Computer Instruction/address Encryption Patents (Class 713/190)
  • Patent number: 10725845
    Abstract: A method of operating a memory system includes setting a secured area in a volatile memory device of the memory system during a secure mode, writing secure data in the secured area during the secure mode, and when a write command for the secured area is inputted in a normal operation mode, preventing a write operation from occurring and generating an error signal. Accordingly, the secured area is set in the volatile memory device so that the hacking and the data forgery may be prevented.
    Type: Grant
    Filed: August 22, 2017
    Date of Patent: July 28, 2020
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Kyu-Dong Lee, Baek-Kyu Choi, Ji-Won Kim
  • Patent number: 10708247
    Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: July 7, 2020
    Assignee: Intel Corporation
    Inventors: Kapil Sood, Seosamh O'Riordain, Ned M. Smith, Tarun Viswanathan
  • Patent number: 10699006
    Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, an internal cache hash table stored in the TEE to determine whether the data are included in the internal cache hash table; and in response to determining that the data is included in the internal cache hash table, executing, by the virtual machine, the one or more software instructions by retrieving the data from the internal cache hash table.
    Type: Grant
    Filed: October 31, 2019
    Date of Patent: June 30, 2020
    Assignee: Alibaba Group Holding Limited
    Inventors: Changzheng Wei, Ying Yan, Boran Zhao, Xuyang Song, Huabing Du
  • Patent number: 10691813
    Abstract: Various embodiments are generally directed to techniques for enclave confidentiality management, such as for protecting cross enclave confidentiality on servers, for instance. Some embodiments are particularly directed to a computing platform including hardware and/or instruction set architecture (ISA) extensions that ensure enclaves cannot access confidential data of other enclaves. For example, key programming ISA extensions and/or hardware changes to the page miss handler (PMH) may ensure that the key uniquely associated with an enclave is used for its memory accesses.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: June 23, 2020
    Assignee: INTEL CORPORATION
    Inventors: Siddhartha Chhabra, David M. Durham
  • Patent number: 10684997
    Abstract: Non-limiting examples of the present disclosure describe processing operations that achieve file consistency in the presence of a large-scale collaboration service. A mismatch may be determined between hash values associated with two or more versions of a file that is associated with a tenant of a productivity service. Version vector data for different versions of the file may be evaluated. Version vector data may comprise: a session value indicating a session of the productivity service and a version value that indicates a number of changes made by the tenant during the session. A synchronization determination is generated based on an evaluation of the version vector data for the different versions of the file.
    Type: Grant
    Filed: October 24, 2017
    Date of Patent: June 16, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tai The Do, Vijayalakshmi Ramkumar, Eric O'Brien, Apeksha Godiyal, Alexandre Grigorovitch, Yisheng Chen
  • Patent number: 10664591
    Abstract: The disclosed technology is generally directed to secure transactions. In one example of the technology, an enclave pool is formed. The enclave pool may include a plurality of enclaves that are secure execution environments. In some examples, forming the enclave pool includes registering the enclaves of the enclave pool. A request to allocate an enclave from the enclave pool may be received. An enclave may be fetched from the enclave pool responsive to the request to assign the enclave. Cryptlet code is executed in the fetched enclave such that a payload is generated in the enclave. The payload can be digitally signed and/or encrypted by the cryptlet, and can also be digitally signed by the enclave. The fetched enclave may be deallocated.
    Type: Grant
    Filed: May 11, 2017
    Date of Patent: May 26, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: John Marley Gray
  • Patent number: 10652216
    Abstract: The present invention provides methods for executing a private computer program on untrusted computers. The present invention also provides for products produced by the methods of the present invention and for apparatuses used to perform the methods of the present invention.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: May 12, 2020
    Assignee: Baffle, Inc.
    Inventors: Ashmeet Sidana, Priyadarshan Kolte, Calvin Lin
  • Patent number: 10649911
    Abstract: Embodiment of this disclosure provide techniques to support full memory paging between different trust domains (TDs) in compute system without losing any of the security properties, such as tamper resistant/detection and confidentiality, on a per TD basis. In one embodiment, a processing device including a memory controller and a memory paging circuit operatively coupled to the memory controller is provided. The memory paging circuit is to evict a memory page associated with a trust domain (TD) executed by the processing device. A binding of the memory page to a first memory location of the TD is removed. A transportable page that includes encrypted contents of the memory page is created. Thereupon, the memory page is provided to a second memory location.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: May 12, 2020
    Assignee: Intel Corporation
    Inventors: Hormuzd M. Khosravi, Baiju Patel, Ravi Sahita, Barry Huntley
  • Patent number: 10642972
    Abstract: Methods and apparatus for extending packet processing to trusted programmable and fixed-function accelerators. Secure enclaves are created in system memory of a compute platform, wherein software code external from a secure enclave cannot access code or data within a secure enclave, and software code in a secure enclave can access code and data both within the secure enclave and external to the secure enclave. Software code for implementing packet processing operations is installed in the secure enclaves. The compute platform further includes one or more hardware-based accelerators that are used by the software to offload packet processing operations. The accelerators are configured to read packet data from input queues, process the data, and output processed data to output queues, wherein the input and output queues are located in encrypted portions of memory that may be in a secure enclave or external to the secure enclaves.
    Type: Grant
    Filed: October 20, 2016
    Date of Patent: May 5, 2020
    Assignee: Intel Corporation
    Inventors: Kapil Sood, Somnath Chakrabarti, Wei Shen, Carlos V. Rozas, Mona Vij, Vincent R. Scarlata
  • Patent number: 10628315
    Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processing core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: April 21, 2020
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Krystof C. Zmudzinski, Carlos V. Rozas, Francis X. McKeen, Raghunandan Makaram, Ilya Alexandrovich, Ittai Anati, Meltem Ozsoy
  • Patent number: 10630462
    Abstract: A method for implementing a pseudo-random function (PRF) using a white-box implementation of a cryptographic function in N rounds, including: receiving an input to the PRF; receiving a cryptographic key in a first round; encrypting, using the white-box implementation of the cryptographic function and the cryptographic key, an input message that is one of M possible input messages based upon a portion of the input to produce a first output; for each succeeding round: encrypting, using the white-box implementation of the cryptographic function and an ith cryptographic key, further input messages that are one of M possible input messages based upon a further portion of the input to produce an ith output, wherein the ith cryptographic key is the output from the preceding round, wherein the white-box implementation of the cryptographic function only produces a correct output for the M possible input messages and produces an incorrect output for input messages that are not one of the M possible input messages.
    Type: Grant
    Filed: October 27, 2017
    Date of Patent: April 21, 2020
    Assignee: NXP B.V.
    Inventors: Wilhelmus Petrus Adrianus Johannus Michiels, Marcel Medwed, Jan Hoogerbrugge, Ventzislav Nikov, Bruce Murray, Joppe Willem Bos
  • Patent number: 10615976
    Abstract: A method includes generating a root key pair including a public key and a private key, generating metadata for keys associated with a tenant, wherein the metadata includes a key tag, a key version, and a tenant identifier, deriving a tenant key from the root key pair and the metadata, and outputting the tenant key.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: April 7, 2020
    Assignee: SAP SE
    Inventors: Xun Sun, Yu Wu, Xiaoxiao Gu
  • Patent number: 10606764
    Abstract: A field programmable gate array (FPGA) including a root of trust architecture. The architecture includes a system controller providing system control commands for the architecture and a cryptography processor for performing a hash or key operation for authentication of controller-embedded software and attestation of correct firmware in external system resources. The architecture also includes a lock-step fault-tolerant processor being responsive to messages from the system controller, and including a plurality of soft lock-step cores. Each soft core including separate memory and resources and operating on the same input, where each soft core provides output messages that are analyzed by a logic in the fault-tolerant processor that selects one of the messages to be output to the cryptography processor.
    Type: Grant
    Filed: October 2, 2017
    Date of Patent: March 31, 2020
    Assignee: Northrop Grumman Systems Corporation
    Inventors: Gregory D. Kravit, Kenneth R. Weidele, Kenneth F. McKinney
  • Patent number: 10592245
    Abstract: Instructions and logic provide SIMD SM3 cryptographic hashing functionality. Some embodiments include a processor comprising: a decoder to decode instructions for a SIMD SM3 message expansion, specifying first and second source data operand sets, and an expansion extent. Processor execution units, responsive to the instruction, perform a number of SM3 message expansions, from the first and second source data operand sets, determined by the specified expansion extent and store the result into a SIMD destination register. Some embodiments also execute instructions for a SIMD SM3 hash round-slice portion of the hashing algorithm, from an intermediate hash value input, a source data set, and a round constant set. Processor execution units perform a set of SM3 hashing round iterations upon the source data set, applying the intermediate hash value input and the round constant set, and store a new hash value result in a SIMD destination register.
    Type: Grant
    Filed: May 19, 2017
    Date of Patent: March 17, 2020
    Assignee: Intel Corporation
    Inventors: Gilbert M. Wolrich, Vinodh Gopal, Sean M. Gulley, Kirk S. Yap, Wajdi K. Feghali
  • Patent number: 10587641
    Abstract: Example embodiments disclosed herein relate to generating a point-wise protection based on dynamic security analysis. Vulnerability solution recommendation are provided based on the dynamic security analysis. A point-wise protection is generated based on a selection of the vulnerability solution recommendation.
    Type: Grant
    Filed: May 20, 2014
    Date of Patent: March 10, 2020
    Assignee: MICRO FOCUS LLC
    Inventors: Matias Madou, Ronald Joseph Sechman, Sam Ng Ming Sum
  • Patent number: 10579806
    Abstract: Present disclosure provides the system and method for protecting the control-flow of a computer program against manipulation and leak of code pointers during program execution. The system includes a memory that a computer program is loaded onto and a processor which executes the computer program for protecting the control-flow of a program against manipulation and leak of code pointers during program execution. The method includes providing a shadow stack for each process and thread of the computer program in a thread local storage (TLS). Each code pointer is encrypted with the corresponding encryption key, the pair with a global key is encrypted, and reencryption of the code pointer at runtime is performed.
    Type: Grant
    Filed: August 27, 2019
    Date of Patent: March 3, 2020
    Assignee: Zeus SW Defender, LLC
    Inventors: Changwoo Pyo, Hyungyu Lee, Gyungho Lee
  • Patent number: 10565391
    Abstract: Computer systems, devices, and associated methods of evaluating an expression comprising restricted data are disclosed herein. In one embodiment, a method includes receiving a database statement from a client application and verifying the authenticity of the database statement. If the database statement is authentic, an approved expression is identified in the database statement for creating an evaluation rule. The method further includes restricting evaluation of expressions in a protected computing environment according to the created evaluation rule.
    Type: Grant
    Filed: June 2, 2017
    Date of Patent: February 18, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Raghav Kaushik, Aditya Nigam, Arvind Arasu, Donald Alan Kossmann, Kenneth Eguro, Nikhil Vithlani, Panagiotis Antonopoulos, Ravi Ramamurthy
  • Patent number: 10540506
    Abstract: Techniques for field-programmable gate array (FPGA) virtualization are described herein. In one or more implementations, an FPGA virtualization manager of a host device receives a request from a virtual machine for a device, such as for a compression engine. The FPGA virtualization manager identifies an FPGA program associated with the request and configured to program FPGAs of the host as the requested device. The FPGA virtualization manager also checks the FPGA program against security policies of the host to determine whether to allow the FPGA program to program the FPGAs. If the programming is allowed, the FPGA virtualization manager allocates at least a portion of the FPGAs to the requested device and loads the FPGA program to program the allocated portion of FPGAs. The FPGA virtualization manager generates a virtual device to furnish the functionality of the programmed device to the requesting virtual machine.
    Type: Grant
    Filed: January 12, 2017
    Date of Patent: January 21, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventor: Hadden Mark Hoppert
  • Patent number: 10540193
    Abstract: A microservice infrastructure that securely maintains the currency of computing platform microservices implemented within a process virtual machine is provided. The computing platform microservices maintained by the infrastructure may include protected methods that provide and control access to components of the underlying computing environment. These components may include, for example, storage devices, peripherals, and network interfaces. By providing a software-defined microservice layer between these hardware components and workflows that specify high-level application logic, the embodiments disclosed herein have enhanced flexibility and scalability when compared to conventional technology.
    Type: Grant
    Filed: May 9, 2017
    Date of Patent: January 21, 2020
    Assignee: INTEL CORPORATION
    Inventors: Mingqiu Sun, Noah Zentzis, Vincent J. Zimmer, Peggy J. Irelan, Timothy E. Abels, Gopinatth Selvaraje, Rajesh Poornachandran
  • Patent number: 10536262
    Abstract: An electronic generation device arranged to generate parameters for digital obfuscated arithmetic including a prime number unit arranged to generate a prime modulus (p) and a base element unit arranged to generate a prime modulus and a base element such that each ring-element modulo the prime modulus may be expressed as a difference between two powers of the potential base element.
    Type: Grant
    Filed: December 11, 2015
    Date of Patent: January 14, 2020
    Assignee: KONINKLIJKE PHILIPS N.V.
    Inventors: Leandro Marin, Alphons Antonius Maria Lambertus Bruekers, Paulus Mathias Hubertus Mechtildus Gorissen
  • Patent number: 10528721
    Abstract: Methods and apparatus for implemented trusted packet processing for multi-domain separatization and security. Secure enclaves are created in system memory of a compute platform configured to support a virtualized execution environment including a plurality of virtual machines (VMs) or containers, each secure enclave occupying a respective protected portion of the system memory, wherein software code external from a secure enclave cannot access code or data within a secure enclave, and software code in a secure enclave can access code and data both within the secure enclave and external to the secure enclave. Software code for implementing packet processing operations is installed in the secure enclaves. The software in the secure enclaves is then executed to perform the packet processing operations.
    Type: Grant
    Filed: October 20, 2016
    Date of Patent: January 7, 2020
    Assignee: Intel Corporation
    Inventors: Kapil Sood, Somnath Chakrabarti, Wei Shen, Carlos V. Rozas, Mona Vij, Vincent R. Scarlata
  • Patent number: 10496825
    Abstract: Examples relate to in-memory attack prevention. The examples disclosed herein enable obtaining, in response to a first boot command, a first encryption key generated based on a randomization process. The examples further enable determining whether first information of a page table indicates that a memory page is intended to be secure, the page table storing mapping between a virtual address of the memory page and a physical address of the memory page. In response to determining that the first information indicates that the memory page is intended to be secure, the examples further enable determining whether second information of the page table indicates that the memory page is encrypted. In response to determining that the second information indicates that the memory page is not encrypted, the examples further enable encrypting the memory page in a physical memory using the first encryption key.
    Type: Grant
    Filed: November 26, 2014
    Date of Patent: December 3, 2019
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventor: Perry V Lea
  • Patent number: 10482251
    Abstract: Technique and systems for detecting network intrusion are described. Each device in a plurality of devices in the network can generate an integrity report by: (1) measuring a first set of execution parameter values during an execution of a portion of a software image at the device, (2) comparing the first set of execution parameter values with a second set of execution parameter values associated with executing the portion of the software image at a secure instance of the device, and (3) generating the integrity report based on said comparing. Next, the integrity reports can be collected, and network intrusions can be detected based on the integrity reports by using statistical and pattern recognition techniques including but not limited to neural nets implementing crossover and backpropagation, and classifiers including but not limited to cluster analysis, correlation and regression, factor analysis.
    Type: Grant
    Filed: December 18, 2018
    Date of Patent: November 19, 2019
    Inventor: Christopher Luis Hamlin
  • Patent number: 10437733
    Abstract: An apparatus and method for efficient guest EPT manipulation. For example, one embodiment of a apparatus comprises: a hypervisor to create extended page table (EPT) mappings between a guest physical address (GPA) space and a host physical address (HPA) space; the hypervisor to create an EPT edit table and populate the EPT edit table with information related to permitted mappings between the GPA space and HPA space; a guest to read the EPT edit table to determine information related to the permitted mappings between the GPA space and HPA space, the guest to use the information to map one or more pages in the GPA space to one or more pages in the HPA space.
    Type: Grant
    Filed: July 11, 2017
    Date of Patent: October 8, 2019
    Assignee: Intel Corporation
    Inventor: Krystof C. Zmudzinski
  • Patent number: 10423780
    Abstract: Described is a system for synthesis of cryptographic software from specification. During operation, the system generates a first level formalization code of a cryptographic protocol based on a user input protocol specification and a library of transformation rules. A second level formalization code is then generated by implementing communication protocols to the first level formalization code. A third level formalization code subsequently generated by implementing cryptographic primitives to the second level formalization code. Finally, the third level formalization code is encoded on a computer readable medium as an executable code.
    Type: Grant
    Filed: August 4, 2017
    Date of Patent: September 24, 2019
    Assignee: HRL Laboratories, LLC
    Inventors: Alexei Kopylov, Aleksey Nogin
  • Patent number: 10423531
    Abstract: Subject matter disclosed herein relates to techniques to read memory in a continuous fashion.
    Type: Grant
    Filed: November 1, 2017
    Date of Patent: September 24, 2019
    Assignee: Micron Technology, Inc.
    Inventors: Yihua Zhang, Jun Shen
  • Patent number: 10402567
    Abstract: The disclosed technology is generally directed to a secure boot mechanism for a multi-core system. In some examples, multiple execution environments may be sequentially booted according to a chain of trust that corresponds to the defense-in-depth hierarchy. A first stage of the secure boot may be based on the hardware root of trust of the multi-core processor. Subsequent stages may be based upon the trust in the previous stages. In some examples, if any stage is determined to be compromised, then the secure boot ceases, and neither the stage determined to be compromised nor any subsequent stages are booted.
    Type: Grant
    Filed: June 25, 2017
    Date of Patent: September 3, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jaeyeon Jung, Felix Stefan Domke, Ryan J. Fairfax
  • Patent number: 10404470
    Abstract: Techniques for signature verification of field-programmable gate array (FPGA) programs are described herein. In one or more implementations, an FPGA virtualization manager of a host device receives a request from a virtual machine for an FPGA program to program FPGAs of the host. The FPGA program is configured to program the FPGAs to provide functionality of a hardware-implementation of a respective program (e.g., a machine-learning algorithm) or of a respective device (e.g., a graphics processing unit). Before allowing the FPGA program to program the FPGAs, however, the FPGA virtualization manager determines whether the FPGA program is trusted to do so. To do so, the FPGA virtualization manager verifies a digital signature associated with the FPGA program. When the signature is verified the FPGA program is determined to be trusted. Based on such a determination, the FPGA virtualization manager loads the FPGA program to program the FPGAs to provide the functionality.
    Type: Grant
    Filed: January 13, 2017
    Date of Patent: September 3, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Hadden Mark Hoppert, Christopher L. Huybregts
  • Patent number: 10394721
    Abstract: An integrated circuit, having a security supervision system, comprising a plurality of functional circuit blocks interconnected to collectively performing data processing tasks, one or more communication adaptors, having: (i) a hardware interconnection to the functional circuit blocks, whereby the communication adaptor senses the state and/or activity of the functional circuit block; (ii) memory storing definitions of state and/or activity of functional circuit block and actions for each definition; and (iii) processing circuitry comparing the state and/or activity of the functional block with each definition, such that when state and/or activity of the functional block corresponding to a stored definition is detected, perform the corresponding action.
    Type: Grant
    Filed: November 30, 2016
    Date of Patent: August 27, 2019
    Assignee: UltraSoc Technologies Ltd.
    Inventors: Gajinder Panesar, Rupert Baines, Iain Robertson
  • Patent number: 10372886
    Abstract: A method of obscuring the input and output of a modular exponentiation function, including: receiving modular exponentiation parameters including an exponent e having N bits and a modulus m; generating randomly a pre-multiplier; calculating a post-multiplier based upon the pre-multiplier, exponent e, and modulus m; multiplying an input to the modular exponentiation function by the pre-multiplier; performing the modular exponentiation function; and multiplying the output of the modular exponentiation function by the post-multiplier, wherein multiplying an input to the modular exponentiation function by the pre-multiplier, performing the modular exponentiation function, and multiplying the output of the modular exponentiation function by the post-multiplier are split variable operations.
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: August 6, 2019
    Assignee: NXP B.V.
    Inventors: Jan Hoogerbrugge, Wil Michiels
  • Patent number: 10366228
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify regions of code to be monitored, probe and lock code pages that include the identified regions of code, and remap the code pages as execute only. The code pages can be remapped as execute only in an alternate extended page table view.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: July 30, 2019
    Assignee: McAfee, LLC
    Inventors: Ravi Sahita, Lu Deng, Vedvyas Shanbhogue, Lixin Lu, Alexander Shepsen, Igor Tatourian
  • Patent number: 10362483
    Abstract: A secure data storage device with wireless authentication is provided. The described data storage device is wirelessly unlocked using another wireless device. The secure data storage device interoperates with a cloud server for configuring and managing the data storage device.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: July 23, 2019
    Inventor: Cristian Frusina
  • Patent number: 10356086
    Abstract: The present invention provides methods and apparatuses that utilize a portable apparatus to securely operate a host electronic device. Typically, each portable apparatus includes a data storage unit which stores an operating system and other software. In one example, a portable apparatus can provide a virtual operating environment on top of a host's operating system for a host device. In another example, a portable apparatus containing its operating system can directly boot a host device with one or more hardware profiles. Furthermore, a device-dependent protection against software piracy, a user-dependent protection against sensitive data leaks, a controllable host operating environment to prevent unwanted information exposure, and a secure restoration procedure to prevent virus infection between the host device users may be incorporated. Moreover, a pre-defined information may also be utilized to authorize a connected-state guest operation environment in the host device.
    Type: Grant
    Filed: August 27, 2018
    Date of Patent: July 16, 2019
    Inventor: Evan Huang
  • Patent number: 10353713
    Abstract: An information handling system includes a processor, a Unified Extensible Firmware Interface (UEFI) boot volume, and a memory including UEFI code and a setup module. The UEFI code is executable by the processor to boot the information handling system, determine if the UEFI boot volume includes a setup data file, and launch the setup module in response to determining that the UEFI boot volume includes the setup data file. The setup module is executable by the processor to read first information from the setup data file, and set a first configuration setting of the information handling system based upon the first information.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: July 16, 2019
    Assignee: Dell Products, LP
    Inventor: Allen C. Wynn
  • Patent number: 10354073
    Abstract: According to one embodiment, an information processing device includes a processor, a nonvolatile memory, a designation unit, and a controller. The nonvolatile memory stores the first software and the second software which is used as substitute for the first software. The designation unit designates software to be executed by the processor at a boot. The controller protects an area of the nonvolatile memory storing the first software from being written while the first software is executed by the processor. When third software is executed by the processor, the third software verifies the second software. When the second software is legal in a result of verifying by the third software, the designation unit designates the second software.
    Type: Grant
    Filed: July 28, 2016
    Date of Patent: July 16, 2019
    Assignee: KABUSHIKI KAISHA TOSHIBA
    Inventors: Ryuiti Koike, Mikio Hashimoto, Naoko Yamada, Ryotaro Hayashi
  • Patent number: 10346300
    Abstract: In one embodiment, a processor comprises: at least one core formed on a die to execute instructions; a first memory controller to interface with an in-package memory; a second memory controller to interface with a platform memory to couple to the processor; and the in-package memory located within a package of the processor, where the in-package memory is to be identified as a more distant memory with respect to the at least one core than the platform memory. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: July 9, 2019
    Assignee: Intel Corporation
    Inventors: Avinash Sodani, Robert J. Kyanko, Richard J. Greco, Andreas Kleen, Milind B. Girkar, Christopher M. Cantalupo
  • Patent number: 10325118
    Abstract: Memory security technologies are described. An example processing system includes a processor core and a memory controller coupled to the processor core and a memory. The processor core can receive a content read instruction from an application. The processor core can identify a cache line (CL) from a plurality of CLs of a cryptographic cache block (CCB) requested in the content read instruction. The processor core can load, from a cryptographic tree, tree nodes with security metadata. The processor core can retrieve, from the memory, the CCB. The processor core can generate a second MAC from the CCB. The processor core can compare the first MAC with the second MAC. The processor core can decrypt the CCB using security metadata when the first MAC matches the second MAC. The processor core can send at least the identified CL from the decrypted CCB to the application.
    Type: Grant
    Filed: January 4, 2018
    Date of Patent: June 18, 2019
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Francis X. Mckeen, Carlos V. Rozas, Saeedeh Komijani, Tamara S. Lehman
  • Patent number: 10318258
    Abstract: Provided is a non-transitory computer readable storage medium storing a program causing a computer to execute a process, the process including: obtaining an analysis result of a program hierarchically structured by a plurality of hierarchies; identifying an exclusion request of a check content of a same kind as a specific check content by referring to a storage unit storing information about a past exclusion request of a check content when the specific check content in the analysis result is displayed in association with a part corresponding to the specific check content of the program; outputting reference information for an exclusion request of the specific check content based on a request result of the exclusion request of the check content of the same kind, and a difference between positions in the plurality of hierarchies of the specific check content and the check content of the same kind in the program.
    Type: Grant
    Filed: July 17, 2017
    Date of Patent: June 11, 2019
    Assignee: FUJITSU LIMITED
    Inventors: Sayaka Shimada, Daisuke Hiyama, Hideya Ikeda
  • Patent number: 10320753
    Abstract: A machine has a processor and a memory connected to the processor. The memory stores instructions executed by the processor to allow a user to designate a selected persona from a pool of potential personas, where each potential persona is associated with the user and has a distinct set of computer network attributes. A virtual private network egress point for the selected persona is designated, where the virtual private network egress point masks computer network attributes of the selected persona. Contact with the virtual private network egress point is coordinated to initiate a network communication for the selected persona.
    Type: Grant
    Filed: January 19, 2016
    Date of Patent: June 11, 2019
    Assignee: Anonyome Labs, Inc.
    Inventors: Paul Ashley, Steve Shillingford, Simon Gee, Glen Leeder, Greg Clark
  • Patent number: 10311226
    Abstract: A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing for program code and hardware-protects it from alteration. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition.
    Type: Grant
    Filed: May 7, 2018
    Date of Patent: June 4, 2019
    Assignee: Newman H-R Computer Design, LLC
    Inventors: Frank N. Newman, Dan Newman
  • Patent number: 10305682
    Abstract: A method of encrypting a program instructions stream and a method of executing an instructions stream thus encrypted. Instructions are translated into binary code before being encrypted by a stream cipher method. When the program contains a conditional or unconditional branch instruction, an instruction is inserted in the program to initialize the pseudo-random sequence generator using an initialization vector, the initialization vector being used to generate the pseudo-random sequence for encryption and decryption of instructions at the branch address. Instructions can be decrypted and executed on-the-fly without needing to know their physical addresses, even in the presence of a branch.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: May 28, 2019
    Assignee: COMMISSARIAT A L'ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES
    Inventors: Florian Pebay-Peyroula, Olivier Savry, Thomas Hiscock
  • Patent number: 10289722
    Abstract: A multi-level cache system may include a server with a processor and memory. The memory may include a database cache system for use with a distributed database system. The server may also include a Solid State Drive that may include a key-value store and a second storage device that may store a backend database. The key-value store may act as a second level cache to the database cache system.
    Type: Grant
    Filed: April 11, 2016
    Date of Patent: May 14, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Inseok Stephen Choi, Byoung Young Ahn, Yang Seok Ki
  • Patent number: 10262161
    Abstract: Techniques described and suggested herein include the use of transformation parameters, such as mathematical and/or cryptographic operations, to permute various aspects of executables so as to control executable code authorized to run on one or more hosts. For example, a set of transformation parameters, such as a mathematical operation and a specified value upon which the mathematical operation may operate, are associated with a host or group of hosts. The set of transformation parameters may be applied to one or more runtime-related numerical locations associated with an executable that is intended to run on the specified hosts. At runtime, appropriately encoded executables are decoded by the specified hosts and operate normally, while differently encoded or unencoded executables are inoperable by the specified hosts.
    Type: Grant
    Filed: December 22, 2014
    Date of Patent: April 16, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Jon Arron McClintock, Darren Ernest Canavor, Harsha Ramalingam, George Nikolaos Stathakopoulos
  • Patent number: 10255193
    Abstract: The present disclosure includes apparatuses and methods related to virtual address tables. An example method comprises generating an object file that comprises: an instruction comprising a number of arguments; and an address table comprising a number of indexed address elements. Each one of the number of indexed address elements can correspond to a virtual address of a respective one of the number of arguments, wherein the address table can serves as a target for the number of arguments. The method can include storing the object file in a memory.
    Type: Grant
    Filed: March 5, 2018
    Date of Patent: April 9, 2019
    Assignee: Micron Technology, Inc.
    Inventors: John D. Leidel, Kyle B. Wheeler
  • Patent number: 10248398
    Abstract: A method for virtualizing of software applications. The method comprises initializing a virtual environment created by a virtual engine executed over a computer; creating a new data file; launching an installation process of a software application to be virtualized, wherein the installation process runs in the virtual environment; during the installation process, capturing data writes to a file system of the computer's operating system; and saving the data writes to the new data file.
    Type: Grant
    Filed: April 6, 2009
    Date of Patent: April 2, 2019
    Assignee: BlackBerry Limited
    Inventors: Netzer Shlomai, Yoram Gabay
  • Patent number: 10235506
    Abstract: A method of obscuring software code implementing a modular exponentiation function, including: receiving modular exponentiation parameters including an exponent e having N bits; generating a bitwise exponent array and inverse bitwise exponent array; and generating modular exponentiation function operations using the bitwise exponent array, inverse bitwise exponent array, and N, wherein the generated modular exponentiation function operations are split variable operations.
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: March 19, 2019
    Assignee: NXP B.V.
    Inventors: Jan Hoogerbrugge, Wil Michiels
  • Patent number: 10176333
    Abstract: An electronic device comprising: a memory; and at least one processor configured to: install an application by using an installation file associated with the application; grant at least one permission to the application based on a permission setting token that is included in the installation file; and store, in a database, an indication that the application is granted the permission.
    Type: Grant
    Filed: September 18, 2015
    Date of Patent: January 8, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Myeong Jin Oh, Ju Ha Park, Michael Pak, Sung Kyu Cho
  • Patent number: 10171432
    Abstract: Systems, methods, and non-transitory computer-readable medium are provided to secure data centers and cloud computing. A method receives network identifiers for functions, requests a network key for each function, allocates network interfaces, requests a virtual network interface controller allocation, requests a network key for each cloud function, receives storage identifiers for functions, requests a storage key for each cloud function, allocates virtual storage disks, requests a storage interface controller allocation, requests a storage key for each cloud function. Methods secure migration of a virtual machine from a source to a target server. A server includes multiple cores where each core is dedicated to a compute function and a unique key encrypts data of each compute function. A non-transitory computer-readable medium encodes programs that execute the above methods.
    Type: Grant
    Filed: December 4, 2017
    Date of Patent: January 1, 2019
    Inventor: Ari Birger
  • Patent number: 10172168
    Abstract: The present invention relates to an IoT (Internet of Things) device, a mobile terminal, a method of pairing the IoT device using the mobile terminal, and a control method. According to one embodiment of the present invention, the method includes the steps of, when an IoT device contacted with at least one side of the mobile terminal is recognized, generating a vibration using a designated vibration pattern, receiving vibration pattern information from the IoT device, and when the received vibration pattern information is identical to the designated vibration pattern, performing paring with the IoT device. According to the embodiments of the present invention, a user can intuitively perform pairing between the mobile terminal and the IoT device through the paring method between the mobile terminal and the IoT device.
    Type: Grant
    Filed: February 3, 2017
    Date of Patent: January 1, 2019
    Assignee: LG ELECTRONICS INC.
    Inventors: Younkyung Jang, Cheol Choi, Chamo Je, Sungjun Park
  • Patent number: 10158484
    Abstract: Instructions and logic provide for a Single Instruction Multiple Data (SIMD) SM4 round slice operation. Embodiments of an instruction specify a first and a second source data operand set, and substitution function indicators, e.g. in an immediate operand. Embodiments of a processor may include encryption units, responsive to the first instruction, to: perform a slice of SM4-round exchanges on a portion of the first source data operand set with a corresponding keys from the second source data operand set in response to a substitution function indicator that indicates a first substitution function, perform a slice of SM4 key generations using another portion of the first source data operand set with corresponding constants from the second source data operand set in response to a substitution function indicator that indicates a second substitution function, and store a set of result elements of the first instruction in a SIMD destination register.
    Type: Grant
    Filed: October 10, 2016
    Date of Patent: December 18, 2018
    Assignee: Intel Corporation
    Inventors: Sean M. Gulley, Gilbert M. Wolrich, Vinodh Gopal, Kirk S. Yap, Wajdi K. Feghali