Having Separate Add-on Board Patents (Class 713/192)
  • Patent number: 12250314
    Abstract: Mechanisms are provided for computing resource access security in which a credential of a user agent is authenticated to determine if the user agent is associated with an entity for which an attribute based encryption (ABE) key is to be generated. If so, an ABE key is generated and provided which corresponds to a set of attributes of the entity. Token issuance logic receives a token request and the ABE key from a relying party computing device and executes a decryption operation on locking metadata associated with at least one attribute value based on the ABE key. The token issuance logic, in response to the decryption operation successfully decrypting the locking metadata, issues a generated token to the relying party computing device based on the at least one attribute value. The relying party computing device accesses the computing resources using the generated token.
    Type: Grant
    Filed: February 13, 2023
    Date of Patent: March 11, 2025
    Assignee: International Business Machines Corporation
    Inventors: Mark Duane Seaborn, Patrick Aaron Tamborski
  • Patent number: 12223074
    Abstract: A system and method are provided to facilitate securing windows discretionary access control. During operation, the system determines a Windows domain model including capability assignments of principals on resources, wherein a respective capability assignment comprises a permission of a respective principal to a respective resource and wherein a respective principal comprises a user or a group of users. The system specifies desired effective permissions of each principal to each resource. The system generates, based on the specified desired effective permissions, access control entries for the respective principal to the respective resource. The system generates, based on the specified desired effective permissions, group memberships indicating which users belong to which groups.
    Type: Grant
    Filed: August 31, 2022
    Date of Patent: February 11, 2025
    Assignee: Xerox Corporation
    Inventor: Marc E. Mosko
  • Patent number: 12217079
    Abstract: A system and method for applying cybersecurity policies across multiple computing environments is presented.
    Type: Grant
    Filed: December 29, 2023
    Date of Patent: February 4, 2025
    Assignee: Wiz, Inc.
    Inventors: Daniel Hershko Shemesh, Yarin Miran, Roy Reznik, Ami Luttwak, Yinon Costica, Raaz Herzberg, Yaniv Joseph Oliver, Osher Hazan, Niv Roit Ben David
  • Patent number: 12212656
    Abstract: Decrypting data at a first storage system that has been encrypted at a second, separate, storage system includes the first storage system requesting a key that decrypts the data from the second storage system, the second storage system determining if the first storage system is authorized for the key, the second storage system providing the key to the first storage system in response to the first storage system being authorized, a host that is coupled to the first storage system obtaining the key from the first storage system, and the host using the key to decrypt and access the data at the first storage system. The host and the first storage system may provide failover functionality for a system that includes the second storage system. The host may obtain the key from the first storage system in response to a failure of the system that includes the second storage system.
    Type: Grant
    Filed: April 22, 2021
    Date of Patent: January 28, 2025
    Assignee: EMC IP Holding Company LLC
    Inventors: Arieh Don, Tomer Shachar, Maxim Balin, Yevgeni Gehtman
  • Patent number: 12204664
    Abstract: A hidden information-based security system includes a security agent. The security agent includes: a hidden information module configured to search for custom.xml by analyzing the source code of electronic document data executed by an operating system-based word processor unit, and to identify authority information; a content execution module configured to control the content execution of the electronic document data by the word processor unit according to the control of a security module; and the security module configured to generate hidden information, in which a security agent-dedicated fmtID is designated, by hiding custom.xml, in which authority information for security of electronic document data is configured, at a specific location in source code of the corresponding electronic document data by using a steganographic technique, and to compare the authority information with reference information and restrict an allowable range of content.
    Type: Grant
    Filed: December 3, 2021
    Date of Patent: January 21, 2025
    Assignee: SOFTCAMP CO., LTD.
    Inventor: Hwan-Kuk Bae
  • Patent number: 12197427
    Abstract: Disclosed herein are a process, an apparatus, and an article of manufacture for storing encrypted documents using a plurality of participating nodes that submit transactions to and/or retrieve transactions from a blockchain network. Functionality disclosed herein includes, but is not limited to, generating a collaborative public key with each of the participating nodes having a share of a corresponding collaborative private key, submitting, based on the collaborative public key and one or more shares of corresponding collaborative public keys, a respective encrypted document to a document repository, submitting a commitment transaction and a subsequent transaction associated with the encrypted document, and, at a future time, retrieving, based on a share of the collaborative public key, a set of subsequent transactions to generate a collective private key and decrypt the encrypted document.
    Type: Grant
    Filed: January 18, 2024
    Date of Patent: January 14, 2025
    Assignee: NCHAIN LICENSING AG
    Inventors: Silvia Bartolucci, Pauline Bernat, Daniel Joseph
  • Patent number: 12197583
    Abstract: A key management system for providing encryption of a disk in a client device is provided. The system comprises a trusted platform module (TPM) having a first fragment of a key, a remote storage having a second fragment of the key, and a processing unit to partially boot instructions relating to booting of the client device, send a request for validation to the TPM, receive the first fragment of the key from the TPM on successful validation, request for the second fragment of the key with credentials to access the remote storage. The credentials and a network of the request are verified, the second fragment of the key is transmitted on successful validation. The first fragment and the second fragment of the key are combined to generate an encryption key for booting the client device. The first fragment of the key and the second fragment of the key are rotatable.
    Type: Grant
    Filed: July 18, 2022
    Date of Patent: January 14, 2025
    Assignee: Netskope, Inc.
    Inventor: Jason Lee Wolfe
  • Patent number: 12189829
    Abstract: A method which comprises storing a readable identifier, which identifies a semiconductor product, and a unique key, being unique for said semiconductor product or for a group of semiconductor products, in a memory of said semiconductor product, generating an initial security data structure, said initial security data structure depending on a root key and on said unique key, wherein both said root key and said unique key are assigned to said semiconductor product, and wherein said initial security data structure is assigned to said readable identifier, and supplying said initial security data structure to said semiconductor product for further processing.
    Type: Grant
    Filed: May 17, 2022
    Date of Patent: January 7, 2025
    Assignee: Avago Technologies International Sales Pte. Limited
    Inventors: Steve Rodgers, Rui Pedro de Moura Alves Pimenta
  • Patent number: 12184761
    Abstract: Validating proof of possession (POP) of a private key by a device. A computer system generates a provisioning package for a device catalog. The provisioning package including a POP challenge. After generating the provisioning package, the computer system receives a device activation request for a device. The device activation request includes a public key, a device identifier, and a signature. The computer system validates POP of a private key corresponding to the public key, including using the public key, the device identifier, and the POP challenge to cryptographically verify the signature. The computer system establishes a trust relationship with the device, including registering the public key and the device identifier into the device catalog.
    Type: Grant
    Filed: June 22, 2022
    Date of Patent: December 31, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Andres Felipe Borja Jaramillo, Jeremy Joseph Corley, Tolga Acar, Prashant Dewan
  • Patent number: 12182892
    Abstract: A method is provided. In some examples, the method includes reading a first customer identification value from a first memory on a device and reading a second customer identification value from a first field in a certificate. The method also includes determining whether the first customer identification value matches the second customer identification value. In addition, the method includes reading application data from a second field in the certificate in response to determining that the first customer identification value matches the second customer identification value. The method further includes writing the application data to a second memory on the device in response to determining that the first customer identification value matches the second customer identification value.
    Type: Grant
    Filed: October 27, 2021
    Date of Patent: December 31, 2024
    Assignee: TEXAS INSTRUMENTS INCORPORATED
    Inventor: Naveen Ambalametil Narayanan
  • Patent number: 12174965
    Abstract: Systems, methods, and software can be used to identify API use in a binary code. In some aspects, a method comprises: obtaining a base memory-write profile description for a binary code, wherein the description comprises: a base memory-write profile for each of a plurality of API calls in the binary code, wherein the base memory-write profile comprises a count of memory updates for each of a plurality of memory locations during an execution of a corresponding API call; receiving an execution request that invokes the binary code; generating an execution memory-write profile for the request, wherein the execution memory-write profile comprises a count of memory updates for each memory location during an execution of the request; determining, based on a comparison between the execution memory-write profile and the base memory-write profiles in the description, an API call corresponding to the request; and generating a notification indicating the determined API call.
    Type: Grant
    Filed: November 5, 2021
    Date of Patent: December 24, 2024
    Assignee: BlackBerry Limited
    Inventors: Glenn Daniel Wurster, Andrew Chin, Benjamin Gnahm
  • Patent number: 12160511
    Abstract: Hybrid encryption of imported key material is provided. A request to import key material is received from a user system. In response to the request, two public keys are sent to the user system. The two public keys include a classical cryptography (CC) public key and a quantum-safe cryptography (QSC) public key. At least one public key of the two public keys is retrieved from a hardware security module (HSM). Hybrid-encrypted key material is received from the user system. The hybrid-encrypted key material is key material that has been encrypted using the two public keys. The key material, at least partially encrypted by the at least one public key, is sent to the HSM.
    Type: Grant
    Filed: March 30, 2022
    Date of Patent: December 3, 2024
    Assignee: International Business Machines Corporation
    Inventors: Vaijayanthimala K. Anand, Jeffrey J. Feng, Priti Bavaria, Martin Schmatz, Nataraj Nagaratnam
  • Patent number: 12135795
    Abstract: Systems and methods are provided that may be implemented by services executing on one or more remote servers and on an endpoint information handling system to remotely erase (i.e., clear or remove) biometric fingerprint credential data that is previously stored on non-volatile memory of a discrete “match-on chip” fingerprint reader (MOFR) of the endpoint information handling system, as well as to erase separate non-biometric OS user identifier (ID) fingerprint enrollment information stored on separate system non-volatile memory of the endpoint information handling system.
    Type: Grant
    Filed: January 21, 2022
    Date of Patent: November 5, 2024
    Assignee: Dell Products L.P.
    Inventors: Charles D. Robison, Girish S. Dhoble, Daniel L. Hamlin
  • Patent number: 12124238
    Abstract: The present invention relates to a method and a system for providing processing data to a numerically controlled machine tool (100), comprising: providing processing data (S301) to a data processing device (300), wherein the processing data comprises numeric control data, in particular one or more NC programs, on the basis of which a processing of a workpiece on the numerically controlled machine tool (100) can be carried out; specifying encryption specifications (S302) on the data processing device (300), which indicate specifications for encrypting the processing data and/or the execution data; specifying authentication specifications (S303) on the data processing device (300), which indicate specifications for authentication of the numerical machine tool and/or of an operator of the machine tool; specifying execution specifications (S304) on the data processing device (300), which indicate specifications for the machining of the workpiece on the numerically controlled machine tool; generating execution dat
    Type: Grant
    Filed: August 27, 2019
    Date of Patent: October 22, 2024
    Assignee: DMG MORI Software Solutions GmbH
    Inventors: Michael Tarnofsky, Holger Rudzio
  • Patent number: 12105817
    Abstract: This disclosure describes techniques for allowing an organization to manage user identities. In some examples, the management of user identities may be serverless. In some examples, serverless identity management may be enabled through a distributed application on user devices of the organization. The application may generate and/or store information related to the user identities on the user devices. Serverless identity management may further include storing at least some of the information at a location that is easily accessible to the user devices, such as a cloud computing location, while maintaining security for private data. Serverless identity management may therefore provide an organization with greater operational flexibility.
    Type: Grant
    Filed: July 16, 2021
    Date of Patent: October 1, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Owen Friel, Richard Lee Barnes
  • Patent number: 12095902
    Abstract: There is provided an information processing terminal, an information processing device, an information processing method, a program, and an information processing system which enable key change to be performed more reliably. A user terminal includes: a secure element that has a protection area in which an area in which data to be protected is stored is protected by an encryption key; and a processing execution unit that executes a process of changing, in the secure element, a first key used at a time of shipment to a second key different from the first key. Setting information which is referred to when the first key is changed to the second key is stored at the time of shipment in the protection area.
    Type: Grant
    Filed: March 27, 2020
    Date of Patent: September 17, 2024
    Assignee: FELICA NETWORKS, INC.
    Inventors: Shota Taga, Junji Goto
  • Patent number: 12028321
    Abstract: Mesh agents for an overlay network may be provided such that each mesh agent may be hosted on network computers in the overlay network. In response to a network interface providing raw datagrams to a mesh agent in the overlay network further actions may be performed, including: determining a payload protocol based on the raw datagrams; determining payload datagrams included in the raw datagrams based on the payload protocol; determining a request from a client based on the payload datagrams and the payload protocol; or the like. In response to an infrastructure security computer determining validation information that validates the request further actions may be performed, including: modifying the payload datagrams based on the payload protocol and the validation information; modifying the raw datagrams to include the modified payload datagrams; forwarding the modified raw datagrams to a next mesh agent identified with the validation information; or the like.
    Type: Grant
    Filed: February 26, 2024
    Date of Patent: July 2, 2024
    Assignee: strongDM, Inc.
    Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey
  • Patent number: 12008412
    Abstract: Techniques described herein relate to a method for composition for complex solutions. The method may include receiving, by a system control processor manager, a composition request to compose a composed information handling system, the request comprising a solution manifest file; parsing, by the system control processor manager, the solution manifest file to identify a solution requirement set; performing, using the solution requirement set, an analysis of a telemetry data map and a topology and connectivity graph; making a determination, based on the analysis, that the composition request may be satisfied using resources represented in the topology and connectivity graph; and composing the composed information handling system based on the determination.
    Type: Grant
    Filed: July 28, 2021
    Date of Patent: June 11, 2024
    Assignee: DELL PRODUCTS
    Inventors: Sudhir Vittal Shetty, Justin A. Kenney, William Price Dawkins, Jon Robert Hass
  • Patent number: 11995180
    Abstract: The inputs and/or outputs of a generative artificial intelligence model are monitored to determine whether they contain or otherwise elicit undesired behavior by the model such as bypassing security measures, leaking sensitive information, or generating or consuming malicious content. This determination can be used to selectively trigger remediation processes to protect the model from malicious actions. Related apparatus, systems, techniques and articles are also described.
    Type: Grant
    Filed: January 31, 2024
    Date of Patent: May 28, 2024
    Assignee: HiddenLayer, Inc.
    Inventors: Kwesi Cappel, Tanner Burns, Kenneth Yeung
  • Patent number: 11984001
    Abstract: One embodiment provides a method, including: identifying, using a tamper detection switch of an information handling device, a tampering event; determining, using a processor, contextual data associated with the tampering event; constructing, based on the determining, a signal comprising the contextual data; and broadcasting, using a radio transmission beacon, the signal. Other aspects are described and claimed.
    Type: Grant
    Filed: December 21, 2021
    Date of Patent: May 14, 2024
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Kevin Wayne Beck, Russell Speight VanBlon, Thorsten Peter Stremlau
  • Patent number: 11973888
    Abstract: In order to improve the efficiency of transfer to outside devices while necessary buffer memory is suppressed, the present invention is an information processing apparatus for decoding a packet that is encrypted in accordance with Transport Layer Security (TLS) protocols and in which a padding portion has a variable length, the information processing apparatus including acquisition means for acquiring an encrypted packet on a unit data basis, decoding means for decoding the encrypted packet on the unit data basis, output means for outputting decoded data obtained through the decoding performed by the decoding means to an external device in accordance with an order in which the decoding is performed by the decoding means, and control means for restricting output to be performed by the output means in a case where a padding pattern is detected from the decoded data obtained through the decoding performed by the decoding means.
    Type: Grant
    Filed: August 16, 2022
    Date of Patent: April 30, 2024
    Assignee: Canon Kabushiki Kaisha
    Inventor: Akiyoshi Momoi
  • Patent number: 11960630
    Abstract: An example apparatus can include a memory device and a controller coupled to the memory device configured to receive a command including command information to access a register from a host device. The controller can grant access to the register in response to the controller determining the command is valid and/or deny access to the register in response to the controller determining the command is invalid. The controller can determine the command is valid by calculating an answer using a seed from the command in a formula and verifying the calculated answer matches an answer from the command. The command, once verified as valid, can allow the host device to access configuration registers and/or data registers.
    Type: Grant
    Filed: January 15, 2021
    Date of Patent: April 16, 2024
    Assignee: Micron Technology, Inc.
    Inventor: Kevin R. Duncan
  • Patent number: 11961263
    Abstract: A hardware camera may include a camera sensor configured to determine input image data. The hardware camera may also include an image signal processor configured to perform one or more image signal processing operations on the input image data. The hardware camera may also include a neural processing unit configured to determine encoded image data by encoding the input image data with an image data encoder portion of a camera autoencoder. The camera autoencoder may be trained based on training image data collected from the camera sensor and a fingerprint specific to the hardware camera. The hardware camera may also include a camera communication interface configured to transmit the encoded image data to a remote computing system, which may determine decoded image data by decoding the encoded image data via an image data decoder portion of the camera autoencoder.
    Type: Grant
    Filed: September 16, 2023
    Date of Patent: April 16, 2024
    Assignee: SiliconeSignal Technologies
    Inventor: Khalid Saghiri
  • Patent number: 11949771
    Abstract: An integrated circuit comprising a CPU coupled to a system bus, a network interface configured to interface with an external device, and a crypto neuromorphic core coupled to the system bus. The cryptographic core comprising a processor or core, an internal bus, and a non-transitory computer-readable memory, wherein the crypto neuromorphic core is isolated from the CPU and the network interface via the system bus and the crypto neuromorphic core runs its own operating system. The crypto neuromorphic core is configured to: contain a secure core comprising a secure processor and dedicated/protected memory; store a private key in the dedicated/protected memory accessible to the secure core but not accessible to other components of the crypto neuromorphic core, the central processing unit, and the network interface; add data to a blockchain using the private key via the network interface; and read data from the blockchain via the network interface.
    Type: Grant
    Filed: May 4, 2021
    Date of Patent: April 2, 2024
    Inventor: Alexander Yuan Shi
  • Patent number: 11932202
    Abstract: A vehicle control system includes: an entry/exit management device including a first processor including hardware, the first processor being configured to detect that a user of a vehicle enters or leaves a facility, and output a first signal indicating user's entering the facility and a second signal indicating user's leaving the facility, to a server; and the server comprising a second processor comprising hardware, the second processor being configured to output to the vehicle a third signal for deactivating a smart key function of the vehicle when acquiring the first signal and prohibit unlocking of a door of the vehicle performed by wireless communication, and output to the vehicle a fourth signal for setting the smart key function of the vehicle when acquiring the second signal and permit unlocking of the door of the vehicle performed by wireless communication.
    Type: Grant
    Filed: January 6, 2021
    Date of Patent: March 19, 2024
    Assignees: TOYOTA JIDOSHA KABUSHIKI KAISHA, CMC CORPORATION
    Inventors: Shin Sakurada, Yasuhisa Ohta, Naoyuki Takada, Satoru Sakuma, Yuki Tatsumoto, Tetsu Yajima
  • Patent number: 11930005
    Abstract: Methods for securing an electronic communication is provided. Methods may include, in a registration process, creating and/or selecting an anti-phish, personalized, security token for a predetermined avatar. Methods may include, in the registration process, storing the token in a database. Methods may include, in an in-use process, generating an electronic communication at a virtual kiosk in a metaverse. Methods may include, in the in-use process, forwarding an electronic communication from the virtual kiosk to the avatar. The avatar may be associated with the account. Methods may include, in the in-use process, intercepting the communication at an edge interface. Methods may include, in the in-use process, selecting, from the database, the anti-phish, personalized, security token that is associated with the account. Methods may include, in the in-use process, injecting the selected token into the communication.
    Type: Grant
    Filed: April 5, 2022
    Date of Patent: March 12, 2024
    Assignee: Bank of America Corporation
    Inventors: Michael Young, Vinesh Patel, Melissa Gordon Glenn
  • Patent number: 11914758
    Abstract: Representative embodiments are disclosed for providing network and system security. A representative apparatus includes an input-output connector coupleable to a data network; a network interface circuit having a communication port; a nonvolatile memory storing a configuration bit image; and a field programmable gate array (“FPGA”) coupled to the network interface circuit through the communication port, the FPGA configurable to appear solely as a communication device to the first network interface circuit, and to bidirectionally monitor all data packets transferred between the input-output connector and the first network interface circuit and any coupled host computing system. In another embodiment, the FPGA is further configurable for only a partial implementation of a communication protocol, such as a PCIe data link and/or physical layers. The FPGA may also monitor host memory and provide encryption and decryption functionality.
    Type: Grant
    Filed: November 9, 2020
    Date of Patent: February 27, 2024
    Inventors: Jeremy B. Chritz, Graham G. Schwinn
  • Patent number: 11916885
    Abstract: Mesh agents for an overlay network may be provided such that each mesh agent may be hosted on network computers in the overlay network. In response to a network interface providing raw datagrams to a mesh agent in the overlay network further actions may be performed, including: determining a payload protocol based on the raw datagrams; determining payload datagrams included in the raw datagrams based on the payload protocol; determining a request from a client based on the payload datagrams and the payload protocol; or the like. In response to an infrastructure security computer determining validation information that validates the request further actions may be performed, including: modifying the payload datagrams based on the payload protocol and the validation information; modifying the raw datagrams to include the modified payload datagrams; forwarding the modified raw datagrams to a next mesh agent identified with the validation information; or the like.
    Type: Grant
    Filed: January 9, 2023
    Date of Patent: February 27, 2024
    Assignee: strongDM, Inc.
    Inventors: Carlos Ulderico Cirello Filho, Philip D. Hassey
  • Patent number: 11893638
    Abstract: A content stake offering system is disclosed. The content stake offering system includes a content stake offering module, comprising computer-executable code stored in non volatile memory, a processor, and a plurality of computing devices. The content stake offering module, the processor, and the plurality of computing devices are configured to receive a request to sell a stake of content, determine a value of the content, generate a stake offering based on the value of the content, and update the value of the content. Determining the value of the content includes transferring data of a piece of content between the plurality of computing devices, recording a content data, which corresponds to the transferred data of the piece of content, in a database chunk, hashing the database chunk into a hashed database chunk, and appending the hashed database chunk to a block on a blockchain.
    Type: Grant
    Filed: December 21, 2022
    Date of Patent: February 6, 2024
    Assignee: Verasity Limited S.R.L.
    Inventor: Robert James Mark Hain
  • Patent number: 11876911
    Abstract: A blockchain based alias directory may be utilized. Encrypted lists of aliases may be stored on the blockchain and may be accessible to network computers and secure gateways. Embodiments are directed to secure gateways and user devices for accessing the alias directory stored in the blockchain during a financial transaction. The user device may be provided with a list of aliases from which a user may select a payment account. Upon selection the user may be redirected to an identity verification system of the associated payment network.
    Type: Grant
    Filed: July 14, 2021
    Date of Patent: January 16, 2024
    Assignee: Visa International Service Association
    Inventor: Thomas Purves
  • Patent number: 11877213
    Abstract: Techniques for obfuscating and deploying digital assets (e.g., mobile applications) are provided to mitigate the risk of unauthorized disclosure. An asset can be received that is to be deployed to a plurality of mobile devices, each of the mobile devices associated with a corresponding account having account attributes. A deployment group of one or more mobile devices for deploying the asset can be identified based on a set of one or more obfuscation parameters, comprising account attributes shared among the one or more mobile devices within the deployment group. A customized obfuscation scheme to be applied to the asset can be determined based at least in part on the set of obfuscation parameters. The customized obfuscation scheme can be applied to the asset to generate an obfuscated asset. The obfuscated asset can be transmitted and/or updated over a network to the one or more mobile devices within the deployment group.
    Type: Grant
    Filed: December 17, 2021
    Date of Patent: January 16, 2024
    Assignee: Visa International Service Association
    Inventors: James Gordon, Roopesh Joshi, David Horton, Johan Van Tilburg
  • Patent number: 11875200
    Abstract: A message limit value to be used in enqueuing one or more messages on a queue of a device of the computing environment is obtained. The message limit value indicates whether an extended maximum message length is supported by the device. The extended maximum message length is different from a default maximum message length supported by the device. Based on determining that the extended maximum message length is supported and that the obtained message limit value has a defined relationship with a select value, at least one message of an extended length is enqueued on the queue of the device.
    Type: Grant
    Filed: September 23, 2021
    Date of Patent: January 16, 2024
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Louis P. Gomes, Damian Osisek, Harald Freudenberger, Richard John Moore, Volker Urban, Michael D. Hocker, Eric David Rossman, Richard Victor Kisley
  • Patent number: 11861042
    Abstract: An individual data unit for enhancing the security of a user data record is provided that includes a processor and a memory configured to store data. The individual data unit is associated with a network and the memory is in communication with the processor. The memory has instructions stored thereon which, when read and executed by the processor cause the individual data unit to perform basic operations only. The basic operations include communicating securely with computing devices, computer systems, and a central user data server. Moreover, the basic operations include receiving a user data record, storing the user data record, retrieving the user data record, and transmitting the user data record. The individual data unit can be located in a geographic location associated with the user which can be different than the geographic locations of the computer systems and the central user data server.
    Type: Grant
    Filed: December 10, 2022
    Date of Patent: January 2, 2024
    Inventor: Richard Jay Langley
  • Patent number: 11824934
    Abstract: A highly versatile process control or factory automation field device is configured with an interface and communication connection structure and security features that enable the field device to operate as a data server that communicates with and supports multiple different applications or clients, either directly or indirectly, while simultaneously performing standard process and factory automation control functions in a highly secure manner. The security features include a root of trust component, a secure boot component, secure memory components, secure communication components, security audit components, secure provisioning components and endpoint identity components, making the field device communications and operations secure and trustworthy.
    Type: Grant
    Filed: September 10, 2020
    Date of Patent: November 21, 2023
    Assignee: FISHER-ROSEMOUNT SYSTEMS, INC.
    Inventors: Mark J. Nixon, Gary K. Law
  • Patent number: 11816252
    Abstract: Embodiments of systems and methods for managing control of a security processor in a supply chain are described. In some embodiments, a security processor may include: a core; and a memory coupled to the core, the memory having program instructions stored thereon that, upon execution by the core, cause the security processor to: store a first public key usable to initiate a first secure boot process and unusable to initiate a second secure boot process; store a second public key usable to initiate the second secure boot process and unusable to initiate the first secure boot process; and in response to a first change of control or ownership of the security processor, render the first public key unusable to initiate the first secure boot process.
    Type: Grant
    Filed: July 12, 2021
    Date of Patent: November 14, 2023
    Assignee: Dell Products L.P.
    Inventors: Mukund P. Khatri, Eugene David Cho
  • Patent number: 11784820
    Abstract: Example embodiments of systems and methods for data transmission in a contactless card are provided. The contactless card may include a processor, and a memory. The memory may contain a first applet, a second applet, and a plurality of keys. The first applet and the second applet may be stored within a shared security domain. The second applet may be configured to communicate with the first applet to perform one or more cryptographic services. The second applet may be configured to transmit one or more requests to the first applet to encode one or more payload strings based on the plurality of keys to perform the one or more cryptographic services. The first applet may be configured to perform the one or more cryptographic services on behalf of the second applet based on the one or more requests.
    Type: Grant
    Filed: August 28, 2020
    Date of Patent: October 10, 2023
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Jeffrey Rule, Srinivasa Chigurupati, Kevin Osborn
  • Patent number: 11785038
    Abstract: A computer implemented system and method provide for a transfer learning platform system. The method provides an introduced enterprise security policy (IESP) to a first enterprise system. During a threat, the IESP is toggled on and off. A first change element is determined that represents a change in a logging system of the first enterprise between a first and second log element of the first enterprise captured when the IESP was toggled on and off, respectively. The IESP is provided to a second enterprise system. A second change element is determined that represents a change in a logging system of the second enterprise between a first log element of the second enterprise. The method further determines that the first and second change element are different, and, conditioned upon the determining that the second change element is different than the first change element, removes the IESP from the second enterprise system.
    Type: Grant
    Filed: March 30, 2021
    Date of Patent: October 10, 2023
    Assignee: International Business Machines Corporation
    Inventors: Puneet Sharma, Rajesh Phillips, Vijay Ekambaram
  • Patent number: 11757648
    Abstract: Methods and systems for managing the operation of data processing systems are disclosed. A data processing system may include a computing device that may enter various operating states by performing various types of startups. Performance of some startups may be restricted by use of passwords or other security information. The data processing systems may host management controllers that may bypass the restrictions on the startups. Prior to doing so, the management controllers may verify that the requests to perform the startups are from trusted entities, or should be performed for other reasons.
    Type: Grant
    Filed: February 9, 2022
    Date of Patent: September 12, 2023
    Assignee: Dell Products L.P.
    Inventors: Christopher Channing Griffin, Adolfo Sandor Montero, Chris Edward Pepper, Purushothama Rao Malluru, Ibrahim Sayyed
  • Patent number: 11741230
    Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information.
    Type: Grant
    Filed: October 22, 2021
    Date of Patent: August 29, 2023
    Assignee: INTEL CORPORATION
    Inventors: Pradeep M. Pappachan, Reshma Lal, Bin Xing, Siddhartha Chhabra, Vincent R. Scarlata, Steven B. McGowan
  • Patent number: 11683158
    Abstract: Methods and systems are described for enhanced-security database encryption via cryptographic software, where key management is carried out, without exporting or exposing cleartext keys, using an independent key manager coupled to a cryptographic hardware security module (HSM).
    Type: Grant
    Filed: August 9, 2021
    Date of Patent: June 20, 2023
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Phillip H. Griffin, Jeffrey J. Stapleton
  • Patent number: 11681637
    Abstract: A memory controller for controlling a non-volatile memory device includes a key management unit configured to control an access right to a secure key based on a biometric authentication message and a unique value, which are received from an external device; and a data processing unit configured to encrypt data received from a host and decrypt data stored in the non-volatile memory device based on the secure key.
    Type: Grant
    Filed: September 29, 2020
    Date of Patent: June 20, 2023
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Mingon Shin, Seungjae Lee, Jisoo Kim
  • Patent number: 11652831
    Abstract: Examples disclosed herein relate to processing health information of a computing device according to a deep learning model to determine whether an anomaly has occurred. Multiple computing devices can be part of a system. One of the computing devices includes a host processing element, a management controller separate from the host processing element, and a deep learning model that includes parameters that are trained to identify anomalistic behavior for the computing device. The management controller can receive health information from multiple components of the computing device and process the health information according to the deep learning model to determine whether an anomaly occurred.
    Type: Grant
    Filed: April 14, 2020
    Date of Patent: May 16, 2023
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Joseph Wright, Chris Davenport
  • Patent number: 11651061
    Abstract: A memory controller and a storage device including the same are disclosed. A memory controller for controlling a nonvolatile memory includes: a security access control module configured to convert biometric authentication data received from a biometric module into security configuration data having a data format according to a security standard protocol and perform, based on the security configuration data, at least one of authority registration and authority authentication of a user authority set for an access control of a secure area of the nonvolatile memory, encrypted user data being stored in the secure area; and a data processing unit configured to, based on an access to the secure area being permitted, encrypt user data received from a host device or decrypt the encrypted user data read from the secure area.
    Type: Grant
    Filed: September 29, 2020
    Date of Patent: May 16, 2023
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Seungjae Lee, Mingon Shin, Jisoo Kim, Hwasoo Lee, Myeongjong Ju
  • Patent number: 11651707
    Abstract: The invention introduces an apparatus for encrypting and decrypting user data, including a memory, a bypass-flag writing circuit and a flash interface controller. The bypass-flag writing circuit writes a bypass flag in a remaining bit of space of the memory that is originally allocated for storing an End-to-End Data Path Protection (E2E DPP), where the bypass flag indicates whether user data has been encrypted. The flash interface controller reads the user data, the E2E DPP and the bypass flag from the memory and programs the user data, the E2E DPP and the bypass flag into the flash device.
    Type: Grant
    Filed: December 5, 2019
    Date of Patent: May 16, 2023
    Assignee: SILICON MOTION, INC.
    Inventor: An-Pang Li
  • Patent number: 11641281
    Abstract: In some examples, a management controller includes a communication interface to communicate with a computing device, where the management controller is separate from a processor of the computing device. The management controller includes a management processor to receive, from the computing device, a first hash value that is based on a first hash function applied on an input value and a salt, generate a second hash value based on applying a second hash function on the first hash value and a pepper, and send the second hash value to the computing device.
    Type: Grant
    Filed: April 29, 2020
    Date of Patent: May 2, 2023
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Joseph Wright, Chris Davenport, Andrew Cartes
  • Patent number: 11630903
    Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.
    Type: Grant
    Filed: October 27, 2020
    Date of Patent: April 18, 2023
    Assignee: Apple Inc.
    Inventors: Timothy R. Paaske, Mitchell D. Adler, Conrad Sauerwald, Fabrice L. Gautier, Shu-Yi Yu
  • Patent number: 11627149
    Abstract: Various embodiments of the present invention set forth techniques for security monitoring of a network connection, including analyzing network traffic data for a network connection associated with a computing device, identifying one or more network traffic metrics for the network connection based on the network traffic data, determining that the network connection corresponds to at least one network connection profile based on the one or more network traffic metrics, detecting a potential security threat for the network connection based on the one or more network traffic metrics and the at least one network connection profile, and initiating a mitigation action with respect to the network connection in response to detecting the potential security threat. Advantageously, the techniques allow detecting potential security threats based on network traffic metrics and categorizations, without requiring monitoring of the content or the total volume of all traffic exchanged via the connection.
    Type: Grant
    Filed: June 1, 2020
    Date of Patent: April 11, 2023
    Assignee: SPLUNK INC.
    Inventor: John Clifton Pierce
  • Patent number: 11620374
    Abstract: In some embodiments, securing device commands includes a first electronic device receiving a command authorization request message from a second electronic device, including a device command to be performed by the second electronic device, a command argument, and a first message authentication code (MAC) generated by applying a hash function to the device command, the command argument and a first counter value. The first electronic device generates a second MAC by applying the hash function to the device command, the command argument and a second counter value synchronized with the first counter value. The first electronic device compares the first MAC and the second MAC to authenticate the device command and transmit a command approval message or a command denial message. The command approval message causes the second electronic device to perform the device command and the command denial message causes the second electronic device to reject the device command.
    Type: Grant
    Filed: February 8, 2021
    Date of Patent: April 4, 2023
    Assignee: Capital One Services, LLC
    Inventors: David Kelly Wurmfeld, Kevin Osborn
  • Patent number: 11615716
    Abstract: One embodiment provides an apparatus. The apparatus includes a lightweight cryptographic engine (LCE), the LCE is optimized and has an associated throughput greater than or equal to a target throughput.
    Type: Grant
    Filed: July 9, 2020
    Date of Patent: March 28, 2023
    Assignee: Intel Corporation
    Inventors: Santosh Ghosh, Li Zhao, Manoj R. Sastry
  • Patent number: 11601271
    Abstract: Examples of cloud-based removable drive encryption policy enforcement and recovery key management are described. In some examples, a removable drive encryption policy is received from a cloud-based management service. A removable drive is recognized by an operating system of a client device. An encryption command causes the operating system to request user password creation and encrypt the removable drive. A recovery key is identified from a write-output of the operating system. The recovery key is transmitted to the cloud-based management service for storage in a cloud-based removable drive recovery key escrow.
    Type: Grant
    Filed: December 2, 2020
    Date of Patent: March 7, 2023
    Assignee: VMWARE, INC.
    Inventor: Adarsh Kesari