Upgrade/install Encryption Patents (Class 713/191)
  • Patent number: 12107863
    Abstract: Embodiments of the present invention provide a system for validating users in a virtual ecosystem based on stacking of digital resources. The system is configured for identifying initiation of a resource interaction between a first user and a second user in a digital ecosystem, receiving a verification request from at least one of the first user and the second user, prompting the first user and the second user to provide digital resources, receiving first number of stacked digital resources from the first user and second number of stacked digital resources from the second user, calculating a first score for the first user based on the first number of stacked digital resources, calculating a second score for the second user based on the second number of stacked digital resources, and processing the resource interaction based on inputs received from the first user and the second user in the digital ecosystem.
    Type: Grant
    Filed: November 1, 2022
    Date of Patent: October 1, 2024
    Assignee: BANK OF AMERICA CORPORATION
    Inventor: Saurabh Gupta
  • Patent number: 12026258
    Abstract: An information processing device includes a memory, and processing circuitry coupled to the memory and configured to acquire, from a storage of a security module with tamper resistance, information related to a verification key and ID information of the configuration file for verifying a digital signature for a configuration file, and use the acquired information related to the verification key and ID information to cause an application program to execute processing of verifying integrity of configuration data of the configuration file, acquire registration version information from the storage of the security module, and use the acquired registration version information to cause the application program to execute processing of verifying a configuration version of the configuration file, and update the registration version information to the version of the configuration version when the configuration version of the configuration file and the registration version information satisfy a predetermined condition.
    Type: Grant
    Filed: July 30, 2019
    Date of Patent: July 2, 2024
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Takeshi Nagayoshi, Yuichi Komatsu, Ryota Sato
  • Patent number: 11868755
    Abstract: A system for updating software installed on an electronic unit on a vehicle can include a processor and a memory. The processor can be disposed on an intermediate communications device. The intermediate communications device can be a mobile device. The memory can store an update request module and an update existence module. The update request module can include instructions that when executed by the processor cause the processor to receive, from the electronic unit on the vehicle, a request for an update of the software. The request can include: (1) an identification of a version of the software currently installed on the electronic unit and (2) a key to specifically identify the electronic unit. The update existence module can include instructions that when executed by the processor cause the processor to receive, from a device associated with development of the software, information about an existence of the update.
    Type: Grant
    Filed: July 30, 2021
    Date of Patent: January 9, 2024
    Assignee: Toyota Motor Engineering & Manufacturing North America, Inc.
    Inventors: Vladimeros Vladimerou, Gregg J. Overfield, Drew Cunningham, John-Michael McNew
  • Patent number: 11838841
    Abstract: In one embodiment, a domain controller (a) quarantines unknown devices at a first quarantine point at a first layer of a multi-layer communication model; (b) communicates with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service; (c) receives a provisioning request for a first device via an access point, wherein the access point comprises a second quarantine point at a second layer of the multi-level communication model; (d) verifies a device type of the first device with the DNS service; and (e) responsive to that verification, provisions the first device into the domain. The domain controller may also send a provisioning response to the access point to enable the first device to be removed from the second quarantine point, to enable the first device to communicate with the domain controller. Other embodiments are described and claimed.
    Type: Grant
    Filed: August 22, 2022
    Date of Patent: December 5, 2023
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Ravi S. Subramaniam, David W. Grawrock
  • Patent number: 11671444
    Abstract: A system includes persistent storage containing configuration items (CIs) representing discovered attribute values of computing resources associated with a managed network, and an application configured to perform operations, including obtaining test result data generated based on a third-party scanning system executing tests of a particular computing resource associated with the managed network. The test result data includes attribute values of the particular computing resource. The operations also include generating, by way of an embedding model and based on the attribute values, an embedding vector representing the attribute values, and comparing the embedding vector to a plurality of candidate embedding vectors, each representing the discovered attribute values of a corresponding CI of the CIs.
    Type: Grant
    Filed: September 12, 2022
    Date of Patent: June 6, 2023
    Assignee: ServiceNow, Inc.
    Inventor: Brian James Waplington
  • Patent number: 11609996
    Abstract: An object of the disclosure is to simplify security enhancements based on trusted computing. For this, a first data processing apparatus configured to operate in accordance with one or more platform configuration is provided. The first data processing apparatus includes an attestation processor, a network interface, and a data storage device for storing validation data. The attestation processor is configured to establish attestation data that is indicative of a current platform configuration. The validation data facilitates a validity check of integrity data, which includes the attestation data. The first data processing apparatus is configured to provide the integrity and validation data.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: March 21, 2023
    Assignee: Siemens Aktiengesellschaft
    Inventor: Rainer Falk
  • Patent number: 11544050
    Abstract: A graphical user interface is used to present one or more candidate patch target stages of a software development pipeline. Prior to deployment of a patch to a particular stage, an operation is performed to verify that a version of a deployed software at the particular stage has not changed since a record of a state of the particular stage was obtained. The deployment of the patch to the particular stage is initiated when the version of the deployed software has not changed.
    Type: Grant
    Filed: July 18, 2019
    Date of Patent: January 3, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: Kumar Ankit, Penchala Reddy Audireddy, Jayant Choranur Rajachar, Sujatha Narasimhan, Mohammad Asad Ur Rehman
  • Patent number: 11543144
    Abstract: An air conditioning control apparatus includes a memory interface performing a data transceiving between a storage medium, a memory, and a controller. The storage medium stores a boot program in a boot program region. The memory stores the boot program of the storage medium. The controller reads out the boot program of the storage medium from the memory when a predetermined period is elapsed, and overwrites the boot program that is read out in the boot program region of the storage medium.
    Type: Grant
    Filed: September 16, 2020
    Date of Patent: January 3, 2023
    Assignee: DENSO WAVE INCORPORATED
    Inventor: Kensuke Nakajima
  • Patent number: 11500651
    Abstract: A method and system for managing execution of a local craft terminal application on a local computer system comprising accessing one of the plurality of remote network elements and obtaining therefrom a launcher application program configured to manage execution of the local craft terminal application on the local computer system, launching the launcher application program on the local computer system and determining, using the launcher application program, whether the local computer system contains an appropriate copy of the local craft terminal application, and if the local computer system does not contain the appropriate copy of the local craft terminal application, obtaining the appropriate copy of the local craft terminal application from the first one of the plurality of remote network elements.
    Type: Grant
    Filed: December 30, 2019
    Date of Patent: November 15, 2022
    Assignee: XIEON NETWORKS S.a.r.l.
    Inventor: Paulo Sérgio Palmeira Coelho
  • Patent number: 11477625
    Abstract: In one embodiment, a domain controller includes a quarantine logic to quarantine unknown devices from unrestricted network access. The quarantine logic comprises a first quarantine point at a first layer of a multi-layer communication model. The domain controller also includes: a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point that comprises a second quarantine point at a second layer of the multi-level communication model. The second layer is a lower layer than the first layer, and the second quarantine point is more restrictive than the first. Other embodiments are described and claimed.
    Type: Grant
    Filed: October 29, 2020
    Date of Patent: October 18, 2022
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Ravi S. Subramaniam, David W. Grawrock
  • Patent number: 11470107
    Abstract: A system includes persistent storage containing configuration items (CIs) representing discovered attribute values of computing resources associated with a managed network, and an application configured to perform operations, including obtaining test result data generated based on a third-party scanning system executing tests of a particular computing resource associated with the managed network. The test result data includes attribute values of the particular computing resource. The operations also include generating, by way of an embedding model and based on the attribute values, an embedding vector representing the attribute values, and comparing the embedding vector to a plurality of candidate embedding vectors, each representing the discovered attribute values of a corresponding CI of the CIs.
    Type: Grant
    Filed: June 10, 2020
    Date of Patent: October 11, 2022
    Assignee: ServiceNow, Inc.
    Inventor: Brian James Waplington
  • Patent number: 11451573
    Abstract: An embodiment may involve a plurality of configuration items and an unmatched configuration item, wherein the unmatched configuration item is associated with a first set of attribute values and a first vulnerability, wherein the first vulnerability is associated with a first set of field values.
    Type: Grant
    Filed: June 16, 2020
    Date of Patent: September 20, 2022
    Assignee: ServiceNow, Inc.
    Inventor: Brian James Waplington
  • Patent number: 11431676
    Abstract: A method, an apparatus, and a system for detecting a terminal security status are provided. The method includes: receiving a file, and running the file, to generate a dynamic behavior result. The dynamic behavior result includes a behavior sequence that is generated according to a chronological order of occurrence of behaviors. When the file includes an APT, the security protection device obtains a stable behavior feature in the dynamic behavior result, generates a corresponding IOC according to the stable behavior feature, and sends the generated IOC to a terminal. The stable behavior feature is a behavior always existing in a behavior sequence that is generated each time after the file is run.
    Type: Grant
    Filed: June 9, 2020
    Date of Patent: August 30, 2022
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Yongcun Gan
  • Patent number: 11374912
    Abstract: Methods and systems for performing exchange of data with third-party applications are described. The method includes receiving a request for performing document related operation on document using a third-party application. The method includes converting third-party application into containerized application using containerization mechanism. The method includes allocating virtual secured space to containerized application. The method includes encrypting document using public key of containerized application. The method includes providing encrypted document to containerized application that implements limitations on encrypted document. The method includes facilitating performance of document related operation on encrypted document to create updated document. The encrypted document is decrypted using private key of containerized application before performing document related operation on encrypted document.
    Type: Grant
    Filed: December 7, 2020
    Date of Patent: June 28, 2022
    Assignee: I2CHAIN, INC.
    Inventors: Mark Steven Manasse, Sanjay Jain, Ravi Jotwani, Ajay Jotwani
  • Patent number: 11307842
    Abstract: System and method for virtual agent upgrade uses an upgrade proxy service that is instantiated in a computing entity when an upgrade request for a virtual agent in the computing entity is received to upgrade the virtual agent based on virtual agent upgrade data from an application server. The upgrade proxy service is then removed from the computing entity after upgrading the virtual agent.
    Type: Grant
    Filed: April 7, 2020
    Date of Patent: April 19, 2022
    Assignee: VMWARE, INC.
    Inventors: Suchit Dhakate, Narendra Madanapalli, Rahav Vembuli, Padmini Sampige Thirumalachar, Vinothkumar D
  • Patent number: 11296928
    Abstract: Examples described herein relate to systems and methods for containing a faulty stimulus. A computer-implemented method may include listing in a suspect list every received stimulus including the faulty stimulus, and implicitly testing the stimuli by respectively acting upon those stimuli by a software application. Responsive to successfully acting upon each of the stimuli besides the faulty stimulus, each non-faulty stimulus is deleted from the suspect list and, responsive to such deletion, made available to a downstream node. Responsive to acting upon the faulty stimulus, the software application crashes which leaves the faulty stimulus listed in the suspect list. The software application then restarts and deems the faulty stimulus as being faulty based upon the faulty stimulus still being listed in the suspect list after the restart.
    Type: Grant
    Filed: July 6, 2020
    Date of Patent: April 5, 2022
    Assignee: Level 3 Communications, LLC
    Inventor: William Crowder
  • Patent number: 11244054
    Abstract: Apparatus, method, computer program product and computer readable medium are disclosed for trusted computing. A method comprises: at a trusted execution environment (TEE)-enabling processor, creating a signing TEE; performing a first measurement of the signing TEE, wherein the first measurement comprises at least one measurement of the code of the signing TEE, an identity of the signing TEE and a log of activities performing during the creation of the signing TEE; generating a first signature of the result of the first measurement; sending the result of the first measurement and the first signature to a public register such that a verification of the signing TEE can be made by means of the public register; wherein the signing TEE is configured to verify whether a first TEE is recorded on the public ledger.
    Type: Grant
    Filed: November 3, 2017
    Date of Patent: February 8, 2022
    Assignee: Nokia Technologies Oy
    Inventor: David Bitauld
  • Patent number: 11216433
    Abstract: A method for providing encrypted search includes receiving, at a user device associated with a user, a search query for a keyword that appears in one or more encrypted documents stored on an untrusted storage device and accessing a count table to obtain a count of documents that include the keyword. The method also includes generating a delegatable pseudorandom function (DPRF) based on the keyword, a private cryptographic key, and the count of documents. The method also includes evaluating a first portion of the DPRF and delegating a remaining second portion of the DPRF to the untrusted storage device which causes the untrusted storage device to evaluate the DPRF and access an encrypted search index associated with the documents. The untrusted storage device determines one or more encrypted documents associated with DPRF and returns, to the user device, an identifier for each encrypted document associated with the DPRF.
    Type: Grant
    Filed: December 12, 2019
    Date of Patent: January 4, 2022
    Assignee: Google LLC
    Inventors: Kevin Yeo, Ahmet Erhan Nergiz, Nicolas Lidzborski, Laetitia Estelle Baudoin, Sarvar Patel
  • Patent number: 11212269
    Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and a device are provided. The device determines that a target event occurred at a first server in a group of servers that are jointly managed. The device obtains, for the first server, a public-private key pair including a first key and a second key. The device provides the first key to the first server such that the first server is accessible by authentication with the first key. The device provides the second key to a client device such that the first server is accessible by the client device by providing the second key to the server. Subsequently, the device revokes the first key from the first server.
    Type: Grant
    Filed: December 18, 2018
    Date of Patent: December 28, 2021
    Assignee: AMERICAN MEGATRENDS INTERNATIONAL, LLC
    Inventors: Samvinesh Christopher, Anurag Bhatia, Winston Thangapandian
  • Patent number: 11188481
    Abstract: In an implementation, a method is provided. The method may include: receiving a sensor application by a network platform, the network platform comprising a processing module and a plurality of ports, and wherein a first portion of the processing module is allocated to an operating system of the network platform; allocating a second portion of the processing module to the sensor application by the network platform; executing the sensor application by the second portion of the processing module; emulating a port of the plurality of ports by the second portion of the processing module; and allowing the executed sensor application to interact with the operating system through the emulated port.
    Type: Grant
    Filed: August 30, 2019
    Date of Patent: November 30, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: David John Zacks, Anoop Vetteth, Tarunesh Ahuja, Davi Gupta, Jagbir Kang
  • Patent number: 11184333
    Abstract: A computer implemented method for securely extracting secure data from a human capital management (HCM) system, includes receiving setup data from a production tenant of the HCM system, wherein the setup data includes one or more field types describing what type of secure data is stored on the production tenant, creating a scrambling module based on the setup data that is configured to scramble the secure data based on scrambling settings, wherein the scrambling module is configured to upload and install onto the HCM system and to communicate with the production tenant to receive the secure data to scramble the secure data, and uploading the scrambling module to the HCM system.
    Type: Grant
    Filed: December 4, 2017
    Date of Patent: November 23, 2021
    Assignee: Intecrowd, LLC
    Inventor: Don McDougal
  • Patent number: 11126725
    Abstract: A method includes receiving a firmware update package at an information handling system, the package including a payload containing a first firmware image. In response to executing the firmware update package while the information handling system is under control of an operating system, identifying a non-volatile storage device; authenticating the first firmware image; and storing the first firmware image at the non-volatile storage device. In response to successfully authenticating the first firmware image, initiating a reboot of the information handling system to invoke an initialization routine. The initialization routine includes retrieving the first firmware image from the non-volatile storage device and installing the first firmware image at a first device.
    Type: Grant
    Filed: June 12, 2019
    Date of Patent: September 21, 2021
    Assignee: Dell Products L.P.
    Inventors: Shekar Babu Suryanarayana, Sumanth Vidyadhara
  • Patent number: 11055322
    Abstract: Examples include comparison of a part key to machine keys. Examples include identification of a part key assigned to a given machine identifier in a part key mapping of a part received by a computing device, the part key mapping including a plurality of part keys assigned to a plurality of machine identifiers. Examples also include comparison of the identified part key to machine keys stored on the computing device to determine whether the identified part key matches any of the machine keys, and based at least in part on a result of the determination, enabling or inhibiting further utilization of the part.
    Type: Grant
    Filed: July 30, 2018
    Date of Patent: July 6, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Stephen K. Gee, Neil Asmussen
  • Patent number: 10917520
    Abstract: Certain aspects of the present disclosure provide techniques for providing an automated callback service to a user. An example technique includes receiving an indication of a product installation failure, which includes an error code, a context of the computing device, and a product identifier. Based on the product identifier, a phone number is retrieved that is associated with the user of the computing device. A set of solutions predicted to resolve the installation failure is retrieved, based on the error code and the context. A callback is established to the user, and the user is connected with a virtual agent that will provide solutions from the set of solutions in the ranking order retrieved until a solution is determined to resolve the product installation error. The ranking of the predicted solutions is updated for other users in the future who may face a similar product installation error.
    Type: Grant
    Filed: July 1, 2019
    Date of Patent: February 9, 2021
    Assignee: INTUIT INC.
    Inventor: Vishnu Priya T. G
  • Patent number: 10856122
    Abstract: In one embodiment, a domain controller includes: a quarantine logic to quarantine unknown devices from unrestricted network access, the quarantine logic comprising a first quarantine point at a first layer of a multi-layer communication model; a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point, wherein the access point comprises a second quarantine point at a second layer of the multi-level communication model. Other embodiments are described and claimed.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: December 1, 2020
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Ravi S. Subramaniam, David W. Grawrock
  • Patent number: 10838911
    Abstract: Techniques and systems for storing and retrieving data storage devices of a data storage system are disclosed. In some embodiments, inventory holders are used to store data storage devices used by a data storage system. When data is to be transacted with the data storage devices, mobile drive units locate appropriate inventory holders and transport them to a device reading station, where an appropriate device retrieval unit transacts the data. After the data has been transacted, the data storage devices are returned to the appropriate inventory holders, and the inventory holders are placed by the mobile drive units in locations where they may be accessed in response to further data transactions.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: November 17, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Paul David Franklin, Colin Laird Lazier
  • Patent number: 10778447
    Abstract: The invention provides a method and system for safely switching between product mode and development mode of a terminal, aiming at addressing the problem in the prior art that the terminal in a testing development version may be accidentally circulated into the market and cause hidden safety risk. According to the invention, different Certificate Authorities (CAs) are configured for the terminal at different stages; by storing the public-private key pairs of the certificates issued by different CAs in different secure storage media, only if the secure storage medium corresponding to the current CA state of the terminal is verified to be valid, the flags of the terminal can be successfully rewritten; a safe switching between different CA states of the terminal is realized. It is ensured that the terminal in the testing development stage cannot be used normally, thereby improving the safety of the terminal device.
    Type: Grant
    Filed: January 10, 2018
    Date of Patent: September 15, 2020
    Assignee: FUJIAN LANDI COMMERCIAL EQUIPMENT CO., LTD.
    Inventors: Jinhan Lin, Yixuan Hong
  • Patent number: 10725775
    Abstract: A request to store a container image is received from a device associated with a customer of a computing resource service provider. Validity of a security token associated with the request is authenticated using a cryptographic key maintained as a secret by the computing resource service provider. One or more layers of the container image is built based at least in part on at least one build artifact to form a set of built layers. The software image including the set of built layers is stored in a repository associated with the customer. A manifest of metadata for the set of built layers is stored in a database of a structured data store. The container image is obtained in the form of an obtained container image. The obtained container image is deployed as the software container in at least one virtual machine instance associated with the customer.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: July 28, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Anthony Joseph Suarez, Scott Kerns Windsor, Nare Hayrapetyan, Daniel Robert Gerdesmeier, Pooja Kalpana Prakash
  • Patent number: 10705992
    Abstract: Provided are a computer program product, system, and method for non-disruptive encoding of source data in a source data set migrated to a target data set. The source data in the source data set is migrated to a target data set by encoding the source data to produce encoded source data to copy to a target data set. In response to receiving write data for the source data set, the write data is encoded to produce encoded write data to copy to the target data set. Input/Output (“I/O”) requests to the source data set are redirected to the target data set having encoded data for the source data set.
    Type: Grant
    Filed: December 11, 2017
    Date of Patent: July 7, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: John H. Hogan, Richard G. Pace, Harry M. Yudenfriend
  • Patent number: 10678515
    Abstract: Techniques for simplifying and reusing visual programming graphs are described herein. In some examples, visual programming graphs may be simplified by decoupling execution signals from data resolution. Execution of a particular node may be triggered through a representation of a signal sent from a signal output slot of another node to a signal input slot on the node being triggered. Additionally, evaluation of data values may be represented by a connection between a data output slot on the node providing the data value to a data input slot on the node receiving the data value. Another technique for simplifying visual programming graphs may include combining and/or collapsing of multiple selected visual programming nodes into a single reusable visual programming node. In some examples, reusable combined visual programming nodes may be exposed using unlocked versions and/or locked versions.
    Type: Grant
    Filed: September 20, 2016
    Date of Patent: June 9, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Michael Edmonds, Luis René Sempé Sosa
  • Patent number: 10599495
    Abstract: A data deletion system may trigger and orchestrate data deletion of data across various data stores. The system may schedule a record having a unique identifier for deletion in response to a data deletion rule. The record may be deleted from a system of record based on the unique identifier. The system may broadcast a deletion message containing the unique identifier. The deletion message may trigger a purge of data associated with the unique identifier by a subscribing entity such as, for example, an application or third party. The system may monitor the subscribing entity to determine whether the purge was successfully completed.
    Type: Grant
    Filed: May 12, 2017
    Date of Patent: March 24, 2020
    Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.
    Inventors: Sripriya Tiku, Fred Bishop, Diane Derocher
  • Patent number: 10592678
    Abstract: The embodiments herein are directed to a technique for providing secure communication between nodes of a network environment or within a node of the network using a verified virtual trusted platform module (TPM) of each node. The verified virtual TPM illustratively emulates a hardware TPM device to provide software key management of cryptographic keys used to provide the secure communication over a computer network of the network environment. Illustratively, the verified virtual TPM is configured to enforce a security policy of a trusted code base (TCB) that includes the virtual TPM. Trustedness denotes a predetermined level of confidence that the security property is demonstrated by the verified virtual TPM. The predetermined level of confidence is based on an assurance (i.e., grounds) that the verified virtual TPM demonstrates the security property.
    Type: Grant
    Filed: September 9, 2016
    Date of Patent: March 17, 2020
    Assignee: FireEye, Inc.
    Inventors: Osman Abdoul Ismael, Hendrik Tews
  • Patent number: 10515364
    Abstract: A banking system operates responsive to data read from data bearing records. The system includes an automated banking machine comprising a card reader. The card reader includes a movable read head that can read card data along a magnetic stripe of a card that was inserted long-edge first. The card reader includes a card entry gate. The gate is opened for a card that is determined to be properly oriented for data reading. The card reader can encrypt card data, including account data. The machine also includes a PIN keypad. The card reader can send encrypted card data to the keypad. The keypad can decipher the encrypted card data. The keypad can encrypt both deciphered card data and a received user PIN. The card data and the PIN are usable by the machine to authorize a user to carry out a financial transfer involving the account.
    Type: Grant
    Filed: July 13, 2018
    Date of Patent: December 24, 2019
    Assignee: Diebold Nixdorf, Incorporated
    Inventors: David Lewis, Natarajan Ramachandran, Mark A. Douglass, Timothy Crews, Songtao Ma, Randall W. Jenkins, H. Thomas Graef, Sathish M. Irudayam, Klaus Steinbach, Jeffery Enright
  • Patent number: 10372924
    Abstract: Computer protection is weak with the methods currently available and there are risks of malicious users getting access to computers, corrupting important data, including system data. We are proposing a method for improving access protection, more particularly, by using a slave device that will enable or disable protection for applications as required. The device supports one or more users, none or more user groups, none or one or more Application Security Environments for each user or user group and one or more states for each Application Security Environment. The state of the hardware is manually controlled by the users. Depending on the configuration, each hardware state corresponding to an Application Security Environment corresponds to a set of privileges the processes running in that Application Security Environment have while that Application Security Environment is in that state.
    Type: Grant
    Filed: May 12, 2008
    Date of Patent: August 6, 2019
    Inventors: George Madathilparambil George, Nikhil George
  • Patent number: 10360017
    Abstract: A computing system is provided that includes a distribution endpoint including one or more processors configured to receive a request from a developer computing device to update a program managed by the distribution endpoint, the program being previously packaged and signed. The one or more processors of the distribution endpoint are further configured to receive a code file including a change to the program, retrieve a package of the program that has not been updated with the change to the program, generate an updated package of the program by adding the code file to the retrieved package of the program such that the updated package of the program logically represents a package of the updated program, and distribute the updated package of the program to an end user computing device.
    Type: Grant
    Filed: January 2, 2018
    Date of Patent: July 23, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Jason Ghssane Salameh, Andy Liu, John James Vintzel, Cory Alan Hendrixson
  • Patent number: 10334083
    Abstract: There is provided a computer implemented method for detection and prevention of an attempt at establishment of a network connection for malicious communication, comprising: detecting a connection establishment process for establishing a network connection, the connection establishment process initiated by code running on a client terminal; analyzing records in at least one stack trace of the initiating code managed at the client terminal, to detect a trial to establish a malicious communication wherein the network connection is used for malicious activity; and blocking establishment of the network connection when the analysis detects the trial to establish the malicious communication based on the network connection.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: June 25, 2019
    Assignee: enSilo Ltd.
    Inventors: Roy Katmor, Tomer Bitton, Udi Yavo, Ido Kelson
  • Patent number: 10284372
    Abstract: Processing information is disclosed including receiving an application retrieval request sent by a terminal, the application retrieval request including identifying information of the terminal, generating, based on a preset key generation technique, an encryption key based on the identifying information included in the application retrieval request, encrypting, based on the encryption key and a preset encryption technique, designated data in an application to obtain an encrypted application, and sending the encrypted application to the terminal.
    Type: Grant
    Filed: September 23, 2015
    Date of Patent: May 7, 2019
    Assignee: Alibaba Group Holding Limited
    Inventor: Jianwei Fan
  • Patent number: 10255438
    Abstract: Examples relate to providing operating system (OS) agnostic validation of firmware images. In some examples, a request to verify a number of firmware images is received, where each of the firmware images is associated with a metadata set. A first installation of a first firmware image of the firmware images is accessed via a physical interface, and a first metadata set is used to verify the first installation, where the first metadata set includes a firmware signature that is used to verify the first installation. At this stage, the request is forwarded to a child management processor, where the management processors are in a trusted group and related according to a tree hierarchy.
    Type: Grant
    Filed: September 24, 2014
    Date of Patent: April 9, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventor: Suhas Shivanna
  • Patent number: 10185509
    Abstract: Technologies are provided for secure sanitization of a storage device. A storage device can be configured to support an operational mode, into which the storage device is placed by default, and in which requests to cryptographically erase the storage device are rejected. The storage device can support a separate sanitization mode in which a request to cryptographically erase the storage device will be processed. Access to the sanitization mode can be restricted to trusted sources (such as a boot firmware of a computer connected to the storage device). The storage device can be configured to reject a command to place the storage device in the sanitization mode, unless the command is received during an initialization of the storage device. In at least some embodiments, the storage device can reject data access commands while it is in the sanitization mode.
    Type: Grant
    Filed: June 1, 2017
    Date of Patent: January 22, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Munif M. Farhan, Jaime Ismael Rangel Martinez
  • Patent number: 10102390
    Abstract: Contents of a memory may be authenticated using redundant encryption. In some examples, data to be stored by a memory is encrypted with two unique encryption keys—a first encryption key is used generate a cipher text and a second encryption key (different than the first encryption key) is used to generate an authentication tag. The cipher text and authentication tag are stored by the memory. At a later time, the cipher text and authentication tag may be retrieved from the memory and decrypted using the respective encryption keys. After decrypting the cipher text and the authentication tag, the data retrieved from the memory may be authenticated by comparing the plaintext generated by decrypting the cipher text and with the plaintext generated by decrypting the authentication tag. A match between the plaintext indicates the data was not corrupted or modified during storage in the memory.
    Type: Grant
    Filed: June 28, 2012
    Date of Patent: October 16, 2018
    Assignee: Honeywell International Inc.
    Inventors: Thomas Cordella, John Profumo
  • Patent number: 10061927
    Abstract: Identification information of a program read from outside, such as firmware, is acquired, and usability of a piece of key data in a range corresponding to the identification information is set, among a plurality of pieces of key data to be used for the program. As another example, based on new key data generated based on key data stored in advance in a memory and identification information, firmware corresponding to the identification information is decrypted.
    Type: Grant
    Filed: October 5, 2015
    Date of Patent: August 28, 2018
    Assignee: NINTENDO CO., LTD.
    Inventors: Yutaka Murakami, Minoru Hatamoto, Tatsuhiro Shirai
  • Patent number: 10055602
    Abstract: Methods, systems, and computer program products for securely processing range predicates on cloud databases are provided herein. A computer-implemented method includes separately encrypting a set of plain text data using two or more encryption functions, thereby producing an encrypted domain comprising at least two distinct groups of encrypted data items; converting a range query over plain text data items into a query over at least one of the distinct groups of encrypted data items; and combining results from the query over the distinct groups of encrypted data items, thereby generating a final encrypted result to the range query.
    Type: Grant
    Filed: April 19, 2016
    Date of Patent: August 21, 2018
    Assignee: International Business Machines Corporation
    Inventors: Prasad M. Deshpande, Jayant R. Haritsa, Akshar Kaul, Manish Kesarwani, Gagandeep Singh
  • Patent number: 9984124
    Abstract: At least one user table in a relational database management system (RDBMS) using a first operator within a structured query language (SQL) command is identified. The first operator within the SQL command is utilized to transfer one or more data items from the at least one user table to a data array within the RDBMS. The data array is processed within the RDBMS, and one or more output values are generated based on the processing.
    Type: Grant
    Filed: April 11, 2012
    Date of Patent: May 29, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Patrick Dantressangle, Eberhard Hechler, Martin Oberhofer, Michael Wurst
  • Patent number: 9977902
    Abstract: A system may include a host that may include a processor coupled to a non-volatile memory over a secure communication protocol. As a result, prior to release for manufacturing, a binding code may be established between the host and the non-volatile memory. In some embodiments, this binding code may be stored on the non-volatile memory and not on the host. Then during a boot up of the system, the boot up process may be initiated by the host using code associated with the host, followed by secure booting using the secure protocol using code stored on the non-volatile memory.
    Type: Grant
    Filed: April 22, 2015
    Date of Patent: May 22, 2018
    Assignee: Micron Technology, Inc.
    Inventor: Brent Ahlquist
  • Patent number: 9965261
    Abstract: Embodiments of the present invention relate to a method, device and computer program product for container deployment. By comparing the target libraries required by a target container to be deployed and the libraries that have been loaded on the candidate hosts, the costs of deploying the target container on the candidate hosts can be estimated. Then a target host is selected from among the plurality of candidate hosts based on the determined costs.
    Type: Grant
    Filed: August 18, 2015
    Date of Patent: May 8, 2018
    Assignee: International Business Machines Corporation
    Inventors: Xiao Long Chen, David L. Kaminsky, Xi Ning Wang, Zhe Yan, Zheng Zhao
  • Patent number: 9959104
    Abstract: Embodiments of the present invention relate to a method, device and computer program product for container deployment. By comparing the target libraries required by a target container to be deployed and the libraries that have been loaded on the candidate hosts, the costs of deploying the target container on the candidate hosts can be estimated. Then a target host is selected from among the plurality of candidate hosts based on the determined costs.
    Type: Grant
    Filed: April 29, 2016
    Date of Patent: May 1, 2018
    Assignee: International Business Machines Corporation
    Inventors: Xiao Long Chen, David L. Kaminsky, Xi Ning Wang, Zhe Yan, Zheng Zhao
  • Patent number: 9948470
    Abstract: An authentication device is provided that authenticates an electronic device based on the responses from distinct types of physically unclonable functions. The authentication device receives a device identifier associated with the electronic device. It then sends one or more challenges to the electronic device. In response, the authentication device receives one or more responses from the electronic device, the one or more responses including characteristic information generated from two or more distinct types of physically unclonable functions in the electronic device.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: April 17, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Xu Guo, David M. Jacobson, Yafei Yang, Adam J. Drew, Brian Marc Rosenberg
  • Patent number: 9928042
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for automatically determining configuration properties of a compiler. One of the methods includes determining that an executable of the newly created process is a compiler called by the build system to compile source code of a source code file. In response to the determining, a plurality of configuration properties of the compiler called by the build system are determined, the configuration properties including first properties of a plurality of built-in functions of the compiler, second properties of a plurality of built-in types of the compiler, or both. A compiler emulator is configured to emulate the behavior of the compiler called by the build system using the determined configuration properties. Access to the source code is provided to the compiler emulator configured using the determined configuration properties.
    Type: Grant
    Filed: March 23, 2017
    Date of Patent: March 27, 2018
    Assignee: Semmle Limited
    Inventor: Peter Cawley
  • Patent number: 9792439
    Abstract: Embodiments of a method are disclosed. One embodiment is a method for securely updating firmware in a computing device, in which the computing device includes a host processor and a non-volatile memory. The method involves receiving a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key. The method also involves receiving the second crypto-key from an external key source, decrypting the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image, storing the encrypted firmware image in the non-volatile memory of the computing device, reading the encrypted firmware image from the non-volatile memory of the computing device, decrypting the encrypted firmware image using the first crypto-key, and executing the firmware on the computing device.
    Type: Grant
    Filed: September 19, 2012
    Date of Patent: October 17, 2017
    Assignee: NXP B.V.
    Inventor: Vincent Cedric Colnot
  • Patent number: 9781113
    Abstract: Technologies for supporting and implementing multiple digital rights management protocols on a client device are described. In some embodiments, the technologies include a client device having an architectural enclave which may function to identify one of a plurality of digital rights management protocols for protecting digital information to be received from a content provider or a sensor. The architectural enclave select a preexisting secure information processing environment (SIPE) to process said digital information, if a preexisting SIPE supporting the DRM protocol is present on the client. If a preexisting SIPE supporting the DRM protocol is not present on the client, the architectural enclave may general a new SIPE that supports the DRM protocol on the client. Transmission of the digital information may then be directed to the selected preexisting SIPE or the new SIPE, as appropriate.
    Type: Grant
    Filed: December 19, 2013
    Date of Patent: October 3, 2017
    Assignee: INTEL CORPORATION
    Inventors: Ned M. Smith, Nathan Heldt-Sheller, Reshma Lal, Micah J. Sheller, Matthew E. Hoekstra