By Stored Data Protection Patents (Class 713/193)
  • Patent number: 11900366
    Abstract: A system and method for securing crypto-asset transactions. The method includes sharding a wallet private key such that each shard of the wallet private key is distributed to a different secure module; generating signatures by each of the different secure modules based on a respective shard of the sharded wallet private key and obtained trading platform credentials; and verifying the crypto-asset transaction when a predetermined threshold of the generated signatures are determined to match each other.
    Type: Grant
    Filed: February 10, 2021
    Date of Patent: February 13, 2024
    Assignee: FIREBLOCKS LTD.
    Inventors: Pavel Berengoltz, Idan Ofrat, Michael Shaulov
  • Patent number: 11899803
    Abstract: Systems, computer program products, and methods are described herein for implementing enhanced file encryption technique. The present invention is configured to receive a request from a computing device of a user to encrypt a file; encrypt the file using a local file encryption key to generate an encrypted file; transmit, via an encryption engine, a first encryption request to an encryption server to encrypt a first portion of the encrypted file; receive, from the encryption server, an encrypted first portion of the encrypted file based on at least the first encryption request, wherein the first portion of the encrypted file is encrypted by the encryption server using a first file encryption key; append the encrypted first portion of the encryption file with a remaining portion of the encrypted file to generate a final encrypted file; and store the final encrypted file in a data repository.
    Type: Grant
    Filed: January 26, 2023
    Date of Patent: February 13, 2024
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Praveen Chakravarthy Yedluri, Shyam Acharya
  • Patent number: 11899814
    Abstract: A computer-implemented method and system: (A) read, from a plurality of data sources associated with a user, a plurality of data elements; (B) identify, for each of the plurality of data elements, a corresponding security level and a corresponding access level; (C) store, for each of the plurality of data elements, the corresponding security level and the corresponding access level; and (D) store, in a data store associated with the user, each of the plurality of data elements using a storage method specified by the data element's corresponding security level.
    Type: Grant
    Filed: August 21, 2023
    Date of Patent: February 13, 2024
    Inventors: Arthur Hustad, Wolfgang Schreiner
  • Patent number: 11893108
    Abstract: A method for accessing one or more service processes of service includes executing at least one service enclave and executing an enclave sandbox that wraps the at least one service enclave. The at least one service enclave provides an interface to the one or more service processes. The enclave sandbox is configured to establish an encrypted communication tunnel to the at least one service enclave interfacing with the one or more service processes, and communicate program calls to/from the one or more service processes as encrypted communications through the encrypted communication tunnel.
    Type: Grant
    Filed: December 31, 2022
    Date of Patent: February 6, 2024
    Assignee: Google LLC
    Inventors: Nicolas Lidzborski, Jonathon Giffin
  • Patent number: 11893136
    Abstract: Multiple types of tokens can be generated and utilized in a highly structured document with freeform text. For example, a tokenization system may receive a request for tokenizing a document with a first portion having structured content and a second portion having unstructured or semi-structured content. In response, the tokenization system identifies sensitive information in the first portion of the document, generates format-preserving tokens for the sensitive information in the first portion of the document, identifies sensitive information in the second portion of the document, and generates self-describing tokens for the sensitive information in the second portion of the document. The self-describing tokens reference the sensitive information in the first portion of the document. The tokenization system may then communicate the format-preserving tokens and the self-describing tokens to the first client computing system or to a second client computing system.
    Type: Grant
    Filed: August 27, 2021
    Date of Patent: February 6, 2024
    Assignee: OPEN TEXT HOLDINGS, INC.
    Inventor: Walter Hughes Lindsay
  • Patent number: 11895142
    Abstract: The systems and methods disclosed herein comprise computer-based platforms configured for automated early-stage application security monitoring for allowing users (e.g., application developers) to make decisions at the early stage of the application development.
    Type: Grant
    Filed: December 21, 2022
    Date of Patent: February 6, 2024
    Assignee: American Express Travel Related Services Company, Inc.
    Inventors: Asish Soudhamma, Dilip Kumar, Pratik Rajendraprasad Kasat, Andrew Michael Zammit, Gregory Huff
  • Patent number: 11895099
    Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.
    Type: Grant
    Filed: September 1, 2021
    Date of Patent: February 6, 2024
    Assignee: JOURNEY.AI
    Inventors: Brett Shockley, Alexander John Shockley, Michael Joseph Frendo, Shmuel Shaffer, Kenneth Keiter, James M. Behmke
  • Patent number: 11893247
    Abstract: The present technology relates to an electronic device. According to the present technology, a data storage device providing an improved security function includes a memory device including a protected memory block by a security protocol and a memory controller configured to receive a command protocol component associated with the security protocol including a host side protection message requesting data from a host to be written in the protected memory block, perform an authentication operation on the protected memory block using a host message authentication code included in the host side protection message, and store data from the host according to a result of the authentication operation.
    Type: Grant
    Filed: March 5, 2021
    Date of Patent: February 6, 2024
    Assignee: SK HYNIX INC.
    Inventor: Hui Won Lee
  • Patent number: 11892997
    Abstract: System and methods are provided for sharding at the content level and routing content requests. Each point of presence (PoP) can initially identify the PoP that should serve content by using hashing. A PoP can encode a domain name with the identified PoP in metadata and redirect the client computing device. A client computing device transmits a DNS query for the encoded domain name. A DNS server receives the encoded domain name and decrypts and decodes the domain name label. The DNS server uses the decrypted and decoded metadata to make a further routing decision. The DNS server sends, to the client computing device, a DNS reply with the Internet Protocol (IP) address of the selected PoP. The client computing device requests content from the PoP identified by the provided IP address.
    Type: Grant
    Filed: July 11, 2022
    Date of Patent: February 6, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Karthik Uthaman, Ronil Sudhir Mokashi
  • Patent number: 11886545
    Abstract: Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory.
    Type: Grant
    Filed: December 28, 2020
    Date of Patent: January 30, 2024
    Assignee: DIVX, LLC
    Inventors: Eric William Grab, Chris Russell, Francis Yee-Dug Chan, Michael George Kiefer
  • Patent number: 11886752
    Abstract: A method for execution by one or more processing modules of one or more computing devices of a storage network, the method comprises receiving a data object for processing, determining whether the data object is to be transferred to one or more remote storage location, determining whether one or more legal restrictions are associated with the data object. Based on a determination that one or more legal restrictions are associated with the data object, the method continues by determining whether the one or more legal restrictions allow transfer of the data object to a storage unit of the one or more remote storage locations. The method continues by segmenting the data object into a plurality of data segments, dispersed error encoding a data segment of the plurality of data segments in accordance with dispersed error encoding parameters to produce a set of encoded data slice and transmitting a write requests for an encoded data slice of the set of encoded data slices to the storage location for processing.
    Type: Grant
    Filed: January 9, 2023
    Date of Patent: January 30, 2024
    Assignee: Pure Storage, Inc.
    Inventors: Russell P. Kennedy, Robert C. McCammon, Jason K. Resch, Thomas F. Shirley, Jr.
  • Patent number: 11888893
    Abstract: A method and system for characterizing application layer denial-of-service (DDoS) attacks are provided. The method includes generating a dynamic applicative signature by analyzing requests received during an on-going DDoS attack, wherein the dynamic applicative signature characterizes based on frequent applicative attributes appeared from the received; characterizing each incoming request based on the generated dynamic applicative signature, wherein the characterization provides an indication for each incoming request whether an incoming request is generated by an attack tool executing the on-going DDoS attributes; and causing a mitigation action on the incoming request generated by the attack tool based on the generated dynamic applicative signature.
    Type: Grant
    Filed: January 31, 2023
    Date of Patent: January 30, 2024
    Assignee: RADWARE LTD
    Inventors: Ehud Doron, Koral Haham, David Aviv
  • Patent number: 11888980
    Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).
    Type: Grant
    Filed: April 19, 2021
    Date of Patent: January 30, 2024
    Assignee: Amazon Technologies, Inc.
    Inventor: Steven Preston Lightner Norum
  • Patent number: 11880578
    Abstract: Techniques are provided for providing a storage abstraction layer for a composite aggregate architecture. A storage abstraction layer is utilized as an indirection layer between a file system and a storage environment. The storage abstraction layer obtains characteristic of a plurality of storage providers that provide access to heterogeneous types of storage of the storage environment (e.g., solid state storage, high availability storage, object storage, hard disk drive storage, etc.). The storage abstraction layer generates storage bins to manage storage of each storage provider. The storage abstraction layer generates a storage aggregate from the heterogeneous types of storage as a single storage container. The storage aggregate is exposed to the file system as the single storage container that abstracts away from the file system the management and physical storage details of data of the storage aggregate.
    Type: Grant
    Filed: November 29, 2021
    Date of Patent: January 23, 2024
    Assignee: NetApp, Inc.
    Inventors: Ananthan Subramanian, Sriram Venketaraman, Ravikanth Dronamraju, Mohit Gupta
  • Patent number: 11882018
    Abstract: An apparatus for analyzing a network according to an embodiment includes a receiving module configured to receive, from a cloud service, information on one or more resources included in the cloud service and information on a network environment of the one or more resources, a topology generation module configured to derive a network topology of the cloud service by using the information on the resources and the information on the network environment, and an analysis module configured to derive, from the network topology, a communication possible path of each of the one or more resources and one or more communication allow policies in the communication possible path.
    Type: Grant
    Filed: October 29, 2021
    Date of Patent: January 23, 2024
    Assignee: SAMSUNG SDS CO., LTD.
    Inventors: Jung Do Cha, Jung Hyun Ahn, Hyeong Jin Lee
  • Patent number: 11874776
    Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.
    Type: Grant
    Filed: June 25, 2021
    Date of Patent: January 16, 2024
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan
  • Patent number: 11868365
    Abstract: Methods and systems for data are disclosed. A system implementation includes a data module for storing data received from an external source. The data module includes a file system for unstructured data, a database for structured data, a transform for operating upon unstructured or structured data, a data broker for receiving data having a first format and providing the data in a second format, a data network for communications within the data module, and a processing module for performing operations upon data. The processing module further includes a process broker and a process container. The process container is for providing one or more instances of processes during a runtime operation. The system further includes an inter-process network for communications within the processing module and an internal gateway for the data module to communicate with the processing module.
    Type: Grant
    Filed: December 12, 2022
    Date of Patent: January 9, 2024
    Inventors: Vivek Vishnoi, Steven Sanghoon Lee
  • Patent number: 11868638
    Abstract: Methods, systems, and devices for improved inter-memory movement in a multi-memory system are described. A memory device may receive from a host device a command to move data from a first memory controlled by a first controller to a second memory controller by a second controller. The memory device may use the first and second controllers to facilitate the movement of the data from the first memory to the second memory via a path external to the host device. The memory device may indicate to the host device when to suspend activity to the first memory or the second memory and when to resume activity to the first memory or second memory.
    Type: Grant
    Filed: September 11, 2020
    Date of Patent: January 9, 2024
    Assignee: Micron Technology, Inc.
    Inventors: Sourabh Dhir, Kang-Yong Kim
  • Patent number: 11861020
    Abstract: An apparatus includes a processor, persistent memory coupled to the processor, and a memory protection logic. The processor may include multiple processing engines. The persistent memory may include a persistent storage portion and a memory expansion portion. The memory protection logic is to: obtain a first ephemeral component associated with the persistent storage portion; generate a persistent key using the first ephemeral component; obtain a second ephemeral component associated with the memory expansion portion; and generate a non-persistent key using the second ephemeral component. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 26, 2020
    Date of Patent: January 2, 2024
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Hormuzd M. Khosravi
  • Patent number: 11861009
    Abstract: An apparatus to facilitate permissions at a computing system platform is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent and attestation hardware to detect an update at the computing system platform, generate a cryptographic key associated with each of the plurality of agents, perform an attestation with a relying party using the generated cryptographic keys and receive a tuple associated with each of the plurality of agents, wherein a tuple includes one or more permissions indicating platform resources an agent is permitted to access.
    Type: Grant
    Filed: December 23, 2020
    Date of Patent: January 2, 2024
    Assignee: Intel Corporation
    Inventors: Prashant Dewan, Nivedita Aggarwal
  • Patent number: 11861183
    Abstract: A disk device includes a volatile memory, a nonvolatile memory, and a controller. The controller is configured to receive, from a host, a key setting request that includes a cryptographic key, a key ID thereof, and tag information of the cryptographic key and generate generation information of the cryptographic key. The controller is also configured to store a first entry including the tag information, the cryptographic key, and the generation information associated with each other in the volatile memory, and store a second entry including the key ID and the generation information associated with each other in the nonvolatile memory.
    Type: Grant
    Filed: February 24, 2022
    Date of Patent: January 2, 2024
    Assignees: Kabushiki Kaisha Toshiba, Toshiba Electronic Devices & Storage Corporation
    Inventors: Kazumasa Nomura, Kana Furuhashi
  • Patent number: 11863551
    Abstract: Systems and methods for adaptive token verification are disclosed. For example, a system may include at least one memory storing instructions and one or more processors configured to execute the instructions to perform operations. The operations may include training a verification model to verify tokenized requests based on system identifiers. The operations may include receiving a tokenized request from an external system, the request comprising a system identifier of the external system. The operations may include generating output of the verification model based on the system identifier, and, based on the output, performing one of granting the request or blocking the request.
    Type: Grant
    Filed: December 14, 2022
    Date of Patent: January 2, 2024
    Assignee: Capital One Services, LLC
    Inventors: Allison Fenichel, Brice Elder, Varun Gupta
  • Patent number: 11860797
    Abstract: Restricting peripheral device protocols in confidential compute architectures, the method including: receiving a first address translation request from a peripheral device supporting a first protocol, wherein the first protocol supports cache coherency between the peripheral device and a processor cache; determining that a confidential compute architecture is enabled; and providing, in response to the first address translation request, a response including an indication to the peripheral device to not use the first protocol.
    Type: Grant
    Filed: December 30, 2021
    Date of Patent: January 2, 2024
    Assignees: ADVANCED MICRO DEVICES, INC., ATI TECHNOLOGIES ULC
    Inventors: Philip Ng, Nippon Raval, David A. Kaplan, Donald P. Matthews, Jr.
  • Patent number: 11864090
    Abstract: A communication system, a communication management method, and a non-transitory recording medium. The communication system communicates with an access source terminal connected to a first network, a communication apparatus and one or more access destination terminals each connected to a second network, the one or more access destination terminal being configured to provide a service by remote access, in response to a request from the access source terminal to use the service provided by the one or more access destination terminals, acquires access information including location information indicating location of the access source terminal and time information indicating usage time of the service, and restricts use of the service based on the access information and setting information, the setting information previously setting a range of the access information for permitting the use of the service provided by the one or more access destination terminals by the access source terminal.
    Type: Grant
    Filed: January 25, 2022
    Date of Patent: January 2, 2024
    Assignee: Ricoh Company, Ltd.
    Inventor: Satoru Yamamoto
  • Patent number: 11861027
    Abstract: In one embodiment, data at rest is securely stored. A data safe performing data plane processing operations in response to requests of received read data requests, received write data requests, and received read information responses, with the data safe being immutable to processing-related modifications resulting from said performing data plane processing operations. In one embodiment, performing these data plane processing operations does not expose any pilot keys outside the data safe in clear form nor in encrypted form. The pilot keys are used to encrypt information that is subsequently stored in a storage system. One embodiment uses pilot keys to encrypt data that is subsequently stored in a storage system. One embodiment uses data cryptographic keys to encrypt data, uses the pilot keys to cryptographically-wrap (encrypt) the data cryptographic keys, and stores the cryptographically wrapped data keys and encrypted data in a storage system.
    Type: Grant
    Filed: May 25, 2021
    Date of Patent: January 2, 2024
    Assignee: Q-Net Security, Inc.
    Inventors: Jerome R. Cox, Jr., Ronald S. Indeck
  • Patent number: 11861182
    Abstract: Integrated circuit device having a processor module (2) in communication with a cache memory module (3, 4), and one or more memory control modules (6, 8, 10) each arranged to interface with an associated storage memory unit (5, 7, 9). An authentication module (15) is provided in communication with the memory control modules (6, 8, 10) and the cache memory modules (3, 4). The authentication module (15) is arranged to generate and store a hardware based secure key, read a predetermined set of data from the associated storage memory units (5, 7, 9), and an associated stored hash value, calculate a hash value of the predetermined set of data using the hardware based secure key; and store the predetermined set of data in the cache memory module (3, 4) only if the calculated hash value corresponds to the associated stored hash value.
    Type: Grant
    Filed: April 7, 2020
    Date of Patent: January 2, 2024
    Assignee: Technische Universiteit Delft
    Inventors: Mottaqiallah Taouil, Cezar Rodolfo Wedig Reinbrecht, Fethulah Smailbegovic, Said Hamdioui
  • Patent number: 11852114
    Abstract: A system for discharging or charging a capacitor of a hybrid vehicle according to the present disclosure includes a target state of charge (SOC) module and a capacitor charge/discharge module. The target SOC module determines a target state of charge of the capacitor based on a speed of the vehicle. The capacitor charge/discharge module determines whether a state of charge of a capacitor is greater than a target state of charge. The capacitor charge/discharge module dissipates power from the capacitor to at least one of a battery of the vehicle and an electrical load of the vehicle when the state of charge of the capacitor is greater than the target state of charge.
    Type: Grant
    Filed: December 6, 2021
    Date of Patent: December 26, 2023
    Assignee: Gentherm Incorporated
    Inventors: Michael Peter Ciaccio, Brian Moorhead
  • Patent number: 11853464
    Abstract: A storage device includes a storage and a controller configured to execute control of the storage based on a command from a host device. The controller is configured to generate a verifier of data stored in the storage in response to a first command related to the data from the host device, and transmit the verifier of the data to the host device in response to a second command related to the data from the host device.
    Type: Grant
    Filed: May 29, 2019
    Date of Patent: December 26, 2023
    Assignee: Kioxia Corporation
    Inventors: Naoko Yamada, Teruji Yamakawa
  • Patent number: 11853435
    Abstract: Ingesting large quantities of data in a secure manner can be problematic, particularly processing types of data streams to determine the content of the data stream. As provided herein, a context associated with the data stream can be ascertained by mapping the content of data stream using contextual maps. The content and context can then be further processed in order to generate appropriate responses. In addition, obfuscation can be applied to the content such that the original content is lost while the contextual meaning associated with the content is maintained. In this way, an understanding can persist of the original content without retaining the underlying raw data.
    Type: Grant
    Filed: June 10, 2020
    Date of Patent: December 26, 2023
    Inventor: Ryan Welker
  • Patent number: 11856058
    Abstract: An apparatus with a solid state drive (SSD) having firmware to perform peer to peer transfer of proof of space plots. The SSD has a host interface configured to receive at least read commands and write commands from an external host system. The SSD has memory cells formed on at least one integrated circuit die, and a processing device configured to control executions of the read commands to retrieve data from the memory cells and executions the write commands to store data into the memory cells. The firmware is executable in the SSD according to configuration data to: identify an opportunity for a transfer of a proof of space plot; establish a peer to peer connection to a device that is separate from the solid state drive; and transfer, over the peer to peer connection, the proof of space plot between the solid state drive and the device.
    Type: Grant
    Filed: December 14, 2021
    Date of Patent: December 26, 2023
    Assignee: Micron Technology, Inc.
    Inventors: Luca Bert, Joseph Harold Steinmetz
  • Patent number: 11854658
    Abstract: A method for operating a DRAM device. The method includes receiving in a memory buffer in a first memory module hosted by a computing system, a request for data stored in RAM of the first memory module from a host controller of the computing system. The method includes receiving with the memory buffer, the data associated with a RAM, in response to the request and formatting with the memory buffer, the data into a scrambled data in response to a pseudo-random process. The method includes initiating with the memory buffer, transfer of the scrambled data into an interface device.
    Type: Grant
    Filed: March 16, 2022
    Date of Patent: December 26, 2023
    Assignee: Rambus Inc.
    Inventors: Christopher Haywood, David Wang
  • Patent number: 11847243
    Abstract: According to one embodiment, a memory system includes a nonvolatile memory and a controller. The controller controls the nonvolatile memory, writes data to a random access memory in a host, and reads data from the random access memory. The random access memory includes regions in first units to which the controller is accessible. The controller uses encryption keys associated with the regions, respectively, for encrypting data to be written into each of the regions and decrypting data read from each of the regions.
    Type: Grant
    Filed: July 24, 2020
    Date of Patent: December 19, 2023
    Assignee: Kioxia Corporation
    Inventors: Akihiro Sakata, Tomonori Yokoyama, Yifan Tang
  • Patent number: 11847501
    Abstract: Systems and methods are disclosed for data protection in a cluster of data processing accelerators (DPAs) using a policy that determines a static partition of resources in each DPA in the cluster communicatively coupled to a host device. Each DPA has sensitive (secure) and non-sensitive (non-secure) resources. The host device and a DPA can access all resources of the DPA. Other DPAs can only access non-sensitive resources of a DPA. The partition of resources within a DPA is static and may be implemented in hardware or firmware. Resources include memory, one or more processing modules such as key generators and cryptographic modules, caches, registers, and storage.
    Type: Grant
    Filed: June 12, 2020
    Date of Patent: December 19, 2023
    Assignees: BAIDU USA LLC, KUNLUNXIN TECHNOLOGY (BEIJING) COMPANY LIMITED
    Inventors: Yueqiang Cheng, Hefei Zhu
  • Patent number: 11847069
    Abstract: A secure processing system includes a memory having a secure partition and a non-secure partition, a neural network processing unit (NPU) configured to initiate transactions with the memory, and a memory protection unit (MPU) configured to filter the transactions. Each of the transactions includes at least an address of the memory to be accessed, one of a plurality of first master identifiers (IDs) associated with the NPU, and security information indicating whether the NPU is in a secure state or a non-secure state when the transaction is initiated. The MPU is to selectively deny access to the secure partition of the memory based at least in part on the memory address, the first master ID, and the security information associated with each of the transactions.
    Type: Grant
    Filed: May 27, 2022
    Date of Patent: December 19, 2023
    Assignee: Synaptics Incorporated
    Inventors: Pontus Evert Lidman, Xiao William Cheng, Hongjie Guan, Jingliang Li
  • Patent number: 11849036
    Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.
    Type: Grant
    Filed: June 23, 2022
    Date of Patent: December 19, 2023
    Assignee: Akamai Technologies, Inc.
    Inventors: Eugene (John) Neystadt, Jonathan Herzog, Ittay Dror, Elisha Ben-Zvi
  • Patent number: 11847067
    Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.
    Type: Grant
    Filed: October 19, 2021
    Date of Patent: December 19, 2023
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan
  • Patent number: 11842969
    Abstract: An integrated circuit is disclosed. The integrated circuit comprises: a processing region configured to run one instruction from a plurality of instructions; a first temperature measuring region configured to measure a first temperature within the integrated circuit in response to the processing region running the one instruction; the processing region being configured to compare the measured first temperature with a predefined temperature at the first temperature measuring region when the processing region runs the one instruction and to trigger an event when the measured first temperature exceeds the predefined temperature by a threshold value.
    Type: Grant
    Filed: December 6, 2019
    Date of Patent: December 12, 2023
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventor: Simon Blythe
  • Patent number: 11843696
    Abstract: A system including: a storage; and a processor configured to: receive a data packet; and process the data packet without an instruction input to perform a definite task. The data packet may be encrypted. The processor may be configured to process the data packet based on a decryption mechanism required to decrypt the data packet.
    Type: Grant
    Filed: August 21, 2020
    Date of Patent: December 12, 2023
    Assignee: Kara Partners LLC
    Inventors: Quinn Unger, Giovanni Viscardi
  • Patent number: 11836275
    Abstract: Techniques for continuous authenticity for captured data are provided. Data in form of analog or digital media including videos, images, and audio recordings, and sensed, detected, measured, observed, or otherwise recorded data may be authenticated with source information upon capture. The chain of custody of the authentication may be preserved throughout processing and distribution of the captured data through a distribution network assuring consumers of the data that data or source information for the data is not altered in any way or, if altered, it is done so for the purpose of preserving the authenticity of the data and reversing the process will render an unaltered version of the original data set. In some examples, the authentication and/or capture of data may be triggered by a predefined event to ensure data associated with the event is captured and preserved with authentication.
    Type: Grant
    Filed: May 21, 2019
    Date of Patent: December 5, 2023
    Assignee: PATUNG INVESTMENTS LTD.
    Inventors: Parminder Singh, Randeep Gagan Singh, Amardeep Nanak Singh
  • Patent number: 11838113
    Abstract: Embodiments are generally directed apparatuses, methods, techniques and so forth to receive a sled manifest comprising identifiers for physical resources of a sled, receive results of an authentication and validation operations performed to authenticate and validate the physical resources of the sled, determine whether the results of the authentication and validation operations indicate the physical resources are authenticate or not authenticate. Further and in response to the determination that the results indicate the physical resources are authenticated, permit the physical resources to process a workload, and in response to the determination that the results indicate the physical resources are not authenticated, prevent the physical resources from processing the workload.
    Type: Grant
    Filed: October 17, 2019
    Date of Patent: December 5, 2023
    Assignee: INTEL CORPORATION
    Inventors: Alberto J. Munoz, Murugasamy K. Nachimuthu, Mohan J. Kumar, Wojciech Powiertowski, Sergiu D. Ghetie, Neeraj S. Upasani, Sagar V. Dalvi, Chukwunenye S. Nnebe, Jeanne Guillory
  • Patent number: 11838413
    Abstract: A system for maximizing storage of encrypted content in a storage system includes one or more processors; and a storage medium storing instructions. When executed, the instructions may configure the one or more processors to: receive, from a first client device, a first data structure encrypted commutatively with a first key and a common key, the receiving system lacking access to the common key; receive the first key and a first segment identifier; receive, from a second client device, a second data structure encrypted commutatively with a second key and the common key; receive a second segment identifier; using the first key, partially decrypt the first data structure; storing the partially decrypted first data structure; and selectively storing a copy of the second data structure based on whether content of the first data structure corresponds to content of the second data structure.
    Type: Grant
    Filed: October 22, 2019
    Date of Patent: December 5, 2023
    Assignee: SYNAMEDIA LIMITED
    Inventors: Ian Bastable, Gareth Bowen
  • Patent number: 11829611
    Abstract: An electronic device includes a temporary memory, a non-volatile memory and a processor. The temporary memory includes at least one secure region. The non-volatile memory is configured to store at least one higher-level secure program and a plurality of commands. The processor is connected to the temporary memory and the non-volatile memory for executing the plurality of commands to: when receiving a wake-up command, initialize the at least one secure region; and through the at least one higher-level secure program, recover the at least one secure region, or decrypt encrypted data stored in the non-volatile memory to recover the at least one secure region. In addition, a hibernation recovery method is also disclosed herein.
    Type: Grant
    Filed: October 21, 2021
    Date of Patent: November 28, 2023
    Assignee: REALTEK SEMICONDUCTOR CORPORATION
    Inventors: Yu-Ting Ting, Sheng-Tzu Yang, Chang-Hao Wu, Chen-Wei Yu
  • Patent number: 11824980
    Abstract: This disclosure describes systems, methods, and devices related to security for multi-link operations. A multi-link device (MLD) may establish a first communication link between a first device of the MLD and a first device of a second MLD, and a second communication link between a second device of the MLD and a second device of the second MLD. The MLD may generate a group-addressed message. The MLD may protect the group-addressed message using a first key or a first integrity key. The MLD may protect the group-addressed message using a second key or a second integrity key. The MLD may send, using the first communication link, the group-addressed message protected using the first key or the first integrity key, and may send, using the second communication link, the group-addressed message protected using the second key or the second integrity key.
    Type: Grant
    Filed: August 27, 2020
    Date of Patent: November 21, 2023
    Assignee: Intel Corporation
    Inventors: Po-Kai Huang, Cheng Chen, Ido Ouzieli, Avner Epstein, Danny Alexander, Ofer Schreiber, Arik Klein, Daniel Bravo, Laurent Cariou, Ofer Hareuveni, Ehud Reshef, Nir Balaban
  • Patent number: 11822665
    Abstract: Methods, apparatus, and computer program products for configurable secure boots are disclosed. One method includes determining, by a processor of a computing apparatus, whether a geographical location of the computing apparatus corresponds to a predetermined location, performing a boot process for booting up the computing apparatus in response to the geographical location of the computing apparatus corresponding to the predetermined location, and disabling the boot process from booting up the computing apparatus in response to the geographical location of the computing apparatus failing to correspond to the predetermined location. Computing apparatus and computer program products for performing the method are also disclosed.
    Type: Grant
    Filed: April 22, 2021
    Date of Patent: November 21, 2023
    Assignee: Lenovo Enterprise Solutions (Singapore) Pte. Lte.
    Inventors: CheKim Chhuor, Caihong Zhang
  • Patent number: 11825000
    Abstract: In one example, a system for asymmetric device attestation includes a physically unclonable function (PUF) configured to generate a response to a challenge. A pseudo-random number generator generates a set of random numbers based on the response. A key generator determines co-prime numbers in the set of random numbers and generates a key pair using the co-prime numbers, wherein the public key is released to a manufacturer of the component for attestation of authenticity of the component. Through extending the PUF circuitry with a pseudo-random number generator, the present techniques are able to withstand unskilled and skilled hardware attacks, as the secret derived from the PUF is immune to extraction.
    Type: Grant
    Filed: May 12, 2022
    Date of Patent: November 21, 2023
    Assignee: Intel Corporation
    Inventors: Prashant Dewan, Baiju Patel
  • Patent number: 11824842
    Abstract: A system provides an immutable record of human creative output as one or more secure disclosure threads. The immutable record may be stored on a blockchain. Addresses to the data corresponding to the one or more secure disclosure threads may be encrypted and stored on a blockchain. The immutable record and the addresses to the data may be stored on the same blockchain. The immutable record and the addresses to the data may be stored on different blockchains.
    Type: Grant
    Filed: March 18, 2021
    Date of Patent: November 21, 2023
    Assignee: ABAXX TECHNOLOGIES CORP.
    Inventors: Timothy M. Londergan, Carlos W. Korten, Christopher A. Wiklof
  • Patent number: 11822795
    Abstract: Devices and methods for executing instructions in an automatic and secure manner include a security processor having at least a read-only memory, a random access memory, a computer capable of performing cryptographic functions, a monotonic counter management unit associated with one or more monotonic counters, is such that it does not include any other storage memory, meaning that the security processor does not store any program or external data, a public key allowing at least one initial enrolled administrator to be authenticated is stored before the first use of same in its read-only memory, its random access memory is capable of loading a set of data and instructions that can be authenticated by a public key cryptographic module, the execution by the computer, after the authentication of same, of certain instructions, increments one of the monotonic counters.
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: November 21, 2023
    Assignee: Ledger, SAS
    Inventors: Olivier Tomaz, Nicolas Bacca
  • Patent number: 11816202
    Abstract: The present disclosure includes apparatuses, methods, and systems for run-time code execution validation. An embodiment includes a memory, and circuitry configured to monitor run-time executable code stored in a secure array of the memory device and receive an indication that a portion of the run-time executable code executed, wherein the indication includes a received Message Authentication Code (MAC) and take an action in response to the indication that the portion of the run-time executable code failed to execute.
    Type: Grant
    Filed: February 28, 2022
    Date of Patent: November 14, 2023
    Assignee: Micron Technology, Inc.
    Inventors: Antonino Mondello, Alberto Troia
  • Patent number: 11816041
    Abstract: Various examples are directed to systems and methods for programming memory. A programming appliance may receive a command file comprising a first pre-generated digital signature. The first pre-generated digital signature may be associated with a memory system, with a first command and with a first memory system counter value. The programming appliance may send to a memory system a first command message. The first command system may comprise the first command and the first pre-generated digital signature.
    Type: Grant
    Filed: August 15, 2022
    Date of Patent: November 14, 2023
    Assignee: Micron Technology, Inc.
    Inventor: Olivier Duval
  • Patent number: 11818263
    Abstract: A method including obtaining, by a key management computer, a key rotation period based on at least an adversarial storage limit. The key management computer can then generate a first cryptographic key. The key management computer can then generate a second cryptographic key to replace the first cryptographic key according to the key rotation period.
    Type: Grant
    Filed: October 25, 2019
    Date of Patent: November 14, 2023
    Assignee: Visa International Service Association
    Inventors: Atul Luykx, Wei Dai