Computer Instruction/address Encryption Patents (Class 713/190)
  • Patent number: 10372886
    Abstract: A method of obscuring the input and output of a modular exponentiation function, including: receiving modular exponentiation parameters including an exponent e having N bits and a modulus m; generating randomly a pre-multiplier; calculating a post-multiplier based upon the pre-multiplier, exponent e, and modulus m; multiplying an input to the modular exponentiation function by the pre-multiplier; performing the modular exponentiation function; and multiplying the output of the modular exponentiation function by the post-multiplier, wherein multiplying an input to the modular exponentiation function by the pre-multiplier, performing the modular exponentiation function, and multiplying the output of the modular exponentiation function by the post-multiplier are split variable operations.
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: August 6, 2019
    Assignee: NXP B.V.
    Inventors: Jan Hoogerbrugge, Wil Michiels
  • Patent number: 10366228
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify regions of code to be monitored, probe and lock code pages that include the identified regions of code, and remap the code pages as execute only. The code pages can be remapped as execute only in an alternate extended page table view.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: July 30, 2019
    Assignee: McAfee, LLC
    Inventors: Ravi Sahita, Lu Deng, Vedvyas Shanbhogue, Lixin Lu, Alexander Shepsen, Igor Tatourian
  • Patent number: 10362483
    Abstract: A secure data storage device with wireless authentication is provided. The described data storage device is wirelessly unlocked using another wireless device. The secure data storage device interoperates with a cloud server for configuring and managing the data storage device.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: July 23, 2019
    Inventor: Cristian Frusina
  • Patent number: 10354073
    Abstract: According to one embodiment, an information processing device includes a processor, a nonvolatile memory, a designation unit, and a controller. The nonvolatile memory stores the first software and the second software which is used as substitute for the first software. The designation unit designates software to be executed by the processor at a boot. The controller protects an area of the nonvolatile memory storing the first software from being written while the first software is executed by the processor. When third software is executed by the processor, the third software verifies the second software. When the second software is legal in a result of verifying by the third software, the designation unit designates the second software.
    Type: Grant
    Filed: July 28, 2016
    Date of Patent: July 16, 2019
    Assignee: KABUSHIKI KAISHA TOSHIBA
    Inventors: Ryuiti Koike, Mikio Hashimoto, Naoko Yamada, Ryotaro Hayashi
  • Patent number: 10353713
    Abstract: An information handling system includes a processor, a Unified Extensible Firmware Interface (UEFI) boot volume, and a memory including UEFI code and a setup module. The UEFI code is executable by the processor to boot the information handling system, determine if the UEFI boot volume includes a setup data file, and launch the setup module in response to determining that the UEFI boot volume includes the setup data file. The setup module is executable by the processor to read first information from the setup data file, and set a first configuration setting of the information handling system based upon the first information.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: July 16, 2019
    Assignee: Dell Products, LP
    Inventor: Allen C. Wynn
  • Patent number: 10356086
    Abstract: The present invention provides methods and apparatuses that utilize a portable apparatus to securely operate a host electronic device. Typically, each portable apparatus includes a data storage unit which stores an operating system and other software. In one example, a portable apparatus can provide a virtual operating environment on top of a host's operating system for a host device. In another example, a portable apparatus containing its operating system can directly boot a host device with one or more hardware profiles. Furthermore, a device-dependent protection against software piracy, a user-dependent protection against sensitive data leaks, a controllable host operating environment to prevent unwanted information exposure, and a secure restoration procedure to prevent virus infection between the host device users may be incorporated. Moreover, a pre-defined information may also be utilized to authorize a connected-state guest operation environment in the host device.
    Type: Grant
    Filed: August 27, 2018
    Date of Patent: July 16, 2019
    Inventor: Evan Huang
  • Patent number: 10346300
    Abstract: In one embodiment, a processor comprises: at least one core formed on a die to execute instructions; a first memory controller to interface with an in-package memory; a second memory controller to interface with a platform memory to couple to the processor; and the in-package memory located within a package of the processor, where the in-package memory is to be identified as a more distant memory with respect to the at least one core than the platform memory. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: July 9, 2019
    Assignee: Intel Corporation
    Inventors: Avinash Sodani, Robert J. Kyanko, Richard J. Greco, Andreas Kleen, Milind B. Girkar, Christopher M. Cantalupo
  • Patent number: 10325118
    Abstract: Memory security technologies are described. An example processing system includes a processor core and a memory controller coupled to the processor core and a memory. The processor core can receive a content read instruction from an application. The processor core can identify a cache line (CL) from a plurality of CLs of a cryptographic cache block (CCB) requested in the content read instruction. The processor core can load, from a cryptographic tree, tree nodes with security metadata. The processor core can retrieve, from the memory, the CCB. The processor core can generate a second MAC from the CCB. The processor core can compare the first MAC with the second MAC. The processor core can decrypt the CCB using security metadata when the first MAC matches the second MAC. The processor core can send at least the identified CL from the decrypted CCB to the application.
    Type: Grant
    Filed: January 4, 2018
    Date of Patent: June 18, 2019
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Francis X. Mckeen, Carlos V. Rozas, Saeedeh Komijani, Tamara S. Lehman
  • Patent number: 10320753
    Abstract: A machine has a processor and a memory connected to the processor. The memory stores instructions executed by the processor to allow a user to designate a selected persona from a pool of potential personas, where each potential persona is associated with the user and has a distinct set of computer network attributes. A virtual private network egress point for the selected persona is designated, where the virtual private network egress point masks computer network attributes of the selected persona. Contact with the virtual private network egress point is coordinated to initiate a network communication for the selected persona.
    Type: Grant
    Filed: January 19, 2016
    Date of Patent: June 11, 2019
    Assignee: Anonyome Labs, Inc.
    Inventors: Paul Ashley, Steve Shillingford, Simon Gee, Glen Leeder, Greg Clark
  • Patent number: 10318258
    Abstract: Provided is a non-transitory computer readable storage medium storing a program causing a computer to execute a process, the process including: obtaining an analysis result of a program hierarchically structured by a plurality of hierarchies; identifying an exclusion request of a check content of a same kind as a specific check content by referring to a storage unit storing information about a past exclusion request of a check content when the specific check content in the analysis result is displayed in association with a part corresponding to the specific check content of the program; outputting reference information for an exclusion request of the specific check content based on a request result of the exclusion request of the check content of the same kind, and a difference between positions in the plurality of hierarchies of the specific check content and the check content of the same kind in the program.
    Type: Grant
    Filed: July 17, 2017
    Date of Patent: June 11, 2019
    Assignee: FUJITSU LIMITED
    Inventors: Sayaka Shimada, Daisuke Hiyama, Hideya Ikeda
  • Patent number: 10311226
    Abstract: A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing for program code and hardware-protects it from alteration. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition.
    Type: Grant
    Filed: May 7, 2018
    Date of Patent: June 4, 2019
    Assignee: Newman H-R Computer Design, LLC
    Inventors: Frank N. Newman, Dan Newman
  • Patent number: 10305682
    Abstract: A method of encrypting a program instructions stream and a method of executing an instructions stream thus encrypted. Instructions are translated into binary code before being encrypted by a stream cipher method. When the program contains a conditional or unconditional branch instruction, an instruction is inserted in the program to initialize the pseudo-random sequence generator using an initialization vector, the initialization vector being used to generate the pseudo-random sequence for encryption and decryption of instructions at the branch address. Instructions can be decrypted and executed on-the-fly without needing to know their physical addresses, even in the presence of a branch.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: May 28, 2019
    Assignee: COMMISSARIAT A L'ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES
    Inventors: Florian Pebay-Peyroula, Olivier Savry, Thomas Hiscock
  • Patent number: 10289722
    Abstract: A multi-level cache system may include a server with a processor and memory. The memory may include a database cache system for use with a distributed database system. The server may also include a Solid State Drive that may include a key-value store and a second storage device that may store a backend database. The key-value store may act as a second level cache to the database cache system.
    Type: Grant
    Filed: April 11, 2016
    Date of Patent: May 14, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Inseok Stephen Choi, Byoung Young Ahn, Yang Seok Ki
  • Patent number: 10262161
    Abstract: Techniques described and suggested herein include the use of transformation parameters, such as mathematical and/or cryptographic operations, to permute various aspects of executables so as to control executable code authorized to run on one or more hosts. For example, a set of transformation parameters, such as a mathematical operation and a specified value upon which the mathematical operation may operate, are associated with a host or group of hosts. The set of transformation parameters may be applied to one or more runtime-related numerical locations associated with an executable that is intended to run on the specified hosts. At runtime, appropriately encoded executables are decoded by the specified hosts and operate normally, while differently encoded or unencoded executables are inoperable by the specified hosts.
    Type: Grant
    Filed: December 22, 2014
    Date of Patent: April 16, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Jon Arron McClintock, Darren Ernest Canavor, Harsha Ramalingam, George Nikolaos Stathakopoulos
  • Patent number: 10255193
    Abstract: The present disclosure includes apparatuses and methods related to virtual address tables. An example method comprises generating an object file that comprises: an instruction comprising a number of arguments; and an address table comprising a number of indexed address elements. Each one of the number of indexed address elements can correspond to a virtual address of a respective one of the number of arguments, wherein the address table can serves as a target for the number of arguments. The method can include storing the object file in a memory.
    Type: Grant
    Filed: March 5, 2018
    Date of Patent: April 9, 2019
    Assignee: Micron Technology, Inc.
    Inventors: John D. Leidel, Kyle B. Wheeler
  • Patent number: 10248398
    Abstract: A method for virtualizing of software applications. The method comprises initializing a virtual environment created by a virtual engine executed over a computer; creating a new data file; launching an installation process of a software application to be virtualized, wherein the installation process runs in the virtual environment; during the installation process, capturing data writes to a file system of the computer's operating system; and saving the data writes to the new data file.
    Type: Grant
    Filed: April 6, 2009
    Date of Patent: April 2, 2019
    Assignee: BlackBerry Limited
    Inventors: Netzer Shlomai, Yoram Gabay
  • Patent number: 10235506
    Abstract: A method of obscuring software code implementing a modular exponentiation function, including: receiving modular exponentiation parameters including an exponent e having N bits; generating a bitwise exponent array and inverse bitwise exponent array; and generating modular exponentiation function operations using the bitwise exponent array, inverse bitwise exponent array, and N, wherein the generated modular exponentiation function operations are split variable operations.
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: March 19, 2019
    Assignee: NXP B.V.
    Inventors: Jan Hoogerbrugge, Wil Michiels
  • Patent number: 10176333
    Abstract: An electronic device comprising: a memory; and at least one processor configured to: install an application by using an installation file associated with the application; grant at least one permission to the application based on a permission setting token that is included in the installation file; and store, in a database, an indication that the application is granted the permission.
    Type: Grant
    Filed: September 18, 2015
    Date of Patent: January 8, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Myeong Jin Oh, Ju Ha Park, Michael Pak, Sung Kyu Cho
  • Patent number: 10172168
    Abstract: The present invention relates to an IoT (Internet of Things) device, a mobile terminal, a method of pairing the IoT device using the mobile terminal, and a control method. According to one embodiment of the present invention, the method includes the steps of, when an IoT device contacted with at least one side of the mobile terminal is recognized, generating a vibration using a designated vibration pattern, receiving vibration pattern information from the IoT device, and when the received vibration pattern information is identical to the designated vibration pattern, performing paring with the IoT device. According to the embodiments of the present invention, a user can intuitively perform pairing between the mobile terminal and the IoT device through the paring method between the mobile terminal and the IoT device.
    Type: Grant
    Filed: February 3, 2017
    Date of Patent: January 1, 2019
    Assignee: LG ELECTRONICS INC.
    Inventors: Younkyung Jang, Cheol Choi, Chamo Je, Sungjun Park
  • Patent number: 10171432
    Abstract: Systems, methods, and non-transitory computer-readable medium are provided to secure data centers and cloud computing. A method receives network identifiers for functions, requests a network key for each function, allocates network interfaces, requests a virtual network interface controller allocation, requests a network key for each cloud function, receives storage identifiers for functions, requests a storage key for each cloud function, allocates virtual storage disks, requests a storage interface controller allocation, requests a storage key for each cloud function. Methods secure migration of a virtual machine from a source to a target server. A server includes multiple cores where each core is dedicated to a compute function and a unique key encrypts data of each compute function. A non-transitory computer-readable medium encodes programs that execute the above methods.
    Type: Grant
    Filed: December 4, 2017
    Date of Patent: January 1, 2019
    Inventor: Ari Birger
  • Patent number: 10158484
    Abstract: Instructions and logic provide for a Single Instruction Multiple Data (SIMD) SM4 round slice operation. Embodiments of an instruction specify a first and a second source data operand set, and substitution function indicators, e.g. in an immediate operand. Embodiments of a processor may include encryption units, responsive to the first instruction, to: perform a slice of SM4-round exchanges on a portion of the first source data operand set with a corresponding keys from the second source data operand set in response to a substitution function indicator that indicates a first substitution function, perform a slice of SM4 key generations using another portion of the first source data operand set with corresponding constants from the second source data operand set in response to a substitution function indicator that indicates a second substitution function, and store a set of result elements of the first instruction in a SIMD destination register.
    Type: Grant
    Filed: October 10, 2016
    Date of Patent: December 18, 2018
    Assignee: Intel Corporation
    Inventors: Sean M. Gulley, Gilbert M. Wolrich, Vinodh Gopal, Kirk S. Yap, Wajdi K. Feghali
  • Patent number: 10146571
    Abstract: Techniques are described for providing processor-based dedicated fixed function hardware to perform runtime integrity measurements for detecting attacks on system supervisory software, such as a hypervisor or native Operating System (OS). The dedicated fixed function hardware is provided with memory addresses of the system supervisory software for monitoring. After obtaining the memory addresses and other information required to facilitate integrity monitoring, the dedicated fixed function hardware activates a lock-out to prevent reception of any additional information, such as information from a corrupted version of the system supervisory software. The dedicated fixed function hardware then automatically performs periodic integrity measurements of the system supervisory software. Upon detection of an integrity failure, the dedicated fixed function hardware uses out-of-band signaling to report that an integrity failure has occurred.
    Type: Grant
    Filed: June 7, 2016
    Date of Patent: December 4, 2018
    Assignee: Intel Corporation
    Inventors: Radhakrishna R K Hiremane, Anil S. Keshavamurthy
  • Patent number: 10140437
    Abstract: A method of obscuring software code including a data array and a plurality of operations, including: identifying, by a processor, a data array with an index to be obscured and an operation using the data array; permutating the identified data array using a permutating function; and replacing the identified operation using the permutated data array and equivalent encoded permutation function.
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: November 27, 2018
    Assignee: NXP B.V.
    Inventors: Jan Hoogerbrugge, Wil Michiels
  • Patent number: 10102370
    Abstract: Techniques to enable scalable cryptographically protected memory using on-chip memory are described. In one embodiment, an apparatus may comprise a processor component implemented on a first integrated circuit, an on-chip memory component implemented on the first integrated circuit, the on-chip memory component to include a memory page handler to manage memory pages stored on the on-chip memory component, and a cryptographic engine to encrypt and decrypt memory pages for the memory page handler, and an off-chip memory component implemented on a second integrated circuit coupled to the first integrated circuit, the off-chip memory component to store encrypted memory pages evicted from the on-chip memory component. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 21, 2015
    Date of Patent: October 16, 2018
    Assignee: INTEL CORPORATION
    Inventors: Alpa Narendra Trivedi, Siddhartha Chhabra, David Durham
  • Patent number: 10025924
    Abstract: A system for managing Containers, including a hardware node running an OS; a multi-tenant application on the node; and a plurality of Containers under the OS. A process of the multi-tenant application uses only one Container at a time. Remaining Containers available to the process are taskless Containers. An arbiter controls permissions for the process to switch from one Container to another Container. The arbiter defines trusted and untrusted execution contexts. Code of the process executing in the untrusted context is not permitted to switch Containers, and the code of the process executing in the trusted context is permitted to switch Containers. The arbiter detects attempts to switch Containers, and prevents them when executing untrusted code. Upon a request to the multi-tenant application, the arbiter switches the process that will process the user request to one of the taskless Containers and executes the request in the untrusted context.
    Type: Grant
    Filed: August 26, 2016
    Date of Patent: July 17, 2018
    Assignee: Parallels IP Holdings GmbH
    Inventors: Andrey Vagin, Alexey Kobets
  • Patent number: 10020932
    Abstract: A device for performing a mapping an input message to an output message by a keyed cryptographic operation, wherein the keyed cryptographic operation includes a plurality of rounds. To protect against differential fault analysis attacks, the cryptographic operation is modified to apply a secret sharing approach to one of the rounds. Also, a portion of the computations are split into first and second shares, where the first share uses a first weight and the second share uses a second weight. The final operations are again merged into a single matrix multiplication. Cryptographic operations that have a substitution function and an affine transformation can be protected in this way.
    Type: Grant
    Filed: November 13, 2015
    Date of Patent: July 10, 2018
    Assignee: NXP B.V.
    Inventor: Wilhelmus Petrus Adrianus Johannus Michiels
  • Patent number: 10009172
    Abstract: A method of an aspect includes receiving an instruction. The instruction indicates a first source of a first packed data including state data elements ai, bi, ei, and fi for a current round (i) of a secure hash algorithm 2 (SHA2) hash algorithm. The instruction indicates a second source of a second packed data. The first packed data has a width in bits that is less than a combined width in bits of eight state data elements ai, bi, ci, di, ei, fi, gi, hi of the SHA2 hash algorithm. The method also includes storing a result in a destination indicated by the instruction in response to the instruction. The result includes updated state data elements ai+, bi+, ei+, and fi+ that have been updated from the corresponding state data elements ai, bi, ei, and fi by at least one round of the SHA2 hash algorithm.
    Type: Grant
    Filed: January 9, 2017
    Date of Patent: June 26, 2018
    Assignee: Intel Corporation
    Inventors: Gilbert M. Wolrich, Kirk S. Yap, Vinodh Gopal, James D. Guilford
  • Patent number: 9984327
    Abstract: A method and system for performing a graph search, includes constructing an abstract representation of the graph using state-space abstraction. The abstract representation of the graph includes one or more abstract nodes having duplicate detection scopes and one or more abstract edges having operator groups. The duplicate detection scopes of the abstract nodes are partitioned into smaller duplicate detection scopes using edge partitioning. The abstract edges include the smaller duplicate detection scopes. Nodes in the current search layer are expanded using the operator groups of outgoing abstract edges of the abstract nodes the nodes map to. The operator groups associated with abstract edges having disjoint duplicate detection scopes are used to expand the nodes in parallel. Once all the operator groups in the current search layer have been used for node expansion the method progresses to the next search layer.
    Type: Grant
    Filed: July 23, 2010
    Date of Patent: May 29, 2018
    Assignee: PALO ALTO RESEARCH CENTER INCORPORATED
    Inventors: Rong Zhou, Tim Schmidt, Minh Binh Do, Serdar Uckun
  • Patent number: 9986428
    Abstract: The disclosure is related to a machine to machine (M2M) device and a security management method thereof. The M2M device includes an identification circuit. The identification circuit may be configured to encrypt data collected from a sensor with a device identification (ID) of the M2M device and at least one subscriber ID of the identification circuit and to generate a data packet in a predetermined communication standard format by including the encrypted data in a payload of the data packet.
    Type: Grant
    Filed: April 27, 2016
    Date of Patent: May 29, 2018
    Assignee: KT CORPORATION
    Inventors: Young-Bin Cho, Sung-Chul Kim, Jin-Hyoung Lee, Youn-Pil Jeung
  • Patent number: 9979784
    Abstract: A method for backing cloud data up and a method for recovering cloud data are provided. A cloud server and a client device are connected to a cloud network. The method for backing cloud data up includes: using the client device to obtain an installed application list and to show the installed application list; using the client device to choose a application in the application list; using the client device to obtain a access path where the backup of the application data file in the client device is and to transmit the access path and a backup of the application data file to the cloud server; and using the cloud server to save the access path and the corresponding backup of the application data file. By using the present inventive method, any user's chosen data can be shared among the cloud server and the client device.
    Type: Grant
    Filed: January 20, 2015
    Date of Patent: May 22, 2018
    Assignee: HUIZHOU TCL MOBILE COMMUNICATION CO., LTD.
    Inventors: Hanlin Guo, Xi Li
  • Patent number: 9965401
    Abstract: A method of obfuscating a code is provided, wherein the method comprises performing a first level obfuscating technique on a code to generate a first obfuscated code, and performing a second level obfuscating technique on the first obfuscated code. In particular, the code may be a software code or a software module. Furthermore, the first level obfuscating technique and the second obfuscating may be different. In particular, the second level obfuscating technique may perform a deobfuscation.
    Type: Grant
    Filed: October 8, 2016
    Date of Patent: May 8, 2018
    Assignee: NXP B.V.
    Inventors: Philippe Teuwen, Ventzislav Nikov
  • Patent number: 9928361
    Abstract: Roughly described, a method of restricting access of a debug controller to debug architecture on an integrated circuit chip, the debug architecture comprising an access controller, a plurality of peripheral circuits, and a shared hub, the shared hub being accessible by the access controller and the plurality of peripheral circuits, the method comprising: at the access controller, authenticating the debug controller; at the access controller, following authentication, assigning to the debug controller a set of access rights, the set of access rights granting the debug controller partial access to the debug architecture; and after assigning the set of access rights, allowing the debug controller access to the debug architecture as allowed by the set of access rights.
    Type: Grant
    Filed: June 8, 2017
    Date of Patent: March 27, 2018
    Assignee: UltraSoC Technologies Ltd.
    Inventors: Andrew Brian Thomas Hopkins, Arnab Banerjee, Stephen John Barlow, Klaus Dieter McDonald-Maier
  • Patent number: 9910996
    Abstract: Mass storage devices and methods for securely storing data are disclosed. The mass storage device includes a communication interface for communicating with a connected host computer, a mass-memory storage component for storing data, a secure key storage component adapted to securely store at least one master secret, and an encryption-decryption component different from the secure key storage component and connected to the secure key storage component and the mass-memory storage component. The encryption-decryption component may be adapted to encrypt data received from the host computer using an encryption algorithm and at least one encryption key and to write the encrypted data into the mass-memory storage component.
    Type: Grant
    Filed: June 16, 2011
    Date of Patent: March 6, 2018
    Assignee: Vasco Data Security, Inc.
    Inventor: Harm Braams
  • Patent number: 9886577
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify regions of code to be monitored, probe and lock code pages that include the identified regions of code, and remap the code pages as execute only to assist with the mitigation of malicious invocation of sensitive code. The code pages can be remapped as execute only in an alternate extended page table view to allow for the detection and mitigation of malicious invocation of sensitive code.
    Type: Grant
    Filed: September 26, 2014
    Date of Patent: February 6, 2018
    Assignee: McAfee, LLC
    Inventors: Ravi Sahita, Lu Deng, Vedvyas Shanbhogue, Lixin Lu, Alexander Shepsen, Igor Tatourian
  • Patent number: 9864856
    Abstract: A data communication system comprises a Network Interface Card (NIC), Central Processing Unit (CPU), and Data Memory Buffer (DMB) to efficiently verify hardware-trust. The NIC, CPU, and DMB execute boot-up software, and in response, the NIC, CPU, and DMB execute hardware-trust software to assert control over their Application Programming Interfaces (APIs). The NIC, CPU, and DMB receive and hash hardware-trust data with their physically-embedded hardware-trust codes to generate hardware-trust results. The NIC, CPU, and DMB transfer their hardware-trust results for hardware-trust validation. The CPU may execute Network Function Virtualization Virtual Network Functions (NFV VNFs) for Software Defined Networks (SDNs).
    Type: Grant
    Filed: May 2, 2017
    Date of Patent: January 9, 2018
    Assignee: Sprint Communications Company L.P.
    Inventors: Ronald R. Marquardt, Lyle Walter Paczkowski, Arun Rajagopal
  • Patent number: 9781163
    Abstract: Trust characteristics attributable to components associated with a disaggregated infrastructure environment are obtained. A trust policy of an application to be hosted in the disaggregated infrastructure environment is obtained. The trust characteristics are compared to the trust policy. One or more of the components associated with the disaggregated infrastructure environment are selected based on the comparison step. A compute node is formed from the selected components.
    Type: Grant
    Filed: June 23, 2015
    Date of Patent: October 3, 2017
    Assignee: EMC IP Holding Company LLC
    Inventors: Stephen Todd, Kenneth Durazzo
  • Patent number: 9772845
    Abstract: A processor includes a plurality of registers, an instruction decoder to receive an instruction to process a KECCAK state cube of data representing a KECCAK state of a KECCAK hash algorithm, to partition the KECCAK state cube into a plurality of subcubes, and to store the subcubes in the plurality of registers, respectively, and an execution unit coupled to the instruction decoder to perform the KECCAK hash algorithm on the plurality of subcubes respectively stored in the plurality of registers in a vector manner.
    Type: Grant
    Filed: December 13, 2011
    Date of Patent: September 26, 2017
    Assignee: Intel Corporation
    Inventors: Kirk S. Yap, Gilbert M. Wolrich, James D. Guilford, Vinodh Gopal, Erdinc Ozturk, Sean M. Gulley, Wajdi K. Feghali, Martin G. Dixon
  • Patent number: 9760693
    Abstract: An apparatus for providing an improved content protecting and packaging system for protecting content may include an extractor for extracting a content package into a plurality of content segments including a first portion and a second portion. An enveloper may envelop each of the content segments in the first portion separately to thereby create one or more protected content segments. Further, a packager may package the protected content segments with the second portion of the content segments into a protected content package, which may then be uploaded to a distributor for distribution to user terminals. A corresponding method and computer program product are also provided.
    Type: Grant
    Filed: December 30, 2010
    Date of Patent: September 12, 2017
    Assignee: Nokia Technologies Oy
    Inventors: Mustafa Iihan Gurel, Janne Sakari Mantyla, Sami Petteri Lehtisaari, Tommi Sakari Von Hertzen, Juhani Makela, Markku Kylanpaa, Markku Savela, Kimmo Surakka, Bartlomiej Piotr Jozwiak, Elena Gillet
  • Patent number: 9753863
    Abstract: A method includes, in various implementations, regulating a memory region for execute-only access, storing a set of instructions in the memory region, executing an early instruction among the set of instructions, and executing a set of subsequent instructions among the instructions. The early instruction loads a secret value into a volatile register. A correct execution of the subsequent instructions depends on the secret value being loaded into the volatile register. A system includes, in various implementations, a memory and a processor with one or more volatile registers. The processor regulates access to portions of the memory. The processor can load a secret value into the volatile register in response to executing a program stored in an execute-only portion of the memory. The processor is configured to lose, in response to an asynchronous event, information loaded in the volatile registers.
    Type: Grant
    Filed: December 27, 2014
    Date of Patent: September 5, 2017
    Assignee: Intel Corporation
    Inventors: Rekha N. Bachwani, Ravi L. Sahita, David M. Durham
  • Patent number: 9740507
    Abstract: Virtual desktops generated by a virtual desktop application locally executing on a tablet computing device, can further display remote applications. The tablet computing device executes an operating system that does not contemplate a mouse pointer and that displays a native desktop. In many instances, the virtual desktop is displayed on the tablet computing device such that the virtual desktop appears to be the native desktop. The virtual desktops therefore include a mouse pointer which can be used to interact with the remote applications. The remote applications generate graphical application output when they execute on a remote server. The graphical application output is transmitted to the tablet computing device and displayed in an application output window displayed within the virtual desktop. Using a virtual trackpad or other virtual input device, a user can interact with the remote applications via the application output displayed on the virtual desktop.
    Type: Grant
    Filed: April 1, 2011
    Date of Patent: August 22, 2017
    Assignee: Citrix Systems, Inc.
    Inventors: Gus Pinto, David Koretsky, Adam Marano
  • Patent number: 9720827
    Abstract: In one embodiment, a processor comprises: at least one core formed on a die to execute instructions; a first memory controller to interface with an in-package memory; a second memory controller to interface with a platform memory to couple to the processor; and the in-package memory located within a package of the processor, where the in-package memory is to be identified as a more distant memory with respect to the at least one core than the platform memory. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 14, 2014
    Date of Patent: August 1, 2017
    Assignee: Intel Corporation
    Inventors: Avinash Sodani, Robert J. Kyanko, Richard J. Greco, Andreas Kleen, Milind B. Girkar, Christopher M. Cantalupo
  • Patent number: 9722773
    Abstract: A method for determining a representation of a product of a first element and a second element is disclosed comprising, picking a random value for each pair of a first integer between 1 and d and a second integer greater than the first integer, adding the random value to the product of a first value and a second value, and adding the result of the first addition and the product of the first value and the second value. Then summing, for each integer between 1 and d, a product of the first and second values associated with the integer, the random values associated with the pairs of which the first integer is the integer concerned, and the values obtained for the pairs of which the second integer is the integer concerned.
    Type: Grant
    Filed: May 26, 2011
    Date of Patent: August 1, 2017
    Assignee: OBERTHUR TECHNOLOGIES
    Inventors: Emmanuel Prouff, Matthieu Rivain
  • Patent number: 9703944
    Abstract: Roughly described, a method of restricting access of a debug controller to debug architecture on an integrated circuit chip, the debug architecture comprising an access controller, a plurality of peripheral circuits, and a shared hub, the shared hub being accessible by the access controller and the plurality of peripheral circuits, the method comprising: at the access controller, authenticating the debug controller; at the access controller, following authentication, assigning to the debug controller a set of access rights, the set of access rights granting the debug controller partial access to the debug architecture; and after assigning the set of access rights, allowing the debug controller access to the debug architecture as allowed by the set of access rights.
    Type: Grant
    Filed: July 9, 2013
    Date of Patent: July 11, 2017
    Assignee: ULTRASOC TECHNOLOGIES LTD.
    Inventors: Andrew Brian Thomas Hopkins, Arnab Banerjee, Stephen John Barlow, Klaus Dieter McDonald-Maier
  • Patent number: 9674165
    Abstract: Various embodiments relate to a method, device, and non-transitory medium including: determining a master key value for use in secure communications with a different device, wherein the master key value is used as a master key; deriving at least one session key using the master key; generating a new master key value based on the master key; deleting the current master key value; and using the new master key value as the master key.
    Type: Grant
    Filed: May 28, 2015
    Date of Patent: June 6, 2017
    Assignee: NXP B.V.
    Inventors: Michael Michel Patrick Peeters, Rudi Verslegers, Dimitri Warnez
  • Patent number: 9673982
    Abstract: In a data communication network, Network Interface Cards (NICs) receive user data and interrupt Central Processing Units (CPUs) that then transfer buffer descriptors for the user data to Data Memory Buffers (DMBs). The DMBs receive the buffer descriptors from the CPUs and transfer the buffer descriptors to the NICs. The NICs receive the buffer descriptors and responsively transfer the user data to the DMBs. The DMBs buffer the user data. A master NIC transfers a CPU hardware-trust validation challenge to a master CPU. The master CPU hashes the validation data with its physically-embedded, hardware-trust code to generate and transfer a CPU hardware-trust validation result. The master NIC processes the CPU hardware-trust validation result to verify hardware-trust of the master CPU.
    Type: Grant
    Filed: September 16, 2015
    Date of Patent: June 6, 2017
    Assignee: Sprint Communications Company L.P.
    Inventors: Ronald R. Marquardt, Lyle Walter Paczkowski, Arun Rajagopal
  • Patent number: 9658854
    Abstract: Instructions and logic provide SIMD SM3 cryptographic hashing functionality. Some embodiments include a processor comprising: a decoder to decode instructions for a SIMD SM3 message expansion, specifying first and second source data operand sets, and an expansion extent. Processor execution units, responsive to the instruction, perform a number of SM3 message expansions, from the first and second source data operand sets, determined by the specified expansion extent and store the result into a SIMD destination register. Some embodiments also execute instructions for a SIMD SM3 hash round-slice portion of the hashing algorithm, from an intermediate hash value input, a source data set, and a round constant set. Processor execution units perform a set of SM3 hashing round iterations upon the source data set, applying the intermediate hash value input and the round constant set, and store a new hash value result in a SIMD destination register.
    Type: Grant
    Filed: September 26, 2014
    Date of Patent: May 23, 2017
    Assignee: Intel Corporation
    Inventors: Gilbert M. Wolrich, Vinodh Gopal, Sean M. Gulley, Kirk S. Yap, Wajdi K. Feghali
  • Patent number: 9653004
    Abstract: A method for downloading information into a secure non-volatile memory of a secure embedded device (SED) during a manufacturing or personalization process. The method involves communicating the information and a software program from a device to a temporary storage memory of the SED. The method also involves starting the software program provided to facilitate an initialization of a first key and to facilitate a transfer of at least a portion of the information from the temporary storage memory to the secure non-volatile memory. In response to starting, the software program, the first key is initialized and the portion of information is transformed into transformed information locally at the SED using at least one of a scramble algorithm and a cipher algorithm. Thereafter, the transformed information is written to a memory element of the secure non-volatile memory.
    Type: Grant
    Filed: October 16, 2008
    Date of Patent: May 16, 2017
    Assignee: Cypress Semiconductor Corporation
    Inventors: Arnaud Boscher, Nicolas Prawitz
  • Patent number: 9651940
    Abstract: A numerical control device for controlling a machine tool while sequentially reading out an NC program from a host computer includes an external program invoking unit configured to invoke an encrypted NC program, a communication setting information storing unit configured to store setting information for communicating with the host computer, an NC program acquisition determining unit, an encrypted NC program acquisition request transmitting unit, an encrypted NC program decrypting unit, and an NC program display prohibiting unit.
    Type: Grant
    Filed: January 22, 2015
    Date of Patent: May 16, 2017
    Assignee: FANUC Corporation
    Inventor: Shogo Inoue
  • Patent number: 9639482
    Abstract: Security of information—both code and data—stored in a computer's system memory is provided by an agent loaded into and at run time resident in a CPU cache. Memory writes from the CPU are encrypted by the agent before writing and reads into the CPU are decrypted by the agent before they reach the CPU. The cache-resident agent also optionally validates the encrypted information stored in the system memory. Support for I/O devices and cache protection from unsafe DMA of the cache by devices is also provided.
    Type: Grant
    Filed: August 6, 2015
    Date of Patent: May 2, 2017
    Assignee: Facebook, Inc.
    Inventors: Oded Horovitz, Stephen A. Weis, Carl A. Waldspurger, Sahil Rihan
  • Patent number: 9594915
    Abstract: A hardware TPM has a plurality of registers, and performs data protection by encryption of data associated with the value of one of the plurality of registers. A register number manager manages, for each application, a register number used for the data protection. During execution of an application, an application executor issues a data protection request that designates a register number preset in the application. A software TPM transfers, to the hardware TPM, the data protection request in which the register number designated in the data protection request has been replaced with the register number managed by the register number manager.
    Type: Grant
    Filed: August 5, 2013
    Date of Patent: March 14, 2017
    Assignee: Canon Kabushiki Kaisha
    Inventor: Yoshiharu Imamoto