38th week of 2014 patent applcation highlights part 223 |
Patent application number | Title | Published |
20140281505 | Augmenting Name/Prefix Based Routing Protocols With Trust Anchor In Information-Centric Networks - An apparatus comprising a memory, a processor coupled to the memory, wherein the memory contains instructions that when executed by the processor cause the apparatus to receive an information centric network (ICN) name prefix announcement message comprising a message prefix specific to a publisher, a public key certificate specific to the content publisher, and a signature specific to the content publisher, verify the signature with a name registration service (NRS), and update internal data indicating that the content publisher is a trusted publisher, wherein the internal data comprises the prefix, the public key, and the signature. | 2014-09-18 |
20140281506 | SOFT TOKEN SYSTEM - Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment a method is provided for soft token management. A mobile device of a user of a secure network resource receives and installs a soft token application. A unique device ID of the mobile device is programmatically obtained by the soft token application. A seed for generating a soft token for accessing the secure network resource is requested by the soft token application. Responsive to receipt of the seed by the soft token application, the soft token is generated based on the seed and the soft token is bound to the mobile device by encrypting the seed with the unique device ID and a hardcoded pre-shared key. | 2014-09-18 |
20140281507 | TECHNIQUES FOR DETECTING INCORRECT WEP KEY FOR OPEN AUTHENTICATION - Techniques for detecting reason for connection attempt failure for DHCP with an Open Key authentication (WEP) protocol are discussed. | 2014-09-18 |
20140281508 | CHANGING GROUP MEMBER REACHABILITY INFORMATION - In an embodiment, a method comprises obtaining a second network address at a computer node, which has been already associated with a first network address and provided first keying information; sending, to a key server computer, an update message that comprises both the first network address and the second network address; using the first keying information to encrypt messages that the computer node sends from the second network address to one or more other members of a group. | 2014-09-18 |
20140281509 | TECHNIQUES FOR SECURE DATA EXTRACTION IN A VIRTUAL OR CLOUD ENVIRONMENT - Techniques for secure data extraction in a virtual or cloud environment are presented. Desired data from a Virtual Machine (VM) or an entire VM is extracted and encrypted with a key. This key is sealed to a machine or a group of machines. The encrypted data is then migrated and successfully used on startup for instances of the VM by having the ability to access the sealed key (and unsealing it) to decrypt the encrypted data. | 2014-09-18 |
20140281510 | DECRYPTION OF DATA BETWEEN A CLIENT AND A SERVER - Technologies for securing communication may include monitoring a secured network connection between a client and a server. The secured network connection may be secured using a symmetric cryptographic key. The technologies may also include detecting a transmission of secured information between the client and the server, copying the transmission, forwarding the transmission to an intended recipient, decrypting the transmission using the symmetric cryptographic key, and determining whether the transmission is indicative of malware. | 2014-09-18 |
20140281511 | SECURE DATA PROCESSING ON SENSITIVE DATA USING TRUSTED HARDWARE - The subject disclosure is directed towards using trusted hardware to achieve secure data processing over a network. For a given set of data store operations, some operations are directed to sensitive data (e.g., encrypted data fields). These operations are compiled into a set of expressions invoking trusted hardware code configured to evaluate these expressions using corresponding data centric primitive programs. Because the trusted hardware is configured to maintain key data for encrypting/decrypting the sensitive data, the sensitive data is not accessible by an untrusted component while the sensitive data is decrypted. | 2014-09-18 |
20140281512 | SECURE QUERY PROCESSING OVER ENCRYPTED DATA - The subject disclosure is directed towards secure query processing over encrypted database records without disclosing information to an adversary except for permitted information. In order to adapting semantic security to a database encryption scheme, a security model for all query processing is specified by a client and used to determine which information is permitted to be disclosed and which information is not permitted. Based upon the security model, a trusted, secure query processor transforms each query and an encrypted database into secure query results. Even though the adversary can view the secure query results during communication to the client, the adversary cannot determine any reliable information regarding the secure query results or the encrypted database. | 2014-09-18 |
20140281513 | BLOCK ENCRYPTION - A method of storing a file is provided. The method includes splitting the file into a plurality of file chunks and encrypting each file chunk of the plurality of file chunks. The method also includes generating a first security key that decrypts a first encrypted file chunk of the plurality of encrypted file chunks and storing ones of the plurality of encrypted file chunks at a second location separate and distinct from the first location. The method also includes storing a second security key that decrypts a second encrypted file chunk of the plurality of file chunks at the first encrypted file chunk where access is gained to the second security key when the first encrypted file chunk is decrypted using the first security key. | 2014-09-18 |
20140281514 | AUTOMATIC FILE ENCRYPTION - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension. | 2014-09-18 |
20140281515 | ENCRYPTED FILE PRESENTATION - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension. | 2014-09-18 |
20140281516 | AUTOMATIC FILE DECRYPTION - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension. | 2014-09-18 |
20140281517 | FILE BACKUP WITH SELECTIVE ENCRYPTION - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension. | 2014-09-18 |
20140281518 | MULTI-TIER FILE RESTORATION - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension. | 2014-09-18 |
20140281519 | ENCRYPTED FILE BACKUP - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension. | 2014-09-18 |
20140281520 | SECURE CLOUD DATA SHARING - A system and method for sharing an encrypted file stored on a cloud server is disclosed. In certain embodiments, the method includes generating a file key associated with the encrypted file stored in the cloud server; generating a share message, the share message including the generated file key and identifying a recipient user and the encrypted file stored in the cloud server; encrypting the file key using an identification key of the recipient user to generate a share key; storing the share key in the cloud server; notifying the recipient user of the encrypted file and share key stored on the cloud server; retrieving the encrypted file and the share key from the cloud server; decrypting the share key using the identification key of the recipient user to reconstruct the file key; and using the reconstructed file key to decrypt the encrypted file. | 2014-09-18 |
20140281521 | Method, System, Network Server And Storage Medium For Anonymous Dating - In a method, system, network server and storage medium for anonymous dating, the system obtains dating information transmitted by a dating information sender; encrypts an account of the dating information sender; performs random pairing for the dating information sender in the system for anonymous network dating; determines information of a dating information receiver according to a pairing result; and transmits to the dating information receiver the dating information after the account is encrypted. | 2014-09-18 |
20140281522 | METHOD AND APPARATUS FOR ESTABLISHING A SECURE COMMUNICATION LINK BETWEEN A MOBILE ENDPOINT DEVICE AND A NETWORKED DEVICE - A method, non-transitory computer readable medium, and apparatus for establishing a secure communication link between a mobile endpoint device and a networked device are disclosed. For example, the method scans an optical code, wherein the optical code contains configuration information and an encryption key, configures the mobile endpoint device in accordance with the configuration information, sends a request to the networked device to establish the secure communication link, wherein the request is encrypted using the encryption key and receives a confirmation from the networked device that the secure communication link is established between the mobile endpoint device and the networked device once the networked device has authenticated the mobile endpoint device based upon the request, wherein the confirmation is encrypted using the encryption key. | 2014-09-18 |
20140281523 | System and method of secure remote authentication of acquired data - A computer-implemented method and an according system of secure remote authentication of acquired data is provided to allow a more secure and verifiable acquisition of digital data. The method may comprise exchanging between a user device and a security managing device seed information and generating synchronized random number time stamps on both devices based on the exchanged seed information, acquiring digital data using the user device, generating metadata with at least user time information upon acquisition of the digital data and providing authenticated digital data from at least the acquired digital data, the metadata and a user time stamp. Further, the method may comprise transmitting the authenticated digital data to the security managing device and verifying upon reception of the authenticated digital data, whether the user time information and the user time stamp of said authenticated digital data corresponds to verification time information and a correlating verification time stamp. | 2014-09-18 |
20140281524 | SYSTEMS, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR RECORDING SERVICE STATUS OF APPLICATIONS - A method for use in a system with multiple processor-based devices, the method including: running a first application on a first processor-based device; maintaining a second application in a standby mode on the first processor-based device; and providing a service to each of the first and second applications on the first processor-based device by a service-providing application on the first processor-based device, wherein providing the service includes maintaining a record regarding service statuses of the first application and the second application in which the record stores a respective entry for each of the first and second applications to reflect an active service status for the first application and a standby service status of the second application. | 2014-09-18 |
20140281525 | MINIMAL DISCLOSURE CREDENTIAL VERIFICATION AND REVOCATION - The subject disclosure is directed towards credential verification for accessing a service provider. A user may prove to the service provider the validity of the credential by communicating a non-revocation component that is based upon a prime-order cryptographic group without a bilinear pairing. In order to authenticate the user, a verification mechanism within an identity management system applies private cryptographic data, including a verifier-designated private key to the non-revocation component, which proves that the user's identity and therefore, the credential is not revoked. The presentation proof includes a hash value that is computed using the credential's commitment and the prime-order cryptographic group. By verifying that the hash value was computed using that commitment, the verification mechanism validates the credential and permits access to the service provider. | 2014-09-18 |
20140281526 | Secure Network Storage - This invention includes apparatus, systems, and methods to secure data in a remote storage device where an end-point device does not have direct access to the storage device to secure the data, or the end-point device does not trust the storage device to adequately secure the data, comprising securing an authenticated communication between the end-point device and a synchronized storage server via a communication network. The synchronized storage server sends the end-point device a notification including the root folder list. The end-point device compares the sent root folder list to a previously stored root folder list in the end-point devices' memory. If the end-point device detects either a new root folder on the synchronized storage server, a change in an existing folder, or deleted content in a folder the end-point device will determine that a change is required to the stored data. Next the end-point device will synchronize with the synchronized storage server and create a new storage list. Finally, the synchronized storage server will send the end-point device a new encrypted folder encryption key which includes the encrypted file contents along with identifying information such as the server name and revision information. | 2014-09-18 |
20140281527 | Detecting Fraud Using Operational Parameters for a Peripheral - A secure provisioning manifest used to authenticate and securely communicate with peripherals attached to a computer is provided with techniques to withdraw the authentication and terminate the secure communications with any peripheral when operating parameters for the peripheral indicate that there is a security threat associated with the peripheral. A secure I/O module, that is separate from an operating system and transaction software executed by a processor of the computer, uses the secure provisioning manifest to establish a secure encrypted session for communicating with each peripheral attached to the computer when a peripheral is authenticated and able to establish a secure encrypted session. The secure I/O module uses current and known operating parameters for each peripheral to periodically determine if a peripheral has been compromised by a security threat. | 2014-09-18 |
20140281528 | Secure End-to-End Permitting System for Device Operations - A permitting system for controlling devices in a system includes a permit issuing agent that receives a command to be sent to a device. Based upon at least one attribute of the command, the permit issuing agent identifies one or more business logic modules that is pertinent to the command. Each business logic module has a respectively different set of business rules associated with it. Each identified business logic module determines whether the command complies with the business rules associated with that module. If the command is determined to comply with the business rules of all of the identified business logic modules, the agent issues a permit for the command, and the permit is sent to the device for execution of the command. | 2014-09-18 |
20140281529 | KEY REFRESH BETWEEN TRUSTED UNITS - Encryption logic to identify a particular session key, where the particular session key is one of a plurality of session keys for use in encrypting content to be sent from a first device. The encryption logic is to encrypt particular content with the particular session key to obtain encrypted particular content. I/O logic is provided that can cause the particular content to be sent with a key refresh structure, where the key refresh structure is to identify that the particular session key was used to encrypt the particular content. | 2014-09-18 |
20140281530 | Enhanced IPsec Anti-Replay/Anti-DDOS Performance - A method for authenticating an Internet Protocol Security (IPsec) packet, wherein the method comprises, receiving the IPsec packet via an input port, performing a Sequence-Integrity Check Value (SEQ-ICV) check that validates a sequence number within the IPsec packet, and performing an Integrity Check Value (ICV) check that validates a checksum within the IPsec packet, wherein the SEQ-ICV check is performed before the ICV check. In yet another example embodiment, an apparatus for transmitting an IPsec packet, comprising a processor, and a transmitter coupled to the processor, wherein the transmitter is configured to transmit an IPsec packet that comprises a header that comprises a sequence number field that provides a sequence number, and a payload that comprises one or more SEQ-ICV segments used to authenticate the sequence number within the IPsec packet. | 2014-09-18 |
20140281531 | TRUSTED DATA PROCESSING IN THE PUBLIC CLOUD - Generally, this disclosure describes a system and method for trusted data processing in the public cloud. A system may include a cloud server including a trusted execution environment, the cloud server one of a plurality of cloud servers, a cloud storage device coupled to the cloud server, and a RKM server including a key server module, the RKM server configured to sign the key server module using a private key and a gateway server configured to provide the signed key server module to the cloud server, the trusted execution environment configured to verify the key server module using a public key related to the private key and to launch the key server module, the key server module configured to establish a secure communication channel between the gateway server and the key server module, and the gateway server configured to provide a cryptographic key to the key server module via the secure communication channel. | 2014-09-18 |
20140281532 | INFORMATION DELIVERY SYSTEM WITH ADVERTISING MECHANISM AND METHOD OF OPERATION THEREOF - An information delivery system includes: a control unit configured to: generate an anonymous identity for concealing client information of an anonymous client from a provider, generate a comparison result for determining whether a client encryption data of the anonymous identity matches with a provider encryption data of the provider, obtain a provider notification based on the comparison result of a match for displaying on a device, and a user interface, coupled to the control unit, configured to display the provider notification. | 2014-09-18 |
20140281533 | Systems And Methods For Providing Secure Services - Systems and methods for providing one or more secure services are disclosed. One method can comprise authenticating and/or authorizing a user device to receive a security token. A request for information can be processed using the security token to facilitate the secure provision of services to the user device. | 2014-09-18 |
20140281534 | EHF Secure Communication Device - A communication device employs a contactless secure communication interface to transmit and receive data with a computing device using close proximity extremely high frequency (EHF) communication. The communication device and the computing device periodically initiate a discovery operation mode, whereby the devices periodically transmit identifying information about the respective devices and listen for identifying information from the other device. Upon completion of the discovery mode operation, the devices enter a link-training operation mode and exchange capability information about the respective devices. During transport mode operation the communication device employs methods to manage access to data stored on the communication device by encrypting the data using one or a combination of training information or capability information as a basis for generating an encryption key. | 2014-09-18 |
20140281535 | Apparatus and Method for Preventing Information from Being Extracted from a Webpage - An apparatus and method that prevents unauthorized extraction of content on a webpage is provided. The apparatus includes a server that provides data representing at least one webpage via a communication network to at least one requesting user, the data including source code, the source code having at least one attribute with an associated attribute name value. A processor is coupled to the server, analyzes the source code and selectively encrypts the attribute name value for each of the at least one attribute. The server provides a modified source code including the encrypted attribute name value to the at least one requesting user, the modified source code being able to be properly rendered on a display of the at least one requesting user and prevent unauthorized extraction of content associated with the at least one web page. | 2014-09-18 |
20140281536 | SECURED EMBEDDED DATA ENCRYPTION SYSTEMS - Devices generate security vectors based on their own attributes. A device's security vectors compose its transformation matrix. The devices securely share copies of their transformation matrices with other devices. A transmitting device adds its unique MAC to packets, encrypts those packets using its own transformation matrix, and transmits those packets. A receiving device uses its copy of the transmitting device's transformation matrix to decrypt the data in a packet, determining whether a MAC extracted from that packet matches the transmitting device's MAC. The receiving device can permit or prevent further processing of the packet's data depending on whether the MACs match. Each device can store a copy of a same program that can be used to derive derivative security vectors from existing security vectors. Each device in the network can derive the same set of derivative vectors for any selected other device in the network, thereby “evolving” the transformation matrices. | 2014-09-18 |
20140281537 | PROTECTION OF CONTROL WORDS EMPLOYED BY CONDITIONAL ACCESS SYSTEMS - In accordance with a method for communicating a control word (CW) from a client such as an encryptor to a server such as the entitlement control message generator (ECMG) of a conditional access system (CAS), communication is established between the client and server over a secure connection. A control word to be encrypted is received by the client and encrypted using a first and second key. The first key is a global secret key (GSK) that is known to the client and the server without being communicated over the secure connection. The second key is a control word encryption key (CWEK) that is derived from a locally generated client nonce (CN) and a server nonce (SN) obtained from the server over the secure connection. The encrypted control word (ECW) is sent to the server over the secure connection. | 2014-09-18 |
20140281538 | ACCELERATED SIGNATURE VERIFICATION ON AN ELLIPTIC CURVE - A public key encryption system exchanges information between a pair of correspondents. The recipient performs computations on the received data to recover the transmitted data or verify the identity of the sender. The data transferred includes supplementary information that relates to intermediate steps in the computations performed by the recipient. | 2014-09-18 |
20140281539 | Secure Mobile Framework With Operating System Integrity Checking - Systems and methods for a secure mobile framework to securely connect applications running on mobile devices to services within an enterprise are provided. Various embodiments provide mechanisms of securitizing data and communication between mobile devices and end point services accessed from a gateway of responsible authorization, authentication, anomaly detection, fraud detection, and policy management. Some embodiments provide for the integration of server and client-side security mechanisms, and for the binding of a user/application/device to an endpoint service along with multiple encryption mechanisms. For example, the secure mobile framework provides a secure container on the mobile device, secure files, a virtual file system partition, a multiple level authentication approach (e.g., to access a secure container on the mobile device and to access enterprise services), and a server side fraud detection system. In some embodiments, the multiple level authentication approach can include an operating system integrity check as part of the secure mobile framework. | 2014-09-18 |
20140281540 | KEYCHAIN SYNCING - Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels. | 2014-09-18 |
20140281541 | AUTHENTICATION FOR RELAY DEPLOYMENT - Techniques for proving enterprise mode security for relays are disclosed. For example, enterprise mode security based on IEEE 802.1x is provided for relays or other similar devices to extend the coverage of access point hotspots or other similar access point use cases. According to one aspect, a relay incorporates an authentication client associated with an authentication server. According to another aspect, a four address format is employed for tunneling messages via a relay between a station and an access point. According to another aspect, a cryptographic master key associated with an access point and a station is provided to a relay to enable the relay to be an authenticator for the station. | 2014-09-18 |
20140281542 | SYSTEMS AND METHODS FOR SECURE WORKGROUP MANAGEMENT AND COMMUNICATION - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser. | 2014-09-18 |
20140281543 | HOST DEVICE CONFIGURED FOR AUTHENTICATION WITH MEMORY DEVICE - A host device connected to a data recording device, includes a holding unit for holding a host device key and a host device certificate, an authentication/key exchange process unit configured to perform an authentication/key exchange process with the data recording device using the host device key and the host device certificate to receive medium device key certificate ID held in the data recording device and contained in the medium device key certificate, an interface unit configured to perform data communication with the data recording device through a secure channel, and an identification information generating unit configured to receive second controller identification information generated in the data recording device based on the first controller identification information by data communication through the secure channel and the interface unit, to generate data recording device identification information based on the second controller identification information and the medium device key certificate ID. | 2014-09-18 |
20140281544 | Trusted Security Zone Containers for the Protection and Confidentiality of Trusted Service Manager Data - Embodiments relate generally to systems and methods for providing access to a trusted security zone container within a trusted security zone of a mobile device. An application may receive trusted service manager validation data from a trusted service manager. The application may also receive a trusted security zone master key, wherein the trusted security zone master key provides access to a plurality of trusted security zone containers within the trusted security zone. The application may hash the trusted service manager validation data with the trusted security zone master key. The application may generate the trusted security zone sub key based on hashing to access one or more containers. One or more signal may be transmitted to provision the set of one or more trusted security zone containers with the trusted security zone sub key. The application may provide the sub key to the trusted service manager to access a container. | 2014-09-18 |
20140281545 | MULTI-LAYER EMBEDDED ENCRYPTION - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension. | 2014-09-18 |
20140281546 | HEDI-Hopping-Enabled Dynamically-secured Intercommunication (AKA SockHop) - In one embodiment, a secure client-server socket-based Internet communication system uses socket hopping to distribute communication channels per session to a large number of randomly-selected socket ports. | 2014-09-18 |
20140281547 | Wireless Pairing of Personal Health Device with a Computing Device - Systems and methods for the wireless pairing of a personal health device (PHD) (e.g., blood glucose monitor) with a computing device (e.g., smartphone) are disclosed herein. In an embodiment, the PHD communicates a private key to the computing device via a first communication medium (e.g., light signal, audio signal, pattern). The PHD receives from the computing device via a second wireless communication medium (e.g., Bluetooth® or WiFi) pairing information including the private key. The PHD can then establish a secure communication channel with the computing device by pairing the PHD to the computing device. | 2014-09-18 |
20140281548 | INTRA-COMPUTER PROTECTED COMMUNICATIONS BETWEEN APPLICATIONS - Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed. | 2014-09-18 |
20140281549 | METHODS AND APPARATUS FOR SECURING USER INPUT IN A MOBILE DEVICE - The present invention secures user data throughout its lifecycle—(1) when entering data into the mobile device, (2) when storing the data in the mobile device, and (3) when transmitting data from the mobile device. In accordance with a first aspect of the invention, the invention features a methodology for encrypting and passing the keystrokes to the application in an encrypted format. In accordance with a second aspect of the invention, the invention features a methodology to store data in a vault in an encrypted form and launch an application with the data from the vault. In accordance with a third aspect of the invention, the invention features a methodology to transmit data from the mobile device to an external application securely. | 2014-09-18 |
20140281550 | Distributed Storage Network and Method for Storing and Retrieving Encryption Keys - A method begins by a distributed storage (DS) managing unit receiving an encryption key to store. The method continues by determining an encryption method and encrypting the encryption key with the determined encryption method to produce an encrypted key. The method continues by encoding and storing the encrypted key in accordance with a dispersed storage error coding function to produce a set of encoded encrypted key slices, wherein a decode threshold number of the encoded encrypted key slices of the set of encoded encrypted key slices are required to reconstruct the encrypted key. Retrieval of the stored encryption key includes retrieving and decoding at least a decode threshold number of the encoded encrypted key slices of a set of encoded encrypted key slices from storage units of the DSN. The method may include raising or lowering the decode threshold or modifying the retrieval order to increase/decrease security. | 2014-09-18 |
20140281551 | DATA RECORDING DEVICE, AND METHOD OF PROCESSING DATA RECORDING DEVICE - A controller is provided with a controller key and a first controller identification information unique to the controller. The controller generates a controller unique key unique to a respective controller based on the controller key and the first controller identification information, and a second controller identification information based on the first controller identification information. A decryptor decrypts the encrypted medium device key using the controller unique key to obtain a medium device key. An authentication/key exchange process unit performs authentication/key exchange process with the host device through an interface unit using the medium device key, the medium device key certificate and the second controller identification information to establish a secure channel. | 2014-09-18 |
20140281552 | RECORDING MEDIUM - A recording medium is attachable to and detachable from an apparatus body, and is supplied with power from the apparatus body when it is attached to the apparatus body. This recording medium includes: an encryption/decryption control unit performing encryption and decryption of data transmitted from the apparatus body; an authentication control unit performing an authentication procedure for authenticating a password sent from the apparatus body; a non-volatile memory storing an encryption key to be used in the encryption/decryption control unit and the authentication password to be used for authentication in the authentication control unit, and having a data recording area for recording data encrypted by the encryption/decryption control unit; and a volatile memory for storing recorded-position information of data recorded in the data recording area of the non-volatile memory under an unauthenticated condition that the authentication procedure by the authentication control unit has not been performed. | 2014-09-18 |
20140281553 | SECURE COMMUNICATIONS KIT AND CLIENT DEVICE FOR SECURELY COMMUNICATING USING THE SAME - A secure communication kit is disclosed. The secure communication kit may include a plurality of tangible security tokens; each security token storing one or more cryptographic keys and a group identifier. A first cryptographic key stored on each security token may correspond to one of the cryptographic key(s) stored on every of the other security tokens. The group identifier stored on each security token may correspond to each group identifier stored on every of the other security tokens. A client device for securely communicating using the secure communication kit is also disclosed. | 2014-09-18 |
20140281554 | GENERATING KEYS USING SECURE HARDWARE - A client device that is coupled to a host device sends a parent public key and an associated certificate to the host device. The parent public key, the certificate and a corresponding parent private key are stored in secure persistent storage included in a secure device associated with the client device. The client device receives instructions from the host device for generating a child private and public key pair. In response to receiving the instructions, the client device generates a child private key based on a first random number produced within the secure device, and a child public key associated with the child private key. The client device computes a first signature on the child public key using the parent private key. The client device sends the child public key and the first signature to the host device. | 2014-09-18 |
20140281555 | GENERALIZED CERTIFICATE USE IN POLICY-BASED SECURE MESSAGING ENVIRONMENTS - Within a secure messaging environment, a determination is made that a request to send a message has been generated by a user. A message protection policy configured to process the message within the secure messaging environment is identified. The message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a user-assigned digital certificate of the user, is configured with an associated private key to digitally sign the message on behalf of the user. Based upon the message protection policy, a determination is made to digitally sign the message using the private key of the secured digital certificate. The message is signed on behalf of the user using the private key of the secured digital certificate. | 2014-09-18 |
20140281556 | MEDIA PRESENTATION DESCRIPTION VERIFICATION - Methods and systems are described for verifying the source and integrity of a media presentation description (MPD) defined by the Dynamic Adaptive Streaming over HTTP (DASH) protocol. A streaming client receives an MPD from an MPD publisher. The MPD can include addresses associated with one or more media servers and/or advertising servers. The streaming client can receive from the MPD publisher at least one of a digital signature, cryptographic key, and certificate information associated with the MPD. The streaming client can verify the legitimacy of the MPD by verifying the digital signature using the received cryptographic key. The streaming client may use the certificate information to verify the MPD. The streaming client can prevent playing the media associated with the MPD if the MPD is not legitimate. The legitimacy of servers associated with addresses in the MPD may also be verified using authentication information for servers stored in the MPD. | 2014-09-18 |
20140281557 | DIGITAL RIGHTS TAGGING SYSTEM AND METHOD - A system is provided that includes a receiving component a first encrypting component and a second encrypting component. The receiving component can receive, from a first user, item identification data based on a tangible item and an ownership verification indicator. The receiving component can also receive, from the first user, image data based on the tangible item. The first encrypting component can generate encrypted item identification data based on the item identification data. The second encrypting component operable to generate encrypted image data based on the image data. The resultant set of encrypted information is stored so as to associate the image and the ownership data for use later as proof of ownership of an item and its associated rights. | 2014-09-18 |
20140281558 | GENERALIZED CERTIFICATE USE IN POLICY-BASED SECURE MESSAGING ENVIRONMENTS - Within a secure messaging environment, a determination is made that a request to send a message has been generated by a user. A message protection policy configured to process the message within the secure messaging environment is identified. The message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a user-assigned digital certificate of the user, is configured with an associated private key to digitally sign the message on behalf of the user. Based upon the message protection policy, a determination is made to digitally sign the message using the private key of the secured digital certificate. The message is signed on behalf of the user using the private key of the secured digital certificate. | 2014-09-18 |
20140281559 | Systems and Methods for Distributing, Displaying, Viewing, and Controlling Digital Art and Imaging - System and method for displaying digital content on a display device comprising at least one digital content item, configured to be displayed on the display device, a service cloud, comprising a server, memory, and processor, configured to store the digital content item as one or more encrypted slices, and a crypto controller, running on the service cloud server, configured to download a cypher key stored in the service cloud memory. The cypher key is configured to be encoded with a unique identification corresponding to the display device and lock the digital content item to that display device. The service cloud processor is configured to retrieve the encrypted slices, assemble the slices into one or more encrypted particles, and send the encrypted particles and the cypher key to the display device for assembly by the cypher key into the digital content item using an activation code provided by the crypto controller. | 2014-09-18 |
20140281560 | SECURE ZONE ON A VIRTUAL MACHINE FOR DIGITAL COMMUNICATIONS - An apparatus implementing a secure zone on one or more virtual machines may be provided. In one aspect, the apparatus may comprise a peripheral device, a security-enhancing chip and a computer processor. The chip may comprise a non-volatile storage for storing an encryption key and a first configuration digest, and may be configured to receive configuration data, create a second configuration digest based on the received configuration data, and allow access to the encryption key based on comparison of the first and the second configuration digests. The computer processor may be configured to initialize a hypervisor, establish one virtual machine for executing code for a secure zone, and establish a second virtual machine for executing code for a non-secure. The code for the secure zone may initiate executing a task, and assume or transfer control over the peripheral device depending whether the apparatus is operating in a secure mode. | 2014-09-18 |
20140281561 | REGISTRATION AND AUTHENTICATION OF COMPUTING DEVICES USING A DIGITAL SKELETON KEY - A method for registering a computing device to a user account using at least one user-selected fingerprintable device externally accessible to the computing device including transmitting a registration information request to the computing device, receiving at least one device fingerprint of the at least one user-selected fingerprintable device accessible by the computing device, and primary identification data of the computing device, generating a skeleton key, recording the primary identification data, and associating the skeleton key and the primary identification data with the user account. A method for authenticating the computing device including transmitting an authentication information request to the computing device, receiving an encrypted identification data from the computing device, decrypting the encrypted identification data using a skeleton key associated with the user account, comparing the decrypted identification data with a primary identification data associated with the user account, and authenticating the computing device. | 2014-09-18 |
20140281562 | SYSTEM AND METHOD FOR UNIFIED PASSCODE PROCESSING - A system and method for unified password processing is provided. According to an aspect, a device can receive a unified passcode. The unified passcode can be a passcode for unlocking access to the device, or can be the basis for generating additional passwords or both. The unified passcode can also be used for generating additional passcodes for unlocking additional features of the device. The generated passcodes can also be used for unlocking modules that are connected to a device such as a universal integrated circuit card (UICC). In cases where a generated passcode can be used to unlock a UICC, the generated passcode is converted to a personal identification number (PIN). The mobile interface to the UICC can be extended to include alphanumeric passwords, in addition to PINs. | 2014-09-18 |
20140281563 | MEMORY DEVICE AUTHENTICATION PROCESS - An authentication process for a memory device that stores a host identification key and a host constant, includes generating a first key based on the host constant, decrypting encrypted secret identification information read from the external device using information generated with the host identification key to generate a secret identification information, generating a random number, generating a session key using the first key and the random number, generating a first authentication information by processing the secret identification information with the session key in a one-way function operation, and authenticating access to the memory device based on whether or not there is a match between the first authentication information and a second authentication information that is generated by the external device with the host constant transmitted to the external device. | 2014-09-18 |
20140281564 | METHOD OF AUTHENTICATING ACCESS TO MEMORY DEVICE - A method of authenticating access to a memory device that stores a host identification key and a host constant, includes generating a first key based on the host constant, decrypting a family key block read from an external device using the host identification key to generate a family key, decrypting encrypted secret identification information read from the external device using the family key to generate a secret identification information, generating a random number, generating a session key by using the first key and the random number, generating a first authentication information by processing the secret identification information with the session key in one-way function operation, and authenticating access to the memory device based on whether or not there is a match between the first authentication information and a second authentication information that is generated by the external device with the host constant transmitted to the external device. | 2014-09-18 |
20140281565 | CONFIGURABLE PERSONAL DIGITAL IDENTITY DEVICE RESPONSIVE TO USER INTERACTION - A personal digital ID device provides a digital identifier to a service for a predetermined duration in response to user interaction. The user interaction may include a button press. The personal digital ID device may be in the form of a bracelet, a key fob, or other form factor. The service may be provided by a mobile device, in the cloud, or elsewhere. | 2014-09-18 |
20140281566 | PERSONAL DIGITAL IDENTITY DEVICE WITH MOTION SENSOR - A personal digital ID device provides a digital identifier to a service for a predetermined duration in response to user interaction. The user interaction may include a button press. The personal digital ID device may be in the form of a bracelet, a key fob, or other form factor. The service may be provided by a mobile device, in the cloud, or elsewhere. | 2014-09-18 |
20140281567 | Method for Authenticating an Encryption of Biometric Data - A method authenticates an encryption of a probe vector of biometric data based on an encryption of an enrolment vector of the biometric data using consistency of discriminative elements of the biometric data. The method determines an encryption of a first distance between discriminative elements of an enrolment vector stored at a server and a probe vector presented for an authentication. The method also determines an encryption of a second distance between discriminative elements of a first consistency vector stored at the server and a second consistency vector presented for the authentication. Next, the biometric data is authenticated based on encryptions of the first and the second distances. | 2014-09-18 |
20140281568 | Using Biometrics to Generate Encryption Keys - An electronic device may be used to support user authentication based on biometric readings. In this regard, a unique identification parameter may be generated for each user associated with the electronic device. The unique identification parameter may comprise a user identification input parameter (e.g., alphanumerical password) combined with a set of values (e.g., alphanumerical) generated based on biometrics data generated for the user. In this regard, the biometric based values may be generated based on configuring, for each possible biometric identifier, a range of valid values, such as based on a type of biometric identifier and a specified degree of accuracy. User access may be permitted based on obtaining of a subsequent biometric reading, and generating based thereon a second identification parameter that is compared with the unique identification parameters recognized by the electronic device. | 2014-09-18 |
20140281569 | BIOMETRIC AUTHENTICATION METHOD AND COMPUTER SYSTEM - A biometric authentication method for a computer system, the computer system comprising: a computer; and an authentication server, the biometric authentication method including steps of: extracting a first feature from the captured biometric information; generating a template polynomial for enrollment; extracting a second feature from the captured biometric information; generating a template polynomial for authentication; generating a correlation function for calculating a correlation between the template polynomial for authentication and the enrolled template polynomial; calculating a correlation value between the template polynomial for authentication and the enrolled template polynomial by using the generated correlation function, and determining based on the calculated correlation value whether or not the biometric information at the time of authentication coincides with the biometric information enrolled. | 2014-09-18 |
20140281570 | METHOD OF PERFORMING AN AUTHENTICATION PROCESS BETWEEN DATA RECORDING DEVICE AND HOST DEVICE - A method of performing an authentication process between a data recording device and a host device includes generating second controller identification information based on the first controller identification information, performing an authentication/key exchange process using the encrypted medium device key, the medium device key certificate, the host device key and the host device certificate to obtain medium device key certificate ID contained in the medium device key certificate, generating data recording device identification information based on the second controller identification information and the medium device key certificate ID, and generating a medium unique key based on the data recording device identification information. | 2014-09-18 |
20140281571 | Systems, Methods, and Devices for Encrypted Data Management - Key management for and automount of encrypted files, including recovering a master vault key file from an encoded vault key file, storing the vault key file within a previously mounted crypto key management virtual drive so as to provide a secure scratch pad area for temporary storage of the master vault key file. An open and mount module may then invoke a file mounting procedure by providing the vault key file name and a path corresponding to the crypto key management virtual drive to a virtual drive mounting module. The method of passing the vault key file to the file mounting utility module may comprise passing command line arguments equal to a pathname and filename to the file mounting utility. | 2014-09-18 |
20140281572 | Privacy Preserving Statistical Analysis on Distributed Databases - Aggregate statistics are securely determined on private data by first sampling independent first and second data at one or more clients to obtain sampled data, wherein a sampling parameter substantially smaller than a length of the data. The sampled data are encrypted to obtain encrypted data, which are then combined. The combined encrypted data are randomized to obtain randomized data. At an authorized third-party processor, a joint distribution of the first and second data is estimated from the randomized encrypted data, such that a differential privacy requirement of the first and second is satisfied. | 2014-09-18 |
20140281573 | ASYMMETRICALLY MASKED MULTIPLICATION - Methods and systems for masking certain cryptographic operations in a manner designed to defeat side-channel attacks are disclosed herein. Squaring operations can be masked to make squaring operations indistinguishable or less distinguishable from multiplication operations. In general, squaring operations are converted into multiplication operations by masking them asymmetrically. Additional methods and systems are disclosed for defeating DPA, cross-correlation, and high-order DPA attacks against modular exponentiation. | 2014-09-18 |
20140281574 | MULTI-RING ENCRYPTION APPROACH TO SECURING A PAYLOAD USING HARDWARE MODULES - Disclosed are systems and methods of employing a multi-ring encryption approach to secure a data payload. Each ring of encryption may be encrypted from a key derived from a password, such that each subsequent ring of protection is protected by a key derived from the key used to encrypt the previous ring of protection. Further, hardware-based encryption may be employed in one or more of the rings of protection to bind the encrypted payload to the hardware. Such systems and methods may be used to reduce the ability to parallelize an attack on encrypted data while also permitting password-related data to be synchronized across a network. | 2014-09-18 |
20140281575 | PRE-BOOT AUTHENTICATION USING A CRYPTOGRAPHIC PROCESSOR - An apparatus for cryptographic pre-boot authentication includes a cryptographic processor configured to perform cryptographic operations. The cryptographic processor includes a portion dedicated to the boot interface. The apparatus also includes a storage device storing machine readable code and a processor executing the machine readable code. The machine readable code includes a storage module storing a first cryptographic key on the cryptographic processor. The machine readable code further includes an encryption module encrypting an electronic message with a second cryptographic key. The machine readable code also includes a decryption module decrypting the electronic message with the first cryptographic key where an authorized user is granted access to a device upon successful decryption of the electronic message. | 2014-09-18 |
20140281576 | INFORMATION PROVIDING SYSTEM, INFORMATION PROCESSING APPARATUS, COMPUTER READABLE MEDIUM, AND INFORMATION PROVIDING METHOD - An information providing system includes first and second apparatuses. The first apparatus includes a memory storing a shared random number R | 2014-09-18 |
20140281577 | SYSTEM AND METHOD FOR MANAGING AND DIAGNOSING A COMPUTING DEVICE EQUIPPED WITH UNIFIED EXTENSIBLE FIRMWARE INTERFACE (UEFI)-COMPLIANT FIRMWARE - A computing device equipped with UEFI-compliant firmware is provided with added functionality via an extended firmware interface. The variable interface is called with special parameters, which redirect handling of firmware service calls. Embodiments use authenticated variables to provide security properties to the special interface, use the firmware interface to provide access to diagnostics, and use the firmware interface to provide access to system management. | 2014-09-18 |
20140281578 | SYSTEM AND METHOD FOR SECURE DATABASE QUERIES - Disclosed are a system and method of performing secure computations on a protected database. Embodiments of the method provide, in a secure processor, a database of cryptographically hashed values based on a database of cleartext values, receive a cryptographically hashed query value as input into the secure processor wherein the query value is a hash of a cleartext value that corresponds to a cleartext query, perform a comparison operation within the secure processor to determine the presence of the hashed query value within the database of cryptographically hashed values and provide the results of the comparison operation to an external interface of the secure processor, wherein the contents of the database of cryptographically hashed values and the comparison operations are encapsulated within the secure processor and unexposed externally therefrom. | 2014-09-18 |
20140281579 | Systems and Methods for Decrypting Digital Art and Imaging for Display of the Same - System and method for securing digital content comprising one or more display devices, each comprising a processing controller, a first memory, and a display screen, and configured to display digital content, an application, configured to run on a computer with a second memory and second processor, and configured to communicate via the internet with the processing controller of each display device, and a service cloud, comprising a server, a third memory, and a third processor, configured to store and manage digital content to be displayed on the display devices. The processing controller is configured to segment at least one digital content item into a plurality of segments, encrypt one or more of the segments, send a small portion of each of the encrypted segments to the third memory in the service cloud for storage, and store the remainder of the encrypted segments in the first memory. | 2014-09-18 |
20140281580 | REWARDING SYSTEM - An information processing method of convenience and an information processing system are disclosed. In some embodiments, the system includes acquiring a 1st attribute information from a person with a personal digital assistant that contains a 2nd attribute information; acquiring the 2nd attribute information from two or more personal digital assistants; comparing the acquired 1st attribute information with the acquired 2nd attribute information to form countervalue information; and storing the countervalue information in the personal digital assistant of the person from which the 1st attribute information was acquired. | 2014-09-18 |
20140281581 | Storage Device - A storage device includes a storage area and connected to a computer for causing a file system to operate. The file system causes a data area for storing contents of a plurality of files and a management area for managing the plurality of files to be secured in the storage area. The storage device includes the storage area; a file system monitor for detecting that the file system has performed an operation of erasing a file; and a controller for, when the file system monitor detects an operation of erasing the file, performing erasure or write to put an area corresponding to the erased file in the storage area into an unrecoverable state. | 2014-09-18 |
20140281582 | PROTECTING VISIBLE DATA DURING COMPUTERIZED PROCESS USAGE - Embodiments of the present invention provide an approach for protecting visible data during computerized process usage. Specifically, in a typical embodiment, when a computerized process is identified, a physical page key (PPK) is generated (e.g., a unique PPK may be generated for each page of data) and stored in at least one table. Based on the PPK a virtual page key (VPK) is generated and stored in at least one register. When the process is later implemented, and a request to access a set of data associated the process is received, it will be determined whether the VPK is valid (based on the PPK). Based on the results of this determination, a data access determination is made. | 2014-09-18 |
20140281583 | STORING ENCRYPTED CONTENTS IN DIGITAL ARCHIVES - A digital archive for storing encrypted content includes a header section and a body. The header section includes real headers, wherein at least a portion of each real headers is encrypted, and fake headers, wherein each of the fake headers is filled with cryptographically random bytes, wherein the fake headers are substantially more than the real headers. The body includes real contents, wherein at least a portion of each real content is encrypted, and fake contents in the rest of the body, wherein the fake content contains additional cryptographically random bytes, wherein the amount of the fake content is substantially greater than the amount of the real contents, wherein each of the real headers refers to a corresponding real content in the body and contains decryption information for the corresponding real content. | 2014-09-18 |
20140281584 | Apparatus And Method To Protect Digital Content - In an embodiment of the present invention, a processor includes content storage logic to parse digital content into portions and to cause each portion to be stored into a corresponding page of a memory. The processor also includes protection logic to receive a write instruction having a destination address within the memory, and if the destination address is associated with a memory location stores a portion of the digital content, erase the page associated with the memory location. If the destination address is associated with another memory location that does not store any of the digital content, the protection logic is to permit execution of the write instruction. Other embodiments are described and claimed. | 2014-09-18 |
20140281585 | COMPRESSION OF STATE INFORMATION FOR DATA TRANSFER OVER CLOUD-BASED NETWORKS - Aspects of the present disclosure describe systems and methods for compressing a set of RAM data that may have some portions duplicated in a set of ROM data. The ROM data may be divided into a plurality of data chunks and hashed to obtained unique key values. Then a second hash may be performed on the RAM to see if there are any RAM data chunks that match the ROM data chunks. RAM data chunks with matching key values are replaced with pointers to the location of the data in the ROM. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. | 2014-09-18 |
20140281586 | Systems and methods for secure access modules - Various embodiments of the invention provide a strong logical link between a SAM and a secure terminal to combat SAM counterfeiting and misuse. The link is based on mutual validation methods using firmware and cryptographic protocols. Once the SAM is removed from a terminal that it has been tied to, or the link is broken by a tampering attempt of a potential intruder, the SAM and/or the terminal are disabled. | 2014-09-18 |
20140281587 | SYSTEMS, METHODS AND APPARATUSES FOR USING A SECURE NON-VOLATILE STORAGE WITH A COMPUTER PROCESSOR - The systems, methods and apparatuses described herein provide a system for accessing data stored securely external of a computer processor. In one aspect, the computer processor may comprise a central processing unit (CPU) and a memory controller. The memory controller may comprise a storage to store a key, a first set of circuitry and a security module. The first set of circuitry may be configured to receive a request for a piece of data from the CPU, determine that the requested piece of data needs to be read from an external storage stored in a secured format and read the piece of data from the external storage in the secured format. The security module may be configured to perform at least one of authentication and decryption on the piece of data in the secured format using the key stored in the storage. | 2014-09-18 |
20140281588 | GENERATING EFFICIENT READS FOR A SYSTEM HAVING NON-VOLATILE MEMORY - Systems and methods are disclosed for generating efficient reads for a system having non-volatile memory (“NVM”). A read command can be separated by a host processor of the system into two phases: a) transmitting a command to a storage processor of the system, where the command is associated with one or more logical addresses, and b) generating data transfer information. The host processor can generate the data transfer information while the storage processor is processing the command from the host processor. Once the data transfer information has been generated and data has been read from the NVM, the data can be transferred. | 2014-09-18 |
20140281589 | SECURE DATABASE SEARCHING - Method and system for securely storing data in a database comprising: receiving data to be stored. Dividing the data into a plurality of elements. Encrypting each element of the plurality of elements with an encryption function. Combining the encrypted elements to form a data attribute. Storing the data attribute in the database. Method and system for searching a database having encrypted data attributes comprising: receiving a search term. Encrypting the search term with an encryption function. Searching a database for records having data attributes matching the encrypted search term. | 2014-09-18 |
20140281590 | BATTERY POWER MANAGEMENT FOR ELECTRONIC DEVICE - In one embodiment a controller comprises logic to receive a temperature indicator for an electronic device to be coupled to a first battery and implement a selected power management routine when a temperature parameter derived from the temperature indicator is below a threshold. Other embodiments may be described. | 2014-09-18 |
20140281591 | DYNAMIC RESPONSE IMPROVEMENT OF HYBRID POWER BOOST TECHNOLOGY - Methods and apparatus relating to improving dynamic response of hybrid power boost technology are described. In one embodiment, two or more levels of charger over-current are used for AC adapters/chargers during transition from charging (e.g., one or more battery packs) to boosting platform performance (e.g., by increasing the operating frequency of one or more processor cores of a processor). In another embodiment, an adapter's voltage level is used as a trigger for fast transition from charging to boosting. Other embodiments are also disclosed and claimed. | 2014-09-18 |
20140281592 | Global Efficient Application Power Management - A method, system and computer-readable medium for allocating power among computing resources are provided. The method calculates an activity level of a first computer resource. When the activity level is less than a threshold value, the method increases the power allocation to a second computing resource. When the activity level exceeds the threshold value, the method decreases the power allocation to the second computing resource. | 2014-09-18 |
20140281593 | Partitioned Switch Mode Power Supply (SMPS) Interface - A single-wire interface of an application processor that communicates with another single-wire interface of a power management unit (PMU) via a control signal line. The control signal line can be a single signal path. Further, the single-wire interfaces can communicate with each other only via the control signal line. The single-wire interfaces can be utilized for the communication of pulse width modulation (PWM) control signals, current sensing, and Zero-I detection. | 2014-09-18 |
20140281594 | APPLICATION PROCESSOR AND DRIVING METHOD - In a system including a power management integrated circuit (PMIC) and a memory device, an application processor obtains control information for a memory device, the control information defining in part at least a first power supply voltage and operating clock frequency for the memory device. A memory control unit (MCU) communicates a workload indication related to queued operation commands for the memory device to a digital voltage and frequency scaling (DVFS) controller, and the DVFS controller provides a power supply voltage command to the PMIC in response to the MCU workload indication and the control information. | 2014-09-18 |
20140281595 | CONTINUOUS POWER LEVELING OF A SYSTEM UNDER TEST - Power leveling a system under test (SUT). An input signal is provided at an initial power level to the SUT. Multiple iterations are performed, each including measuring, over a specified measuring interval, power of a signal produced by the SUT in response to the input signal, and dynamically adjusting the power of the input signal in response. The measuring interval is increased over the iterations, thereby increasing accuracy of the measuring over the iterations while converging the signal to a specified power level. An initial power leveling operation may be performed for the SUT to establish a specified power level, after which the SUT is tested, during which multiple power leveling operations are performed, each including measuring power of a signal from the SUT over a specified measuring interval, and adjusting the input signal in response, thereby maintaining the specified power level during the testing while correcting for thermal droop. | 2014-09-18 |
20140281596 | FREQUENCY ADJUSTMENT SYSTEM AND METHOD - A frequency adjustment system includes a phase-locked loop (PLL) circuit, an adjusting circuit, and a voltage regulator module (VRM). The PLL circuit outputs a trigger signal when a communication frequency of a chip changes. The adjusting circuit adjusts a clock frequency of the adjusting circuit to receive communication data. The adjusting circuit further outputs a control signal to the VRM. The VRM outputs a voltage according to the control signal. | 2014-09-18 |
20140281597 | COMMUNICATION AND CONTROL FOR POWERED DEVICES - A first device (such as a power supply) may detect a power anomaly and provide a warning to a second device that is powered by the first device. For example, if there are conditions indicating an increased likelihood of a power outage (e.g., a brownout period, one or more voltage spikes, etc.), then the first device may notify the second device, and in response, the second device may take protective action. Examples of protective action may include, but are not limited to, saving certain data (e.g., critical data) to non-volatile data storage, initiating a shut-down procedure, warning a user of the second device, etc. As the warning and/or other communications between the power supply and powered device may be wireless, various example techniques for wirelessly pairing the devices are also disclosed. | 2014-09-18 |
20140281598 | SYSTEM AND METHOD FOR IMPROVING ACCURACY OF MEASUREMENTS OF A NETWORK OF INTELLIGENT POWER DISTRIBUTION UNITS THROUGH TIME SYNCHRONIZATION - In an energy management system for a data center, intelligent power distribution units are synchronized by a time server. Measurements carried out by the intelligent power distribution units are commenced and stopped synchronously. Each intelligent power distribution unit carries out a calculation based upon the Unix Epoch Time of receipt of a sampling command from the energy management system. | 2014-09-18 |
20140281599 | NAND PAGE BUFFER BASED VOLATILE STATE STORE - Apparatus and methods of reducing power consumption in solid-state storage devices such as solid-state disks (SSDs) that can reduce idle power levels in an SSD, while maintaining low resume latency upon exiting a reduced power state. By arranging a storage controller and at least one NAND flash package of the SSD in separate power islands, storing context information for the SSD in at least one page buffer of NAND flash memory within the NAND flash package on one power island upon entering the reduced power state, and, once the context information is stored in the page buffer, allowing the NAND flash memory to enter a standby mode, placing the storage controller on the other power island in a predefined low power mode, and removing power from any unneeded components on the same power island as the storage controller, a scalable approach to reducing idle power levels in the SSD can be achieved. | 2014-09-18 |
20140281600 | APPARATUS AND METHOD TO PROVIDE NEAR ZERO POWER DEVSLP IN SATA DRIVES - Apparatus and methods of reducing power consumption in solid-state disks (SSDs) that can reduce power levels in SSDs below levels achievable in known SSD reduced power states. The apparatus is a power management subsystem operative to detect whether an SSD subsystem has been enabled to enter a reduced power state, and to receive a control signal from a host directing the power management subsystem to place the SSD subsystem in the reduced power state. In the event the SSD subsystem is enabled to enter the reduced power state and the host asserts the control signal, the power management subsystem effectively disconnects at least a portion of the SSD subsystem from the power rail. In the event power-up clear circuitry asserts a clear signal to the power management subsystem, or the host negates the control signal, the power management subsystem reestablishes the connection between the SSD subsystem and the power rail. | 2014-09-18 |
20140281601 | POWER BOUNDARY CELL OPERATION IN MULTIPLE POWER DOMAIN INTEGRATED CIRCUITS - Embodiments of an apparatus are disclosed that may allow for the isolation of power domains. The apparatus may include a first power switch, a second power switch, and a boundary switch. The first power switch may be coupled between a global power supply and a first local power supply, and the second power switch may be coupled between the global power supply and a second local power supply. The first and second power switches may open in response to first and second power down signals respectively. The boundary switch may be coupled between the first local power supply and the second local power supply and may be configured to open in response to an isolation signal. | 2014-09-18 |
20140281602 | Controlling Processor Consumption Using On-Off Keying Having A Maximum Off Time - In an embodiment, a processor includes a logic to cause at least one core to operate with a power control cycle including a plurality of on times and a plurality of off times according to an ON-OFF keying protocol, where the off times each correspond to a maximum off time for a platform including the processor. Other embodiments are described and claimed. | 2014-09-18 |
20140281603 | SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR ALLOWING A HEAD TO ENTER A REDUCED POWER MODE - A system, method, and computer program product are provided for allowing a head to enter a reduced power mode. A first processor having a first head is provided. Additionally, a second processor having a second head is provided. Furthermore, a link is provided, coupled between the first head of the first processor and the second head of the second processor for communicating first data therebetween. In operation, at least the second head of the second processor is capable of entering a reduced power mode. | 2014-09-18 |
20140281604 | Autonomous Power Sparing Storage - Power saving logic in a data storage system with multiple data storage devices is distributed from a central controller to each individual device. Power saving logic, including algorithms used to conserve power when the data storage device is not needed, are stored and executed on each individual data storage device. Hence, rather than implementing a power saving algorithm from a single central sever, each and every data storage system may carry out power saving techniques individually. This reduces the load on the central server and utilizes processing power available on data storage devices such as a disk drive. | 2014-09-18 |