By Stored Data Protection Patents (Class 713/193)
  • Patent number: 11936784
    Abstract: Techniques are disclosed for enabling attested end-to-end encryption for transporting data between devices. In one example, a destination device receives a policy profile that includes an origination key and a destination key, and the origination key corresponds to a public transfer key of a source device. The destination device verifies the policy profile based on the destination key corresponding to a public transfer key of the source device. The destination device receives a signed encrypted data encryption key from the source device. The destination device receives encrypted data from the source device. The destination device verifies the signed encrypted data encryption key originated from the source device based on the signed encrypted data key being signed with a private attestation identity key that corresponds to a public attestation identity key of the source device. The destination device decrypts encrypted data using a private transfer key of the destination device.
    Type: Grant
    Filed: July 15, 2022
    Date of Patent: March 19, 2024
    Assignee: Oracle International Corporation
    Inventors: Brian Spencer Payne, Saikat Chakrabarti, Pratibha Anjali Dohare, Rehan Loring Iftikhar
  • Patent number: 11934524
    Abstract: Herein disclosed are approaches for protecting sensitive information within a fingerprint authentication system that can be snooped and utilized to access the device, secured information, or a secured application. The approaches can utilize encryption keys and hash functions that are unique to the device in which the fingerprint authentication is being performed to protect the sensitive information that can be snooped.
    Type: Grant
    Filed: June 19, 2020
    Date of Patent: March 19, 2024
    Assignee: Analog Devices, Inc.
    Inventors: Patrick Riehl, Tze Lei Poo
  • Patent number: 11934507
    Abstract: A method for project-oriented authentication of a device in a control system for a technical installation as part of an engineering project, wherein the control system includes at least one local registration service, at least one software inventory and a certification center, where information by the at least one local registration service with respect to what communication protocols and/or applications are supported by the device and/or are active is ascertained during authentication of the device within the control system, a project-oriented device certificate is requested from the first hierarchy of the certification center by the local registration service, and the project-oriented device certificate is deposited in an inventory element, associated with the engineering project, of the software inventory of the control system, the device certificates being issuable by the first hierarchy of the certification center have a unique project identifier.
    Type: Grant
    Filed: March 7, 2019
    Date of Patent: March 19, 2024
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Benjamin Lutz, Anna Palmin
  • Patent number: 11934362
    Abstract: Embodiments for enabling granular migration of data with high efficiency. A defined metadata element, a tag, is assigned to each file, and then tag filtering is used to direct the data to the proper location. Files with different tags can be selected for transfer, and such a group of tags is referred to as a tag set. Embodiments can be used with a defined backup system file migration process, such as present in the Data Domain File System. By using snapshots, incoming new data (ingested file) is allowed to continue while the migration is in process and maintaining data consistency at the same time. This is achieved by performing operations on B+ Tree snapshots in conjunction with tag filtering on keys present in the leaf pages of these structures. This method is efficient became it makes a single pass walk of a B+ Tree in contrast with previous methods that look up files one-by-one via their pathname.
    Type: Grant
    Filed: July 22, 2021
    Date of Patent: March 19, 2024
    Assignee: EMC IP Holding Company LLC
    Inventors: Charles J. Hickey, Murthy V. Mamidi, Neerajkumar Chourasia
  • Patent number: 11934539
    Abstract: A method for storing application program information including segmenting the application program information into program sub-information, with an information segmentation algorithm of the application program information having undergone algorithm obfuscation processing; and storing the program sub-information. The present disclosure significantly reduces the possibility of application program information being acquired by hackers and the like, and improves the security of application program information and electronic devices.
    Type: Grant
    Filed: September 28, 2020
    Date of Patent: March 19, 2024
    Assignee: Alibaba Group Holding Limited
    Inventors: Caidi Wu, Dafu Lyu
  • Patent number: 11936533
    Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.
    Type: Grant
    Filed: March 24, 2023
    Date of Patent: March 19, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: David McGrew, Martin Rehak, Blake Harrell Anderson, Sunil Amin
  • Patent number: 11927629
    Abstract: Techniques for debugging a circuit including a global counter configured to continuously increment, a comparator configured to transmit a clock stop signal based on a comparison of a comparator value and a counter value of the global counter, and clock stop circuitry configured to receive the clock stop signal and stop a clock signal to one or more portions of the electronic device.
    Type: Grant
    Filed: September 27, 2021
    Date of Patent: March 12, 2024
    Assignee: Texas Instruments Incorporated
    Inventors: Pandy Kalimuthu, Anthony Joseph Lell
  • Patent number: 11928163
    Abstract: A technique is provided for creating digital memories for a particular person. A data store stores personal data derived from signals gathered from a plurality of sensors that monitor the particular person. Memories creation processing circuitry, responsive to detection of a given event associated with the particular person, performs an augmentation process to generate an augmented given event identifying multiple items of data associated with the given event, including personal data associated with the given event obtained from the data store. The memories creation processing circuitry analyses the multiple items of data identified by the augmented given event in order to generate a given digital memory for the given event. A memories data store stores digital memories generated by the memories creation processing circuitry for the particular person, and memories analysis circuitry determines and maintains associations between the digital memories in the memories data store.
    Type: Grant
    Filed: February 11, 2022
    Date of Patent: March 12, 2024
    Assignee: Arm Limited
    Inventors: Remy Pottier, Minsheng Lu, Arthur Michael Goldberg, Christopher Daniel Emmons
  • Patent number: 11928223
    Abstract: Systems, computer program products, and methods are described herein for implementing enhanced file encryption technique. The present invention is configured to receive a request from a computing device of a user to encrypt a file; encrypt the file using a local file encryption key to generate an encrypted file; transmit, via an encryption engine, a first encryption request to an encryption server to encrypt a first portion of the encrypted file; receive, from the encryption server, an encrypted first portion of the encrypted file based on at least the first encryption request, wherein the first portion of the encrypted file is encrypted by the encryption server using a first file encryption key; append the encrypted first portion of the encryption file with a remaining portion of the encrypted file to generate a final encrypted file; and store the final encrypted file in a data repository.
    Type: Grant
    Filed: January 26, 2023
    Date of Patent: March 12, 2024
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Praveen Chakravarthy Yedluri, Shyam Acharya
  • Patent number: 11924214
    Abstract: A method for accessing cloud resources via a local application development environment on a computing device. The method includes invoking an access management client at the computing device; obtaining an account identifier associated with a user account and communicating the account identifier to an identity platform; receiving an authentication message from the identity platform in response to the identity platform validating the account identifier, the authentication message comprising a role identifier; communicating the authentication message to the cloud platform; receiving security credentials associated with the role identifier from the cloud platform in response to the cloud platform validating the authentication message and the associated role identifier; setting a variable in the local development environment based on the received security credentials for use by the local development environment to request access to one or more resources maintained by the cloud platform.
    Type: Grant
    Filed: June 22, 2022
    Date of Patent: March 5, 2024
    Assignee: ATLASSIAN PTY LTD.
    Inventors: Shane Anderson, Michael Fuller, Ashley Bartlett
  • Patent number: 11921699
    Abstract: Lease-based consistency may be implemented for databases to handle failovers. A database node may obtain a consistency lease that describes a point in time determined from a time-to-live amount added to a consistent point in time for database data. While the consistency lease is valid, Multi-version Concurrency Control (MVCC) snapshots assigned by the database node can be used to handle requests to access the database data. Once expired, the database node may have to renew the consistency lease in order to continue to handle write and read requests.
    Type: Grant
    Filed: December 16, 2022
    Date of Patent: March 5, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Upendra Govindagowda, Anand Kumar Thakur, David Charles Wein, Alexandre Olegovich Verbitski, James C Nasby, Hong Yang, Gaurav Kumar Gupta
  • Patent number: 11916872
    Abstract: Described are various embodiments of an integrated network appliance and system. In one embodiment, the appliance comprises: a hardware-integrated processing engine operable to implement a trusted network-related resource; an integrated digital data processor operable to execute said processing engine; an integrated data storage resource accessible to said processing engine to implement said trusted network-related resource; an integrated location sensor; and an embedded hardware security module (HSM) hardwired to interface with said hardware-integrated processing engine via a dedicated hardware-isolated communication path, and operable to execute a trusted internal cryptographic process associated with said trusted network-related resource as a function of location data output from said integrated location sensor.
    Type: Grant
    Filed: April 18, 2022
    Date of Patent: February 27, 2024
    Assignee: CRYPTO4A TECHNOLOGIES INC.
    Inventors: Bruno Couillard, Bradley Clare Ritchie, James Ross Goodman, Jean-Pierre Fiset
  • Patent number: 11917414
    Abstract: Provided is an information processing method in an information processing system including a communication apparatus and an information processing apparatus which respectively include a first communication unit and a second communication unit that perform a wireless communication. In the information processing method, the information processing apparatus reads, by using the second communication unit, key information and first information written into a storage area by the communication apparatus, and performs a registration process for registering the communication apparatus. Regardless of communication with the communication apparatus, the information processing apparatus stores in advance second information. The information processing apparatus performs the registration process if the decryption key is generated from the key information, if the first information is decrypted by using the generated decryption key, and if the decrypted first information corresponds with the second information.
    Type: Grant
    Filed: July 24, 2019
    Date of Patent: February 27, 2024
    Assignee: Canon Kabushiki Kaisha
    Inventor: Ryota Hanyu
  • Patent number: 11907405
    Abstract: A return address of a caller of a software function within an access control component is determined, the caller comprising a software component seeking access to a protected resource protected by the access control component. From the return address, a filename of the caller is determined. Responsive to determining that the filename is included in a set of filenames of components allowed to access the protected resource, the caller is allowed to access the protected resource.
    Type: Grant
    Filed: October 14, 2020
    Date of Patent: February 20, 2024
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Xiaohan Qin, Pedro V. Torres, Xinya Wang, Amit Agarwal
  • Patent number: 11899814
    Abstract: A computer-implemented method and system: (A) read, from a plurality of data sources associated with a user, a plurality of data elements; (B) identify, for each of the plurality of data elements, a corresponding security level and a corresponding access level; (C) store, for each of the plurality of data elements, the corresponding security level and the corresponding access level; and (D) store, in a data store associated with the user, each of the plurality of data elements using a storage method specified by the data element's corresponding security level.
    Type: Grant
    Filed: August 21, 2023
    Date of Patent: February 13, 2024
    Inventors: Arthur Hustad, Wolfgang Schreiner
  • Patent number: 11899803
    Abstract: Systems, computer program products, and methods are described herein for implementing enhanced file encryption technique. The present invention is configured to receive a request from a computing device of a user to encrypt a file; encrypt the file using a local file encryption key to generate an encrypted file; transmit, via an encryption engine, a first encryption request to an encryption server to encrypt a first portion of the encrypted file; receive, from the encryption server, an encrypted first portion of the encrypted file based on at least the first encryption request, wherein the first portion of the encrypted file is encrypted by the encryption server using a first file encryption key; append the encrypted first portion of the encryption file with a remaining portion of the encrypted file to generate a final encrypted file; and store the final encrypted file in a data repository.
    Type: Grant
    Filed: January 26, 2023
    Date of Patent: February 13, 2024
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Praveen Chakravarthy Yedluri, Shyam Acharya
  • Patent number: 11900366
    Abstract: A system and method for securing crypto-asset transactions. The method includes sharding a wallet private key such that each shard of the wallet private key is distributed to a different secure module; generating signatures by each of the different secure modules based on a respective shard of the sharded wallet private key and obtained trading platform credentials; and verifying the crypto-asset transaction when a predetermined threshold of the generated signatures are determined to match each other.
    Type: Grant
    Filed: February 10, 2021
    Date of Patent: February 13, 2024
    Assignee: FIREBLOCKS LTD.
    Inventors: Pavel Berengoltz, Idan Ofrat, Michael Shaulov
  • Patent number: 11892997
    Abstract: System and methods are provided for sharding at the content level and routing content requests. Each point of presence (PoP) can initially identify the PoP that should serve content by using hashing. A PoP can encode a domain name with the identified PoP in metadata and redirect the client computing device. A client computing device transmits a DNS query for the encoded domain name. A DNS server receives the encoded domain name and decrypts and decodes the domain name label. The DNS server uses the decrypted and decoded metadata to make a further routing decision. The DNS server sends, to the client computing device, a DNS reply with the Internet Protocol (IP) address of the selected PoP. The client computing device requests content from the PoP identified by the provided IP address.
    Type: Grant
    Filed: July 11, 2022
    Date of Patent: February 6, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Karthik Uthaman, Ronil Sudhir Mokashi
  • Patent number: 11895099
    Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.
    Type: Grant
    Filed: September 1, 2021
    Date of Patent: February 6, 2024
    Assignee: JOURNEY.AI
    Inventors: Brett Shockley, Alexander John Shockley, Michael Joseph Frendo, Shmuel Shaffer, Kenneth Keiter, James M. Behmke
  • Patent number: 11895142
    Abstract: The systems and methods disclosed herein comprise computer-based platforms configured for automated early-stage application security monitoring for allowing users (e.g., application developers) to make decisions at the early stage of the application development.
    Type: Grant
    Filed: December 21, 2022
    Date of Patent: February 6, 2024
    Assignee: American Express Travel Related Services Company, Inc.
    Inventors: Asish Soudhamma, Dilip Kumar, Pratik Rajendraprasad Kasat, Andrew Michael Zammit, Gregory Huff
  • Patent number: 11893247
    Abstract: The present technology relates to an electronic device. According to the present technology, a data storage device providing an improved security function includes a memory device including a protected memory block by a security protocol and a memory controller configured to receive a command protocol component associated with the security protocol including a host side protection message requesting data from a host to be written in the protected memory block, perform an authentication operation on the protected memory block using a host message authentication code included in the host side protection message, and store data from the host according to a result of the authentication operation.
    Type: Grant
    Filed: March 5, 2021
    Date of Patent: February 6, 2024
    Assignee: SK HYNIX INC.
    Inventor: Hui Won Lee
  • Patent number: 11893136
    Abstract: Multiple types of tokens can be generated and utilized in a highly structured document with freeform text. For example, a tokenization system may receive a request for tokenizing a document with a first portion having structured content and a second portion having unstructured or semi-structured content. In response, the tokenization system identifies sensitive information in the first portion of the document, generates format-preserving tokens for the sensitive information in the first portion of the document, identifies sensitive information in the second portion of the document, and generates self-describing tokens for the sensitive information in the second portion of the document. The self-describing tokens reference the sensitive information in the first portion of the document. The tokenization system may then communicate the format-preserving tokens and the self-describing tokens to the first client computing system or to a second client computing system.
    Type: Grant
    Filed: August 27, 2021
    Date of Patent: February 6, 2024
    Assignee: OPEN TEXT HOLDINGS, INC.
    Inventor: Walter Hughes Lindsay
  • Patent number: 11893108
    Abstract: A method for accessing one or more service processes of service includes executing at least one service enclave and executing an enclave sandbox that wraps the at least one service enclave. The at least one service enclave provides an interface to the one or more service processes. The enclave sandbox is configured to establish an encrypted communication tunnel to the at least one service enclave interfacing with the one or more service processes, and communicate program calls to/from the one or more service processes as encrypted communications through the encrypted communication tunnel.
    Type: Grant
    Filed: December 31, 2022
    Date of Patent: February 6, 2024
    Assignee: Google LLC
    Inventors: Nicolas Lidzborski, Jonathon Giffin
  • Patent number: 11888980
    Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).
    Type: Grant
    Filed: April 19, 2021
    Date of Patent: January 30, 2024
    Assignee: Amazon Technologies, Inc.
    Inventor: Steven Preston Lightner Norum
  • Patent number: 11888893
    Abstract: A method and system for characterizing application layer denial-of-service (DDoS) attacks are provided. The method includes generating a dynamic applicative signature by analyzing requests received during an on-going DDoS attack, wherein the dynamic applicative signature characterizes based on frequent applicative attributes appeared from the received; characterizing each incoming request based on the generated dynamic applicative signature, wherein the characterization provides an indication for each incoming request whether an incoming request is generated by an attack tool executing the on-going DDoS attributes; and causing a mitigation action on the incoming request generated by the attack tool based on the generated dynamic applicative signature.
    Type: Grant
    Filed: January 31, 2023
    Date of Patent: January 30, 2024
    Assignee: RADWARE LTD
    Inventors: Ehud Doron, Koral Haham, David Aviv
  • Patent number: 11886752
    Abstract: A method for execution by one or more processing modules of one or more computing devices of a storage network, the method comprises receiving a data object for processing, determining whether the data object is to be transferred to one or more remote storage location, determining whether one or more legal restrictions are associated with the data object. Based on a determination that one or more legal restrictions are associated with the data object, the method continues by determining whether the one or more legal restrictions allow transfer of the data object to a storage unit of the one or more remote storage locations. The method continues by segmenting the data object into a plurality of data segments, dispersed error encoding a data segment of the plurality of data segments in accordance with dispersed error encoding parameters to produce a set of encoded data slice and transmitting a write requests for an encoded data slice of the set of encoded data slices to the storage location for processing.
    Type: Grant
    Filed: January 9, 2023
    Date of Patent: January 30, 2024
    Assignee: Pure Storage, Inc.
    Inventors: Russell P. Kennedy, Robert C. McCammon, Jason K. Resch, Thomas F. Shirley, Jr.
  • Patent number: 11886545
    Abstract: Federated systems for issuing playback certifications granting access to technically protected content are described. One embodiment of the system includes a registration server connected to a network, a content server connected to the network and to a trusted system, a first device including a non-volatile memory that is connected to the network and a second device including a non-volatile memory that is connected to the network. In addition, the registration server is configured to provide the first device with a first set of activation information in a first format, the first device is configured to store the first set of activation information in non-volatile memory, the registration server is configured to provide the second device with a second set of activation information in a second format, and the second device is configured to store the second set of activation information in non-volatile memory.
    Type: Grant
    Filed: December 28, 2020
    Date of Patent: January 30, 2024
    Assignee: DIVX, LLC
    Inventors: Eric William Grab, Chris Russell, Francis Yee-Dug Chan, Michael George Kiefer
  • Patent number: 11880578
    Abstract: Techniques are provided for providing a storage abstraction layer for a composite aggregate architecture. A storage abstraction layer is utilized as an indirection layer between a file system and a storage environment. The storage abstraction layer obtains characteristic of a plurality of storage providers that provide access to heterogeneous types of storage of the storage environment (e.g., solid state storage, high availability storage, object storage, hard disk drive storage, etc.). The storage abstraction layer generates storage bins to manage storage of each storage provider. The storage abstraction layer generates a storage aggregate from the heterogeneous types of storage as a single storage container. The storage aggregate is exposed to the file system as the single storage container that abstracts away from the file system the management and physical storage details of data of the storage aggregate.
    Type: Grant
    Filed: November 29, 2021
    Date of Patent: January 23, 2024
    Assignee: NetApp, Inc.
    Inventors: Ananthan Subramanian, Sriram Venketaraman, Ravikanth Dronamraju, Mohit Gupta
  • Patent number: 11882018
    Abstract: An apparatus for analyzing a network according to an embodiment includes a receiving module configured to receive, from a cloud service, information on one or more resources included in the cloud service and information on a network environment of the one or more resources, a topology generation module configured to derive a network topology of the cloud service by using the information on the resources and the information on the network environment, and an analysis module configured to derive, from the network topology, a communication possible path of each of the one or more resources and one or more communication allow policies in the communication possible path.
    Type: Grant
    Filed: October 29, 2021
    Date of Patent: January 23, 2024
    Assignee: SAMSUNG SDS CO., LTD.
    Inventors: Jung Do Cha, Jung Hyun Ahn, Hyeong Jin Lee
  • Patent number: 11874776
    Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.
    Type: Grant
    Filed: June 25, 2021
    Date of Patent: January 16, 2024
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan
  • Patent number: 11868638
    Abstract: Methods, systems, and devices for improved inter-memory movement in a multi-memory system are described. A memory device may receive from a host device a command to move data from a first memory controlled by a first controller to a second memory controller by a second controller. The memory device may use the first and second controllers to facilitate the movement of the data from the first memory to the second memory via a path external to the host device. The memory device may indicate to the host device when to suspend activity to the first memory or the second memory and when to resume activity to the first memory or second memory.
    Type: Grant
    Filed: September 11, 2020
    Date of Patent: January 9, 2024
    Assignee: Micron Technology, Inc.
    Inventors: Sourabh Dhir, Kang-Yong Kim
  • Patent number: 11868365
    Abstract: Methods and systems for data are disclosed. A system implementation includes a data module for storing data received from an external source. The data module includes a file system for unstructured data, a database for structured data, a transform for operating upon unstructured or structured data, a data broker for receiving data having a first format and providing the data in a second format, a data network for communications within the data module, and a processing module for performing operations upon data. The processing module further includes a process broker and a process container. The process container is for providing one or more instances of processes during a runtime operation. The system further includes an inter-process network for communications within the processing module and an internal gateway for the data module to communicate with the processing module.
    Type: Grant
    Filed: December 12, 2022
    Date of Patent: January 9, 2024
    Inventors: Vivek Vishnoi, Steven Sanghoon Lee
  • Patent number: 11864090
    Abstract: A communication system, a communication management method, and a non-transitory recording medium. The communication system communicates with an access source terminal connected to a first network, a communication apparatus and one or more access destination terminals each connected to a second network, the one or more access destination terminal being configured to provide a service by remote access, in response to a request from the access source terminal to use the service provided by the one or more access destination terminals, acquires access information including location information indicating location of the access source terminal and time information indicating usage time of the service, and restricts use of the service based on the access information and setting information, the setting information previously setting a range of the access information for permitting the use of the service provided by the one or more access destination terminals by the access source terminal.
    Type: Grant
    Filed: January 25, 2022
    Date of Patent: January 2, 2024
    Assignee: Ricoh Company, Ltd.
    Inventor: Satoru Yamamoto
  • Patent number: 11861182
    Abstract: Integrated circuit device having a processor module (2) in communication with a cache memory module (3, 4), and one or more memory control modules (6, 8, 10) each arranged to interface with an associated storage memory unit (5, 7, 9). An authentication module (15) is provided in communication with the memory control modules (6, 8, 10) and the cache memory modules (3, 4). The authentication module (15) is arranged to generate and store a hardware based secure key, read a predetermined set of data from the associated storage memory units (5, 7, 9), and an associated stored hash value, calculate a hash value of the predetermined set of data using the hardware based secure key; and store the predetermined set of data in the cache memory module (3, 4) only if the calculated hash value corresponds to the associated stored hash value.
    Type: Grant
    Filed: April 7, 2020
    Date of Patent: January 2, 2024
    Assignee: Technische Universiteit Delft
    Inventors: Mottaqiallah Taouil, Cezar Rodolfo Wedig Reinbrecht, Fethulah Smailbegovic, Said Hamdioui
  • Patent number: 11861009
    Abstract: An apparatus to facilitate permissions at a computing system platform is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent and attestation hardware to detect an update at the computing system platform, generate a cryptographic key associated with each of the plurality of agents, perform an attestation with a relying party using the generated cryptographic keys and receive a tuple associated with each of the plurality of agents, wherein a tuple includes one or more permissions indicating platform resources an agent is permitted to access.
    Type: Grant
    Filed: December 23, 2020
    Date of Patent: January 2, 2024
    Assignee: Intel Corporation
    Inventors: Prashant Dewan, Nivedita Aggarwal
  • Patent number: 11863551
    Abstract: Systems and methods for adaptive token verification are disclosed. For example, a system may include at least one memory storing instructions and one or more processors configured to execute the instructions to perform operations. The operations may include training a verification model to verify tokenized requests based on system identifiers. The operations may include receiving a tokenized request from an external system, the request comprising a system identifier of the external system. The operations may include generating output of the verification model based on the system identifier, and, based on the output, performing one of granting the request or blocking the request.
    Type: Grant
    Filed: December 14, 2022
    Date of Patent: January 2, 2024
    Assignee: Capital One Services, LLC
    Inventors: Allison Fenichel, Brice Elder, Varun Gupta
  • Patent number: 11861020
    Abstract: An apparatus includes a processor, persistent memory coupled to the processor, and a memory protection logic. The processor may include multiple processing engines. The persistent memory may include a persistent storage portion and a memory expansion portion. The memory protection logic is to: obtain a first ephemeral component associated with the persistent storage portion; generate a persistent key using the first ephemeral component; obtain a second ephemeral component associated with the memory expansion portion; and generate a non-persistent key using the second ephemeral component. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 26, 2020
    Date of Patent: January 2, 2024
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Hormuzd M. Khosravi
  • Patent number: 11860797
    Abstract: Restricting peripheral device protocols in confidential compute architectures, the method including: receiving a first address translation request from a peripheral device supporting a first protocol, wherein the first protocol supports cache coherency between the peripheral device and a processor cache; determining that a confidential compute architecture is enabled; and providing, in response to the first address translation request, a response including an indication to the peripheral device to not use the first protocol.
    Type: Grant
    Filed: December 30, 2021
    Date of Patent: January 2, 2024
    Assignees: ADVANCED MICRO DEVICES, INC., ATI TECHNOLOGIES ULC
    Inventors: Philip Ng, Nippon Raval, David A. Kaplan, Donald P. Matthews, Jr.
  • Patent number: 11861183
    Abstract: A disk device includes a volatile memory, a nonvolatile memory, and a controller. The controller is configured to receive, from a host, a key setting request that includes a cryptographic key, a key ID thereof, and tag information of the cryptographic key and generate generation information of the cryptographic key. The controller is also configured to store a first entry including the tag information, the cryptographic key, and the generation information associated with each other in the volatile memory, and store a second entry including the key ID and the generation information associated with each other in the nonvolatile memory.
    Type: Grant
    Filed: February 24, 2022
    Date of Patent: January 2, 2024
    Assignees: Kabushiki Kaisha Toshiba, Toshiba Electronic Devices & Storage Corporation
    Inventors: Kazumasa Nomura, Kana Furuhashi
  • Patent number: 11861027
    Abstract: In one embodiment, data at rest is securely stored. A data safe performing data plane processing operations in response to requests of received read data requests, received write data requests, and received read information responses, with the data safe being immutable to processing-related modifications resulting from said performing data plane processing operations. In one embodiment, performing these data plane processing operations does not expose any pilot keys outside the data safe in clear form nor in encrypted form. The pilot keys are used to encrypt information that is subsequently stored in a storage system. One embodiment uses pilot keys to encrypt data that is subsequently stored in a storage system. One embodiment uses data cryptographic keys to encrypt data, uses the pilot keys to cryptographically-wrap (encrypt) the data cryptographic keys, and stores the cryptographically wrapped data keys and encrypted data in a storage system.
    Type: Grant
    Filed: May 25, 2021
    Date of Patent: January 2, 2024
    Assignee: Q-Net Security, Inc.
    Inventors: Jerome R. Cox, Jr., Ronald S. Indeck
  • Patent number: 11856058
    Abstract: An apparatus with a solid state drive (SSD) having firmware to perform peer to peer transfer of proof of space plots. The SSD has a host interface configured to receive at least read commands and write commands from an external host system. The SSD has memory cells formed on at least one integrated circuit die, and a processing device configured to control executions of the read commands to retrieve data from the memory cells and executions the write commands to store data into the memory cells. The firmware is executable in the SSD according to configuration data to: identify an opportunity for a transfer of a proof of space plot; establish a peer to peer connection to a device that is separate from the solid state drive; and transfer, over the peer to peer connection, the proof of space plot between the solid state drive and the device.
    Type: Grant
    Filed: December 14, 2021
    Date of Patent: December 26, 2023
    Assignee: Micron Technology, Inc.
    Inventors: Luca Bert, Joseph Harold Steinmetz
  • Patent number: 11853464
    Abstract: A storage device includes a storage and a controller configured to execute control of the storage based on a command from a host device. The controller is configured to generate a verifier of data stored in the storage in response to a first command related to the data from the host device, and transmit the verifier of the data to the host device in response to a second command related to the data from the host device.
    Type: Grant
    Filed: May 29, 2019
    Date of Patent: December 26, 2023
    Assignee: Kioxia Corporation
    Inventors: Naoko Yamada, Teruji Yamakawa
  • Patent number: 11853435
    Abstract: Ingesting large quantities of data in a secure manner can be problematic, particularly processing types of data streams to determine the content of the data stream. As provided herein, a context associated with the data stream can be ascertained by mapping the content of data stream using contextual maps. The content and context can then be further processed in order to generate appropriate responses. In addition, obfuscation can be applied to the content such that the original content is lost while the contextual meaning associated with the content is maintained. In this way, an understanding can persist of the original content without retaining the underlying raw data.
    Type: Grant
    Filed: June 10, 2020
    Date of Patent: December 26, 2023
    Inventor: Ryan Welker
  • Patent number: 11852114
    Abstract: A system for discharging or charging a capacitor of a hybrid vehicle according to the present disclosure includes a target state of charge (SOC) module and a capacitor charge/discharge module. The target SOC module determines a target state of charge of the capacitor based on a speed of the vehicle. The capacitor charge/discharge module determines whether a state of charge of a capacitor is greater than a target state of charge. The capacitor charge/discharge module dissipates power from the capacitor to at least one of a battery of the vehicle and an electrical load of the vehicle when the state of charge of the capacitor is greater than the target state of charge.
    Type: Grant
    Filed: December 6, 2021
    Date of Patent: December 26, 2023
    Assignee: Gentherm Incorporated
    Inventors: Michael Peter Ciaccio, Brian Moorhead
  • Patent number: 11854658
    Abstract: A method for operating a DRAM device. The method includes receiving in a memory buffer in a first memory module hosted by a computing system, a request for data stored in RAM of the first memory module from a host controller of the computing system. The method includes receiving with the memory buffer, the data associated with a RAM, in response to the request and formatting with the memory buffer, the data into a scrambled data in response to a pseudo-random process. The method includes initiating with the memory buffer, transfer of the scrambled data into an interface device.
    Type: Grant
    Filed: March 16, 2022
    Date of Patent: December 26, 2023
    Assignee: Rambus Inc.
    Inventors: Christopher Haywood, David Wang
  • Patent number: 11847069
    Abstract: A secure processing system includes a memory having a secure partition and a non-secure partition, a neural network processing unit (NPU) configured to initiate transactions with the memory, and a memory protection unit (MPU) configured to filter the transactions. Each of the transactions includes at least an address of the memory to be accessed, one of a plurality of first master identifiers (IDs) associated with the NPU, and security information indicating whether the NPU is in a secure state or a non-secure state when the transaction is initiated. The MPU is to selectively deny access to the secure partition of the memory based at least in part on the memory address, the first master ID, and the security information associated with each of the transactions.
    Type: Grant
    Filed: May 27, 2022
    Date of Patent: December 19, 2023
    Assignee: Synaptics Incorporated
    Inventors: Pontus Evert Lidman, Xiao William Cheng, Hongjie Guan, Jingliang Li
  • Patent number: 11847067
    Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.
    Type: Grant
    Filed: October 19, 2021
    Date of Patent: December 19, 2023
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan
  • Patent number: 11847243
    Abstract: According to one embodiment, a memory system includes a nonvolatile memory and a controller. The controller controls the nonvolatile memory, writes data to a random access memory in a host, and reads data from the random access memory. The random access memory includes regions in first units to which the controller is accessible. The controller uses encryption keys associated with the regions, respectively, for encrypting data to be written into each of the regions and decrypting data read from each of the regions.
    Type: Grant
    Filed: July 24, 2020
    Date of Patent: December 19, 2023
    Assignee: Kioxia Corporation
    Inventors: Akihiro Sakata, Tomonori Yokoyama, Yifan Tang
  • Patent number: 11849036
    Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.
    Type: Grant
    Filed: June 23, 2022
    Date of Patent: December 19, 2023
    Assignee: Akamai Technologies, Inc.
    Inventors: Eugene (John) Neystadt, Jonathan Herzog, Ittay Dror, Elisha Ben-Zvi
  • Patent number: 11847501
    Abstract: Systems and methods are disclosed for data protection in a cluster of data processing accelerators (DPAs) using a policy that determines a static partition of resources in each DPA in the cluster communicatively coupled to a host device. Each DPA has sensitive (secure) and non-sensitive (non-secure) resources. The host device and a DPA can access all resources of the DPA. Other DPAs can only access non-sensitive resources of a DPA. The partition of resources within a DPA is static and may be implemented in hardware or firmware. Resources include memory, one or more processing modules such as key generators and cryptographic modules, caches, registers, and storage.
    Type: Grant
    Filed: June 12, 2020
    Date of Patent: December 19, 2023
    Assignees: BAIDU USA LLC, KUNLUNXIN TECHNOLOGY (BEIJING) COMPANY LIMITED
    Inventors: Yueqiang Cheng, Hefei Zhu