Tamper Resistant Patents (Class 713/194)
  • Patent number: 11373011
    Abstract: A security module is disclosed. In embodiments, the security module includes a common host platform configured to co-host a plurality of certified functions via a plurality of interconnected hardware resources. The common host platform may be configured to host a first certified function independently certified via a first certifying authority, and a second certified function independently certified via a second certifying authority. The first certified function may be hosted on a first sub-set of dedicated hardware resources and a first sub-set of shared hardware resources. The second certified function may hosted on a second sub-set of dedicated hardware resources and the first sub-set of shared hardware resources including one or more hardware resources shared with the first certified function.
    Type: Grant
    Filed: July 1, 2019
    Date of Patent: June 28, 2022
    Assignee: Rockwell Collins, Inc.
    Inventors: James A. Marek, Sarah A. Miller, Adriane R. Van Auken
  • Patent number: 11372893
    Abstract: A method and architecture allow labeled data to be initialized and curated by the use of label propagation, clustering and creation of dedicated classifiers for each dataset. These dedicated classifiers are retrained as the dataset grows and ensure that each dataset is kept free from outliers and noise.
    Type: Grant
    Filed: June 1, 2018
    Date of Patent: June 28, 2022
    Assignee: NTT SECURITY HOLDINGS CORPORATION
    Inventors: Daniel Dalek, Himanshu Sinha, Josefin Axberg
  • Patent number: 11366899
    Abstract: A secure Integrated Circuit (IC) includes functional circuitry, and protection circuitry configured to protect the functional circuitry against fault-injection attacks. The protection circuitry includes a plurality of digital detection cells, and protection logic. The detection cells have respective inputs and outputs and are connected output-to-input in at least a chain. In response to a fault-injection attack, a given detection cell in the chain is configured to toggle an output that drives an input of a subsequent detection cell in the chain, thereby causing a pulse to propagate along the chain. The protection logic is configured to receive the pulse from the chain and initiate a responsive action.
    Type: Grant
    Filed: February 18, 2020
    Date of Patent: June 21, 2022
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Yuval Kirschner, Ziv Hershman, Tamir Golan
  • Patent number: 11354218
    Abstract: Provided is a system and method for generating a subset of optimal variations of a software program which allow some statements of the control flow to be exposed to side channels. Furthermore, the subset of optimal variations may be selected based on a security and a performance trade-off analysis. In one example, the method may include identifying a set of statements within a control flow of a software program, generating a plurality of variations of the software program which comprise different subsets of statements which are exposed to side channels, respectively, determining one or more pareto-optimal variations of the software program based on side channel leakage values and performance values of the plurality of variations of the software program, and outputting information about the one or more pareto-optimal variations of the software program to a user device.
    Type: Grant
    Filed: May 6, 2020
    Date of Patent: June 7, 2022
    Assignee: SAP SE
    Inventors: Andreas Fischer, Jonas Janneck, Joern Kussmaul, Nikolas Kraetzschmar, Florian Kerschbaum
  • Patent number: 11349635
    Abstract: Described herein are systems and methods that prevent against fault injection attacks. In various embodiments this is accomplished by taking advantage of the fact that an attacker cannot utilize a result that has been faulted to recover a secret. By using infective computation, an error is propagated in a loop such that the faulted value will provide to the attacker no useful information or information from which useful information may be extracted. Faults from a fault attack will be so large that a relatively large number of bits will change. As a result, practically no secret information can be extracted by restoring bits.
    Type: Grant
    Filed: October 8, 2019
    Date of Patent: May 31, 2022
    Assignee: Maxim Integrated Products, Inc.
    Inventors: Jeremy Dubeuf, Yann Yves Rene Loisel, Frank Lhermet
  • Patent number: 11321426
    Abstract: A computer-implemented method of providing limited distribution of a digital media file, the method being executable at a server connected to a network, the server comprising memory. The method includes receiving the digital media file to be distributed; encrypting the digital media file to create an encrypted digital media file; creating a plurality of copies of the encrypted digital media file; creating a plurality of rights tokens, a quantity of the rights tokens being equal to a quantity of copies of the encrypted digital media file, each rights token containing: a key for decrypting a corresponding one of the plurality of copies of the encrypted digital media file, and identifying information related to access rights for the digital media file; and recording the rights tokens to a rights blockchain representative of actions related to distribution of the plurality of copies of the encrypted the digital media file.
    Type: Grant
    Filed: February 22, 2018
    Date of Patent: May 3, 2022
    Assignee: SCENAREX INC.
    Inventor: Simon-Pierre Marion
  • Patent number: 11314861
    Abstract: The present disclosure is directed to systems and methods of selectively implementing SCA mitigation elements on a per-thread basis to mitigate the effects of side channel attacks. Processor core circuits initiate a plurality of processor threads. Each of a plurality of SCA mitigation features include one or more SCA mitigation elements. SCA mitigation control circuitry associates a register circuit with each respective one of the plurality of processor threads initiated by the processor core circuits. The SCA mitigation control circuitry selectively ENABLES/DISABLES one or more SCA mitigation elements for each of the plurality of processor threads. The ENABLEMENT/DISABLEMENT of each of the SCA mitigation elements may be autonomously adjusted by the SCA mitigation control circuitry and/or manually adjusted via one or more user inputs provided to the SCA mitigation control circuitry.
    Type: Grant
    Filed: September 26, 2019
    Date of Patent: April 26, 2022
    Assignee: Intel Corporation
    Inventors: Ke Sun, Kekai Hu, Henrique de Medeiros Kawakami, Rodrigo Branco
  • Patent number: 11301592
    Abstract: A processing module of a dispersed storage network determines an obfuscation method is determined from a plurality of obfuscation methods for a data segment. The method continues with the processing module obfuscating the data segment according to the obfuscation method to produce an obfuscated data segment. The obfuscated data segment is encrypted and dispersed storage error encoded to produce a set of encoded data slices. The set of encoded data slices is then transmitted for storage in the dispersed storage network.
    Type: Grant
    Filed: November 6, 2017
    Date of Patent: April 12, 2022
    Assignee: PURE STORAGE, INC.
    Inventors: S. Christopher Gladwin, Jason K. Resch, Thomas F. Shirley, Jr.
  • Patent number: 11288405
    Abstract: An IC comprising functional circuit to perform primary functions of the IC is provided. The functional circuit is to enable electrical signals to propagate through it within a timing constraint of the functional circuit. The IC comprises at least one canary circuit used for detecting glitch attacks on the circuit. Electrical signals are to propagate through the canary circuit(s) within a defined timing constraint of the canary circuit(s). The canary circuit is to provide a signal path designed such that in the event of a timing constraint of the functional circuit(s) is violated due to a glitch attack, also the timing constraint of the canary circuit(s) is violated.
    Type: Grant
    Filed: October 25, 2018
    Date of Patent: March 29, 2022
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Pierre Belgarric, David Plaquin, Eugene Cohen, Chris R. Gunning
  • Patent number: 11288212
    Abstract: A Key-Value Solid State Drive (KV-SSD) is disclosed. The KV-SSD may include storage for data. The data may include a data value encrypted using an object encryption key. The data value may be associated with an object key: the data value and the object key forming an object. A user secure object map may map the object key to a hash value. A secure key share table may map the hash value to the object encryption key. A dedup map may map the hash value to an address where the data value is stored on the KV-SSD.
    Type: Grant
    Filed: April 10, 2020
    Date of Patent: March 29, 2022
    Inventor: Yang Seok Ki
  • Patent number: 11283632
    Abstract: The integrated circuit includes a CPU configured to operate according to a program, a PUF information output unit configured to output PUF information while power is being supplied, a key pair output unit configured to output a public key and a private key based on the PUF information while power is being supplied, a public key transmitter configured to transmit the public key output from the key pair output unit to the outside, and a shared encryption key decryption unit configured to decrypt encrypted information produced through encryption with the public key and received from the outside with the private key output from the key pair output unit.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: March 22, 2022
    Assignee: MITSUBISHI HEAVY INDUSTRIES, LTD.
    Inventors: Etsuji Nishimae, Fumikado Anzai, Naruhisa Kameo
  • Patent number: 11250171
    Abstract: A tamper sensor assembly includes a lid having a surface and a sensor substrate on the surface of the lid. The sensor substrate has conductive lines that extend across at least a major portion of the surface of the lid and conform to three dimensional characteristics of the surface of the lid. The security processor is electrically connected to the conductive lines of the sensor substrate and is configured to identify occurrence of tampering with the lid based on an electrical characteristic of signals conducted through the conductive lines, and to perform an anti-tampering operation responsive to identifying occurrence of tampering.
    Type: Grant
    Filed: January 21, 2020
    Date of Patent: February 15, 2022
    Assignee: Thales eSecurity, INC.
    Inventors: Timothy E. Cook, Gerald Thomas Wardrop, Jr.
  • Patent number: 11232210
    Abstract: A direct-attached storage device bridge includes boot loader logic, a read-only memory, and logic to generate hash codes to be compared to determine whether to proceed with booting of the device. The hash codes may result from applying a public key from the read-only memory to decrypt an encrypted hash code into a decrypted hash code, to decrypt encrypted firmware instructions and to calculate a first calculated hash code of the decrypted firmware instructions, and to calculate a second calculated hash code for firmware instructions stored as clear-text. Multiple public keys may be utilized and selected during the boot process. The encryption and decryption may utilize asymmetric and symmetric keys.
    Type: Grant
    Filed: March 26, 2019
    Date of Patent: January 25, 2022
    Assignee: Western Digital Technologies, Inc.
    Inventor: Tino Lin
  • Patent number: 11232224
    Abstract: The present approaches generally relate to the encryption of data within a database in such a way that the encrypted data may still be easily accessed and utilized by an application. The present approach provides the ability to encrypt and decrypt data at an application layer though the data remains in an encrypted state at the database layer and when in transit.
    Type: Grant
    Filed: March 15, 2018
    Date of Patent: January 25, 2022
    Assignee: ServiceNow, Inc.
    Inventors: Timothy Yim, Herman Knief, James David Wigdahl
  • Patent number: 11204985
    Abstract: Systems, methods, and storage media for rendering target code are disclosed. Exemplary implementations may: receive the input code; apply at least one obfuscation transformation to multiple code functions of the input code to create transformed code including transformed code functions; determine a shared constant; determine a function-expression; and replace, for each transformed code function in the transformed code, the transformation parameters with the function expression and the at least one cloaked constant to create target code in which the transformed code functions are entangled to thereby render the target code protected against static analysis attacks.
    Type: Grant
    Filed: March 31, 2020
    Date of Patent: December 21, 2021
    Assignee: Irdeto Canada Corporation
    Inventors: Damon Peng, Grant Goodes
  • Patent number: 11188683
    Abstract: An apparatus for intrusion detection includes processing circuitry, a switch, signal detection circuitry, and an analog-to-digital converter (“ADC”). The processing circuitry is coupled to send a challenge signal to a device when the device is coupled to the processing circuitry. The switch is coupled to be enabled and disabled by the processing circuitry. The switch is for coupling to the device to receive a response signal in response to the challenge signal sent by the processing circuitry. The signal detection circuitry is coupled to receive the response signal in via the switch, when the processing circuitry enables the switch. The ADC is coupled to take measurements of the signal detection circuitry at a first output. The processing circuitry is coupled to the ADC and configured to analyze whether an intruder is present in the device based on the measurements of the signal detection circuitry.
    Type: Grant
    Filed: May 2, 2019
    Date of Patent: November 30, 2021
    Assignee: National Technology & Engineering Solutions of Sandia, LLC
    Inventor: Nathan J. Edwards
  • Patent number: 11177951
    Abstract: This invention related to a method for provisioning a first communication device with a set of at least one credential required for accessing to a wireless network by using a second communication device provisioned with a cryptographic key K also known by the wireless network, the first communication device being associated with a certificate comprising a public key PK, said certificate being stored with an associated private key PrK in said first communication device, the method comprising the following steps: receiving by the second communication device a registration request from the first communication device in order to be provisioned with the set of at least one credential; transmitting to the wireless network by the second communication device the registration request to generate a set of at least one credential associated to the first communication device comprising at least a cryptographic key K?, the wireless network being adapted to generate a first random number R1 and a second random number R2; r
    Type: Grant
    Filed: March 30, 2017
    Date of Patent: November 16, 2021
    Assignee: THALES DIS FRANCE SA
    Inventors: Mireille Pauliac, Michel Endruschat, Ly Thanh Phan, Jean-Yves Fine
  • Patent number: 11144632
    Abstract: Some embodiments described herein include a method to validate supply chains for electronic devices using side-channel information in a signature analysis. The method includes sending, to a target device, a first signal associated with a set of codes to be executed by the target device, and then receiving first side-channel information associated with the target device in response to the target device executing the set of codes. The method also includes determining second side-channel information associated with a simulated device in response to the set of codes. The method further includes comparing a discriminatory feature of the first side-channel information with a discriminatory feature of the second side-channel information to determine a characteristic of the target device based on a pre-determined characteristic of the simulated device. Finally, the method includes sending, to a user interface, a second signal associated with the characteristic of the target device.
    Type: Grant
    Filed: November 21, 2019
    Date of Patent: October 12, 2021
    Assignee: Power Fingerprinting Inc.
    Inventors: Carlos R. Aguayo Gonzalez, Jeffrey H. Reed, Steven C. Chen
  • Patent number: 11132659
    Abstract: A financial transaction system includes sensors, a tamper detection module, and circuitry configurable to control which sensors are used, and the circuitry is configurable after the tamper detection module has been manufactured.
    Type: Grant
    Filed: July 14, 2015
    Date of Patent: September 28, 2021
    Assignee: Texas Instruments Incorporated
    Inventors: Erkan Bilhan, Rajitha Padakanti, Amritpal Singh Mundra
  • Patent number: 11070380
    Abstract: An authentication apparatus, included in a device supporting a network communication, includes a certificate handler that receives a certificate of an opponent and parses or verifies the certificate of the opponent. Cryptographic primitives receive an authentication request of the opponent, generate a random number in response to the authentication request, generate a challenge corresponding to the random number, and verify a response of the opponent corresponding to the challenge. A shared memory stores the parsed certificate, the random number, the challenge, and the response. An authentication controller controls the certificate handler, the cryptographic primitives, and the shared memory through a register setting, according to an authentication protocol.
    Type: Grant
    Filed: July 18, 2016
    Date of Patent: July 20, 2021
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kitak Kim, Ji-Su Kang, Kiseok Bae, Jonghoon Shin, Kyoungmoon Ahn, Jinsu Hyun
  • Patent number: 11055437
    Abstract: Systems and methods for restricting a first computing device's output of information. The methods comprise: receiving, at the first computing device, information and at least one viewing restriction set for the information; collecting situational awareness information by the first computing device; using the situational awareness information to determine if the at least one viewing restriction is satisfied; and displaying the information on a screen of the first computing device if a determination is made that the at least one viewing restriction is satisfied or preventing the displaying of the information if a determination is made that the at least one viewing restriction is not satisfied.
    Type: Grant
    Filed: February 1, 2019
    Date of Patent: July 6, 2021
    Assignee: FLORIDA ATLANTIC UNIVERSITY BOARD OF TRUSTEES
    Inventors: Hari Kalva, Neha Kommireddy
  • Patent number: 11042664
    Abstract: One embodiment provides a system that implements a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES to provide an efficient mechanism for implementing differential privacy.
    Type: Grant
    Filed: January 17, 2020
    Date of Patent: June 22, 2021
    Assignee: Apple Inc.
    Inventors: Yannick L. Sierra, Abhradeep Guha Thakurta, Umesh S. Vaishampayan, John C. Hurley, Keaton F. Mowery, Michael Brouwer
  • Patent number: 11023576
    Abstract: An approach is provided for detecting a malicious activity on a computer system. First process trees are identified for computer processes that have been executed on a computer system. Each of the first process trees are vectorized. The vectorized first process trees are associated with respective labels. Each label represents an amount by which a respective vectorized process tree reflects the malicious activity. An artificial neural network is trained by using the vectorized first process trees and the associated labels as training input. After the training of the artificial neural network is completed, second process trees for currently executing computer processes are vectorized and provided as input vectors to the artificial neural network. Responsive to the artificial neural network providing an output indicating that a combination of the input vectors indicates the malicious activity, a remedial action is performed.
    Type: Grant
    Filed: November 28, 2018
    Date of Patent: June 1, 2021
    Assignee: International Business Machines Corporation
    Inventors: Adam L. Griffin, Christopher D. Scott, Mary E. Rudden, Craig M. Trim, Rhonda L. Childress
  • Patent number: 11023835
    Abstract: Embodiments of the present invention provide a system for decommissioning information technology assets using solution data modelling. The system is typically configured for generating solution data models comprising a plurality of asset systems and a plurality of users, wherein each of the plurality of asset systems is associated with at least one user of the plurality of users and wherein at least a first of the plurality of asset systems is associated with at least a second of the plurality of asset systems, storing the solution data models in a model database, identifying at least one information technology asset for decommissioning, accessing a first solution data model associated with the at least one information technology asset, identifying one or more relationships associated with the at least one information technology asset, and decommissioning the at least one information technology asset based on the one or more relationships.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: June 1, 2021
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Katy Leigh Huneycutt, Richard LeRoy Hayes, Aaron Dion Kephart
  • Patent number: 11017077
    Abstract: A security system for vetting run-time operation of device hardware. A model stores vetted states based on device hardware security signals, a severity level value and at least one vetted next state. The vetting system compares each state of the device hardware with the vetted next states of a current state, and provides an indication and a severity level when the real next state does not match a vetted next state. In response to the indication, the synchronization system performs synchronization by comparing each subsequent real next state of the device hardware with the vetted states until initial synchronization occurs when any subsequent real next state matches a vetted state. The learning system receives feedback from the device hardware in response to the indication, and when indicated by the feedback, updates the model in accordance with the feedback.
    Type: Grant
    Filed: March 21, 2018
    Date of Patent: May 25, 2021
    Assignee: NXP USA, Inc.
    Inventors: Monica C. Farkash, Jayanta Bhadra, Sandip Ray, Wen Chen
  • Patent number: 11018846
    Abstract: A method for achieving a security function for a security control device for controlling a device or an installation, including: a) providing at least one first partial secret that is stored in a basic control device, b) providing at least one second partial secret that is stored in a security module, c) combining the at least one first and second partial secret to form an overall secret, required to achieve the security function, within the time period in which the basic control device interacts with the security module via the first and second coupling interfaces, and d) disguising the combined overall secret outside the time period.
    Type: Grant
    Filed: August 1, 2018
    Date of Patent: May 25, 2021
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Hans Aschauer, Rainer Falk, Kai Fischer, Steffen Fries, Markus Heintel, Wolfgang Klasen, Axel Pfau
  • Patent number: 11003763
    Abstract: Provided is a method for achieving a security function for a security control device for controlling a device or an installation, including: a basic control device, and a security module and having the following steps of a) providing at least one first partial secret which is stored in the basic control device, b) providing at least one second partial secret which is stored in the security module, c) combining the at least one first partial secret and the at least one second partial secret in order to achieve the security function, wherein the at least one first partial secret is broken down into sections of a predefinable size and the set of sections is gradually combined with the at least second partial secret by means of a calculation rule, which can be processed within a predefinable period during the execution of the calculation rule according to the size and set.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: May 11, 2021
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Hans Aschauer, Rainer Falk, Kai Fischer, Steffen Fries, Markus Heintel, Wolfgang Klasen, Axel Pfau
  • Patent number: 10997046
    Abstract: An information processing apparatus includes a BIOS storage unit that stores at least a Basic Input Output System (BIOS) program, a main controller that starts up an operating system by executing the BIOS program, and a sub-controller that manages peripheral apparatuses and accesses the BIOS storage unit, in which the sub-controller includes a digest computation unit that computes a digest value on the basis of BIOS program data stored in the BIOS storage unit in parallel to execution of a process in the main controller, and in which the main controller determines validity of the BIOS program on the basis of the digest value.
    Type: Grant
    Filed: January 9, 2020
    Date of Patent: May 4, 2021
    Assignee: LENOVO (SINGAPORE) PTE. LTD.
    Inventors: Yosuke Katayama, Yuichiro Seto, Ken Sasaki
  • Patent number: 10992697
    Abstract: Method and apparatus for detecting anomalous flights. Embodiments collect sensor data from a plurality of sensor devices onboard an aircraft during a flight. Feature definitions are determined, specifying a sensor device and an algorithm for deriving data values from sensor data collected from the device. Embodiments determine whether anomalous activity occurred during the flight using an anomaly detection model. An anomaly is detected including at least one of (i) a contextual anomaly where a data instance of a plurality of data instances is anomalous relative to a specific context, or (ii) a collective anomaly where two or more data instances are anomalous relative to a remainder of the plurality of data instances, even though each of the two or more data instances is not anomalous in and of itself. A report specifying a measure of the anomalous activity for the flight is generated.
    Type: Grant
    Filed: February 26, 2020
    Date of Patent: April 27, 2021
    Assignee: THE BOEING COMPANY
    Inventors: Jason M. Keller, James M. Ethington, Liessman E. Sturlaugson, Mark H. Boyd
  • Patent number: 10985916
    Abstract: An apparatus receives a signal to perform secure erasure of a storage medium. The apparatus, responsive to reception of the signal, erases the storage medium by performing at least the following operations. An encryption key is erased. The encryption key is stored on the storage medium and is used to encrypt data on the storage medium. The apparatus generates a fake encryption key that is different from the encryption key and stores storing the fake encryption key on the storage medium. The encryption key and/or fake encryption key may be stored on the medium in multiple parts. The encryption key may be generated using random data from the medium. The apparatus may be the storage medium or a computer system that access the storage medium. The erasure can be performed in response to a request by a user. The medium may be an erasure-resistant storage medium.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: April 20, 2021
    Assignee: International Business Machines Corporation
    Inventors: Diana Arroyo, Jia Jun Brandon Lum, Alaa Youssef
  • Patent number: 10978123
    Abstract: A data system includes an information bus, a volatile memory located on the information bus, and an MRAM located on the information bus. The data system includes threat detection circuitry. In response to a threat condition to the MRAM, data is transferred via the information bus from the MRAM to the volatile memory for storage during a threat to the MRAM as indicated by the threat condition. In some examples, the threat condition is characterized as a magnetic field exposure.
    Type: Grant
    Filed: December 4, 2018
    Date of Patent: April 13, 2021
    Assignee: NXP USA, Inc.
    Inventors: Geoffrey Mark Lees, Lawrence Loren Case, Nihaar N. Mahatme, Jeffrey C. Cunningham
  • Patent number: 10964035
    Abstract: A device is provided for encrypting and/or decrypting a point cloud having a plurality of data points that collectively produce a three-dimensional (“3D”) image. Each data point may have a set of elements with values that define a position of the data point in 3D space and visual characteristics of the data point. Encrypting the point cloud may include deterministically a set of data point to encrypt, and deterministically changing the data point element values of the selected data points so that the 3D image produced by the encrypted data points is different than the 3D produced from the unencrypted data points. Decrypting the resulting encrypted point cloud may include deterministically reselecting the encrypted data points using an encryption key, and deterministically reversing the changes made to the data point element values of the selected data points based on transformations that are specified as part of the encryption key.
    Type: Grant
    Filed: November 20, 2020
    Date of Patent: March 30, 2021
    Assignee: Illuscio, Inc.
    Inventors: Robert Monaghan, Venkatarao Maruvada, Joseph Bogacz
  • Patent number: 10915635
    Abstract: A system for providing security in a computer system is provided. The system includes a physical unclonable function (PUF) device and one or more logic circuits. At startup of the computer system, the logic circuits call the PUF device a preset plurality of times with an identical input value to generate a plurality of PUF values that are candidate identifiers of an integrated circuit. The logic circuits apply a hash function to the candidate identifiers to produce respective hash values. The logic circuits also access a reference hash value from a non-volatile memory and verify all of the respective hash values using the reference hash value. The logic circuits further enable the computer system to operate in a first mode or a second mode based on the verification results.
    Type: Grant
    Filed: December 22, 2017
    Date of Patent: February 9, 2021
    Assignee: THE BOEING COMPANY
    Inventor: Laszlo Hars
  • Patent number: 10908819
    Abstract: A media drive system (310) configured for use with a media drive (314) that performs read/write operations relative to a media cartridge (316) includes a system housing (312). The system housing (312) includes a housing body (312A) and a controller (350) that is secured to the housing body (312A). The controller (350) is configured to control functionality of the tape drive (314). More specifically, the inclusion of the controller (350) as part of the system housing (312) enables the media drive system (310) to achieve greatly enhanced functionality. For example, the media drive system (310) can greatly enhance the speed of various desired read/write operations performed within the media drive (314), especially when the requested files or file segments are not necessarily initially provided in sequential order on the media cartridge (316). The controller (350) can include one or both of a processor (352) and a memory system (354).
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: February 2, 2021
    Assignee: QUANTUM CORPORATION
    Inventor: Thomas Carroll Willis, Jr.
  • Patent number: 10909312
    Abstract: Configurations and techniques for a research study management system are disclosed, enabling deployment of an extensible, reproducible, and deployable template for use in assessment, intervention, or other research studies. In an example, a technique to configure a template to use in a research project includes associating the template with one or more instruments to collect project data, associating the template with one or more tools to process the collected project data, associating the template with a data set definition, and defining one or more rules of operation for the template. In a further example, a technique to deploy the template for use in a research project includes defining a schedule based on the template, defining a plurality of configuration parameters of one or more instruments, and deploying the template to engage a human study participant to perform data collection activities via the one or more instruments.
    Type: Grant
    Filed: December 4, 2015
    Date of Patent: February 2, 2021
    Assignee: MEI Research, Ltd.
    Inventors: Jared D. Sieling, James P. Shields
  • Patent number: 10901918
    Abstract: Server resources in a data center are disaggregated into shared server resource pools, which include a pool of secure processors. Advantageously, servers are constructed dynamically, on-demand and based on a tenant's workload requirements, by allocating from these resource pools. According to this disclosure, secure processor modules for new servers are allocated to provide security for data-in-use (and data-at-rest) in a dynamic fashion so that virtual and non-virtual capacity can be adjusted in the disaggregate compute system without any downtime, e.g., based on workload security requirements and data sensitivity characteristics. The approach herein optimizes an overall utilization of an available secure processors resource pool in the disaggregated environment. The resulting disaggregate compute system that is configured according to the approach cryptographically-protects workload data whenever it is outside the CPU chip.
    Type: Grant
    Filed: November 29, 2018
    Date of Patent: January 26, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: HariGovind V. Ramasamy, Eugen Schenfeld, Valentina Salapura, John A. Bivens, Yaoping Ruan, Min Li, Ashish Kundu, Ruchi Mahindru, Richard H. Boivie
  • Patent number: 10897473
    Abstract: Systems, methods, and computer-readable storage media for improved data comparison, particularly when scanning large amounts of data for particular conditions or configurations. With respect to cyber-security, this improvement takes the form of receiving a plurality of threat conditions for cyber threats against a networked computer device; identifying commonalities among the plurality of threat conditions by comparing each threat condition in the plurality of threat conditions against the plurality of threat conditions; generating, based on the commonalities, a hierarchy for scanning of the cyber threats; and scanning for the cyber threats according to the hierarchy.
    Type: Grant
    Filed: June 15, 2018
    Date of Patent: January 19, 2021
    Assignee: TRINITY CYBER, LLC
    Inventors: Stephen Ryan, Stefan BARANOFF, John Searles
  • Patent number: 10812515
    Abstract: A computer program product for performing anomaly detection, a detected anomaly being indicative of an undesirable event, the computer program product comprising: a non-transitory tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising: receiving data comprising a plurality m of multidimensional datapoints (MDDPs), each data point having n features; constructing a dictionary D based on the received data; embedding dictionary D into a lower dimension embedded space; and classifying, based in the lower dimension embedded space, an MDDP as an anomaly or as normal.
    Type: Grant
    Filed: September 29, 2019
    Date of Patent: October 20, 2020
    Assignee: ThetaRay Ltd.
    Inventors: David Segev, Gil Shabat, Amir Averbuch
  • Patent number: 10798118
    Abstract: A computer program product for performing anomaly detection, a detected anomaly being indicative of an undesirable event, the computer program product comprising: a non-transitory tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising: receiving data comprising a plurality m of multidimensional datapoints (MDDPs), each data point having n features; constructing a dictionary D based on the received data; embedding dictionary D into a lower dimension embedded space; and classifying, based in the lower dimension embedded space, an MDDP as an anomaly or as normal.
    Type: Grant
    Filed: June 21, 2019
    Date of Patent: October 6, 2020
    Assignee: ThetaRay Ltd.
    Inventors: David Segev, Gil Shabat
  • Patent number: 10754954
    Abstract: Provided is a method for securely exchanging information during application startup. A processor may send a request for a passphrase to one or more remote devices using a first out-of-band message. The processor may receive, from at least one of the remote devices, a response that includes the passphrase. The response may be a second out-of-band message. The processor may decrypt application startup data that is stored in a first configuration file for the application using the received passphrase. The application startup data may be necessary for the application to execute. The processor may then execute the application using the decrypted application startup data.
    Type: Grant
    Filed: May 21, 2018
    Date of Patent: August 25, 2020
    Assignee: International Business Machines Corporation
    Inventors: Rayne Anderson, Stephen S. Harding, Alpeshkumar Patel, Jiafu Yu
  • Patent number: 10742614
    Abstract: Aspects of the subject disclosure may include, for example, determining whether communications are encrypted, determining a communication type for the communications according to sensitivity criteria, encrypting the communications according to the communication type to generate encrypted communications, and transmitting to a second network device the encrypted communications. Other embodiments are disclosed.
    Type: Grant
    Filed: August 10, 2017
    Date of Patent: August 11, 2020
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: David Gross, Joshua Lackey, Donald E. Levy, Roger Piqueras Jover, Jayaraman Ramachandran, Cristina Serban
  • Patent number: 10733291
    Abstract: A device, such as a payment reader, may include one or more units capable of providing access to sensitive data. Such units may be connected to each other through tamper traces. A secure unit can send known keys or key-value pairs between the units using a multi-directional protocol. The keys or key-value pairs are then compared by the secure unit to monitor or detect a tamper event.
    Type: Grant
    Filed: June 11, 2018
    Date of Patent: August 4, 2020
    Assignee: Square, Inc.
    Inventor: Cameron McLeod
  • Patent number: 10721271
    Abstract: A method for detecting a phishing web page. The method, executable at a sever, comprises detecting at least one unique web page attribute that allows to identify a known phishing web page as a phishing web page; analyzing, by the server, the known phishing web page to determine at least one additional unique attribute indicative of the known phishing web page targeting a phishing target web resource; generating, by the server, at least one phishing detection rule that is based on the at least one unique attribute and the at least one additional attribute; storing the at least one phishing detection rule; receiving a new web page to be checked for phishing; applying the at least one phishing detection rule for analyzing the new web page; in response to the analyzing rendering a positive outcome, identifying the new web page as a phishing web page.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: July 21, 2020
    Assignee: TRUST LTD.
    Inventor: Dmitry Aleksandrovich Volkov
  • Patent number: 10715337
    Abstract: A conductor on glass security layer may be located within a printed circuit board (PCB) of a crypto adapter card or within a daughter card upon the crypto adapter card. The conductor on glass security layer includes a glass dielectric layer that remains intact in the absence of point force loading and shatters when a point load punctures or otherwise contacts the glass dielectric layer. The conductor on glass security layer also includes a conductive security trace upon the glass dielectric layer. A physical access attempt shatters a majority of the glass dielectric layer, which in turn fractures the security trace. A monitoring circuit that monitors the resistance of the conductive security trace detects the resultant open circuit or change in security trace resistance and initiates a tamper signal that which may be received by one or more computer system devices to respond to the unauthorized attempt of physical access.
    Type: Grant
    Filed: November 13, 2017
    Date of Patent: July 14, 2020
    Assignee: International Business Machines Corporation
    Inventors: Gerald K. Bartley, Darryl J. Becker, Matthew S. Doyle, Mark J. Jeanson, Mark O. Maxson
  • Patent number: 10708284
    Abstract: In one embodiment, a device in a network maintains a plurality of machine learning-based detectors for an intrusion detection system. Each detector is associated with a different portion of a feature space of traffic characteristics assessed by the intrusion detection system. The device provides data regarding the plurality of detectors to a user interface. The device receives an adjustment instruction from the user interface based on the data provided to the user interface regarding the plurality of detectors. The device adjusts the portions of the feature space associated with the plurality of detectors based on the adjustment instruction received from the user interface.
    Type: Grant
    Filed: July 7, 2017
    Date of Patent: July 7, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Martin Kopp, Petr Somol, Tomas Pevny, David McGrew
  • Patent number: 10706171
    Abstract: Method for providing a secure mode for mobile applications including: configuring which applications should be available in secure mode; defining in the mobile operating system kernel, rules and privileges for applications defined for the secure mode; checking continuously if the secure mode is enabled by the user; if the security mode is enabled by the user, then the operating system kernel searches all processes and applications running on the operating system, suspend) the system applications not configured to be available in secure mode, hides the protected application, restricts inter-process communications and enforce privilege escalation events and enables access to application files protected by the protected application user Id; and if the security mode is disabled by the user, then the kernel releases all processes and applications that were stopped by the secure mode and denies any access to the protected application files.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: July 7, 2020
    Assignee: SAMSUNG ELECTRÔNICA DA AMAZÔNIA LTDA.
    Inventors: Breno Silva Pinto, Felipe Caye Batalha Boeira, Pedro Henrique Minatel, Brunno Frigo Da Purificação
  • Patent number: 10706651
    Abstract: Systems and methods are provided and include a sensor that is configured to generate a first link key data packet. A control module of a vehicle is configured to generate a second link key data packet. In response to (i) a first authenticated response of the first link key data packet matching a second authenticated response of the second link key data packet and (ii) a user device being connected to a communication gateway of the control module by a Bluetooth low energy (BLE) communication link, the sensor is configured to communicate signal information to the control module using a hardwire link that electrically couples the control module and the sensor. The signal information includes information corresponding to physical characteristics of the BLE communication link.
    Type: Grant
    Filed: March 20, 2019
    Date of Patent: July 7, 2020
    Assignees: DENSO International America, Inc., DENSO CORPORATION
    Inventor: Kyle Golsch
  • Patent number: 10686806
    Abstract: According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classifier computer, coupled to the plurality of monitoring nodes, may receive the series of current monitoring node values and generate a set of current feature vectors. The node classifier computer may also access at least one multi-class classifier model having at least one decision boundary. The at least one multi-class classifier model may be executed and the system may transmit a classification result based on the set of current feature vectors and the at least one decision boundary. The classification result may indicate, for example, whether a monitoring node status is normal, attacked, or faulty.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: June 16, 2020
    Assignee: General Electric Company
    Inventors: Masoud Abbaszadeh, Lalit Keshav Mestha, Weizhong Yan
  • Patent number: 10686829
    Abstract: A method including extracting, from initial data transmitted on a network, multiple events, each of the events including a user accessing a resource. First and second sets of records are created, each first set record including a sub-group of the events of a user, each second set record including a sub-group of the events of a multiple users during respective sub-periods of a training period. Safe labels are assigned to the first set records and suspicious labels are assigned to the second set records. An analysis fits, to the first and the second set records and their respective labels, a model for predicting the label for a given record. The model filters subsequent network data to identify, in the subsequent data, sequences of events predicted to be labeled suspicious by the model, and upon detecting a given sequence of events predicted as suspicious by the model, an alert is generated.
    Type: Grant
    Filed: September 4, 2017
    Date of Patent: June 16, 2020
    Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.
    Inventors: Idan Amit, Eyal Firstenberg, Jonathan Allon, Yaron Neuman
  • Patent number: 10642786
    Abstract: Methods, apparatuses, and embodiments related to improving security of data that is stored and distributed over a data network. In an example, source data to be protected is partitioned into multiple files, and each file is obfuscated, such as by being encrypted, to created multiple obfuscated data files. Information as to how each obfuscated data file was obfuscated is stored in an associated trace file. The multiple obfuscated data files are moved around a data network via a data movement process that includes sending each of the multiple obfuscated data files to a different randomly selected computer, where the computer further obfuscates the obfuscated data the trace file, and sends the further obfuscated data and trace file to a next randomly selected computer. In an example, the various operations for improving security may be performed by an integrated circuit, such as a system-on-chip (SoC) or application-specific integrated circuit (ASIC).
    Type: Grant
    Filed: April 1, 2019
    Date of Patent: May 5, 2020
    Assignee: CryptoMove, Inc.
    Inventor: Boris Burshteyn