Computer Instruction/address Encryption Patents (Class 713/190)
  • Patent number: 11188653
    Abstract: Systems and techniques are described for verifying the integrity of a computing platform. Specifically, a software image can be generated that, when executed at a computing platform, verifies integrity of the computing platform. Next, the software image can be sent to the computing platform. The computing platform can execute the software image, thereby enabling the verification of the integrity of the computing platform.
    Type: Grant
    Filed: October 15, 2019
    Date of Patent: November 30, 2021
    Inventor: Christopher Luis Hamlin
  • Patent number: 11184157
    Abstract: Protection against the obsolescence of cryptographic algorithms is provided by generating a cryptographic key pair for future use and storing the public key on a device. The cryptographic key pair supports a signature scheme that is potentially resistant to quantum computing attacks. In an embodiment, a key management server generates a set of one-time use keys sufficient to sign the anticipated number of software updates to be applied to a device. The key management server provides a public key which is stored on the device for later use. In an embodiment, an update to the device us signed with the one-time-use private key, and can be authenticated by the device using the public key. In an embodiment, the key pair supports the use of a one-time signature technique such as a Merkle signature scheme, Winternitz signature, or Lampert signature.
    Type: Grant
    Filed: June 13, 2018
    Date of Patent: November 23, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Shay Gueron, Matthew John Campagna
  • Patent number: 11169934
    Abstract: The disclosed embodiments generally relate to methods, systems and apparatuses to authenticate instructions on a memory circuitry. In an exemplary embodiment, the disclosure relates to a computing device (e.g., a memory protection engine) to protect integrity of one or more memory circuitry.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: November 9, 2021
    Assignee: INTEL CORPORATION
    Inventors: Santosh Ghosh, Kirk Yap, Siddhartha Chhabra
  • Patent number: 11170113
    Abstract: A method for testing a software application program (22) includes storing in a vulnerability database records of security vulnerabilities identified in execution of the program. Each record includes a location field containing a respective signature indicative of a location in the execution at which a corresponding security vulnerability was detected and a metadata field indicative of a respective control flow path on which the corresponding security vulnerability occurred. Upon detecting a further security vulnerability at a given location in a subsequent execution of the program, a new signature of the given location is computed and compared to the location field of the records in the database. When no record is found to match the new signature, an indication is output to a developer of the program of an occurrence of a new security vulnerability.
    Type: Grant
    Filed: January 1, 2018
    Date of Patent: November 9, 2021
    Assignee: CHECKMARX LTD.
    Inventors: Maty Siman, Alexander Roichman, Shimon Eshkenazi
  • Patent number: 11144229
    Abstract: An apparatus in one embodiment comprises at least one processing device comprising a processor coupled to a memory. The processing device is configured to identify a storage volume to be migrated from a source storage system to a target storage system, and for each of a plurality of logical addresses of the storage volume, to send a command requesting a content-based signature for the logical address to at least one of the source storage system and a host device and to receive the content-based signature in response to the command. Responsive to a first one of the received content-based signatures having a corresponding data page already stored in the target storage system, the processing device updates an associated reference count in place of requesting the corresponding data page. Responsive to a second one of the received content-based signatures not having a corresponding data page already stored in the target storage system, the processing device requests the corresponding data page.
    Type: Grant
    Filed: November 1, 2018
    Date of Patent: October 12, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Anton Kucherov, David Meiri
  • Patent number: 11126753
    Abstract: A processor chip including a memory controller, application processor and a communication processor, where the memory controller is configured to define an area of memory as secure memory, and allow only an access request with a security attribute to access the secure memory. The application processor is configured to invoke a secure application in a trusted execution environment, and write an instruction request for a secure element into the secure memory using the secure application. The communication processor is configured to read the instruction request from the secure memory in the trusted execution environment, and send the instruction request to the secure element. The application processor and the communication processor need to be in the trusted execution environment when accessing the secure memory, and access the secure memory only using the secure application.
    Type: Grant
    Filed: April 25, 2019
    Date of Patent: September 21, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Li Zhu, Zhihua Lu
  • Patent number: 11119769
    Abstract: A method for changing a processor instruction randomly, covertly, and uniquely, so that the reverse process can restore it faithfully to its original form, making it virtually impossible for a malicious user to know how the bits are changed, preventing them from using a buffer overflow attack to write code with the same processor instruction changes into said processor's memory with the goal of taking control of the processor. When the changes are reversed prior to the instruction being executed, reverting the instruction back to its original value, malicious code placed in memory will be randomly altered so that when it is executed by the processor it produces chaotic, random behavior that will not allow control of the processor to be compromised, eventually producing a processing error that will cause the processor to either shut down the software process where the code exists to reload, or reset.
    Type: Grant
    Filed: February 17, 2020
    Date of Patent: September 14, 2021
    Inventor: Forrest L. Pierson
  • Patent number: 11119905
    Abstract: An asset management system is provided which comprises one or more controllers, which operate as main servers and can be located at the headquarters of an electronic device manufacturer to remotely control their operations at any global location. The controller can communicate remotely over the Internet or other network to control one or more secondary or remote servers, herein referred to as appliances. The appliances can be situated at different manufacturing, testing or distribution sites. The controller and appliances comprise hardware security modules (HSMs) to perform sensitive and high trust computations, store sensitive information such as private keys, perform other cryptographic operations, and establish secure connections between components. The HSMs are used to create secure end-points between the controller and the appliance and between the appliance and the secure point of trust in an asset control core embedded in a device.
    Type: Grant
    Filed: July 10, 2019
    Date of Patent: September 14, 2021
    Assignee: BlackBerry Limited
    Inventors: Keelan Smith, Richard Gwynn Jones, Chinh Khac Nguyen, Thomas Rudolf Stiemerling
  • Patent number: 11113424
    Abstract: A device, system and method for installing encrypted data are provided. A device includes a processor comprising: immutable memory storing preconfigured trust anchor data; and a module storing preconfigured non-exportable data.
    Type: Grant
    Filed: May 7, 2019
    Date of Patent: September 7, 2021
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: Brian W. Pruss, Ellis A. Pinder, Thomas S. Messerges
  • Patent number: 11088842
    Abstract: In one aspect, a computer system for verifying vehicle software configuration may be provided. In some exemplary embodiments, the computer system may include a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to: (1) transmit an authentication request to a vehicle computing system including a hash algorithm specification; (2) receive, from the vehicle computing system, a current configuration hash value and a vehicle identifier; (3) retrieve a trusted data block from a memory based upon the vehicle identifier; (4) compare the current configuration hash value to a stored configuration hash value included in the trusted data block; and (5) transmit an authentication response to the vehicle computing system based upon the comparison.
    Type: Grant
    Filed: July 3, 2018
    Date of Patent: August 10, 2021
    Assignee: STATE FARM MUTUAL AUTOMOBILE INSURANCE COMPANY
    Inventors: Matthew Lewis Floyd, Leroy Luther Smith, Jr., Brittney Benzio, Nathan Barnard, Shannon Marie Lowry
  • Patent number: 11089000
    Abstract: A method, system, and program product for generating an automated source code log statement is provided. The method includes retrieving source code of a software application and associating logs and associated semantics with the source code. The source code is parsed and analyzed and log statements are generated. Attributes within the source code are identified. The log statements are inserted into the source code with respect to a specified source code level of the source code and the source code comprising the log statements is presented to a developer. A command for modifying the logs is received. In response, the logs are modified resulting in modified logs. The source code comprising the log statements and modified logs is executed.
    Type: Grant
    Filed: February 11, 2020
    Date of Patent: August 10, 2021
    Assignee: International Business Machines Corporation
    Inventors: Thangadurai Muthusamy, Pietro Iannucci, Saravanan Devendran, Obuliraj Selvaraj
  • Patent number: 11089016
    Abstract: Disclosed is a secure semiconductor chip. The semiconductor chip is, for example, a system-on-chip. The system-on-chip is operated by connecting normal IPs to a processor core included therein via a system bus. A secure bus, which is a hidden bus physically separated from the system bus, is separately provided. Security IPs for performing a security function or handling security data are connected to the secure bus. The secure semiconductor chip can perform required authentication while shifting between a normal mode and a secure mode.
    Type: Grant
    Filed: February 13, 2017
    Date of Patent: August 10, 2021
    Assignee: INDUSTRY-UNIVERSITY COOPERATION FOUNDATION HANYANG UNIVERSITY
    Inventors: Dong Kyue Kim, Ji-Hoon Kim
  • Patent number: 11080222
    Abstract: An optical electromagnetic radiation (EM) emitter and receiver are located upon a printed circuit board (PCB) glass security layer. A predetermined reference flux or interference pattern, respectively, is an expected flux or reflection pattern of EM emitted from the EM emitter, transmitted by the glass security layer, and received by the EM receiver. When the PCB is subject to an unauthorized access thereof the optical EM transmitted by glass security layer is altered. An optical monitoring device that monitors the flux or interference pattern of the optical EM received by the EM receiver detects a change in flux or interference pattern, in relation to the reference flux or reference interference pattern, respectively, and passes a tamper signal to one or more computer system devices to respond to the unauthorized access. For example, one or more cryptographic adapter card or computer system functions or secured crypto components may be disabled.
    Type: Grant
    Filed: January 4, 2018
    Date of Patent: August 3, 2021
    Assignee: International Business Machines Corporation
    Inventors: Gerald K. Bartley, Darryl J. Becker, Matthew S. Doyle, Mark J. Jeanson, Mark O. Maxson
  • Patent number: 11074168
    Abstract: Disclosed herein are techniques for analyzing control-flow integrity based on functional line-of-code behavior and relation models. Techniques include receiving data based on runtime operations of a controller; constructing a line-of-code behavior and relation model representing execution of functions on the controller based on the received data; constructing, based on the line-of-code behavioral and relation model, a dynamic control flow integrity model configured for the controller to enforce in real-time; and deploying the dynamic control flow integrity model to the controller.
    Type: Grant
    Filed: November 11, 2020
    Date of Patent: July 27, 2021
    Assignee: Aurora Labs Ltd.
    Inventors: Zohar Fox, Carmit Sahar
  • Patent number: 11055236
    Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: July 6, 2021
    Assignee: Intel Corporation
    Inventors: Carlos V. Rozas, Mona Vij, Rebekah M. Leslie-Hurd, Krystof C. Zmudzinski, Somnath Chakrabarti, Francis X. Mckeen, Vincent R. Scarlata, Simon P. Johnson, Ilya Alexandrovich, Gilbert Neiger, Vedvyas Shanbhogue, Ittai Anati
  • Patent number: 11055229
    Abstract: A memory system includes a memory device including a plurality of memory cells, and a memory controller configured to control the memory device. The memory controller includes a random number generator configured to generate a random number based on read data from the memory device, and an address translation module configured to generate a key based on the random number and to translate a first address into a second address by performing a calculation on the first address and the key.
    Type: Grant
    Filed: June 20, 2019
    Date of Patent: July 6, 2021
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventor: Eun Chu Oh
  • Patent number: 11048590
    Abstract: Servicing I/O operations in a cloud-based storage system, including: receiving, by the cloud-based storage system, a request to write data to the cloud-based storage system; storing, in solid-state storage of the cloud-based storage system, the data; storing, in object storage of the cloud-based storage system, the data; detecting that at least some portion of the solid-state storage of the cloud-based storage system has become unavailable; identifying data that was stored in the portion of the solid-state storage of the cloud-based storage system that has become unavailable; retrieving, from object storage of the cloud-based storage system, the data that was stored in the portion of the solid-state storage of the cloud-based storage system that has become unavailable; and storing, in solid-state storage of the cloud-based storage system, the retrieved data.
    Type: Grant
    Filed: July 30, 2019
    Date of Patent: June 29, 2021
    Assignee: Pure Storage, Inc.
    Inventors: Constantine Sapuntzakis, Naveen Neelakantam, Ronald Karr
  • Patent number: 11030296
    Abstract: A first request to log in to a suspended account is received. The first request includes an operation code. A determination is made that the operation code satisfies a predetermined condition. In response to the determination, the suspended account is obtained based on the operation code and the suspended account is logged in to.
    Type: Grant
    Filed: December 14, 2017
    Date of Patent: June 8, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Jianbo Qian
  • Patent number: 11032107
    Abstract: A network node may receive a packet having an inner internet protocol (IP) header and an outer IP header. The inner IP header may be encrypted. The network node may generate a copy of the packet to obtain a copied packet. The network node may perform decryption on one of the packet or the copied packet to identify a recipient address of the inner IP header. The network node may update the outer IP header of the other of the packet or the copied packet to obtain an updated packet with an updated outer IP header. A destination address of the updated outer IP header may be updated to a tunnel endpoint of a receiving network node that is associated with the recipient address. The network node may route the updated packet according to the updated outer IP header.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: June 8, 2021
    Assignee: Juniper Networks, Inc.
    Inventors: Goutham Kondapavuluru, Vijay Sai Ram Paruchuri
  • Patent number: 11023391
    Abstract: Disclosed are an apparatus for data processing, an artificial intelligence chip, and an electronic device. The apparatus for data processing includes: at least one input memory, at least one data conveying component, at least one multiplexed arbitration component, and at least one output memory. The input memory is connected to the data conveying component, the data conveying component is connected to the multiplexed arbitration component, and the multiplexed arbitration component is connected to the output memory.
    Type: Grant
    Filed: July 9, 2019
    Date of Patent: June 1, 2021
    Assignee: Beijing Baidu Netcom Science and Technology Co., Ltd.
    Inventors: Peng Wu, Jian Ouyang, Canghai Gu, Wei Qi, Ningyi Xu
  • Patent number: 11017125
    Abstract: Novel methods of virtualization with unique virtual architectures on field-programmable gate arrays (FPGAs) are provided. A hardware security method can include providing one or more field-programmable gate arrays (FPGAs), and creating an application specialized virtual architecture (or overlay) over the one or more FPGAs (for example, by providing an overlay generator). Unique bitfiles that configure the overlays implemented on the FPGAs can be provided for each deployed FPGA. The application specialized virtual architecture can be constructed using application code, or functions from a domain, to create an overlay represented by one or more hardware description languages (e.g., VHDL).
    Type: Grant
    Filed: December 12, 2017
    Date of Patent: May 25, 2021
    Assignee: UNIVERSITY OF FLORIDA RESEARCH FOUNDATION, INCORPORATED
    Inventors: Greg M. Stitt, Kai Yang, Swarup Bhunia, Robert A. Karam
  • Patent number: 11018993
    Abstract: Some embodiments provide a method for a first data compute node (DCN) operating in a public datacenter. The method receives an encryption rule from a centralized network controller. The method determines that the network encryption rule requires encryption of packets between second and third DCNs operating in the public datacenter. The method requests a first key from a secure key storage. Upon receipt of the first key, the method uses the first key and additional parameters to generate second and third keys. The method distributes the second key to the second DCN and the third key to the third DCN in the public datacenter.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: May 25, 2021
    Assignee: NICIRA, INC.
    Inventors: Ganesan Chandrashekhar, Mukesh Hira, Sanal Pillai
  • Patent number: 11010465
    Abstract: Systems and methods for improving security in computer-based authentication systems by using physical unclonable functions are presented. A computing device used to provide authentication includes an array of physical unclonable function devices. Rather than storing user passwords or message digests of passwords, the computing device generates a message digest based on a combination of a user ID and corresponding password. This message digest forms part of challenge (together with instructions for responding to the challenge). A challenge response generated by measuring physical parameters of set of physical unclonable function devices specified by the message digest. This allows the computing device to provide authentication without storing information which could be used by an attacker to compromise user credentials.
    Type: Grant
    Filed: May 17, 2019
    Date of Patent: May 18, 2021
    Assignee: Arizona Board of Regents on Behalf of Northern Arizona University
    Inventor: Bertrand F Cambou
  • Patent number: 10999057
    Abstract: A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.
    Type: Grant
    Filed: December 20, 2019
    Date of Patent: May 4, 2021
    Assignee: Cryptography Research, Inc.
    Inventors: Michael A. Hamburg, Megan Anneke Wachs
  • Patent number: 10963398
    Abstract: The present disclosure is related to a virtual register file. Source code can be compiled to include references to a virtual register file for data subject to a logical operation. The references can be dereferenced at runtime to obtain physical addresses of memory device elements according to the virtual register file. The logical operation can be performed in the memory device on data stored in the memory device elements.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: March 30, 2021
    Assignee: Micron Technology, Inc.
    Inventors: John D. Leidel, Geoffrey C. Rogers
  • Patent number: 10963583
    Abstract: Disclosed embodiments relate to systems and methods for dynamically identifying potential file system privilege escalation and manipulation vulnerabilities. Techniques include monitoring a file system of a computing system; detecting a privileged file operation involving the file system; determining that a target of the path is writable by a non-privileged identity; and determining whether the target of the path is a dynamic link library. If the target of the path is a dynamic link library, techniques may further include creating a semi-malicious dynamic link library. If the target of the path is not a dynamic link library, techniques may further include creating an object manager symbolic link in a protected file.
    Type: Grant
    Filed: June 4, 2020
    Date of Patent: March 30, 2021
    Assignee: CyberArk Software Ltd.
    Inventor: Eran Shimony
  • Patent number: 10958650
    Abstract: This application discloses a data processing method, system, and apparatus, a storage medium, and a device, and belongs to the field of database technologies. The method includes receiving, a trigger request; triggering, according to the trigger request, the first cloud encryptor to store a root key seed, an operating policy, a data key seed, and a data key identifier, and triggering the database proxy to store an encryption data dictionary, the operating policy indicating an operation policy of the first cloud encryptor. The method further includes receiving a data processing request from the client; sending first data that the data processing request requests to process and the data key identifier in the encryption data dictionary to the first cloud encryptor. The method further includes implementing the operating policy, processing the first data, and responding to the data processing request by using the second data.
    Type: Grant
    Filed: July 5, 2019
    Date of Patent: March 23, 2021
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Hongfei Zhou
  • Patent number: 10951415
    Abstract: Zero round trip secure communications is implemented based on noisy secrets with a polynomial secret sharing scheme. A sender identifies two negotiated noisy secrets associated with an encrypted message to send to a receiver system. The sender utilizes a first negotiated noisy secret for sub-key selection, and generates a secret polynomial using Shamir's polynomial-based secret sharing scheme with N positive integer points and a message key as a secret. The sender divides the first negotiated noisy secret into a plurality of sub-keys, and divides a second negotiated noisy secret into test blocks of a length equivalent to a length of a sub-key. The sender utilizes each of the plurality sub-keys for encrypting a corresponding test block along with one unique point of the secret polynomial. Moreover, the sender sends all encrypted test blocks and corresponding encrypted points of the secret polynomial to the receiver with the encrypted message.
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: March 16, 2021
    Assignee: DIGITAL 14 LLC
    Inventors: Serguei Velikevitch, Alexander Sherkin
  • Patent number: 10944734
    Abstract: Embodiments herein describe segmenting a Wi-Fi network into different groups. The embodiments herein assign a user, a client device, or a traffic flow originating from a client device to a group. For example, all the client devices for a particular user can be assigned to the same group tag, or each traffic flow in the client device may be assigned to different groups. Each group corresponds to a group key which can be transmitted to the client device when the device associates to an access point (AP). As such, within the same service set identifier (SSID), there can be multiple groups, and thus, client devices can use different group keys to communicate with other client devices associated to the same SSID. Put differently, rather than all devices connected the same SSID being assigned to the same group, the client devices can be assigned in different groups.
    Type: Grant
    Filed: August 17, 2018
    Date of Patent: March 9, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Stephen M. Orr, Aaron T. Woland, Jerome Henry
  • Patent number: 10936761
    Abstract: An anti-theft protection disablement solution is provided to authorized users and authorized customer service representatives. An anti-theft protection disablement request message from a recovery application on a user device may be received via a cloud messaging service or a binary messaging service. In turn, an anti-theft protection disablement message may be transmitted to the user device via the cloud messaging service or the binary messaging service when the anti-theft protection disablement request message is authenticated. The anti-theft protection disablement message may disable an anti-theft protection function on the user device that calls for an input of an anti-theft protection authentication credential for a factory reset of the user device.
    Type: Grant
    Filed: July 29, 2020
    Date of Patent: March 2, 2021
    Assignee: T-Mobile USA, Inc.
    Inventors: Senthil Kumar Mulluppadi Velusamy, Kevin Lau
  • Patent number: 10929262
    Abstract: A programmable electronic computer embedded in an avionics environment on board an aircraft for implementing at least one critical function and associated electronic device, method and computer program are disclosed. In one aspect, the electronic computer includes at least one control module configured to implement a respective critical function and configured to deliver at least one output data item associated with the critical function, and at least one monitoring module of a control module of another electronic computer. Each monitoring module configured to implement the same respective critical function as the one implemented by the monitored control module.
    Type: Grant
    Filed: December 19, 2018
    Date of Patent: February 23, 2021
    Assignee: Thales
    Inventors: Joël Bosson, Frederick Clement, Patrick Cadotte, Marc Fumey, Jean-Christophe Reculeau
  • Patent number: 10902308
    Abstract: A device comprising a physical support and an electronic chip supported by the support and comprising a memory module and a processor configured to implement a computer program configured to produce a result from data. The device further comprises a display module configured to display the result and a radio antenna configured to receive at least one electromagnetic signal configured to electrically supply the display module. The data comprises at least one item of static data, stored in a non-transient memory and an item of dynamic data, circulating in a transient memory. The dynamic data is received by the device through the at least one electromagnetic signal and the at least one electromagnetic signal is received by the device from at least one communication device.
    Type: Grant
    Filed: May 19, 2017
    Date of Patent: January 26, 2021
    Assignee: PARAGON ID
    Inventors: Claude Gire, Olivier Parrault, Guillaume Brandin, Eric Gerbault, Julien Zuccarelli, Gilles Martinez, Fabien Guichon
  • Patent number: 10904581
    Abstract: A method for decoding a video according to the present invention may comprise: determining whether to divide a current block with quad tree partitioning, and dividing the current block into four partitions based on a vertical line and a horizontal line when it is determined that the current block is divided with the quad tree partitioning.
    Type: Grant
    Filed: November 8, 2017
    Date of Patent: January 26, 2021
    Assignee: KT CORPORATION
    Inventor: Bae Keun Lee
  • Patent number: 10891380
    Abstract: Methods, systems, and media for determining application permissions are provided. In some embodiments, the method comprises: receiving a description of an application to be installed on a user device and a group of permissions required by the application; identifying a subset of words in the description of the application; determining an expected group of permissions based on the subset of words; comparing the group of permissions required by the application and the expected group of permissions; determining a privacy score associated with the application based on the comparison of the group of permissions required by the application and the expected group of permissions; and causing the application to be installed on the user device based on the privacy score associated with the application.
    Type: Grant
    Filed: March 20, 2018
    Date of Patent: January 12, 2021
    Assignee: McAfee, LLC
    Inventors: Rahul Deshpande, Ameya Sanzgiri
  • Patent number: 10892891
    Abstract: Zero round trip secure communications is implemented based on two noisy secrets. A sender system: calculates a required number of sub-keys to have at least one noiseless sub-key; for each first negotiated secret sub-key, uses the sub-key to encrypt a first half of a message key and test bytes, and adds the encrypted first half of the message key and the encrypted test bytes to the encrypted message; for each second negotiated secret sub-key, uses the sub-key to encrypt a second half of the message key and the test bytes, and adds the encrypted second half of the message key and the encrypted test bytes to the encrypted message; and sends the encrypted message, message MAC information, encrypted first halves of the message key with associated encrypted test bytes, and encrypted second halves of the message key with associated encrypted test bytes to a receiver.
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: January 12, 2021
    Assignee: DIGITAL 14 LLC
    Inventors: Serguei Velikevitch, Alexander Sherkin
  • Patent number: 10891369
    Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.
    Type: Grant
    Filed: October 25, 2019
    Date of Patent: January 12, 2021
    Assignee: Apple Inc.
    Inventors: Bernard J. Semeria, Devon S. Andrade, Jeremy C. Andrus, Ahmed Bougacha, Peter Cooper, Jacques Fortier, Louis G. Gerbarg, James H. Grosbach, Robert J. McCall, Daniel A. Steffen, Justin R. Unger
  • Patent number: 10885541
    Abstract: A method of payment using rewards points includes receiving authentication data and a payment amount from a customer's mobile device, determining an amount of rewards points available to fund the payment amount in a rewards account associated with the customer, and sending selectable payment options to the mobile device. The selectable payment options include an option to redeem a portion of the rewards points amount to fund a portion of the payment amount. The method also includes receiving a customer selection of at least one of the selectable payment options from the mobile device and sending a form of payment for the payment amount from the account management system at the mobile device. The form of payment is configured for presentation to a point of sale device.
    Type: Grant
    Filed: July 30, 2015
    Date of Patent: January 5, 2021
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Peter Ho
  • Patent number: 10878099
    Abstract: Anti-fault injection systems and methods are disclosed. An anti-fault injection system includes a processor; a boot ROM configured to store a series of boot instructions executable by the processor; and anti-fault injection controller circuitry. The anti-fault injection controller circuitry is accessible to the processor while the processor is executing the boot instructions. The anti-fault injection controller circuitry includes interrupt/reset circuitry configured to interrupt the processor in response to a trigger and secure boot circuitry. The secure boot circuitry is configured to, in response to being accessed by the processor: determine whether the processor is executing non-secure boot instructions in error; and in response to detecting that the processor is executing non-secure boot instructions in error, provide the trigger to the interrupt/reset circuitry.
    Type: Grant
    Filed: November 28, 2017
    Date of Patent: December 29, 2020
    Assignee: MaxLinear, Inc.
    Inventors: Qiming Wu, Jiaxiang Shi
  • Patent number: 10878101
    Abstract: The concepts, systems and methods described herein are directed towards a method running on a security device. The method is provided to including: executing a first secure boot code from a first memory by one of a plurality of cores of a processor, wherein the plurality of cores runs in a secure world; executing a first-stage boot loader (FSBL) from a second memory; executing a security monitoring application to validate the security device; in response to the security device being validated, switching some of the plurality of cores from the secure world to a normal world, wherein at least one of the plurality of cores remains in the secure world to communicate with the security monitoring application; executing a second-stage boot loader (SSBL); and monitoring, via the security monitoring application, status of the security device and communications between the security device and at least one external system.
    Type: Grant
    Filed: December 10, 2018
    Date of Patent: December 29, 2020
    Assignee: Raytheon Company
    Inventors: Matthew C. Areno, John C. Hoffman, Trevor B. Hird, Eric P. Egalite, Nathan T. Palmer
  • Patent number: 10853047
    Abstract: A method for virtualizing of software applications. The method comprises initializing a virtual environment created by a virtual engine executed over a computer; creating a new data file; launching an installation process of a software application to be virtualized, wherein the installation process runs in the virtual environment; during the installation process, capturing data writes to a file system of the computer's operating system; and saving the data writes to the new data file.
    Type: Grant
    Filed: February 22, 2019
    Date of Patent: December 1, 2020
    Assignee: BlackBerry Limited
    Inventors: Netzer Shlomai, Yoram Gabay
  • Patent number: 10853494
    Abstract: An example method of authenticating software executing in a computer system includes verifying first software executing on the computer system, the software including a hypervisor, verifying second software executing in a virtual machine (VM) managed by the hypervisor, generating a binding key having public and private portions, signing an object to identifies the VM using the private portion of the binding key, and verifying a signature of the object using a public portion of the binding key.
    Type: Grant
    Filed: July 23, 2018
    Date of Patent: December 1, 2020
    Assignee: VMware, Inc.
    Inventors: Samyuktha Subramanian, Daniel Muller, Mukund Gunti, Adrian Drzewiecki
  • Patent number: 10846423
    Abstract: A method is provided for generating an encrypted database. The method includes: receiving a plaintext database having plaintext data entries therein; and generating an encrypted database using the plaintext database, the encrypted database including encrypted data entries therein. The encrypted database is configured to support at least one form of conditional query such that the at least one form of conditional query returns a correct encrypted result when the query is computed on the encrypted data entries without the decryption thereof.
    Type: Grant
    Filed: August 11, 2017
    Date of Patent: November 24, 2020
    Assignee: Palo Alto Research Center Incorporated
    Inventors: Shantanu Rane, Vincent Bindschaedler, Alejandro E. Brito, Ersin Uzun, Vanishree Rao
  • Patent number: 10783240
    Abstract: A secure engine method includes providing an embedded microcontroller in an embedded device, the embedded microcontroller having internal memory. The method also includes providing a secure environment in the internal memory. The secure environment method recognizes a boot sequence and restricts user-level access to the secure environment by taking control over the secure environment memory. Taking such control may include disabling DMA controllers, configuring at least one memory controller for access to the secure environment, preventing the execution of instructions fetched from outside the secure environment, and only permitting execution of instructions fetched from within the secure environment. Secure engine program instructions are then executed to disable interrupts, perform at least one secure operation, and re-enable interrupts after performing the at least one secure operation.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: September 22, 2020
    Assignee: STMICROELECTRONICS, INC.
    Inventors: Maurizio Gentili, Massimo Panzica
  • Patent number: 10778425
    Abstract: Instructions and logic provide for a Single Instruction Multiple Data (SIMD) SM4 round slice operation. Embodiments of an instruction specify a first and a second source data operand set, and substitution function indicators, e.g. in an immediate operand. Embodiments of a processor may include encryption units, responsive to the first instruction, to: perform a slice of SM4-round exchanges on a portion of the first source data operand set with a corresponding keys from the second source data operand set in response to a substitution function indicator that indicates a first substitution function, perform a slice of SM4 key generations using another portion of the first source data operand set with corresponding constants from the second source data operand set in response to a substitution function indicator that indicates a second substitution function, and store a set of result elements of the first instruction in a SIMD destination register.
    Type: Grant
    Filed: December 17, 2018
    Date of Patent: September 15, 2020
    Assignee: Intel Corporation
    Inventors: Sean M. Gulley, Gilbert M. Wolrich, Vinodh Gopal, Kirk S. Yap, Wajdi K. Feghali
  • Patent number: 10762199
    Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.
    Type: Grant
    Filed: May 9, 2018
    Date of Patent: September 1, 2020
    Assignee: International Business Machines Corporation
    Inventors: Ayman Jarrous, Dov Murik, Omer-Yehuda Boehm, Nitzan Peleg
  • Patent number: 10725845
    Abstract: A method of operating a memory system includes setting a secured area in a volatile memory device of the memory system during a secure mode, writing secure data in the secured area during the secure mode, and when a write command for the secured area is inputted in a normal operation mode, preventing a write operation from occurring and generating an error signal. Accordingly, the secured area is set in the volatile memory device so that the hacking and the data forgery may be prevented.
    Type: Grant
    Filed: August 22, 2017
    Date of Patent: July 28, 2020
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Kyu-Dong Lee, Baek-Kyu Choi, Ji-Won Kim
  • Patent number: 10708247
    Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: July 7, 2020
    Assignee: Intel Corporation
    Inventors: Kapil Sood, Seosamh O'Riordain, Ned M. Smith, Tarun Viswanathan
  • Patent number: 10699006
    Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, an internal cache hash table stored in the TEE to determine whether the data are included in the internal cache hash table; and in response to determining that the data is included in the internal cache hash table, executing, by the virtual machine, the one or more software instructions by retrieving the data from the internal cache hash table.
    Type: Grant
    Filed: October 31, 2019
    Date of Patent: June 30, 2020
    Assignee: Alibaba Group Holding Limited
    Inventors: Changzheng Wei, Ying Yan, Boran Zhao, Xuyang Song, Huabing Du
  • Patent number: 10691813
    Abstract: Various embodiments are generally directed to techniques for enclave confidentiality management, such as for protecting cross enclave confidentiality on servers, for instance. Some embodiments are particularly directed to a computing platform including hardware and/or instruction set architecture (ISA) extensions that ensure enclaves cannot access confidential data of other enclaves. For example, key programming ISA extensions and/or hardware changes to the page miss handler (PMH) may ensure that the key uniquely associated with an enclave is used for its memory accesses.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: June 23, 2020
    Assignee: INTEL CORPORATION
    Inventors: Siddhartha Chhabra, David M. Durham
  • Patent number: 10684997
    Abstract: Non-limiting examples of the present disclosure describe processing operations that achieve file consistency in the presence of a large-scale collaboration service. A mismatch may be determined between hash values associated with two or more versions of a file that is associated with a tenant of a productivity service. Version vector data for different versions of the file may be evaluated. Version vector data may comprise: a session value indicating a session of the productivity service and a version value that indicates a number of changes made by the tenant during the session. A synchronization determination is generated based on an evaluation of the version vector data for the different versions of the file.
    Type: Grant
    Filed: October 24, 2017
    Date of Patent: June 16, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tai The Do, Vijayalakshmi Ramkumar, Eric O'Brien, Apeksha Godiyal, Alexandre Grigorovitch, Yisheng Chen