Upgrade/install Encryption Patents (Class 713/191)
  • Patent number: 10334083
    Abstract: There is provided a computer implemented method for detection and prevention of an attempt at establishment of a network connection for malicious communication, comprising: detecting a connection establishment process for establishing a network connection, the connection establishment process initiated by code running on a client terminal; analyzing records in at least one stack trace of the initiating code managed at the client terminal, to detect a trial to establish a malicious communication wherein the network connection is used for malicious activity; and blocking establishment of the network connection when the analysis detects the trial to establish the malicious communication based on the network connection.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: June 25, 2019
    Assignee: enSilo Ltd.
    Inventors: Roy Katmor, Tomer Bitton, Udi Yavo, Ido Kelson
  • Patent number: 10284372
    Abstract: Processing information is disclosed including receiving an application retrieval request sent by a terminal, the application retrieval request including identifying information of the terminal, generating, based on a preset key generation technique, an encryption key based on the identifying information included in the application retrieval request, encrypting, based on the encryption key and a preset encryption technique, designated data in an application to obtain an encrypted application, and sending the encrypted application to the terminal.
    Type: Grant
    Filed: September 23, 2015
    Date of Patent: May 7, 2019
    Assignee: Alibaba Group Holding Limited
    Inventor: Jianwei Fan
  • Patent number: 10255438
    Abstract: Examples relate to providing operating system (OS) agnostic validation of firmware images. In some examples, a request to verify a number of firmware images is received, where each of the firmware images is associated with a metadata set. A first installation of a first firmware image of the firmware images is accessed via a physical interface, and a first metadata set is used to verify the first installation, where the first metadata set includes a firmware signature that is used to verify the first installation. At this stage, the request is forwarded to a child management processor, where the management processors are in a trusted group and related according to a tree hierarchy.
    Type: Grant
    Filed: September 24, 2014
    Date of Patent: April 9, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventor: Suhas Shivanna
  • Patent number: 10185509
    Abstract: Technologies are provided for secure sanitization of a storage device. A storage device can be configured to support an operational mode, into which the storage device is placed by default, and in which requests to cryptographically erase the storage device are rejected. The storage device can support a separate sanitization mode in which a request to cryptographically erase the storage device will be processed. Access to the sanitization mode can be restricted to trusted sources (such as a boot firmware of a computer connected to the storage device). The storage device can be configured to reject a command to place the storage device in the sanitization mode, unless the command is received during an initialization of the storage device. In at least some embodiments, the storage device can reject data access commands while it is in the sanitization mode.
    Type: Grant
    Filed: June 1, 2017
    Date of Patent: January 22, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Munif M. Farhan, Jaime Ismael Rangel Martinez
  • Patent number: 10102390
    Abstract: Contents of a memory may be authenticated using redundant encryption. In some examples, data to be stored by a memory is encrypted with two unique encryption keys—a first encryption key is used generate a cipher text and a second encryption key (different than the first encryption key) is used to generate an authentication tag. The cipher text and authentication tag are stored by the memory. At a later time, the cipher text and authentication tag may be retrieved from the memory and decrypted using the respective encryption keys. After decrypting the cipher text and the authentication tag, the data retrieved from the memory may be authenticated by comparing the plaintext generated by decrypting the cipher text and with the plaintext generated by decrypting the authentication tag. A match between the plaintext indicates the data was not corrupted or modified during storage in the memory.
    Type: Grant
    Filed: June 28, 2012
    Date of Patent: October 16, 2018
    Assignee: Honeywell International Inc.
    Inventors: Thomas Cordella, John Profumo
  • Patent number: 10061927
    Abstract: Identification information of a program read from outside, such as firmware, is acquired, and usability of a piece of key data in a range corresponding to the identification information is set, among a plurality of pieces of key data to be used for the program. As another example, based on new key data generated based on key data stored in advance in a memory and identification information, firmware corresponding to the identification information is decrypted.
    Type: Grant
    Filed: October 5, 2015
    Date of Patent: August 28, 2018
    Assignee: NINTENDO CO., LTD.
    Inventors: Yutaka Murakami, Minoru Hatamoto, Tatsuhiro Shirai
  • Patent number: 10055602
    Abstract: Methods, systems, and computer program products for securely processing range predicates on cloud databases are provided herein. A computer-implemented method includes separately encrypting a set of plain text data using two or more encryption functions, thereby producing an encrypted domain comprising at least two distinct groups of encrypted data items; converting a range query over plain text data items into a query over at least one of the distinct groups of encrypted data items; and combining results from the query over the distinct groups of encrypted data items, thereby generating a final encrypted result to the range query.
    Type: Grant
    Filed: April 19, 2016
    Date of Patent: August 21, 2018
    Assignee: International Business Machines Corporation
    Inventors: Prasad M. Deshpande, Jayant R. Haritsa, Akshar Kaul, Manish Kesarwani, Gagandeep Singh
  • Patent number: 9984124
    Abstract: At least one user table in a relational database management system (RDBMS) using a first operator within a structured query language (SQL) command is identified. The first operator within the SQL command is utilized to transfer one or more data items from the at least one user table to a data array within the RDBMS. The data array is processed within the RDBMS, and one or more output values are generated based on the processing.
    Type: Grant
    Filed: April 11, 2012
    Date of Patent: May 29, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patrick Dantressangle, Eberhard Hechler, Martin Oberhofer, Michael Wurst
  • Patent number: 9977902
    Abstract: A system may include a host that may include a processor coupled to a non-volatile memory over a secure communication protocol. As a result, prior to release for manufacturing, a binding code may be established between the host and the non-volatile memory. In some embodiments, this binding code may be stored on the non-volatile memory and not on the host. Then during a boot up of the system, the boot up process may be initiated by the host using code associated with the host, followed by secure booting using the secure protocol using code stored on the non-volatile memory.
    Type: Grant
    Filed: April 22, 2015
    Date of Patent: May 22, 2018
    Assignee: Micron Technology, Inc.
    Inventor: Brent Ahlquist
  • Patent number: 9965261
    Abstract: Embodiments of the present invention relate to a method, device and computer program product for container deployment. By comparing the target libraries required by a target container to be deployed and the libraries that have been loaded on the candidate hosts, the costs of deploying the target container on the candidate hosts can be estimated. Then a target host is selected from among the plurality of candidate hosts based on the determined costs.
    Type: Grant
    Filed: August 18, 2015
    Date of Patent: May 8, 2018
    Assignee: International Business Machines Corporation
    Inventors: Xiao Long Chen, David L. Kaminsky, Xi Ning Wang, Zhe Yan, Zheng Zhao
  • Patent number: 9959104
    Abstract: Embodiments of the present invention relate to a method, device and computer program product for container deployment. By comparing the target libraries required by a target container to be deployed and the libraries that have been loaded on the candidate hosts, the costs of deploying the target container on the candidate hosts can be estimated. Then a target host is selected from among the plurality of candidate hosts based on the determined costs.
    Type: Grant
    Filed: April 29, 2016
    Date of Patent: May 1, 2018
    Assignee: International Business Machines Corporation
    Inventors: Xiao Long Chen, David L. Kaminsky, Xi Ning Wang, Zhe Yan, Zheng Zhao
  • Patent number: 9948470
    Abstract: An authentication device is provided that authenticates an electronic device based on the responses from distinct types of physically unclonable functions. The authentication device receives a device identifier associated with the electronic device. It then sends one or more challenges to the electronic device. In response, the authentication device receives one or more responses from the electronic device, the one or more responses including characteristic information generated from two or more distinct types of physically unclonable functions in the electronic device.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: April 17, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Xu Guo, David M. Jacobson, Yafei Yang, Adam J. Drew, Brian Marc Rosenberg
  • Patent number: 9928042
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for automatically determining configuration properties of a compiler. One of the methods includes determining that an executable of the newly created process is a compiler called by the build system to compile source code of a source code file. In response to the determining, a plurality of configuration properties of the compiler called by the build system are determined, the configuration properties including first properties of a plurality of built-in functions of the compiler, second properties of a plurality of built-in types of the compiler, or both. A compiler emulator is configured to emulate the behavior of the compiler called by the build system using the determined configuration properties. Access to the source code is provided to the compiler emulator configured using the determined configuration properties.
    Type: Grant
    Filed: March 23, 2017
    Date of Patent: March 27, 2018
    Assignee: Semmle Limited
    Inventor: Peter Cawley
  • Patent number: 9792439
    Abstract: Embodiments of a method are disclosed. One embodiment is a method for securely updating firmware in a computing device, in which the computing device includes a host processor and a non-volatile memory. The method involves receiving a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key. The method also involves receiving the second crypto-key from an external key source, decrypting the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image, storing the encrypted firmware image in the non-volatile memory of the computing device, reading the encrypted firmware image from the non-volatile memory of the computing device, decrypting the encrypted firmware image using the first crypto-key, and executing the firmware on the computing device.
    Type: Grant
    Filed: September 19, 2012
    Date of Patent: October 17, 2017
    Assignee: NXP B.V.
    Inventor: Vincent Cedric Colnot
  • Patent number: 9781113
    Abstract: Technologies for supporting and implementing multiple digital rights management protocols on a client device are described. In some embodiments, the technologies include a client device having an architectural enclave which may function to identify one of a plurality of digital rights management protocols for protecting digital information to be received from a content provider or a sensor. The architectural enclave select a preexisting secure information processing environment (SIPE) to process said digital information, if a preexisting SIPE supporting the DRM protocol is present on the client. If a preexisting SIPE supporting the DRM protocol is not present on the client, the architectural enclave may general a new SIPE that supports the DRM protocol on the client. Transmission of the digital information may then be directed to the selected preexisting SIPE or the new SIPE, as appropriate.
    Type: Grant
    Filed: December 19, 2013
    Date of Patent: October 3, 2017
    Assignee: INTEL CORPORATION
    Inventors: Ned M. Smith, Nathan Heldt-Sheller, Reshma Lal, Micah J. Sheller, Matthew E. Hoekstra
  • Patent number: 9773263
    Abstract: To customize products, a first entity receives generic products from a supplier entity, wherein the generic products include base software. The first entity provides a customization component for at least a subset of the generic products. Base software in at least the subset of the generic products is executed at the first entity to interact with the customization component to customize at least one feature of at least the subset of generic products.
    Type: Grant
    Filed: October 24, 2008
    Date of Patent: September 26, 2017
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Kelly J. Reasoner
  • Patent number: 9773360
    Abstract: An apparatus for processing logging policies includes: a logging policy input section configured to receive a plurality of logging policies for use with vehicle data; a logging policy storage configured to store the received plurality of logging policies; a logging policy interpreter configured to extract profile data, variable data, and policy data from the plurality of logging policies stored at the logging policy storage; a logging policy analyzer configured to analyze the profile data, the variable data, and the policy data of the respective logging policies extracted by the logging policy interpreter and create an integration rule based on the analyzed data; an integration logging policy generator configured to generate an integration logging policy based on the integration rule created by the logging policy analyzer; and an integration logging policy processor configured to process the integration logging policy generated by the integration logging policy generator.
    Type: Grant
    Filed: May 2, 2015
    Date of Patent: September 26, 2017
    Assignee: Hyundai Motor Company
    Inventors: Chul Min Kim, Myeong Gyu Jeong, Dong Youl Lee, Young Su Kim
  • Patent number: 9692783
    Abstract: According to an example, a client device determines at least one virus sample according to at least one anti-virus engine, transmits sample information of the at least one virus sample to a server, such that the server determines a first virus sample set needs to be reported according to the sample information of the at least one virus sample and a predefined sample information list in the server, and returns to the first virus sample set to the client device. The client device receives the first virus sample set needs to be reported and performs a virus reporting operation according to the virus sample set.
    Type: Grant
    Filed: April 22, 2015
    Date of Patent: June 27, 2017
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Yongxian Liu, Qiyuan Meng
  • Patent number: 9672023
    Abstract: A graphical user interface (GUI) for a unified software update display center is provided. The GUI includes a first display area for displaying a set of available security system software updates. The GUI includes a second display area for displaying a set of available non-security system software updates. The GUI includes a third display area for displaying a set of available application software updates. The GUI includes a single selection tool for installing all available security updates without installing any updates displayed in the second and third display areas. The GUI includes individual selection tools for installing individual updates displayed in the second and third display areas. The GUI includes a selection tool to receive further updates from a system update server and an application update server. The critical security updates are displayed with different display attributes or in different sections to distinguish them from other types of updates.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: June 6, 2017
    Assignee: APPLE INC.
    Inventors: Jack R. Matthew, Jean-Pierre Ciudad, Laurent Baumann, Patrick L. Coffman, Randy D. Saldinger, Daniel I. Feldman
  • Patent number: 9626177
    Abstract: A method and apparatus for updating an application on a group of nodes is presented. According to one embodiment, an application is updated at a first node. The first node updates a registry to indicate that an update was performed at the first node and propagates the update to the registry to one or more second nodes. At a second node, the second node determines that one or more application updates are available at the first node. Upon such a determination, the second node requests one or more update packages from the first node. Based on an update policy associated with the second node, the second node updates the application using the one or more update packages.
    Type: Grant
    Filed: September 11, 2015
    Date of Patent: April 18, 2017
    Assignee: COHESITY, INC.
    Inventors: Sashi Madduri, Gaurav Garg, Patrick Lundquist
  • Patent number: 9621630
    Abstract: A distribution method is disclosed. In a distribution method, a program to which a first signature is applied is divided. Control information including restore information pertinent to restoring the program and a second signature to secure divisional files of the program is attached to at least one of the divisional files. Each of the divisional files is sent via the Internet.
    Type: Grant
    Filed: February 2, 2015
    Date of Patent: April 11, 2017
    Assignee: FUJITSU LIMITED
    Inventors: Koichi Yasaki, Hidenobu Ito, Kazuaki Nimura
  • Patent number: 9619672
    Abstract: A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code.
    Type: Grant
    Filed: December 24, 2014
    Date of Patent: April 11, 2017
    Assignee: Intel Corporation
    Inventor: Millind Mittal
  • Patent number: 9575977
    Abstract: A method and apparatus for tracking purged data includes at least one of a data deletion module and a data deletion registry that are used to compare data, records and files of at least one computing unit to determine of any of the data, records or files stored within the computing unit have previously been purged. If so, the data, record or file is re-purged. Purging can include deleting the entire data, record or file or just a portion to anonymize the data record or file. Alternatively, instead of deleting all or a portion of a data, record or file, an encryption key required to access all or a portion of the data, record or file may be deleted thereby rendering the encrypted information inaccessible. Differing schemes and method for purging data, records and files may be utilized within a network.
    Type: Grant
    Filed: October 28, 2013
    Date of Patent: February 21, 2017
    Inventor: John H. Bergman
  • Patent number: 9547779
    Abstract: A processor includes a plurality of general purpose registers and cryptographic logic to encrypt and decrypt information. The cryptographic logic is to support a Data Encryption Standard (DES) algorithm, a triple DES (3DES) algorithm, a Rivest-Shamir-Adleman (RSA) algorithm, and a Diffie Hellman algorithm. The processor also includes a plurality of memory partition registers to define a physical address range in a dynamic random access memory for use as a secure memory partition. The processor also includes a plurality of execution units coupled to the plurality of general purpose registers, the plurality of memory partition registers, and the cryptographic logic. The processor also includes secure partition enforcement logic coupled to the plurality of execution units and the memory partition registers, the secure partition enforcement logic to selectively permit read or write access to the dynamic random access memory.
    Type: Grant
    Filed: December 24, 2014
    Date of Patent: January 17, 2017
    Assignee: Intel Corporation
    Inventor: Millind Mittal
  • Patent number: 9507962
    Abstract: A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code.
    Type: Grant
    Filed: December 24, 2014
    Date of Patent: November 29, 2016
    Assignee: Intel Corporation
    Inventor: Millind Mittal
  • Patent number: 9461815
    Abstract: A computational engine may include an input configured to receive a first data packet and a second data packet, a context memory configured to store one or more contexts, and a set of computational elements coupled with the input and coupled with the context memory. The set of computational elements may be configured to generate a first output data packet by executing a first sequence of cryptographic operations on the first data packet, and generate a second output data packet by executing a second sequence of cryptographic operations on the second data packet and on a selected context of the one of the one or more contexts. The selected context may be associated with the second packet of data, and the context may be stored in the context memory prior to the execution of the first sequence of cryptographic operations.
    Type: Grant
    Filed: October 18, 2013
    Date of Patent: October 4, 2016
    Assignee: Advanced Micro Devices, Inc.
    Inventor: Winthrop J. Wu
  • Patent number: 9439072
    Abstract: Provided is a system and method for authentication. The method includes receiving a subscription request from a user terminal, the subscription request executed by an authentication server communicating with the user terminal and including group discrimination data including a group code and information for discriminating a group from another, if it is determined that the group code and the information included in the group discrimination data correspond to each other, performing a group authentication procedure on the user terminal and processing the group authentication procedure as being successful, issuing a member session key to the user terminal, and providing a service requested by the user terminal in response to the service request including the member session key from the user terminal. In one embodiment, it is possible to prevent information on service users from being divulged.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: September 6, 2016
    Assignee: TEAMBLIND INC.
    Inventors: Seong Uk Moon, Yeong Jun Jeong
  • Patent number: 9288064
    Abstract: A unique TIO based trust information delivery scheme is disclosed that allows clients to verify received certificates and to control Java and Javascript access efficiently. This scheme fits into the certificate verification process in SSL to provide a secure connection between a client and a Web server. In particular, the scheme is well suited for incorporation into consumer devices that have a limited footprint, such as set-top boxes, cell phones, and handheld computers. Furthermore, the TIO update scheme disclosed herein allows clients to update certificates securely and dynamically.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: March 15, 2016
    Assignee: TVWorks, LLC
    Inventor: Sihai Xiao
  • Patent number: 9282086
    Abstract: A secured communication network can include a server including an authentication backend, the authentication backend configured to communicate with an authentication front end of a communication device. A server applet can be associated with the authentication backend. The server applet can authenticate an access right associated with the communication device and establish a security level for the communication with the communication device based on information received from the authentication front end.
    Type: Grant
    Filed: May 29, 2013
    Date of Patent: March 8, 2016
    Assignee: Broadcom Corporation
    Inventors: Philippe Klein, Jacob Mendel, Shlomo Markel
  • Patent number: 9262644
    Abstract: A server connectable to an apparatus providing contents and an image display apparatus includes an index information processing part configured to provide the image display apparatus with index information for causing a list of information items associated with the contents to be displayed by the image display apparatus, an image data processing part configured to provide the image display apparatus with image data for causing a content associated with an information item selected from the list to be displayed by the image display apparatus, and an apparatus authentication part configured to cause the index information processing part and the image data processing part to execute respective processes when the identification information of the image display apparatus that has requested to obtain the content associated with the selected information item by using access authority information regarding authority to access the content is managed in correlation with the access authority information.
    Type: Grant
    Filed: July 9, 2013
    Date of Patent: February 16, 2016
    Assignee: RICOH COMPANY, LTD.
    Inventors: Kohta Nagai, Hiroyuki Matsushima, Daigo Uchiyama
  • Patent number: 9235409
    Abstract: Customers wanting to deploy software packages, or updates to those packages, across a group of servers or other computing resources can rely upon a component such as a resource manager to manage the deployment. The resource manager can utilize a data structure that stores deployment information by Revision number, and merges information for each verified deployment into a Mainline for those resources. Each Deployment can involve an Individual Release or a Baseline Release, and the importance of those Releases can be determined with respect to a current snapshot of the Mainline. Such an approach enables important Release and Deployment information to be quickly determined and obtained, which can help with configuring and scheduling future Deployments.
    Type: Grant
    Filed: October 30, 2012
    Date of Patent: January 12, 2016
    Assignee: Amazon Technologies, Inc.
    Inventors: Jiaqi Guo, Gang Li, Matthew David Klein, Zhe Fu, Baogang Song, Weizhong Hua
  • Patent number: 9230455
    Abstract: A method for digital immunity includes identifying a call graph of an executable entity, and mapping nodes of the call graph to a cipher table of obscured information, such that each node based on invariants in the executable entity. A cipher table maintains associations between the invariants and the obscured information. Construction of an obscured information item, such as a executable set of instructions or a program, involves extracting, from the cipher table, ordered portions of the obscured information, in which the ordered portions have a sequence based on the ordering of the invariants, and ensuring that the obscured information matches a predetermined ordering corresponding to acceptable operation, such as by execution of the instructions represented by the obscured information, or steganographic target program (to distinguish from the executable entity being evaluated). The unmodified nature of the executable entity is assured by successful execution of the steganographic target program.
    Type: Grant
    Filed: June 9, 2014
    Date of Patent: January 5, 2016
    Assignee: DIGITAL IMMUNITY LLC
    Inventor: Thomas H Probert
  • Patent number: 9207911
    Abstract: A system and method of generating a one-way function and thereby producing a random-value stream. Steps include: providing a plurality of memory cells addressed according to a domain value wherein any given domain value maps to all possible range values; generating a random domain value associated with one of the memory cells; reading a data value associated with the generated random domain value; generating dynamically enhanced data by providing an additional quantity of data; removing suspected non-random portions thereby creating source data; validating the source data according to a minimum randomness requirement, thereby creating a validated source data; and integrating the validated source data with the memory cell locations using a random edit process that is a masking, a displacement-in-time, a chaos engine, an XOR, an overwrite, an expand, a remove, a control plane, or an address plane module. The expand module inserts a noise chunk.
    Type: Grant
    Filed: October 16, 2009
    Date of Patent: December 8, 2015
    Assignee: CASSY HOLDINGS LLC
    Inventor: Patrick D. Ross
  • Patent number: 9112610
    Abstract: In a network that includes one or a plurality of optical line terminals, a plurality of branches, and an optical routing unit, the optical network unit registration method includes a first process in which the optical line terminals transmit a discovery gate to the optical network units, and a second process in which, in response to the discovery gate, an unregistered optical network unit transmits a register request to a separate optical line terminal from the terminal that transmitted the discovery gate. A discovery window is provided in the optical line terminal that receives the register request. This optical line terminal receives the register request in the discovery window.
    Type: Grant
    Filed: March 8, 2013
    Date of Patent: August 18, 2015
    Assignee: Oki Electric Industry Co., Ltd.
    Inventor: Masahiro Sarashina
  • Patent number: 9077651
    Abstract: A distributed fabric system has distributed line card (DLC) chassis and scaled-out fabric coupler (SFC) chassis. Each DLC includes a network processor and fabric ports. Each network processor of each DLC includes a fabric interface in communication with the fabric ports of that DLC. Each SFC includes at least one fabric element and SFC fabric ports. A fabric communication link connects each SFC fabric port to one DLC fabric port. Each fabric communication link includes cell-carrying lanes. Each fabric element of each SFC detects connectivity between each SFC fabric port of that SFC and one DLC fabric port over a fabric communication link. Each SFC includes program code that reads connectivity matrix from fabric element chips and sends connection information corresponding to the detected connectivity from that SFC to a central agent. A network element includes the central agent, which, when executed, constructs a topology of the distributed fabric system from the connection information sent from each SFC.
    Type: Grant
    Filed: March 7, 2012
    Date of Patent: July 7, 2015
    Assignee: International Business Machines Corporation
    Inventors: Sushma Anantharam, Nirapada Ghosh, Dayavanti Gopal Kamath, Keshav Govind Kamble, Dar-Ren Leu, Chandarani J. Mendon, Vijoy Pandey, Nandakumar Peethambaram
  • Patent number: 9047474
    Abstract: A circuit for providing isolation in an integrated circuit is described. The circuit comprises a first circuit block having circuits associated with a first security level; a second circuit block having circuits associated with a second security level; and a third circuit block having programmable resources, the third circuit block providing isolation between the first circuit block and the second circuit block and being programmable to enable connections between the first circuit block and the second circuit block.
    Type: Grant
    Filed: February 21, 2014
    Date of Patent: June 2, 2015
    Assignee: XILINX, INC.
    Inventors: Sagheer Ahmad, Bradley L. Taylor, Ygal Arbel
  • Patent number: 9031239
    Abstract: An information processing apparatus includes an encrypting unit that encrypts a value to be kept secret with a predetermined cipher key. The information processing apparatus includes a converting unit that converts, when the value to be kept secret is an initial value written at the time of initialization of a storage device in which a value encrypted by the encrypting unit is stored, the value encrypted by the encrypting unit into a value which is reversibly convertible and is independent of the cipher key used by the encrypting unit. The information processing apparatus includes a storing unit that stores the value converted by the converting unit in the storage device.
    Type: Grant
    Filed: August 14, 2013
    Date of Patent: May 12, 2015
    Assignee: Fujitsu Limited
    Inventor: Yoshiaki Uchida
  • Patent number: 9025765
    Abstract: A system 100 for increasing data security comprises predetermined system data 104 to be protected. A cryptographic unit 108 is used for cryptographic processing of respective blocks of the content data in dependence on respective keys. A key provider 106 determines the respective key used for the processing of a respective block of the content data in dependence on a respective portion 112 of the predetermined system data 104, the portion not including all the predetermined system data, wherein different respective portions of the predetermined system data are selected for the respective blocks of content data. A server system 200 for increasing data security comprises an output 202 for providing processed content data 110 to a client system 100, the client system comprising predetermined system data 104 to be protected. The server system 200 also comprises a cryptographic unit 208 and a key provider 206.
    Type: Grant
    Filed: May 19, 2008
    Date of Patent: May 5, 2015
    Assignee: Irdeto B.V.
    Inventors: Wilhelmus Petrus Adrianus Johannus Michiels, Paulus Mathias Hubertus Mechtildis Antonius Gorissen, Boris Skoric
  • Patent number: 9003203
    Abstract: Storage associated with a virtual machine or other type of device may be migrated between locations (e.g., physical devices, network locations, etc.). To maintain the security of the storage, a system may manage the encryption of the storage area such that a storage area is encrypted with a first encryption key that may be maintained through the migration. A header of the storage area, on the other hand, may be encrypted using a second encryption key and the first encryption key may be stored therein. Upon transfer, the header may be re-encrypted to affect the transfer of security.
    Type: Grant
    Filed: January 23, 2013
    Date of Patent: April 7, 2015
    Assignee: Citrix Systems, Inc.
    Inventor: Michael Bursell
  • Patent number: 8997209
    Abstract: A memory device includes a plurality of memory chips, including one or more memory chips that store authentication information, and a controller including a first register that stores information indicating a representative memory chip, from among the one or more memory chips that store the authentication information, that stores valid authentication information.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: March 31, 2015
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Won-Seok Lee, Young-Kug Moon
  • Patent number: 8996744
    Abstract: Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.
    Type: Grant
    Filed: December 2, 2013
    Date of Patent: March 31, 2015
    Assignee: Amazon Technologies, Inc.
    Inventors: Michael David Marr, Pradeep Vincent, Matthew T. Corddry, James R. Hamilton
  • Patent number: 8995663
    Abstract: Disclosed is a method for implementing an encryption engine, which includes: when an engine binding interface is called, a hardware encryption engine establishes a connection with a hardware encryption equipment, acquires an algorithm list of said equipment, and fills a first data structure; when a key initialization interface is called, said engine, according to the transmitted first data structure, sets an encryption/decryption algorithm to be used by said equipment, and retrieves a corresponding algorithm key; and if no algorithm key is retrieved, said engine controls said equipment to create said algorithm key; when a data encryption/decryption interface is called, said engine, according to the currently set encryption/decryption algorithm and said algorithm key, controls said equipment to perform an encryption/decryption operation on the transmitted data. The present invention can add or extend the encryption/decryption algorithm that can only be implemented in hardware to a software algorithm library.
    Type: Grant
    Filed: March 29, 2011
    Date of Patent: March 31, 2015
    Assignee: Feitian Technologies Co., Ltd.
    Inventors: Zhou Lu, Huazhang Yu
  • Patent number: 8990796
    Abstract: A method of deploying a new operating system on a plurality of data processors. Hardware and driver information is determined from the data processors. A general disk image for all of the data processors is prepared in a preinstallation environment. Hardware and software components for a specific target data processor are added to or associated with the preinstallation environment to create an installation operating system for that data processor. The components of the installation operating system are installed on the target data processor, thereby replacing the data processor's operating system with the new operating system of the preinstallation environment.
    Type: Grant
    Filed: November 29, 2007
    Date of Patent: March 24, 2015
    Inventors: Thomas Lamantia, Derek Fournier, Rick Schendelman, Kyle Haroldsen, Alan Batson, Phuoc Lieu, Justin Merritt, Kan Mongwa, David Norling-Christensen, Eric Reiner
  • Patent number: 8984636
    Abstract: A security system provides a defense from known and unknown viruses, worms, spyware, hackers, and unwanted software. The system can implement centralized policies that allow an administrator to approve, block, quarantine, and log file activities. The system can extract content of interest from a file container, repackage the content of interest as another valid file type, perform hashes on the content of interest, associate the hash of the container with the hash of the repackaged content, transfer the repackaged content, and store the hash with other security-related information.
    Type: Grant
    Filed: July 29, 2005
    Date of Patent: March 17, 2015
    Assignee: Bit9, Inc.
    Inventor: Todd Brennan
  • Patent number: 8984656
    Abstract: Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.
    Type: Grant
    Filed: September 23, 2013
    Date of Patent: March 17, 2015
    Assignee: Verisk Crime Analytics, Inc.
    Inventors: David A. Duhaime, Brad J. Duhaime
  • Patent number: 8966283
    Abstract: This document describes methods and systems by which a data storage service migrates a volume of stored data from an unencrypted format to an encrypted format while still permitting user access to the data. The encryption process uses migration markers to identify records that have undergone the encryption process. When migration is complete, the service removes the migration markers and retains the encrypted data in a data storage facility.
    Type: Grant
    Filed: February 15, 2013
    Date of Patent: February 24, 2015
    Assignee: Google Inc.
    Inventors: Umesh Shankar, Ruoming Pang, Benjamin Valerian Pflanz, Sarvar Patel, Darrell Kindred, Daniel Rebolledo Samper
  • Patent number: 8966284
    Abstract: A memory system comprises an encryption engine implemented in the hardware of a controller. In starting up the memory system, a boot strapping mechanism is implemented wherein a first portion of firmware when executed pulls in another portion of firmware to be executed. The hardware of the encryption engine is used to verify the integrity of at least the first portion of the firmware. Therefore, only the firmware that is intended to run the system will be executed.
    Type: Grant
    Filed: November 21, 2005
    Date of Patent: February 24, 2015
    Assignee: SanDisk Technologies Inc.
    Inventors: Michael Holtzman, Ron Barzilai, Reuven Elhamias, Niv Cohen
  • Patent number: 8966253
    Abstract: A method and apparatus for authenticating a bitstream used to configure programmable devices are described. In an example, the bitstream is received via a configuration port of the programmable device, the bitstream including instructions for programming configuration registers of the programmable device and at least one embedded message authentication code (MAC). At least a portion of the instructions is initially stored in a memory of the programmable device without programming the configuration registers. At least one actual MAC is computed based on the bitstream using a hash algorithm. The at least one actual MAC is compared with the at least one embedded MAC, respectively. Each instruction stored in the memory is executed to program the configuration registers until any one of the at least one actual MAC is not the same as a corresponding one of the at least one embedded MAC, after which any remaining instructions in the memory are not executed.
    Type: Grant
    Filed: June 1, 2010
    Date of Patent: February 24, 2015
    Assignee: Xilinx, Inc.
    Inventor: Stephen M. Trimberger
  • Patent number: 8966021
    Abstract: A computer system image is executed on a computing node over a network. A system specification file transmitted over the network specifies the computer system image by specifying components of the computer system image. The components include an operating system and at least one resource. The system specification file also contains a signature associated with the resource. A resource is determined to be authorized to be incorporated into the computer system image by verifying the signature. A computer system image can then be formed based on the components specified by the system specification file and executed locally.
    Type: Grant
    Filed: December 20, 2011
    Date of Patent: February 24, 2015
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Patent number: 8935771
    Abstract: A computer security system may include a removable security device adapted to connect to the input/output port of a computer. The security device may include: a random access memory (RAM) cell; and a processor. The security system may further include: at least one encrypted update packet stored remotely from the security device and adapted to modify the contents of the RAM cell; and a private key located on the security device and adapted to decrypt the update packet; and at least one of a device driver, a software application, and/or a library stored remotely from, and in communication with, the security device and adapted to cause the contents of the at least one cell to be switched out of the cell, stored remotely from the cell, and loaded back into the cell.
    Type: Grant
    Filed: November 6, 2006
    Date of Patent: January 13, 2015
    Assignee: SafeNet, Inc.
    Inventor: Mehdi Sotoodeh