Upgrade/install Encryption Patents (Class 713/191)
-
System and method for validating users in a virtual ecosystem based on stacking of digital resources
Patent number: 12107863Abstract: Embodiments of the present invention provide a system for validating users in a virtual ecosystem based on stacking of digital resources. The system is configured for identifying initiation of a resource interaction between a first user and a second user in a digital ecosystem, receiving a verification request from at least one of the first user and the second user, prompting the first user and the second user to provide digital resources, receiving first number of stacked digital resources from the first user and second number of stacked digital resources from the second user, calculating a first score for the first user based on the first number of stacked digital resources, calculating a second score for the second user based on the second number of stacked digital resources, and processing the resource interaction based on inputs received from the first user and the second user in the digital ecosystem.Type: GrantFiled: November 1, 2022Date of Patent: October 1, 2024Assignee: BANK OF AMERICA CORPORATIONInventor: Saurabh Gupta -
Patent number: 12026258Abstract: An information processing device includes a memory, and processing circuitry coupled to the memory and configured to acquire, from a storage of a security module with tamper resistance, information related to a verification key and ID information of the configuration file for verifying a digital signature for a configuration file, and use the acquired information related to the verification key and ID information to cause an application program to execute processing of verifying integrity of configuration data of the configuration file, acquire registration version information from the storage of the security module, and use the acquired registration version information to cause the application program to execute processing of verifying a configuration version of the configuration file, and update the registration version information to the version of the configuration version when the configuration version of the configuration file and the registration version information satisfy a predetermined condition.Type: GrantFiled: July 30, 2019Date of Patent: July 2, 2024Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Takeshi Nagayoshi, Yuichi Komatsu, Ryota Sato
-
Patent number: 11868755Abstract: A system for updating software installed on an electronic unit on a vehicle can include a processor and a memory. The processor can be disposed on an intermediate communications device. The intermediate communications device can be a mobile device. The memory can store an update request module and an update existence module. The update request module can include instructions that when executed by the processor cause the processor to receive, from the electronic unit on the vehicle, a request for an update of the software. The request can include: (1) an identification of a version of the software currently installed on the electronic unit and (2) a key to specifically identify the electronic unit. The update existence module can include instructions that when executed by the processor cause the processor to receive, from a device associated with development of the software, information about an existence of the update.Type: GrantFiled: July 30, 2021Date of Patent: January 9, 2024Assignee: Toyota Motor Engineering & Manufacturing North America, Inc.Inventors: Vladimeros Vladimerou, Gregg J. Overfield, Drew Cunningham, John-Michael McNew
-
Patent number: 11838841Abstract: In one embodiment, a domain controller (a) quarantines unknown devices at a first quarantine point at a first layer of a multi-layer communication model; (b) communicates with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service; (c) receives a provisioning request for a first device via an access point, wherein the access point comprises a second quarantine point at a second layer of the multi-level communication model; (d) verifies a device type of the first device with the DNS service; and (e) responsive to that verification, provisions the first device into the domain. The domain controller may also send a provisioning response to the access point to enable the first device to be removed from the second quarantine point, to enable the first device to communicate with the domain controller. Other embodiments are described and claimed.Type: GrantFiled: August 22, 2022Date of Patent: December 5, 2023Assignee: Intel CorporationInventors: Ned M. Smith, Ravi S. Subramaniam, David W. Grawrock
-
Patent number: 11671444Abstract: A system includes persistent storage containing configuration items (CIs) representing discovered attribute values of computing resources associated with a managed network, and an application configured to perform operations, including obtaining test result data generated based on a third-party scanning system executing tests of a particular computing resource associated with the managed network. The test result data includes attribute values of the particular computing resource. The operations also include generating, by way of an embedding model and based on the attribute values, an embedding vector representing the attribute values, and comparing the embedding vector to a plurality of candidate embedding vectors, each representing the discovered attribute values of a corresponding CI of the CIs.Type: GrantFiled: September 12, 2022Date of Patent: June 6, 2023Assignee: ServiceNow, Inc.Inventor: Brian James Waplington
-
Patent number: 11609996Abstract: An object of the disclosure is to simplify security enhancements based on trusted computing. For this, a first data processing apparatus configured to operate in accordance with one or more platform configuration is provided. The first data processing apparatus includes an attestation processor, a network interface, and a data storage device for storing validation data. The attestation processor is configured to establish attestation data that is indicative of a current platform configuration. The validation data facilitates a validity check of integrity data, which includes the attestation data. The first data processing apparatus is configured to provide the integrity and validation data.Type: GrantFiled: April 12, 2019Date of Patent: March 21, 2023Assignee: Siemens AktiengesellschaftInventor: Rainer Falk
-
Patent number: 11544050Abstract: A graphical user interface is used to present one or more candidate patch target stages of a software development pipeline. Prior to deployment of a patch to a particular stage, an operation is performed to verify that a version of a deployed software at the particular stage has not changed since a record of a state of the particular stage was obtained. The deployment of the patch to the particular stage is initiated when the version of the deployed software has not changed.Type: GrantFiled: July 18, 2019Date of Patent: January 3, 2023Assignee: Amazon Technologies, Inc.Inventors: Kumar Ankit, Penchala Reddy Audireddy, Jayant Choranur Rajachar, Sujatha Narasimhan, Mohammad Asad Ur Rehman
-
Patent number: 11543144Abstract: An air conditioning control apparatus includes a memory interface performing a data transceiving between a storage medium, a memory, and a controller. The storage medium stores a boot program in a boot program region. The memory stores the boot program of the storage medium. The controller reads out the boot program of the storage medium from the memory when a predetermined period is elapsed, and overwrites the boot program that is read out in the boot program region of the storage medium.Type: GrantFiled: September 16, 2020Date of Patent: January 3, 2023Assignee: DENSO WAVE INCORPORATEDInventor: Kensuke Nakajima
-
Method and system for management of a local craft terminal application executed by a network element
Patent number: 11500651Abstract: A method and system for managing execution of a local craft terminal application on a local computer system comprising accessing one of the plurality of remote network elements and obtaining therefrom a launcher application program configured to manage execution of the local craft terminal application on the local computer system, launching the launcher application program on the local computer system and determining, using the launcher application program, whether the local computer system contains an appropriate copy of the local craft terminal application, and if the local computer system does not contain the appropriate copy of the local craft terminal application, obtaining the appropriate copy of the local craft terminal application from the first one of the plurality of remote network elements.Type: GrantFiled: December 30, 2019Date of Patent: November 15, 2022Assignee: XIEON NETWORKS S.a.r.l.Inventor: Paulo Sérgio Palmeira Coelho -
Patent number: 11477625Abstract: In one embodiment, a domain controller includes a quarantine logic to quarantine unknown devices from unrestricted network access. The quarantine logic comprises a first quarantine point at a first layer of a multi-layer communication model. The domain controller also includes: a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point that comprises a second quarantine point at a second layer of the multi-level communication model. The second layer is a lower layer than the first layer, and the second quarantine point is more restrictive than the first. Other embodiments are described and claimed.Type: GrantFiled: October 29, 2020Date of Patent: October 18, 2022Assignee: Intel CorporationInventors: Ned M. Smith, Ravi S. Subramaniam, David W. Grawrock
-
Patent number: 11470107Abstract: A system includes persistent storage containing configuration items (CIs) representing discovered attribute values of computing resources associated with a managed network, and an application configured to perform operations, including obtaining test result data generated based on a third-party scanning system executing tests of a particular computing resource associated with the managed network. The test result data includes attribute values of the particular computing resource. The operations also include generating, by way of an embedding model and based on the attribute values, an embedding vector representing the attribute values, and comparing the embedding vector to a plurality of candidate embedding vectors, each representing the discovered attribute values of a corresponding CI of the CIs.Type: GrantFiled: June 10, 2020Date of Patent: October 11, 2022Assignee: ServiceNow, Inc.Inventor: Brian James Waplington
-
Patent number: 11451573Abstract: An embodiment may involve a plurality of configuration items and an unmatched configuration item, wherein the unmatched configuration item is associated with a first set of attribute values and a first vulnerability, wherein the first vulnerability is associated with a first set of field values.Type: GrantFiled: June 16, 2020Date of Patent: September 20, 2022Assignee: ServiceNow, Inc.Inventor: Brian James Waplington
-
Patent number: 11431676Abstract: A method, an apparatus, and a system for detecting a terminal security status are provided. The method includes: receiving a file, and running the file, to generate a dynamic behavior result. The dynamic behavior result includes a behavior sequence that is generated according to a chronological order of occurrence of behaviors. When the file includes an APT, the security protection device obtains a stable behavior feature in the dynamic behavior result, generates a corresponding IOC according to the stable behavior feature, and sends the generated IOC to a terminal. The stable behavior feature is a behavior always existing in a behavior sequence that is generated each time after the file is run.Type: GrantFiled: June 9, 2020Date of Patent: August 30, 2022Assignee: Huawei Technologies Co., Ltd.Inventor: Yongcun Gan
-
Patent number: 11374912Abstract: Methods and systems for performing exchange of data with third-party applications are described. The method includes receiving a request for performing document related operation on document using a third-party application. The method includes converting third-party application into containerized application using containerization mechanism. The method includes allocating virtual secured space to containerized application. The method includes encrypting document using public key of containerized application. The method includes providing encrypted document to containerized application that implements limitations on encrypted document. The method includes facilitating performance of document related operation on encrypted document to create updated document. The encrypted document is decrypted using private key of containerized application before performing document related operation on encrypted document.Type: GrantFiled: December 7, 2020Date of Patent: June 28, 2022Assignee: I2CHAIN, INC.Inventors: Mark Steven Manasse, Sanjay Jain, Ravi Jotwani, Ajay Jotwani
-
Patent number: 11307842Abstract: System and method for virtual agent upgrade uses an upgrade proxy service that is instantiated in a computing entity when an upgrade request for a virtual agent in the computing entity is received to upgrade the virtual agent based on virtual agent upgrade data from an application server. The upgrade proxy service is then removed from the computing entity after upgrading the virtual agent.Type: GrantFiled: April 7, 2020Date of Patent: April 19, 2022Assignee: VMWARE, INC.Inventors: Suchit Dhakate, Narendra Madanapalli, Rahav Vembuli, Padmini Sampige Thirumalachar, Vinothkumar D
-
Patent number: 11296928Abstract: Examples described herein relate to systems and methods for containing a faulty stimulus. A computer-implemented method may include listing in a suspect list every received stimulus including the faulty stimulus, and implicitly testing the stimuli by respectively acting upon those stimuli by a software application. Responsive to successfully acting upon each of the stimuli besides the faulty stimulus, each non-faulty stimulus is deleted from the suspect list and, responsive to such deletion, made available to a downstream node. Responsive to acting upon the faulty stimulus, the software application crashes which leaves the faulty stimulus listed in the suspect list. The software application then restarts and deems the faulty stimulus as being faulty based upon the faulty stimulus still being listed in the suspect list after the restart.Type: GrantFiled: July 6, 2020Date of Patent: April 5, 2022Assignee: Level 3 Communications, LLCInventor: William Crowder
-
Patent number: 11244054Abstract: Apparatus, method, computer program product and computer readable medium are disclosed for trusted computing. A method comprises: at a trusted execution environment (TEE)-enabling processor, creating a signing TEE; performing a first measurement of the signing TEE, wherein the first measurement comprises at least one measurement of the code of the signing TEE, an identity of the signing TEE and a log of activities performing during the creation of the signing TEE; generating a first signature of the result of the first measurement; sending the result of the first measurement and the first signature to a public register such that a verification of the signing TEE can be made by means of the public register; wherein the signing TEE is configured to verify whether a first TEE is recorded on the public ledger.Type: GrantFiled: November 3, 2017Date of Patent: February 8, 2022Assignee: Nokia Technologies OyInventor: David Bitauld
-
Patent number: 11216433Abstract: A method for providing encrypted search includes receiving, at a user device associated with a user, a search query for a keyword that appears in one or more encrypted documents stored on an untrusted storage device and accessing a count table to obtain a count of documents that include the keyword. The method also includes generating a delegatable pseudorandom function (DPRF) based on the keyword, a private cryptographic key, and the count of documents. The method also includes evaluating a first portion of the DPRF and delegating a remaining second portion of the DPRF to the untrusted storage device which causes the untrusted storage device to evaluate the DPRF and access an encrypted search index associated with the documents. The untrusted storage device determines one or more encrypted documents associated with DPRF and returns, to the user device, an identifier for each encrypted document associated with the DPRF.Type: GrantFiled: December 12, 2019Date of Patent: January 4, 2022Assignee: Google LLCInventors: Kevin Yeo, Ahmet Erhan Nergiz, Nicolas Lidzborski, Laetitia Estelle Baudoin, Sarvar Patel
-
Patent number: 11212269Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and a device are provided. The device determines that a target event occurred at a first server in a group of servers that are jointly managed. The device obtains, for the first server, a public-private key pair including a first key and a second key. The device provides the first key to the first server such that the first server is accessible by authentication with the first key. The device provides the second key to a client device such that the first server is accessible by the client device by providing the second key to the server. Subsequently, the device revokes the first key from the first server.Type: GrantFiled: December 18, 2018Date of Patent: December 28, 2021Assignee: AMERICAN MEGATRENDS INTERNATIONAL, LLCInventors: Samvinesh Christopher, Anurag Bhatia, Winston Thangapandian
-
Patent number: 11188481Abstract: In an implementation, a method is provided. The method may include: receiving a sensor application by a network platform, the network platform comprising a processing module and a plurality of ports, and wherein a first portion of the processing module is allocated to an operating system of the network platform; allocating a second portion of the processing module to the sensor application by the network platform; executing the sensor application by the second portion of the processing module; emulating a port of the plurality of ports by the second portion of the processing module; and allowing the executed sensor application to interact with the operating system through the emulated port.Type: GrantFiled: August 30, 2019Date of Patent: November 30, 2021Assignee: Cisco Technology, Inc.Inventors: David John Zacks, Anoop Vetteth, Tarunesh Ahuja, Davi Gupta, Jagbir Kang
-
Patent number: 11184333Abstract: A computer implemented method for securely extracting secure data from a human capital management (HCM) system, includes receiving setup data from a production tenant of the HCM system, wherein the setup data includes one or more field types describing what type of secure data is stored on the production tenant, creating a scrambling module based on the setup data that is configured to scramble the secure data based on scrambling settings, wherein the scrambling module is configured to upload and install onto the HCM system and to communicate with the production tenant to receive the secure data to scramble the secure data, and uploading the scrambling module to the HCM system.Type: GrantFiled: December 4, 2017Date of Patent: November 23, 2021Assignee: Intecrowd, LLCInventor: Don McDougal
-
Patent number: 11126725Abstract: A method includes receiving a firmware update package at an information handling system, the package including a payload containing a first firmware image. In response to executing the firmware update package while the information handling system is under control of an operating system, identifying a non-volatile storage device; authenticating the first firmware image; and storing the first firmware image at the non-volatile storage device. In response to successfully authenticating the first firmware image, initiating a reboot of the information handling system to invoke an initialization routine. The initialization routine includes retrieving the first firmware image from the non-volatile storage device and installing the first firmware image at a first device.Type: GrantFiled: June 12, 2019Date of Patent: September 21, 2021Assignee: Dell Products L.P.Inventors: Shekar Babu Suryanarayana, Sumanth Vidyadhara
-
Patent number: 11055322Abstract: Examples include comparison of a part key to machine keys. Examples include identification of a part key assigned to a given machine identifier in a part key mapping of a part received by a computing device, the part key mapping including a plurality of part keys assigned to a plurality of machine identifiers. Examples also include comparison of the identified part key to machine keys stored on the computing device to determine whether the identified part key matches any of the machine keys, and based at least in part on a result of the determination, enabling or inhibiting further utilization of the part.Type: GrantFiled: July 30, 2018Date of Patent: July 6, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Stephen K. Gee, Neil Asmussen
-
Patent number: 10917520Abstract: Certain aspects of the present disclosure provide techniques for providing an automated callback service to a user. An example technique includes receiving an indication of a product installation failure, which includes an error code, a context of the computing device, and a product identifier. Based on the product identifier, a phone number is retrieved that is associated with the user of the computing device. A set of solutions predicted to resolve the installation failure is retrieved, based on the error code and the context. A callback is established to the user, and the user is connected with a virtual agent that will provide solutions from the set of solutions in the ranking order retrieved until a solution is determined to resolve the product installation error. The ranking of the predicted solutions is updated for other users in the future who may face a similar product installation error.Type: GrantFiled: July 1, 2019Date of Patent: February 9, 2021Assignee: INTUIT INC.Inventor: Vishnu Priya T. G
-
Patent number: 10856122Abstract: In one embodiment, a domain controller includes: a quarantine logic to quarantine unknown devices from unrestricted network access, the quarantine logic comprising a first quarantine point at a first layer of a multi-layer communication model; a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point, wherein the access point comprises a second quarantine point at a second layer of the multi-level communication model. Other embodiments are described and claimed.Type: GrantFiled: May 31, 2016Date of Patent: December 1, 2020Assignee: Intel CorporationInventors: Ned M. Smith, Ravi S. Subramaniam, David W. Grawrock
-
Patent number: 10838911Abstract: Techniques and systems for storing and retrieving data storage devices of a data storage system are disclosed. In some embodiments, inventory holders are used to store data storage devices used by a data storage system. When data is to be transacted with the data storage devices, mobile drive units locate appropriate inventory holders and transport them to a device reading station, where an appropriate device retrieval unit transacts the data. After the data has been transacted, the data storage devices are returned to the appropriate inventory holders, and the inventory holders are placed by the mobile drive units in locations where they may be accessed in response to further data transactions.Type: GrantFiled: December 14, 2015Date of Patent: November 17, 2020Assignee: Amazon Technologies, Inc.Inventors: Paul David Franklin, Colin Laird Lazier
-
Patent number: 10778447Abstract: The invention provides a method and system for safely switching between product mode and development mode of a terminal, aiming at addressing the problem in the prior art that the terminal in a testing development version may be accidentally circulated into the market and cause hidden safety risk. According to the invention, different Certificate Authorities (CAs) are configured for the terminal at different stages; by storing the public-private key pairs of the certificates issued by different CAs in different secure storage media, only if the secure storage medium corresponding to the current CA state of the terminal is verified to be valid, the flags of the terminal can be successfully rewritten; a safe switching between different CA states of the terminal is realized. It is ensured that the terminal in the testing development stage cannot be used normally, thereby improving the safety of the terminal device.Type: GrantFiled: January 10, 2018Date of Patent: September 15, 2020Assignee: FUJIAN LANDI COMMERCIAL EQUIPMENT CO., LTD.Inventors: Jinhan Lin, Yixuan Hong
-
Patent number: 10725775Abstract: A request to store a container image is received from a device associated with a customer of a computing resource service provider. Validity of a security token associated with the request is authenticated using a cryptographic key maintained as a secret by the computing resource service provider. One or more layers of the container image is built based at least in part on at least one build artifact to form a set of built layers. The software image including the set of built layers is stored in a repository associated with the customer. A manifest of metadata for the set of built layers is stored in a database of a structured data store. The container image is obtained in the form of an obtained container image. The obtained container image is deployed as the software container in at least one virtual machine instance associated with the customer.Type: GrantFiled: April 12, 2019Date of Patent: July 28, 2020Assignee: Amazon Technologies, Inc.Inventors: Anthony Joseph Suarez, Scott Kerns Windsor, Nare Hayrapetyan, Daniel Robert Gerdesmeier, Pooja Kalpana Prakash
-
Patent number: 10705992Abstract: Provided are a computer program product, system, and method for non-disruptive encoding of source data in a source data set migrated to a target data set. The source data in the source data set is migrated to a target data set by encoding the source data to produce encoded source data to copy to a target data set. In response to receiving write data for the source data set, the write data is encoded to produce encoded write data to copy to the target data set. Input/Output (“I/O”) requests to the source data set are redirected to the target data set having encoded data for the source data set.Type: GrantFiled: December 11, 2017Date of Patent: July 7, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John H. Hogan, Richard G. Pace, Harry M. Yudenfriend
-
Patent number: 10678515Abstract: Techniques for simplifying and reusing visual programming graphs are described herein. In some examples, visual programming graphs may be simplified by decoupling execution signals from data resolution. Execution of a particular node may be triggered through a representation of a signal sent from a signal output slot of another node to a signal input slot on the node being triggered. Additionally, evaluation of data values may be represented by a connection between a data output slot on the node providing the data value to a data input slot on the node receiving the data value. Another technique for simplifying visual programming graphs may include combining and/or collapsing of multiple selected visual programming nodes into a single reusable visual programming node. In some examples, reusable combined visual programming nodes may be exposed using unlocked versions and/or locked versions.Type: GrantFiled: September 20, 2016Date of Patent: June 9, 2020Assignee: Amazon Technologies, Inc.Inventors: Michael Edmonds, Luis René Sempé Sosa
-
Patent number: 10599495Abstract: A data deletion system may trigger and orchestrate data deletion of data across various data stores. The system may schedule a record having a unique identifier for deletion in response to a data deletion rule. The record may be deleted from a system of record based on the unique identifier. The system may broadcast a deletion message containing the unique identifier. The deletion message may trigger a purge of data associated with the unique identifier by a subscribing entity such as, for example, an application or third party. The system may monitor the subscribing entity to determine whether the purge was successfully completed.Type: GrantFiled: May 12, 2017Date of Patent: March 24, 2020Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.Inventors: Sripriya Tiku, Fred Bishop, Diane Derocher
-
Patent number: 10592678Abstract: The embodiments herein are directed to a technique for providing secure communication between nodes of a network environment or within a node of the network using a verified virtual trusted platform module (TPM) of each node. The verified virtual TPM illustratively emulates a hardware TPM device to provide software key management of cryptographic keys used to provide the secure communication over a computer network of the network environment. Illustratively, the verified virtual TPM is configured to enforce a security policy of a trusted code base (TCB) that includes the virtual TPM. Trustedness denotes a predetermined level of confidence that the security property is demonstrated by the verified virtual TPM. The predetermined level of confidence is based on an assurance (i.e., grounds) that the verified virtual TPM demonstrates the security property.Type: GrantFiled: September 9, 2016Date of Patent: March 17, 2020Assignee: FireEye, Inc.Inventors: Osman Abdoul Ismael, Hendrik Tews
-
Patent number: 10515364Abstract: A banking system operates responsive to data read from data bearing records. The system includes an automated banking machine comprising a card reader. The card reader includes a movable read head that can read card data along a magnetic stripe of a card that was inserted long-edge first. The card reader includes a card entry gate. The gate is opened for a card that is determined to be properly oriented for data reading. The card reader can encrypt card data, including account data. The machine also includes a PIN keypad. The card reader can send encrypted card data to the keypad. The keypad can decipher the encrypted card data. The keypad can encrypt both deciphered card data and a received user PIN. The card data and the PIN are usable by the machine to authorize a user to carry out a financial transfer involving the account.Type: GrantFiled: July 13, 2018Date of Patent: December 24, 2019Assignee: Diebold Nixdorf, IncorporatedInventors: David Lewis, Natarajan Ramachandran, Mark A. Douglass, Timothy Crews, Songtao Ma, Randall W. Jenkins, H. Thomas Graef, Sathish M. Irudayam, Klaus Steinbach, Jeffery Enright
-
Patent number: 10372924Abstract: Computer protection is weak with the methods currently available and there are risks of malicious users getting access to computers, corrupting important data, including system data. We are proposing a method for improving access protection, more particularly, by using a slave device that will enable or disable protection for applications as required. The device supports one or more users, none or more user groups, none or one or more Application Security Environments for each user or user group and one or more states for each Application Security Environment. The state of the hardware is manually controlled by the users. Depending on the configuration, each hardware state corresponding to an Application Security Environment corresponds to a set of privileges the processes running in that Application Security Environment have while that Application Security Environment is in that state.Type: GrantFiled: May 12, 2008Date of Patent: August 6, 2019Inventors: George Madathilparambil George, Nikhil George
-
Patent number: 10360017Abstract: A computing system is provided that includes a distribution endpoint including one or more processors configured to receive a request from a developer computing device to update a program managed by the distribution endpoint, the program being previously packaged and signed. The one or more processors of the distribution endpoint are further configured to receive a code file including a change to the program, retrieve a package of the program that has not been updated with the change to the program, generate an updated package of the program by adding the code file to the retrieved package of the program such that the updated package of the program logically represents a package of the updated program, and distribute the updated package of the program to an end user computing device.Type: GrantFiled: January 2, 2018Date of Patent: July 23, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Jason Ghssane Salameh, Andy Liu, John James Vintzel, Cory Alan Hendrixson
-
Patent number: 10334083Abstract: There is provided a computer implemented method for detection and prevention of an attempt at establishment of a network connection for malicious communication, comprising: detecting a connection establishment process for establishing a network connection, the connection establishment process initiated by code running on a client terminal; analyzing records in at least one stack trace of the initiating code managed at the client terminal, to detect a trial to establish a malicious communication wherein the network connection is used for malicious activity; and blocking establishment of the network connection when the analysis detects the trial to establish the malicious communication based on the network connection.Type: GrantFiled: November 24, 2015Date of Patent: June 25, 2019Assignee: enSilo Ltd.Inventors: Roy Katmor, Tomer Bitton, Udi Yavo, Ido Kelson
-
Patent number: 10284372Abstract: Processing information is disclosed including receiving an application retrieval request sent by a terminal, the application retrieval request including identifying information of the terminal, generating, based on a preset key generation technique, an encryption key based on the identifying information included in the application retrieval request, encrypting, based on the encryption key and a preset encryption technique, designated data in an application to obtain an encrypted application, and sending the encrypted application to the terminal.Type: GrantFiled: September 23, 2015Date of Patent: May 7, 2019Assignee: Alibaba Group Holding LimitedInventor: Jianwei Fan
-
Patent number: 10255438Abstract: Examples relate to providing operating system (OS) agnostic validation of firmware images. In some examples, a request to verify a number of firmware images is received, where each of the firmware images is associated with a metadata set. A first installation of a first firmware image of the firmware images is accessed via a physical interface, and a first metadata set is used to verify the first installation, where the first metadata set includes a firmware signature that is used to verify the first installation. At this stage, the request is forwarded to a child management processor, where the management processors are in a trusted group and related according to a tree hierarchy.Type: GrantFiled: September 24, 2014Date of Patent: April 9, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventor: Suhas Shivanna
-
Patent number: 10185509Abstract: Technologies are provided for secure sanitization of a storage device. A storage device can be configured to support an operational mode, into which the storage device is placed by default, and in which requests to cryptographically erase the storage device are rejected. The storage device can support a separate sanitization mode in which a request to cryptographically erase the storage device will be processed. Access to the sanitization mode can be restricted to trusted sources (such as a boot firmware of a computer connected to the storage device). The storage device can be configured to reject a command to place the storage device in the sanitization mode, unless the command is received during an initialization of the storage device. In at least some embodiments, the storage device can reject data access commands while it is in the sanitization mode.Type: GrantFiled: June 1, 2017Date of Patent: January 22, 2019Assignee: Amazon Technologies, Inc.Inventors: Munif M. Farhan, Jaime Ismael Rangel Martinez
-
Patent number: 10102390Abstract: Contents of a memory may be authenticated using redundant encryption. In some examples, data to be stored by a memory is encrypted with two unique encryption keys—a first encryption key is used generate a cipher text and a second encryption key (different than the first encryption key) is used to generate an authentication tag. The cipher text and authentication tag are stored by the memory. At a later time, the cipher text and authentication tag may be retrieved from the memory and decrypted using the respective encryption keys. After decrypting the cipher text and the authentication tag, the data retrieved from the memory may be authenticated by comparing the plaintext generated by decrypting the cipher text and with the plaintext generated by decrypting the authentication tag. A match between the plaintext indicates the data was not corrupted or modified during storage in the memory.Type: GrantFiled: June 28, 2012Date of Patent: October 16, 2018Assignee: Honeywell International Inc.Inventors: Thomas Cordella, John Profumo
-
Patent number: 10061927Abstract: Identification information of a program read from outside, such as firmware, is acquired, and usability of a piece of key data in a range corresponding to the identification information is set, among a plurality of pieces of key data to be used for the program. As another example, based on new key data generated based on key data stored in advance in a memory and identification information, firmware corresponding to the identification information is decrypted.Type: GrantFiled: October 5, 2015Date of Patent: August 28, 2018Assignee: NINTENDO CO., LTD.Inventors: Yutaka Murakami, Minoru Hatamoto, Tatsuhiro Shirai
-
Patent number: 10055602Abstract: Methods, systems, and computer program products for securely processing range predicates on cloud databases are provided herein. A computer-implemented method includes separately encrypting a set of plain text data using two or more encryption functions, thereby producing an encrypted domain comprising at least two distinct groups of encrypted data items; converting a range query over plain text data items into a query over at least one of the distinct groups of encrypted data items; and combining results from the query over the distinct groups of encrypted data items, thereby generating a final encrypted result to the range query.Type: GrantFiled: April 19, 2016Date of Patent: August 21, 2018Assignee: International Business Machines CorporationInventors: Prasad M. Deshpande, Jayant R. Haritsa, Akshar Kaul, Manish Kesarwani, Gagandeep Singh
-
Patent number: 9984124Abstract: At least one user table in a relational database management system (RDBMS) using a first operator within a structured query language (SQL) command is identified. The first operator within the SQL command is utilized to transfer one or more data items from the at least one user table to a data array within the RDBMS. The data array is processed within the RDBMS, and one or more output values are generated based on the processing.Type: GrantFiled: April 11, 2012Date of Patent: May 29, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Patrick Dantressangle, Eberhard Hechler, Martin Oberhofer, Michael Wurst
-
Patent number: 9977902Abstract: A system may include a host that may include a processor coupled to a non-volatile memory over a secure communication protocol. As a result, prior to release for manufacturing, a binding code may be established between the host and the non-volatile memory. In some embodiments, this binding code may be stored on the non-volatile memory and not on the host. Then during a boot up of the system, the boot up process may be initiated by the host using code associated with the host, followed by secure booting using the secure protocol using code stored on the non-volatile memory.Type: GrantFiled: April 22, 2015Date of Patent: May 22, 2018Assignee: Micron Technology, Inc.Inventor: Brent Ahlquist
-
Patent number: 9965261Abstract: Embodiments of the present invention relate to a method, device and computer program product for container deployment. By comparing the target libraries required by a target container to be deployed and the libraries that have been loaded on the candidate hosts, the costs of deploying the target container on the candidate hosts can be estimated. Then a target host is selected from among the plurality of candidate hosts based on the determined costs.Type: GrantFiled: August 18, 2015Date of Patent: May 8, 2018Assignee: International Business Machines CorporationInventors: Xiao Long Chen, David L. Kaminsky, Xi Ning Wang, Zhe Yan, Zheng Zhao
-
Patent number: 9959104Abstract: Embodiments of the present invention relate to a method, device and computer program product for container deployment. By comparing the target libraries required by a target container to be deployed and the libraries that have been loaded on the candidate hosts, the costs of deploying the target container on the candidate hosts can be estimated. Then a target host is selected from among the plurality of candidate hosts based on the determined costs.Type: GrantFiled: April 29, 2016Date of Patent: May 1, 2018Assignee: International Business Machines CorporationInventors: Xiao Long Chen, David L. Kaminsky, Xi Ning Wang, Zhe Yan, Zheng Zhao
-
Patent number: 9948470Abstract: An authentication device is provided that authenticates an electronic device based on the responses from distinct types of physically unclonable functions. The authentication device receives a device identifier associated with the electronic device. It then sends one or more challenges to the electronic device. In response, the authentication device receives one or more responses from the electronic device, the one or more responses including characteristic information generated from two or more distinct types of physically unclonable functions in the electronic device.Type: GrantFiled: January 29, 2016Date of Patent: April 17, 2018Assignee: QUALCOMM IncorporatedInventors: Xu Guo, David M. Jacobson, Yafei Yang, Adam J. Drew, Brian Marc Rosenberg
-
Patent number: 9928042Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for automatically determining configuration properties of a compiler. One of the methods includes determining that an executable of the newly created process is a compiler called by the build system to compile source code of a source code file. In response to the determining, a plurality of configuration properties of the compiler called by the build system are determined, the configuration properties including first properties of a plurality of built-in functions of the compiler, second properties of a plurality of built-in types of the compiler, or both. A compiler emulator is configured to emulate the behavior of the compiler called by the build system using the determined configuration properties. Access to the source code is provided to the compiler emulator configured using the determined configuration properties.Type: GrantFiled: March 23, 2017Date of Patent: March 27, 2018Assignee: Semmle LimitedInventor: Peter Cawley
-
Patent number: 9792439Abstract: Embodiments of a method are disclosed. One embodiment is a method for securely updating firmware in a computing device, in which the computing device includes a host processor and a non-volatile memory. The method involves receiving a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key. The method also involves receiving the second crypto-key from an external key source, decrypting the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image, storing the encrypted firmware image in the non-volatile memory of the computing device, reading the encrypted firmware image from the non-volatile memory of the computing device, decrypting the encrypted firmware image using the first crypto-key, and executing the firmware on the computing device.Type: GrantFiled: September 19, 2012Date of Patent: October 17, 2017Assignee: NXP B.V.Inventor: Vincent Cedric Colnot
-
Patent number: 9781113Abstract: Technologies for supporting and implementing multiple digital rights management protocols on a client device are described. In some embodiments, the technologies include a client device having an architectural enclave which may function to identify one of a plurality of digital rights management protocols for protecting digital information to be received from a content provider or a sensor. The architectural enclave select a preexisting secure information processing environment (SIPE) to process said digital information, if a preexisting SIPE supporting the DRM protocol is present on the client. If a preexisting SIPE supporting the DRM protocol is not present on the client, the architectural enclave may general a new SIPE that supports the DRM protocol on the client. Transmission of the digital information may then be directed to the selected preexisting SIPE or the new SIPE, as appropriate.Type: GrantFiled: December 19, 2013Date of Patent: October 3, 2017Assignee: INTEL CORPORATIONInventors: Ned M. Smith, Nathan Heldt-Sheller, Reshma Lal, Micah J. Sheller, Matthew E. Hoekstra