Tamper Resistant Patents (Class 713/194)
  • Patent number: 11595192
    Abstract: A Computing environment is described to enable an information handling system (IHS) to receive a public encryption key from another IHS; and decrypt with a public encryption key one or more encrypted symmetric encryption keys, encrypted via a private encryption key, to obtain one or more symmetric encryption keys respectively associated with one or more memory address ranges. The IHS may physically receive a memory device that was utilized by the other IHS to store information in an encrypted fashion. The IHS may further decrypt, with a first encryption key of the one or more symmetric encryption keys associated with a first address range of the one or more address ranges, first encrypted data stored by the at least one non-volatile memory medium to obtain first data.
    Type: Grant
    Filed: April 24, 2020
    Date of Patent: February 28, 2023
    Assignee: Dell Products L.P.
    Inventors: Smruti Ranjan Debata, Ravishankar N. Kanakapura, Yogesh Prabhakar Kulkarni
  • Patent number: 11585854
    Abstract: Circuits and methods involve an integrated circuit (IC) device, a plurality of application-specific sub-circuits, and a plurality of instances of a measuring circuit. The application-specific sub-circuits are disposed within respective areas of the IC device. Each instance of the measuring circuit is associated with one of the application-specific sub-circuits and is disposed within a respective one of the areas of the device. Each instance of the measuring circuit further includes a ring oscillator and a register for storage of a value indicative of an interval of time. Each instance of the measuring circuit is configured to measure passage of the interval of time based on a first clock signal, count oscillations of an output signal of the ring oscillator during the interval of time, and output a value indicating a number of oscillations counted during the interval of time.
    Type: Grant
    Filed: August 22, 2018
    Date of Patent: February 21, 2023
    Assignee: XILINX, INC.
    Inventors: Da Cheng, Nui Chong, Amitava Majumdar, Ping-Chin Yeh, Cheang-Whang Chang
  • Patent number: 11586728
    Abstract: Embodiments of a method, an IC device, and a circuit board are disclosed. In an embodiment, the method involves at an IC device of the system, monitoring activity on a bus interface of the IC device, wherein the bus interface is connected to a bus on the system that communicatively couples the IC device to at least one other IC device on the system, applying machine learning to data corresponding to the monitored activity to generate an activity profile, monitoring subsequent activity on the bus interface of the IC device, comparing data corresponding to the to subsequently monitored activity to the machine learning generated activity profile to determine if a system-level Trojan is detected, and generating a notification when it is determined from the comparison that a system-level Trojan has been detected.
    Type: Grant
    Filed: June 7, 2019
    Date of Patent: February 21, 2023
    Assignee: NXP B.V.
    Inventor: Jan-Peter Schat
  • Patent number: 11575691
    Abstract: Systems, methods, and computer-readable storage media for improved data comparison, particularly when scanning large amounts of data for particular conditions or configurations. With respect to cyber-security, this improvement takes the form of receiving a plurality of threat conditions for cyber threats against a networked computer device; identifying commonalities among the plurality of threat conditions by comparing each threat condition in the plurality of threat conditions against the plurality of threat conditions; generating, based on the commonalities, a hierarchy for scanning of the cyber threats; and scanning for the cyber threats according to the hierarchy.
    Type: Grant
    Filed: November 25, 2020
    Date of Patent: February 7, 2023
    Assignee: TRINITY CYBER, LLC
    Inventors: Stephen Ryan, Stefan Baranoff, John Searles
  • Patent number: 11570003
    Abstract: Bitcoins and the underlying blockchain technology are one of the main innovations in building decentralized applications. The effects of quantum computing on this technology are analyzed in general. Provided herein are effective solutions to address security vulnerabilities in a blockchain-based system that can be exploited by a quantum attacker.
    Type: Grant
    Filed: October 4, 2018
    Date of Patent: January 31, 2023
    Inventor: Jintai Ding
  • Patent number: 11502744
    Abstract: The present disclosure provides methods operable in a balloon network. The method can include determining that a balloon is at a location associated with a legally-defined geographic area. An area profile of the legally-defined geographic area may identify geographically-restricted data that must not be removed from the legally-defined geographic area. The method can also include determining that the balloon contains at least some of the geographically-restricted data. The method can also include determining that the balloon is likely to move out of the legally-defined geographic area. The method can also include removing the geographically-restricted data from the memory of the balloon.
    Type: Grant
    Filed: April 2, 2021
    Date of Patent: November 15, 2022
    Assignee: SoftBank Corp.
    Inventor: Eric Teller
  • Patent number: 11501294
    Abstract: A method for providing graphic code information is implementable by a device comprising a first module, a second module, and an interface module. The method comprises: the second module verifying through the interface module whether the first module is a trusted module; the second module receiving target user information through the interface module and verifying whether the target user information is in a logged-in state on the second module, wherein the target user information is pre-associated with the interface module; and after verifying that the first module is a trusted module and the target user information is in the logged-in state on the second module, the second module generating graphic code information and transmitting the graphic code information to the first module through the interface module.
    Type: Grant
    Filed: January 14, 2019
    Date of Patent: November 15, 2022
    Assignee: ADVANCED NEW TECHNOLOGIES CO., LTD.
    Inventors: JiaJia Li, Xiaokai Zhou
  • Patent number: 11496314
    Abstract: Embodiments are directed to providing integrity-protected command buffer execution. An embodiment of an apparatus includes a computer-readable memory comprising one or more command buffers and a processing device communicatively coupled to the computer-readable memory to read, from a command buffer of the computer-readable memory, a first command received from a host device, the first command executable by one or more processing elements on the processing device, the first command comprising an instruction and associated parameter data, compute a first authentication tag using a cryptographic key associated with the host device, the instruction and at least a portion of the parameter data, and authenticate the first command by comparing the first authentication tag with a second authentication tag computed by the host device and associated with the command.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: November 8, 2022
    Assignee: INTEL CORPORATION
    Inventors: Pradeep M. Pappachan, Reshma Lal
  • Patent number: 11487869
    Abstract: An apparatus, method, and computer program product are provided for encrypting a function symbol with relocation. The apparatus includes a compiler module, a static linker module, and an encryptor module. The compiler module inserts sequences of instructions to decrypt function symbols to be randomized at runtime before indirect function calls. The compiler module inserts an instruction sequence at compile time to encrypt an operand register that receives a local function symbol in position-independent code (PIC), where a call or store instruction uses the register as an operand. The static linker module inserts an encoding section at link time. The encoding section includes two columns representing the sizes of function symbols in bits or bytes and the locations storing the function symbols to be encrypted at runtime. The encryptor module encrypts at runtime the function symbols whose sizes and stored memory locations are identified in the encoding section.
    Type: Grant
    Filed: January 11, 2021
    Date of Patent: November 1, 2022
    Assignee: Zeus SW Defender, LLC
    Inventors: Changwoo Pyo, Hyungyu Lee, Kyungtae Kim, Gyungho Lee
  • Patent number: 11480614
    Abstract: The present disclosure describes exemplary methods and systems that are applicable for hardware authentication, counterfeit detection, and in-field tamper detection in both printed circuit board and/or integrated circuit levels by utilizing random variations in boundary-scan path delay and/or current in the industry-standard JTAG-based design-for-test structure to generate unique device identifiers.
    Type: Grant
    Filed: November 13, 2020
    Date of Patent: October 25, 2022
    Assignee: University of Florida Research Foundation, Inc.
    Inventors: Swarup Bhunia, Shubhra Deb Paul
  • Patent number: 11403372
    Abstract: Systems, methods, and storage media for obfuscating a computer program by representing the control flow of the computer program as data that is not source code are disclosed. Exemplary implementations may: receive source code of a computer program; parse the source code; extract the control flow of the source code; represent at least a portion of the control flow as a control flow model using a mathematical modeling language; store the control flow model as control flow data that represents the control flow of the program and is not executable code; and remove the at least a portion of the control flow from the source code, to thereby obfuscate the control flow of the source code and render the source code more resistant to tampering.
    Type: Grant
    Filed: January 29, 2019
    Date of Patent: August 2, 2022
    Assignee: Irdeto Canada Corporation
    Inventors: Robert Durand, Andrew Hoyt
  • Patent number: 11392496
    Abstract: Provided is a memory management system that efficiently protects data in a cache memory adopting a virtual address cache method. The memory management system includes a cache memory that temporarily stores data for which memory access is requested by a processor core; a state storage unit that stores a security state communicated simultaneously with the memory access request from the processor core; and a memory management unit that manages access to a main memory. In a case where there is a change in the security state when memory access is requested by the processor core, a cache flush is performed for a cache line that hits the request.
    Type: Grant
    Filed: November 21, 2018
    Date of Patent: July 19, 2022
    Assignee: SONY CORPORATION
    Inventor: Mamun Kazi
  • Patent number: 11373011
    Abstract: A security module is disclosed. In embodiments, the security module includes a common host platform configured to co-host a plurality of certified functions via a plurality of interconnected hardware resources. The common host platform may be configured to host a first certified function independently certified via a first certifying authority, and a second certified function independently certified via a second certifying authority. The first certified function may be hosted on a first sub-set of dedicated hardware resources and a first sub-set of shared hardware resources. The second certified function may hosted on a second sub-set of dedicated hardware resources and the first sub-set of shared hardware resources including one or more hardware resources shared with the first certified function.
    Type: Grant
    Filed: July 1, 2019
    Date of Patent: June 28, 2022
    Assignee: Rockwell Collins, Inc.
    Inventors: James A. Marek, Sarah A. Miller, Adriane R. Van Auken
  • Patent number: 11372893
    Abstract: A method and architecture allow labeled data to be initialized and curated by the use of label propagation, clustering and creation of dedicated classifiers for each dataset. These dedicated classifiers are retrained as the dataset grows and ensure that each dataset is kept free from outliers and noise.
    Type: Grant
    Filed: June 1, 2018
    Date of Patent: June 28, 2022
    Assignee: NTT SECURITY HOLDINGS CORPORATION
    Inventors: Daniel Dalek, Himanshu Sinha, Josefin Axberg
  • Patent number: 11366899
    Abstract: A secure Integrated Circuit (IC) includes functional circuitry, and protection circuitry configured to protect the functional circuitry against fault-injection attacks. The protection circuitry includes a plurality of digital detection cells, and protection logic. The detection cells have respective inputs and outputs and are connected output-to-input in at least a chain. In response to a fault-injection attack, a given detection cell in the chain is configured to toggle an output that drives an input of a subsequent detection cell in the chain, thereby causing a pulse to propagate along the chain. The protection logic is configured to receive the pulse from the chain and initiate a responsive action.
    Type: Grant
    Filed: February 18, 2020
    Date of Patent: June 21, 2022
    Assignee: NUVOTON TECHNOLOGY CORPORATION
    Inventors: Yuval Kirschner, Ziv Hershman, Tamir Golan
  • Patent number: 11354218
    Abstract: Provided is a system and method for generating a subset of optimal variations of a software program which allow some statements of the control flow to be exposed to side channels. Furthermore, the subset of optimal variations may be selected based on a security and a performance trade-off analysis. In one example, the method may include identifying a set of statements within a control flow of a software program, generating a plurality of variations of the software program which comprise different subsets of statements which are exposed to side channels, respectively, determining one or more pareto-optimal variations of the software program based on side channel leakage values and performance values of the plurality of variations of the software program, and outputting information about the one or more pareto-optimal variations of the software program to a user device.
    Type: Grant
    Filed: May 6, 2020
    Date of Patent: June 7, 2022
    Assignee: SAP SE
    Inventors: Andreas Fischer, Jonas Janneck, Joern Kussmaul, Nikolas Kraetzschmar, Florian Kerschbaum
  • Patent number: 11349635
    Abstract: Described herein are systems and methods that prevent against fault injection attacks. In various embodiments this is accomplished by taking advantage of the fact that an attacker cannot utilize a result that has been faulted to recover a secret. By using infective computation, an error is propagated in a loop such that the faulted value will provide to the attacker no useful information or information from which useful information may be extracted. Faults from a fault attack will be so large that a relatively large number of bits will change. As a result, practically no secret information can be extracted by restoring bits.
    Type: Grant
    Filed: October 8, 2019
    Date of Patent: May 31, 2022
    Assignee: Maxim Integrated Products, Inc.
    Inventors: Jeremy Dubeuf, Yann Yves Rene Loisel, Frank Lhermet
  • Patent number: 11321426
    Abstract: A computer-implemented method of providing limited distribution of a digital media file, the method being executable at a server connected to a network, the server comprising memory. The method includes receiving the digital media file to be distributed; encrypting the digital media file to create an encrypted digital media file; creating a plurality of copies of the encrypted digital media file; creating a plurality of rights tokens, a quantity of the rights tokens being equal to a quantity of copies of the encrypted digital media file, each rights token containing: a key for decrypting a corresponding one of the plurality of copies of the encrypted digital media file, and identifying information related to access rights for the digital media file; and recording the rights tokens to a rights blockchain representative of actions related to distribution of the plurality of copies of the encrypted the digital media file.
    Type: Grant
    Filed: February 22, 2018
    Date of Patent: May 3, 2022
    Assignee: SCENAREX INC.
    Inventor: Simon-Pierre Marion
  • Patent number: 11314861
    Abstract: The present disclosure is directed to systems and methods of selectively implementing SCA mitigation elements on a per-thread basis to mitigate the effects of side channel attacks. Processor core circuits initiate a plurality of processor threads. Each of a plurality of SCA mitigation features include one or more SCA mitigation elements. SCA mitigation control circuitry associates a register circuit with each respective one of the plurality of processor threads initiated by the processor core circuits. The SCA mitigation control circuitry selectively ENABLES/DISABLES one or more SCA mitigation elements for each of the plurality of processor threads. The ENABLEMENT/DISABLEMENT of each of the SCA mitigation elements may be autonomously adjusted by the SCA mitigation control circuitry and/or manually adjusted via one or more user inputs provided to the SCA mitigation control circuitry.
    Type: Grant
    Filed: September 26, 2019
    Date of Patent: April 26, 2022
    Assignee: Intel Corporation
    Inventors: Ke Sun, Kekai Hu, Henrique de Medeiros Kawakami, Rodrigo Branco
  • Patent number: 11301592
    Abstract: A processing module of a dispersed storage network determines an obfuscation method is determined from a plurality of obfuscation methods for a data segment. The method continues with the processing module obfuscating the data segment according to the obfuscation method to produce an obfuscated data segment. The obfuscated data segment is encrypted and dispersed storage error encoded to produce a set of encoded data slices. The set of encoded data slices is then transmitted for storage in the dispersed storage network.
    Type: Grant
    Filed: November 6, 2017
    Date of Patent: April 12, 2022
    Assignee: PURE STORAGE, INC.
    Inventors: S. Christopher Gladwin, Jason K. Resch, Thomas F. Shirley, Jr.
  • Patent number: 11288405
    Abstract: An IC comprising functional circuit to perform primary functions of the IC is provided. The functional circuit is to enable electrical signals to propagate through it within a timing constraint of the functional circuit. The IC comprises at least one canary circuit used for detecting glitch attacks on the circuit. Electrical signals are to propagate through the canary circuit(s) within a defined timing constraint of the canary circuit(s). The canary circuit is to provide a signal path designed such that in the event of a timing constraint of the functional circuit(s) is violated due to a glitch attack, also the timing constraint of the canary circuit(s) is violated.
    Type: Grant
    Filed: October 25, 2018
    Date of Patent: March 29, 2022
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Pierre Belgarric, David Plaquin, Eugene Cohen, Chris R. Gunning
  • Patent number: 11288212
    Abstract: A Key-Value Solid State Drive (KV-SSD) is disclosed. The KV-SSD may include storage for data. The data may include a data value encrypted using an object encryption key. The data value may be associated with an object key: the data value and the object key forming an object. A user secure object map may map the object key to a hash value. A secure key share table may map the hash value to the object encryption key. A dedup map may map the hash value to an address where the data value is stored on the KV-SSD.
    Type: Grant
    Filed: April 10, 2020
    Date of Patent: March 29, 2022
    Inventor: Yang Seok Ki
  • Patent number: 11283632
    Abstract: The integrated circuit includes a CPU configured to operate according to a program, a PUF information output unit configured to output PUF information while power is being supplied, a key pair output unit configured to output a public key and a private key based on the PUF information while power is being supplied, a public key transmitter configured to transmit the public key output from the key pair output unit to the outside, and a shared encryption key decryption unit configured to decrypt encrypted information produced through encryption with the public key and received from the outside with the private key output from the key pair output unit.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: March 22, 2022
    Assignee: MITSUBISHI HEAVY INDUSTRIES, LTD.
    Inventors: Etsuji Nishimae, Fumikado Anzai, Naruhisa Kameo
  • Patent number: 11250171
    Abstract: A tamper sensor assembly includes a lid having a surface and a sensor substrate on the surface of the lid. The sensor substrate has conductive lines that extend across at least a major portion of the surface of the lid and conform to three dimensional characteristics of the surface of the lid. The security processor is electrically connected to the conductive lines of the sensor substrate and is configured to identify occurrence of tampering with the lid based on an electrical characteristic of signals conducted through the conductive lines, and to perform an anti-tampering operation responsive to identifying occurrence of tampering.
    Type: Grant
    Filed: January 21, 2020
    Date of Patent: February 15, 2022
    Assignee: Thales eSecurity, INC.
    Inventors: Timothy E. Cook, Gerald Thomas Wardrop, Jr.
  • Patent number: 11232224
    Abstract: The present approaches generally relate to the encryption of data within a database in such a way that the encrypted data may still be easily accessed and utilized by an application. The present approach provides the ability to encrypt and decrypt data at an application layer though the data remains in an encrypted state at the database layer and when in transit.
    Type: Grant
    Filed: March 15, 2018
    Date of Patent: January 25, 2022
    Assignee: ServiceNow, Inc.
    Inventors: Timothy Yim, Herman Knief, James David Wigdahl
  • Patent number: 11232210
    Abstract: A direct-attached storage device bridge includes boot loader logic, a read-only memory, and logic to generate hash codes to be compared to determine whether to proceed with booting of the device. The hash codes may result from applying a public key from the read-only memory to decrypt an encrypted hash code into a decrypted hash code, to decrypt encrypted firmware instructions and to calculate a first calculated hash code of the decrypted firmware instructions, and to calculate a second calculated hash code for firmware instructions stored as clear-text. Multiple public keys may be utilized and selected during the boot process. The encryption and decryption may utilize asymmetric and symmetric keys.
    Type: Grant
    Filed: March 26, 2019
    Date of Patent: January 25, 2022
    Assignee: Western Digital Technologies, Inc.
    Inventor: Tino Lin
  • Patent number: 11204985
    Abstract: Systems, methods, and storage media for rendering target code are disclosed. Exemplary implementations may: receive the input code; apply at least one obfuscation transformation to multiple code functions of the input code to create transformed code including transformed code functions; determine a shared constant; determine a function-expression; and replace, for each transformed code function in the transformed code, the transformation parameters with the function expression and the at least one cloaked constant to create target code in which the transformed code functions are entangled to thereby render the target code protected against static analysis attacks.
    Type: Grant
    Filed: March 31, 2020
    Date of Patent: December 21, 2021
    Assignee: Irdeto Canada Corporation
    Inventors: Damon Peng, Grant Goodes
  • Patent number: 11188683
    Abstract: An apparatus for intrusion detection includes processing circuitry, a switch, signal detection circuitry, and an analog-to-digital converter (“ADC”). The processing circuitry is coupled to send a challenge signal to a device when the device is coupled to the processing circuitry. The switch is coupled to be enabled and disabled by the processing circuitry. The switch is for coupling to the device to receive a response signal in response to the challenge signal sent by the processing circuitry. The signal detection circuitry is coupled to receive the response signal in via the switch, when the processing circuitry enables the switch. The ADC is coupled to take measurements of the signal detection circuitry at a first output. The processing circuitry is coupled to the ADC and configured to analyze whether an intruder is present in the device based on the measurements of the signal detection circuitry.
    Type: Grant
    Filed: May 2, 2019
    Date of Patent: November 30, 2021
    Assignee: National Technology & Engineering Solutions of Sandia, LLC
    Inventor: Nathan J. Edwards
  • Patent number: 11177951
    Abstract: This invention related to a method for provisioning a first communication device with a set of at least one credential required for accessing to a wireless network by using a second communication device provisioned with a cryptographic key K also known by the wireless network, the first communication device being associated with a certificate comprising a public key PK, said certificate being stored with an associated private key PrK in said first communication device, the method comprising the following steps: receiving by the second communication device a registration request from the first communication device in order to be provisioned with the set of at least one credential; transmitting to the wireless network by the second communication device the registration request to generate a set of at least one credential associated to the first communication device comprising at least a cryptographic key K?, the wireless network being adapted to generate a first random number R1 and a second random number R2; r
    Type: Grant
    Filed: March 30, 2017
    Date of Patent: November 16, 2021
    Assignee: THALES DIS FRANCE SA
    Inventors: Mireille Pauliac, Michel Endruschat, Ly Thanh Phan, Jean-Yves Fine
  • Patent number: 11144632
    Abstract: Some embodiments described herein include a method to validate supply chains for electronic devices using side-channel information in a signature analysis. The method includes sending, to a target device, a first signal associated with a set of codes to be executed by the target device, and then receiving first side-channel information associated with the target device in response to the target device executing the set of codes. The method also includes determining second side-channel information associated with a simulated device in response to the set of codes. The method further includes comparing a discriminatory feature of the first side-channel information with a discriminatory feature of the second side-channel information to determine a characteristic of the target device based on a pre-determined characteristic of the simulated device. Finally, the method includes sending, to a user interface, a second signal associated with the characteristic of the target device.
    Type: Grant
    Filed: November 21, 2019
    Date of Patent: October 12, 2021
    Assignee: Power Fingerprinting Inc.
    Inventors: Carlos R. Aguayo Gonzalez, Jeffrey H. Reed, Steven C. Chen
  • Patent number: 11132659
    Abstract: A financial transaction system includes sensors, a tamper detection module, and circuitry configurable to control which sensors are used, and the circuitry is configurable after the tamper detection module has been manufactured.
    Type: Grant
    Filed: July 14, 2015
    Date of Patent: September 28, 2021
    Assignee: Texas Instruments Incorporated
    Inventors: Erkan Bilhan, Rajitha Padakanti, Amritpal Singh Mundra
  • Patent number: 11070380
    Abstract: An authentication apparatus, included in a device supporting a network communication, includes a certificate handler that receives a certificate of an opponent and parses or verifies the certificate of the opponent. Cryptographic primitives receive an authentication request of the opponent, generate a random number in response to the authentication request, generate a challenge corresponding to the random number, and verify a response of the opponent corresponding to the challenge. A shared memory stores the parsed certificate, the random number, the challenge, and the response. An authentication controller controls the certificate handler, the cryptographic primitives, and the shared memory through a register setting, according to an authentication protocol.
    Type: Grant
    Filed: July 18, 2016
    Date of Patent: July 20, 2021
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kitak Kim, Ji-Su Kang, Kiseok Bae, Jonghoon Shin, Kyoungmoon Ahn, Jinsu Hyun
  • Patent number: 11055437
    Abstract: Systems and methods for restricting a first computing device's output of information. The methods comprise: receiving, at the first computing device, information and at least one viewing restriction set for the information; collecting situational awareness information by the first computing device; using the situational awareness information to determine if the at least one viewing restriction is satisfied; and displaying the information on a screen of the first computing device if a determination is made that the at least one viewing restriction is satisfied or preventing the displaying of the information if a determination is made that the at least one viewing restriction is not satisfied.
    Type: Grant
    Filed: February 1, 2019
    Date of Patent: July 6, 2021
    Assignee: FLORIDA ATLANTIC UNIVERSITY BOARD OF TRUSTEES
    Inventors: Hari Kalva, Neha Kommireddy
  • Patent number: 11042664
    Abstract: One embodiment provides a system that implements a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES to provide an efficient mechanism for implementing differential privacy.
    Type: Grant
    Filed: January 17, 2020
    Date of Patent: June 22, 2021
    Assignee: Apple Inc.
    Inventors: Yannick L. Sierra, Abhradeep Guha Thakurta, Umesh S. Vaishampayan, John C. Hurley, Keaton F. Mowery, Michael Brouwer
  • Patent number: 11023835
    Abstract: Embodiments of the present invention provide a system for decommissioning information technology assets using solution data modelling. The system is typically configured for generating solution data models comprising a plurality of asset systems and a plurality of users, wherein each of the plurality of asset systems is associated with at least one user of the plurality of users and wherein at least a first of the plurality of asset systems is associated with at least a second of the plurality of asset systems, storing the solution data models in a model database, identifying at least one information technology asset for decommissioning, accessing a first solution data model associated with the at least one information technology asset, identifying one or more relationships associated with the at least one information technology asset, and decommissioning the at least one information technology asset based on the one or more relationships.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: June 1, 2021
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Katy Leigh Huneycutt, Richard LeRoy Hayes, Aaron Dion Kephart
  • Patent number: 11023576
    Abstract: An approach is provided for detecting a malicious activity on a computer system. First process trees are identified for computer processes that have been executed on a computer system. Each of the first process trees are vectorized. The vectorized first process trees are associated with respective labels. Each label represents an amount by which a respective vectorized process tree reflects the malicious activity. An artificial neural network is trained by using the vectorized first process trees and the associated labels as training input. After the training of the artificial neural network is completed, second process trees for currently executing computer processes are vectorized and provided as input vectors to the artificial neural network. Responsive to the artificial neural network providing an output indicating that a combination of the input vectors indicates the malicious activity, a remedial action is performed.
    Type: Grant
    Filed: November 28, 2018
    Date of Patent: June 1, 2021
    Assignee: International Business Machines Corporation
    Inventors: Adam L. Griffin, Christopher D. Scott, Mary E. Rudden, Craig M. Trim, Rhonda L. Childress
  • Patent number: 11018846
    Abstract: A method for achieving a security function for a security control device for controlling a device or an installation, including: a) providing at least one first partial secret that is stored in a basic control device, b) providing at least one second partial secret that is stored in a security module, c) combining the at least one first and second partial secret to form an overall secret, required to achieve the security function, within the time period in which the basic control device interacts with the security module via the first and second coupling interfaces, and d) disguising the combined overall secret outside the time period.
    Type: Grant
    Filed: August 1, 2018
    Date of Patent: May 25, 2021
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Hans Aschauer, Rainer Falk, Kai Fischer, Steffen Fries, Markus Heintel, Wolfgang Klasen, Axel Pfau
  • Patent number: 11017077
    Abstract: A security system for vetting run-time operation of device hardware. A model stores vetted states based on device hardware security signals, a severity level value and at least one vetted next state. The vetting system compares each state of the device hardware with the vetted next states of a current state, and provides an indication and a severity level when the real next state does not match a vetted next state. In response to the indication, the synchronization system performs synchronization by comparing each subsequent real next state of the device hardware with the vetted states until initial synchronization occurs when any subsequent real next state matches a vetted state. The learning system receives feedback from the device hardware in response to the indication, and when indicated by the feedback, updates the model in accordance with the feedback.
    Type: Grant
    Filed: March 21, 2018
    Date of Patent: May 25, 2021
    Assignee: NXP USA, Inc.
    Inventors: Monica C. Farkash, Jayanta Bhadra, Sandip Ray, Wen Chen
  • Patent number: 11003763
    Abstract: Provided is a method for achieving a security function for a security control device for controlling a device or an installation, including: a basic control device, and a security module and having the following steps of a) providing at least one first partial secret which is stored in the basic control device, b) providing at least one second partial secret which is stored in the security module, c) combining the at least one first partial secret and the at least one second partial secret in order to achieve the security function, wherein the at least one first partial secret is broken down into sections of a predefinable size and the set of sections is gradually combined with the at least second partial secret by means of a calculation rule, which can be processed within a predefinable period during the execution of the calculation rule according to the size and set.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: May 11, 2021
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Hans Aschauer, Rainer Falk, Kai Fischer, Steffen Fries, Markus Heintel, Wolfgang Klasen, Axel Pfau
  • Patent number: 10997046
    Abstract: An information processing apparatus includes a BIOS storage unit that stores at least a Basic Input Output System (BIOS) program, a main controller that starts up an operating system by executing the BIOS program, and a sub-controller that manages peripheral apparatuses and accesses the BIOS storage unit, in which the sub-controller includes a digest computation unit that computes a digest value on the basis of BIOS program data stored in the BIOS storage unit in parallel to execution of a process in the main controller, and in which the main controller determines validity of the BIOS program on the basis of the digest value.
    Type: Grant
    Filed: January 9, 2020
    Date of Patent: May 4, 2021
    Assignee: LENOVO (SINGAPORE) PTE. LTD.
    Inventors: Yosuke Katayama, Yuichiro Seto, Ken Sasaki
  • Patent number: 10992697
    Abstract: Method and apparatus for detecting anomalous flights. Embodiments collect sensor data from a plurality of sensor devices onboard an aircraft during a flight. Feature definitions are determined, specifying a sensor device and an algorithm for deriving data values from sensor data collected from the device. Embodiments determine whether anomalous activity occurred during the flight using an anomaly detection model. An anomaly is detected including at least one of (i) a contextual anomaly where a data instance of a plurality of data instances is anomalous relative to a specific context, or (ii) a collective anomaly where two or more data instances are anomalous relative to a remainder of the plurality of data instances, even though each of the two or more data instances is not anomalous in and of itself. A report specifying a measure of the anomalous activity for the flight is generated.
    Type: Grant
    Filed: February 26, 2020
    Date of Patent: April 27, 2021
    Assignee: THE BOEING COMPANY
    Inventors: Jason M. Keller, James M. Ethington, Liessman E. Sturlaugson, Mark H. Boyd
  • Patent number: 10985916
    Abstract: An apparatus receives a signal to perform secure erasure of a storage medium. The apparatus, responsive to reception of the signal, erases the storage medium by performing at least the following operations. An encryption key is erased. The encryption key is stored on the storage medium and is used to encrypt data on the storage medium. The apparatus generates a fake encryption key that is different from the encryption key and stores storing the fake encryption key on the storage medium. The encryption key and/or fake encryption key may be stored on the medium in multiple parts. The encryption key may be generated using random data from the medium. The apparatus may be the storage medium or a computer system that access the storage medium. The erasure can be performed in response to a request by a user. The medium may be an erasure-resistant storage medium.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: April 20, 2021
    Assignee: International Business Machines Corporation
    Inventors: Diana Arroyo, Jia Jun Brandon Lum, Alaa Youssef
  • Patent number: 10978123
    Abstract: A data system includes an information bus, a volatile memory located on the information bus, and an MRAM located on the information bus. The data system includes threat detection circuitry. In response to a threat condition to the MRAM, data is transferred via the information bus from the MRAM to the volatile memory for storage during a threat to the MRAM as indicated by the threat condition. In some examples, the threat condition is characterized as a magnetic field exposure.
    Type: Grant
    Filed: December 4, 2018
    Date of Patent: April 13, 2021
    Assignee: NXP USA, Inc.
    Inventors: Geoffrey Mark Lees, Lawrence Loren Case, Nihaar N. Mahatme, Jeffrey C. Cunningham
  • Patent number: 10964035
    Abstract: A device is provided for encrypting and/or decrypting a point cloud having a plurality of data points that collectively produce a three-dimensional (“3D”) image. Each data point may have a set of elements with values that define a position of the data point in 3D space and visual characteristics of the data point. Encrypting the point cloud may include deterministically a set of data point to encrypt, and deterministically changing the data point element values of the selected data points so that the 3D image produced by the encrypted data points is different than the 3D produced from the unencrypted data points. Decrypting the resulting encrypted point cloud may include deterministically reselecting the encrypted data points using an encryption key, and deterministically reversing the changes made to the data point element values of the selected data points based on transformations that are specified as part of the encryption key.
    Type: Grant
    Filed: November 20, 2020
    Date of Patent: March 30, 2021
    Assignee: Illuscio, Inc.
    Inventors: Robert Monaghan, Venkatarao Maruvada, Joseph Bogacz
  • Patent number: 10915635
    Abstract: A system for providing security in a computer system is provided. The system includes a physical unclonable function (PUF) device and one or more logic circuits. At startup of the computer system, the logic circuits call the PUF device a preset plurality of times with an identical input value to generate a plurality of PUF values that are candidate identifiers of an integrated circuit. The logic circuits apply a hash function to the candidate identifiers to produce respective hash values. The logic circuits also access a reference hash value from a non-volatile memory and verify all of the respective hash values using the reference hash value. The logic circuits further enable the computer system to operate in a first mode or a second mode based on the verification results.
    Type: Grant
    Filed: December 22, 2017
    Date of Patent: February 9, 2021
    Assignee: THE BOEING COMPANY
    Inventor: Laszlo Hars
  • Patent number: 10909312
    Abstract: Configurations and techniques for a research study management system are disclosed, enabling deployment of an extensible, reproducible, and deployable template for use in assessment, intervention, or other research studies. In an example, a technique to configure a template to use in a research project includes associating the template with one or more instruments to collect project data, associating the template with one or more tools to process the collected project data, associating the template with a data set definition, and defining one or more rules of operation for the template. In a further example, a technique to deploy the template for use in a research project includes defining a schedule based on the template, defining a plurality of configuration parameters of one or more instruments, and deploying the template to engage a human study participant to perform data collection activities via the one or more instruments.
    Type: Grant
    Filed: December 4, 2015
    Date of Patent: February 2, 2021
    Assignee: MEI Research, Ltd.
    Inventors: Jared D. Sieling, James P. Shields
  • Patent number: 10908819
    Abstract: A media drive system (310) configured for use with a media drive (314) that performs read/write operations relative to a media cartridge (316) includes a system housing (312). The system housing (312) includes a housing body (312A) and a controller (350) that is secured to the housing body (312A). The controller (350) is configured to control functionality of the tape drive (314). More specifically, the inclusion of the controller (350) as part of the system housing (312) enables the media drive system (310) to achieve greatly enhanced functionality. For example, the media drive system (310) can greatly enhance the speed of various desired read/write operations performed within the media drive (314), especially when the requested files or file segments are not necessarily initially provided in sequential order on the media cartridge (316). The controller (350) can include one or both of a processor (352) and a memory system (354).
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: February 2, 2021
    Assignee: QUANTUM CORPORATION
    Inventor: Thomas Carroll Willis, Jr.
  • Patent number: 10901918
    Abstract: Server resources in a data center are disaggregated into shared server resource pools, which include a pool of secure processors. Advantageously, servers are constructed dynamically, on-demand and based on a tenant's workload requirements, by allocating from these resource pools. According to this disclosure, secure processor modules for new servers are allocated to provide security for data-in-use (and data-at-rest) in a dynamic fashion so that virtual and non-virtual capacity can be adjusted in the disaggregate compute system without any downtime, e.g., based on workload security requirements and data sensitivity characteristics. The approach herein optimizes an overall utilization of an available secure processors resource pool in the disaggregated environment. The resulting disaggregate compute system that is configured according to the approach cryptographically-protects workload data whenever it is outside the CPU chip.
    Type: Grant
    Filed: November 29, 2018
    Date of Patent: January 26, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: HariGovind V. Ramasamy, Eugen Schenfeld, Valentina Salapura, John A. Bivens, Yaoping Ruan, Min Li, Ashish Kundu, Ruchi Mahindru, Richard H. Boivie
  • Patent number: 10897473
    Abstract: Systems, methods, and computer-readable storage media for improved data comparison, particularly when scanning large amounts of data for particular conditions or configurations. With respect to cyber-security, this improvement takes the form of receiving a plurality of threat conditions for cyber threats against a networked computer device; identifying commonalities among the plurality of threat conditions by comparing each threat condition in the plurality of threat conditions against the plurality of threat conditions; generating, based on the commonalities, a hierarchy for scanning of the cyber threats; and scanning for the cyber threats according to the hierarchy.
    Type: Grant
    Filed: June 15, 2018
    Date of Patent: January 19, 2021
    Assignee: TRINITY CYBER, LLC
    Inventors: Stephen Ryan, Stefan BARANOFF, John Searles
  • Patent number: 10812515
    Abstract: A computer program product for performing anomaly detection, a detected anomaly being indicative of an undesirable event, the computer program product comprising: a non-transitory tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising: receiving data comprising a plurality m of multidimensional datapoints (MDDPs), each data point having n features; constructing a dictionary D based on the received data; embedding dictionary D into a lower dimension embedded space; and classifying, based in the lower dimension embedded space, an MDDP as an anomaly or as normal.
    Type: Grant
    Filed: September 29, 2019
    Date of Patent: October 20, 2020
    Assignee: ThetaRay Ltd.
    Inventors: David Segev, Gil Shabat, Amir Averbuch