Upgrade/install Encryption Patents (Class 713/191)
  • Patent number: 7774617
    Abstract: A mechanism is provided for masking a boot sequence by providing a dummy processor. With the mechanism, one of the processors of a multiprocessor system is chosen to be a boot processor. The other processors of the multiprocessor system execute masking code that generates electromagnetic and/or thermal signatures that mask the electromagnetic and/or thermal signatures of the actual boot processor. The execution of the masking code on the non-boot processors preferably generates electromagnetic and/or thermal signatures that approximate the signatures of the actual boot code execution on the boot processor. One of the non-boot processors is selected to execute masking code that is different from the other masking code sequence to thereby generate a electromagnetic and/or thermal signature that appears to be unique from an external monitoring perspective.
    Type: Grant
    Filed: May 15, 2008
    Date of Patent: August 10, 2010
    Assignee: International Business Machines Corporation
    Inventors: Jason N. Dale, Jonathan J. DeMent, Clark M. O'Niell, Steven L. Roberts
  • Patent number: 7774619
    Abstract: New code routines for a secure system (e.g., a TPM) are stored in a memory (e.g., a flash memory) that is located external to the secure system. For example, a chip may include a TPM and an external flash memory may be connected to the chip. New routines for the TPM may then be stored in the flash. A function table may be used to determine whether a given function to be executed by the TPM is stored in on-chip memory (e.g., ROM) or in the flash. New function tables may be stored in the flash. For example, when a new set of functions is loaded into the flash, a new function table that references the new functions also may be loaded into the flash.
    Type: Grant
    Filed: October 13, 2005
    Date of Patent: August 10, 2010
    Assignee: Broadcom Corporation
    Inventors: Timothy R. Paaske, Jeffrey C. Glover
  • Publication number: 20100195833
    Abstract: A mobile terminal for use with a cellular or mobile telecommunications network includes a normal execution environment (operating system) (30) and a secure execution environment (32) comprising a Mobile Trusted Module (MTM). The mobile terminal enables the software of the terminal in the secure execution environment (32) to be updated. The terminal 1 may be provided with minimal software initially in the secure execution environment (32), and is operable to subsequently update the software by over the air transmission of software. Also disclosed is a method for managing rights in respect of broadcast, multicast and/or unicast (downloaded) data, relevant in particular to managing access to a broadcast video data stream complying with a mobile digital broadcast scheme. The method defines a service protection platform implemented on mobile terminals having both normal execution environment (i.e. the operating system) and secure execution environment.
    Type: Application
    Filed: July 13, 2007
    Publication date: August 5, 2010
    Applicant: VODAFONE GROUP PLC
    Inventors: Mark Priestley, Timothy Wright, Caroline Jessica Belrose, Nicholas Bone, James Irwin
  • Patent number: 7765409
    Abstract: A modular BIOS update mechanism provides a standardized method to update options ROMs and to provide video and processor microcode upgrades in a computer system without requiring a complete replacement of the system BIOS. The MBU mechanism provides several advantages. First, new features and BIOS bugs from earlier release may be delivered to an installed base of end-user systems even if direct OEM support cannot be identified. Also, BIOS components may be provided as a validated set of revisions. With resort to a validation matrix, BIOS updates may be managed easily. The modular BIOS update is particularly useful in systems having several independent BIOS's stored within unitary firmware.
    Type: Grant
    Filed: April 27, 2007
    Date of Patent: July 27, 2010
    Assignee: Intel Corporation
    Inventors: Andrew H. Gafken, Todd D. Wilson, Tom Dodson, John V. Lovelace
  • Patent number: 7752676
    Abstract: Provided are a method, system and article of manufacture, wherein a request to access data is received from a requestor. A determination is made as to whether the requestor is authorized to access the data. In response to determining that the requestor is authorized to access the data, a determination is made as to whether the data is encrypted. An encryption key is requested from the requester, in response to determining that the data is not encrypted.
    Type: Grant
    Filed: April 18, 2006
    Date of Patent: July 6, 2010
    Assignee: International Business Machines Corporation
    Inventors: Michael Howard Hartung, Yu-Cheng Hsu, Robert Frederic Kern
  • Patent number: 7742597
    Abstract: An encryption system includes a plurality of encryption operations including individual encryption operations and group encryption operations available for application in the encryption of data. The plurality of encryption operations are selected from the group consisting of functional variance, functional alignment, mathematical offset, wide XOR function, short logical rotation, long logical rotation, functional order, and address encryption. The system includes at least one round of encryption composed of a first encryption operation and a second encryption operation. The first encryption operation is selected from the plurality of encryption operations acting upon input data to generate a first encrypted data set. The second encryption operation is selected from the plurality of encryption operations acting upon the first encrypted data set to generate a second encrypted data set. The first encryption operation and the second encryption operation are different.
    Type: Grant
    Filed: December 28, 2007
    Date of Patent: June 22, 2010
    Inventor: James M. Lewis
  • Patent number: 7739519
    Abstract: A secure device is provided that can store programs therein, the secure device including: a low-protection level storage unit; a high-protection level storage unit; a program acquiring unit that acquires a program and corresponding additional information, the additional information used for determining a storage destination of the acquired program; an additional information analyzing unit that stores the acquired program in one of the low-protection level storage unit and the high-protection level storage unit, according to additional information; an area searching unit; a protection level judging unit; and a program storing unit.
    Type: Grant
    Filed: May 25, 2007
    Date of Patent: June 15, 2010
    Assignee: Panasonic Corporation
    Inventors: Natsume Matsuzaki, Kazuo Sakushima, Makoto Tatebayashi
  • Patent number: 7739739
    Abstract: An apparatus and program product initiate generation of a metafile at a client computer. The metafile is evaluated at a network server for a potential viral risk. Program code executing at the server may correlate the evaluated potential risk to a risk level stored in a database. The program code may attach a color designator or other assignment indicative of the assessed risk level to the data. A user at the client computer may act on the data based on the attached risk level.
    Type: Grant
    Filed: July 9, 2008
    Date of Patent: June 15, 2010
    Assignee: Trend Micro Incorporated
    Inventors: Richard Dean Dettinger, Frederick Allyn Kulack
  • Patent number: 7730318
    Abstract: Application factoring or partitioning is used to integrate secure features into a conventional application. An application's functionality is partitioned into two sets according to whether a given action does, or does not, involve the handling of sensitive data. Separate software objects (processors) are created to perform these two sets of actions. A trusted processor handles secure data and runs in a high-assurance environment. When another processor encounters secure data, that data is sent to the trusted processor. The data is wrapped in such a way that allows it to be routed to the trusted processor, and prevents the data from being deciphered by any entity other than the trusted processor. An infrastructure is provided that wraps objects, routes them to the correct processor, and allows their integrity to be attested through a chain of trust leading back to base component that is known to be trustworthy.
    Type: Grant
    Filed: October 24, 2003
    Date of Patent: June 1, 2010
    Assignee: Microsoft Corporation
    Inventors: Thekkthalackal Varugis Kurien, Kenneth D. Ray, Marcus Peinado, Paul England
  • Patent number: 7730325
    Abstract: A verification system has an operational component registry 10 that includes an interface 20, a memory device 30, and a processor 40. Preferably, the interface 20 in the operational component registry 10 communicates the installed identification data 50 from the gaming units 60 to the operational component registry. The memory device 30 preferably stores registered identification data 70 for the gaming units 60. Preferably, the processor 40 in the operational component registry 10 then analyzes the registered identification data 70 and the installed identification data 50 from the gaming units 60, after which enablement of the gaming units is determined based upon the examination of the registered identification data and the installed identification data. An operational component registry 10 may also monitor changes, services, requirements, enablement, and productivity of the gaming units or components of the gaming units.
    Type: Grant
    Filed: April 30, 2004
    Date of Patent: June 1, 2010
    Assignee: Bally Gaming, Inc.
    Inventors: James Morrow, Marvin Hein
  • Patent number: 7730296
    Abstract: Aspects of the invention provide a method and system for coding information in a communication channel. More particularly, aspects of the invention provide an method and system for synchronous running encryption and/or encoding and corresponding decryption and decoding in a communication channel or link. Aspects of the method may include encoding and/or encrypting a first data using a first or second encoding table and/or a first or second encryption table. The method may indicate which one of the first or second encoding tables or which one of the first or second encryption tables were utilized for encoding and/or encrypting the said first data. The encoded and/or encrypted first data may subsequently be transferred downstream and decoded by synchronous decoder/decryptor using a corresponding decoding and/or decryption table. The corresponding decoding and/or decryption table may be determined based on the indicated first and/or second encoding and/or encrypting tables.
    Type: Grant
    Filed: June 4, 2003
    Date of Patent: June 1, 2010
    Assignee: Broadcom Corporation
    Inventor: Martin Lund
  • Patent number: 7730324
    Abstract: The present invention provides a method for controlling copyrights of digital data in a database system including real time transmission of a digital picture. Copyrights are controlled using one or more of the following, as necessary, in addition to a permit key: a copyright control program, copyright information or copyright control message. The copyright control program, the copyright information and the copyright control message are supplied together with the permit key, or they are supplied together with the data. Otherwise, a part of them is supplied together with the permit key and the other part of them is supplied together with the data. The data, the permit key, the copyright control message, the copyright information and the copyright control program are (1) transmitted while encrypted, but are decrypted when used, or (2) they are transmitted while encrypted and decrypted for display only, otherwise remaining encrypted, or (3) they may not be encrypted at all.
    Type: Grant
    Filed: November 2, 2001
    Date of Patent: June 1, 2010
    Inventor: Makoto Saito
  • Patent number: 7730326
    Abstract: Improved approaches to update computer program code residing within a computing device are disclosed. By maintaining a former version of the computer program code, the computing device remains operable even if the update to the computer program code fails. Hence, the invention permits reliable updates to computer program code, which is particularly useful for firmware (e.g., boot-up code) of computing devices. For control and security, each version of computer program code can include authentication information. Before the computer program code is used, the computer program code can be required to be authenticated using the authentication information.
    Type: Grant
    Filed: November 12, 2004
    Date of Patent: June 1, 2010
    Assignee: Apple Inc.
    Inventors: Muthya Girish, Guy Bar-Nahum, David John Tupman
  • Patent number: 7725738
    Abstract: Circuits, methods, and apparatus that prevent detection and erasure of encoding or encryption keys. These encoding keys may be used to encode a configuration bitstream or other data for an FPGA or other device. An exemplary embodiment of the present invention masks a first key to form an encoding key in order to prevent detection of the first key. In a specific embodiment, the first key is encoded using a second key. The encoded key is used to encode a configuration bitstream or other data. The encoded key is stored on an FPGA or other device. When the device is to be configured, the encoded key is retrieved and used to decode the bitstream or other data. A further embodiment stores an encryption key in a one-time programmable memory (OTP) array to prevent its erasure or modification. The encoding key may be further obfuscated before storage.
    Type: Grant
    Filed: January 25, 2005
    Date of Patent: May 25, 2010
    Assignee: Altera Corporation
    Inventors: Martin Langhammer, Juju Joyce, Keone Streicher, David Jefferson, Srinivas Reddy, Nitin Prasad
  • Patent number: 7721104
    Abstract: A system is provided for downloading pushed content includes a terminal capable of receiving service loading content that identifies download content and has a digital signature. The terminal is capable of authenticating the service loading content based upon the digital signature, and if the service loading content is authenticated, pulling the download content to the terminal. In this regard, the terminal is capable of authenticating the service loading content, and pulling the download content, in response to receiving the service loading content and independent of interaction from a user of the terminal. The terminal can also be capable of determining if an interruption occurs in receiving the download content such that the terminal receives less than the entire download content. And if an interruption occurs, the terminal can be capable of recovering the download content such that the terminal receives the plurality of data packets.
    Type: Grant
    Filed: October 20, 2003
    Date of Patent: May 18, 2010
    Assignee: Nokia Corporation
    Inventors: Juha H. Salo, Janne La. Aaltonen, Guido Cugi
  • Patent number: 7720717
    Abstract: A mobile terminal device has an information processing unit that processes electronic money information and a storage unit that stores the electronic money information. A receiving unit receives from an electronic money server an electronic money identification (ID), a mobile terminal identification (ID) identifying the mobile terminal device, and a money information processing program for enabling the information processing unit to execute processing of the money information stored in the storage unit. An installation unit installs into the storage unit the money information processing program and the IDs received by the receiving unit. A sending unit sends to the electronic money server information necessary for enabling the electronic money server to provide electronic money service, the necessary information being sent to the electronic server before the receiving unit receives the money information processing and the IDs.
    Type: Grant
    Filed: March 5, 2004
    Date of Patent: May 18, 2010
    Assignee: Sony Corporation
    Inventors: Norihiko Fujita, Koji Ito, Hisanori Arai, Masaji Nagai
  • Patent number: 7716463
    Abstract: Systems and/or methods that enable secure deployment and/or receipt of an operating system and/or updates for the operating system to a computer across a network susceptible to malicious communication are described. These systems and/or methods can, in one embodiment, enable a bare computer added to a network to have an operating system deployed to it and updated via the network before the bare computer is subjected to malicious code communicated over the network.
    Type: Grant
    Filed: October 15, 2004
    Date of Patent: May 11, 2010
    Assignee: Microsoft Corporation
    Inventors: Martin L. Holladay, Mukesh Karki, Parthasarathy Narayanan
  • Patent number: 7703145
    Abstract: A method is described for controlling customer installations of software or data by providing to the customer an encrypted list of authorized installation targets, whereby the installation program reads and decrypts the list, and only allows installation to proceed if the customer's installation target has a serial number that matches one of the vendor-provided serial numbers in the authorization list. Provision is also made for allowing customers to add serial numbers to the list, within constraints predetermined by the software vendor. Also provided is a method for a customer to perform a predetermined number of installations, whereby the software maintains and decrements a counter in an encrypted file on a storage medium, keeping track of how many remaining installations a customer may perform.
    Type: Grant
    Filed: April 17, 2007
    Date of Patent: April 20, 2010
    Assignee: Aviation Communication & Surveillance Systems LLC
    Inventors: Desi Stelling, Timothy Schulze, Vance Walker
  • Patent number: 7702927
    Abstract: A field configurable device, such as an FPGA, supports secure field configuration without using non-volatile storage for cryptographic keys on the device and without requiring a continuous or ongoing power source to maintain a volatile storage on the device. The approach can be used to secure the configuration data such that it can in general be used on a single or a selected set of devices and/or encryption of the configuration data so that the encrypted configuration data can be exposed without compromising information encoded in the configuration data.
    Type: Grant
    Filed: November 14, 2005
    Date of Patent: April 20, 2010
    Assignee: Verayo, Inc.
    Inventors: Srinivas Devadas, Thomas J. Ziola
  • Patent number: 7702920
    Abstract: When a channel adapter (CHA) is replaced, the storage control device of the present invention deletes the security information held in the channel adapter to improve security. The CHA conducts encrypted communications with the host. Security information (encryption keys and the like) employed in encrypted communications is stored in the port memory of each communications port. When replacement of the CHA is designated, the processor causes the security information stored in the port memory to be saved to shared memory, and deletes the security information in the port memory. When a new CHA is installed, the security information stored in the shared memory is transferred to the port memory.
    Type: Grant
    Filed: September 19, 2005
    Date of Patent: April 20, 2010
    Assignee: Hitachi, Ltd.
    Inventor: Homare Okamoto
  • Patent number: 7697684
    Abstract: It is desired to share one circuit by an encryption unit 200 and a decryption unit 500. A normal data transformation unit (FL) 251 and an inverse data transformation unit (FL?1) 273 are located at point symmetry on a non-linear data transformation unit 220, and a normal data transformation unit (FL) 253 and an inverse data transformation unit (FL?1) 271 are located at point symmetry on the non-linear data transformation unit 220. Therefore, the encryption unit 200 and the decryption unit 500 can be configured using the same circuits.
    Type: Grant
    Filed: October 28, 2005
    Date of Patent: April 13, 2010
    Assignees: Mitsubishi Denki Kabushiki Kaisha, Nippon Telegraph and Telephone Corporation
    Inventors: Mitsuru Matsui, Toshio Tokita, Junko Nakajima, Masayuki Kanda, Shiho Moriai, Kazumaro Aoki
  • Patent number: 7694293
    Abstract: A network wherein a generator is communicatively coupled to an update store or repository employs an update package container or catalog (UPC) that may be used to save information, using an XML format. The UPC may comprise update packages for one or more devices, and one or more transitions of versions for each device. The UPC may also comprise metadata information and security information associated with each the update packages. The complete update packages and associated metadata may be incorporated into an UPC, or external references to the update packages may be provided.
    Type: Grant
    Filed: September 27, 2004
    Date of Patent: April 6, 2010
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventor: Bindu Rama Rao
  • Patent number: 7690033
    Abstract: In general, the invention relates to a method for securing a computer system. The method includes monitoring an operating system in the computer system and trapping, in response to the monitoring, a process system call where the process system call originated in a host executing in the computer system. Responsive to the trapping, an isolated user environment (IUE) is created in the computer system. Creating the IUE includes allocating memory and persistent storage for the IUE. In addition, the IUE includes a file system filter driver (FSFD) configured to redirect Input/Output (I/O) calls originating from the IUE to the persistent storage, and a network interface/NDIS hook component configured to control network traffic originating from the IUE and destined for the IUE. The method further includes, after creating the IUE, loading the process system call into the IUE and executing the process system call in the IUE.
    Type: Grant
    Filed: September 27, 2005
    Date of Patent: March 30, 2010
    Assignee: Exobox Technologies Corp.
    Inventor: Marcos Benjamine Pernia
  • Patent number: 7685435
    Abstract: An development environment of a high security level is provided for a key-installed system. Development of a program for a system having an LSI device which includes a secure memory is performed by providing another LSI device having the same structure and setting the provided LSI device to a development mode which is different from a product operation mode. Alternatively, the provided LSI device is set to an administrator mode to perform development and encryption of a key-generation program. The LSI device is set to a key-generation mode to execute the encrypted key-generation program, thereby generating various keys.
    Type: Grant
    Filed: July 23, 2003
    Date of Patent: March 23, 2010
    Assignee: Panasonic Corporation
    Inventors: Makoto Fujiwara, Yusuke Nemoto, Junichi Yasui, Takuji Maeda, Takayuki Ito, Yasushi Yamada, Shinji Inoue
  • Patent number: 7681035
    Abstract: A system and method of providing universal digital rights management system protection is described. One feature of the invention concerns systems and methods for repackaging and securing data packaged under any file format type, compression technique, or digital rights management system. Another feature of the invention is directed to systems and methods for securing data by providing scalability through the use of modular data manipulation software objects.
    Type: Grant
    Filed: September 10, 2003
    Date of Patent: March 16, 2010
    Assignee: RealNetworks, Inc.
    Inventors: Jeffrey M. Ayars, Bradley D. Hefta-Gaub, Daniel Sheeran
  • Patent number: 7681044
    Abstract: A processor includes an execution unit configured to execute a program, a bus coupled to the execution unit, a local memory coupled to the bus, a DMA unit coupled to the bus, and an interface to couple the bus to an exterior, wherein the DMA unit is configured to perform a DMA transfer process in response to instruction from the execution unit, to load information by the DMA transfer process from the exterior through the interface, to decrypt the loaded information, and to write the decrypted information to the local memory by the DMA transfer process.
    Type: Grant
    Filed: September 14, 2005
    Date of Patent: March 16, 2010
    Assignee: Fujitsu Microelectronics Limited
    Inventor: Seiji Goto
  • Patent number: 7681244
    Abstract: To provide a packet transmitter apparatus which can transmit contents protected by a content protection technique such as DTCP or the like, using packets such as IP packets which have become widespread. The packet transmitter apparatus includes a transmitting condition setting management unit (404) which extracts at least one of charge information, playback control information and copy control information of AV data from the inputted non-AV data or AV data and generates, based on the extracted information, encryption mode information indicating an encryption mode which becomes a condition at the time of transmitting the AV data; an encrypted data generation unit (406) which generates encrypted data by encrypting, based on the transmitting condition, the inputted AV data and adding encryption information headers based on the encryption mode information to the encrypted AV data; and a packet generation unit (403) which generates packets by adding packet headers to the generated encrypted data.
    Type: Grant
    Filed: December 10, 2004
    Date of Patent: March 16, 2010
    Assignee: Panasonic Corporation
    Inventors: Yoshihiro Morioka, Yasushi Ayaki, Naoshi Usuki
  • Patent number: 7673148
    Abstract: An application for updating, distributing, and rendering an application feature set and application versions is disclosed. The application component allows multiple versions of similar applications to be installed and upgraded on the same computer. Meanwhile, allowing new product levels downloads to transform an existing product into a different product.
    Type: Grant
    Filed: October 15, 2004
    Date of Patent: March 2, 2010
    Assignee: Microsoft Corporation
    Inventors: Song Zou, Rick Molloy, Robert Hernon, Jared Reisinger
  • Patent number: 7657758
    Abstract: A processing apparatus including an internal circuit having a CPU and internal devices and an external circuit including external devices provided externally of the internal circuit, and the like, and is aimed to prevent illicit access and reverse engineering. The internal circuit including a CPU, internal devices and a bus line connecting the CPU to the internal devices and extending externally, and the external circuit including external devices provided externally of an externally extending portion of the bus line. The internal circuit further including a ciphering section 120 provided at an entrance to an external side and ciphering addresses and data on the bus line by ciphering patterns according to a plurality of regions divided from an address space allotted to the entire external devices.
    Type: Grant
    Filed: December 20, 2000
    Date of Patent: February 2, 2010
    Assignee: Fujitsu Limited
    Inventors: Yusuke Kawasaki, Hiroshi Sakurai, Shigeru Hashimoto, Koken Yamamoto
  • Patent number: 7657757
    Abstract: The present disclosure relates generally to semiconductor devices and related methods of operation. A semiconductor device is disclosed that comprises at least one cipher interface (126, 128) to a plurality of different cipher hardware modules (112, 114, 116) and central mode control logic (130-138, 106) responsive to the at least one cipher interface (126, 128). The central mode control logic (130-138, 106) is configured to provide a cipher operation in accordance with a selected cipher mode (104) in connection with at least one of the plurality of different cipher hardware modules (112, 114, 116).
    Type: Grant
    Filed: April 30, 2003
    Date of Patent: February 2, 2010
    Assignee: Freescale Semiconductor, Inc.
    Inventor: Joel Feldman
  • Patent number: 7653820
    Abstract: A system for securely using decryption keys during FPGA configuration includes a FPGA having a microcontroller for receiving a bitstream having an encrypted bitstream portion as well as a configuration boot program. The configuration boot program can be code that runs on an embedded hardware microcontroller or a software microcontroller. The system further includes a key storage register coupled to the microcontroller for storing key data from the microcontroller, a decryptor coupled to the key storage register, and a configuration data register in the FPGA. Preferably, only the decryptor can read from the key storage register and the configuration data register cannot be read by the microcontroller after the decryptor is used.
    Type: Grant
    Filed: October 31, 2003
    Date of Patent: January 26, 2010
    Assignee: Xilinx, Inc.
    Inventor: Stephen M. Trimberger
  • Patent number: 7649992
    Abstract: A processor is provided that includes inputs to receive headers and payloads of messages in block form, a cipher key, a counter block, and an indication that a data block is ready to be received at the processor's first input, and that outputs a data block processes according to a CCM protocol and a signal requesting the provision of a data block at the processor input. The processor also includes first and second cipher circuits generating ciphered results that are a function of a input data block and an input cipher key. Furthermore, the processor includes a controller that processes a first sequence of data blocks through the first cipher circuit to generate a message integrity code and a second sequence of data blocks through the second cipher circuit to generate a set of ciphered data blocks.
    Type: Grant
    Filed: January 6, 2006
    Date of Patent: January 19, 2010
    Assignee: Fujitsu Limited
    Inventors: Kartik Raju, Mehmet Un
  • Publication number: 20100011200
    Abstract: Protecting the integrity and the effectiveness of a security agent that is installed in a user's device while the user's device operates online or offline. The security agent may be used for enforcing a security policy required by an organization or network to which the user's computer belongs. One aspect of exemplary embodiments of the present invention is to associate the content of one or more storage devices of the user's computer with the security agent and with a boot-loader program used by the user's computer.
    Type: Application
    Filed: May 21, 2007
    Publication date: January 14, 2010
    Inventor: Avner Rosenan
  • Patent number: 7644288
    Abstract: An image forming apparatus is disclosed, the image forming apparatus including a storing unit that stores a program in accordance with which the image forming apparatus operates, an acquiring unit that acquires an update program from an external source, and an updating unit. Before updating the program stored in the storing unit, the updating unit determines whether the update program acquired by the acquiring unit is authentic by checking the electronic signature of the update unit. If the updating unit determines that the update program acquired by the acquiring unit is authentic, the updating unit updates the program stored in the storing unit. Accordingly, the image forming apparatus can improve the reliability of the update program.
    Type: Grant
    Filed: March 17, 2004
    Date of Patent: January 5, 2010
    Assignee: Ricoh Company, Ltd.
    Inventors: Hisanori Kawaura, Nobuhito Inami
  • Patent number: 7644259
    Abstract: A customizable option ROM image that allows a user to modify certain features of a ROM image is described. In one embodiment, a plurality of configuration ROM image modules is provided to a user. These modules may be bundled in a single file along with a software interface application that allows the user to customize one or more of the modules. In particular, the software application provides a simple interface so that a user may identify and change particular ROM image features. Thereafter, a ROM image is built using the modules, some of which may have been modified, so that it may be installed within the customer's system.
    Type: Grant
    Filed: October 18, 2005
    Date of Patent: January 5, 2010
    Assignee: LSI Corporation
    Inventors: Brett Henning, Lawrence Rawe, Roy Wade
  • Patent number: 7639798
    Abstract: The present invention provides a high speed data encryption architecture in which fabric elements are communicatively coupled to one another via a hardwired interconnect. Each of the fabric elements includes a plurality of wide field programmable gate array (FPGA) blocks used for wide datapaths and a plurality of narrow FPGA blocks used for narrow datapaths. Each of the plurality of wide FPGA blocks and each of the plurality of narrow FPGA blocks are communicatively coupled to each other. A control block is communicatively coupled to each of the fabric elements via the hardwired interconnect to provide control signals to each of the fabric elements. The fabric elements are used to implement cryptographic algorithms.
    Type: Grant
    Filed: September 15, 2005
    Date of Patent: December 29, 2009
    Assignee: Rockwell Collins, Inc.
    Inventors: Mark A. Bortz, Philippe M. T. Limondin, T. Douglas Hiratzka
  • Publication number: 20090319805
    Abstract: Techniques are described for performing decryption using a key-specific decryption engine. A message including an encrypted data portion is received. The encrypted data portion is formed by performing a symmetric encryption operation using a symmetric key. The encrypted data portion is decrypted using a key-specific decryption engine which does not use the symmetric key as an input. Also described are techniques for generating the key-specific decryption engine which may be implemented using boolean functions determined for the symmetric key.
    Type: Application
    Filed: June 11, 2008
    Publication date: December 24, 2009
    Applicant: MICROSOFT CORPORATION
    Inventor: Boris Asipov
  • Patent number: 7636859
    Abstract: A method of authorizing transfer of software into an embedded system, comprising the steps of obtaining a hardware identification code (HWID) relating to one of a service/recalibration tool and an embedded system, obtaining a software identification code (SWID) relating to at least a portion of software information that is not resident in the embedded system but is to be downloaded into the embedded system, creating a password as a function of the HWID and the SWID, and downloading a password-protected portion of the software information from the service/recalibration tool into the embedded system based on the password.
    Type: Grant
    Filed: August 30, 2005
    Date of Patent: December 22, 2009
    Assignee: Cummins Inc.
    Inventors: Lincoln M. Little, Mark P. McNulty
  • Patent number: 7636439
    Abstract: Data to be encrypted is effectively encrypted by a data delivery system for encrypting the data to be encrypted with a transmitting apparatus and decrypting a cipher thereof with a receiving apparatus. In a configuration for encrypting and decrypting the data to be encrypted by using a random number sequence generated by a random number generating portion for generating the random number sequence uniquely decided from an input parameter, the transmitting apparatus generates the input parameter to perform encryption based on metadata of the data to be encrypted while the receiving apparatus generates the input parameter to perform cipher decryption based on the metadata embedded in the data to be encrypted.
    Type: Grant
    Filed: September 9, 2005
    Date of Patent: December 22, 2009
    Assignee: Hitachi Kokusai Electric, Inc.
    Inventors: Sumie Nakabayashi, Kazuhito Yaegashi, Munemitsu Kuwabara, Hirotake Usami
  • Patent number: 7634666
    Abstract: A crypto-engine for cryptographic processing has an arithmetic unit and an interface controller for managing communications between the arithmetic unit and a host processor. The arithmetic unit has a memory unit for storing and loading data and arithmetic units for performing arithmetic operations on the data. The memory and arithmetic units are controlled by an arithmetic controller.
    Type: Grant
    Filed: August 15, 2003
    Date of Patent: December 15, 2009
    Assignee: Cityu Research Limited
    Inventors: Lee Ming Cheng, Ting On Ngan, Ka Wai Hau
  • Patent number: 7634521
    Abstract: A copy of the raw data on physical disk of an inaccessible source file is automatically generated in an accessible target file. When accessed, the copy of the raw data of the inaccessible source file in the accessible target file can be read allowing a user or application to evaluate the data of the accessible target file, and thus indirectly the raw data of the inaccessible source file. In some embodiments, the copy of the raw data is evaluated for malicious code, allowing a user or application to take protective actions, such as deleting the inaccessible source file. Where the raw data of the inaccessible source file is encrypted, the copy of the raw data is automatically decrypted by the operating system when read yielding unencrypted data. Where the raw data of the inaccessible source file is compressed, the copy of the raw data is automatically decompressed by the operating system when read yielding uncompressed data.
    Type: Grant
    Filed: April 27, 2006
    Date of Patent: December 15, 2009
    Assignee: Symantec Corporation
    Inventors: Michael Paul Spertus, Timothy Michael Naftel
  • Patent number: 7627119
    Abstract: In order to protect control programs against unauthorized analysis and use during transport via public networks, asymmetrical keys are used. Following the compilation of the control program in the engineering system belonging to the supplier, the program is encrypted in a postprocessor and exported into a public web server. The customer loads the encrypted program into his long-term data holder, imports it into his engineering system and can edit it there in order to configure the control system. Only after editing are the encrypted parts of the program decrypted in a preprocessor and forwarded to the compiler.
    Type: Grant
    Filed: November 13, 2001
    Date of Patent: December 1, 2009
    Assignee: Siemens Aktiengesellschaft
    Inventor: Jürgen Büssert
  • Patent number: 7627902
    Abstract: A method and system is provided of managing a current software item on a managed computer system connectable to a management computer system via a computer network. The method includes identifying, using an agent application, the current software item on the managed computer system, identifying if the current software item is an unauthorized software item; and selectively disabling the unauthorized software item.
    Type: Grant
    Filed: February 20, 2003
    Date of Patent: December 1, 2009
    Assignee: Dell Marketing USA, L.P.
    Inventors: Russell S. Rive, Peter Joshua Rive
  • Patent number: 7624444
    Abstract: A method of detecting intrusions on a computer includes the step of identifying an internet protocol field range describing fields within internet protocol packets received by a computer. A connectivity range is also established which describes a distribution of network traffic received by the computer. An internet protocol field threshold and a connectivity threshold are then determined from the internet protocol field range and connectivity range, respectively. During the operation of the computer, values are calculated for the internet protocol field range and connectivity range. These values are compared to the internet protocol metric threshold and connectivity metric threshold so as to identify an intrusion on the computer.
    Type: Grant
    Filed: June 13, 2002
    Date of Patent: November 24, 2009
    Assignee: McAfee, Inc.
    Inventors: Ramesh M. Gupta, Parveen K. Jain, Keith E. Amidon, Fengmin Gong, Srikant Vissamsetti, Steve M. Haeffele, Ananth Raman
  • Patent number: 7613932
    Abstract: A method and system for controlling access to features on an electronic device, such as a printer, is disclosed. The electronic device is shipped with multiple software features, but one or more of the features may be disabled. According to aspects of the present invention, when a customer subsequently licenses or purchases one of the disabled features, the feature is enabled as follows. A key corresponding to the disabled feature is stored on a portable storage device. When the portable storage device is inserted into the electronic device, the key is customized based on device-specific information of the electronic device, thereby reducing a possibility that the key can be copied and used for enabling the feature on more than one device. The customized key is then used to enable the feature in the electronic device.
    Type: Grant
    Filed: April 24, 2003
    Date of Patent: November 3, 2009
    Assignee: International Business Machines Corporation
    Inventors: Kara L. Nance, J. Douglas Henley
  • Patent number: 7610477
    Abstract: Systems and/or methods that enable secure deployment and/or receipt of an operating system and updates for the operating system to a bare computer across a network susceptible to malicious communication are described. These systems and/or methods can, in one embodiment, securely deploy an image having an operating system and enable secure receipt of an update for the operating system, both via a network susceptible to malicious communication. They can also, in another embodiment, enable a bare computer added to a network to have an operating system deployed to it and updated via the network before the bare computer is subjected to malicious code communicated over the network.
    Type: Grant
    Filed: September 15, 2004
    Date of Patent: October 27, 2009
    Assignee: Microsoft Corporation
    Inventors: Martin L. Holladay, Mukesh Karki, Parthasarathy Narayanan
  • Patent number: 7599492
    Abstract: A system, method and computer program product for recovering a key used to produce a ciphertext document from a plaintext document, including, in the ciphertext document encrypted using an N-bit key, identifying location of an M-bit control value; converting the control value to an M-bit portion of a gamma that corresponds to (a) the ciphertext document and (b) the N-bit key; accessing a file that corresponds to the M-bit portion of the gamma, wherein the file includes approximately 2N-M keys that correspond to the M-bit portion of the gamma out of the 2N keys; testing the 2N-M keys using a cryptographic key validity function, until a valid key is found; and decrypting the ciphertext document using the valid key to produce the plaintext document. The keys in the file can be tested sequentially. The file can be requested from a server prior to accessing it, or can be local. The name of the file can include the M-bit portion of the gamma.
    Type: Grant
    Filed: April 17, 2006
    Date of Patent: October 6, 2009
    Assignee: Elcomsoft Co. Ltd.
    Inventors: Andrey E. Malyshev, Dmitry V. Sklyarov, Vladimir Y. Katalov, Ivan V. Golubev
  • Publication number: 20090248905
    Abstract: Configuration information settings for a storage device are made highly reliable and facilitated. The storage device includes a service processor for setting storage device configuration information, and a terminal device connected to the service processor via a private line to send a command group, received from an operator and related to the storage device configuration information, to the service processor. The service processor also includes a device for determining approval or denial of execution of the command group prior to execution of the command group received from the terminal device.
    Type: Application
    Filed: June 8, 2009
    Publication date: October 1, 2009
    Applicant: Hitachi, Ltd.
    Inventors: Toshimichi KISHIMOTO, Yoshinori Igarashi, Shuichi Yagi
  • Patent number: 7593526
    Abstract: A method and apparatus are disclosed for compressing Rabin signatures. The disclosed compression scheme compresses a Rabin signature, s, for a user having a public key, n, based on a continued fraction expansion of s/n. The continued fraction expansion of s/n can be performed by (i) computing principal convergents, ui/vi, for i equal to 1 to k, of a continued fraction expansion of s/n, where k is a largest integer for which principal convergents are defined; establishing an index l, such that vl<?{square root over (n)}?vl+1; and generating a compressed Rabin signature (vl, m) for a message, m.
    Type: Grant
    Filed: January 23, 2004
    Date of Patent: September 22, 2009
    Assignee: Alcatel-Lucent USA Inc.
    Inventor: Daniel Bleichenbacher
  • Patent number: 7594119
    Abstract: A system for detecting the time exceeding conditions of at least one application being executed by a processor, including: an element for storing time conditions, the conditions being sorted by increasing deadline order; a register for storing the condition closest to the current date; and a comparator of the deadline contained in the register with the current date of the system.
    Type: Grant
    Filed: September 23, 2003
    Date of Patent: September 22, 2009
    Assignee: STMicroelectronics S.A.
    Inventors: Sophie Gabriele, William Orlando