By Stored Data Protection Patents (Class 713/193)
  • Patent number: 10659436
    Abstract: A method for data processing comprises: S100. if a to-be-sent email needs to be saved cryptographically or sent cryptographically, automatically converting a main body of the mail into an html file, the html file including an attachment link for linking a mail attachment; S200. compressing a filename of the html file and a filename of the mail attachment into a new html filename and a new mail attachment name using a first open source algorithm based on a first password preset between a sender and a recipient, thereby obtaining a renamed html file and a renamed mail attachment; S300. compressing the renamed html and the renamed mail attachment using a second open source algorithm based on a second password preset between the sender and the recipient, thereby obtaining a compressed file; and S400.
    Type: Grant
    Filed: September 1, 2017
    Date of Patent: May 19, 2020
    Assignee: HUIZHOU UNIVERSITY
    Inventors: Zhaoquan Cai, Song Hu, Hui Hu, Yingxue Cai, Jia Chen
  • Patent number: 10657128
    Abstract: The present disclosure relates to a method for processing queries in a database system having a first database engine and a second database engine. The method includes: storing a first instance of a first table in the first database engine in plaintext; encrypting at least one predefined column of the first table, resulting in a second instance of the first table containing at least part of the data of the first table in encrypted format. The second instance of the first table in the second database engine is stored in the second database engine. It may be determined whether to execute a received query in the first database engine on the first table or in the second database engine on the second instance of the first table, where the determination involves a comparison of the query with encryption information.
    Type: Grant
    Filed: May 13, 2019
    Date of Patent: May 19, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Felix Beier, Nicole Finnie, Namik Hrle, Jens Müller
  • Patent number: 10659433
    Abstract: In accordance with embodiments, there are provided mechanisms and methods for facilitating protection of data in a database environment in an on-demand services environment according to one embodiment. In one embodiment and by way of example, a method includes detecting, by a first computing device in the database environment, sensitive data associated with a user having access to a second computing device, where the sensitive data is capable of being communicated within a geographic residency. The method may further include performing, by the first computing device, secured communication of the sensitive data between at least one of multiple computing devices and multiple application frames within the geographic residency, wherein the first computing device includes a proxy server that is locally situated within the geographic residency.
    Type: Grant
    Filed: November 30, 2016
    Date of Patent: May 19, 2020
    Assignee: salesforce.com, inc.
    Inventor: Nathan E Tableman
  • Patent number: 10650168
    Abstract: A data processing device with a processor, a memory and an access control mechanism, the device having secure and non-secure modes, the memory having secure and non-secure regions, the secure region containing cryptographic data, and the access control mechanism preventing the processor from reading the cryptographic data when the device is operating in the non-secure mode. Also, methods of manufacturing and authenticating such a device, manufacturing an item of electronic equipment that includes such a device, a computer program for storing data on such a device, secure data processing hardware including such a computer program and a method of updating data stored in an item of electronic equipment including such a data processing device.
    Type: Grant
    Filed: October 10, 2016
    Date of Patent: May 12, 2020
    Assignee: Secure Thingz Limited
    Inventor: John David Mersh
  • Patent number: 10652330
    Abstract: A data storage apparatus includes an interface and one or more processors. The interface is configured for communicating with a cloud-based object storage system having a built-in versioning mechanism that assigns version numbers to objects stored therein. The one or more processors are configured to receive data for storage from one or more workloads, to store the data as objects in the cloud-based object storage system, and to update and record reference counts for at least some of the objects, by forcing the built-in versioning mechanism of the cloud-based object storage system to update the version numbers so as to match the reference counts.
    Type: Grant
    Filed: January 15, 2017
    Date of Patent: May 12, 2020
    Assignee: Google LLC
    Inventors: Shahar Frank, Amir Mosek
  • Patent number: 10652298
    Abstract: Apparatuses, methods and storage medium associated with media streaming through section change detection markers are disclosed herein. In an example, an apparatus may include one or more processors, devices, and/or circuitry to identify a plurality of section change transitions of content of the media file. The one or more processors, devices, and/or circuitry may be to select at least some of the identified section change transitions, and generate metadata responsive to the selecting. The one or more processors, devices, and/or circuitry may be to transmit the generated metadata over an electronic network for delivery to a streaming client.
    Type: Grant
    Filed: December 17, 2015
    Date of Patent: May 12, 2020
    Assignee: INTEL CORPORATION
    Inventor: Vishal Thomas
  • Patent number: 10650157
    Abstract: Facilities are provided to secure guest runtime environments (GREs). Security policy specifications may be associated with GREs. A GRE's security policy may be specific to the GRE and may also include security policy inherited from higher levels such as a host operating environment. The security policy of a GRE specifies restrictions and/or permissions for activities that may be performed within the scope of execution of the GRE. A GRE's security policy may limit what the GRE's guest software may do within the GRE. Restrictions/permissions may be applied to objects such as files, configuration data, and the like. Security specifications may be applied to execution initiated within a GRE. A GRE's security specification may restrict/permit executable objects from loading and executing within the GRE. The executability or accessibility of objects may be conditioned on factors such as the health/integrity of the GRE, the host system, requested files, and others.
    Type: Grant
    Filed: April 30, 2017
    Date of Patent: May 12, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Benjamin M. Schultz, Kinshumann, David John Linsley, Charles Glenn Jeffries, Giridhar Viswanathan, Scott Daniel Anderson, Frederick J. Smith, Hari R. Pulapaka, JianMing Zhou, Margarit Simeonov Chenchev, David B. Probert
  • Patent number: 10643946
    Abstract: An embodiment includes a dielectric material; a trench included in the dielectric material, the trench having first and second opposing sidewalls; wherein the trench includes: (a)(i) a first trench portion extending from the first sidewall to the second sidewall, (a)(ii) a second trench portion extending from the first sidewall to the second sidewall, and (a)(iii) a third trench portion extending from the first sidewall to the second sidewall; wherein the second trench portion is between the first trench portion and the third trench portion; wherein the first trench portion is substantially filled with a first material, the second trench portion is substantially filled with a second material, and the third trench portion is substantially filled with a third material; wherein (b)(i) the first material includes nitrogen, and (b)(ii) the first material includes more nitrogen than the third material. Other embodiments are described herein.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: May 5, 2020
    Assignee: Intel Corporation
    Inventors: Sudipto Naskar, Manish Chandhok, Kevin L. Lin, Ryan Pearce
  • Patent number: 10637837
    Abstract: A method according to an example of the present disclosure includes, obtaining an encrypted version of a shared reference file that is shared by a group of one or more confidants, receiving a request from a particular confidant in the group to encrypt a data segment for the group, and selecting a portion of the encrypted version of the shared reference file as an encryption key for the request. The selecting is performed based on a date and time of the request. The encryption key is used to encrypt the data segment. A computing device and computer program product are also disclosed.
    Type: Grant
    Filed: November 27, 2019
    Date of Patent: April 28, 2020
    Assignee: MARPEX, INC.
    Inventor: Douglas Bradley Lowry
  • Patent number: 10628271
    Abstract: A method for information processing is provided, which includes the follows. Whether a target OAT file corresponding to a target DEX file that an application relies on is missing is detected, in response to a start control instruction for the application detected. Existence of a backup target OAT file is detected when the target OAT file is missing. A hard-link file configured to back up the target OAT file is determined, and the target OAT file is read from the hard-link file, when the backup target OAT file exists. Validity of the target OAT file is verified. The target OAT file is loaded when the target OAT file is valid.
    Type: Grant
    Filed: June 7, 2019
    Date of Patent: April 21, 2020
    Assignee: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP., LTD.
    Inventor: Hui Li
  • Patent number: 10628333
    Abstract: In an information processing apparatus having a hardware security module (HSM), an HSM function that makes it possible to encrypt and decrypt data using the encryption key of the HSM is able to be set to be enabled under the condition that the encryption key of the HSM is able to be backed up.
    Type: Grant
    Filed: July 26, 2017
    Date of Patent: April 21, 2020
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Naoya Kakutani
  • Patent number: 10629548
    Abstract: Provided are a device and method for generating an identification key using process variation during a bipolar junction transistor (BJT) process. A BJT may be produced by designing such that the effective base width of the BJT is at least a first threshold value but not more than a second threshold value, or, such that the total of the width of a second depletion region formed by connection with a collector region and the width of a first depletion region formed by connection with an emitter region, within a base region, differs from the width of the base region by a value that is at least the first threshold value but not more than the second threshold value. Whether or not there is a short circuit between the emitter region and the collector region is stochastically generated, and if ordinary turn-on voltage is not applied, whether or not there is a short circuit is identified.
    Type: Grant
    Filed: February 7, 2019
    Date of Patent: April 21, 2020
    Assignee: ICTK Holdings Co., Ltd.
    Inventors: Byong Deok Choi, Dong Kyue Kim
  • Patent number: 10620875
    Abstract: Methods, systems, and computer readable media for execution by a cloud storage system are provided. One example method is for storage processing on a cloud system. The method includes executing a storage application on a compute node of the cloud system, and the storage application is configured to process write commands and read commands to and from storage of the cloud system. The write commands and the read commands are from an application. The method includes processing, by the storage application, a write command from the application. The processing includes writing data blocks to memory cache provided by the compute node for the storage application; writing data blocks written to memory cache to a write cache of a block storage that is part of the storage of the cloud system; and writing select data blocks written to memory cache to a read cache of block storage that is part of storage of the cloud system.
    Type: Grant
    Filed: August 18, 2017
    Date of Patent: April 14, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Suresh Vasudevan
  • Patent number: 10623175
    Abstract: A processor includes a decode unit to decode an SM3 two round state word update instruction. The instruction is to indicate one or more source packed data operands. The source packed data operand(s) are to have eight 32-bit state words Aj, Bj, Cj, Dj, Ej, Fj, Gj, and Hj that are to correspond to a round (j) of an SM3 hash algorithm. The source packed data operand(s) are also to have a set of messages sufficient to evaluate two rounds of the SM3 hash algorithm. An execution unit coupled with the decode unit is operable, in response to the instruction, to store one or more result packed data operands, in one or more destination storage locations. The result packed data operand(s) are to have at least four two-round updated 32-bit state words Aj+2, Bj+2, Ej+2, and Fj+2, which are to correspond to a round (j+2) of the SM3 hash algorithm.
    Type: Grant
    Filed: May 7, 2018
    Date of Patent: April 14, 2020
    Assignee: Intel Corporation
    Inventors: Shay Gueron, Vlad Krasnov
  • Patent number: 10615959
    Abstract: A control circuit causes a first cryptographic module to perform a dummy operation in a command processing period and a data processing period in which a second cryptographic module performs a normal operation while the first cryptographic module does not perform a normal operation.
    Type: Grant
    Filed: July 19, 2016
    Date of Patent: April 7, 2020
    Assignee: MEGACHIPS CORPORATION
    Inventors: Takahiko Sugahara, Hiromu Yutani
  • Patent number: 10615983
    Abstract: A printing apparatus includes: a printing apparatus storage unit that stores firmware to which a public key is added, the public key being information related to a public key encryption method; a printing apparatus network-communication unit that receives signature information obtained by encrypting a hash value of overwriting firmware with a private key corresponding to the public key, from the management server, and that receives the overwriting firmware from the file providing server; and a printing apparatus control unit that determines validity of the overwriting firmware by comparing a hash value generated by decrypting the signature information which is received from the management server with the public key stored in the printing apparatus storage unit, and a hash value of the overwriting firmware which is received from the file providing server.
    Type: Grant
    Filed: September 27, 2017
    Date of Patent: April 7, 2020
    Assignee: SEIKO EPSON CORPORATION
    Inventor: Akio Takamoto
  • Patent number: 10606700
    Abstract: A method includes dispersed storage error encoding, by a computing device, a data segment of a data file to produce a set of encoded data slices. The method further includes determining, by the computing device, a storage & error encoding scheme for storing the set of encoded data slices. The method further includes sending, by the computing device, the set of encoded data slices to the set of storage units. The method further includes receiving, by a first storage unit, one or more encoded data slices. The method further includes processing, by the first storage unit, the one or more encoded data slices in accordance with a first version of the storage & erroring encoding scheme to produce a first set of encoded data sub-slices. The method further includes storing, by the first storage unit, the first set of encoded data sub-slices in a set of memory devices.
    Type: Grant
    Filed: November 6, 2017
    Date of Patent: March 31, 2020
    Assignee: PURE STORAGE, INC.
    Inventors: Ahmad Alnafoosi, Jason K. Resch
  • Patent number: 10606770
    Abstract: A microcontroller system including a main core and a secondary core and a communication bus for transmitting data and a data memory for storing data, wherein the data memory has a memory area for which the secondary core at least does not have any write rights, and wherein the microcontroller system includes a memory access module and a configuration memory area, wherein a configuration for authorizing writing of data provided by the secondary core to the memory area of the data memory is provided in the configuration memory area, wherein the data are written to the memory area of the data memory by the memory access module. The invention furthermore describes a corresponding method.
    Type: Grant
    Filed: December 12, 2016
    Date of Patent: March 31, 2020
    Assignee: Continental Teves AG & Co. oHG
    Inventor: Flaviu Constantin Nistor
  • Patent number: 10609041
    Abstract: An example method of enforcing granular access policy for embedded artifacts comprises: detecting an association of an embedded artifact with a resource container; associating the embedded artifact with at least a subset of an access control policy associated with the resource container; and responsive to receiving an access request to access the embedded artifact, applying the access control policy associated with the resource container for determining whether the access request is grantable.
    Type: Grant
    Filed: July 24, 2019
    Date of Patent: March 31, 2020
    Assignee: Palantir Technologies Inc.
    Inventors: Peter Wilczynski, Arseny Bogomolov, Alexander Mark, Teofana Hadzhiganeva, Kevin Ng, Nathaniel Klein, Sharon Hao
  • Patent number: 10606690
    Abstract: An apparatus is described. The apparatus includes a memory controller to receive data from a memory device. The memory controller includes error checking logic circuitry. The error checking logic circuitry is to receive an error checking code from the memory device. The error checking code is generated within the memory device from the data. The error checking logic circuitry includes circuitry to generate a second version of the error checking code from the data that was received from the memory device and compare the received error checking code with the second version of the error checking code to understand if the data that was received from the memory controller is corrupted.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: March 31, 2020
    Assignee: Intel Corporation
    Inventor: Kjersten E. Criss
  • Patent number: 10592357
    Abstract: Systems and methods are provided herein for automatically configuring newly installed secondary storage computing devices and managing secondary storage computing devices when one or more become unavailable. For example, a storage manager can then detect the computing resources available to the newly installed secondary storage computing device, assign a role to the newly installed secondary storage computing device based on the detected computing resources, configure the newly installed secondary storage computing device with deduplication and storage policies used by the other secondary storage computing devices, re-partition secondary storage devices to allocate memory for the newly installed secondary storage computing device, and instruct other secondary storage computing devices to replicate their managed data such that the newly installed secondary storage computing device has access to the replicated data.
    Type: Grant
    Filed: October 20, 2016
    Date of Patent: March 17, 2020
    Assignee: Commvault Systems, Inc.
    Inventors: Manoj Kumar Vijayan, Jaidev Oppath Kochunni, Deepak Raghunath Attarde, Ramachandra Reddy Ankireddypalle
  • Patent number: 10592682
    Abstract: An encrypted data receiving unit (201) receives encrypted data which has been encrypted, in which a decryption condition to define a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data is embedded. A data storage unit (202) stores the encrypted data received by the encrypted data receiving unit (201) in an encrypted state. A revocation processing unit (209) adds revocation information in which a user attribute of a revoked user who is no longer the decryption-permission user is indicated, to an embedded decryption condition that is embedded in the encrypted data, while the encrypted data remains in an encrypted state.
    Type: Grant
    Filed: February 20, 2015
    Date of Patent: March 17, 2020
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Takumi Mori, Yutaka Kawai, Nori Matsuda
  • Patent number: 10592691
    Abstract: Method includes determining that a personal communication device is within a designated range of a medical system. The personal communication device is configured to transmit and receive data through a telecommunication network. The method also includes receiving an identifying signal from the personal communication device while within the designated range of the medical system for identifying a user associated with the personal communication device. The method also includes determining that the user associated with the personal communication device is permitted to use the medical system. The method also includes opening a session for the user to use the medical system. The method also includes establishing a dedicated link between the personal communication device and the medical system such that other users are unable to use the medical system during the session. The method also includes closing the session, thereby permitting the other users to use the medical system.
    Type: Grant
    Filed: June 30, 2017
    Date of Patent: March 17, 2020
    Assignee: General Electric Company
    Inventors: Thomas Holl, Roland Rott
  • Patent number: 10594490
    Abstract: During an encryption process, a database system may generate an index value based on the plaintext to be encrypted, an encryption key, a data field-specific salt, or a combination thereof. The database may store the index value in an index associated with the ciphertext output of the encryption process. In some cases, the database may receive a query specifying a plaintext value for filtering on a data field, where the database may return data objects with the specified plaintext value in the given data field. The database may compute a set of index values associated with the specified plaintext, and may identify indexes with index values included in the set of index values and associated with the given data field. The database may decrypt the ciphertexts associated with the identified indexes to check if they match the specified plaintext.
    Type: Grant
    Filed: April 24, 2017
    Date of Patent: March 17, 2020
    Assignee: salesforce.com, inc.
    Inventor: Alexandre Hersans
  • Patent number: 10587590
    Abstract: A method includes adding a key version tag to an encryption key store that stores encryption keys. The key version tag is inserted into a data stream. The data stream including the key version tag is written to media. The data in the data stream is erased by scrambling the encryption keys and incrementing the key version tag in the encryption store by a digit. The data stream is replaced with a replacement data pattern when the key version tag stored in the encryption store and the key version tag located in the data stream mismatch.
    Type: Grant
    Filed: June 12, 2017
    Date of Patent: March 10, 2020
    Assignee: SEAGATE TECHNOLOGY LLC
    Inventors: Jon D. Trantham, Mark A. Gaertner, Monty Aaron Forehand, Paul Michael Wiggins
  • Patent number: 10579642
    Abstract: Techniques for assisting owners to remotely administer their digital content items stored at non-owners' personal computing devices. The techniques involve identifying owned content items from among content items stored in a synchronization replica that is synchronized with synchronization replicas at the non-owners' personal computing devices. The techniques further involve allowing owners to remotely perform certain administrative actions on owned content items. For example, in response to a command initiated at an owner's personal computing device, a network signal or signals can be sent to a synchronization agent installed on the non-owners' personal computing devices to automatically remove all owned content items from the synchronization replicas at the non-owners' personal computing devices.
    Type: Grant
    Filed: May 14, 2018
    Date of Patent: March 3, 2020
    Assignee: Dropbox, Inc.
    Inventor: Chris Barton
  • Patent number: 10580225
    Abstract: Systems and methods are provided for monitoring time-series data relative to a temporal logic specification regarding expected behavior of a system, such as a vehicle. The time-series data and a threshold value(s) specified in the temporal logic specification may be encrypted and analyzed without decrypting the time-series data to maintain the privacy of a user(s) of the vehicle. Encryption of the time-series data and the threshold value(s) may be accomplished using an order preserving encryption scheme. Analysis of the time-series data may be accomplished utilizing a batch processing-type architecture or a continuous processing-type architecture. When utilizing the continuous processing-type architecture, historical time-series data may be stored and utilized to determine whether currently-monitored time-series data satisfies the temporal logic specification.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: March 3, 2020
    Assignee: TOYOTA MOTOR ENGINEERING & MANUFACTURING NORTH AMERICA, INC.
    Inventors: Jyotirmoy V. Deshmukh, James P. Kapinski, Xiaoqing Jin, Luan V. Nguyen
  • Patent number: 10581991
    Abstract: An online system receives tracking requests from client devices interacting with a website. The online system analyzes user interactions with websites using the tracking requests. The online system predicts an accurate label for the web page that caused the tracking request to be generated. The online system uses the accurate label for generating reports describing user interactions with the website. The online system predicts the label of a web page received by the client device based on metadata extracted from markup language documents by the client device and provided to the online system via tracking requests. Examples of metadata extracted from markup language documents include labels and description of widgets in the web page that triggered the tracking request from the client device. The online system generates reports describing the quality of the tracking requests.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: March 3, 2020
    Assignee: Facebook, Inc.
    Inventors: Tobias Henry Wooldridge, Christine Jinha Hwang, Aleksey Sergeyevich Fadeev, Michael Scott Sulak, Amlesh Jayakumar
  • Patent number: 10579488
    Abstract: One or more embodiments provide techniques for migrating virtual machines (VMs) from a private data center to a cloud data center. A hybrid cloud manager determines a scope of migration from the private data center to the cloud data center. The hybrid cloud manager groups each VM included in the scope of migration into one or more clusters. The hybrid cloud manager defines one or more migration phases. Each migration phase comprises a subset of the one or more clusters. The hybrid cloud manager generates a migration schedule based on at least the one or more migration phases. The hybrid cloud manager migrates the VMs from the private data center to the cloud data center in accordance with the migration schedule.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: March 3, 2020
    Assignee: VMare, Inc.
    Inventors: Narendra Kumar Basur Shankarappa, Serge Maskalik, Uday Masurekar, Anand Pritam, Aravind Srinivasan, Bob Sheehan, Abhijeet Deshpande, Sachin Thakkar, Hemanth Kumar Pannem
  • Patent number: 10579823
    Abstract: Systems and methods for generating a data map for retrieval of a data object. An example method includes: receiving an indication to generate a data entry for the data map, the data entry corresponding to a field identifier and a field value related to the field identifier; obfuscating the field identifier to generate a record locator associated with the data entry based, at least in part, on one or more variable storage parameters; and encrypting the field identifier and field value and storing the data entry in the data map as an encrypted field identifier and field value in association with the record locator.
    Type: Grant
    Filed: May 21, 2018
    Date of Patent: March 3, 2020
    Assignee: Ubiq Security, Inc.
    Inventors: Linda Eigner, William Eigner, Anthony Iasi, Charles Kahle, Gary Schneir, Eric Tobias
  • Patent number: 10572394
    Abstract: A configuration capable of performing reliable source analysis of illegal copy content using content in which a reproduction path is settable is implemented. Content in which an individual segment region including a plurality of pieces of variation data which include different identification information embedded therein and are decryptable using different keys and a common segment region including single data are provided, and variation data is configured with an aligned unit is set. A content reproducing device calculates a reproduction path by applying a device key and selects and reproduces an aligned unit corresponding to the reproduction path on the basis of a variation data identifier recorded in an adaptation field in a plain text region at the head of a plurality of aligned units constituting the variation data.
    Type: Grant
    Filed: November 13, 2015
    Date of Patent: February 25, 2020
    Assignee: SONY CORPORATION
    Inventors: Kenjiro Ueda, Ryohei Takahashi
  • Patent number: 10567452
    Abstract: A method for receiving a media data is provided. The method includes receiving, by a client from a server, a media presentation description (MPD) including segment information; and receiving media data based on the MPD, wherein the media data comprises a segment, wherein the segment includes a fragment, and wherein the fragment includes a subfregment, wherein the segment information indicates a location of the media data, and wherein the segment information comprises segment index information indicating a corresponding byte range related one fragment, and fragment index information for accessing different levels of a plurality of subfragments.
    Type: Grant
    Filed: September 20, 2018
    Date of Patent: February 18, 2020
    Assignees: Samsung Electronics Co., Ltd, University-Industry Cooperation Group of Kyung Hee University
    Inventors: Kyung-Mo Park, Doug-Young Suh, Yong-Hun Lee, Jae-Yeon Song
  • Patent number: 10565382
    Abstract: Methods and apparatus are disclosed for securing executable code for execution with a processor using a trusted platform module (TPM). In one example of the disclosed technology, a method of decrypting executable code for execution includes measuring values stored in a CPU boot ROM and measuring second values for executable code stored in non-volatile memory, storing the resulting measurement value in a TPM platform configuration register. The PCR value is used to unseal a key stored in non-volatile memory of the TPM, which key is used to decrypt executable code for execution. Security can be further enhanced by destroying the values stored in the PCR by performing additional measurement operations with the TPM PCR used to generate the measurement value.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: February 18, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Ron Diamant, Alex Levin, Ihab Bishara
  • Patent number: 10565614
    Abstract: A method is provided for dynamically adding customized advertisements with media content on digital media storage devices. A user may provide identification data to an automated machine or salesperson selling the media content at a retail location. Based upon the identification of the user, advertisements may be selected to be added to the media content. The selection of advertisements may be based upon previous transaction data, the genre of the media content, or characteristics identified for the user. Users may also select to change the quantity of advertisements to view based upon fees paid by the user for the media content. The user may pay additional fees to view less advertisements and the user may pay fewer fees and have more advertisements included with the media content.
    Type: Grant
    Filed: November 24, 2010
    Date of Patent: February 18, 2020
    Assignee: NCR Corporation
    Inventors: Andrew Kilgore, Euan Pattullo, Craig Mellor, Philip Duncan
  • Patent number: 10558550
    Abstract: A method for analyzing a partial software program includes receiving a first software program. The first software program is designed to execute using a second software program. A first symbolic value indicates a characteristic of the second software program. The first software program is analyzed using a static program analysis, where the static program analysis generates a second symbolic value based on the first symbolic value. The second symbolic value indicates a characteristic of the first software program. The first software program is analyzed independent of an availability of the second software program. In response to determining that the second symbolic value is associated with a predetermined characteristic and that the first software program would perform an action associated with the second symbolic value if the first software program was executed using the second software program, a warning signal is generated.
    Type: Grant
    Filed: November 10, 2017
    Date of Patent: February 11, 2020
    Assignee: BlackBerry Limited
    Inventors: Andrew James Malton, Andrew Walenstein
  • Patent number: 10558582
    Abstract: Technologies for execute only transactional memory include a computing device with a processor and a memory. The processor includes an instruction translation lookaside buffer (iTLB) and a data translation lookaside buffer (dTLB). In response to a page miss, the processor determines whether a page physical address is within an execute only transactional (XOT) range of the memory. If within the XOT range, the processor may populate the iTLB with the page physical address and prevent the dTLB from being populated with the page physical address. In response to an asynchronous change of control flow such as an interrupt, the processor determines whether a last iTLB translation is within the XOT range. If within the XOT range, the processor clears or otherwise secures the processor register state. The processor ensures that an XOT range starts execution at an authorized entry point. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: February 11, 2020
    Assignee: Intel Corporation
    Inventors: David M. Durham, Michael Lemay, Men Long
  • Patent number: 10558486
    Abstract: A data processing apparatus (2) includes memory management circuitry (18) for managing a two-stage address translation from a virtual address VA to an intermediate physical address IPA and then from the intermediate physical address IPA to a physical address PA. The first stage of the translation is performed using first stage translation data (22) controlled by a virtual machine program executing within a virtual machine execution environment provided by a hypervisor program which manages second stage translation data (24) for performing a second stage translation. If a region of memory is designated as a virtual machine private region accessible to a given virtual machine, but inaccessible to the hypervisor program, and also as a device region, then the memory management circuitry (18) performs private-device region management in respect of that region (i.e. the intermediate physical address may not be altered by the second stage translation).
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: February 11, 2020
    Assignee: ARM Limited
    Inventor: Jason Parker
  • Patent number: 10552620
    Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: February 4, 2020
    Assignee: Intel Corporation
    Inventors: Soham Jayesh Desai, Siddhartha Chhabra, Bin Xing, Pradeep M. Pappachan, Reshma Lal
  • Patent number: 10554398
    Abstract: Some embodiments are directed to an electronic cryptographic device configured to determine a cryptographic key. The cryptographic device has a physically unclonable function, a debiasing unit, and a key reconstruction unit. The PUF is configured to produce a first noisy bit string during an enrollment phase and a second noisy bit string during a reconstruction phase. The debiasing unit (120) is configured to determine debiasing data from the first noisy bit string during the enrollment phase. The debiasing data marks bits in the first noisy bit string as retained or discarded. The key reconstruction unit is configured to determine the cryptographic key from bits in the second noisy bit string marked as retained by the debiasing data, the cryptographic key being independent from bits in the second noisy bit string marked as discarded by the debiasing data.
    Type: Grant
    Filed: December 3, 2015
    Date of Patent: February 4, 2020
    Assignee: INTRINSIC ID B.V.
    Inventors: Vincent Van Der Leest, Roel Maes, Erik Van Der Sluis, Franciscus Maria Joannes Willems
  • Patent number: 10552635
    Abstract: An encoding program causes a computer to execute a process of inputting thereto a CSV file having a plurality of records each including a plurality of item which are separated by a delimiter. The encoding program causes the computer to execute a process of generating an encoded file having encoded data and an encoded dictionary each in which a specific item included in the records of the input CSV file is encoded by word or numerical value. The encoding program causes the computer to execute a process of generating an encrypted file including an encrypted dictionary in which the encoded dictionary is encrypted, from the generated encoded file.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: February 4, 2020
    Assignee: FUJITSU LIMITED
    Inventors: Junki Hakamata, Yukari Hakamata, Masahiro Kataoka
  • Patent number: 10546032
    Abstract: Methods, systems and computer program products for association rule mining of an encrypted database are provided herein. A computer-implemented method includes receiving, at a first cloud computing environment, encrypted transaction data that are encrypted using an encryption scheme which provides additive homomorphism, wherein the transaction data comprise a plurality of combinations of two or more elements of a set of elements, receiving, at the first cloud computing environment, encrypted query data that are encrypted using the encryption scheme, wherein the query data comprise at least one of an element and a combination of two or more elements of the set of elements which are the subject of a query seeking a determination of whether at least one of the element and the combination of two or more elements is frequent, and computing addition of the encrypted query data with the encrypted transaction data.
    Type: Grant
    Filed: November 21, 2017
    Date of Patent: January 28, 2020
    Assignee: International Business Machines Corporation
    Inventors: Manish Kesarwani, Krishnasuri Narayanam, Sameep Mehta
  • Patent number: 10547592
    Abstract: The present disclosure discloses a method comprising: dividing, by a computing device at a first party among a plurality of parties, local data into a plurality of data segments; recursively encrypting, by the computing device, each data segment using a plurality of public keys corresponding to the plurality of parties and a mediator; sharing, by the computing device, the local data comprising the encrypted plurality of data segments with the mediator; anonymizing, by the computing device, aggregated local data received from the mediator; and communicating, by the computing device from the mediator, a global sum that preserves privacy of the plurality of parties in a multi-party environment, wherein the global sum is computed by the mediator based on the collection of data segments that are decrypted recursively using the private key corresponding to each party and the private key corresponding to the mediator.
    Type: Grant
    Filed: January 19, 2017
    Date of Patent: January 28, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Gowtham Bellala, Shagufta Mehnaz
  • Patent number: 10546141
    Abstract: Various aspects of this disclosure provide a method of encrypting data in a network system. The method may include generating within a trusted network of the network system an associated private key based on an attribute associated with an user, a homomorphically encrypted associated private key based on the associated private key via homomorphic encryption, and a homomorphic key pair. The method may also include transmitting the homomorphically encrypted associated private key from the trusted network to a non-trusted network of the network system. The method may further include generating within the trusted network encrypted data based on said data, and a homomorphically and attribute based encrypted control key. The method may further include transmitting the encrypted data, and the homomorphically and attribute based encrypted control key, from the trusted network to the non-trusted network.
    Type: Grant
    Filed: May 6, 2016
    Date of Patent: January 28, 2020
    Assignee: AGENCY FOR SCIENCE, TECHNOLOGY AND RESEARCH
    Inventors: Rodel Miguel, Khin Mi Mi Aung, Sivaraman Sundaram, Shuqin Ren
  • Patent number: 10540356
    Abstract: The present disclosure relates to a method for processing queries in a database system having a first database engine and a second database engine. The method includes: storing a first instance of a first table in the first database engine in plaintext; encrypting at least one predefined column of the first table, resulting in a second instance of the first table containing at least part of the data of the first table in encrypted format. The second instance of the first table in the second database engine is stored in the second database engine. It may be determined whether to execute a received query in the first database engine on the first table or in the second database engine on the second instance of the first table, where the determination involves a comparison of the query with encryption information.
    Type: Grant
    Filed: October 25, 2017
    Date of Patent: January 21, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Felix Beier, Nicole Finnie, Namik Hrle, Jens Mueller
  • Patent number: 10542089
    Abstract: In one embodiment a plurality of open channel solid state drives (SSDs) are implemented over a network comprised of a network switch having a plurality of nodes, a remote host connected to a first node of the network switch, a metadata server connected to a second node of the network switch, and an abstracted memory structure comprised of at least part of one of the plurality of open channel SSDs. In one embodiment, the remote host is configured to communicate with the metadata server by issuing a command identifying data related to the abstracted memory structure. In another embodiment, the metadata server is configured to communicate with the remote host by responding to the command and identifying a physical address corresponding to the identified data.
    Type: Grant
    Filed: March 10, 2017
    Date of Patent: January 21, 2020
    Assignee: Toshiba Memory Corporation
    Inventor: Yaron Klein
  • Patent number: 10542426
    Abstract: A system and method for transmitting a secure message is disclosed. According to one embodiment, a method includes providing a request for one or more attributes associated with a phone number for a recipient mobile device, generating a key based on the one or more attributes, receiving an encrypted message for a recipient mobile device, where the encrypted message is encrypted based on the key, requesting the one or more attributes from the recipient mobile device, receiving the one or more attributes from the recipient mobile device, regenerating the key based on the one or more attributes received from the recipient mobile device, decrypting the encrypted message based on the regenerated key, and delivering the decrypted message to the recipient mobile device.
    Type: Grant
    Filed: November 21, 2014
    Date of Patent: January 21, 2020
    Inventors: Rajesh Puri, David Grootwassink, Michael P. Hammer
  • Patent number: 10536263
    Abstract: An encrypted table value homomorphically joining method and apparatus comprising receiving a query input. Based on the query input, the method may include determining at least one field on which to join the plurality of tables, and determining that the at least one field contains deterministically homomorphically encrypted data. The method may include determining a homomorphic join strategy directly comparing values in two homomorphically encrypted fields, performing a homomorphic join on the fields in the plurality of tables, and providing resultant homomorphically joined tables.
    Type: Grant
    Filed: October 9, 2018
    Date of Patent: January 14, 2020
    Assignee: Visa International Service Association
    Inventors: Paul Payton, Scott Edington, Johan Van Tilburg
  • Patent number: 10528510
    Abstract: A modular assembly of a module for a Logic Controller, including a container and a cartridge. The cartridge has a first electrical interface part and an electronic circuit arranged to provide a predetermined electronic function. The container has a housing, a backplane connector, a terminal connector and a receptacle extending inside the housing and adapted to receive the cartridge. The receptacle includes a second electrical interface part adapted to connect with the first electrical interface part. The cartridge and the receptacle are arranged to electrically connect the first and second electrical interface parts to establish an electrical interface when the cartridge is removably inserted in the receptacle of the container. The housing of the container defines the mechanical form factor of the module, while the cartridge determines the electronic functionality of the module. Accordingly, multiple containers having different form factors may accommodate the same cartridge.
    Type: Grant
    Filed: February 15, 2017
    Date of Patent: January 7, 2020
    Assignee: Schneider Electric Industries SAS
    Inventor: Pascal Hampikian
  • Patent number: 10528487
    Abstract: Technology for decrypting and using a security module in a processor cache in a secure mode such that dynamic address translation prevents access to portions of the volatile memory outside of a secret store in a volatile memory.
    Type: Grant
    Filed: November 8, 2017
    Date of Patent: January 7, 2020
    Assignee: International Business Machines Corporation
    Inventors: Angel Nunez Mencias, Jakob C. Lang, Martin Recktenwald, Ulrich Mayer
  • Patent number: 10521841
    Abstract: A computer implemented method and apparatus for integrating e-commerce providers with third-party vendors. The method comprises receiving an order from one vendor of a plurality of vendors, wherein the order comprises a vendor identification, a fulfillment identification, and a vendor stock keeping unit (SKU), and wherein a plurality of the vendors each has a unique communication protocol; mapping the fulfillment identification to a user identification (userID) known to a provider; mapping the vendor SKU to a provider SKU; generating a provisioning call responsive to the mapping; and provisioning the SKU for the userID in a database of the provider in response to the provisioning call.
    Type: Grant
    Filed: April 22, 2013
    Date of Patent: December 31, 2019
    Assignee: Adobe Inc.
    Inventors: Sanjeev Kumar Biswas, Daniel Carl Brotsky, Shyama Prasad Padhi