Upgrade/install Encryption Patents (Class 713/191)
-
Patent number: 7774617Abstract: A mechanism is provided for masking a boot sequence by providing a dummy processor. With the mechanism, one of the processors of a multiprocessor system is chosen to be a boot processor. The other processors of the multiprocessor system execute masking code that generates electromagnetic and/or thermal signatures that mask the electromagnetic and/or thermal signatures of the actual boot processor. The execution of the masking code on the non-boot processors preferably generates electromagnetic and/or thermal signatures that approximate the signatures of the actual boot code execution on the boot processor. One of the non-boot processors is selected to execute masking code that is different from the other masking code sequence to thereby generate a electromagnetic and/or thermal signature that appears to be unique from an external monitoring perspective.Type: GrantFiled: May 15, 2008Date of Patent: August 10, 2010Assignee: International Business Machines CorporationInventors: Jason N. Dale, Jonathan J. DeMent, Clark M. O'Niell, Steven L. Roberts
-
Patent number: 7774619Abstract: New code routines for a secure system (e.g., a TPM) are stored in a memory (e.g., a flash memory) that is located external to the secure system. For example, a chip may include a TPM and an external flash memory may be connected to the chip. New routines for the TPM may then be stored in the flash. A function table may be used to determine whether a given function to be executed by the TPM is stored in on-chip memory (e.g., ROM) or in the flash. New function tables may be stored in the flash. For example, when a new set of functions is loaded into the flash, a new function table that references the new functions also may be loaded into the flash.Type: GrantFiled: October 13, 2005Date of Patent: August 10, 2010Assignee: Broadcom CorporationInventors: Timothy R. Paaske, Jeffrey C. Glover
-
Publication number: 20100195833Abstract: A mobile terminal for use with a cellular or mobile telecommunications network includes a normal execution environment (operating system) (30) and a secure execution environment (32) comprising a Mobile Trusted Module (MTM). The mobile terminal enables the software of the terminal in the secure execution environment (32) to be updated. The terminal 1 may be provided with minimal software initially in the secure execution environment (32), and is operable to subsequently update the software by over the air transmission of software. Also disclosed is a method for managing rights in respect of broadcast, multicast and/or unicast (downloaded) data, relevant in particular to managing access to a broadcast video data stream complying with a mobile digital broadcast scheme. The method defines a service protection platform implemented on mobile terminals having both normal execution environment (i.e. the operating system) and secure execution environment.Type: ApplicationFiled: July 13, 2007Publication date: August 5, 2010Applicant: VODAFONE GROUP PLCInventors: Mark Priestley, Timothy Wright, Caroline Jessica Belrose, Nicholas Bone, James Irwin
-
Patent number: 7765409Abstract: A modular BIOS update mechanism provides a standardized method to update options ROMs and to provide video and processor microcode upgrades in a computer system without requiring a complete replacement of the system BIOS. The MBU mechanism provides several advantages. First, new features and BIOS bugs from earlier release may be delivered to an installed base of end-user systems even if direct OEM support cannot be identified. Also, BIOS components may be provided as a validated set of revisions. With resort to a validation matrix, BIOS updates may be managed easily. The modular BIOS update is particularly useful in systems having several independent BIOS's stored within unitary firmware.Type: GrantFiled: April 27, 2007Date of Patent: July 27, 2010Assignee: Intel CorporationInventors: Andrew H. Gafken, Todd D. Wilson, Tom Dodson, John V. Lovelace
-
Patent number: 7752676Abstract: Provided are a method, system and article of manufacture, wherein a request to access data is received from a requestor. A determination is made as to whether the requestor is authorized to access the data. In response to determining that the requestor is authorized to access the data, a determination is made as to whether the data is encrypted. An encryption key is requested from the requester, in response to determining that the data is not encrypted.Type: GrantFiled: April 18, 2006Date of Patent: July 6, 2010Assignee: International Business Machines CorporationInventors: Michael Howard Hartung, Yu-Cheng Hsu, Robert Frederic Kern
-
Patent number: 7742597Abstract: An encryption system includes a plurality of encryption operations including individual encryption operations and group encryption operations available for application in the encryption of data. The plurality of encryption operations are selected from the group consisting of functional variance, functional alignment, mathematical offset, wide XOR function, short logical rotation, long logical rotation, functional order, and address encryption. The system includes at least one round of encryption composed of a first encryption operation and a second encryption operation. The first encryption operation is selected from the plurality of encryption operations acting upon input data to generate a first encrypted data set. The second encryption operation is selected from the plurality of encryption operations acting upon the first encrypted data set to generate a second encrypted data set. The first encryption operation and the second encryption operation are different.Type: GrantFiled: December 28, 2007Date of Patent: June 22, 2010Inventor: James M. Lewis
-
Patent number: 7739519Abstract: A secure device is provided that can store programs therein, the secure device including: a low-protection level storage unit; a high-protection level storage unit; a program acquiring unit that acquires a program and corresponding additional information, the additional information used for determining a storage destination of the acquired program; an additional information analyzing unit that stores the acquired program in one of the low-protection level storage unit and the high-protection level storage unit, according to additional information; an area searching unit; a protection level judging unit; and a program storing unit.Type: GrantFiled: May 25, 2007Date of Patent: June 15, 2010Assignee: Panasonic CorporationInventors: Natsume Matsuzaki, Kazuo Sakushima, Makoto Tatebayashi
-
Patent number: 7739739Abstract: An apparatus and program product initiate generation of a metafile at a client computer. The metafile is evaluated at a network server for a potential viral risk. Program code executing at the server may correlate the evaluated potential risk to a risk level stored in a database. The program code may attach a color designator or other assignment indicative of the assessed risk level to the data. A user at the client computer may act on the data based on the attached risk level.Type: GrantFiled: July 9, 2008Date of Patent: June 15, 2010Assignee: Trend Micro IncorporatedInventors: Richard Dean Dettinger, Frederick Allyn Kulack
-
Patent number: 7730318Abstract: Application factoring or partitioning is used to integrate secure features into a conventional application. An application's functionality is partitioned into two sets according to whether a given action does, or does not, involve the handling of sensitive data. Separate software objects (processors) are created to perform these two sets of actions. A trusted processor handles secure data and runs in a high-assurance environment. When another processor encounters secure data, that data is sent to the trusted processor. The data is wrapped in such a way that allows it to be routed to the trusted processor, and prevents the data from being deciphered by any entity other than the trusted processor. An infrastructure is provided that wraps objects, routes them to the correct processor, and allows their integrity to be attested through a chain of trust leading back to base component that is known to be trustworthy.Type: GrantFiled: October 24, 2003Date of Patent: June 1, 2010Assignee: Microsoft CorporationInventors: Thekkthalackal Varugis Kurien, Kenneth D. Ray, Marcus Peinado, Paul England
-
Patent number: 7730325Abstract: A verification system has an operational component registry 10 that includes an interface 20, a memory device 30, and a processor 40. Preferably, the interface 20 in the operational component registry 10 communicates the installed identification data 50 from the gaming units 60 to the operational component registry. The memory device 30 preferably stores registered identification data 70 for the gaming units 60. Preferably, the processor 40 in the operational component registry 10 then analyzes the registered identification data 70 and the installed identification data 50 from the gaming units 60, after which enablement of the gaming units is determined based upon the examination of the registered identification data and the installed identification data. An operational component registry 10 may also monitor changes, services, requirements, enablement, and productivity of the gaming units or components of the gaming units.Type: GrantFiled: April 30, 2004Date of Patent: June 1, 2010Assignee: Bally Gaming, Inc.Inventors: James Morrow, Marvin Hein
-
Patent number: 7730296Abstract: Aspects of the invention provide a method and system for coding information in a communication channel. More particularly, aspects of the invention provide an method and system for synchronous running encryption and/or encoding and corresponding decryption and decoding in a communication channel or link. Aspects of the method may include encoding and/or encrypting a first data using a first or second encoding table and/or a first or second encryption table. The method may indicate which one of the first or second encoding tables or which one of the first or second encryption tables were utilized for encoding and/or encrypting the said first data. The encoded and/or encrypted first data may subsequently be transferred downstream and decoded by synchronous decoder/decryptor using a corresponding decoding and/or decryption table. The corresponding decoding and/or decryption table may be determined based on the indicated first and/or second encoding and/or encrypting tables.Type: GrantFiled: June 4, 2003Date of Patent: June 1, 2010Assignee: Broadcom CorporationInventor: Martin Lund
-
Patent number: 7730324Abstract: The present invention provides a method for controlling copyrights of digital data in a database system including real time transmission of a digital picture. Copyrights are controlled using one or more of the following, as necessary, in addition to a permit key: a copyright control program, copyright information or copyright control message. The copyright control program, the copyright information and the copyright control message are supplied together with the permit key, or they are supplied together with the data. Otherwise, a part of them is supplied together with the permit key and the other part of them is supplied together with the data. The data, the permit key, the copyright control message, the copyright information and the copyright control program are (1) transmitted while encrypted, but are decrypted when used, or (2) they are transmitted while encrypted and decrypted for display only, otherwise remaining encrypted, or (3) they may not be encrypted at all.Type: GrantFiled: November 2, 2001Date of Patent: June 1, 2010Inventor: Makoto Saito
-
Patent number: 7730326Abstract: Improved approaches to update computer program code residing within a computing device are disclosed. By maintaining a former version of the computer program code, the computing device remains operable even if the update to the computer program code fails. Hence, the invention permits reliable updates to computer program code, which is particularly useful for firmware (e.g., boot-up code) of computing devices. For control and security, each version of computer program code can include authentication information. Before the computer program code is used, the computer program code can be required to be authenticated using the authentication information.Type: GrantFiled: November 12, 2004Date of Patent: June 1, 2010Assignee: Apple Inc.Inventors: Muthya Girish, Guy Bar-Nahum, David John Tupman
-
Patent number: 7725738Abstract: Circuits, methods, and apparatus that prevent detection and erasure of encoding or encryption keys. These encoding keys may be used to encode a configuration bitstream or other data for an FPGA or other device. An exemplary embodiment of the present invention masks a first key to form an encoding key in order to prevent detection of the first key. In a specific embodiment, the first key is encoded using a second key. The encoded key is used to encode a configuration bitstream or other data. The encoded key is stored on an FPGA or other device. When the device is to be configured, the encoded key is retrieved and used to decode the bitstream or other data. A further embodiment stores an encryption key in a one-time programmable memory (OTP) array to prevent its erasure or modification. The encoding key may be further obfuscated before storage.Type: GrantFiled: January 25, 2005Date of Patent: May 25, 2010Assignee: Altera CorporationInventors: Martin Langhammer, Juju Joyce, Keone Streicher, David Jefferson, Srinivas Reddy, Nitin Prasad
-
Patent number: 7721104Abstract: A system is provided for downloading pushed content includes a terminal capable of receiving service loading content that identifies download content and has a digital signature. The terminal is capable of authenticating the service loading content based upon the digital signature, and if the service loading content is authenticated, pulling the download content to the terminal. In this regard, the terminal is capable of authenticating the service loading content, and pulling the download content, in response to receiving the service loading content and independent of interaction from a user of the terminal. The terminal can also be capable of determining if an interruption occurs in receiving the download content such that the terminal receives less than the entire download content. And if an interruption occurs, the terminal can be capable of recovering the download content such that the terminal receives the plurality of data packets.Type: GrantFiled: October 20, 2003Date of Patent: May 18, 2010Assignee: Nokia CorporationInventors: Juha H. Salo, Janne La. Aaltonen, Guido Cugi
-
Mobile terminal device, mobile terminal method, mobile terminal program, and electronic money server
Patent number: 7720717Abstract: A mobile terminal device has an information processing unit that processes electronic money information and a storage unit that stores the electronic money information. A receiving unit receives from an electronic money server an electronic money identification (ID), a mobile terminal identification (ID) identifying the mobile terminal device, and a money information processing program for enabling the information processing unit to execute processing of the money information stored in the storage unit. An installation unit installs into the storage unit the money information processing program and the IDs received by the receiving unit. A sending unit sends to the electronic money server information necessary for enabling the electronic money server to provide electronic money service, the necessary information being sent to the electronic server before the receiving unit receives the money information processing and the IDs.Type: GrantFiled: March 5, 2004Date of Patent: May 18, 2010Assignee: Sony CorporationInventors: Norihiko Fujita, Koji Ito, Hisanori Arai, Masaji Nagai -
Patent number: 7716463Abstract: Systems and/or methods that enable secure deployment and/or receipt of an operating system and/or updates for the operating system to a computer across a network susceptible to malicious communication are described. These systems and/or methods can, in one embodiment, enable a bare computer added to a network to have an operating system deployed to it and updated via the network before the bare computer is subjected to malicious code communicated over the network.Type: GrantFiled: October 15, 2004Date of Patent: May 11, 2010Assignee: Microsoft CorporationInventors: Martin L. Holladay, Mukesh Karki, Parthasarathy Narayanan
-
Patent number: 7703145Abstract: A method is described for controlling customer installations of software or data by providing to the customer an encrypted list of authorized installation targets, whereby the installation program reads and decrypts the list, and only allows installation to proceed if the customer's installation target has a serial number that matches one of the vendor-provided serial numbers in the authorization list. Provision is also made for allowing customers to add serial numbers to the list, within constraints predetermined by the software vendor. Also provided is a method for a customer to perform a predetermined number of installations, whereby the software maintains and decrements a counter in an encrypted file on a storage medium, keeping track of how many remaining installations a customer may perform.Type: GrantFiled: April 17, 2007Date of Patent: April 20, 2010Assignee: Aviation Communication & Surveillance Systems LLCInventors: Desi Stelling, Timothy Schulze, Vance Walker
-
Patent number: 7702927Abstract: A field configurable device, such as an FPGA, supports secure field configuration without using non-volatile storage for cryptographic keys on the device and without requiring a continuous or ongoing power source to maintain a volatile storage on the device. The approach can be used to secure the configuration data such that it can in general be used on a single or a selected set of devices and/or encryption of the configuration data so that the encrypted configuration data can be exposed without compromising information encoded in the configuration data.Type: GrantFiled: November 14, 2005Date of Patent: April 20, 2010Assignee: Verayo, Inc.Inventors: Srinivas Devadas, Thomas J. Ziola
-
Patent number: 7702920Abstract: When a channel adapter (CHA) is replaced, the storage control device of the present invention deletes the security information held in the channel adapter to improve security. The CHA conducts encrypted communications with the host. Security information (encryption keys and the like) employed in encrypted communications is stored in the port memory of each communications port. When replacement of the CHA is designated, the processor causes the security information stored in the port memory to be saved to shared memory, and deletes the security information in the port memory. When a new CHA is installed, the security information stored in the shared memory is transferred to the port memory.Type: GrantFiled: September 19, 2005Date of Patent: April 20, 2010Assignee: Hitachi, Ltd.Inventor: Homare Okamoto
-
Patent number: 7697684Abstract: It is desired to share one circuit by an encryption unit 200 and a decryption unit 500. A normal data transformation unit (FL) 251 and an inverse data transformation unit (FL?1) 273 are located at point symmetry on a non-linear data transformation unit 220, and a normal data transformation unit (FL) 253 and an inverse data transformation unit (FL?1) 271 are located at point symmetry on the non-linear data transformation unit 220. Therefore, the encryption unit 200 and the decryption unit 500 can be configured using the same circuits.Type: GrantFiled: October 28, 2005Date of Patent: April 13, 2010Assignees: Mitsubishi Denki Kabushiki Kaisha, Nippon Telegraph and Telephone CorporationInventors: Mitsuru Matsui, Toshio Tokita, Junko Nakajima, Masayuki Kanda, Shiho Moriai, Kazumaro Aoki
-
Update package catalog for update package transfer between generator and content server in a network
Patent number: 7694293Abstract: A network wherein a generator is communicatively coupled to an update store or repository employs an update package container or catalog (UPC) that may be used to save information, using an XML format. The UPC may comprise update packages for one or more devices, and one or more transitions of versions for each device. The UPC may also comprise metadata information and security information associated with each the update packages. The complete update packages and associated metadata may be incorporated into an UPC, or external references to the update packages may be provided.Type: GrantFiled: September 27, 2004Date of Patent: April 6, 2010Assignee: Hewlett-Packard Development Company, L.P.Inventor: Bindu Rama Rao -
Patent number: 7690033Abstract: In general, the invention relates to a method for securing a computer system. The method includes monitoring an operating system in the computer system and trapping, in response to the monitoring, a process system call where the process system call originated in a host executing in the computer system. Responsive to the trapping, an isolated user environment (IUE) is created in the computer system. Creating the IUE includes allocating memory and persistent storage for the IUE. In addition, the IUE includes a file system filter driver (FSFD) configured to redirect Input/Output (I/O) calls originating from the IUE to the persistent storage, and a network interface/NDIS hook component configured to control network traffic originating from the IUE and destined for the IUE. The method further includes, after creating the IUE, loading the process system call into the IUE and executing the process system call in the IUE.Type: GrantFiled: September 27, 2005Date of Patent: March 30, 2010Assignee: Exobox Technologies Corp.Inventor: Marcos Benjamine Pernia
-
Patent number: 7685435Abstract: An development environment of a high security level is provided for a key-installed system. Development of a program for a system having an LSI device which includes a secure memory is performed by providing another LSI device having the same structure and setting the provided LSI device to a development mode which is different from a product operation mode. Alternatively, the provided LSI device is set to an administrator mode to perform development and encryption of a key-generation program. The LSI device is set to a key-generation mode to execute the encrypted key-generation program, thereby generating various keys.Type: GrantFiled: July 23, 2003Date of Patent: March 23, 2010Assignee: Panasonic CorporationInventors: Makoto Fujiwara, Yusuke Nemoto, Junichi Yasui, Takuji Maeda, Takayuki Ito, Yasushi Yamada, Shinji Inoue
-
Patent number: 7681035Abstract: A system and method of providing universal digital rights management system protection is described. One feature of the invention concerns systems and methods for repackaging and securing data packaged under any file format type, compression technique, or digital rights management system. Another feature of the invention is directed to systems and methods for securing data by providing scalability through the use of modular data manipulation software objects.Type: GrantFiled: September 10, 2003Date of Patent: March 16, 2010Assignee: RealNetworks, Inc.Inventors: Jeffrey M. Ayars, Bradley D. Hefta-Gaub, Daniel Sheeran
-
Patent number: 7681044Abstract: A processor includes an execution unit configured to execute a program, a bus coupled to the execution unit, a local memory coupled to the bus, a DMA unit coupled to the bus, and an interface to couple the bus to an exterior, wherein the DMA unit is configured to perform a DMA transfer process in response to instruction from the execution unit, to load information by the DMA transfer process from the exterior through the interface, to decrypt the loaded information, and to write the decrypted information to the local memory by the DMA transfer process.Type: GrantFiled: September 14, 2005Date of Patent: March 16, 2010Assignee: Fujitsu Microelectronics LimitedInventor: Seiji Goto
-
Patent number: 7681244Abstract: To provide a packet transmitter apparatus which can transmit contents protected by a content protection technique such as DTCP or the like, using packets such as IP packets which have become widespread. The packet transmitter apparatus includes a transmitting condition setting management unit (404) which extracts at least one of charge information, playback control information and copy control information of AV data from the inputted non-AV data or AV data and generates, based on the extracted information, encryption mode information indicating an encryption mode which becomes a condition at the time of transmitting the AV data; an encrypted data generation unit (406) which generates encrypted data by encrypting, based on the transmitting condition, the inputted AV data and adding encryption information headers based on the encryption mode information to the encrypted AV data; and a packet generation unit (403) which generates packets by adding packet headers to the generated encrypted data.Type: GrantFiled: December 10, 2004Date of Patent: March 16, 2010Assignee: Panasonic CorporationInventors: Yoshihiro Morioka, Yasushi Ayaki, Naoshi Usuki
-
Patent number: 7673148Abstract: An application for updating, distributing, and rendering an application feature set and application versions is disclosed. The application component allows multiple versions of similar applications to be installed and upgraded on the same computer. Meanwhile, allowing new product levels downloads to transform an existing product into a different product.Type: GrantFiled: October 15, 2004Date of Patent: March 2, 2010Assignee: Microsoft CorporationInventors: Song Zou, Rick Molloy, Robert Hernon, Jared Reisinger
-
Patent number: 7657758Abstract: A processing apparatus including an internal circuit having a CPU and internal devices and an external circuit including external devices provided externally of the internal circuit, and the like, and is aimed to prevent illicit access and reverse engineering. The internal circuit including a CPU, internal devices and a bus line connecting the CPU to the internal devices and extending externally, and the external circuit including external devices provided externally of an externally extending portion of the bus line. The internal circuit further including a ciphering section 120 provided at an entrance to an external side and ciphering addresses and data on the bus line by ciphering patterns according to a plurality of regions divided from an address space allotted to the entire external devices.Type: GrantFiled: December 20, 2000Date of Patent: February 2, 2010Assignee: Fujitsu LimitedInventors: Yusuke Kawasaki, Hiroshi Sakurai, Shigeru Hashimoto, Koken Yamamoto
-
Patent number: 7657757Abstract: The present disclosure relates generally to semiconductor devices and related methods of operation. A semiconductor device is disclosed that comprises at least one cipher interface (126, 128) to a plurality of different cipher hardware modules (112, 114, 116) and central mode control logic (130-138, 106) responsive to the at least one cipher interface (126, 128). The central mode control logic (130-138, 106) is configured to provide a cipher operation in accordance with a selected cipher mode (104) in connection with at least one of the plurality of different cipher hardware modules (112, 114, 116).Type: GrantFiled: April 30, 2003Date of Patent: February 2, 2010Assignee: Freescale Semiconductor, Inc.Inventor: Joel Feldman
-
Patent number: 7653820Abstract: A system for securely using decryption keys during FPGA configuration includes a FPGA having a microcontroller for receiving a bitstream having an encrypted bitstream portion as well as a configuration boot program. The configuration boot program can be code that runs on an embedded hardware microcontroller or a software microcontroller. The system further includes a key storage register coupled to the microcontroller for storing key data from the microcontroller, a decryptor coupled to the key storage register, and a configuration data register in the FPGA. Preferably, only the decryptor can read from the key storage register and the configuration data register cannot be read by the microcontroller after the decryptor is used.Type: GrantFiled: October 31, 2003Date of Patent: January 26, 2010Assignee: Xilinx, Inc.Inventor: Stephen M. Trimberger
-
Patent number: 7649992Abstract: A processor is provided that includes inputs to receive headers and payloads of messages in block form, a cipher key, a counter block, and an indication that a data block is ready to be received at the processor's first input, and that outputs a data block processes according to a CCM protocol and a signal requesting the provision of a data block at the processor input. The processor also includes first and second cipher circuits generating ciphered results that are a function of a input data block and an input cipher key. Furthermore, the processor includes a controller that processes a first sequence of data blocks through the first cipher circuit to generate a message integrity code and a second sequence of data blocks through the second cipher circuit to generate a set of ciphered data blocks.Type: GrantFiled: January 6, 2006Date of Patent: January 19, 2010Assignee: Fujitsu LimitedInventors: Kartik Raju, Mehmet Un
-
Publication number: 20100011200Abstract: Protecting the integrity and the effectiveness of a security agent that is installed in a user's device while the user's device operates online or offline. The security agent may be used for enforcing a security policy required by an organization or network to which the user's computer belongs. One aspect of exemplary embodiments of the present invention is to associate the content of one or more storage devices of the user's computer with the security agent and with a boot-loader program used by the user's computer.Type: ApplicationFiled: May 21, 2007Publication date: January 14, 2010Inventor: Avner Rosenan
-
Patent number: 7644288Abstract: An image forming apparatus is disclosed, the image forming apparatus including a storing unit that stores a program in accordance with which the image forming apparatus operates, an acquiring unit that acquires an update program from an external source, and an updating unit. Before updating the program stored in the storing unit, the updating unit determines whether the update program acquired by the acquiring unit is authentic by checking the electronic signature of the update unit. If the updating unit determines that the update program acquired by the acquiring unit is authentic, the updating unit updates the program stored in the storing unit. Accordingly, the image forming apparatus can improve the reliability of the update program.Type: GrantFiled: March 17, 2004Date of Patent: January 5, 2010Assignee: Ricoh Company, Ltd.Inventors: Hisanori Kawaura, Nobuhito Inami
-
Patent number: 7644259Abstract: A customizable option ROM image that allows a user to modify certain features of a ROM image is described. In one embodiment, a plurality of configuration ROM image modules is provided to a user. These modules may be bundled in a single file along with a software interface application that allows the user to customize one or more of the modules. In particular, the software application provides a simple interface so that a user may identify and change particular ROM image features. Thereafter, a ROM image is built using the modules, some of which may have been modified, so that it may be installed within the customer's system.Type: GrantFiled: October 18, 2005Date of Patent: January 5, 2010Assignee: LSI CorporationInventors: Brett Henning, Lawrence Rawe, Roy Wade
-
Patent number: 7639798Abstract: The present invention provides a high speed data encryption architecture in which fabric elements are communicatively coupled to one another via a hardwired interconnect. Each of the fabric elements includes a plurality of wide field programmable gate array (FPGA) blocks used for wide datapaths and a plurality of narrow FPGA blocks used for narrow datapaths. Each of the plurality of wide FPGA blocks and each of the plurality of narrow FPGA blocks are communicatively coupled to each other. A control block is communicatively coupled to each of the fabric elements via the hardwired interconnect to provide control signals to each of the fabric elements. The fabric elements are used to implement cryptographic algorithms.Type: GrantFiled: September 15, 2005Date of Patent: December 29, 2009Assignee: Rockwell Collins, Inc.Inventors: Mark A. Bortz, Philippe M. T. Limondin, T. Douglas Hiratzka
-
Publication number: 20090319805Abstract: Techniques are described for performing decryption using a key-specific decryption engine. A message including an encrypted data portion is received. The encrypted data portion is formed by performing a symmetric encryption operation using a symmetric key. The encrypted data portion is decrypted using a key-specific decryption engine which does not use the symmetric key as an input. Also described are techniques for generating the key-specific decryption engine which may be implemented using boolean functions determined for the symmetric key.Type: ApplicationFiled: June 11, 2008Publication date: December 24, 2009Applicant: MICROSOFT CORPORATIONInventor: Boris Asipov
-
Patent number: 7636859Abstract: A method of authorizing transfer of software into an embedded system, comprising the steps of obtaining a hardware identification code (HWID) relating to one of a service/recalibration tool and an embedded system, obtaining a software identification code (SWID) relating to at least a portion of software information that is not resident in the embedded system but is to be downloaded into the embedded system, creating a password as a function of the HWID and the SWID, and downloading a password-protected portion of the software information from the service/recalibration tool into the embedded system based on the password.Type: GrantFiled: August 30, 2005Date of Patent: December 22, 2009Assignee: Cummins Inc.Inventors: Lincoln M. Little, Mark P. McNulty
-
Patent number: 7636439Abstract: Data to be encrypted is effectively encrypted by a data delivery system for encrypting the data to be encrypted with a transmitting apparatus and decrypting a cipher thereof with a receiving apparatus. In a configuration for encrypting and decrypting the data to be encrypted by using a random number sequence generated by a random number generating portion for generating the random number sequence uniquely decided from an input parameter, the transmitting apparatus generates the input parameter to perform encryption based on metadata of the data to be encrypted while the receiving apparatus generates the input parameter to perform cipher decryption based on the metadata embedded in the data to be encrypted.Type: GrantFiled: September 9, 2005Date of Patent: December 22, 2009Assignee: Hitachi Kokusai Electric, Inc.Inventors: Sumie Nakabayashi, Kazuhito Yaegashi, Munemitsu Kuwabara, Hirotake Usami
-
Patent number: 7634666Abstract: A crypto-engine for cryptographic processing has an arithmetic unit and an interface controller for managing communications between the arithmetic unit and a host processor. The arithmetic unit has a memory unit for storing and loading data and arithmetic units for performing arithmetic operations on the data. The memory and arithmetic units are controlled by an arithmetic controller.Type: GrantFiled: August 15, 2003Date of Patent: December 15, 2009Assignee: Cityu Research LimitedInventors: Lee Ming Cheng, Ting On Ngan, Ka Wai Hau
-
Patent number: 7634521Abstract: A copy of the raw data on physical disk of an inaccessible source file is automatically generated in an accessible target file. When accessed, the copy of the raw data of the inaccessible source file in the accessible target file can be read allowing a user or application to evaluate the data of the accessible target file, and thus indirectly the raw data of the inaccessible source file. In some embodiments, the copy of the raw data is evaluated for malicious code, allowing a user or application to take protective actions, such as deleting the inaccessible source file. Where the raw data of the inaccessible source file is encrypted, the copy of the raw data is automatically decrypted by the operating system when read yielding unencrypted data. Where the raw data of the inaccessible source file is compressed, the copy of the raw data is automatically decompressed by the operating system when read yielding uncompressed data.Type: GrantFiled: April 27, 2006Date of Patent: December 15, 2009Assignee: Symantec CorporationInventors: Michael Paul Spertus, Timothy Michael Naftel
-
Patent number: 7627119Abstract: In order to protect control programs against unauthorized analysis and use during transport via public networks, asymmetrical keys are used. Following the compilation of the control program in the engineering system belonging to the supplier, the program is encrypted in a postprocessor and exported into a public web server. The customer loads the encrypted program into his long-term data holder, imports it into his engineering system and can edit it there in order to configure the control system. Only after editing are the encrypted parts of the program decrypted in a preprocessor and forwarded to the compiler.Type: GrantFiled: November 13, 2001Date of Patent: December 1, 2009Assignee: Siemens AktiengesellschaftInventor: Jürgen Büssert
-
Patent number: 7627902Abstract: A method and system is provided of managing a current software item on a managed computer system connectable to a management computer system via a computer network. The method includes identifying, using an agent application, the current software item on the managed computer system, identifying if the current software item is an unauthorized software item; and selectively disabling the unauthorized software item.Type: GrantFiled: February 20, 2003Date of Patent: December 1, 2009Assignee: Dell Marketing USA, L.P.Inventors: Russell S. Rive, Peter Joshua Rive
-
Patent number: 7624444Abstract: A method of detecting intrusions on a computer includes the step of identifying an internet protocol field range describing fields within internet protocol packets received by a computer. A connectivity range is also established which describes a distribution of network traffic received by the computer. An internet protocol field threshold and a connectivity threshold are then determined from the internet protocol field range and connectivity range, respectively. During the operation of the computer, values are calculated for the internet protocol field range and connectivity range. These values are compared to the internet protocol metric threshold and connectivity metric threshold so as to identify an intrusion on the computer.Type: GrantFiled: June 13, 2002Date of Patent: November 24, 2009Assignee: McAfee, Inc.Inventors: Ramesh M. Gupta, Parveen K. Jain, Keith E. Amidon, Fengmin Gong, Srikant Vissamsetti, Steve M. Haeffele, Ananth Raman
-
Patent number: 7613932Abstract: A method and system for controlling access to features on an electronic device, such as a printer, is disclosed. The electronic device is shipped with multiple software features, but one or more of the features may be disabled. According to aspects of the present invention, when a customer subsequently licenses or purchases one of the disabled features, the feature is enabled as follows. A key corresponding to the disabled feature is stored on a portable storage device. When the portable storage device is inserted into the electronic device, the key is customized based on device-specific information of the electronic device, thereby reducing a possibility that the key can be copied and used for enabling the feature on more than one device. The customized key is then used to enable the feature in the electronic device.Type: GrantFiled: April 24, 2003Date of Patent: November 3, 2009Assignee: International Business Machines CorporationInventors: Kara L. Nance, J. Douglas Henley
-
Patent number: 7610477Abstract: Systems and/or methods that enable secure deployment and/or receipt of an operating system and updates for the operating system to a bare computer across a network susceptible to malicious communication are described. These systems and/or methods can, in one embodiment, securely deploy an image having an operating system and enable secure receipt of an update for the operating system, both via a network susceptible to malicious communication. They can also, in another embodiment, enable a bare computer added to a network to have an operating system deployed to it and updated via the network before the bare computer is subjected to malicious code communicated over the network.Type: GrantFiled: September 15, 2004Date of Patent: October 27, 2009Assignee: Microsoft CorporationInventors: Martin L. Holladay, Mukesh Karki, Parthasarathy Narayanan
-
Patent number: 7599492Abstract: A system, method and computer program product for recovering a key used to produce a ciphertext document from a plaintext document, including, in the ciphertext document encrypted using an N-bit key, identifying location of an M-bit control value; converting the control value to an M-bit portion of a gamma that corresponds to (a) the ciphertext document and (b) the N-bit key; accessing a file that corresponds to the M-bit portion of the gamma, wherein the file includes approximately 2N-M keys that correspond to the M-bit portion of the gamma out of the 2N keys; testing the 2N-M keys using a cryptographic key validity function, until a valid key is found; and decrypting the ciphertext document using the valid key to produce the plaintext document. The keys in the file can be tested sequentially. The file can be requested from a server prior to accessing it, or can be local. The name of the file can include the M-bit portion of the gamma.Type: GrantFiled: April 17, 2006Date of Patent: October 6, 2009Assignee: Elcomsoft Co. Ltd.Inventors: Andrey E. Malyshev, Dmitry V. Sklyarov, Vladimir Y. Katalov, Ivan V. Golubev
-
Publication number: 20090248905Abstract: Configuration information settings for a storage device are made highly reliable and facilitated. The storage device includes a service processor for setting storage device configuration information, and a terminal device connected to the service processor via a private line to send a command group, received from an operator and related to the storage device configuration information, to the service processor. The service processor also includes a device for determining approval or denial of execution of the command group prior to execution of the command group received from the terminal device.Type: ApplicationFiled: June 8, 2009Publication date: October 1, 2009Applicant: Hitachi, Ltd.Inventors: Toshimichi KISHIMOTO, Yoshinori Igarashi, Shuichi Yagi
-
Patent number: 7593526Abstract: A method and apparatus are disclosed for compressing Rabin signatures. The disclosed compression scheme compresses a Rabin signature, s, for a user having a public key, n, based on a continued fraction expansion of s/n. The continued fraction expansion of s/n can be performed by (i) computing principal convergents, ui/vi, for i equal to 1 to k, of a continued fraction expansion of s/n, where k is a largest integer for which principal convergents are defined; establishing an index l, such that vl<?{square root over (n)}?vl+1; and generating a compressed Rabin signature (vl, m) for a message, m.Type: GrantFiled: January 23, 2004Date of Patent: September 22, 2009Assignee: Alcatel-Lucent USA Inc.Inventor: Daniel Bleichenbacher
-
Patent number: 7594119Abstract: A system for detecting the time exceeding conditions of at least one application being executed by a processor, including: an element for storing time conditions, the conditions being sorted by increasing deadline order; a register for storing the condition closest to the current date; and a comparator of the deadline contained in the register with the current date of the system.Type: GrantFiled: September 23, 2003Date of Patent: September 22, 2009Assignee: STMicroelectronics S.A.Inventors: Sophie Gabriele, William Orlando