Tamper Resistant Patents (Class 713/194)
  • Patent number: 10754954
    Abstract: Provided is a method for securely exchanging information during application startup. A processor may send a request for a passphrase to one or more remote devices using a first out-of-band message. The processor may receive, from at least one of the remote devices, a response that includes the passphrase. The response may be a second out-of-band message. The processor may decrypt application startup data that is stored in a first configuration file for the application using the received passphrase. The application startup data may be necessary for the application to execute. The processor may then execute the application using the decrypted application startup data.
    Type: Grant
    Filed: May 21, 2018
    Date of Patent: August 25, 2020
    Assignee: International Business Machines Corporation
    Inventors: Rayne Anderson, Stephen S. Harding, Alpeshkumar Patel, Jiafu Yu
  • Patent number: 10742614
    Abstract: Aspects of the subject disclosure may include, for example, determining whether communications are encrypted, determining a communication type for the communications according to sensitivity criteria, encrypting the communications according to the communication type to generate encrypted communications, and transmitting to a second network device the encrypted communications. Other embodiments are disclosed.
    Type: Grant
    Filed: August 10, 2017
    Date of Patent: August 11, 2020
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: David Gross, Joshua Lackey, Donald E. Levy, Roger Piqueras Jover, Jayaraman Ramachandran, Cristina Serban
  • Patent number: 10733291
    Abstract: A device, such as a payment reader, may include one or more units capable of providing access to sensitive data. Such units may be connected to each other through tamper traces. A secure unit can send known keys or key-value pairs between the units using a multi-directional protocol. The keys or key-value pairs are then compared by the secure unit to monitor or detect a tamper event.
    Type: Grant
    Filed: June 11, 2018
    Date of Patent: August 4, 2020
    Assignee: Square, Inc.
    Inventor: Cameron McLeod
  • Patent number: 10721271
    Abstract: A method for detecting a phishing web page. The method, executable at a sever, comprises detecting at least one unique web page attribute that allows to identify a known phishing web page as a phishing web page; analyzing, by the server, the known phishing web page to determine at least one additional unique attribute indicative of the known phishing web page targeting a phishing target web resource; generating, by the server, at least one phishing detection rule that is based on the at least one unique attribute and the at least one additional attribute; storing the at least one phishing detection rule; receiving a new web page to be checked for phishing; applying the at least one phishing detection rule for analyzing the new web page; in response to the analyzing rendering a positive outcome, identifying the new web page as a phishing web page.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: July 21, 2020
    Assignee: TRUST LTD.
    Inventor: Dmitry Aleksandrovich Volkov
  • Patent number: 10715337
    Abstract: A conductor on glass security layer may be located within a printed circuit board (PCB) of a crypto adapter card or within a daughter card upon the crypto adapter card. The conductor on glass security layer includes a glass dielectric layer that remains intact in the absence of point force loading and shatters when a point load punctures or otherwise contacts the glass dielectric layer. The conductor on glass security layer also includes a conductive security trace upon the glass dielectric layer. A physical access attempt shatters a majority of the glass dielectric layer, which in turn fractures the security trace. A monitoring circuit that monitors the resistance of the conductive security trace detects the resultant open circuit or change in security trace resistance and initiates a tamper signal that which may be received by one or more computer system devices to respond to the unauthorized attempt of physical access.
    Type: Grant
    Filed: November 13, 2017
    Date of Patent: July 14, 2020
    Assignee: International Business Machines Corporation
    Inventors: Gerald K. Bartley, Darryl J. Becker, Matthew S. Doyle, Mark J. Jeanson, Mark O. Maxson
  • Patent number: 10706651
    Abstract: Systems and methods are provided and include a sensor that is configured to generate a first link key data packet. A control module of a vehicle is configured to generate a second link key data packet. In response to (i) a first authenticated response of the first link key data packet matching a second authenticated response of the second link key data packet and (ii) a user device being connected to a communication gateway of the control module by a Bluetooth low energy (BLE) communication link, the sensor is configured to communicate signal information to the control module using a hardwire link that electrically couples the control module and the sensor. The signal information includes information corresponding to physical characteristics of the BLE communication link.
    Type: Grant
    Filed: March 20, 2019
    Date of Patent: July 7, 2020
    Assignees: DENSO International America, Inc., DENSO CORPORATION
    Inventor: Kyle Golsch
  • Patent number: 10708284
    Abstract: In one embodiment, a device in a network maintains a plurality of machine learning-based detectors for an intrusion detection system. Each detector is associated with a different portion of a feature space of traffic characteristics assessed by the intrusion detection system. The device provides data regarding the plurality of detectors to a user interface. The device receives an adjustment instruction from the user interface based on the data provided to the user interface regarding the plurality of detectors. The device adjusts the portions of the feature space associated with the plurality of detectors based on the adjustment instruction received from the user interface.
    Type: Grant
    Filed: July 7, 2017
    Date of Patent: July 7, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Martin Kopp, Petr Somol, Tomas Pevny, David McGrew
  • Patent number: 10706171
    Abstract: Method for providing a secure mode for mobile applications including: configuring which applications should be available in secure mode; defining in the mobile operating system kernel, rules and privileges for applications defined for the secure mode; checking continuously if the secure mode is enabled by the user; if the security mode is enabled by the user, then the operating system kernel searches all processes and applications running on the operating system, suspend) the system applications not configured to be available in secure mode, hides the protected application, restricts inter-process communications and enforce privilege escalation events and enables access to application files protected by the protected application user Id; and if the security mode is disabled by the user, then the kernel releases all processes and applications that were stopped by the secure mode and denies any access to the protected application files.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: July 7, 2020
    Assignee: SAMSUNG ELECTRÔNICA DA AMAZÔNIA LTDA.
    Inventors: Breno Silva Pinto, Felipe Caye Batalha Boeira, Pedro Henrique Minatel, Brunno Frigo Da Purificação
  • Patent number: 10686829
    Abstract: A method including extracting, from initial data transmitted on a network, multiple events, each of the events including a user accessing a resource. First and second sets of records are created, each first set record including a sub-group of the events of a user, each second set record including a sub-group of the events of a multiple users during respective sub-periods of a training period. Safe labels are assigned to the first set records and suspicious labels are assigned to the second set records. An analysis fits, to the first and the second set records and their respective labels, a model for predicting the label for a given record. The model filters subsequent network data to identify, in the subsequent data, sequences of events predicted to be labeled suspicious by the model, and upon detecting a given sequence of events predicted as suspicious by the model, an alert is generated.
    Type: Grant
    Filed: September 4, 2017
    Date of Patent: June 16, 2020
    Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.
    Inventors: Idan Amit, Eyal Firstenberg, Jonathan Allon, Yaron Neuman
  • Patent number: 10686806
    Abstract: According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classifier computer, coupled to the plurality of monitoring nodes, may receive the series of current monitoring node values and generate a set of current feature vectors. The node classifier computer may also access at least one multi-class classifier model having at least one decision boundary. The at least one multi-class classifier model may be executed and the system may transmit a classification result based on the set of current feature vectors and the at least one decision boundary. The classification result may indicate, for example, whether a monitoring node status is normal, attacked, or faulty.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: June 16, 2020
    Assignee: General Electric Company
    Inventors: Masoud Abbaszadeh, Lalit Keshav Mestha, Weizhong Yan
  • Patent number: 10642786
    Abstract: Methods, apparatuses, and embodiments related to improving security of data that is stored and distributed over a data network. In an example, source data to be protected is partitioned into multiple files, and each file is obfuscated, such as by being encrypted, to created multiple obfuscated data files. Information as to how each obfuscated data file was obfuscated is stored in an associated trace file. The multiple obfuscated data files are moved around a data network via a data movement process that includes sending each of the multiple obfuscated data files to a different randomly selected computer, where the computer further obfuscates the obfuscated data the trace file, and sends the further obfuscated data and trace file to a next randomly selected computer. In an example, the various operations for improving security may be performed by an integrated circuit, such as a system-on-chip (SoC) or application-specific integrated circuit (ASIC).
    Type: Grant
    Filed: April 1, 2019
    Date of Patent: May 5, 2020
    Assignee: CryptoMove, Inc.
    Inventor: Boris Burshteyn
  • Patent number: 10630722
    Abstract: A system and method are disclosed for controlling a restricted ecosystem of software applications. The method may include originating software applications from a vendor, associating a collection of the software applications with a user, controlling the distribution of the collection of software applications to the user, controlling access to the collection of software applications based on user credentials, and controlling the installing and updating of the collection of software applications. The method may additionally include executing a first software application from the collection of software applications, executing a second software application, and transferring data from the first software application to the second software application. The method may additionally include transferring data from the first software application to a web service.
    Type: Grant
    Filed: February 20, 2019
    Date of Patent: April 21, 2020
    Assignee: JPMORGAN CHASE BANK, N.A.
    Inventors: Gil McErlane, Raj Sharma, Gene Fernandez, Rory Macdonald
  • Patent number: 10620946
    Abstract: A method may include initiating a static analysis of code, identifying an opaque function during the static analysis, and modeling the opaque function by: generating, using an abstract state of the static analysis, sample inputs for the opaque function, collecting outputs for the opaque function by executing, using the abstract state, the opaque function with the sample inputs, and updating the abstract state using the outputs.
    Type: Grant
    Filed: October 23, 2018
    Date of Patent: April 14, 2020
    Assignee: Oracle International Corporation
    Inventors: Alexander Jordan, Joonyoung Park
  • Patent number: 10614217
    Abstract: An integrated circuit includes functional circuitry such as a processing core, memory interfaces, cryptographic circuitry, etc. The integrated circuit also includes protection circuitry to protect the functional circuitry of the integrated circuit against attacks by hidden channels. The protection circuitry, for each of a series of successive periods of time, selects a configuration of the functional circuitry from a set of configurations of the functional circuitry, sets a duration of the period of time, and applies the selected configuration of the functional circuitry for the set duration of the period of time.
    Type: Grant
    Filed: July 25, 2017
    Date of Patent: April 7, 2020
    Assignees: STMICROELECTRONICS (ROUSSET) SAS, PROTON WORLD INTERNATIONAL N.V.
    Inventors: Jean-Louis Modave, Fabrice Marinet, Michael Peeters
  • Patent number: 10594705
    Abstract: Disclosed herein are new methods and systems for detecting obfuscated programs. We build a recursive traversal disassembler that extracts the control flow graph of binary files. This allows us to detect the presence of interleaving instructions, which is typically an indication of the opaque predicate anti-disassembly trick. Our detection system uses some novel features based on referenced instructions and the extracted control flow graph that clearly distinguishes between obfuscated and normal files. When these are combined with a few features based on file structure, we achieve a very high detection rate of obfuscated files.
    Type: Grant
    Filed: October 6, 2016
    Date of Patent: March 17, 2020
    Inventors: Shouhuai Xu, Moustafa Elsayed Saleh, Edward Paul Ratazzi
  • Patent number: 10592393
    Abstract: A method for firmware debug trace capture includes creating a hand-off block (“HOB”), capturing first debug trace statements during a boot sequence of a computer and writing the first debug trace statements to the HOB. A trace memory buffer can be created and the first debug trace statements can be copied from the HOB to the trace memory buffer. Second debug trace statements are captured during the boot sequence and appended to the trace memory buffer. In some configurations, the first debug trace statements can be written to the HOB during the pre-Extensible Firmware Interface initialization (“PEI”) phase of the boot sequence and the second debug trace statements can be written to the trace memory buffer during the driver execution (“DXE”) phase of the boot sequence.
    Type: Grant
    Filed: August 31, 2018
    Date of Patent: March 17, 2020
    Assignee: AMERICAN MEGATRENDS INTERNATIONAL, LLC
    Inventors: Michael Harry Deiderich, III, Matthew Hoffmann, Thomas Gilreath
  • Patent number: 10595197
    Abstract: The disclosure provides a client device for hearing device communication and related method. The client device comprises a processing unit, a memory unit, and an interface. The processing unit is configured to send a session request for a session to the hearing device via the interface. The processing unit is configured to receive a session response from the hearing device via the interface. The processing unit is configured to obtain a session key based on e.g. the session response. The processing unit is configured to determine hearing device data and/or to generate session data e.g. based on the session key and the hearing device data. The processing unit is configured to send the session data to the hearing device via the interface.
    Type: Grant
    Filed: July 10, 2018
    Date of Patent: March 17, 2020
    Assignee: GN HEARING A/S
    Inventors: Brian Dam Pedersen, Allan Munk Vendelbo
  • Patent number: 10574632
    Abstract: The system and method for secure sharing of a source code is disclosed. The method comprises. The method comprises receiving a source code associated with an application, and a defect identification number associated with a defective feature in the application. The method comprises identifying a defective feature of an application and non-defective features of the application based on a defect investigation methodology. The method comprises generating a checkout ID associated with the application and further generates a secured second set of source code based on one of an encryption methodology and an obfuscating methodology. The method further comprises providing a secured source code to a third party for debugging the defective feature in the application.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: February 25, 2020
    Assignee: HCL Technologies Limited
    Inventors: Simy Chacko, Suresh Naidu P, Shiva Sholayappan, S U M Prasad Dhanyamraju
  • Patent number: 10567398
    Abstract: A method executable via operation of configured processing circuitry to identify applications by remote monitoring may include initiating remote communication with a target device through an access point, the access point providing network access to the target device, providing a series of ping messages to the target device via the access point to determine a delay signature of an application running on the target device, comparing the delay signature of the application to a plurality of malware traffic signatures stored in a malware traffic signature library, and determining a matching score between the delay signature of the application and at least some of the malware traffic signatures.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: February 18, 2020
    Assignee: The Johns Hopkins University
    Inventor: Lanier A. Watkins
  • Patent number: 10553062
    Abstract: A method for generating target winning numbers is provided. The method implemented by a first node includes: receiving, in a first period of time, n encrypted random parameters sent by n second nodes in a system, where n is a positive integer; receiving, in a second period of time, n mapping relationships and n keys that are sent by the n second nodes, where each mapping relationship is a one-to-one mapping relationship between an encrypted random parameter and a key; and decrypting, in a third period of time, the n encrypted random parameters by using the n mapping relationships and the n keys, to obtain a target random parameter set, and generating target winning numbers by using the target random parameter set, so that each node can generate the winning numbers and verify impartiality of the winning numbers, thereby increasing randomness of a random parameter.
    Type: Grant
    Filed: March 8, 2018
    Date of Patent: February 4, 2020
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Shang Gao, Heng Liao
  • Patent number: 10554718
    Abstract: Embodiments described herein are related to providing an improved quality of experience (QoE) for users consuming video content. An improved QoE may be provided to a user by allocating an appropriate bandwidth at which content is provided to the user. The appropriate bandwidth may be determined by an application function of the communications network used to provide the content to the user. The application function analyzes messages received from the content provider to determine characteristics of the content, determines the appropriate bandwidth accordingly, and generates a policy control rule to be enforced by the communications network when transmitting the content. Alternatively, a mobile device used to engage in the content determines the appropriate bandwidth at which video is to be transmitted thereto. The determined bandwidth is provided to the application function, which generates a policy control rule to be enforced by the communications network based on the determined bandwidth.
    Type: Grant
    Filed: December 20, 2016
    Date of Patent: February 4, 2020
    Assignee: Tambora Systems Singapore Pte. Ltd.
    Inventors: Anand Uppili, Pothirajan Kandasamy, Ganesh Ramachandran Vaidyanathan, Raghu Govardhana, Mahesh Chindi
  • Patent number: 10547461
    Abstract: An integrated circuit device includes first and second semiconductor die and a physically unclonable function (PUF). The second semiconductor die is attached, at least partially, to the first semiconductor die using the PUF. The PUF includes a plurality of conductive paths formed between the first semiconductor die and the second semiconductor die. The PUF controller is coupled to the PUF for generating a digital value based on a characteristic of each conductor of the plurality of conductive paths. The digital value logically binds the first semiconductor die to the second semiconductor die. The first semiconductor die may include a nonvolatile memory and the digital value may be an encryption key for encrypting data stored in the nonvolatile memory.
    Type: Grant
    Filed: March 7, 2017
    Date of Patent: January 28, 2020
    Assignee: NXP B.V.
    Inventor: Sebastien Riou
  • Patent number: 10536538
    Abstract: Techniques of implementing out-of-band data erasure verification in computing systems are disclosed herein. In one embodiment, a method includes receiving a verification instruction from a system administrator. In response to and based on the received verification instruction, the method includes selecting a set of persistent storage devices to which data erasure verification is to be performed. The method also includes relaying the verification instruction to additional computing devices in additional enclosures, thereby causing data erasure verification on one or more additional persistent storage devices in the additional enclosures be performed generally in parallel to performing data erasure verification on the subset of persistent storage devices in one of the enclosures.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: January 14, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ashish Munjal, Laura Caulfield, Lee Progl, Uuganjargal Khanna
  • Patent number: 10521613
    Abstract: An adaptive standalone secure software that is going to be distributed/sold to users potentially all over the world. By placing in a secure server some of the features of the secure software, the security of such software is increased. The software will adapt to the current user and conditions of usage by moving the appropriate software features to and from the secure server. A public key cryptography (or asymmetric key) algorithm technique is used for the communication between the protected software and the secure server. This patent also includes an analysis of intruders and describes possible responses to detected threats including covert actions. This patent is Cyber-Ecologically aware.
    Type: Grant
    Filed: August 8, 2018
    Date of Patent: December 31, 2019
    Inventor: Carlos Manuel Gonzalez
  • Patent number: 10509918
    Abstract: Described is a system for protecting sensitive information that is hardcoded in polynomial-size ordered binary decision diagram (POBDD) form. A software executable represented as a POBDD having sensitive information embedded therein is obfuscated into an obfuscated POBDD. An input query on the obfuscated POBDD is evaluated, and the sensitive information is revealed only if the input query is a correct input. Thus, an adversary is prevented from extracting the sensitive information embedded in the POBDD.
    Type: Grant
    Filed: September 19, 2016
    Date of Patent: December 17, 2019
    Assignee: HRL Laboratories, LLC
    Inventors: Chongwon Cho, Karim El Defrawy
  • Patent number: 10511442
    Abstract: In a method and system for responding to an unauthorized action on a mobile communications device, a cryptographic key is destroyed. The destruction of the cryptographic key is followed by initiating a boot sequence at the mobile communications device where the device is booted into a kernel that restricts operation of the mobile communications device to communications with a server.
    Type: Grant
    Filed: August 23, 2018
    Date of Patent: December 17, 2019
    Assignee: Lookout, Inc.
    Inventors: Marc William Rogers, Brian James Buck
  • Patent number: 10477151
    Abstract: A method and apparatus for brokering the enablement of the communication of encrypted media programs from a plurality of independent broadcasters to a plurality of receivers is disclosed. The system makes use of a pairing key for each provided service, which is differently encrypted by a pairing server and by the broadcaster providing the service. The encrypted versions of the pairing key are decrypted in a first receiver module using information known to the pairing service but not the broadcaster and in a second receiver module using information known to the broadcaster. The pairing key is used to cryptographically bind the first and second receiver modules.
    Type: Grant
    Filed: July 17, 2017
    Date of Patent: November 12, 2019
    Assignee: INSIDE SECURE
    Inventors: Ronald P. Cocchi, Gregory J. Gagnon, Dennis R. Flaharty, Michael A. Gorman, Jacob T. Carson, Matthew A. Skubiszewski
  • Patent number: 10454671
    Abstract: Systems and methods for securing communications in a playback device using a key base and at least one key contribution in accordance with embodiments of the invention are disclosed. In one embodiment, a process includes generating a key base using a decryption key and at least one key contribution, where the decryption key can be recovered using the key base and the at least one key contribution, receiving the key base, receiving the at least one key contribution, sending the key base to a decryption module, sending the key contribution to a control module, performing a control feature on the piece of content using the control module, providing the key contribution to the decryption module when the control feature is performed, generating the decryption key using the key base and the at least one key contribution, and accessing at least a portion of the piece of content.
    Type: Grant
    Filed: October 15, 2015
    Date of Patent: October 22, 2019
    Assignee: Verimatrix, Inc.
    Inventors: Niels J. Thorwirth, Petr Peterka, Klaus Schenk, Ingo Barth
  • Patent number: 10445530
    Abstract: An apparatus for intrusion detection includes processing circuitry, a switch, signal detection circuitry, and an analog-to-digital converter (“ADC”). The processing circuitry is coupled to send a challenge signal to a device when the device is coupled to the processing circuitry. The switch is coupled to be enabled and disabled by the processing circuitry. The switch is for coupling to the device to receive a response signal in response to the challenge signal sent by the processing circuitry. The signal detection circuitry is coupled to receive the response signal in via the switch, when the processing circuitry enables the switch. The ADC is coupled to take measurements of the signal detection circuitry at a first output. The processing circuitry is coupled to the ADC and configured to analyze whether an intruder is present in the device based on the measurements of the signal detection circuitry.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: October 15, 2019
    Assignee: National Technology & Engineering Solutions of Sandia, LLC
    Inventor: Nathan J. Edwards
  • Patent number: 10438513
    Abstract: The invention provides a processor device having an executable, white-box-masked implementation of a cryptographic algorithm implemented thereon. The white-box masking comprises an affine mapping A, which is so designed that every bit in the output values w of the affine mapping A depends on at least one bit of the obfuscation values y, thereby attaining that the output values w of the affine mapping A are statistically balanced.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: October 8, 2019
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Hermann Drexler, Sven Bauer, Jürgen Pulkus
  • Patent number: 10423492
    Abstract: A flash memory device includes a flash memory configured to store a plurality of pages and a control circuit coupled to the flash memory. The control circuit is configured to retrieve data from a page of the flash memory, determine a number of zeroes or ones of the retrieved data, determine whether the number is between a first value and a second value, and determine that the retrieved data has one or more errors based on determining that the number is not between the first value and the second value.
    Type: Grant
    Filed: January 31, 2017
    Date of Patent: September 24, 2019
    Assignee: SK Hynix Inc.
    Inventor: Yungcheng Thomas Lo
  • Patent number: 10423799
    Abstract: A method for integrating a new secure datacenter into a data storage network is provided. The method detects, by an accessible datacenter connected to the data storage network, the new secure datacenter connected to the data storage network, wherein the new secure datacenter includes a high security level that prevents user access, and wherein the accessible datacenter includes a decreased security level that permits user access; expands a storage layer in the accessible datacenter, by increasing available storage hardware of the accessible datacenter; connects a data pipeline from the new secure datacenter to the storage layer in the accessible datacenter, wherein the data pipeline comprises dedicated servers configured to buffer data, orchestrate a cluster of servers, and push data from the new secure datacenter to the accessible datacenter; and provides end user access to the storage layer.
    Type: Grant
    Filed: April 28, 2016
    Date of Patent: September 24, 2019
    Assignee: salesforce.com, inc.
    Inventors: Dmytro Melanchenko, Christina Martin Patrick, Noel Augustus Golding, Jr.
  • Patent number: 10419470
    Abstract: A computer program product for performing anomaly detection, a detected anomaly being indicative of an undesirable event, the computer program product comprising a non-transitory tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising receiving data comprising a plurality m of multidimensional datapoints (MDDPs), each data point having n features, constructing a dictionary D based on the received data, embedding dictionary D into a reduced dimension embedded space and classifying, based in the reduced dimension embedded space, an MDDP as an anomaly or as normal.
    Type: Grant
    Filed: November 25, 2018
    Date of Patent: September 17, 2019
    Assignee: ThetaRay Ltd
    Inventors: David Segev, Gil Shabat
  • Patent number: 10419434
    Abstract: A device protects an incoming multimedia signal with a protection that is controllable and configured for enabling or disabling an application for an interface protection on an outgoing signal coming from the incoming signal. An output interface is configured for delivering the outgoing signal on an output. An authorization process is performed for authorizing or otherwise a control over the enabling or disabling of the interface protection application depending on security rules.
    Type: Grant
    Filed: November 22, 2016
    Date of Patent: September 17, 2019
    Assignee: STMicroelectronics SA
    Inventor: Jocelyn Leheup
  • Patent number: 10403174
    Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented thereon that is white-box-masked by a function f. The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T? by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. The affine mapping A is constructed by a construction method coordinated with the invertible mappings c1, c2, and etc.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: September 3, 2019
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Hermann Drexler, Sven Bauer, Jürgen Pulkus
  • Patent number: 10379781
    Abstract: A storage system and method for improved command flow are provided. In one embodiment, a storage system receives a request from a host for an indication of which command(s) stored in the storage system are ready for execution; in response to the request, provides the host with the indication of which command(s) stored in the storage system are ready for execution; receives an instruction from the host to execute a command that is ready for execution; and in response to the instruction from the host to execute the command, performs both of the following: executes the command and provides the host with an updated indication of which command(s) stored in the storage system are ready for execution, wherein the storage system provides the host with the updated indication without receiving a separate request from the host for the updated indication. Other embodiments are provided.
    Type: Grant
    Filed: April 20, 2016
    Date of Patent: August 13, 2019
    Assignee: SANDISK TECHNOLOGIES LLC
    Inventor: Boris Yarovoy
  • Patent number: 10282120
    Abstract: The present disclosure discloses a method and apparatus for inserting a disk. The method comprises: detecting whether a to-be-inserted disk has a drive letter identifier, wherein the drive letter identifier is acquired by a server through: acquiring a universally unique identifier of the disk; querying a correspondence between the universally unique identifier and a device name, acquiring the device name of the disk, analyzing the device name of the disk to generate a drive letter value of the disk, and generating a drive letter identifier for the disk; acquiring the drive letter value in response to detecting the disk identifier; determining whether the device name associated with the drive letter value is allocated to a different disk; and defining the device name of the disk based on the drive letter value so as to insert the disk if the device name is not allocated to the different disk.
    Type: Grant
    Filed: October 2, 2017
    Date of Patent: May 7, 2019
    Assignee: BEIJING BAIDU NETCOM SCIENCE AND TECHNOLOGY CO., LTD.
    Inventors: Rui Zhao, Yu Zhang
  • Patent number: 10243937
    Abstract: A method of performing an equality check in a secure system, including: receiving an input v having a known input property; splitting the input v into t secret shares vi where i is an integer index and t is greater than 1; splitting an input x into k secret shares xi where i is an integer index and k is greater than 1; splitting the secret shares xi into a s chunks resulting in s·k chunks yj where j is an integer index; calculating a mapping chain t times for each secret share vi, wherein the mapping chain including s·k affine mappings Fj, wherein yj and Fj?1(yj?1) are the inputs to Fj and the F0(y0)=vi; and determining if the outputs have a known output property indicating that the input x equals a desired value.
    Type: Grant
    Filed: July 8, 2016
    Date of Patent: March 26, 2019
    Assignee: NXP B.V.
    Inventor: Wilhelmus Petrus Adrianus Johannus Michiels
  • Patent number: 10194113
    Abstract: The present invention discloses a video signal switching circuit and switching method. The switching circuit includes: a regulating circuit connected to a first cable and configured to regulate the first cable to be in a pull-up state or a released state; a detection circuit connected to the first cable and configured to detect a first voltage value on the first cable when the first cable is in the pull-up state or detect a second voltage value on the first cable when the first cable is in the released state; and a controller configured to determine a change in the first voltage value or the second voltage value from the detection circuit, wherein the controller controls a second cable to transmit the video signal when determining that the second voltage value increases, or the controller controls the first cable to transmit the video signal when determining that the first voltage value decreases.
    Type: Grant
    Filed: December 11, 2015
    Date of Patent: January 29, 2019
    Assignee: HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO., LTD.
    Inventors: Peng Yin, Huan Zhang, Qiufang Liang
  • Patent number: 10171485
    Abstract: Approaches for providing security in a networked computing environment are provided. The method includes detecting, by at least one computer device, a breach of a first system in the networked computing environment. The method also includes identifying a second system in the in the networked computing environment as an at-risk system based on a proximity of the second system to the first system. The method additionally includes re-generating, by the at least one computer device, the second system as a new system at a new location in the networked computing environment. The method further includes converting, by the at least one computer device, the second system to a decoy system.
    Type: Grant
    Filed: December 13, 2017
    Date of Patent: January 1, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Gregory J. Boss, Rick A. Hamilton, II, Jeffrey R. Hoy, Agueda M. H. Magro
  • Patent number: 10157248
    Abstract: The invention relates to a method and an apparatus for designing a circuit suitable for generating random bits and to a circuit for generating random bits. A random bit string which is used as a binary random number is generated, for example. The proposed method and the apparatus as well as the circuit are used to implement random number generators, for example. A jth specific function from a set of bijective mappings is selected as the jth function, wherein the jth specific function carries out a jth fixed-point-free mapping. At least one ith mapping device is then selected. An ith specific function from a set of bijective mappings is assigned to the ith function, with the result that an ith concatenation of the i functions carries out an ith fixed-point-free mapping.
    Type: Grant
    Filed: September 17, 2014
    Date of Patent: December 18, 2018
    Assignee: Siemens Aktiengesellschaft
    Inventors: Pascale Böffgen, Markus Dichtl
  • Patent number: 10121144
    Abstract: In order to validate a user to facilitate conducting a high-valued financial transaction via wireless communication between an electronic device (such as a smartphone) and another electronic device (such as a point-of-sale terminal), the electronic device may authenticate the user prior to the onset of the high-valued financial transaction. In particular, a secure enclave processor in a processor may provide local validation information that is specific to the electronic device to a secure element in the electronic device when received local authentication information that is specific to the electronic device (such as a biometric identifier of the user) matches stored authentication information. Moreover, an authentication applet in the secure element may provide the local validation information to an activated payment applet in the secure element. This may enable the payment applet to conduct the high-valued financial transaction via wireless communication, such as near-field communication.
    Type: Grant
    Filed: September 2, 2014
    Date of Patent: November 6, 2018
    Assignee: Apple Inc.
    Inventor: Ahmer A. Khan
  • Patent number: 10108821
    Abstract: A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: October 23, 2018
    Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Hideki Matsushima, Teruto Hirota, Yukie Shoda, Shunji Harada
  • Patent number: 10108380
    Abstract: An information processing apparatus includes an information holding unit that holds pieces of information acquired from an external apparatus; an execution unit that reads a partial program having specific information, among the pieces of information acquired from the external apparatus, described therein, and executes a program including the partial program with reference to the pieces of information held in the information holding unit.
    Type: Grant
    Filed: October 20, 2017
    Date of Patent: October 23, 2018
    Assignee: FUJI XEROX CO., LTD.
    Inventors: Satoshi Takaoka, Kiyoko Shimadate
  • Patent number: 10061922
    Abstract: Systems and methods for malware detection techniques, which detect malware by identifying the C&C communication between the malware and the remote host. In particular, the disclosed techniques distinguish between request-response transactions that carry C&C communication and request-response transactions of innocent traffic. Individual request-response transactions may be analyzed rather than entire flows, and fine-granularity features examined within the transactions. As such, these methods and systems are highly effective in distinguishing between malware C&C communication and innocent traffic, i.e., in detecting malware with high detection probability and few false alarms.
    Type: Grant
    Filed: April 30, 2013
    Date of Patent: August 28, 2018
    Assignee: Verint Systems Ltd.
    Inventors: Yuval Altman, Assaf Yosef Kere, Ido Krupkin, Pinhas Rozenblum
  • Patent number: 10055568
    Abstract: Embodiments of the present invention disclose a method, computer program product, and device for accessing encrypted data. A communication link may be established between an authorization dongle and a secure device having encrypted data stored thereon. A communication link may also be established between the authorization dongle and a secure server. An encryption key associated with the encrypted data may be received from the secure server. The encryption key may be stored in volatile memory on the authorization dongle. An indication that a user is attempting to access the encrypted data may be received. The encryption key may be transmitted from the authorization dongle to the secure device in response to the user attempting to access the encrypted data.
    Type: Grant
    Filed: September 1, 2017
    Date of Patent: August 21, 2018
    Assignee: International Business Machines Corporation
    Inventors: Timothy Biesecker, Louie A. Dickens, Mark S. Fleming
  • Patent number: 10045207
    Abstract: The disclosure provides a client device for hearing device communication and related method. The client device comprises a processing unit, a memory unit, and an interface. The processing unit is configured to send a session request for a session to the hearing device via the interface. The processing unit is configured to receive a session response from the hearing device via the interface. The processing unit is configured to obtain a session key based on e.g. the session response. The processing unit is configured to determine hearing device data and/or to generate session data e.g. based on the session key and the hearing device data. The processing unit is configured to send the session data to the hearing device via the interface.
    Type: Grant
    Filed: November 9, 2016
    Date of Patent: August 7, 2018
    Assignee: GN HEARING A/S
    Inventors: Brian Dam Pedersen, Allan Munk Vendelbo
  • Patent number: 10037425
    Abstract: Suspicious file prospecting activity is detected based on patterns of file system access. A user's file system access is monitored over a specific time period. A sequence of the file accesses (e.g., represented as path names) made by the user during the time period is recorded. Distances between the recorded file accesses are determined, for example as edit distances. A distance sequence is recorded, comprising a record of the determined distances. The distance sequence is reduced to one or more baseline statistics describing the pattern of the user's access of the file system during the given period of time. At least one subsequent anomaly in the user's access of the file system is detected, by comparing at least one subsequently calculated statistic representing at least one subsequent pattern of the user's file system access to the at least one baseline statistic.
    Type: Grant
    Filed: August 26, 2015
    Date of Patent: July 31, 2018
    Assignee: Symantec Corporation
    Inventors: Aleatha Parker-Wood, Andrew Gardner
  • Patent number: 10033644
    Abstract: A flow in a flow set having an access control (“AC”) policy assigned is monitored. A bandwidth used by the flow is determined. One or more packets associated with the flow are selectively dropped based on at least one of the used bandwidth and the AC policy.
    Type: Grant
    Filed: February 12, 2013
    Date of Patent: July 24, 2018
    Assignee: Adara Networks, Inc.
    Inventor: Randall Stewart
  • Patent number: 9959394
    Abstract: The invention relates to a device for decrypting protected content and for providing the decrypted content for playback. The device comprises one or more system software modules providing functions for facilitating the decryption of the protected content and at least one client software module assigned to a provider of protected content. The client software module is adapted to access functions of the system software modules in order to control the system software to decrypt the protected content of the provider. Moreover, the device is adapted to validate the system software and/or a further client software module and to prevent the decryption and/or provision of the protected content of the provider, if the system software and/or the further client software module are not validated successfully.
    Type: Grant
    Filed: June 10, 2015
    Date of Patent: May 1, 2018
    Assignee: VODAFONE GMBH
    Inventors: Marnix Vlot, Christoph Schaaf