Upgrade/install Encryption Patents (Class 713/191)
  • Patent number: 10725775
    Abstract: A request to store a container image is received from a device associated with a customer of a computing resource service provider. Validity of a security token associated with the request is authenticated using a cryptographic key maintained as a secret by the computing resource service provider. One or more layers of the container image is built based at least in part on at least one build artifact to form a set of built layers. The software image including the set of built layers is stored in a repository associated with the customer. A manifest of metadata for the set of built layers is stored in a database of a structured data store. The container image is obtained in the form of an obtained container image. The obtained container image is deployed as the software container in at least one virtual machine instance associated with the customer.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: July 28, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Anthony Joseph Suarez, Scott Kerns Windsor, Nare Hayrapetyan, Daniel Robert Gerdesmeier, Pooja Kalpana Prakash
  • Patent number: 10705992
    Abstract: Provided are a computer program product, system, and method for non-disruptive encoding of source data in a source data set migrated to a target data set. The source data in the source data set is migrated to a target data set by encoding the source data to produce encoded source data to copy to a target data set. In response to receiving write data for the source data set, the write data is encoded to produce encoded write data to copy to the target data set. Input/Output (“I/O”) requests to the source data set are redirected to the target data set having encoded data for the source data set.
    Type: Grant
    Filed: December 11, 2017
    Date of Patent: July 7, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: John H. Hogan, Richard G. Pace, Harry M. Yudenfriend
  • Patent number: 10678515
    Abstract: Techniques for simplifying and reusing visual programming graphs are described herein. In some examples, visual programming graphs may be simplified by decoupling execution signals from data resolution. Execution of a particular node may be triggered through a representation of a signal sent from a signal output slot of another node to a signal input slot on the node being triggered. Additionally, evaluation of data values may be represented by a connection between a data output slot on the node providing the data value to a data input slot on the node receiving the data value. Another technique for simplifying visual programming graphs may include combining and/or collapsing of multiple selected visual programming nodes into a single reusable visual programming node. In some examples, reusable combined visual programming nodes may be exposed using unlocked versions and/or locked versions.
    Type: Grant
    Filed: September 20, 2016
    Date of Patent: June 9, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Michael Edmonds, Luis René Sempé Sosa
  • Patent number: 10599495
    Abstract: A data deletion system may trigger and orchestrate data deletion of data across various data stores. The system may schedule a record having a unique identifier for deletion in response to a data deletion rule. The record may be deleted from a system of record based on the unique identifier. The system may broadcast a deletion message containing the unique identifier. The deletion message may trigger a purge of data associated with the unique identifier by a subscribing entity such as, for example, an application or third party. The system may monitor the subscribing entity to determine whether the purge was successfully completed.
    Type: Grant
    Filed: May 12, 2017
    Date of Patent: March 24, 2020
    Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.
    Inventors: Sripriya Tiku, Fred Bishop, Diane Derocher
  • Patent number: 10592678
    Abstract: The embodiments herein are directed to a technique for providing secure communication between nodes of a network environment or within a node of the network using a verified virtual trusted platform module (TPM) of each node. The verified virtual TPM illustratively emulates a hardware TPM device to provide software key management of cryptographic keys used to provide the secure communication over a computer network of the network environment. Illustratively, the verified virtual TPM is configured to enforce a security policy of a trusted code base (TCB) that includes the virtual TPM. Trustedness denotes a predetermined level of confidence that the security property is demonstrated by the verified virtual TPM. The predetermined level of confidence is based on an assurance (i.e., grounds) that the verified virtual TPM demonstrates the security property.
    Type: Grant
    Filed: September 9, 2016
    Date of Patent: March 17, 2020
    Assignee: FireEye, Inc.
    Inventors: Osman Abdoul Ismael, Hendrik Tews
  • Patent number: 10515364
    Abstract: A banking system operates responsive to data read from data bearing records. The system includes an automated banking machine comprising a card reader. The card reader includes a movable read head that can read card data along a magnetic stripe of a card that was inserted long-edge first. The card reader includes a card entry gate. The gate is opened for a card that is determined to be properly oriented for data reading. The card reader can encrypt card data, including account data. The machine also includes a PIN keypad. The card reader can send encrypted card data to the keypad. The keypad can decipher the encrypted card data. The keypad can encrypt both deciphered card data and a received user PIN. The card data and the PIN are usable by the machine to authorize a user to carry out a financial transfer involving the account.
    Type: Grant
    Filed: July 13, 2018
    Date of Patent: December 24, 2019
    Assignee: Diebold Nixdorf, Incorporated
    Inventors: David Lewis, Natarajan Ramachandran, Mark A. Douglass, Timothy Crews, Songtao Ma, Randall W. Jenkins, H. Thomas Graef, Sathish M. Irudayam, Klaus Steinbach, Jeffery Enright
  • Patent number: 10372924
    Abstract: Computer protection is weak with the methods currently available and there are risks of malicious users getting access to computers, corrupting important data, including system data. We are proposing a method for improving access protection, more particularly, by using a slave device that will enable or disable protection for applications as required. The device supports one or more users, none or more user groups, none or one or more Application Security Environments for each user or user group and one or more states for each Application Security Environment. The state of the hardware is manually controlled by the users. Depending on the configuration, each hardware state corresponding to an Application Security Environment corresponds to a set of privileges the processes running in that Application Security Environment have while that Application Security Environment is in that state.
    Type: Grant
    Filed: May 12, 2008
    Date of Patent: August 6, 2019
    Inventors: George Madathilparambil George, Nikhil George
  • Patent number: 10360017
    Abstract: A computing system is provided that includes a distribution endpoint including one or more processors configured to receive a request from a developer computing device to update a program managed by the distribution endpoint, the program being previously packaged and signed. The one or more processors of the distribution endpoint are further configured to receive a code file including a change to the program, retrieve a package of the program that has not been updated with the change to the program, generate an updated package of the program by adding the code file to the retrieved package of the program such that the updated package of the program logically represents a package of the updated program, and distribute the updated package of the program to an end user computing device.
    Type: Grant
    Filed: January 2, 2018
    Date of Patent: July 23, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Jason Ghssane Salameh, Andy Liu, John James Vintzel, Cory Alan Hendrixson
  • Patent number: 10334083
    Abstract: There is provided a computer implemented method for detection and prevention of an attempt at establishment of a network connection for malicious communication, comprising: detecting a connection establishment process for establishing a network connection, the connection establishment process initiated by code running on a client terminal; analyzing records in at least one stack trace of the initiating code managed at the client terminal, to detect a trial to establish a malicious communication wherein the network connection is used for malicious activity; and blocking establishment of the network connection when the analysis detects the trial to establish the malicious communication based on the network connection.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: June 25, 2019
    Assignee: enSilo Ltd.
    Inventors: Roy Katmor, Tomer Bitton, Udi Yavo, Ido Kelson
  • Patent number: 10284372
    Abstract: Processing information is disclosed including receiving an application retrieval request sent by a terminal, the application retrieval request including identifying information of the terminal, generating, based on a preset key generation technique, an encryption key based on the identifying information included in the application retrieval request, encrypting, based on the encryption key and a preset encryption technique, designated data in an application to obtain an encrypted application, and sending the encrypted application to the terminal.
    Type: Grant
    Filed: September 23, 2015
    Date of Patent: May 7, 2019
    Assignee: Alibaba Group Holding Limited
    Inventor: Jianwei Fan
  • Patent number: 10255438
    Abstract: Examples relate to providing operating system (OS) agnostic validation of firmware images. In some examples, a request to verify a number of firmware images is received, where each of the firmware images is associated with a metadata set. A first installation of a first firmware image of the firmware images is accessed via a physical interface, and a first metadata set is used to verify the first installation, where the first metadata set includes a firmware signature that is used to verify the first installation. At this stage, the request is forwarded to a child management processor, where the management processors are in a trusted group and related according to a tree hierarchy.
    Type: Grant
    Filed: September 24, 2014
    Date of Patent: April 9, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventor: Suhas Shivanna
  • Patent number: 10185509
    Abstract: Technologies are provided for secure sanitization of a storage device. A storage device can be configured to support an operational mode, into which the storage device is placed by default, and in which requests to cryptographically erase the storage device are rejected. The storage device can support a separate sanitization mode in which a request to cryptographically erase the storage device will be processed. Access to the sanitization mode can be restricted to trusted sources (such as a boot firmware of a computer connected to the storage device). The storage device can be configured to reject a command to place the storage device in the sanitization mode, unless the command is received during an initialization of the storage device. In at least some embodiments, the storage device can reject data access commands while it is in the sanitization mode.
    Type: Grant
    Filed: June 1, 2017
    Date of Patent: January 22, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Munif M. Farhan, Jaime Ismael Rangel Martinez
  • Patent number: 10102390
    Abstract: Contents of a memory may be authenticated using redundant encryption. In some examples, data to be stored by a memory is encrypted with two unique encryption keys—a first encryption key is used generate a cipher text and a second encryption key (different than the first encryption key) is used to generate an authentication tag. The cipher text and authentication tag are stored by the memory. At a later time, the cipher text and authentication tag may be retrieved from the memory and decrypted using the respective encryption keys. After decrypting the cipher text and the authentication tag, the data retrieved from the memory may be authenticated by comparing the plaintext generated by decrypting the cipher text and with the plaintext generated by decrypting the authentication tag. A match between the plaintext indicates the data was not corrupted or modified during storage in the memory.
    Type: Grant
    Filed: June 28, 2012
    Date of Patent: October 16, 2018
    Assignee: Honeywell International Inc.
    Inventors: Thomas Cordella, John Profumo
  • Patent number: 10061927
    Abstract: Identification information of a program read from outside, such as firmware, is acquired, and usability of a piece of key data in a range corresponding to the identification information is set, among a plurality of pieces of key data to be used for the program. As another example, based on new key data generated based on key data stored in advance in a memory and identification information, firmware corresponding to the identification information is decrypted.
    Type: Grant
    Filed: October 5, 2015
    Date of Patent: August 28, 2018
    Assignee: NINTENDO CO., LTD.
    Inventors: Yutaka Murakami, Minoru Hatamoto, Tatsuhiro Shirai
  • Patent number: 10055602
    Abstract: Methods, systems, and computer program products for securely processing range predicates on cloud databases are provided herein. A computer-implemented method includes separately encrypting a set of plain text data using two or more encryption functions, thereby producing an encrypted domain comprising at least two distinct groups of encrypted data items; converting a range query over plain text data items into a query over at least one of the distinct groups of encrypted data items; and combining results from the query over the distinct groups of encrypted data items, thereby generating a final encrypted result to the range query.
    Type: Grant
    Filed: April 19, 2016
    Date of Patent: August 21, 2018
    Assignee: International Business Machines Corporation
    Inventors: Prasad M. Deshpande, Jayant R. Haritsa, Akshar Kaul, Manish Kesarwani, Gagandeep Singh
  • Patent number: 9984124
    Abstract: At least one user table in a relational database management system (RDBMS) using a first operator within a structured query language (SQL) command is identified. The first operator within the SQL command is utilized to transfer one or more data items from the at least one user table to a data array within the RDBMS. The data array is processed within the RDBMS, and one or more output values are generated based on the processing.
    Type: Grant
    Filed: April 11, 2012
    Date of Patent: May 29, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patrick Dantressangle, Eberhard Hechler, Martin Oberhofer, Michael Wurst
  • Patent number: 9977902
    Abstract: A system may include a host that may include a processor coupled to a non-volatile memory over a secure communication protocol. As a result, prior to release for manufacturing, a binding code may be established between the host and the non-volatile memory. In some embodiments, this binding code may be stored on the non-volatile memory and not on the host. Then during a boot up of the system, the boot up process may be initiated by the host using code associated with the host, followed by secure booting using the secure protocol using code stored on the non-volatile memory.
    Type: Grant
    Filed: April 22, 2015
    Date of Patent: May 22, 2018
    Assignee: Micron Technology, Inc.
    Inventor: Brent Ahlquist
  • Patent number: 9965261
    Abstract: Embodiments of the present invention relate to a method, device and computer program product for container deployment. By comparing the target libraries required by a target container to be deployed and the libraries that have been loaded on the candidate hosts, the costs of deploying the target container on the candidate hosts can be estimated. Then a target host is selected from among the plurality of candidate hosts based on the determined costs.
    Type: Grant
    Filed: August 18, 2015
    Date of Patent: May 8, 2018
    Assignee: International Business Machines Corporation
    Inventors: Xiao Long Chen, David L. Kaminsky, Xi Ning Wang, Zhe Yan, Zheng Zhao
  • Patent number: 9959104
    Abstract: Embodiments of the present invention relate to a method, device and computer program product for container deployment. By comparing the target libraries required by a target container to be deployed and the libraries that have been loaded on the candidate hosts, the costs of deploying the target container on the candidate hosts can be estimated. Then a target host is selected from among the plurality of candidate hosts based on the determined costs.
    Type: Grant
    Filed: April 29, 2016
    Date of Patent: May 1, 2018
    Assignee: International Business Machines Corporation
    Inventors: Xiao Long Chen, David L. Kaminsky, Xi Ning Wang, Zhe Yan, Zheng Zhao
  • Patent number: 9948470
    Abstract: An authentication device is provided that authenticates an electronic device based on the responses from distinct types of physically unclonable functions. The authentication device receives a device identifier associated with the electronic device. It then sends one or more challenges to the electronic device. In response, the authentication device receives one or more responses from the electronic device, the one or more responses including characteristic information generated from two or more distinct types of physically unclonable functions in the electronic device.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: April 17, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Xu Guo, David M. Jacobson, Yafei Yang, Adam J. Drew, Brian Marc Rosenberg
  • Patent number: 9928042
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for automatically determining configuration properties of a compiler. One of the methods includes determining that an executable of the newly created process is a compiler called by the build system to compile source code of a source code file. In response to the determining, a plurality of configuration properties of the compiler called by the build system are determined, the configuration properties including first properties of a plurality of built-in functions of the compiler, second properties of a plurality of built-in types of the compiler, or both. A compiler emulator is configured to emulate the behavior of the compiler called by the build system using the determined configuration properties. Access to the source code is provided to the compiler emulator configured using the determined configuration properties.
    Type: Grant
    Filed: March 23, 2017
    Date of Patent: March 27, 2018
    Assignee: Semmle Limited
    Inventor: Peter Cawley
  • Patent number: 9792439
    Abstract: Embodiments of a method are disclosed. One embodiment is a method for securely updating firmware in a computing device, in which the computing device includes a host processor and a non-volatile memory. The method involves receiving a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key. The method also involves receiving the second crypto-key from an external key source, decrypting the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image, storing the encrypted firmware image in the non-volatile memory of the computing device, reading the encrypted firmware image from the non-volatile memory of the computing device, decrypting the encrypted firmware image using the first crypto-key, and executing the firmware on the computing device.
    Type: Grant
    Filed: September 19, 2012
    Date of Patent: October 17, 2017
    Assignee: NXP B.V.
    Inventor: Vincent Cedric Colnot
  • Patent number: 9781113
    Abstract: Technologies for supporting and implementing multiple digital rights management protocols on a client device are described. In some embodiments, the technologies include a client device having an architectural enclave which may function to identify one of a plurality of digital rights management protocols for protecting digital information to be received from a content provider or a sensor. The architectural enclave select a preexisting secure information processing environment (SIPE) to process said digital information, if a preexisting SIPE supporting the DRM protocol is present on the client. If a preexisting SIPE supporting the DRM protocol is not present on the client, the architectural enclave may general a new SIPE that supports the DRM protocol on the client. Transmission of the digital information may then be directed to the selected preexisting SIPE or the new SIPE, as appropriate.
    Type: Grant
    Filed: December 19, 2013
    Date of Patent: October 3, 2017
    Assignee: INTEL CORPORATION
    Inventors: Ned M. Smith, Nathan Heldt-Sheller, Reshma Lal, Micah J. Sheller, Matthew E. Hoekstra
  • Patent number: 9773263
    Abstract: To customize products, a first entity receives generic products from a supplier entity, wherein the generic products include base software. The first entity provides a customization component for at least a subset of the generic products. Base software in at least the subset of the generic products is executed at the first entity to interact with the customization component to customize at least one feature of at least the subset of generic products.
    Type: Grant
    Filed: October 24, 2008
    Date of Patent: September 26, 2017
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Kelly J. Reasoner
  • Patent number: 9773360
    Abstract: An apparatus for processing logging policies includes: a logging policy input section configured to receive a plurality of logging policies for use with vehicle data; a logging policy storage configured to store the received plurality of logging policies; a logging policy interpreter configured to extract profile data, variable data, and policy data from the plurality of logging policies stored at the logging policy storage; a logging policy analyzer configured to analyze the profile data, the variable data, and the policy data of the respective logging policies extracted by the logging policy interpreter and create an integration rule based on the analyzed data; an integration logging policy generator configured to generate an integration logging policy based on the integration rule created by the logging policy analyzer; and an integration logging policy processor configured to process the integration logging policy generated by the integration logging policy generator.
    Type: Grant
    Filed: May 2, 2015
    Date of Patent: September 26, 2017
    Assignee: Hyundai Motor Company
    Inventors: Chul Min Kim, Myeong Gyu Jeong, Dong Youl Lee, Young Su Kim
  • Patent number: 9692783
    Abstract: According to an example, a client device determines at least one virus sample according to at least one anti-virus engine, transmits sample information of the at least one virus sample to a server, such that the server determines a first virus sample set needs to be reported according to the sample information of the at least one virus sample and a predefined sample information list in the server, and returns to the first virus sample set to the client device. The client device receives the first virus sample set needs to be reported and performs a virus reporting operation according to the virus sample set.
    Type: Grant
    Filed: April 22, 2015
    Date of Patent: June 27, 2017
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Yongxian Liu, Qiyuan Meng
  • Patent number: 9672023
    Abstract: A graphical user interface (GUI) for a unified software update display center is provided. The GUI includes a first display area for displaying a set of available security system software updates. The GUI includes a second display area for displaying a set of available non-security system software updates. The GUI includes a third display area for displaying a set of available application software updates. The GUI includes a single selection tool for installing all available security updates without installing any updates displayed in the second and third display areas. The GUI includes individual selection tools for installing individual updates displayed in the second and third display areas. The GUI includes a selection tool to receive further updates from a system update server and an application update server. The critical security updates are displayed with different display attributes or in different sections to distinguish them from other types of updates.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: June 6, 2017
    Assignee: APPLE INC.
    Inventors: Jack R. Matthew, Jean-Pierre Ciudad, Laurent Baumann, Patrick L. Coffman, Randy D. Saldinger, Daniel I. Feldman
  • Patent number: 9626177
    Abstract: A method and apparatus for updating an application on a group of nodes is presented. According to one embodiment, an application is updated at a first node. The first node updates a registry to indicate that an update was performed at the first node and propagates the update to the registry to one or more second nodes. At a second node, the second node determines that one or more application updates are available at the first node. Upon such a determination, the second node requests one or more update packages from the first node. Based on an update policy associated with the second node, the second node updates the application using the one or more update packages.
    Type: Grant
    Filed: September 11, 2015
    Date of Patent: April 18, 2017
    Assignee: COHESITY, INC.
    Inventors: Sashi Madduri, Gaurav Garg, Patrick Lundquist
  • Patent number: 9621630
    Abstract: A distribution method is disclosed. In a distribution method, a program to which a first signature is applied is divided. Control information including restore information pertinent to restoring the program and a second signature to secure divisional files of the program is attached to at least one of the divisional files. Each of the divisional files is sent via the Internet.
    Type: Grant
    Filed: February 2, 2015
    Date of Patent: April 11, 2017
    Assignee: FUJITSU LIMITED
    Inventors: Koichi Yasaki, Hidenobu Ito, Kazuaki Nimura
  • Patent number: 9619672
    Abstract: A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code.
    Type: Grant
    Filed: December 24, 2014
    Date of Patent: April 11, 2017
    Assignee: Intel Corporation
    Inventor: Millind Mittal
  • Patent number: 9575977
    Abstract: A method and apparatus for tracking purged data includes at least one of a data deletion module and a data deletion registry that are used to compare data, records and files of at least one computing unit to determine of any of the data, records or files stored within the computing unit have previously been purged. If so, the data, record or file is re-purged. Purging can include deleting the entire data, record or file or just a portion to anonymize the data record or file. Alternatively, instead of deleting all or a portion of a data, record or file, an encryption key required to access all or a portion of the data, record or file may be deleted thereby rendering the encrypted information inaccessible. Differing schemes and method for purging data, records and files may be utilized within a network.
    Type: Grant
    Filed: October 28, 2013
    Date of Patent: February 21, 2017
    Inventor: John H. Bergman
  • Patent number: 9547779
    Abstract: A processor includes a plurality of general purpose registers and cryptographic logic to encrypt and decrypt information. The cryptographic logic is to support a Data Encryption Standard (DES) algorithm, a triple DES (3DES) algorithm, a Rivest-Shamir-Adleman (RSA) algorithm, and a Diffie Hellman algorithm. The processor also includes a plurality of memory partition registers to define a physical address range in a dynamic random access memory for use as a secure memory partition. The processor also includes a plurality of execution units coupled to the plurality of general purpose registers, the plurality of memory partition registers, and the cryptographic logic. The processor also includes secure partition enforcement logic coupled to the plurality of execution units and the memory partition registers, the secure partition enforcement logic to selectively permit read or write access to the dynamic random access memory.
    Type: Grant
    Filed: December 24, 2014
    Date of Patent: January 17, 2017
    Assignee: Intel Corporation
    Inventor: Millind Mittal
  • Patent number: 9507962
    Abstract: A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code.
    Type: Grant
    Filed: December 24, 2014
    Date of Patent: November 29, 2016
    Assignee: Intel Corporation
    Inventor: Millind Mittal
  • Patent number: 9461815
    Abstract: A computational engine may include an input configured to receive a first data packet and a second data packet, a context memory configured to store one or more contexts, and a set of computational elements coupled with the input and coupled with the context memory. The set of computational elements may be configured to generate a first output data packet by executing a first sequence of cryptographic operations on the first data packet, and generate a second output data packet by executing a second sequence of cryptographic operations on the second data packet and on a selected context of the one of the one or more contexts. The selected context may be associated with the second packet of data, and the context may be stored in the context memory prior to the execution of the first sequence of cryptographic operations.
    Type: Grant
    Filed: October 18, 2013
    Date of Patent: October 4, 2016
    Assignee: Advanced Micro Devices, Inc.
    Inventor: Winthrop J. Wu
  • Patent number: 9439072
    Abstract: Provided is a system and method for authentication. The method includes receiving a subscription request from a user terminal, the subscription request executed by an authentication server communicating with the user terminal and including group discrimination data including a group code and information for discriminating a group from another, if it is determined that the group code and the information included in the group discrimination data correspond to each other, performing a group authentication procedure on the user terminal and processing the group authentication procedure as being successful, issuing a member session key to the user terminal, and providing a service requested by the user terminal in response to the service request including the member session key from the user terminal. In one embodiment, it is possible to prevent information on service users from being divulged.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: September 6, 2016
    Assignee: TEAMBLIND INC.
    Inventors: Seong Uk Moon, Yeong Jun Jeong
  • Patent number: 9288064
    Abstract: A unique TIO based trust information delivery scheme is disclosed that allows clients to verify received certificates and to control Java and Javascript access efficiently. This scheme fits into the certificate verification process in SSL to provide a secure connection between a client and a Web server. In particular, the scheme is well suited for incorporation into consumer devices that have a limited footprint, such as set-top boxes, cell phones, and handheld computers. Furthermore, the TIO update scheme disclosed herein allows clients to update certificates securely and dynamically.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: March 15, 2016
    Assignee: TVWorks, LLC
    Inventor: Sihai Xiao
  • Patent number: 9282086
    Abstract: A secured communication network can include a server including an authentication backend, the authentication backend configured to communicate with an authentication front end of a communication device. A server applet can be associated with the authentication backend. The server applet can authenticate an access right associated with the communication device and establish a security level for the communication with the communication device based on information received from the authentication front end.
    Type: Grant
    Filed: May 29, 2013
    Date of Patent: March 8, 2016
    Assignee: Broadcom Corporation
    Inventors: Philippe Klein, Jacob Mendel, Shlomo Markel
  • Patent number: 9262644
    Abstract: A server connectable to an apparatus providing contents and an image display apparatus includes an index information processing part configured to provide the image display apparatus with index information for causing a list of information items associated with the contents to be displayed by the image display apparatus, an image data processing part configured to provide the image display apparatus with image data for causing a content associated with an information item selected from the list to be displayed by the image display apparatus, and an apparatus authentication part configured to cause the index information processing part and the image data processing part to execute respective processes when the identification information of the image display apparatus that has requested to obtain the content associated with the selected information item by using access authority information regarding authority to access the content is managed in correlation with the access authority information.
    Type: Grant
    Filed: July 9, 2013
    Date of Patent: February 16, 2016
    Assignee: RICOH COMPANY, LTD.
    Inventors: Kohta Nagai, Hiroyuki Matsushima, Daigo Uchiyama
  • Patent number: 9235409
    Abstract: Customers wanting to deploy software packages, or updates to those packages, across a group of servers or other computing resources can rely upon a component such as a resource manager to manage the deployment. The resource manager can utilize a data structure that stores deployment information by Revision number, and merges information for each verified deployment into a Mainline for those resources. Each Deployment can involve an Individual Release or a Baseline Release, and the importance of those Releases can be determined with respect to a current snapshot of the Mainline. Such an approach enables important Release and Deployment information to be quickly determined and obtained, which can help with configuring and scheduling future Deployments.
    Type: Grant
    Filed: October 30, 2012
    Date of Patent: January 12, 2016
    Assignee: Amazon Technologies, Inc.
    Inventors: Jiaqi Guo, Gang Li, Matthew David Klein, Zhe Fu, Baogang Song, Weizhong Hua
  • Patent number: 9230455
    Abstract: A method for digital immunity includes identifying a call graph of an executable entity, and mapping nodes of the call graph to a cipher table of obscured information, such that each node based on invariants in the executable entity. A cipher table maintains associations between the invariants and the obscured information. Construction of an obscured information item, such as a executable set of instructions or a program, involves extracting, from the cipher table, ordered portions of the obscured information, in which the ordered portions have a sequence based on the ordering of the invariants, and ensuring that the obscured information matches a predetermined ordering corresponding to acceptable operation, such as by execution of the instructions represented by the obscured information, or steganographic target program (to distinguish from the executable entity being evaluated). The unmodified nature of the executable entity is assured by successful execution of the steganographic target program.
    Type: Grant
    Filed: June 9, 2014
    Date of Patent: January 5, 2016
    Assignee: DIGITAL IMMUNITY LLC
    Inventor: Thomas H Probert
  • Patent number: 9207911
    Abstract: A system and method of generating a one-way function and thereby producing a random-value stream. Steps include: providing a plurality of memory cells addressed according to a domain value wherein any given domain value maps to all possible range values; generating a random domain value associated with one of the memory cells; reading a data value associated with the generated random domain value; generating dynamically enhanced data by providing an additional quantity of data; removing suspected non-random portions thereby creating source data; validating the source data according to a minimum randomness requirement, thereby creating a validated source data; and integrating the validated source data with the memory cell locations using a random edit process that is a masking, a displacement-in-time, a chaos engine, an XOR, an overwrite, an expand, a remove, a control plane, or an address plane module. The expand module inserts a noise chunk.
    Type: Grant
    Filed: October 16, 2009
    Date of Patent: December 8, 2015
    Assignee: CASSY HOLDINGS LLC
    Inventor: Patrick D. Ross
  • Patent number: 9112610
    Abstract: In a network that includes one or a plurality of optical line terminals, a plurality of branches, and an optical routing unit, the optical network unit registration method includes a first process in which the optical line terminals transmit a discovery gate to the optical network units, and a second process in which, in response to the discovery gate, an unregistered optical network unit transmits a register request to a separate optical line terminal from the terminal that transmitted the discovery gate. A discovery window is provided in the optical line terminal that receives the register request. This optical line terminal receives the register request in the discovery window.
    Type: Grant
    Filed: March 8, 2013
    Date of Patent: August 18, 2015
    Assignee: Oki Electric Industry Co., Ltd.
    Inventor: Masahiro Sarashina
  • Patent number: 9077651
    Abstract: A distributed fabric system has distributed line card (DLC) chassis and scaled-out fabric coupler (SFC) chassis. Each DLC includes a network processor and fabric ports. Each network processor of each DLC includes a fabric interface in communication with the fabric ports of that DLC. Each SFC includes at least one fabric element and SFC fabric ports. A fabric communication link connects each SFC fabric port to one DLC fabric port. Each fabric communication link includes cell-carrying lanes. Each fabric element of each SFC detects connectivity between each SFC fabric port of that SFC and one DLC fabric port over a fabric communication link. Each SFC includes program code that reads connectivity matrix from fabric element chips and sends connection information corresponding to the detected connectivity from that SFC to a central agent. A network element includes the central agent, which, when executed, constructs a topology of the distributed fabric system from the connection information sent from each SFC.
    Type: Grant
    Filed: March 7, 2012
    Date of Patent: July 7, 2015
    Assignee: International Business Machines Corporation
    Inventors: Sushma Anantharam, Nirapada Ghosh, Dayavanti Gopal Kamath, Keshav Govind Kamble, Dar-Ren Leu, Chandarani J. Mendon, Vijoy Pandey, Nandakumar Peethambaram
  • Patent number: 9047474
    Abstract: A circuit for providing isolation in an integrated circuit is described. The circuit comprises a first circuit block having circuits associated with a first security level; a second circuit block having circuits associated with a second security level; and a third circuit block having programmable resources, the third circuit block providing isolation between the first circuit block and the second circuit block and being programmable to enable connections between the first circuit block and the second circuit block.
    Type: Grant
    Filed: February 21, 2014
    Date of Patent: June 2, 2015
    Assignee: XILINX, INC.
    Inventors: Sagheer Ahmad, Bradley L. Taylor, Ygal Arbel
  • Patent number: 9031239
    Abstract: An information processing apparatus includes an encrypting unit that encrypts a value to be kept secret with a predetermined cipher key. The information processing apparatus includes a converting unit that converts, when the value to be kept secret is an initial value written at the time of initialization of a storage device in which a value encrypted by the encrypting unit is stored, the value encrypted by the encrypting unit into a value which is reversibly convertible and is independent of the cipher key used by the encrypting unit. The information processing apparatus includes a storing unit that stores the value converted by the converting unit in the storage device.
    Type: Grant
    Filed: August 14, 2013
    Date of Patent: May 12, 2015
    Assignee: Fujitsu Limited
    Inventor: Yoshiaki Uchida
  • Patent number: 9025765
    Abstract: A system 100 for increasing data security comprises predetermined system data 104 to be protected. A cryptographic unit 108 is used for cryptographic processing of respective blocks of the content data in dependence on respective keys. A key provider 106 determines the respective key used for the processing of a respective block of the content data in dependence on a respective portion 112 of the predetermined system data 104, the portion not including all the predetermined system data, wherein different respective portions of the predetermined system data are selected for the respective blocks of content data. A server system 200 for increasing data security comprises an output 202 for providing processed content data 110 to a client system 100, the client system comprising predetermined system data 104 to be protected. The server system 200 also comprises a cryptographic unit 208 and a key provider 206.
    Type: Grant
    Filed: May 19, 2008
    Date of Patent: May 5, 2015
    Assignee: Irdeto B.V.
    Inventors: Wilhelmus Petrus Adrianus Johannus Michiels, Paulus Mathias Hubertus Mechtildis Antonius Gorissen, Boris Skoric
  • Patent number: 9003203
    Abstract: Storage associated with a virtual machine or other type of device may be migrated between locations (e.g., physical devices, network locations, etc.). To maintain the security of the storage, a system may manage the encryption of the storage area such that a storage area is encrypted with a first encryption key that may be maintained through the migration. A header of the storage area, on the other hand, may be encrypted using a second encryption key and the first encryption key may be stored therein. Upon transfer, the header may be re-encrypted to affect the transfer of security.
    Type: Grant
    Filed: January 23, 2013
    Date of Patent: April 7, 2015
    Assignee: Citrix Systems, Inc.
    Inventor: Michael Bursell
  • Patent number: 8997209
    Abstract: A memory device includes a plurality of memory chips, including one or more memory chips that store authentication information, and a controller including a first register that stores information indicating a representative memory chip, from among the one or more memory chips that store the authentication information, that stores valid authentication information.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: March 31, 2015
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Won-Seok Lee, Young-Kug Moon
  • Patent number: 8996744
    Abstract: Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.
    Type: Grant
    Filed: December 2, 2013
    Date of Patent: March 31, 2015
    Assignee: Amazon Technologies, Inc.
    Inventors: Michael David Marr, Pradeep Vincent, Matthew T. Corddry, James R. Hamilton
  • Patent number: 8995663
    Abstract: Disclosed is a method for implementing an encryption engine, which includes: when an engine binding interface is called, a hardware encryption engine establishes a connection with a hardware encryption equipment, acquires an algorithm list of said equipment, and fills a first data structure; when a key initialization interface is called, said engine, according to the transmitted first data structure, sets an encryption/decryption algorithm to be used by said equipment, and retrieves a corresponding algorithm key; and if no algorithm key is retrieved, said engine controls said equipment to create said algorithm key; when a data encryption/decryption interface is called, said engine, according to the currently set encryption/decryption algorithm and said algorithm key, controls said equipment to perform an encryption/decryption operation on the transmitted data. The present invention can add or extend the encryption/decryption algorithm that can only be implemented in hardware to a software algorithm library.
    Type: Grant
    Filed: March 29, 2011
    Date of Patent: March 31, 2015
    Assignee: Feitian Technologies Co., Ltd.
    Inventors: Zhou Lu, Huazhang Yu