By Stored Data Protection Patents (Class 713/193)
  • Patent number: 10992456
    Abstract: An example operation may include one or more of receiving values of a data file that has been modified, where the values include an initial content state of the data file prior to modification and a modified content state of the data file after modification, generating a data structure which includes the initial content state of the data file and the modified content state of the data file, signing the generated data structure with a private key of a data modifier, and transmitting the generated data structure to a blockchain peer node for inclusion within one or more data blocks among a hash-linked chain of data blocks.
    Type: Grant
    Filed: October 9, 2018
    Date of Patent: April 27, 2021
    Assignee: International Business Machines Corporation
    Inventors: Hiroaki Nakamura, Takaaki Tateishi
  • Patent number: 10990707
    Abstract: There is provided a safe data signer device and methods to organize a safe data signer device so that certificate located there is completely isolated from unwanted access. The user certificate cannot be copied from this device to any other computer device. The certificate can only be written on the safe data signer once, although in at a future point, this certificate can be rewritten by a new certificate. The method and device assures that the certificate cannot be used even if malicious parties get physical access to the device.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: April 27, 2021
    Inventor: Evgeny Zarubin
  • Patent number: 10984138
    Abstract: Systems and methods for generating secure data for transport are presented. A data storage controller is electronically coupled with the data source. A first data storage device is electronically coupled with the data storage controller, the first data storage device configured to store encrypted data. A second data storage device is electronically coupled with the data storage controller, the second data storage device configured to store key data. A random bit size generator generates a random bit size corresponding with every write request of the data source of a size equal to the random bit size. A random key generator generates a random key equal to or greater in size than the random bit size. An encryption operator encrypts the data source of the size with the random key.
    Type: Grant
    Filed: June 18, 2020
    Date of Patent: April 20, 2021
    Inventors: Daniel M. Esbensen, Stephen M. Omohundro
  • Patent number: 10977195
    Abstract: A memory controller scrambles input data and stores the scrambled data in a memory, and then allows the stored data to be read from the memory only once. The memory controller includes a true random number generator (TRNG) for generating a true random number and a pseudo-random number generator (PRNG) that uses the true random number as a seed to generate a pseudo-random number. A linear feedback shift register (LFSR) receives and shifts the pseudo-random number and then scrambles the input data using the shifted number from the LFSR. The scrambled data then is stored in the memory and the seed is stored in one of the same or a separate memory. In response to a read request, the seed is read and used to regenerate the shifted number to descramble the stored data. The stored seed is invalidated to prevent additional attempts at reading the data.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: April 13, 2021
    Assignee: NXP USA, Inc.
    Inventors: Shixiong Lu, Bin Sai
  • Patent number: 10977021
    Abstract: A secure element (SE) applet installation method, applied to a user terminal with a trusted execution environment (TEE) and an SE, and the TEE is provided with a trusted application (TA). The SE applet installation method includes obtaining, by the TA, an SE applet command package after the user terminal receives an installation request instructing the TA to obtain the SE applet command package, parsing, by the TA, the SE applet command package to obtain target signaling included in the SE applet command package, where the target signaling being used to install a target SE applet, and sending, by the TA, the target signaling to the SE to install the target SE applet according to the target signaling.
    Type: Grant
    Filed: December 4, 2019
    Date of Patent: April 13, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Hui Li, Meilun Xie, Zhuofei Li
  • Patent number: 10970232
    Abstract: A Data Storage Device (DSD) includes a Non-Volatile Memory (NVM) including a private partition with a write-once partition only internally accessed by a controller of the DSD. Data stored in at least one memory of the controller and in the private partition is encrypted. According to one aspect, the NVM includes a firmware partition, and at least one key associated with the DSD stored in the write-once partition is descrambled or decrypted using a scrambler key or decryption key stored in the firmware partition. According to another aspect, a method for establishing a root of trust includes generating a scrambler key or a decryption key, and generating at least one key associated with the DSD. The scrambler key or the decryption key is stored in a firmware partition of an NVM of the DSD, and the at least one key associated with the DSD is stored in a write-once partition.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: April 6, 2021
    Assignee: Western Digital Technologies, Inc.
    Inventor: Joseph Halpern
  • Patent number: 10972266
    Abstract: Techniques manage an encryption key in a storage system. The techniques involve: transmitting an encryption key request from a storage management component to a key management service component; obtaining, via the key management service component, an encryption key encrypted by the key management service component based on the encryption key request; providing the obtained encrypted encryption key to the storage management component; maintaining, in the storage management component, correspondence between the encrypted encryption key and a storage device; and registering, according to the correspondence, the encrypted encryption key corresponding to the storage device to an encryption hardware unit, such that the encryption hardware unit can decrypt the encrypted encryption key to obtain the encryption key corresponding to the storage device. Effective management of the encryption key is thus realized.
    Type: Grant
    Filed: December 14, 2018
    Date of Patent: April 6, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Hongpo Gao, Geng Han, Jibing Dong, Shaoqin Gong, Haiying Tang
  • Patent number: 10963269
    Abstract: Apparatus, methods, and program products are disclosed for storing a hardware manifest. One apparatus includes a processor and a memory that stores code executable by the processor. The code is executable by the processor to store a hardware manifest for an information handling device. The code is further executable by the processor to manage modification of the hardware manifest. Methods and computer program products that perform the functions of the apparatus are also disclosed.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: March 30, 2021
    Assignee: Lenovo (Singapore) PTE. LTD.
    Inventors: Scott Wentao Li, Russell Speight VanBlon, Robert James Kapinos, Robert James Norton, Jr.
  • Patent number: 10965967
    Abstract: A system is provided for publishing a disparate per-client live media output stream based on dynamic insertion of targeted non-programming content and customized programming content. A first manifest request, including one or more parameters, is received from a first client device. Based on one or more parameters and associated indexed metadata, a first additional content that includes customized first programming content and targeted first non-programming content for first client device are determined. A first programming schedule is generated for first client device based on selected one or more live input streams and/or one or more pre-encoded media assets, indexed metadata, and first additional content. A first disparate live media output stream manifest for first client device is published based on insertion of selected one or more live input stream manifests and/or one or more pre-encoded media asset manifests, indexed metadata, and first additional content in accordance with first programming schedule.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: March 30, 2021
    Assignee: TURNER BROADCASTING SYSTEM, INC.
    Inventors: Donald Jude Loheide, Nishith Kumar Sinha, Nicolas Paul Webb
  • Patent number: 10958630
    Abstract: An approach to exchanging data and identity between devices, securely, is provided. The approach includes data encryption, device management, a voting mechanism, message queuing, and encrypted data storing. Using the approach, a user can provide their identity to and share data with an external software or device in a secure manner. Also the user can decide where to store their encrypted data.
    Type: Grant
    Filed: February 21, 2017
    Date of Patent: March 23, 2021
    Inventors: Geir Christian Karlsen, Boris Vujicic
  • Patent number: 10958421
    Abstract: A method, computer system, and a computer program product for controlling access to an asset in a blockchain network is provided. The present invention may include encrypting the asset using a target encryption key. The present invention may also include storing the encrypted asset on a ledger. The present invention may then include receiving a start encryption key to access the asset. The present invention may further include traversing a graph of keys beginning with the start encryption key across a plurality of nodes and edges until reaching the target encryption key. The present invention may also include allowing access to the asset based on reaching the target encryption key.
    Type: Grant
    Filed: November 20, 2018
    Date of Patent: March 23, 2021
    Assignee: International Business Machines Corporation
    Inventors: Woong A. Yoon, Daniel Dulaney, John P Filippone, Bonnie Ishiguro, Alex X Casella
  • Patent number: 10944566
    Abstract: A computer-implemented method, computerized apparatus and computer program product for supporting fairness in secure computations. A trusted execution platform with remote attestation (“enclave”) is provided to each of a plurality of participants. An authenticated public ledger accessible by all participants is also provided. Each of the enclaves is configured for obtaining at least a portion of an input to a function for computing a joint secret output, complementing the input by obtaining any remainder portion(s) thereof from one or more other enclaves, and, responsive to obtaining an indication from the ledger that the output can be computed by each of the enclaves, providing to the owner participant the output computed using the function and input. At least one of the enclaves is further configured for providing the indication to the ledger responsive to obtaining knowledge that the output can be computed by each of the enclaves.
    Type: Grant
    Filed: November 15, 2017
    Date of Patent: March 9, 2021
    Assignee: International Business Machines Corporation
    Inventor: Danny Harnik
  • Patent number: 10943013
    Abstract: Methods and apparatus are disclosed for securing executable code for execution with a processor using a trusted platform module (TPM). In one example of the disclosed technology, a method of decrypting executable code for execution includes measuring values stored in a CPU boot ROM and measuring second values for executable code stored in non-volatile memory, storing the resulting measurement value in a TPM platform configuration register. The PCR value is used to unseal a key stored in non-volatile memory of the TPM, which key is used to decrypt executable code for execution. Security can be further enhanced by destroying the values stored in the PCR by performing additional measurement operations with the TPM PCR used to generate the measurement value.
    Type: Grant
    Filed: February 10, 2020
    Date of Patent: March 9, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Ron Diamant, Alex Levin, Ihab Bishara
  • Patent number: 10944554
    Abstract: In a semiconductor device and an information processing system according to one embodiment, an external device generates external device unique information by using a unique code which is a value unique to the semiconductor device, and generates second information by encrypting the first information with the use of the external device unique information. The semiconductor device stores the second information and generates the principal device unique information independently of the external device, with the use of the unique code of the semiconductor device holding the second information, and decrypts the second information with the use of the principal device unique information to obtain the first information.
    Type: Grant
    Filed: April 25, 2018
    Date of Patent: March 9, 2021
    Assignee: Renesas Electronics Corporation
    Inventors: Daisuke Oshida, Shigemasa Shiota
  • Patent number: 10939173
    Abstract: Systems, methods, and computer readable media for providing video encryption. A device may receive an unencrypted content stream. The device may identify an encryption key and an entitlement control message (ECM) from an encryption package. The device may encrypt the unencrypted content stream using the encryption key to obtain encrypted data. The device may generate an encryption stream that comprises the ECM and the encrypted data.
    Type: Grant
    Filed: July 19, 2018
    Date of Patent: March 2, 2021
    Assignee: Cox Communications, Inc.
    Inventor: Kinney C. Bacon
  • Patent number: 10938789
    Abstract: Disclosed are systems and method for trusted presentation of information on an untrusted user device. An exemplary system includes a secure portable device which can be connected to the untrusted user device and configured to: receive data from the untrusted user device; analyze the received data to identify therein information intended for display to the user via the untrusted user device; generate a video stream containing at least part of the information intended for display to the user; generate and insert into the video stream one or more protection elements that serve to authenticate the information being outputted in the video stream; and transmit the generated video stream to the user device.
    Type: Grant
    Filed: April 21, 2017
    Date of Patent: March 2, 2021
    Assignee: AO Kaspersky Lab
    Inventors: Alexander V. Shadrin, Dmitry A. Kulagin, Pavel V. Dyakin
  • Patent number: 10936226
    Abstract: According to one embodiment, when data is to be written to a first physical storage location that is designated by a first physical address, a memory system encrypts the data with the first physical address and a first encryption key, and writes the encrypted data to the first physical storage location. When the encrypted data is to be copied to a second physical storage location, the memory system decrypts the encrypted data with the first physical address and the first encryption key, and re-encrypts the decrypted data with a second encryption key and a copy destination physical address indicative of the second physical storage location.
    Type: Grant
    Filed: February 21, 2019
    Date of Patent: March 2, 2021
    Assignee: TOSHIBA MEMORY CORPORATION
    Inventor: Shinichi Kanno
  • Patent number: 10938836
    Abstract: In one example in accordance with the present disclosure, a method may comprise establishing, by a boot environment, a secure connection on a special port. An authentication key for the secure connection is preloaded into the boot environment. The method may comprise verifying, by the admin node, that the new node is marked for installation and transmitting, by the admin node, a secure key to the new node over the secure connection. The method may comprise requesting, by the boot environment, a secure bundle from the admin node, the secure bundle corresponding to the new node. The method may comprise decrypting, by the boot environment, the secure bundle using the secure key and requesting, by the boot environment, an installation image for the new node. The secure bundle contains secure information that is not included in the installation image.
    Type: Grant
    Filed: June 6, 2019
    Date of Patent: March 2, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Erik Jacobson, Corneliu Boac
  • Patent number: 10931443
    Abstract: A computer-implemented method manages cryptographic objects in a hierarchical key management system including a hardware security module (HSM), which institutes a key hierarchy extending from a ground level l0. Clients interact with the HSM to obtain cryptographic objects. A request is received from one of the clients for an object at a given level ln of the hierarchy (above the ground level l0). A binary representation of the object is accessed as a primary bit pattern p0, at the HSM and said pattern is scrambled via a bitwise XOR operation. The latter operates, on the one hand, on the primary bit pattern p0 and, on the other hand, on a control bit pattern pc that is a binary representation of an access code of the same length as said primary bit pattern p0. The pattern pc is obtained based on that given level ln of the hierarchy.
    Type: Grant
    Filed: August 23, 2018
    Date of Patent: February 23, 2021
    Assignee: International Business Machines Corporation
    Inventors: Martin Schmatz, Navaneeth Rameshan, Yiyu Chen, Patricia M. Sagmeister
  • Patent number: 10929555
    Abstract: Some embodiments of the present invention include an apparatus for securing data and include a processor, and one or more stored sequences of instructions which, when executed by the processor, cause the processor to set a data download threshold, encrypt data to be downloaded by a user based on detecting size of the data violating the download threshold such that the user receives encrypted downloaded data, and manage a decryption key used to decrypt the encrypted downloaded data. The decryption key may be deconstructed into “N” key fragments and may be reconstructed using “K” key fragments where “N” is equal to “2K?1”.
    Type: Grant
    Filed: June 17, 2019
    Date of Patent: February 23, 2021
    Assignee: salesforce.com, inc.
    Inventors: Prasad Peddada, Jeremy Horwitz
  • Patent number: 10922432
    Abstract: The present disclosure relates to a method for accessing a database stored on a server using a relation. The server is coupled to a client computer via a network, wherein the relation comprises first data items, the first data items forming a partially ordered set in the first relation, wherein for each first data item a referential connection exists in the database assigning said first data item to at least one second data item of the database. The method comprises: identifying first data items of the relation referencing N second data items; for each identified first data item modifying, using a same modification method, the identified first data item M times, wherein M?N, for obtaining M unique modified data items; associating with each of modified first data items of a given first data item a respective portion of the N referential connections of the given first data item; inserting the modified first data items in the relation, thereby replacing the identified first data items.
    Type: Grant
    Filed: December 27, 2017
    Date of Patent: February 16, 2021
    Assignee: COMPUGROUP MEDICAL SE
    Inventors: Jan Lehnhardt, Tobias Rho
  • Patent number: 10924777
    Abstract: A system is provided for publishing a disparate per-client live media output stream based on dynamic insertion of targeted non-programming content and customized programming content. A first manifest request, including one or more parameters, is received from a first client device. Based on one or more parameters and associated indexed metadata, a first additional content that includes customized first programming content and targeted first non-programming content for first client device are determined. A first programming schedule is generated for first client device based on selected one or more live input streams and/or one or more pre-encoded media assets, indexed metadata, and first additional content. A first disparate live media output stream manifest for first client device is published based on insertion of selected one or more live input stream manifests and/or one or more pre-encoded media asset manifests, indexed metadata, and first additional content in accordance with first programming schedule.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: February 16, 2021
    Assignee: TURNER BROADCASTING SYSTEM, INC.
    Inventors: Donald Jude Loheide, Nishith Kumar Sinha, Nicolas Paul Webb
  • Patent number: 10922243
    Abstract: Various examples are directed to systems and methods for securing a data storage device. A storage controller may receive a read request directed to the data storage device. The read request may comprise address data indicating a first address of a first storage location at the data storage device. The storage controller may request from the data storage device a first encrypted data unit stored at the first memory element and a first encrypted set of parity bits, such as Error Correction Code (ECC) bits, associated with the first storage location. An encryption system may decrypt the first encrypted set of parity bits to generate a first set of parity bits based at least in part on an a first location parity key for the first address.
    Type: Grant
    Filed: July 24, 2019
    Date of Patent: February 16, 2021
    Assignee: Intel Corporation
    Inventors: Rodrigo R. Branco, Shay Gueron
  • Patent number: 10922508
    Abstract: The present disclosure relates to the field of anti-counterfeit protection of products. Specifically, the disclosure is directed to a method of reading with a reader device a marking comprising a physical unclonable function, PUF, and a corresponding reader device. In particular, such reader device marking can be used in connection with or can form a component of a multi-component security system, in particular of an anti-counterfeit protection system, which is also disclosed herein as part of an overall security solution for anti-counterfeit protection.
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: February 16, 2021
    Assignee: Merck Patent GmbH
    Inventors: Thomas Endress, Daniel Szabo, Fabian Wahl
  • Patent number: 10922181
    Abstract: A method comprises encoding, by a DS processing unit of a dispersed storage network (DSN), a data segment using an information dispersal algorithm with a first pillar width number to produce a set of encoded data slices. The method continues by generating a set of DSN addresses for the set of encoded data slices based on the first pillar width number, a second pillar width number and a DSN address mapping function. The method continues by identifying, based on the DSN addresses, a first group of storage units of a set of storage units that includes the second width pillar number of storage units and where the first group of storage units includes the first pillar width number of storage units. The method continues by sending the set of encoded data slices to the first group of storage units in accordance with the set of DSN addresses.
    Type: Grant
    Filed: September 21, 2018
    Date of Patent: February 16, 2021
    Assignee: PURE STORAGE, INC.
    Inventors: Andrew D. Baptist, Jason K. Resch, Wesley B. Leggette
  • Patent number: 10917232
    Abstract: Embodiments of a data encryption and/or decryption technique are disclosed. In accordance with one example embodiment, a method may include enciphering a message, based at least in part, on a hierarchical symbol assignment system, and modifying an enciphering key signal value to modify a level of security of enciphering.
    Type: Grant
    Filed: September 21, 2017
    Date of Patent: February 9, 2021
    Assignee: Robert T. and Virginia T. Jenkins as Trustees of the Jenkins Family Trust Dated Feb. 8, 2002
    Inventors: Mark Gesley, Richard Crandall, Edlyn Teske, Tim Williams
  • Patent number: 10917237
    Abstract: Implementations described herein disclose a device identity management system using a trusted platform module (TPM) of a device. The device identity management system provides one or more computer executable instructions to receive a secret random number at a trusted platform module (TPM) of a device, generate a hash of an existing device identity stored in a non-volatile (NV) identity index using the secret random number, and store the hash as the device identity in the NV identity index.
    Type: Grant
    Filed: April 16, 2018
    Date of Patent: February 9, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Christopher E. Fenner
  • Patent number: 10911241
    Abstract: Provided is a process including: receiving, with one or more processors, a first request to store a record from a computing entity; encoding, with one or more processors, the record in a first plurality of segments; arranging, with one or more processors, the first plurality of segments in respective content nodes of a first content graph, wherein at least some content nodes of the first content graph have two or more content edges of the first content graph pointing to two or more respective other content nodes of the first content graph; and storing, with one or more processors, the content nodes of the first content graph in a verification graph.
    Type: Grant
    Filed: October 30, 2019
    Date of Patent: February 2, 2021
    Assignee: ALTR Solutions, Inc.
    Inventors: Christopher Edward Struttmann, James Douglas Beecham
  • Patent number: 10911417
    Abstract: A method for analysing data received by an addressed recipient of a data package. The method comprises receiving a data package over a data network. The data package comprises a header and payload data. The header of the data package is analysed to determine a plurality of characteristics, the characteristics comprising at least an identifier and a transmission time. The method also comprises generating a risk indicator, wherein the risk indicator indicates a risk associated with the analysis of the header. A handling action is generated based on the risk indicator; and provided along with the payload data to the addressed recipient.
    Type: Grant
    Filed: January 22, 2020
    Date of Patent: February 2, 2021
    Assignee: Egress Software Technologies IP Limited
    Inventors: John Goodyear, Anthony Robert Pepper, Neil Tony Larkins, Nathan Michael Pilkington
  • Patent number: 10909254
    Abstract: Parties are enabled to exchange data without knowing the other party's encryption key. Cells in one party's database each form an object which is encrypted at the object level. Authentications and authorizations are incorporated into each object. An encryption management engine produces different keys for each objects. A security server database stores a key registered by one party. The in a later request by the party is compared to its registered key. A protocol and key management method allow identification and access to an appropriate key using only publicly available information. A set of data is added with a secured session key. A selected set of data is used to create a cryptographically secure Header-Tx with a secured session key and an Access Control List with an embedded security policy. Data is sent to a receiver only when authorized by the customer authentication security server.
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: February 2, 2021
    Inventor: David R Czajkowski
  • Patent number: 10911227
    Abstract: A method for facilitating the broadcast of encrypted data includes: storing a content encryption key and a server private key of a first cryptographic key pair; storing a recipient profile, the profile being related to a recipient computing device including a recipient public key of a second cryptographic key pair; receiving a broadcast request from a broadcast computing device including an broadcast message encrypted using the content encryption key; identifying a unique identifier; transmitting a data message including the encrypted broadcast message and the unique identifier; receiving a key request from the recipient computing device including the unique identifier; verifying that the unique identifier included in the key request is equivalent to the identified unique identifier; encrypting the content encryption key using the recipient public key; and transmitting the encrypted content encryption key to the recipient computing device.
    Type: Grant
    Filed: April 12, 2018
    Date of Patent: February 2, 2021
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Moreshwar Mukund Datye, Ashutosh Subhash Gijare, Krishna Prasad Vasireddy, Christopher T. Wischerth, Eric Alger
  • Patent number: 10901917
    Abstract: In various implementations, a memory controller for storage class memory can include an address scrambling circuit. The address scrambling circuit can receive an input address for a processor memory transaction, where the input address is associated with a virtual machine identifier. The address scrambling circuit can further determine an address scrambling mapping from the plurality of address scrambling mappings, where the address scrambling mapping includes a first pattern that determines an alternate set of bits for a set of input bits. The address scrambling circuit can further scramble, using the scrambling circuit and the first pattern, a first part of the input address. The address scrambling circuit can further determine a scrambled address using the input address and the scrambled first part of the input address and output the scrambled address.
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: January 26, 2021
    Assignee: Amazon Technologies, Inc.
    Inventor: Thomas A. Volpe
  • Patent number: 10902098
    Abstract: A method for encrypting logic includes generating, by a computing system, locking logic for inclusion in a logic circuit. The locking logic is generated based at least in part on an error rate and an attack complexity. The method also includes inserting, by the computing system, a one-way function into the locking logic. The method further includes applying, by the computing system, obfuscation logic to the logic circuit, where the obfuscation logic is applied on top of the locking logic.
    Type: Grant
    Filed: July 11, 2018
    Date of Patent: January 26, 2021
    Assignee: Northwestern University
    Inventor: Hai Zhou
  • Patent number: 10901650
    Abstract: A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method begins by identifying, for data stored within a DSN memory, one or more encryption keys used to encrypt data stored within the DSN memory. The method continues by identifying, for data stored within a portion of the DSN memory requiring sanitization, a master key of the one or more encryption keys that encrypts all of the data stored within the portion to be sanitized. The method continues by determining, if the master key is not used to encrypt data stored outside of the portion to be sanitized. The method continues, if the master key is not used to encrypt data stored outside of the portion to be sanitized, by sanitizing the data stored within a portion of the DSN memory by erasing the master key.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: January 26, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Alan M. Frazier, Scott M. Horan, Shibhani Rai, Jason K. Resch, Mark D. Seaborn
  • Patent number: 10904229
    Abstract: A technique to cache content securely within edge network environments, even within portions of that network that might be considered less secure than what a customer desires, while still providing the acceleration and off-loading benefits of the edge network. The approach ensures that customer confidential data (whether content, keys, etc.) are not exposed either in transit or at rest. In this approach, only encrypted copies of the customer's content objects are maintained within the portion of the edge network, but without any need to manage the encryption keys. To take full advantage of the secure content caching technique, preferably the encrypted content (or portions thereof) are pre-positioned within the edge network portion to improve performance of secure content delivery from the environment.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: January 26, 2021
    Assignee: Akamai Technologies, Inc.
    Inventor: Tong Chen
  • Patent number: 10893108
    Abstract: In one embodiment, a method comprises detecting, by an apparatus, establishment of a stateful application session between a mobile endpoint device and a stateful virtualized application executed by a first virtualization host in a data network, the mobile endpoint device establishing a network connection with the stateful virtualized application via a first wireless connection with a first network access point; generating, by the apparatus, a connection container comprising a connection identifier uniquely identifying the network connection, connection metadata describing the network connection, and application state metadata describing execution of the stateful virtualized application for the mobile endpoint device; and outputting, by the apparatus, the application state metadata for continuous execution of the stateful virtualized application by a second virtualization host associated with a second network access point, based on determining the mobile endpoint device connecting with the second network acces
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: January 12, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Sebastian Jeuk, Gonzalo Salgueiro, M. David Hanes
  • Patent number: 10892888
    Abstract: A computer-implemented method for information protection comprises: determining one or more data inputs and one or more data outputs for a transaction, wherein the data inputs are associated with input data types respectively, and the data outputs are associated with output data types respectively; encrypting the input data types and the output data types; committing each of the encrypted input data types and the encrypted output data types with a commitment scheme to obtain corresponding commitment values; obtaining at least a parameter R based at least on the commitment values; and submitting the transaction to one or more nodes in a blockchain network with disclosure of the parameter R and without disclosure of the input data types and output data types for the nodes to verify consistency between the input data types and the output data types.
    Type: Grant
    Filed: July 27, 2020
    Date of Patent: January 12, 2021
    Assignee: ADVANCED NEW TECHNOLOGIES CO., LTD.
    Inventors: Baoli Ma, Wenbin Zhang, Lichun Li, Zheng Liu, Shan Yin
  • Patent number: 10891385
    Abstract: A compute resource provider system is shown having an encryption agent that obtains a cryptographic key for a virtual machine and sends the cryptographic key to a host agent. The host agent receives the cryptographic key from the encryption agent and stores the received cryptographic key to a user key vault. The host agent generates a key vault secret reference (KVSR) locator pointing to the cryptographic key stored in the user key vault, associates the KVSR with the virtual diskset, and sends a success message to the encryption agent. The encryption agent receives the success message from the host and, responsive thereto, encrypts the virtual diskset using the cryptographic key. Subsequently, another host agent uses the KVSR to obtain the cryptographic key from the key vault and boot the virtual machine with the encrypted virtual diskset.
    Type: Grant
    Filed: May 16, 2018
    Date of Patent: January 12, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Aravind N. Thoram, Sudhakara Reddy Evuri, Mayank Mahajan, Kahren Tevosyan
  • Patent number: 10885217
    Abstract: Disclosed embodiments relate to implementing, as a microservice at a client, a searchable-encryption service. Operations may include executing the microservice at the client to perform operations including: encrypting data based on a cryptographic key accessible to the client; sending the encrypted data to a network storage resource; identifying, at the microservice, a search query in plaintext; encrypting the search query according to the cryptographic key; sending the encrypted search query to the network storage resource; and receiving a response to the encrypted search query from the network storage resource.
    Type: Grant
    Filed: April 20, 2020
    Date of Patent: January 5, 2021
    Assignee: CYBERARK SOFTWARE LTD.
    Inventor: Ofer Rivlin
  • Patent number: 10887181
    Abstract: The present disclosure relates to systems, methods, and computer-readable media for performing out-of-band discovery of service definitions to enable a central computing device to interact with one or more peripheral devices. For example, systems disclosed herein include retrieving a hash value for a peripheral device representative of a set of service attributes associated with the peripheral device. Based on the hash value, the systems disclosed herein can identify a service database entry including service definitions that enable the central computing device to interact with the peripheral devices. Using the service definitions, the central computing device can interact with any peripheral device that shares the same set of service attributes as the peripheral device.
    Type: Grant
    Filed: January 9, 2019
    Date of Patent: January 5, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Alain Michaud, Heming Wen, Erik O. Peterson, Matthew Thomas Beaver
  • Patent number: 10880081
    Abstract: A storage system includes a host device and a storage device. The host device generates a file, and generates a unique file identifier (UFID) for each file, wherein the UFID is based on an identifier of the generated file and at least one logical address corresponding to the generated file. The storage device generates a key for encrypting or decrypting write data corresponding to the generated file based on the UFID and a random number, and encrypts the write data by using the key.
    Type: Grant
    Filed: July 9, 2018
    Date of Patent: December 29, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Seokhwan Kim, Jun-Ho Jang, Seongjun Ahn
  • Patent number: 10878135
    Abstract: A device in a wireless device security system may include at least one processor configured to determine a location of the device with respect to a security area. The at least one processor may be further configured to provide an alert output when the determined location of the device is proximate to a boundary of the security area. The at least one processor may be further configured to prevent the device from responding to at least some user input when the determined location of the device is outside of the security area. The at least one processor may be further configured to provide a disturbance output when the determined location of the device is outside of the security area.
    Type: Grant
    Filed: January 31, 2019
    Date of Patent: December 29, 2020
    Assignee: Apple Inc.
    Inventors: Russell E. Snediker, Vinay Subramanian, David A. Den Boer
  • Patent number: 10872174
    Abstract: According to an embodiment, an information processing device operates while switching between a secure mode and a non-secure mode. The information processing device includes processing circuitry. The processing circuitry is configured to function as a switching unit. The switching unit switches a mode from the secure mode to the non-secure mode at the time when the information processing device is operating in the secure mode.
    Type: Grant
    Filed: August 30, 2018
    Date of Patent: December 22, 2020
    Assignee: KABUSHIKI KAISHA TOSHIBA
    Inventors: Ryuta Nara, Takeshi Kawabata
  • Patent number: 10871983
    Abstract: Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: December 22, 2020
    Assignee: Intel Corporation
    Inventors: Wajdi Feghali, Vinodh Gopal, Kirk Yap, Sean Gulley, Raghunandan Makaram
  • Patent number: 10873771
    Abstract: A system is provided for publishing a disparate per-client live media output stream based on dynamic insertion of targeted non-programming content and customized programming content. A first manifest request, including one or more parameters, is received from a first client device. Based on one or more parameters and associated indexed metadata, a first additional content that includes customized first programming content and targeted first non-programming content for first client device are determined. A first programming schedule is generated for first client device based on selected one or more live input streams and/or one or more pre-encoded media assets, indexed metadata, and first additional content. A first disparate live media output stream manifest for first client device is published based on insertion of selected one or more live input stream manifests and/or one or more pre-encoded media asset manifests, indexed metadata, and first additional content in accordance with first programming schedule.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: December 22, 2020
    Assignee: TURNER BROADCASTING SYSTEM, INC.
    Inventors: Donald Jude Loheide, Nishith Kumar Sinha, Nicolas Paul Webb
  • Patent number: 10867045
    Abstract: Examples herein disclose a processor-based computing system. The system comprises at least one processor, a non-volatile memory comprising a basic input output system (BIOS), wherein the BIOS creates a data structure and sets up at least one verification software component executed by the processor, a controller communicatively linked to the at least one verification software component, and a memory comprising a system management memory coupled to the at least one processor and code which is executable by the processor-based system to cause the processor to validate the BIOS during a runtime of the processor-based system using the at least one verification software component and the controller.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: December 15, 2020
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Jeffrey Kevin Jeansonne, Vali Ali, David Plaquin, Maugan Villatel
  • Patent number: 10860547
    Abstract: A transactional block storage system is provided which is capable of supporting a single-phase commit for data writes specifying a protected storage unit. The storage system includes a data storage map that logically links the protected data storage unit to two or more block storage units associated with a layer of the protected data storage unit. The storage system also includes an address abstraction layer which translates write requests to the block storage units and resolves whether those write requests are atomically committed to the storage system in a single phase transaction. The address abstraction layer is further configured to detected when a block storage unit becomes unavailable during a transaction and create a cleaning kit for that block in order to prevent data loss. Additionally, the address abstraction layer facilitates moving, copying, and merging of block storage units without global locking in the storage system.
    Type: Grant
    Filed: October 4, 2018
    Date of Patent: December 8, 2020
    Assignee: Qumulo, Inc.
    Inventors: Aaron Passey, Neal Fachan, Peter Godman
  • Patent number: 10862786
    Abstract: A method, device, and computer program product for fingerprint based status detection in a distributed processing system is provided. The method comprises: generating and sending, at a root node, an initial fingerprint based on the output message ID to be sent; at a middle node, generating and sending an updated fingerprint based on a received input message ID, an output message ID to be sent and a received fingerprint; sending, at the leaf node, a final updated fingerprint to a tracking task point; and obtaining, at the tracking task point, status information based on the final updated fingerprint. As the method does not generate traffic at each node but only generates tracking traffic at leaf nodes, the approach according to the present disclosure reduces tracking overhead significantly while guaranteeing the reliability of data processing.
    Type: Grant
    Filed: October 22, 2019
    Date of Patent: December 8, 2020
    Assignee: EMC IP Holding Company, LLC
    Inventors: Junping Frank Zhao, Fenghao Zhang, Yu Cao, Jun Tao, Ricky Yuxi Sun
  • Patent number: 10863558
    Abstract: The present disclosure pertains to systems and methods for establishing trust relationships between a software defined network (SDN) controller and a SDN communication device. In one embodiment, a SDN controller may comprise a communications interface configured to communicate with a plurality of SDN network devices. A commissioning subsystem configured to detect a new device associated with the SDN. In response to a new device, a user interface subsystem may be configured to receive a user approval to commission the new device. A trust subsystem configured to establish a first SDN controller trusted credential and to transmit a first device trusted credential based on the first SDN controller credential to the new device. Programming instructions to the new device authenticated using the first SDN controller trusted credential by a SDN programming subsystem.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: December 8, 2020
    Assignee: Schweitzer Engineering Laboratories, Inc.
    Inventors: Josh Powers, Tristan Lloyd Mullis, Jason A. Dearien, Michael Dylan Cone, Coby Soss, Barry Jakob Grussling
  • Patent number: 10846418
    Abstract: A Data Storage Device (DSD) or a server is set to an unlocked state to allow access to a memory of the DSD or to a DSD of the server. Communication is established with an access station using a wireless communication interface, and an access code is received from the access station via the wireless communication interface. If the received access code is determined to be valid, the DSD or server is set to the unlocked state. According to another aspect, communication is established with a DSD or a server using a wireless communication interface, and an access code is generated and sent to the DSD or the server for setting the DSD or the server to the unlocked state.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: November 24, 2020
    Assignee: Western Digital Technologies, Inc.
    Inventors: Daniel Joseph Linnen, Avinash Rajagiri, Srikar Peesari, Ashish Ghai, Dongxiang Liao, Rohit Sehgal