By Stored Data Protection Patents (Class 713/193)
  • Patent number: 11329814
    Abstract: A self encryption drive (SED) receives a media encryption key (MEK) from a key management server. The MEK is stored only in volatile memory of the SED. Data is encrypted for storage in a non-volatile storage media of the SED based on the MEK. Further, the MEK is erased in the volatile memory to crypto-erase the SED by deleting all instances of the MEK stored by the SED.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: May 10, 2022
    Assignee: Marvell Asia Pte, Ltd.
    Inventors: Ke Du, Minda Zhang
  • Patent number: 11330015
    Abstract: A method for automatically creating a honeyfile for a file system, includes the steps of: surveying a file set of the file system to identify tokenisable data in the file set, tokenising the identified tokenisable data to form a plurality of token sequences, and either selecting one of the plurality of token sequences or generating a token sequence to operate as an exemplar token sequence; applying a substitution method to substitute the tokens of the exemplar token sequence with replacement tokenisable data; and packaging the replacement tokenisable data into a honeyfile.
    Type: Grant
    Filed: October 8, 2019
    Date of Patent: May 10, 2022
    Assignee: Penten Pty Ltd.
    Inventors: Ben Whitham, David Liebowitz
  • Patent number: 11329816
    Abstract: In some examples, a device receives a plurality of encryption keys from a secure storage of a management controller, where a first encryption key of the plurality of encryption keys is for site-wide access of information on removable storage media plugged into respective computers of a site, and a second encryption key of the plurality of encryption keys is to restrict access of information on removable storage media plugged into a subset of the computers. The device uses a given encryption key of the plurality of encryption keys to encrypt information written to or decrypt information read from a first removable storage medium plugged into a first computer of the computers, wherein the management controller is associated with and is separate from a processor of the first computer.
    Type: Grant
    Filed: June 1, 2020
    Date of Patent: May 10, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Lee A. Preimesberger, Jorge Daniel Cisneros, Vartan Yosef Kasheshian
  • Patent number: 11323517
    Abstract: An internet of things aggregator system includes a management system. The management system being configured to connect to and exchange data with at least one wireless network, at least one Internet of things device, a functional system, and a third party enterprise. The management system is configured to implement a certification system, a connectivity system, a coding system, a billing system, and a unified policy control system. The disclosure is also directed to an internet of things aggregator process.
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: May 3, 2022
    Assignee: TRACFONE WIRELESS, INC.
    Inventor: Zhong Yang
  • Patent number: 11321186
    Abstract: A backup system for backing up data on a computer system, comprising: a plurality of storage devices, the storage devices can be of any type known in the industry such as USB, SATA, SD etc. Storage devices may be built in the device or external devices. The same system may have storage devices that are of the same type (all internal or all external) or a mixture (some internal some external). One or more connector for connecting the plurality of storage devices to the computer system. The storage devices may each have a unique connector (wired or wireless) to the computer system or alternatively, one connector can be connected each time to another storage device. The system also comprises a control module for controlling the connection between the plurality of storage devices to said computer system such that at any given time at least one but not all storage devices are connected to the computer system.
    Type: Grant
    Filed: June 11, 2019
    Date of Patent: May 3, 2022
    Assignee: SALVADOR TECHNOLOGIES LTD.
    Inventors: Alexander Yevtushenko, Oleg Vusiker
  • Patent number: 11316669
    Abstract: This application discloses an audit result data storage method and device, an audit result data query method and device, an audit item storage method and device, an electronic device and a medium. The method includes obtaining a first hash value of audit result data of a first user; signing the first hash value according to a private key of the first user to obtain first signature data; and transmitting the first signature data to an audit result data storage subsystem, the audit result data storage subsystem being configured to store data in the form of a blockchain.
    Type: Grant
    Filed: October 16, 2020
    Date of Patent: April 26, 2022
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Dongyan Wang, Maocai Li, Bo Li, Haitao Tu
  • Patent number: 11314873
    Abstract: In a client server environment a method of securely storing data; said method comprising generating a data element at a second location; transmitting the data element to a first location separate and remote from the second location; encrypting the data element at the first location thereby to form an encrypted data element; transmitting the encrypted data element to the second location separate and remote from the first location and storing the encrypted data element at the second location; and wherein the second location is constituted as a client device.
    Type: Grant
    Filed: January 3, 2017
    Date of Patent: April 26, 2022
    Assignee: HAVENTEC PTY LTD
    Inventor: Ric B. Richardson
  • Patent number: 11314455
    Abstract: Systems and methods for natural language processing (NLP) and mapping of redundant array of independent disks (RAID) command line interface (CLI) requests to virtual storage area network (VSAN) commands by an out-of-band management platform are described. In some embodiments, an Information Handling System (IHS) may include: a processor, a baseband management controller (BMC) coupled to the processor, and a memory coupled to the BMC, the memory having program instructions stored thereon that, upon execution by the BMC, cause the IHS to: receive a RAID-CLI request, map the RAID-CLI request into a vSAN command using NLP, and transmit the vSAN command to the processor.
    Type: Grant
    Filed: July 9, 2020
    Date of Patent: April 26, 2022
    Assignee: Dell Products, L.P.
    Inventors: Ankit Singh, Vaideeswaran Ganesan, Deepaganesh Paulraj, Vinod P S
  • Patent number: 11308190
    Abstract: A method for handling biometric templates is disclosed for an authenticating device applying biometric authentication. The method comprises acquiring a set of biometric data associated with a prospect user, and acquiring a decryption key (associated with an encrypted biometric template associated with an enrolled user of the authenticating device) from a key carrying device external to the authenticating device responsive to the key carrying device being in a vicinity of the authenticating device. The method also comprises retrieving, from a storage medium, at least a part of the encrypted biometric template associated with the enrolled user, decrypting the retrieved part of the biometric template using the acquired decryption key and performing an attempt to authenticate the prospect user as the enrolled user based on a comparison between the acquired set of biometric data and the decrypted part of the biometric template.
    Type: Grant
    Filed: November 9, 2018
    Date of Patent: April 19, 2022
    Assignee: FINGERPRINT CARDS ANACATUM IP AB
    Inventors: Markus Andersson, Jan Nilsson, Anders Khullar
  • Patent number: 11308239
    Abstract: Method and apparatus for protecting against a jitter attack upon a cryptographic processing device. In some embodiments, the cryptographic processing circuit is configured to perform a cryptographic function on a set of input data to generate a corresponding set of transformed output data. An input line supplies an input signal used by the cryptographic processing IC during execution of the cryptographic function. A monitor circuit monitors the input signal, and temporarily disables the cryptographic processing IC when time-varying changes to the input signal indicate a jitter attack may be taking place. The input signal may be a source voltage, and voltage transitions in the source voltage can be monitored. Alternatively, the input signal may be a clock signal, and frequency variations in the clock signal can be monitored. The monitor circuit may be arranged on a power island to maintain power during power fluctuations.
    Type: Grant
    Filed: May 15, 2018
    Date of Patent: April 19, 2022
    Assignee: SEAGATE TECHNOLOGY LLC
    Inventor: Robert Wayne Moss
  • Patent number: 11301230
    Abstract: A method and system for improving a machine learning multimedia conversion process is provided. The method includes automatically connecting hardware devices to a server hardware device. Audio and/or video data from a meeting between individuals is recorded form a location and each individual is identified via sensor data. Attributes for each user are identified and the audio and/or video data is converted to text data. Portions of the text data are analyzed and associated with each individual. Action items in the text data are identified and assigned to the individuals based on the attributes. Self-learning software code for executing future multimedia conversion processes is generated based on the assigning and the self-learning software code is modified based on results of executing the future multimedia conversion processes.
    Type: Grant
    Filed: April 13, 2018
    Date of Patent: April 12, 2022
    Assignee: Kyndryl, Inc.
    Inventors: Christopher J. Dawson, Christopher L. Molloy, Craig M. Trim, John M. Ganci, Jr.
  • Patent number: 11301577
    Abstract: In a digital computing environment, a method of protecting stored and transmitted computer original files from unauthorized access, by encoding a series of physically allowed restore locations into a plurality of site-specific protected site data files, and rearranging the internal structure of the original file's byte data into a specified non-linear sequence, and storing them into the plurality of site-specific protected site data files. The protected site data files can then be individually stored across two or more physical and/or online storage sites to implement an effective form of file security. A user selects the original files they want to protect, a plurality of physical allowed restore locations, and a plurality of storage sites they wish to use to protect their original files. Each original file is processed at the bitwise level, with each successive bit from each successive byte being appended to the next successive protected site data file.
    Type: Grant
    Filed: January 28, 2020
    Date of Patent: April 12, 2022
    Inventor: Geoffrey Bernard Grindrod
  • Patent number: 11301418
    Abstract: A method and system for provenance-based data backups. Specifically, the method and system disclosed herein entail generating and, subsequently, using data provenance to filter which collections of data, produced through the data mining of big data, should be replicated and stored in backup storage.
    Type: Grant
    Filed: May 2, 2019
    Date of Patent: April 12, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Assaf Natanzon, David Zlotnick, Boris Shpilyuck
  • Patent number: 11294576
    Abstract: A device transmits the capabilities of the device for performing transformations on offloaded objects, to a host. The device receives an object definition command from the host, where the object definition command indicates one or more transformations to apply to an object. One or more transformations are performed on the object to generate one or more transformed objects. A completion command is transmitted to the host to indicate completion of the one or more transformations on the object.
    Type: Grant
    Filed: July 9, 2019
    Date of Patent: April 5, 2022
    Assignee: Intel Corporation
    Inventors: Jawad B. Khan, Kelvin D. Green, Vasanthi Jagatha
  • Patent number: 11297045
    Abstract: An information recording apparatus has a drive unit to record digital information including digital contents; and a host unit to control reading and writing of the digital information for the drive unit. The host unit has a network processing unit to communicate with a server, a shadow determination unit to determine whether a shadow boot program to be executed prior to a boot program is executable, a shadow reading unit to read the shadow program from the drive unit when the shadow determination unit determines to be executable, a shadow execution unit to execute the shadow program, a server authentication unit to perform authentication with the server in accordance with a processing of the shadow program, and a password transmitter to transmit to the drive unit a password used for unlock of the drive unit when the authentication with the server is successful.
    Type: Grant
    Filed: December 12, 2019
    Date of Patent: April 5, 2022
    Assignee: KIOXIA CORPORATION
    Inventor: Hiroshi Isozaki
  • Patent number: 11281485
    Abstract: Some embodiments provide a novel method for authorizing network requests for a machine in a network. In some embodiments, the method is performed by security agents that execute on virtual machines operating on a host machine. In some embodiments, the method captures a network request (e.g., network control packets, socket connection request, etc.) from a primary application executing on the machine. The method identifies an extended context for the network request and determines whether the network request is authorized based on the extended context. The method then processes the network request according to the determination. The extended context of some embodiments includes identifications for primary and secondary applications associated with the network request. Alternatively, or conjunctively, some embodiments include identifications for primary and secondary users associated with the network request.
    Type: Grant
    Filed: May 3, 2019
    Date of Patent: March 22, 2022
    Assignee: NICIRA, INC.
    Inventors: Vasantha Kumar, Prasad Sharad Dabak, Azeem Feroz, Amit Vasant Patil
  • Patent number: 11282084
    Abstract: A method for sending a notification indicating fraud using a transaction authorization channel is described. Upon performing a fraud analysis on a first transaction previously authorized by an issuer of an account via the transaction authorization channel, a determination that the first transaction has indications of fraud is performed. In response to determining that the first transaction has indications of fraud, a transaction authorization request message for a second transaction is generated to include a billing descriptor field with data representing a notification of fraud on the account. The transaction authorization request message for the second transaction is sent, via the transaction authorization channel, to an electronic device associated with the issuer of the account so that it will modify the account to include a transaction entry for the second transaction that will be recognized as a fraud notification when an account holder of the account views pending transactions.
    Type: Grant
    Filed: March 18, 2019
    Date of Patent: March 22, 2022
    Assignee: Bolt Financial, Inc.
    Inventors: Pantelis Miltos Kledaras, Akshaya Srivatsa
  • Patent number: 11281812
    Abstract: A storage device includes a substrate, at least one secure element, a case and a coupling structure. The secure element is mounted on the substrate. The case surrounds the substrate and the secure element. The coupling structure integrally couples the secure element and the case. When at least a part of the case is removed, the secure element is destroyed while a connection remains between the secure element and the case by the coupling structure, and access to secure data stored in the secure element is prevented.
    Type: Grant
    Filed: December 16, 2020
    Date of Patent: March 22, 2022
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Insub Kwak, Sungki Lee, Chunghyun Ryu
  • Patent number: 11283613
    Abstract: Systems and methods are disclosed herein relating to the secure configuration of intelligent electronic devices. Intelligent electronic devices are used in electric power generation and transmission systems for protection, control, automation, and/or monitoring of equipment. The use of tokens and token-based digital signatures in the configuration process of intelligent electronic devices reduces the likelihood of malicious acts or unintended errors. Tokens distributed to engineers, technicians, intelligent electronic devices, computing devices, and/or software decrease the likelihood of errors being introduced in the configuration process.
    Type: Grant
    Filed: October 17, 2019
    Date of Patent: March 22, 2022
    Assignee: Schweitzer Engineering Laboratories, Inc.
    Inventors: Dennis Gammel, Josh Powers, Jason A. Dearien, Joshua Thomas Pereyda
  • Patent number: 11283602
    Abstract: Embodiments are directed to provisioning a general-use basis for authentication of a processor device. During manufacture, a hardware processor stores a secret value and shares a derived value produced based on the secret value with a secure service. These values may be used in a limited-use initial authentication process to authenticate the hardware processor. A general-use basis for authentication not so limited as the initial authentication process is established subsequent to the manufacture of the hardware processor. The general-use basis for authentication may include a public-private key pair, and is established upon successful completion of the initial authentication process. Authentication using the general-use process produces an authentication traceable to the manufacture of the hardware processor.
    Type: Grant
    Filed: April 2, 2020
    Date of Patent: March 22, 2022
    Assignee: Intel Corporation
    Inventors: Ernie F. Brickell, Rachid El Bansarkhani
  • Patent number: 11281781
    Abstract: Key processing methods and apparatuses, storage media, and processors are disclosed. A method includes: a security chip receiving a dynamic measurement request for a cryptographic operation; and the security chip generating a child key of a platform measurement root key based on the platform measurement root key and a random number, wherein the child key of the platform measurement root key is used for encrypting a loading process and an execution process measured by a dynamic measurement module, and the dynamic measurement module is a module used for measuring a firmware that performs cryptographic operations. The present disclosures solves the technical problems that existing key processing methods cannot guarantee the integrity of cryptographic operation algorithm firmware and the credibility of cryptographic operation execution environments during a cryptographic operation process.
    Type: Grant
    Filed: August 12, 2019
    Date of Patent: March 22, 2022
    Assignee: Alibaba Group Holding Limited
    Inventor: Yingfang Fu
  • Patent number: 11283619
    Abstract: A device for, and method of, generating coded data from input data are disclosed. The device includes: an input for receiving input data, where the input data includes a plurality of data blocks; a plurality of bit mixers coupled in parallel to the input, where each bit mixer is configured to receive at least one data block of the plurality of data blocks, where no bit mixer of the plurality of bit mixers is configured to receive a same data block of the plurality of data blocks as another of the bit mixers of the plurality of bit mixers, and where no two bit mixers of the plurality of bit mixers are configured to produce same output values for same input values; a combiner communicatively coupled in parallel to the plurality of bit mixers; and an output communicatively coupled to the combiner, the output configured to provide coded data.
    Type: Grant
    Filed: June 20, 2019
    Date of Patent: March 22, 2022
    Assignee: THE BOEING COMPANY
    Inventor: Laszlo Hars
  • Patent number: 11284244
    Abstract: A data white box device utilized in conjunction with an intelligent terminal is provided. The data white box device includes a controller, a memory, and an SIM unit. The controller provides support for management of the memory and call of the SIM unit. The memory provides a physical medium for storing data of the intelligent terminal. The SIM unit provides support for encryption and security authentication of the data of the intelligent terminal.
    Type: Grant
    Filed: December 28, 2020
    Date of Patent: March 22, 2022
    Assignee: Unigroup Guoxin Microelectronics Co., Ltd.
    Inventors: Hangyu Huo, Daojie Ma, Linlin Su, Jiawei Liu
  • Patent number: 11275849
    Abstract: A database management tool performs updates or sequential operations to large databases. A configuration file specifies source, destination (if different than source), encryption status, order, throttling limits, and number of threads to maintain, among other settings. A queue table points the tool at the database to be converted and maintains current row ID and status. The queue table may also hold the location of a hardware security module (HSM) if one is used for encryption, decryption, or hashing. The database management tool may use the configuration file to retrieve a record, perform the specified action, such as sending the record to an HSM for decryption with an old key and encryption with a new key, and replacing the old record with the updated record. The queue table may be updated with a running record of where the last operation occurred to allow rollbacks if necessary.
    Type: Grant
    Filed: August 2, 2019
    Date of Patent: March 15, 2022
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventor: Adam Conway
  • Patent number: 11276051
    Abstract: Systems and methods for conducting convenient and secure mobile transactions between a payment terminal and a mobile device, e.g., in a fueling environment, are disclosed herein. In some embodiments, the payment terminal and the mobile device conduct a mutual authentication process that, if successful, produces a session key which can be used to encrypt sensitive data to be exchanged between the payment terminal and the mobile device. Payment and loyalty information can be securely communicated from the mobile device to the payment terminal using the session key. This can be done automatically, without waiting for the user to initiate a transaction, to shorten the overall transaction time. The transaction can also be completed without any user interaction with the mobile device, increasing the user's convenience since the mobile device can be left in the user's pocket, purse, vehicle, etc.
    Type: Grant
    Filed: February 14, 2019
    Date of Patent: March 15, 2022
    Assignee: Wayne Fueling Systems LLC
    Inventors: Weiming Tang, James M. Brewer
  • Patent number: 11275848
    Abstract: Multiple data sources encrypt data using encryption key data received from a first system; a second system does not have access to the encryption key data. The second system receives the encrypted data from the multiple data sources. Because the encryption is additively homomorphic, the second system may create encrypted summation data using the encrypted data. The second system may send the encrypted summation data to the first system, which may then decrypt the encrypted summation data to create unencrypted summation data.
    Type: Grant
    Filed: March 22, 2019
    Date of Patent: March 15, 2022
    Assignee: Via Science, Inc.
    Inventor: Kai Chung Cheung
  • Patent number: 11269624
    Abstract: A method, system, and computer program product for implementing automated software application bundling is provided. The method includes detecting first software scanners installed within computing devices associated with a hardware device. Licensed software applications and second software scanners installed within a group of computing devices are detected and configuration files associated with initiating execution of the licensed software applications are retrieved from a database. Operational data is retrieved and an associated list describing operational attributes of the computing devices is generated. Likewise, a list of licensed software applications installed within the group of computing devices and a graph presenting communication connections between the computing devices and the hardware device are generated and the licensed software applications are executed with respect to enabling operational functionality for the group of computing devices.
    Type: Grant
    Filed: January 12, 2021
    Date of Patent: March 8, 2022
    Assignee: International Business Machines Corporation
    Inventors: Grzegorz Piotr Szczepanik, Piotr Kalandyk, Lukasz Jakub Palus, Pawel Tadeusz Januszek, Hubert Kompanowski
  • Patent number: 11271751
    Abstract: Embodiment create and validate a digital record that represents an asset. Embodiments obtain a first private key and a first public key that corresponds to a creator of the digital record and generates one or more parameters for the digital record, where a first parameter of the parameters is related to transactions of the digital record. Embodiments generate one or more rules for the digital record, where a first rule of the rules corresponds to the first parameter and constrains the transactions. Using the first private key, embodiments compute a first digital signature of all of the first public key, the parameters and the rules and creates a first digital record comprising the first public key, the parameters, the rules and the first digital signature.
    Type: Grant
    Filed: June 21, 2019
    Date of Patent: March 8, 2022
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventor: Lucio D'orazio Pedro de Matos
  • Patent number: 11265170
    Abstract: An in-vehicle computer generates a message authentication code about its own log using its own signature key and thereby transmits a log annotated with its message authentication code to a vehicle information collection device. The vehicle information collection device generates the signature key of the in-vehicle computer, verifies the message authentication code, which is included in the log annotated with its message authentication code received from the in-vehicle computer, using generated signature key, and thereby stores the log relating to the successfully verified message authentication code on storage media.
    Type: Grant
    Filed: August 28, 2017
    Date of Patent: March 1, 2022
    Assignee: KDDI CORPORATION
    Inventors: Keisuke Takemori, Seiichiro Mizoguchi, Hideaki Kawabata, Ayumu Kubota
  • Patent number: 11263328
    Abstract: Disclosed are various examples for threat detection and security for edge devices in communication with Internet-of-Things (IoT) devices. In one example, a profile is associated with a virtual machine of a gateway device. The profile includes an expected behavior for the virtual machine. The virtual machine is executed by a hypervisor of the gateway device. An actual behavior for the virtual machine is determined. A remedial action is performed. The remedial action is based on an anomaly between the expected behavior and the actual behavior.
    Type: Grant
    Filed: January 17, 2019
    Date of Patent: March 1, 2022
    Assignee: VMWARE, INC.
    Inventors: Ian Ragsdale, Saurabh Agrawal, Kartik Patel, Santhosh Chandrashekarappa Irani
  • Patent number: 11258798
    Abstract: A method, an entity, and a system for managing access to data. The data is associated with metadata. At least one predetermined access policy for accessing metadata includes, for each client, at least one identifier relating to the client. An entity receives from at least one client device, a data access request that includes at least one identifier relating to the client. The entity determines, based on the associated access policy, whether the metadata access is authorized. If yes, the entity determines, based on the associated access policy, associated first data allowing to access the metadata. The entity accesses, based on the first data, the associated metadata. The entity accesses, based on the accessed metadata and the associated access policy, at least a part of the associated data, as a late dynamic binding of the metadata with the associated data (or a part of it).
    Type: Grant
    Filed: February 27, 2018
    Date of Patent: February 22, 2022
    Assignees: THALES DIS FRANCE SAS, THALES DIS CPL USA, Inc.
    Inventors: Didier Hugot, Asad Ali, Gorav Arora
  • Patent number: 11249681
    Abstract: A memory controller includes a random data generator configured to generate first random data based on write data and a first seed, the write data for storing in a selected page in a memory device; and a bit pattern determiner configured to generate data distribution information indicating whether the random data is a first type or a second type. The random data generator generates second random data when the data distribution information indicates the second type, the second random data being different from the first random data.
    Type: Grant
    Filed: December 12, 2019
    Date of Patent: February 15, 2022
    Assignee: SK HYNIX INC.
    Inventor: Ho Chan Moon
  • Patent number: 11250135
    Abstract: A programmable integrated circuit device includes a programmable core, a boot device configured to boot up the programmable core, and a one-time programmable memory module controlling life cycle states of the programmable integrated circuit device, including (i) an operational state during which programming resources of the programmable device are locked, and (ii) an inspection state in which the programming resources of the programmable device are accessible. The one-time programmable memory module is configured to allow unidirectional advance from the operational state to the inspection state, when authorized by a lock control circuit responsive to control signals from the boot device to authorize the unidirectional advance from the operational state to the inspection state. Authorization of the unidirectional advance may be limited to a time interval during a boot cycle of the programmable device. The unidirectional advance may be based on receipt of an authenticated request from a requester.
    Type: Grant
    Filed: July 31, 2019
    Date of Patent: February 15, 2022
    Assignee: Marvell Asia Pte, Ltd.
    Inventors: Minda Zhang, Tolga Nihat Aytek, Thomas Kniplitsch, Axel Dielmann
  • Patent number: 11250162
    Abstract: Methods, systems and computer program products for layered masking of data are described. A system receives content including personally identifiable information (PII). The system redacts the content by masking the PII. The system identifies the PII in multi-layer processing, where in each layer, the system determines a respective confidence score indicating a probability that a token is PII. If the confidence score is sufficiently high, the system masks the token. Otherwise, the system provides the token to a next layer for processing. The layers can include regular expression based processing, lookup table based processing, and machine learning based processing.
    Type: Grant
    Filed: December 23, 2019
    Date of Patent: February 15, 2022
    Assignee: Yodlee, Inc.
    Inventors: Vunnava Praveen, Syed Abid Hussain
  • Patent number: 11245731
    Abstract: Disclosed herein are techniques for protecting web applications from untrusted endpoints using remote browser isolation. In an example scenario, a browser isolation system receives a request from a client browser executing on a client device to connect with a remote application accessible via a private network. A surrogate browser is provided to facilitate communications between the client browser and the remote application. A security policy is enforced against the communications.
    Type: Grant
    Filed: October 27, 2020
    Date of Patent: February 8, 2022
    Assignee: Menlo Security, Inc.
    Inventors: Kowsik Guruswamy, Stephen John Stanley Thornhill, Andrew Peter Edward Prince, Joshua Frank Wharton
  • Patent number: 11244063
    Abstract: Example embodiments relate to a policy service employed to perform operations to: generate and maintain a data-set that comprises at least a column and a row that intersect at a cell; assign an access policy to a row or column of the data-set, wherein the access policy is defined by one or more access credentials required to receive access the cell that intersect with the row or column; receive a request to read the data-set from a user account, wherein the user account has an associated credential; filter the cell that intersects with the row or column of the data-set based on the access policy and the credential of the user account, in response to receiving the request from the user account; and provide the user account with access to the filtered data-set.
    Type: Grant
    Filed: June 11, 2018
    Date of Patent: February 8, 2022
    Assignee: Palantir Technologies Inc.
    Inventors: Brandon Krieger, Mark Elliot, Matthew Lynch
  • Patent number: 11237957
    Abstract: A realm management unit (RMU) 20 manages ownership of memory regions by realms, each realm corresponding to at least a portion of a software process executed by processing circuitry. Memory access circuitry 26 enforces ownership rights for the regions, with the owner realm having a right to exclude other realms from accessing data stored within its owned region. The RMU 20 controls transitions of memory regions between region states, including an invalid state 220, a valid state 222, and a scrub-commit state 800 in which the memory region is allocated to an owner realm, inaccessible to that owner realm until a scrubbing process has been performed for the memory region to set each storage location of the region to a value uncorrelated with a previous value stored in the storage location, and prevented from being reallocated to a different owner realm.
    Type: Grant
    Filed: October 11, 2018
    Date of Patent: February 1, 2022
    Assignee: Arm Limited
    Inventors: Jason Parker, Djordje Kovacevic, Gareth Rhys Stockwell, Matthew Lucien Evans
  • Patent number: 11240228
    Abstract: Aspects of the present invention disclose a method, computer program product, and system for performing a validation of authentication credentials from a user. The method includes one or more processors receiving authentication credentials input in an authentication session, the authentication credentials including a username and a password. The method further includes one or more processors generating a hash of the password of the received authentication credentials. In response to determining that the received authentication credentials are not valid, the method further includes one or more processors determining whether the generated hash of the password matches a stored hash associated with the username of the received authentication credentials.
    Type: Grant
    Filed: November 18, 2019
    Date of Patent: February 1, 2022
    Assignee: International Business Machines Corporation
    Inventors: Ruchika Bengani, Shikhar Kwatra, Zachary A. Silverstein, Craig M. Trim, Michael Seth Silverstein
  • Patent number: 11240209
    Abstract: Systems and methods for performing a data transfer in a data protection system are disclosed. A user interface is provided that includes a workflow. The workflow is effective to configure a data transfer by identifying the source of the data, the destination of the data, and the data itself. A data control process associated with the data protection system is performed to authenticate the requesting user and determine whether the user is authorized to access the data. The data is transferred in accordance with the data control process of the data protection system.
    Type: Grant
    Filed: August 30, 2019
    Date of Patent: February 1, 2022
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Shern S. Jauhal, Scott Quesnelle
  • Patent number: 11232216
    Abstract: Systems and methods are disclosed for generation of secure indexes that permit the querying or searching of encrypted data in a cryptographically-secure manner. In various embodiments, a filter gradient comprises a node identifier, a set membership filter, and an ordered genealogy (such that it comprises a filter that encodes a subset of the items encoded by its parent), and a FiG tree is a rooted tree with filter gradients (and, optionally, one or more dictionaries) as nodes such that each filter gradient uses a different hash. A HiiT data structure, in various embodiments, comprises a hash table that points to the rows of an inverted index table. In various embodiments, an oblivious pseudorandom function may be employed to mask, secure, and prepare the phrases for insertion into the secure indexes.
    Type: Grant
    Filed: July 16, 2020
    Date of Patent: January 25, 2022
    Assignee: Ionic Security Inc.
    Inventors: Adam Ghetti, Ryan Mark Speers, Jonathan Thomas Burns, Jeffrey Howard
  • Patent number: 11232222
    Abstract: In an access management system for managing access to data handled on a shared server, the data in a registered folder on the shared server is kept in secret through transform using an access key. A database in the system is configured to store identification information of n shares generated by splitting the access key using threshold secret sharing scheme in association with a data path of a folder assigned to a first user. Some of the shares are retained in the system as system shares and at least one remaining share is provided to the first user as a user share. When an access request is received along with a first user share from the first user, target data recovered using the access key recovered based on a number of shares that satisfies the quorum is deployed to the registered folder.
    Type: Grant
    Filed: December 26, 2017
    Date of Patent: January 25, 2022
    Assignee: ZENMUTECH, INC
    Inventors: Atsushi Kunii, Kiyoshi Tomomura
  • Patent number: 11233644
    Abstract: A secure device comprises a secure computing environment (SCE) that stores one or more cryptographic secrets, such as private keys, and is able to receive input from secure input devices such as a keypad or smartcard interface and provide output to secure output devices such as a secure display. The SCE provides safeguards against remote and physical exploits, erasing or rendering unusable the secrets in the event of actual or suspected exploit, protecting the secrets from compromise. The SCE may digitally sign internally generated messages or messages from an external device such as a smartphone. Message signing conditions may be checked and satisfied in the SCE before a digitally signed message is generated. Messages may be automatically signed if they satisfy specified conditions. The secure device may be used as part of a multisignature scheme in which a plurality of private keys are used to create a digital signature.
    Type: Grant
    Filed: August 7, 2018
    Date of Patent: January 25, 2022
    Assignee: GRIDPLUS INC.
    Inventors: Karl J. Kreder, III, Alexander Scot Miller, Mark Vincent D'Agostino, John R. Boyd, IV
  • Patent number: 11232190
    Abstract: A method for providing an attestation for enabling a device to attest to an assertion concerning the device, comprising: generating an attestation identifier and a base-secret code corresponding to the attestation identifier; providing the attestation identifier and a validation-secret code to a validation apparatus for storage in conjunction with the assertion, wherein the validation-secret code is based on the base-secret code; providing the attestation identifier and a device-secret code to a manufacturer or adapter for provision to a device, wherein the device-secret code is based on the base-secret code.
    Type: Grant
    Filed: October 4, 2019
    Date of Patent: January 25, 2022
    Assignee: Trustonic Limited
    Inventor: Richard Hayton
  • Patent number: 11227058
    Abstract: A method, computer program product, and computer system for storing, by a computing device, a data encryption key in a keystore. A plurality of stable system values may be generated, wherein a threshold number of the plurality of stable system values is required to access the data encryption key from the keystore. The plurality of stable system values may be stored in different locations. More stable system values of the plurality of stable system values than the threshold number of the plurality of stable system values required to access the data encryption key from the keystore may be deleted.
    Type: Grant
    Filed: July 30, 2019
    Date of Patent: January 18, 2022
    Assignee: EMC IP HOLDING COMPANY, LLC
    Inventors: Naizhong Chiu, Gregory W. Lazar, Grace L. Heard
  • Patent number: 11228595
    Abstract: Techniques are provided for evaluating the security of data access statements. Specifically, in one embodiment of the claimed subject matter there is provided a technique for evaluating the security of data access statements, comprising: evaluating the criticality of multiple SQL statements contained in multiple sessions accessing a database; generating a critical item set from the multiple sessions, each element in the critical item set indicating one or more SQL statements contained in a session; extracting at least one association rule from the critical item set, each of the at least association rule indicating a sequence of SQL statements contained in a session; and calculating the criticality of each of the at least one association rule.
    Type: Grant
    Filed: February 11, 2020
    Date of Patent: January 18, 2022
    Assignee: International Business Machines Corporation
    Inventors: Hao Feng, Sheng Yan Sun
  • Patent number: 11226867
    Abstract: Example implementations relate to encrypting data objects. In an example, data objects of a file system instance contained by a security domain are encrypted using a Data Encryption Key that is specific to the security domain and is wrapped by a Key Encryption Key shared exclusively within a cluster. A backup of the file system instance is created on a backup node. The backup includes at least some of the encrypted data objects. The DEK is sent to the backup node. The backup node cannot decrypt the backup unless the backup node is a member of the cluster and has access to the KEK to unwrap the DEK.
    Type: Grant
    Filed: April 29, 2019
    Date of Patent: January 18, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Gareth David Richards, Glenn S. Watkins, John Michael Czerkowicz
  • Patent number: 11222131
    Abstract: The present disclosure relates to a method for a secure storage, matching and linking of data records. The method comprises: receiving a current data record having one or more attributes, each attribute having an attribute value. For each attribute of at least part of the attributes a predefined set of variations of the attribute value of the attribute may be generated. The received attribute values may be encrypted resulting in an encrypted record and the generated sets of variations may be encrypted. The encrypted record may be stores in a storage system in association with the respective encrypted sets of variations.
    Type: Grant
    Filed: September 25, 2019
    Date of Patent: January 11, 2022
    Assignee: International Business Machines Corporation
    Inventors: Martin Oberhofer, Soma Shekar Naganna, Scott Schumacher, Abhishek Seth, Geetha Sravanthi Pulipaty
  • Patent number: 11216808
    Abstract: A message processing server includes a message processor, a network interface, and a memory storing a token database of multi-layer tokens. Each token in the database includes a plurality of encrypted data layers. The message processor receives, via the network interface, at least one authorization message that identifies one of the tokens, derives a first decrypted data layer from the first encrypted data layer of the token, and extracts from the first decrypted data layer a second pointer to a secondary database that stores a predetermined data value. The message processor excises the predetermined data value from the secondary database.
    Type: Grant
    Filed: October 5, 2016
    Date of Patent: January 4, 2022
    Assignee: The Toronto-Dominion Bank
    Inventors: Avinash Malliah, Roisin F. Fritz, Jonathan K. Barnett, John Jong Suk Lee, Paul Mon-Wah Chan, Orin Del Vecchio
  • Patent number: 11216597
    Abstract: A chip system comprising ROM code including a bootloader which runs whenever the chip is powered on; and programmable fuse array memory storing version identifiers, NVMs in which copies of a version of bootable firmware are stored, wherein a first identifier is stored including active major number and minor numbers, signed with a private key; wherein a second identifier is stored including recovery major and minor numbers, signed with said private key; and hardware which obeys a first command by the boot ROM code to disable until next system reset, writing to the recovery NVM other than to the bootloader, and obeys a second command, to lift write protection of the recovery NVM, wherein firmware images associated with both said versions, and both said identifiers, are signed with said private key, and the boot ROM code authenticates firmware image/s and said identifiers.
    Type: Grant
    Filed: May 14, 2020
    Date of Patent: January 4, 2022
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Moshe Alon, Avraham Fishman, Ben Bender, Boaz Tabachnik, Eyal Cohen
  • Patent number: 11218299
    Abstract: A software decryption key is injected into a computing device 2 having a secure execution environment 20 and a less secure execution environment 22. The key 38 is for decryption of software to be run on the computing device. A key injection software component 36 executed within the secure execution environment 20 is used to control storage of the software decryption key 38 in a protected state in which the software decryption key is unreadable in the clear from the key storage location by an external device or by program code executed in the less secure execution environment 22 of the computing device. Software provided to the device is decrypted based on the injected software decryption key 38.
    Type: Grant
    Filed: February 4, 2020
    Date of Patent: January 4, 2022
    Assignee: Trustonic Limited
    Inventors: Lukas Hanel, Mehdi Oukacha, Baptiste Gourdin