Having Separate Add-on Board Patents (Class 713/192)
  • Patent number: 10735409
    Abstract: A communication adapter for authentication of a user includes a receiving unit for receiving encrypted credentials, a decryption unit for decrypting the encrypted credentials and an output unit for outputting the decrypted credentials to a terminal device.
    Type: Grant
    Filed: March 23, 2017
    Date of Patent: August 4, 2020
    Assignee: Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.
    Inventors: Erik Krempel, Mario Kaufmann
  • Patent number: 10715509
    Abstract: Systems and methods for encryption key shredding to protect non-persistent data are described. In one embodiment, the storage system device may include a storage drive and a controller. In some embodiments, the controller may be configured to power on the storage drive, identify an encryption key on the storage drive created upon powering on the storage drive, and encrypt data in a cache of the storage drive using the encryption key. In some embodiments, the controller may be configured to power off the storage drive and delete the encryption key upon powering off the storage drive. In some cases, the storage drive may include at least one of a solid state drive and a hard disk drive. In some embodiments, the storage drive may include a hybrid storage drive that includes both a solid state drive and a hard disk drive.
    Type: Grant
    Filed: October 30, 2018
    Date of Patent: July 14, 2020
    Assignee: SEAGATE TECHNOLOGY LLC
    Inventors: Stacey Secatch, Kristofer C. Conklin, Dana L. Simonson, Robert W. Moss
  • Patent number: 10701061
    Abstract: The invention introduces a method for blocking unauthorized applications, at least containing: receiving an input parameter from an application; determining whether the application is authenticated by inspecting content of the input parameter; randomly generating a session key, storing the session key in a file and storing the file in a path that can be accessed by a motherboard support service and the application only when the application is authenticated; and replying with the path and a filename of the file to the application.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: June 30, 2020
    Assignee: VIA TECHNOLOGIES, INC.
    Inventors: Guanghui Wu, Jinglin Liu
  • Patent number: 10685145
    Abstract: The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: June 16, 2020
    Assignee: SOCIONEXT INC.
    Inventors: Seiji Goto, Jun Kamada, Taiji Tamiya
  • Patent number: 10666661
    Abstract: The present invention relates to an authorization processing method and a device. An authorization server receives an authorization update request including a first identifier of an access device; sends, to the access device, an authorization update response including signature request information, where the signature request information instructs the access device to sign verification information; receives a signature verification request sent by the access device, where the signature verification request includes the first identifier, the verification information, and a signature of the verification information; determines that the signature of the verification information in the signature verification request is valid; and updates the authorization relationship according to the first identifier.
    Type: Grant
    Filed: February 9, 2018
    Date of Patent: May 26, 2020
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Yaoye Zhang
  • Patent number: 10552621
    Abstract: An Internet-of-Things (IoT) device platform to communicate in a trusted portion of an IoT network is disclosed. The trusted IoT platform can include a secure IoT system-on-chip (SoC) and can be integrated into various devices such that each of the devices may implement “roots of trust” to establish a trusted portion, or a trusted backbone, of the IoT network.
    Type: Grant
    Filed: September 24, 2018
    Date of Patent: February 4, 2020
    Assignee: INTEL CORPORATION
    Inventors: Ned M. Smith, Victoria C. Moore, Reshma Lal
  • Patent number: 10482034
    Abstract: Instantiating an attestation facilitation component that allows a remote application to attest to a secure state of a secure memory application executing upon a secure platform of a computer system regardless of a type of either the secure platform or a health attestation service. Instantiation comprises identifying a property that includes at least one of the secure platform type and the health attestation service type. The instantiation is customized with the identified property. The attestation facilitation component verifies that a report generated by the secure platform represents that the secure memory application is operating in a secure state, and accesses a token generated by the health attestation service that represents that the secure platform is operating in a secure state. The attestation facilitation component generates a quote that allows the remote application to verify that the secure platform and the secure memory application are both operating in secure states.
    Type: Grant
    Filed: November 29, 2016
    Date of Patent: November 19, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Lei Kou, Pushkar Vijay Chitnis, Simon Leet
  • Patent number: 10481900
    Abstract: The present disclosure relates to a method for updating a firmware component of a measurement and control technology device. The method includes: a segment-by-segment reception of a first firmware image; an authentication of the first firmware image based upon a first encryption method; a creation of a second authentication datum for the first firmware image via an algorithm that differs from the first encryption method; a re-transmission of the data used for updating the firmware component as a second firmware image; an authentication of the second-firmware image based upon the second authentication datum; and in the case of a successful authentication of the second firmware image, enabling and execution of the firmware program code.
    Type: Grant
    Filed: April 10, 2017
    Date of Patent: November 19, 2019
    Assignee: Endress+Hauser Conducta GmbH+Co. KG
    Inventor: Björn Haase
  • Patent number: 10417428
    Abstract: Methods and systems for operating a remote desktop client from a computing system hosting a secure boot device. In some embodiments, a method comprises initiating execution of an operating system from the computing system hosting the secure boot device, the computing system communicatively connected within a secure enterprise network, the computing system being untrusted within the secure enterprise network and based on verification of received authentication credentials, booting an operating system from the secure boot device and establishing a secure communication tunnel with a service appliance.
    Type: Grant
    Filed: January 18, 2016
    Date of Patent: September 17, 2019
    Assignee: Unisys Corporation
    Inventors: Steven L. Rajcan, Matthew Mohr, Jim Trocki, Mark K. Vallevand
  • Patent number: 10326596
    Abstract: Various embodiments are generally directed to techniques for secure message authentication and digital signatures, such as with a cipher-based hash function, for instance. Some embodiments are particularly directed to a secure authentication system that implements various aspects of the cipher-based hash function in dedicated hardware or circuitry. In various embodiments, the secure authentication system may implement one or more elements of the Whirlpool hash function in dedicated hardware. For instance, the compute-intensive substitute byte and mix rows blocks of the block cipher in the Whirlpool hash function may be implemented in dedicated hardware or circuitry using a combination of Galois Field arithmetic and fused scale/reduce circuits. In some embodiments, the microarchitecture of the secure authentication system may be implemented with delayed add key to limit the memory requirement to three sequential registers.
    Type: Grant
    Filed: October 1, 2016
    Date of Patent: June 18, 2019
    Assignee: INTEL CORPORATION
    Inventors: Vikram Suresh, Sudhir Satpathy, Sanu Mathew
  • Patent number: 10042649
    Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
    Type: Grant
    Filed: January 10, 2017
    Date of Patent: August 7, 2018
    Assignee: Intel Corporation
    Inventors: James A. Sutton, II, David W. Grawrock
  • Patent number: 10027637
    Abstract: A method for operating a cloud gateway is provided. The method includes generating a plurality of rules relating users and groups to data access at a plurality of cloud service providers. The method includes encrypting, at one of a plurality of connectors, outgoing data that is moving through a cloud gateway en route from a proxy server to one of the plurality of cloud service providers, responsive to a data write request associated with a first user, the encrypting in accordance to one of the plurality of rules as related to the first user. The method includes decrypting, at one of the plurality of connectors, incoming data that is moving through the cloud gateway en route from one of the plurality of cloud service providers to the server, responsive to a data read request associated with a second user, the decrypting in accordance to one of the plurality of rules as related to the second user.
    Type: Grant
    Filed: March 12, 2015
    Date of Patent: July 17, 2018
    Assignee: Vormetric, Inc.
    Inventor: Saravanan Coimbatore
  • Patent number: 10007808
    Abstract: A computer system, includes a crypto mechanism that decrypts and integrity-checks Secure Object information as the Secure Object information moves into the computer system from an external storage and encrypts and updates an integrity value for Secure Object information as the Secure Object information moves out of the computer system to the external storage.
    Type: Grant
    Filed: November 6, 2017
    Date of Patent: June 26, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Richard Harold Boivie, Dimitrios Pendarakis
  • Patent number: 9990208
    Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
    Type: Grant
    Filed: January 10, 2017
    Date of Patent: June 5, 2018
    Assignee: Intel Corporation
    Inventors: James A. Sutton, II, David W. Grawrock
  • Patent number: 9967263
    Abstract: A file security management apparatus and method which protect various types of systems for executing files, entering from the outside, from malicious code, and which prevent data from being divulged from the systems and also prevent the systems from operating erroneously, thereby ultimately protecting the systems. The file security management apparatus includes a conversion module configured to convert an incoming file, received by a system, into a monitoring target file; a search module configured to identify a selection for the execution of the monitoring target file, and to output incoming files, configured in the monitoring target file, into a search window; and a security module configured to decrypt the monitoring target file to the incoming file, and to perform processing so that the incoming file is executed via a corresponding application program in an isolated drive set as an isolated environment.
    Type: Grant
    Filed: May 22, 2014
    Date of Patent: May 8, 2018
    Assignee: SOFTCAMP CO., LTD.
    Inventor: Steve Bae
  • Patent number: 9928080
    Abstract: Trusted firmware on a host server is used for managing access to a hardware security module (HSM) connected to the host server. The HSM stores confidential information associated with an operating system. As part of access management, the firmware detects a boot device identifier associated with a boot device configured to boot the operating system on the host server. The firmware then receives a second boot device identifier from the HSM. The boot device identifier and the second boot device identifier are then compared by the firmware. Based on the comparison, the firmware determines that the boot device identifier matches with the second boot device identifier. Based on this determination, the firmware grants the operating system access to the HSM.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: March 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: Volker M. M. Boenisch, Reinhard Buendgen, Franziska Geisert, Jakob C. Lang, Mareike Lattermann, Angel Nunez Mencias
  • Patent number: 9888118
    Abstract: Systems and methods of contact center data integration with customer relationship management (CRM) applications on client computing devices in contact center environments are provided. A workspace routing connector application, responsive to an actuation command, can integrate the contact center enterprise with the different enterprise. A configuration component of the workspace routing connector application can select a contact center parameter from a contact center enterprise server. The workspace routing connector application can display, in a graphical user interface, an available CRM application and a CRM script based on the contact center parameter, and can receive an indication of selection of the CRM application. Responsive to selection of the CRM application, the CRM script can provide, from the contact center enterprise server via the computer network, for display by a client computing device in a contact center environment, contact center data related to the contact center parameter.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: February 6, 2018
    Assignee: SOFTPHONE SRL
    Inventors: Alan Lugiai, Francesco Falanga
  • Patent number: 9881183
    Abstract: Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, and a computer-readable medium communicatively coupled to the processor.
    Type: Grant
    Filed: July 16, 2015
    Date of Patent: January 30, 2018
    Assignee: Dell Products L.P.
    Inventors: Amy Christine Nelson, Kenneth W. Stufflebeam, Jr.
  • Patent number: 9858429
    Abstract: A method of data transfer in an electronic device including a secure module, which includes a processor and a secure element, an application processor, and a sensor, may include: switching an operation mode of the processor to a bypass mode; performing a cross-authentication, by the application processor and the secure element; generating a session key, by the application processor and the secure element, when the cross-authentication is succeeded; switching the operation mode of the processor to a normal mode; encrypting, by the secure module, sensing data provided by the sensor using the session key; transferring the encrypted sensing data from the processor to the application processor; and/or acquiring, by the application processor, the sensing data by decrypting the encrypted sensing data using the session key.
    Type: Grant
    Filed: December 1, 2015
    Date of Patent: January 2, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Seung-Ho Lee, Ki-Hyoun Kwon, Sung-Hoon Son, Jun-Ho Lee, Jerome Han
  • Patent number: 9836308
    Abstract: Trusted firmware on a host server is used for managing access to a hardware security module (HSM) connected to the host server. The HSM stores confidential information associated with an operating system. As part of access management, the firmware detects a boot device identifier associated with a boot device configured to boot the operating system on the host server. The firmware then receives a second boot device identifier from the HSM. The boot device identifier and the second boot device identifier are then compared by the firmware. Based on the comparison, the firmware determines that the boot device identifier matches with the second boot device identifier. Based on this determination, the firmware grants the operating system access to the HSM.
    Type: Grant
    Filed: December 18, 2014
    Date of Patent: December 5, 2017
    Assignee: International Business Machines Corporation
    Inventors: Volker M. M. Boenisch, Reinhard Buendgen, Franziska Geisert, Jakob C. Lang, Mareike Lattermann, Angel Nunez Mencias
  • Patent number: 9747426
    Abstract: Embodiments include a method, a computing device, and a computer program product. An embodiment provides a method implemented in a computing environment. The method includes receiving a designation of an individualized digital identifier. The method also includes associating a human-perceptible form of the designated individualized digital identifier with each element of a group of human-perceivable elements displayed by the computing environment.
    Type: Grant
    Filed: October 4, 2013
    Date of Patent: August 29, 2017
    Assignee: Invention Science Fund I, LLC
    Inventors: Alexander J. Cohen, Edward K. Y. Jung, Royce A. Levien, Robert W. Lord, Mark A. Malamud, William Henry Mangione-Smith, John D. Rinaldo, Jr., Lowell L. Wood, Jr.
  • Patent number: 9652635
    Abstract: The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.
    Type: Grant
    Filed: November 27, 2013
    Date of Patent: May 16, 2017
    Assignee: SOCIONEXT INC.
    Inventors: Seiji Goto, Jun Kamada, Taiji Tamiya
  • Patent number: 9602274
    Abstract: A secure password generation method and system is provided. The method includes enabling by a processor of a computing system, password translation software. The computer processor generates and stores the random translation key. A first password is received and a second associated password is generated. The computer processor associates the second password with a secure application. The computer processor stores the random translation key within an external memory device and disables a connection between the computing system and the external memory device.
    Type: Grant
    Filed: September 11, 2015
    Date of Patent: March 21, 2017
    Assignee: International Business Machines Corporation
    Inventor: Arnaud Lund
  • Patent number: 9594638
    Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.
    Type: Grant
    Filed: April 15, 2013
    Date of Patent: March 14, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Nachiketh Rao Potlapally, Rachit Chawla, Jeremy Ryan Volkman, Michael David Marr
  • Patent number: 9569061
    Abstract: An automated process collects and organizes field data from an inspection of a building or other structure such as pipe supports, bridges, buildings, over head supports, and smoke stacks.
    Type: Grant
    Filed: December 26, 2013
    Date of Patent: February 14, 2017
    Assignee: GLOBEX CORPORATION
    Inventor: Steve Stanic
  • Patent number: 9565016
    Abstract: A protection mechanism for the execution of an encryption algorithm is disclosed. In the mechanism the encryption algorithm has its execution preceded by an update of a counter stored in a reprogrammable non-volatile memory. Storing the value of the counter into the memory corresponds with the execution of the algorithm.
    Type: Grant
    Filed: October 22, 2014
    Date of Patent: February 7, 2017
    Assignee: Proton World International N.V.
    Inventors: Alexandre Wostyn, Jean-Louis Modave
  • Patent number: 9547506
    Abstract: In one embodiment, a computer system provides a process for executing software that cannot be executed in a first configuration. The computer system determines source media for the software stored in a first data store, the source media being in the first configuration. The computer system retrieves metadata relating to executing the software from the source media. The computer system next transforms the retrieved metadata to generate a second configuration of the source media according to a transformation rule set, where the software can be executed in the second configuration, and stores the transformed metadata in a second data store. Next, the computer system presents the second configuration of the source media based on the transformed metadata. Thereafter, the computer system satisfies a request relating to executing the software using the transformed metadata in the second data store, wherein the request is satisfied based on the second configuration.
    Type: Grant
    Filed: October 31, 2013
    Date of Patent: January 17, 2017
    Assignee: VMware, Inc.
    Inventor: Darius Davis
  • Patent number: 9479527
    Abstract: Systems and methods for managing jobs to be scanned based on existence of processing nodes are described. One of the methods includes obtaining identification information regarding operation of a first set of the processing nodes from an inventory and creating a job for scanning the processing nodes of the first set for security vulnerability. The job includes the identification information. The method further includes verifying the inventory to determine the first identifying information of the first set of processing nodes for removal from the job and loading the job having second identifying information for a second set of processing nodes that remain after the verifying operation.
    Type: Grant
    Filed: October 15, 2015
    Date of Patent: October 25, 2016
    Assignee: Zynga Inc.
    Inventors: Kevin McGinley, Rich Tener
  • Patent number: 9473298
    Abstract: Computational complexity, specifically, cryptographic operations, is removed from the IKE(Internet Key Exchange) process in a VPN gateway appliance, thereby enabling scaling of the number of datapaths that can be managed by a single IKE process. A two-tier cache configuration enables necessary cryptographic operations on packets in the gateway but does so without placing additional computational burdens on the IKE process. One cache containing security association data is local to the IPSec component of the datapath instance. The second cache is higher level and is populated by IKE with security association data upon completion of IKE Phase 2 negotiations. The local cache is searched first for security policy data and if found is used to encrypt/decrypt the data packet. If not found locally, the IKE centralized cache is searched and if found, the local cache is updated with the security association data.
    Type: Grant
    Filed: January 8, 2015
    Date of Patent: October 18, 2016
    Assignee: Blue Cedar Networks, Inc.
    Inventor: Kenneth J. Wante
  • Patent number: 9419794
    Abstract: An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.
    Type: Grant
    Filed: September 23, 2014
    Date of Patent: August 16, 2016
    Assignee: Apple Inc.
    Inventors: R. Stephen Polzin, Fabrice L. Gautier, Mitchell D. Adler, Conrad Sauerwald, Michael L. H. Brouwer
  • Patent number: 9405913
    Abstract: A method to defend effectively against cold-boot attacks includes checking state data stored in a state memory to which the system software has access. At least two of the state data items are checked (111; 112) to determine deviations from parameters that are defined for a normal state of the computer. If deviations from the parameters are determined for at least two of the checked state data items, at least subareas of the main memory are cleared or overwritten (120); otherwise, the main memory is not cleared or overwritten (130); then, the system startup of the computer is carried out by means of the configured system software (140).
    Type: Grant
    Filed: November 10, 2014
    Date of Patent: August 2, 2016
    Assignee: Wincor Nixdorf International GmbH
    Inventor: Volker Krummel
  • Patent number: 9384367
    Abstract: In accordance with some embodiments, a single trusted platform module per platform may be used to handle conventional trusted platform tasks as well as those that would arise prior to the existence of a primary trusted platform module in conventional systems. Thus one single trusted platform module may handle measurements of all aspects of the platform including the baseboard management controller. In some embodiments, a management engine image is validated using a read only memory embedded in a chipset such as a platform controller hub, as the root of trust. Before the baseboard management controller (BMC) is allowed to boot, it must validate the integrity of its flash memory. But the BMC image may be stored in a memory coupled to a platform controller hub (PCH) in a way that it can be validated by the PCH.
    Type: Grant
    Filed: September 4, 2012
    Date of Patent: July 5, 2016
    Assignee: Intel Corporation
    Inventors: Robert C. Swanson, Palsamy Sakthikumar, Mallik Bulusu, Robert Bruce Bahnsen
  • Patent number: 9318156
    Abstract: In one implementation, flash memory chips are provided with an operating power supply voltage to substantially match a power supply voltage expected at an edge connector of a dual inline memory module. The one or more of the flash memory chips and a memory support application integrated circuit (ASIC) may be mounted together into a multi-chip package for integrated circuits. The one or more flash memory chips and the memory support ASIC may be electrically coupled together by routing one or more conductors between each in the multi-chip package. The multi-chip package may be mounted onto a printed circuit board (PCB) of a flash memory DIMM to reduce the number of packages mounted thereto and reduce the height of the flash memory DIMM. The number of printed circuit board layers may also be reduced, such as by integrating address functions into the memory support ASIC.
    Type: Grant
    Filed: September 3, 2013
    Date of Patent: April 19, 2016
    Assignee: Virident Systems, Inc.
    Inventors: Ruban Kanapathippillai, Kenneth Alan Okin
  • Patent number: 9306946
    Abstract: An intelligent electronic cryptographic cloud computing system can include a computing cloud. The computing cloud can include one or more data storages and one or more processers, one of which is an enterprise server. The computing cloud can be configured to provide at least one service with shared hardware and software resources.
    Type: Grant
    Filed: August 21, 2012
    Date of Patent: April 5, 2016
    Assignee: DJ INVENTIONS, LLC
    Inventor: Douglas C. Osburn
  • Patent number: 9298938
    Abstract: Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, and an encryption accelerator communicatively coupled to the processor. The encryption accelerator may be configured to encrypt and decrypt information in accordance with a plurality of cryptographic functions, receive a command from the processor to perform an encryption or decryption task upon data associated with an input/output operation, and in response to receiving the command, encrypt or decrypt the data associated with the input/output operation based on a particular one of the plurality of cryptographic functions.
    Type: Grant
    Filed: December 18, 2014
    Date of Patent: March 29, 2016
    Assignee: Dell Products L.P.
    Inventors: Kenneth W. Stufflebeam, Jr., Michele Kopp
  • Patent number: 9268957
    Abstract: Decryption apparatus includes an input memory (48), which is coupled to receive encrypted data, and an output transducer (28), for presenting decrypted data to a user. A decryption processor (50) is coupled to read and decrypt the encrypted data from the input memory but is incapable of writing to the input memory, and is coupled to convey the decrypted data to the output transducer for presentation to the user.
    Type: Grant
    Filed: December 11, 2007
    Date of Patent: February 23, 2016
    Assignee: Waterfall Security Solutions Ltd.
    Inventors: Lior Frenkel, Amir Zilberstein
  • Patent number: 9189618
    Abstract: A secure password generation method and system is provided. The method includes enabling by a processor of a computing system, password translation software. The computer processor generates and stores the random translation key. A first password is received and a second associated password is generated. The computer processor associates the second password with a secure application. The computer processor stores the random translation key within an external memory device and disables a connection between the computing system and the external memory device.
    Type: Grant
    Filed: May 21, 2014
    Date of Patent: November 17, 2015
    Assignee: International Business Machines Corporation
    Inventor: Arnaud Lund
  • Patent number: 9177353
    Abstract: A protected graphics module can send its output to a display engine securely. Secure communications with the display can provide a level of confidentiality of content generated by protected graphics modules against software and hardware attacks.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: November 3, 2015
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Uday R. Savagaonkar, Prashant Dewan, Michael A. Goldsmith, David M. Durham
  • Patent number: 9135471
    Abstract: Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. A method for encryption and decryption of data, may include encrypting or decrypting data associated with an input/output operation based on at least one of an encryption key and a cryptographic function, wherein at least one of the encryption key and the cryptographic function are selected based on one or more characteristics associated with the data to be encrypted or decrypted. Another method may include encrypting an item of data based on at least one of a first-layer encryption key and a first-layer cryptographic function to produce first-layer encrypted data and encrypting the first-layer encrypted data based on at least one of a second-layer encryption key and a second-layer cryptographic function to produce second-layer encrypted data.
    Type: Grant
    Filed: March 10, 2010
    Date of Patent: September 15, 2015
    Assignee: Dell Products L.P.
    Inventors: Kenneth W. Stufflebeam, Jr., Amy Christine Nelson
  • Patent number: 9118467
    Abstract: A client device that is coupled to a host device sends a parent public key and an associated certificate to the host device. The parent public key, the certificate and a corresponding parent private key are stored in secure persistent storage included in a secure device associated with the client device. The client device receives instructions from the host device for generating a child private and public key pair. In response to receiving the instructions, the client device generates a child private key based on a first random number produced within the secure device, and a child public key associated with the child private key. The client device computes a first signature on the child public key using the parent private key. The client device sends the child public key and the first signature to the host device.
    Type: Grant
    Filed: March 13, 2013
    Date of Patent: August 25, 2015
    Assignee: Atmel Corporation
    Inventors: Kerry David Maletsky, Michael J. Seymour, Brad Phillip Garner
  • Patent number: 9098727
    Abstract: Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, and a computer-readable medium communicatively coupled to the processor. The computer-readable medium may have instructions stored thereon, the instructions configured to, when executed by the processor: (i) periodically store, during an encryption or decryption operation performed on the computer-readable medium, one or more variables indicative of an encryption status of a volume of the computer-readable medium; (ii) determine, based on the one or more variables, whether the volume is in a partially encrypted or decrypted state; and (iii) in response to a determination that the volume is in a partially encrypted or decrypted state, boot from the volume and continue the encryption or decryption operation.
    Type: Grant
    Filed: October 30, 2012
    Date of Patent: August 4, 2015
    Assignee: Dell Products L.P.
    Inventors: Amy Christine Nelson, Kenneth W. Stufflebeam, Jr.
  • Patent number: 9037852
    Abstract: A computer system storing parameters pertaining to the regulatory restrictions placed on a for-hire vehicle compares the parameters to a current operating environment of the for-hire vehicle. In some embodiments, the computer system acts as the meter (such as a taximeter) of the for-hire vehicle. The operating parameters may include expiration or exclusion parameters that define the scope of operation of the for-hire vehicle stemming from the for-hire vehicle's medallion or certificate of public convenience and necessity. The expiration or exclusion parameters may also correspond to a driver's permit or any general regulation enacted by the regulatory agency. If the current operating environment does not comply with the expiration or exclusion parameters, the computer system shuts down, or enters a standby mode, and may not accept additional passenger fares until the current operating environment complies with the expiration and exclusion parameters.
    Type: Grant
    Filed: September 2, 2011
    Date of Patent: May 19, 2015
    Assignee: IVSC IP LLC
    Inventors: Michael Collins Pinkus, Mark A. James, James Alan Wisniewski
  • Patent number: 9003203
    Abstract: Storage associated with a virtual machine or other type of device may be migrated between locations (e.g., physical devices, network locations, etc.). To maintain the security of the storage, a system may manage the encryption of the storage area such that a storage area is encrypted with a first encryption key that may be maintained through the migration. A header of the storage area, on the other hand, may be encrypted using a second encryption key and the first encryption key may be stored therein. Upon transfer, the header may be re-encrypted to affect the transfer of security.
    Type: Grant
    Filed: January 23, 2013
    Date of Patent: April 7, 2015
    Assignee: Citrix Systems, Inc.
    Inventor: Michael Bursell
  • Publication number: 20150095660
    Abstract: A computational system is configured to protect against integrity violation. The computational system includes a processing unit and a critical resource, the critical resource being controllable by the processing unit so as to be locked or unlocked. The critical resource is configured to intermittently transmit a polling value to the processing unit, and the processing unit is configured to apply a transformation onto the polling value so as to obtain a response value and send the response value back to the critical resource. The critical resource is configured to check the response value on correctness so as to obtain a check result, and subject the controllability to a dependency on the check result.
    Type: Application
    Filed: September 30, 2013
    Publication date: April 2, 2015
    Inventors: Berndt Gammel, Tomaz Felicijan, Stefan Mangard
  • Patent number: 8997209
    Abstract: A memory device includes a plurality of memory chips, including one or more memory chips that store authentication information, and a controller including a first register that stores information indicating a representative memory chip, from among the one or more memory chips that store the authentication information, that stores valid authentication information.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: March 31, 2015
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Won-Seok Lee, Young-Kug Moon
  • Patent number: 8996885
    Abstract: Secure processing systems providing host-isolated security are provided. An exemplary secure processing system includes a host processor and a virtual machine instantiated on the host processor. A virtual unified security hub (USH) is instantiated on the virtual machine to provide security services to applications executing on the host processor. The virtual USH may further include an application programming interface (API) operable to expose the security services to the applications. A further exemplary secure processing system includes a host processor running a windows operating system for example, a low power host processor, and a USH processor configured to provide secure services to both the host processor and the low power host processor isolating the secure services from the host processor and the low power processor. The USH processor may also include an API to expose the security services to applications executing on the host processor and/or the low power host processor.
    Type: Grant
    Filed: October 2, 2009
    Date of Patent: March 31, 2015
    Assignee: Broadcom Corporation
    Inventor: Mark Buer
  • Patent number: 8984656
    Abstract: Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.
    Type: Grant
    Filed: September 23, 2013
    Date of Patent: March 17, 2015
    Assignee: Verisk Crime Analytics, Inc.
    Inventors: David A. Duhaime, Brad J. Duhaime
  • Patent number: 8983074
    Abstract: An input content data managing system, includes a first electronic storing apparatus that stores encoded content data generated by encoding content data with a cryptographic key; a electronic second storing apparatus that stores the cryptographic key with corresponding digest-value data of the encoded content data capable of identifying sameness of the encoded content data; a matching unit that determines a matched cryptographic key stored in the second storing apparatus for the encoded content data stored in the first storing apparatus, the matching using, as a matching key, at a predetermined time, digest-value data of the encoded content data obtained from the encoded content data stored in the first storing apparatus to match with the digest-value data of the encoded content data stored in the second storing apparatus, in order to obtain the content data by decoding the encoded content data using the matched cryptographic key.
    Type: Grant
    Filed: June 26, 2012
    Date of Patent: March 17, 2015
    Assignee: Quad, Inc.
    Inventor: Kozo Tagawa
  • Publication number: 20150067352
    Abstract: Disclosed is a cryptographic device that may automatically configure its traffic interfaces and cryptographic modes when it is inserted into an electrically keyed receptacle in a host system. Such automatic configuration may enable a single cryptographic module to support a range of input/output interfaces, such as SPI, Ethernet, RS-232 Serial, and RS-485 Serial, for example, and also to support a range of cryptographic modes, such as Cipher Block Chaining, Galois Counter Mode, or Long Cycle Mode, for Communications Security (COMSEC) and Transmission Security (TRANSEC) purposes. In addition, such automatic configuration may include parameters that affect power consumption, such as device clock rate or other power management features.
    Type: Application
    Filed: August 30, 2013
    Publication date: March 5, 2015
    Inventor: Richard Norman Winslow
  • Patent number: 8966284
    Abstract: A memory system comprises an encryption engine implemented in the hardware of a controller. In starting up the memory system, a boot strapping mechanism is implemented wherein a first portion of firmware when executed pulls in another portion of firmware to be executed. The hardware of the encryption engine is used to verify the integrity of at least the first portion of the firmware. Therefore, only the firmware that is intended to run the system will be executed.
    Type: Grant
    Filed: November 21, 2005
    Date of Patent: February 24, 2015
    Assignee: SanDisk Technologies Inc.
    Inventors: Michael Holtzman, Ron Barzilai, Reuven Elhamias, Niv Cohen