Computer Instruction/address Encryption Patents (Class 713/190)
  • Patent number: 11509454
    Abstract: Disclosed is a ciphertext computation method. The ciphertext computation method includes: receiving a modular computation command for a plurality of ciphertexts; performing a modular computation for the plurality of ciphertexts by using a lookup table storing a plurality of predetermined prime number information; and outputting a result of the computation.
    Type: Grant
    Filed: March 6, 2020
    Date of Patent: November 22, 2022
    Assignee: CRYPTO LAB INC.
    Inventor: Jung Hee Cheon
  • Patent number: 11509480
    Abstract: A method of attestation of a host machine based on runtime configuration of the host machine is provided. The method receives, at an attestation machine, a request from the host machine for attestation of a software executing on the host machine, the request including at least one security-related configuration of the software at launch time and a corresponding runtime behavior of the software when the security-related configuration changes. The method then generates a claim based on evaluating a value associated with the at least one security-related configuration and the corresponding runtime behavior of the software when the value changes. The method also generates an attestation token after a successful attestation of the software and include in the attestation token the generated claim. The method further transmits the attestation token to the host machine.
    Type: Grant
    Filed: June 30, 2020
    Date of Patent: November 22, 2022
    Assignee: VMWARE, INC.
    Inventors: Samyuktha Subramanian, Jesse Pool
  • Patent number: 11500759
    Abstract: An information processing system is provided. The information processing system generates a program so as to output a hash value calculated based on a hash value calculation instruction included in a source code for generating the program, determines a set of analysis support information associated with the hash value calculation instruction and the hash value calculated based on the hash value calculation instruction, stores the set of the analysis support information and the hash value, stores at least a part of one or more hash values output as a result of execution of the program, and outputs, by using at least the part of the stored hash value, the analysis support information that makes the set with the hash value.
    Type: Grant
    Filed: July 27, 2020
    Date of Patent: November 15, 2022
    Assignee: NINTENDO CO., LTD.
    Inventors: Takahiro Yamazaki, Kiyoto Suzuki
  • Patent number: 11461103
    Abstract: In one embodiment, a branch processing method comprising receiving information from at least two branch execution units; writing two updates per clock cycle to respective first and second write queues based on the information; and writing from the first write queue up to two updates per clock cycle into plural tables of a first predictor and a single update for the single clock cycle when there is an expected write collision, the first predictor comprising a single write or read/write port.
    Type: Grant
    Filed: October 23, 2020
    Date of Patent: October 4, 2022
    Assignee: CENTAUR TECHNOLOGY, INC.
    Inventor: Thomas C. McDonald
  • Patent number: 11461507
    Abstract: Systems and methods for an interface device that is configured to locally generated encrypted data and also receive encrypted data from a host computer, locally decrypt the data, and present the decrypted data independently from the host computer.
    Type: Grant
    Filed: October 30, 2019
    Date of Patent: October 4, 2022
    Assignee: Third Block Gear
    Inventor: Jason Allen Rexilius
  • Patent number: 11461460
    Abstract: A computer implemented method of securing an application executing in a software container deployed in a computer system includes providing access to the application selectively in accordance with access control rules by sharing an encryption key with authorized accessors.
    Type: Grant
    Filed: December 3, 2018
    Date of Patent: October 4, 2022
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, Ali Sajjad
  • Patent number: 11461021
    Abstract: An electronic device is provided. A computing system includes a storage device and a host. The storage device includes a memory device including a write protection area. The host performs an operation of providing, to the storage device, a first request regarding security write and write data in parallel with an operation of generating a host authentication code based on the write data and a key shared with the storage device.
    Type: Grant
    Filed: January 25, 2021
    Date of Patent: October 4, 2022
    Assignee: SK hynix Inc.
    Inventor: Gun Wook Lee
  • Patent number: 11409668
    Abstract: A memory module includes: a plurality of memories, wherein each of the memories comprises: an encryption key storage circuit suitable for storing an encryption key; an address encryption circuit suitable for generating an encrypted address by encrypting an address transferred from a memory controller by using the encryption key stored in the encryption key storage circuit; and a cell array accessed by the encrypted address, wherein the encryption key storage circuits of the memories store different encryption keys.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: August 9, 2022
    Assignee: SK hynix Inc.
    Inventors: Woongrae Kim, Sang-Kwon Lee, Jung-Hyun Kim, Jong-Hyun Park, Jong-Ho Son, Mi-Hyun Hwang, Jeong-Tae Hwang
  • Patent number: 11372775
    Abstract: A processor comprising an instruction execution circuit to execute a second code stored at a second address of a memory, wherein the second code is translated from a first code stored at a first address of the memory and a translation table (TT) controller coupled to a translation table to store a TT entry comprising a mapping between the first address and the second address and an attribute field comprising an attribute value associated with execution of the second code, wherein the TT controller is to monitor execution of the second code by the instruction execution circuit and update, based on a performance metric of the execution, the attribute value of the TT entry.
    Type: Grant
    Filed: January 30, 2020
    Date of Patent: June 28, 2022
    Assignee: Intel Corporation
    Inventors: Girish Venkatasubramanian, Jason M. Agron, Cristiano Pereira, Rangeen Basu Roy Chowdhury
  • Patent number: 11347898
    Abstract: A device and method for data protection, and a storage controller, related to the technical field of data protection. The device comprises: an encryption unit (11), used for receiving first data to be written into a storage module and first storage address information (401), and for encrypting the first data on the basis of the first storage address information and of feature information of the storage module (402); and a decryption unit (12), used for reading from the storage module second data corresponding to second storage address information (403), and for decrypting the second data on the basis of the second storage address information and of the feature information (404).
    Type: Grant
    Filed: October 13, 2017
    Date of Patent: May 31, 2022
    Assignee: Gree Electric Appliances, Inc. of Zhuhai
    Inventors: Langming Wen, Hao Liu, Heng Chen, Haoliang Zhang, Li Fang
  • Patent number: 11347884
    Abstract: An apparatus includes a memory that stores a plurality of records and a hardware processor. The processor receives a request for a first record and a second record of the plurality of records and divides, based on a type of the first record and a type of the second record, the first record into a first portion and a second portion and the second record into a third portion and a fourth portion. The processor also creates a first chunk using the first portion of the first record and the third portion of the second record and creates a second chunk using the second portion of the first record and the fourth portion of the second record. The processor further scrubs the first chunk to create a first message, scrubs the second chunk to create a second message, and communicates the first and second messages to an external device.
    Type: Grant
    Filed: July 2, 2019
    Date of Patent: May 31, 2022
    Assignee: Bank of America Corporation
    Inventors: Rajesh Narayanan, Manu Jacob Kurian
  • Patent number: 11334676
    Abstract: Techniques for secure public exposure of digital data include extracting n chunks, each containing Q bits, n=2(Q+1). A random mapping of each chunk to only one batch of M numbered batches is determined and stored securely. A bit based on a random key is combined at a location based on batch number with each of the chunks in the batch to produce a batch of enhanced chunks, each containing Q+1 bits. This is repeated with each non-overlapping batch of chunks, each enhanced chunk of the batch having one bit based on a different bit from the key. A unique set of the enhanced chunks is combined with a XOR to produce an encoded chunk, every bit of which is based on a bit from the key. An encoding vector B that indicates the unique set is stored securely. The encoded chunk can be safely exposed publically.
    Type: Grant
    Filed: April 25, 2019
    Date of Patent: May 17, 2022
    Assignee: The Regents of the University of California
    Inventors: Hamid R. Sadjadpour, Mohsen Karimzadeh Kiskani
  • Patent number: 11323259
    Abstract: A method performed by a virtual trusted platform module, vTPM on an execution platform, comprises the steps of obtaining (S11) encrypted information (encvTPMContext) and a first identifier (Salt), both associated with a virtual machine, VM to be executed; retrieving (S14), using the identifier from a trusted launch authority, TLA, at least a first secret portion (SlaKeystart), the first secret portion (SlaKeystart) being dynamically linked to the VM and dependant on at least a property of the VM; and decrypting (S16) the encrypted information (encvTPMContext) with a decryption key (EncKeystart) derived from at least the first secret portion (SlaKeystart) and a first measurement result (VmDigeststart) of at least the VM.
    Type: Grant
    Filed: September 22, 2016
    Date of Patent: May 3, 2022
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventors: Alexander Maximov, Petri Mikael Johansson, Bernard Smeets
  • Patent number: 11297041
    Abstract: A blockchain-implemented transaction from an originator node is to be broadcast. The originator node is communicatively coupled to proxy nodes. The method, implemented by a proxy node, includes: receiving a transaction including an input taking x+r units of computing resources, an output providing x units to the output address and another output providing d+r units to a 1-of-n multi-signature address unlockable by any one of a set of private keys associated the proxy nodes. The proxy node selects a quantity of computing resources, t units, to be allocated to the proxy node for broadcasting the transaction and having it included in the blockchain and generates a further transaction taking d+r units sourced from the multi-signature address and an output providing t units to the proxy node. The proxy node broadcasts both transactions timed to permit their inclusion in the same block of the blockchain.
    Type: Grant
    Filed: December 12, 2018
    Date of Patent: April 5, 2022
    Assignee: nChain Licensing AG
    Inventors: Silvia Bartolucci, Pauline Bernat, Daniel Joseph
  • Patent number: 11288360
    Abstract: Using a first key, an encrypted file fingerprint is decrypted, the decrypting resulting in a decrypted file fingerprint. Using a hash function on a script file, a script file fingerprint is computed, the script file intended to be executed by an interpreter. Responsive to the script file fingerprint matching the decrypted file fingerprint, the script file is executed.
    Type: Grant
    Filed: March 4, 2020
    Date of Patent: March 29, 2022
    Assignee: KYNDRYL, INC.
    Inventors: Constantin Mircea Adam, Richard Jay Cohen, Jeffrey Edward Lammers, Cheng Yi Lee, Brian Peterson, Maja Vukovic, Xiongfei Wei
  • Patent number: 11288381
    Abstract: Provided with a calculation device for performing a calculation for an encryption data in a virtual execution environment protected from a standard execution environment, the calculation device has a virtual execution environment construction unit for constructing the virtual execution environment, and the virtual execution environment includes: an encryption data acquisition unit for acquiring the encryption data; a source code acquisition unit for acquiring a source code for the calculation; a key acquisition unit for acquiring the system key; a decryption unit for decrypting the encryption data by the acquired system key; a source code execution unit for executing the source code; an encryption unit for encrypting a calculation result to which the source code is executed by the system key; and a calculation result providing unit for providing the encrypted calculation result to the standard execution environment.
    Type: Grant
    Filed: May 22, 2020
    Date of Patent: March 29, 2022
    Assignee: EAGLYS Inc.
    Inventor: Hiroki Imabayashi
  • Patent number: 11269786
    Abstract: Systems, apparatus, and/or methods to provide memory data protection. In one example, authenticated encryption may be enhanced via a modification to an authentication code that is associated with encrypted data. The authentication code may be modified, for example, with a nonce value generated for a particular write to memory Decrypted data, generated from the encrypted data, may then be validated based on a modified authentication code. Moreover, data freshness control for data stored in the memory may be provided based on iterative authentication and re-encryption. In addition, a counter used to provide a nonce value may be managed to reduce a size of the counter and/or a growth of the counter.
    Type: Grant
    Filed: July 25, 2018
    Date of Patent: March 8, 2022
    Assignee: Intel Corporation
    Inventors: Anatoli Bolotov, Mikhail Grinchuk, David M. Durham, Patrick Fleming
  • Patent number: 11269850
    Abstract: Systems and methods are described for repairing recordings with at least a portion of a content item stored by a user device. If received metadata does not match reference metadata associated with a reference of the content item, one or more portions of the content stored by the user device may be damaged. The reference metadata and at least portions of the reference content item corresponding to the one or more portions of the content stored by the user device that are damaged may be received to replace the damaged content.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: March 8, 2022
    Assignee: COMCAST CABLE COMMUNICATIONS, LLC
    Inventors: Shawn O'Malley, James Bradley Hein, Jeremy Zaucha
  • Patent number: 11240022
    Abstract: In one arrangement, a method for a key management server to manage cryptographic key rotation comprises rotating, by the key management server, an initial symmetric key based on a first rotation schedule. Rotating the initial symmetric key comprises rotating bits of the initial symmetric key to create a rotated key, the rotated key being different from the initial symmetric key. The method further comprises enciphering, by the key management server using the rotated key, data sent to a first client server. In another arrangement, a method for a client server to manage cryptographic key rotation comprises rotating, by the client server, an initial symmetric key based on a schedule. The method further comprises deciphering, by the client server, data sent from a key management server using the rotated key and providing the deciphered data to a user.
    Type: Grant
    Filed: April 11, 2019
    Date of Patent: February 1, 2022
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Phillip H. Griffin, Jeffrey J. Stapleton
  • Patent number: 11237809
    Abstract: Systems and methods for executing compiled code having parallel code fragments is provided. One method includes storing executable code having a plurality of parallel code fragments, each of the plurality of parallel code fragments representing alternative executable paths through a code stream. The method includes translating the executable code into machine-readable code executable by a processor of the computing system. Translating the executable code includes selecting a code fragment from among the plurality of parallel code fragments for execution to select features for inclusion in execution at a time of execution. The method includes executing the machine-readable code within the hosted computing environment.
    Type: Grant
    Filed: October 5, 2020
    Date of Patent: February 1, 2022
    Assignee: Unisys Corporation
    Inventors: Matthew Miller, David Strong, Anthony Matyok
  • Patent number: 11227033
    Abstract: An efficient obfuscation of program control flow, comprising obscuring a control execution flow through a plurality of code blocks of a computer program. It involves obtaining a secret key, initializing a state variable based on the secret key, generating a switching value by processing the state variable through an encoding function, and selecting a code block from among a set of code blocks using the switching value. It further involves executing the block code, which comprises updating the state variable based on a present value of the state variable, and repeating the steps of generating a switching value, selecting a code block, and executing the code block to control execution flow through the set of code blocks.
    Type: Grant
    Filed: July 25, 2017
    Date of Patent: January 18, 2022
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Björn Johansson, Patrik Lantz, Michael Liljenstam
  • Patent number: 11222134
    Abstract: A method for performing data encryption and application-agnostic querying of encrypted data includes identifying, via a processor, selected data for encryption. Encryption is applied to the selected data, to produce encrypted data. A query is received at the processor, the query originating from a software application. The query is translated into a modified query compatible with the encrypted data. The processor causes execution of the modified query, to produce query results. The query results include a subset of the encrypted data. The query results are sent to the software application without decrypting the subset of the encrypted data.
    Type: Grant
    Filed: March 3, 2021
    Date of Patent: January 11, 2022
    Assignee: Sotero, Inc.
    Inventors: Purandar Gururaj Das, Shanthi Boppana
  • Patent number: 11210135
    Abstract: A method to obscure a control execution flow in a computer program includes initializing a state variable, q, and a switching variable, selecting a code block for execution using a present value of the switching variable, executing the code block, updating the state variable based on a present value of the state variable and a block-dependent constant that is associated with the code block to generate an updated state variable, and by applying a state update function to the updated state variable, and updating the switching variable by processing the state variable through a non-injective output function that generates a new value of the switching variable based on the state variable. The operations of selecting the code block, executing the code block, updating the state variable and updating the switching variable are repeated to control execution flow.
    Type: Grant
    Filed: May 29, 2018
    Date of Patent: December 28, 2021
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Björn Johansson, Patrik Lantz, Michael Liljenstam
  • Patent number: 11210909
    Abstract: A valuable media handling device is presented having two security processors. A top box for an escrow module of the valuable media handling device includes a master security processor. The master security processor is connected to a slave security processed located within a safe of the valuable media handling device via an internal bus connection. The master security processor controls and validates operations and modules of the valuable media handling device and the slave security processor controls and validates operations that access the safe for depositing or dispensing valuable media from the safe.
    Type: Grant
    Filed: November 30, 2017
    Date of Patent: December 28, 2021
    Assignee: NCR Corporation
    Inventors: Alexander William Whytock, Philip Keith Staff
  • Patent number: 11196540
    Abstract: Systems and methods for an end-to-end secure operation from an expression in natural language. Exemplary methods include: receiving a set of queries from a natural language processor, the set of queries being produced by a method including: getting data schemas associated with a target data source; obtaining the expression in natural language; performing natural language processing on the expression to determine a desired operation; and generating the set of queries using at least one of matching and inference techniques over the desired operation with respect to the data schemas; encrypting the set of queries using a homomorphic encryption technique; providing the encrypted set of queries to a server, the server including the target data source; acquiring encrypted results, the encrypted results being responsive to the encrypted set of queries; and decrypting the encrypted results using a decryption key to produce desired results.
    Type: Grant
    Filed: January 19, 2018
    Date of Patent: December 7, 2021
    Assignee: Enveil, Inc.
    Inventors: Ellison Anne Williams, Ryan Carr
  • Patent number: 11188653
    Abstract: Systems and techniques are described for verifying the integrity of a computing platform. Specifically, a software image can be generated that, when executed at a computing platform, verifies integrity of the computing platform. Next, the software image can be sent to the computing platform. The computing platform can execute the software image, thereby enabling the verification of the integrity of the computing platform.
    Type: Grant
    Filed: October 15, 2019
    Date of Patent: November 30, 2021
    Inventor: Christopher Luis Hamlin
  • Patent number: 11184157
    Abstract: Protection against the obsolescence of cryptographic algorithms is provided by generating a cryptographic key pair for future use and storing the public key on a device. The cryptographic key pair supports a signature scheme that is potentially resistant to quantum computing attacks. In an embodiment, a key management server generates a set of one-time use keys sufficient to sign the anticipated number of software updates to be applied to a device. The key management server provides a public key which is stored on the device for later use. In an embodiment, an update to the device us signed with the one-time-use private key, and can be authenticated by the device using the public key. In an embodiment, the key pair supports the use of a one-time signature technique such as a Merkle signature scheme, Winternitz signature, or Lampert signature.
    Type: Grant
    Filed: June 13, 2018
    Date of Patent: November 23, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Shay Gueron, Matthew John Campagna
  • Patent number: 11169934
    Abstract: The disclosed embodiments generally relate to methods, systems and apparatuses to authenticate instructions on a memory circuitry. In an exemplary embodiment, the disclosure relates to a computing device (e.g., a memory protection engine) to protect integrity of one or more memory circuitry.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: November 9, 2021
    Assignee: INTEL CORPORATION
    Inventors: Santosh Ghosh, Kirk Yap, Siddhartha Chhabra
  • Patent number: 11170113
    Abstract: A method for testing a software application program (22) includes storing in a vulnerability database records of security vulnerabilities identified in execution of the program. Each record includes a location field containing a respective signature indicative of a location in the execution at which a corresponding security vulnerability was detected and a metadata field indicative of a respective control flow path on which the corresponding security vulnerability occurred. Upon detecting a further security vulnerability at a given location in a subsequent execution of the program, a new signature of the given location is computed and compared to the location field of the records in the database. When no record is found to match the new signature, an indication is output to a developer of the program of an occurrence of a new security vulnerability.
    Type: Grant
    Filed: January 1, 2018
    Date of Patent: November 9, 2021
    Assignee: CHECKMARX LTD.
    Inventors: Maty Siman, Alexander Roichman, Shimon Eshkenazi
  • Patent number: 11144229
    Abstract: An apparatus in one embodiment comprises at least one processing device comprising a processor coupled to a memory. The processing device is configured to identify a storage volume to be migrated from a source storage system to a target storage system, and for each of a plurality of logical addresses of the storage volume, to send a command requesting a content-based signature for the logical address to at least one of the source storage system and a host device and to receive the content-based signature in response to the command. Responsive to a first one of the received content-based signatures having a corresponding data page already stored in the target storage system, the processing device updates an associated reference count in place of requesting the corresponding data page. Responsive to a second one of the received content-based signatures not having a corresponding data page already stored in the target storage system, the processing device requests the corresponding data page.
    Type: Grant
    Filed: November 1, 2018
    Date of Patent: October 12, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Anton Kucherov, David Meiri
  • Patent number: 11126753
    Abstract: A processor chip including a memory controller, application processor and a communication processor, where the memory controller is configured to define an area of memory as secure memory, and allow only an access request with a security attribute to access the secure memory. The application processor is configured to invoke a secure application in a trusted execution environment, and write an instruction request for a secure element into the secure memory using the secure application. The communication processor is configured to read the instruction request from the secure memory in the trusted execution environment, and send the instruction request to the secure element. The application processor and the communication processor need to be in the trusted execution environment when accessing the secure memory, and access the secure memory only using the secure application.
    Type: Grant
    Filed: April 25, 2019
    Date of Patent: September 21, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Li Zhu, Zhihua Lu
  • Patent number: 11119905
    Abstract: An asset management system is provided which comprises one or more controllers, which operate as main servers and can be located at the headquarters of an electronic device manufacturer to remotely control their operations at any global location. The controller can communicate remotely over the Internet or other network to control one or more secondary or remote servers, herein referred to as appliances. The appliances can be situated at different manufacturing, testing or distribution sites. The controller and appliances comprise hardware security modules (HSMs) to perform sensitive and high trust computations, store sensitive information such as private keys, perform other cryptographic operations, and establish secure connections between components. The HSMs are used to create secure end-points between the controller and the appliance and between the appliance and the secure point of trust in an asset control core embedded in a device.
    Type: Grant
    Filed: July 10, 2019
    Date of Patent: September 14, 2021
    Assignee: BlackBerry Limited
    Inventors: Keelan Smith, Richard Gwynn Jones, Chinh Khac Nguyen, Thomas Rudolf Stiemerling
  • Patent number: 11119769
    Abstract: A method for changing a processor instruction randomly, covertly, and uniquely, so that the reverse process can restore it faithfully to its original form, making it virtually impossible for a malicious user to know how the bits are changed, preventing them from using a buffer overflow attack to write code with the same processor instruction changes into said processor's memory with the goal of taking control of the processor. When the changes are reversed prior to the instruction being executed, reverting the instruction back to its original value, malicious code placed in memory will be randomly altered so that when it is executed by the processor it produces chaotic, random behavior that will not allow control of the processor to be compromised, eventually producing a processing error that will cause the processor to either shut down the software process where the code exists to reload, or reset.
    Type: Grant
    Filed: February 17, 2020
    Date of Patent: September 14, 2021
    Inventor: Forrest L. Pierson
  • Patent number: 11113424
    Abstract: A device, system and method for installing encrypted data are provided. A device includes a processor comprising: immutable memory storing preconfigured trust anchor data; and a module storing preconfigured non-exportable data.
    Type: Grant
    Filed: May 7, 2019
    Date of Patent: September 7, 2021
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: Brian W. Pruss, Ellis A. Pinder, Thomas S. Messerges
  • Patent number: 11088842
    Abstract: In one aspect, a computer system for verifying vehicle software configuration may be provided. In some exemplary embodiments, the computer system may include a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to: (1) transmit an authentication request to a vehicle computing system including a hash algorithm specification; (2) receive, from the vehicle computing system, a current configuration hash value and a vehicle identifier; (3) retrieve a trusted data block from a memory based upon the vehicle identifier; (4) compare the current configuration hash value to a stored configuration hash value included in the trusted data block; and (5) transmit an authentication response to the vehicle computing system based upon the comparison.
    Type: Grant
    Filed: July 3, 2018
    Date of Patent: August 10, 2021
    Assignee: STATE FARM MUTUAL AUTOMOBILE INSURANCE COMPANY
    Inventors: Matthew Lewis Floyd, Leroy Luther Smith, Jr., Brittney Benzio, Nathan Barnard, Shannon Marie Lowry
  • Patent number: 11089000
    Abstract: A method, system, and program product for generating an automated source code log statement is provided. The method includes retrieving source code of a software application and associating logs and associated semantics with the source code. The source code is parsed and analyzed and log statements are generated. Attributes within the source code are identified. The log statements are inserted into the source code with respect to a specified source code level of the source code and the source code comprising the log statements is presented to a developer. A command for modifying the logs is received. In response, the logs are modified resulting in modified logs. The source code comprising the log statements and modified logs is executed.
    Type: Grant
    Filed: February 11, 2020
    Date of Patent: August 10, 2021
    Assignee: International Business Machines Corporation
    Inventors: Thangadurai Muthusamy, Pietro Iannucci, Saravanan Devendran, Obuliraj Selvaraj
  • Patent number: 11089016
    Abstract: Disclosed is a secure semiconductor chip. The semiconductor chip is, for example, a system-on-chip. The system-on-chip is operated by connecting normal IPs to a processor core included therein via a system bus. A secure bus, which is a hidden bus physically separated from the system bus, is separately provided. Security IPs for performing a security function or handling security data are connected to the secure bus. The secure semiconductor chip can perform required authentication while shifting between a normal mode and a secure mode.
    Type: Grant
    Filed: February 13, 2017
    Date of Patent: August 10, 2021
    Assignee: INDUSTRY-UNIVERSITY COOPERATION FOUNDATION HANYANG UNIVERSITY
    Inventors: Dong Kyue Kim, Ji-Hoon Kim
  • Patent number: 11080222
    Abstract: An optical electromagnetic radiation (EM) emitter and receiver are located upon a printed circuit board (PCB) glass security layer. A predetermined reference flux or interference pattern, respectively, is an expected flux or reflection pattern of EM emitted from the EM emitter, transmitted by the glass security layer, and received by the EM receiver. When the PCB is subject to an unauthorized access thereof the optical EM transmitted by glass security layer is altered. An optical monitoring device that monitors the flux or interference pattern of the optical EM received by the EM receiver detects a change in flux or interference pattern, in relation to the reference flux or reference interference pattern, respectively, and passes a tamper signal to one or more computer system devices to respond to the unauthorized access. For example, one or more cryptographic adapter card or computer system functions or secured crypto components may be disabled.
    Type: Grant
    Filed: January 4, 2018
    Date of Patent: August 3, 2021
    Assignee: International Business Machines Corporation
    Inventors: Gerald K. Bartley, Darryl J. Becker, Matthew S. Doyle, Mark J. Jeanson, Mark O. Maxson
  • Patent number: 11074168
    Abstract: Disclosed herein are techniques for analyzing control-flow integrity based on functional line-of-code behavior and relation models. Techniques include receiving data based on runtime operations of a controller; constructing a line-of-code behavior and relation model representing execution of functions on the controller based on the received data; constructing, based on the line-of-code behavioral and relation model, a dynamic control flow integrity model configured for the controller to enforce in real-time; and deploying the dynamic control flow integrity model to the controller.
    Type: Grant
    Filed: November 11, 2020
    Date of Patent: July 27, 2021
    Assignee: Aurora Labs Ltd.
    Inventors: Zohar Fox, Carmit Sahar
  • Patent number: 11055236
    Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: July 6, 2021
    Assignee: Intel Corporation
    Inventors: Carlos V. Rozas, Mona Vij, Rebekah M. Leslie-Hurd, Krystof C. Zmudzinski, Somnath Chakrabarti, Francis X. Mckeen, Vincent R. Scarlata, Simon P. Johnson, Ilya Alexandrovich, Gilbert Neiger, Vedvyas Shanbhogue, Ittai Anati
  • Patent number: 11055229
    Abstract: A memory system includes a memory device including a plurality of memory cells, and a memory controller configured to control the memory device. The memory controller includes a random number generator configured to generate a random number based on read data from the memory device, and an address translation module configured to generate a key based on the random number and to translate a first address into a second address by performing a calculation on the first address and the key.
    Type: Grant
    Filed: June 20, 2019
    Date of Patent: July 6, 2021
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventor: Eun Chu Oh
  • Patent number: 11048590
    Abstract: Servicing I/O operations in a cloud-based storage system, including: receiving, by the cloud-based storage system, a request to write data to the cloud-based storage system; storing, in solid-state storage of the cloud-based storage system, the data; storing, in object storage of the cloud-based storage system, the data; detecting that at least some portion of the solid-state storage of the cloud-based storage system has become unavailable; identifying data that was stored in the portion of the solid-state storage of the cloud-based storage system that has become unavailable; retrieving, from object storage of the cloud-based storage system, the data that was stored in the portion of the solid-state storage of the cloud-based storage system that has become unavailable; and storing, in solid-state storage of the cloud-based storage system, the retrieved data.
    Type: Grant
    Filed: July 30, 2019
    Date of Patent: June 29, 2021
    Assignee: Pure Storage, Inc.
    Inventors: Constantine Sapuntzakis, Naveen Neelakantam, Ronald Karr
  • Patent number: 11032107
    Abstract: A network node may receive a packet having an inner internet protocol (IP) header and an outer IP header. The inner IP header may be encrypted. The network node may generate a copy of the packet to obtain a copied packet. The network node may perform decryption on one of the packet or the copied packet to identify a recipient address of the inner IP header. The network node may update the outer IP header of the other of the packet or the copied packet to obtain an updated packet with an updated outer IP header. A destination address of the updated outer IP header may be updated to a tunnel endpoint of a receiving network node that is associated with the recipient address. The network node may route the updated packet according to the updated outer IP header.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: June 8, 2021
    Assignee: Juniper Networks, Inc.
    Inventors: Goutham Kondapavuluru, Vijay Sai Ram Paruchuri
  • Patent number: 11030296
    Abstract: A first request to log in to a suspended account is received. The first request includes an operation code. A determination is made that the operation code satisfies a predetermined condition. In response to the determination, the suspended account is obtained based on the operation code and the suspended account is logged in to.
    Type: Grant
    Filed: December 14, 2017
    Date of Patent: June 8, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Jianbo Qian
  • Patent number: 11023391
    Abstract: Disclosed are an apparatus for data processing, an artificial intelligence chip, and an electronic device. The apparatus for data processing includes: at least one input memory, at least one data conveying component, at least one multiplexed arbitration component, and at least one output memory. The input memory is connected to the data conveying component, the data conveying component is connected to the multiplexed arbitration component, and the multiplexed arbitration component is connected to the output memory.
    Type: Grant
    Filed: July 9, 2019
    Date of Patent: June 1, 2021
    Assignee: Beijing Baidu Netcom Science and Technology Co., Ltd.
    Inventors: Peng Wu, Jian Ouyang, Canghai Gu, Wei Qi, Ningyi Xu
  • Patent number: 11017125
    Abstract: Novel methods of virtualization with unique virtual architectures on field-programmable gate arrays (FPGAs) are provided. A hardware security method can include providing one or more field-programmable gate arrays (FPGAs), and creating an application specialized virtual architecture (or overlay) over the one or more FPGAs (for example, by providing an overlay generator). Unique bitfiles that configure the overlays implemented on the FPGAs can be provided for each deployed FPGA. The application specialized virtual architecture can be constructed using application code, or functions from a domain, to create an overlay represented by one or more hardware description languages (e.g., VHDL).
    Type: Grant
    Filed: December 12, 2017
    Date of Patent: May 25, 2021
    Assignee: UNIVERSITY OF FLORIDA RESEARCH FOUNDATION, INCORPORATED
    Inventors: Greg M. Stitt, Kai Yang, Swarup Bhunia, Robert A. Karam
  • Patent number: 11018993
    Abstract: Some embodiments provide a method for a first data compute node (DCN) operating in a public datacenter. The method receives an encryption rule from a centralized network controller. The method determines that the network encryption rule requires encryption of packets between second and third DCNs operating in the public datacenter. The method requests a first key from a secure key storage. Upon receipt of the first key, the method uses the first key and additional parameters to generate second and third keys. The method distributes the second key to the second DCN and the third key to the third DCN in the public datacenter.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: May 25, 2021
    Assignee: NICIRA, INC.
    Inventors: Ganesan Chandrashekhar, Mukesh Hira, Sanal Pillai
  • Patent number: 11010465
    Abstract: Systems and methods for improving security in computer-based authentication systems by using physical unclonable functions are presented. A computing device used to provide authentication includes an array of physical unclonable function devices. Rather than storing user passwords or message digests of passwords, the computing device generates a message digest based on a combination of a user ID and corresponding password. This message digest forms part of challenge (together with instructions for responding to the challenge). A challenge response generated by measuring physical parameters of set of physical unclonable function devices specified by the message digest. This allows the computing device to provide authentication without storing information which could be used by an attacker to compromise user credentials.
    Type: Grant
    Filed: May 17, 2019
    Date of Patent: May 18, 2021
    Assignee: Arizona Board of Regents on Behalf of Northern Arizona University
    Inventor: Bertrand F Cambou
  • Patent number: 10999057
    Abstract: A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.
    Type: Grant
    Filed: December 20, 2019
    Date of Patent: May 4, 2021
    Assignee: Cryptography Research, Inc.
    Inventors: Michael A. Hamburg, Megan Anneke Wachs
  • Patent number: 10963398
    Abstract: The present disclosure is related to a virtual register file. Source code can be compiled to include references to a virtual register file for data subject to a logical operation. The references can be dereferenced at runtime to obtain physical addresses of memory device elements according to the virtual register file. The logical operation can be performed in the memory device on data stored in the memory device elements.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: March 30, 2021
    Assignee: Micron Technology, Inc.
    Inventors: John D. Leidel, Geoffrey C. Rogers