Patent application number | Description | Published |
20130007881 | System and Method for Dynamic, Variably-Timed Operation Paths as a Resistance to Side Channel and Repeated Invocation Attacks - A system and method for constructing variably-timed operation paths and applying those paths to any algorithm. In particular, the system and method may be applied to cryptography algorithms as a means to resist side-channel, repeated invocation, and any similar attacks based on the physical characteristics of a system for a given software implementation. The method has the benefit of being generally applicable to any algorithm and has the ability to constrain performance to known timing windows. | 01-03-2013 |
20130014274 | System and Method for Encapsulating and Enabling Protection Through Diverse Variations in Software Libraries - A flexible software library in which the software modules are defined as an abstract intermediate representation. The flexible library allows security transformation and performance attribute selections to be made by the end-user, rather than the library creator. Furthermore, since the flexible library contains an abstract representation of the software modules, the library can also be provisioned to contain an arbitrary number of named instances, representing specific sets of values for security and performance decisions, along with the corresponding native object-code resulting from those decisions. This permits distribution of software modules in a completely platform-independent manner while avoiding the disclosure of proprietary information, such as source-files. | 01-10-2013 |
20130014275 | Method For Linking and Loading to Protect Applications - A linker or loader, and associated method, is described, whereby the application of security transformations to object-code modules can be deferred until link or load-time, through, for example, memory relocation, selection from diverse instances of a module, and late-binding of constants. This provides several benefits over conventional source-to-source security transformations. These deferred security transformations can be applied in a very light-weight manner and create many opportunities for diversity in the resulting executable program, enhancing security, while at the same time minimizing the impact on execution performance and correctness, and reducing the complexity of debugging. | 01-10-2013 |
20130125090 | System and Method for Efficiently Deploying Massively Diverse Program Instances to Resist Differential Attacks - A system and method for producing a massive number of diverse program instances so as to deter differential attacks, collusion, and similar hostile actions. Code portions are shown to be defined in various manners, instantiated, and aggregated. The system and method establishes a very large number of program instances that may be deployed. Furthermore, testing is accomplished over a minimal set of instances to provide for high test coverage and high confidence over the fully deployed instance set without incurring a high testing penalty. | 05-16-2013 |
20140006803 | System And Method For Securely Binding And Node-Locking Program Execution To A Trusted Signature Authority | 01-02-2014 |
20140013427 | System And Method Providing Dependency Networks Throughout Applications For Attack Resistance - A method and system is provided to automatically propagate dependencies from one part of a software application to another previously unrelated part. Propagation of essential code functionality and data to other parts of the program serves to augment common arithmetic functions with Mixed Boolean Arithmetic (MBA) formulae that are bound to pre-existing parts of the program. A software application is first analyzed on a compiler level to determine the program properties which hold in the program. Thereafter, conditions are constructed based on these properties and encoded in formulae that encode the condition in data and operations. Real dependencies throughout the application are therefore created such that if a dependency is broken the program will no longer function correctly. | 01-09-2014 |
20150113518 | UPDATING SOFTWARE COMPONENTS - A method and system for renewing software at the component-level is provided. A client program includes a base component for loading a software component into at least one loadable region of the program to update the program. Code in the software component is for writing state data associating the state of the update in storage, upon execution of the software component, and testing the state data to verify condition of the updated program and disallowing rollback and roll-forward attacks, the state data comprising hash chain values. The state data for verifying the correctness of the updated program is entangled with application data used for the program functionality. A server includes: an update pool having a plurality of software updates deployed in each client, and a policy control for monitoring and controlling at least one of: the length of time the client runs until the software update is invoked, a chain of the updates; and the granularity of the update. | 04-23-2015 |
20150113640 | METHOD AND APPARATUS FOR PROGRAM FLOW IN SOFTWARE OPERATION - The present disclosure provides a description of a computer implemented method and system for protecting a software program from attack during runtime. The system comprises a plurality of software blocks for providing desired functions during execution of a software program and a trusted address server having a table for mapping predetermined source tokens to destination tokens. The trusted address server couples each of the plurality of software blocks for receipt of predetermined source tokens from any one of the plurality of software blocks, while returning a mapped destination token from the predetermined destination tokens to said any one of the plurality of software blocks in dependence upon the table for mapping predetermined source tokens to destination tokens. | 04-23-2015 |
20150324590 | METHOD FOR PROTECTING DATA - In the present disclosure, a hash function is computed over a known image, for example, an address range in a program. The result of the hash function is known to be the same at two distinct points in time, before the program is run, i.e. signing at build-time, and during the running of the program, i.e. run time. The value that the programmer wishes to hide, i.e. the secret value, is also known at build-time. At build-time, the secret value is combined with the hash in such a way that the combining operation can be reversed at run time. This combined value, i.e. the salt, is stored along with the program. Later, at runtime, the program computes the same hash value as was computed at signing time, and does the reverse combining operation in order to reveal the secret value. | 11-12-2015 |
Patent application number | Description | Published |
20110232767 | MULTI-FUNCTION UNIT FOR THE OFFSHORE TRANSFER OF HYDROCARBONS - A hydrocarbon transfer arrangement for transfer of fluids between an offshore unit and a carrier which are placed in an offloading configuration, includes at least one transfer hose and a gas return hose, wherein the end of the at least one transfer hose is connected to a floating multi-function unit allowing for the transport of the transfer hose between the offshore unit and the carrier, wherein the floating multi-function unit can be lifted out of the water and can be held in a fixed position above water-level and is provided with connection elements for making a fluid connection between the transfer hose end and a manifold of the carrier and with emergency disconnect elements for the at least one transfer hose, placed at a distance from the connection elements. | 09-29-2011 |
20120055388 | 2 STEP CAM MOORING SYSTEM - A mooring system includes a vessel and a elongate mooring column having an upper end connected to an arm on the vessel projecting from the vessel bow and a lower end connected to the sea bed via anchor lines, characterized in that the arm is pivotable around a transverse axis. | 03-08-2012 |
20120183357 | VERTICAL OFFSHORE FLEXIBLE PIPELINE ASSEMBLY - Offshore deployment device for an installation vessel with a deck to deploy a hydrocarbon transfer pipe composed of several pipe segments, the device comprising a trolley hoist lifting means, installed in a tower to lift a pipe segment from an horizontal position into a vertical position, an assembly platform, where a segment is connected to a previously launched transfer pipe string, the assembly platform being provided with a clamping device that is supported on the installation vessel and adapted to support the weight of the previously launched pipe string during assembling, characterized in that the hydrocarbon transfer pipe is a flexible hose string composed of several flexible hose segments, the flexible hose string being guided from a vertical position into an inclined or a horizontal position via a hose string guide element which is placed under the assembly platform. | 07-19-2012 |
20140027008 | MULTI-FUNCTION UNIT FOR THE OFFSHORE TRANSFER OF HYDROCARBONS - A hydrocarbon transfer arrangement for transfer of fluids between an offshore unit and a carrier which are placed in an offloading configuration, includes at least one transfer hose and a gas return hose, wherein the end of the at least one transfer hose is connected to a floating multi-function unit allowing for the transport of the transfer hose between the offshore unit and the carrier, wherein the floating multi-function unit can be lifted out of the water and can be held in a fixed position above water-level and is provided with connection elements for making a fluid connection between the transfer hose end and a manifold of the carrier and with emergency disconnect elements for the at least one transfer hose, placed at a distance from the connection elements. | 01-30-2014 |
20140090750 | MULTI-FUNCTION UNIT FOR THE OFFSHORE TRANSFER OF HYDROCARBONS - A hydrocarbon transfer arrangement for transfer of fluids between an offshore unit and a carrier which are placed in an offloading configuration, includes at least one transfer hose and a gas return hose, wherein the end of the at least one transfer hose is connected to a floating multi-function unit allowing for the transport of the transfer hose between the offshore unit and the carrier, wherein the floating multi-function unit can be lifted out of the water and can be held in a fixed position above water-level and is provided with connection elements for making a fluid connection between the transfer hose end and a manifold of the carrier and with emergency disconnect elements for the at least one transfer hose, placed at a distance from the connection elements. | 04-03-2014 |