe4, Inc.
    Inventors: Bret Lowry, Gauvin Repuspolo, Greg Kras
  • Patent number: 10657192
    Abstract: The present disclosure is directed to associating computing devices with each other based on computer network activity for selection of content items as part of an online content item placement campaign. A first linking factor is identified based on a connection between a first device and the computer network via a first IP address during a first time period, and based on a connection between a second device and the computer network via the first IP address during the first time period. A number of devices that connect with the computer network via the first IP address is determined. A positive match probability is generated. A second and third linking factors are monitored. A negative match probability is determined based on the second and third linking factors. The first device is linked with the second device based on the positive and negative match probabilities.
    Type: Grant
    Filed: February 1, 2017
    Date of Patent: May 19, 2020
    Assignee: Google LLC
    Inventor: Jianjun Qiu
  • Patent number: 10659797
    Abstract: Techniques and apparatuses are described for video frame codec architectures. A frame decompressor decompresses compressed frames to produce decompressed frames. A frame decompressor controller arbitrates shared access to the frame decompressor. Multiple cores of an SoC request to receive a decompressed frame from the frame decompressor via the frame decompressor controller. The frame decompressor controller can implement a request queue and can order the servicing of requests based on priority of the requests or requesting cores. The frame decompressor controller can also establish a time-sharing protocol for access by the multiple cores. In some implementations, a video decoder is logically integrated with the frame decompressor and stores portions of a decompressed frame in a video buffer, and a display controller retrieves the portions for display using a synchronization mechanism. In analogous manners, a frame compressor controller can arbitrate shared access to a frame compressor for the multiple cores.
    Type: Grant
    Filed: December 15, 2017
    Date of Patent: May 19, 2020
    Assignee: Google LLC
    Inventors: Aki Oskari Kuusela, Ville-Mikko Rautio
  • Patent number: 10652729
    Abstract: A 5th-Generation (5G) cellular communication device may at times be used with a legacy subscriber identifier module (SIM) that does not support 5G subscriber identity privacy features. To obtain a subscriber identifier for authentication, the device attempts to obtain or generate a concealed subscriber identifier with the support of the current SIM. If this is not possible, as may be the case with legacy, non-5G SIMs, the device determines whether the home network specified by the SIM is the network of the provisioning operator. If so, the device obtains an unconcealed subscriber identifier from the SIM, encrypts it with the provisioned home network key, and uses the resulting concealed subscriber identifier for authentication. If the home network specified by the SIM is a network other than that of the provisioning network operator, the device obtains the unconcealed subscriber identifier from the SIM and uses it for authentication.
    Type: Grant
    Filed: September 6, 2019
    Date of Patent: May 12, 2020
    Assignee: T-Mobile USA, Inc.
    Inventors: Ming Shan Kwok, Wafik Abdel Shahid, Kyeong Hun An
  • Patent number: 10650123
    Abstract: Systems and methods for entitlement tracking and control with blockchain technology are provided. A server node may receive usage information indicating usage of a licensed component by a remote device. The server node may generate a datablock that includes the usage information and append the datablock to a blockchain. The server node may acquire, from the blockchain, a license smart contract. The license smart contract may include control logic to control access to the license component. The server node may control access to the license component by the remote device based on the usage information and the control logic.
    Type: Grant
    Filed: May 6, 2019
    Date of Patent: May 12, 2020
    Assignee: Accenture Global Solutions Limited
    Inventors: Kevin Matthew Mintz, Arthur R. Leinen, III, Melanie Jean Cutlan, Richard Thomas Meszaros
  • Patent number: 10650137
    Abstract: The invention relates to a method for programming a control device of the vehicle, the method comprising: writing a first software module into the control device (106) via a first interface (108); blocking the first interface (108) of the control device (106); writing a key (122) into a secured memory area (132) of the control device (106) via a second interface; writing an encrypted vehicle software (112) into the control device (106) via the second interface; decrypting the encrypted vehicle software (112) by means of the first software module (110) by using the written key; storing the decrypted vehicle software in a memory area (134) of the control device (106); and installing read protection for the memory area (134) of the decrypted vehicle software.
    Type: Grant
    Filed: December 22, 2017
    Date of Patent: May 12, 2020
    Assignee: Bayerische Motoren Werke Aktiengesellschaft
    Inventor: Markus Anton
  • Patent number: 10650169
    Abstract: There is provided an example memory system comprising a plurality of memory modules, each memory module comprising a persistent memory to store root key information and encrypted primary data; a volatile memory to store a working key for encrypting data, the encrypted primary data stored in the persistent memory being encrypted using the working key; and a control unit to provide load and store access to the primary data. The memory system further comprises a working key recovery mechanism to retrieve first root key information from a first module and second root key information from a second module; and compute the working key for a given module based on the retrieved first root key information and the retrieved second root key information.
    Type: Grant
    Filed: September 14, 2015
    Date of Patent: May 12, 2020
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Liqun Chen, Chris I. Dalton, Fraser Dickin, Mark Lillibridge, Simon Kai Ying Shiu
  • Patent number: 10645568
    Abstract: Disclosed are a carrier configuration processing method, device and system, and computer storage medium. The method comprises: acquiring, by an embedded universal integrated circuit card (eUICC), a carrier configuration transmitted by a subscription management platform; and assembling, by the eUICC and in an allocated storage space, an executable application and file system according to the acquired carrier configuration.
    Type: Grant
    Filed: September 23, 2015
    Date of Patent: May 5, 2020
    Assignee: ZTE CORPORATION
    Inventor: Chuanxi Wu
  • Patent number: 10645078
    Abstract: A data center operator is authenticated to obtain requested access to a data center by an approval mechanism on the data center that receives an access request that includes authentication information. The authentication information includes a smart card thumb print which comprises a value that uniquely identifies the smart card based on a private key generated within the smart card. The approval mechanism identifies access policies corresponding to the unique smart card identifier.
    Type: Grant
    Filed: May 1, 2017
    Date of Patent: May 5, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Liqiang Zhu, Joel T. Hendrickson
  • Patent number: 10635819
    Abstract: Systems and methods are included for causing a computing device to implement a management policy prior to a user logging into an operating system on initial boot. As part of initial boot, the computing device contacts a management server for enrollment. Installation of the operating system is paused while the management server synchronizes the software and policies on the computing device. To do this prior to login, the management server can create a temporary user account to associate with the computing device and apply a default management policy. After the installation is complete, an installed management agent can gather user inputs made during login. The management agent can send these inputs to the management server for use in creating an actual user account to associate with the computing device.
    Type: Grant
    Filed: March 22, 2017
    Date of Patent: April 28, 2020
    Assignee: VMware, Inc.
    Inventors: Jason Roszak, Craig Newell, Shravan Shantharam, Varun Murthy, Kalyan Regula, Blake Watts
  • Patent number: 10630534
    Abstract: Systems and methods are disclosed for secure transmission of computer server event notifications, including receiving a topic subscription request from a partner, registering the partner topic subscription request, obtaining a new computer server event to report, determining a subscribed partner subscribed to computer server events of a same type as the new computer server event, transmitting an event notification to the subscribed partner, and registering the event notification.
    Type: Grant
    Filed: December 2, 2016
    Date of Patent: April 21, 2020
    Assignee: Worldpay, LLC
    Inventor: Sachin Pawaskar
  • Patent number: 10620936
    Abstract: Updating boot components in compliance with a chain of trust by loading a boot component update forming part of the chain of trust during a boot process in an execution environment. Boot component measurements are detected and stored as a revised set of attestation values for retrieval by an attestation system. Performing the boot component update upon determining a pass indication for the chain of trust including the boot component update.
    Type: Grant
    Filed: May 1, 2018
    Date of Patent: April 14, 2020
    Assignee: International Business Machines Corporation
    Inventors: David A. Gilbert, David Haikney, James W. Walker
  • Patent number: 10623495
    Abstract: A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN). The method begins by receiving a portion of a data stream from a requesting entity for storage in a plurality of storage vaults. The method continues by encoding the portion of the data stream in accordance with dispersal parameters of the storage vault to produce a corresponding plurality of sets of encoded data slices. The method continues by facilitating storage of the corresponding plurality of sets of encoded data slices in the storage vault. The method continues by determining an ingestion rate capability level for the plurality of storage vaults and issuing stream pacing information to the requesting entity based on the ingestion rate capability level.
    Type: Grant
    Filed: December 4, 2017
    Date of Patent: April 14, 2020
    Assignee: PURE STORAGE, INC.
    Inventors: Adam M. Gray, Greg R. Dhuse, Andrew D. Baptist, Ravi V. Khadiwala, Wesley B. Leggette, Scott M. Horan, Franco V. Borich, Bart R. Cilfone, Daniel J. Scholl
  • Patent number: 10614135
    Abstract: A encrypted text wildcard search method enables wildcard search of encrypted text by using a permuterm index storing permuted keyword strings that are encrypted using an order preserving encryption algorithm. The permuted keyword strings are encrypted using an order preserving encryption algorithm or a modular order preserving encryption algorithm and stored in the permuterm index. In response to a search query containing a wildcard search term, the encrypted text wildcard search method transforms the wildcard search term to a permuted search term having a prefix search format. The permuted search term having the prefix search format is then used to perform a range query of the permuterm index to retrieve permuted keyword strings having ciphertext values that fall within the range query. In some embodiments, the encrypted text wildcard search method enables prefix search, suffix search, inner-wildcard search, substring search and multiple wildcard search of encrypted text.
    Type: Grant
    Filed: August 9, 2017
    Date of Patent: April 7, 2020
    Assignee: Skyhigh Networks, LLC
    Inventor: Paul Grubbs
  • Patent number: 10616245
    Abstract: For remediation of security incidents occurring in a network, forensic data which is collected from devices connected to a network is analyzed. A security incident is detected based on the analysis of the forensic data. Based on detecting the security incident, a source which is affected by the security data is identified based, at least in part, on attributes of the forensic data. The affected source is isolated from the network. Information about the affected source in association with an indication of the security incident and an indication of the isolating is stored.
    Type: Grant
    Filed: November 25, 2015
    Date of Patent: April 7, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Gil Barak, Shai Morag
  • Patent number: 10615962
    Abstract: A processor device has an executable implementation of the cryptographic algorithm DES implemented with an XOR linkage operation at the round exit and an implemented computation step S arranged to map expanded right input values r? as computation step entry values x=r? onto exit values s=S[x]. The computation step S is implemented as a key-dependent computation step further comprises a key linkage operation for linking input values of the round with key values of the round derived directly or indirectly from the key. The computation step S is implemented as a combined key-dependent computation step T which further comprises: a permutation operation P associated with the round, arranged to be applied to exit values s of the computation step S and to supply the exit values s of the computation step in permutated form to the XOR linkage operation at the round exit.
    Type: Grant
    Filed: October 28, 2016
    Date of Patent: April 7, 2020
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Sven Bauer, Hermann Drexler, Jürgen Pulkus
  • Patent number: 10615964
    Abstract: A subscription request initiated by a blockchain node associated with a first blockchain is received by a cross-blockchain interaction end, where the subscription request includes a subscription condition. A message that satisfies the subscription condition is obtained by the cross-blockchain interaction end and from a publishing client that corresponds to a second blockchain. The message is sent to a subscribing client that corresponds to the blockchain node a from the cross-blockchain interaction end, where the blockchain node calls a first smart contract associated with the first blockchain to trigger a corresponding contract operation based on the message.
    Type: Grant
    Filed: April 3, 2019
    Date of Patent: April 7, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Honglin Qiu
  • Patent number: 10614716
    Abstract: Recent location and control information received from “lead” vehicles that traveled over a segment of land, sea, or air is captured to inform, via aggregated data, subsequent “trailing” vehicles that travel over that same segment of land, sea, or air. The aggregated data may provide the trailing vehicles with annotated road information that identifies obstacles. In some embodiments, at least some sensor control data may be provided to the subsequent vehicles to assist those vehicles in identifying the obstacles and/or performing other tasks. Besides, obstacles, the location and control information may enable determining areas traveled by vehicles that are not included in conventional maps, as well as vehicle actions associated with particular locations, such as places where vehicles park or make other maneuvers.
    Type: Grant
    Filed: March 5, 2018
    Date of Patent: April 7, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Darren Ernest Canavor, Charles Edward Cartwright, Gur Kimchi, Brandon William Porter
  • Patent number: 10607217
    Abstract: Systems, devices, apparatuses, and methods for providing tokenization as a service are provided. Embodiments of the invention involve decoupling “tokenization service” from other services offered by a merchant service provider, and offering the tokenization service as a stand alone service. In accordance with an embodiment, a merchant service provider can receive payment data associated with a transaction between a consumer and a first entity. The merchant service provider can generate a payment token that represents the payment data and transmit a copy of the payment token to the first entity. The first entity can then transmit the payment token and order information to a second entity specified in the transaction. The merchant service provider can subsequently receive a request to complete the transaction from the second entity. The request can include the copy of the payment token from the second entity.
    Type: Grant
    Filed: September 13, 2017
    Date of Patent: March 31, 2020
    Assignee: Visa International Service Association
    Inventors: Lisa Anderson, Seamus Cushley
  • Patent number: 10606765
    Abstract: A cryptographic hardware accelerator identifies a mapped input bit sequence by applying a mapping transformation to an input bit sequence retrieved from memory and represented by a first element of a finite-prime field. The mapped input bit sequence is represented by a first element of a composite field. The accelerator identifies a mapped first key by applying the mapping transformation to an input key represented by a second element of the finite-prime field. The mapped first key is represented by the second element. The accelerator performs, within the composite field, a cryptographic round on the mapped input bit sequence using the mapped first key during a first round of the at least one cryptographic round, to generate a processed bit sequence. The accelerator identifies an output bit sequence to be stored back in the finite-prime field by applying an inverse mapping transformation to the processed bit sequence.
    Type: Grant
    Filed: January 17, 2018
    Date of Patent: March 31, 2020
    Assignee: Intel Corporation
    Inventors: Sudhir K. Satpathy, Sanu K. Mathew, Vikram B. Suresh
  • Patent number: 10609120
    Abstract: An approach is provided for generating a customized, cloud-based data collection tool for collecting data from computer resources of a target system. In an embodiment, the method comprises: receiving a request to perform a data collection from one or more target computer resources; wherein the request includes one or more requirements that are specific to the data collection; based on, at least in part, the requirements, generating a customization specification for generating a customized collector that is specific to the data collection to be performed on the target computer resources; and transmitting the customization specification to a deployment engine to cause the deployment engine to: based on, at least in part, the customization specification, generate the customized collector that is specific to the data collection to be performed on the target computer resources; and transmit the customized collector, for generating the customized collector, to a cloud storage for storing.
    Type: Grant
    Filed: November 14, 2017
    Date of Patent: March 31, 2020
    Assignee: RICOH COMPANY, LTD.
    Inventor: David Greetham
  • Patent number: 10596318
    Abstract: Methods, devices and systems are disclosed for inter-app communications between software applications on a mobile communications device. In one aspect, a computer-readable medium on a mobile computing device comprising an inter-application communication data structure to facilitate transitioning and distributing data between software applications in a shared app group for an operating system of the mobile computing device includes a scheme field of the data structure providing a scheme id associated with a target software app to transition to from a source software app, wherein the scheme id is listed on a scheme list stored with the source software app; and a payload field of the data structure providing data and/or an identification where to access data in a shared file system accessible to the software applications in the shared app group, wherein the payload field is encrypted.
    Type: Grant
    Filed: March 30, 2017
    Date of Patent: March 24, 2020
    Assignee: DexCom, Inc.
    Inventors: Gary A. Morris, Scott M. Belliveau, Esteban Cabrera, Jr., Rian Draeger, Laura J. Dunn, Timothy Joseph Goldsmith, Hari Hampapuram, Christopher Robert Hannemann, Apurv Ullas Kamath, Katherine Yerre Koehler, Patrick Wile McBride, Michael Robert Mensinger, Francis William Pascual, Philip Mansiel Pellouchoud, Nicholas Polytaridis, Philip Thomas Pupa, Anna Leigh Davis, Kevin Shoemaker, Brian Christopher Smith, Benjamin Elrod West, Atiim Joseph Wiley
  • Patent number: 10601870
    Abstract: A distributed security method is implemented in a processing node of a distributed security system comprising one or more processing nodes and one or more authority nodes, wherein the distributed security system is located external to a network edge of an enterprise and external from one of a computer device and a mobile device associated with a user. The distributed security method includes obtaining security policy data associated with the user and the enterprise from an authority node; monitoring data communications between the user, the enterprise, and the Internet in a processing node; and controlling the data communications between the user, the enterprise, and the Internet based on the monitoring to provide security measures between the user, the enterprise, and the Internet.
    Type: Grant
    Filed: May 24, 2016
    Date of Patent: March 24, 2020
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Kolenchery Rappel
  • Patent number: 10592684
    Abstract: Systems and methods are provided for automatic operation detection on protected fields. A data model configuration can be used to specify which attributes of a data model used by a cloud-based application are protected by a data security provider monitoring communications between the application and a client device. A determination can be made automatically which operations of the cloud-based application are supported for protected fields. The cloud-based application can be configured to enable/disable certain features, such as validators, auto complete, search operators, etc. according to whether the attributes are protected fields.
    Type: Grant
    Filed: October 21, 2016
    Date of Patent: March 17, 2020
    Assignee: Oracle International Corporation
    Inventors: Jing Wu, Blake Sullivan, Michael William McGrath, Min Lu
  • Patent number: 10592270
    Abstract: The disclosure relates to systems and methods for defining a processor safety privilege level for controlling a distributed memory access protection system. More specifically, a safety hypervisor function for accessing a bus in a computer processing system includes a module, such as a Computer Processing Unit (CPU) or a Direct Memory Access (DMA) for accessing a system memory and a memory unit for storing a safety code, such as a Processor Status Word (PSW) or a configuration register (DMA (REG)). The module allocates the safety code to a processing transaction and the safety code is visible upon access of the bus by the module.
    Type: Grant
    Filed: October 16, 2017
    Date of Patent: March 17, 2020
    Assignee: Infineon Technologies AG
    Inventors: Simon Brewerton, Glenn Farrall, Neil Hastie, Frank Hellwig, Richard Knight, Antonio Vilela
  • Patent number: 10586299
    Abstract: Methods, computer systems, and computer storage media are provided for providing a third-party user HIPAA-compliant access to an electronic medical record system at a clinical site. A request for a clinical study participant list is received from the third-party user, and it is determined that the third-party user has viewing and access rights with respect to the clinical study participant list. The third-party user can select a participant on the clinical study participant list and access the participant's electronic medical record within the electronic medical record system. The electronic medical record is presented to the third-party user in a read-only view, and the third-party user is prevented from searching the EMR system for other electronic medical records.
    Type: Grant
    Filed: May 7, 2014
    Date of Patent: March 10, 2020
    Assignee: CERNER INNOVATION, INC.
    Inventors: Sara Jane Griffin, Marsha Laird-Maddox, Sara J. Boswell, Brian Lee Libby
  • Patent number: 10587451
    Abstract: A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable device can be authenticated before programming to verify the device is a valid device produced by a silicon vendor. The target payload can be programmed into the programmable device and linked with an authorized manufacturer. The programmable device can be verified after programming the target payload by verifying the silicon vendor and the authorized manufacturer.
    Type: Grant
    Filed: October 22, 2018
    Date of Patent: March 10, 2020
    Assignee: Data I/O Corporation
    Inventor: Rajeev Gulati
  • Patent number: 10579348
    Abstract: A data storage device utilized for confirming firmware data includes a flash memory and a controller. The controller is coupled to the flash memory to receive at least one first hash data related to a first firmware data, and it divides the first hash data into a plurality of data groups. The controller sorts the data groups based on a predetermined sorting mechanism to generate a first sorting hash data. The controller includes an efuse region for writing the predetermined sorting mechanism. When the controller determines that a second sorting hash data of a second firmware data is identical to the first sorting hash data or a second hash data of the second firmware data is identical to the first hash data, the second firmware data is allowed to update the controller.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: March 3, 2020
    Assignee: SILICON MOTION, INC.
    Inventor: Yao-Pang Chiang
  • Patent number: 10579791
    Abstract: Technologies for defeating secure enclave side-channel attacks include a computing device having a processor with secure enclave support. The computing device instruments an executable binary with multiple gadgets, a fault-generating function, and at least one invocation of the fault-generating function. The computing device executes the instrumented executable binary within a secure enclave. During execution of the instrumented binary, each gadget may be located at a different memory page of the secure enclave. The computing device invokes the fault-generating function, which selects a random sequence of the gadgets and executes the random sequence of gadgets. The processor may generate a page fault in response to executing each of the gadgets. Each gadget may generate one or more data accesses to memory pages within the secure enclave. The processor may generate a page fault in response to each of the data accesses. Other embodiments are described and claimed.
    Type: Grant
    Filed: March 4, 2016
    Date of Patent: March 3, 2020
    Assignee: Intel Corporation
    Inventors: Mingwei Zhang, Ravi L. Sahita
  • Patent number: 10579299
    Abstract: A method of erasing a cloud host in a cloud-computing environment includes: receiving a cloud host secure erasing request; generating an erase instruction according to the request; and sending the erase instruction to a secure erasing server, such that the secure erasing server calls a secure erasing daemon process on the corresponding host machine according to the erase instruction, and erases the cloud host to be erased on the host machine via the secure erasing daemon process.
    Type: Grant
    Filed: February 15, 2017
    Date of Patent: March 3, 2020
    Assignee: PING AN TECHNOLOGY (SHENZHEN) CO, LTD.
    Inventor: Yong Shen
  • Patent number: 10572683
    Abstract: An individual data unit for enhancing the security of a user data record is provided that includes a processor and a memory configured to store data. The individual data unit is associated with a network and the memory is in communication with the processor. The memory has instructions stored thereon which, when read and executed by the processor cause the individual data unit to perform basic operations only. The basic operations include communicating securely with computing devices, computer systems, and a central user data server. Moreover, the basic operations include receiving a user data record, storing the user data record, retrieving the user data record, and transmitting the user data record. The individual data unit can be located in a geographic location associated with the user which can be different than the geographic locations of the computer systems and the central user data server.
    Type: Grant
    Filed: May 10, 2019
    Date of Patent: February 25, 2020
    Inventor: Richard Jay Langley
  • Patent number: 10565130
    Abstract: Technologies for secure memory usage include a computing device having a processor that includes a memory encryption engine and a memory device coupled to the processor. The processor supports multiple processor usages, such as secure enclaves, system management firmware, and a virtual machine monitor. The memory encryption engine is configured to protect a memory region stored in the memory device for a processor usage. The memory encryption engine restricts access to one or more configuration registers to a trusted code base of the processor usage. The processor executes the processor usage and the memory encryption engine protects contents of the memory region during execution. The memory encryption engine may access integrity metadata based on the address of the protected memory region. The memory encryption engine may prepare top-level counter metadata for entering a low-power state. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: February 18, 2020
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Reouven Elbaz, Krishnakumar Narasimhan, Prashant Dewan, David M. Durham
  • Patent number: 10567371
    Abstract: In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.
    Type: Grant
    Filed: February 18, 2019
    Date of Patent: February 18, 2020
    Assignee: GOOGLE TECHNOLOGY HOLDINGS LLC
    Inventor: David W. Kravitz
  • Patent number: 10567360
    Abstract: Disclosed are various examples for validating a public SSH host key. The examples can be implemented in a hyper-converged computing environment to detect potential man-in-the-middle attacks in which an attacker intercepts or spoofs an internet protocol (IP) address of a target virtual machine (VM) that is being addressed by a management service and with which a secure shell (SSH) session is being established.
    Type: Grant
    Filed: August 28, 2017
    Date of Patent: February 18, 2020
    Assignee: VMware, Inc.
    Inventors: Vishesh Kumar Nirwal, Suket Gakhar
  • Patent number: 10565266
    Abstract: A method, a computer readable medium, and a client device are disclosed, which create multiple profiles to mitigate profiling of the client device on a network. The method includes generating a request on the client device, the request including a uniform resource locator (URL) indicating a source hosting content; forwarding the request to a profile generation application on the client device, the profile generation application configured to generate a plurality of requests for the request, and wherein only one request of the plurality of requests has system information pertaining to the client device; and sending the plurality of requests to the network to retrieve the content hosted on the source.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: February 18, 2020
    Assignee: Konica Minolta Laboratory U.S.A., Inc.
    Inventor: Maria Perez
  • Patent number: 10565370
    Abstract: Various embodiments are generally directed to an apparatus, method, and other techniques to provide direct-memory access, memory-mapped input-output, and/or other memory transactions between devices designated for use by an enclave and the enclave itself. A secure device address map may be configured to map addresses for the enslave device and the enclave, and a register filter component may grant access to the enclave device to the enclave.
    Type: Grant
    Filed: December 24, 2015
    Date of Patent: February 18, 2020
    Assignee: INTEL CORPORATION
    Inventors: Alpa Narendra Trivedi, Ravi Sahita, David Durham, Karanvir Grewal, Prashant Dewan, Siddhartha Chhabra
  • Patent number: 10565396
    Abstract: In one example, the patient data hub includes a housing, a first network interface disposed within the housing, a second network interface disposed within the housing, a first controller coupled to the first network interface and a second controller coupled to the second network interface. The first controller is configured to receive sensitive patient data via the first network interface and to transmit the sensitive patient data to the second controller. The second controller is configured to receive the sensitive patient data from the first controller, to secure the sensitive patient data according to a security standard to provide secured sensitive patient data, and to store the secured sensitive patient data in a data storage device.
    Type: Grant
    Filed: March 29, 2017
    Date of Patent: February 18, 2020
    Assignee: ZOLL Medical Corporation
    Inventor: Timothy F. Stever
  • Patent number: 10560433
    Abstract: A system for securely provided content to a user hides the identity of the user and/or the content from an outside observer by utilizing a plurality of virtual private networks (VPNs) and virtual machines (VMs) to obfuscate transmission sources. A key is used to generate and control access to a first VPN between a user device and a server that has access to the content. Once the first VPN is generated, user device and server could communicate securely to generate unique VMs having distinct identifiers from the user device and the server, and a second VPN could be generated between the two newly generated VMs. Once content has been provided to the user device via its VM, the content session could end and all the secure infrastructure could be deconstructed.
    Type: Grant
    Filed: August 17, 2017
    Date of Patent: February 11, 2020
    Assignee: MINTSOFT, LLC.
    Inventor: Jason Mindte
  • Patent number: 10554659
    Abstract: An anonymized biometric representation of a target individual is used in a computer based security system. A detailed input biometric signal associated with a target individual is obtained. A weakened biometric representation of the detailed biometric signal is constructed such that the weakened biometric representation is designed to identify a plurality of individuals including the target individual. The target individual is enrolled in a data store associated with the computer based security system wherein the weakened biometric representation is included in a record for the target individual. In another aspect of the invention, a detailed input biometric signal from a screening candidate individual is obtained. The detailed biometric signal of the screening candidate is matched against the weakened biometric representation included in the record for the target individual.
    Type: Grant
    Filed: February 4, 2019
    Date of Patent: February 4, 2020
    Assignee: International Business Machines Corporation
    Inventors: Jonathan H Connell, II, Fred A Maymir-Ducharme, Nalini K Ratha
  • Patent number: 10554388
    Abstract: After receiving a qualification acquisition request sent by an end-user device, a service platform can return a block generation rule to the end-user device, instead of returning the block generation rule only when a predetermined moment arrives. Even if the end-user device sends the qualification acquisition request to the service platform before the predetermined moment, the service platform still returns the block generation rule. The service platform can separate, in terms of time, users who participate in obtaining service qualification, so that some users can obtain the block generation rule before the predetermined moment, and then participate in a service based on the obtained block generation rule when the predetermined moment arrives. Access pressure faced by the service platform when the predetermined moment arrives is relieved, and normal running of the service platform after the predetermined moment arrives is ensured.
    Type: Grant
    Filed: July 10, 2019
    Date of Patent: February 4, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Qiang Tang
  • Patent number: 10554637
    Abstract: Disclosed embodiments relate to systems and methods for distributed transmission of divisible and reconstructible data among network resources. Techniques include identifying data to be securely transmitted across a network to a receiving network resource; applying a splitting scheme to form one or more data portions; obtaining a unique session identifier; selecting a distribution scheme; accessing one or more cryptographic keys; encrypting one or more data portions to form a plurality of corresponding encrypted blocks; transmitting, according to the selected distribution scheme, the one or more of the plurality of encrypted blocks to one or more of the constituent network nodes, en route to the receiving network resource. The receiving network resource may be configured to, upon obtaining the one or more data portions, and with reference to the unique session identifier, combine and validate the one or more data portions.
    Type: Grant
    Filed: May 1, 2019
    Date of Patent: February 4, 2020
    Assignee: CyberArk Software Ltd.
    Inventors: Arthur Bendersky, Tal Kandel, Hadas Elkabir
  • Patent number: 10546126
    Abstract: An electronic device is provided. The electronic device includes a memory configured to store an application and first unique information of the application, and at least one processor operatively connected with the memory. The at least one processor is configured to divide code of the application into a plurality of segments, select at least one segment among the plurality of segments, create second unique information in relation to the at least one segment, compare the first unique information and the second unique information, and determine whether the code of the application has been tampered with, based on a result of the comparison of the first unique information and the second unique information.
    Type: Grant
    Filed: June 5, 2017
    Date of Patent: January 28, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Jung Yoon Kim
  • Patent number: 10540297
    Abstract: A method and apparatus for retrieving data from a memory in which data, an associated message authentication code (MAC) and an associated error correction code (ECC) are stored in a memory such that the data, MAC and ECC can be retrieved together in a single read transaction and written in a single write transaction. Additional read transactions may be used to retrieve counters values that enable the retrieved MAC to be compared with a computed MAC. Still further, node value values of an integrity tree may also be retrieved to enable hash values of the integrity tree to be verified. The MAC and ECC may be stored in a metadata region of a memory module, for example.
    Type: Grant
    Filed: August 3, 2017
    Date of Patent: January 21, 2020
    Assignee: Arm Limited
    Inventors: Gururaj Saileshwar, Prakash S. Ramrakhyani, Wendy Arnott Elsasser
  • Patent number: 10541816
    Abstract: Controlling execution of software is provided. In response to receiving an input to execute a software module on a data processing system, a set of measurements are performed on the software module performing a process to prepare the software module for execution on the data processing system. In response to determining that the set of measurements meets a predetermined criterion, an authorization to proceed with the process of preparing the software module for execution on the data processing system is requested from a trusted third party computer. In response to receiving the authorization to proceed with the process of preparing the software module for execution on the data processing system from the trusted third party computer, the software module is executed.
    Type: Grant
    Filed: June 1, 2016
    Date of Patent: January 21, 2020
    Assignee: International Business Machines Corporation
    Inventor: Kenneth A. Goldman
  • Patent number: 10530767
    Abstract: A method and a user device (110) for authentication of the user device (110) as well as a method and an authenticator device (120) for authentication of the user device (110) are disclosed. The user device (110) generates (A030) a one-time password. The user device (110) sends (A040), to an authenticator device (120), the one-time password as an acoustic signal, wherein the acoustic signal comprises a frequency within an ultrasound range or an infrasound range. The authenticator device (120) receives (A050), from the user device (110), the one-time password. The authenticator device (120) validates (A060) the one-time password.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: January 7, 2020
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Athanasios Karapantelakis, Niclas Jonasson, Anna Viggedal
  • Patent number: 10528485
    Abstract: The presently disclosed method and apparatus for sharing security metadata memory space proposes a technique to allow metadata sharing two different encryption techniques. A section of memory encrypted using a first type of encryption and having first security metadata associated therewith is converted to a section of memory encrypted using a second type of encryption and having second security metadata associated therewith. At least a portion of said first security metadata shares a memory space with at least a portion of said second security metadata for a same section of memory.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: January 7, 2020
    Assignee: INTEL CORPORATION
    Inventors: Siddhartha Chhabra, David M. Durham
  • Patent number: 10530568
    Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.
    Type: Grant
    Filed: March 13, 2017
    Date of Patent: January 7, 2020
    Assignee: Intel Corporation
    Inventors: Eugene M. Kishinevsky, Uday R. Savagaonkar, Alpa T. Narendra Trivedi, Siddhartha Chhabra, Baiju V. Patel, Men Long, Kirk S. Yap, David M. Durham
  • Patent number: 10524020
    Abstract: A flexible video-on-demand viewing period is varied depending on whether the customer has completed viewing the entire program, allowing the viewing period to be extended if the customer has not completed viewing the entire program. The approach better assures the customer that they will have the opportunity to complete viewing the entire program, compared to a fixed rental period, while assuring program copyright owners that the utility of the rental is limited, fundamentally as intended, preserving the future value of the asset. The approach also enables viewers to retain bookmarks as needed for content that is not naturally tied to a rental period, such as subscription video-on-demand, without unnecessarily enlarging their list of active rentals.
    Type: Grant
    Filed: September 20, 2017
    Date of Patent: December 31, 2019
    Assignee: CSC Holdings, LLC
    Inventor: Jonathan Greenfield