公开(公告)号：US20160253520A1

公开(公告)日：2016-09-01

申请号：US15054699

申请日：2016-02-26

Applicant: Samsung Electronics Co., Ltd.

Inventor： Kwanghwan MOON ,  Peng NING ,  Ken CHEN ,  Sangwoo RYU ,  SJ OH ,  Sami ORAVA ,  KyungBae PARK

IPC: G06F21/62 ,  G06F9/54 ,  H04L9/08 ,  G06F21/72 ,  G06F21/44

CPC classification number: G06F9/545 ,  G06F21/44 ,  G06F21/602 ,  G06F21/6281 ,  G06F21/72 ,  G06F21/73 ,  H04L9/0819 ,  H04L9/088 ,  H04L9/0894 ,  H04L2209/80

Abstract: An apparatus and a method for encrypting and decrypting data in a device are provided. The apparatus includes a processor and a memory. The processor is configured to transmit a data command from an application to an encryption driver that executes in a kernel space, determine if the application is authenticated to perform the data command based on an access policy, transmit, when the application is authenticated, a first key to a cryptographic library that executes in an application space, and perform the data command based on the first key after receiving a response via the cryptographic library. The first key is stored in an encryption driver in the kernel space and is not available to applications in the application space.

Abstract translation: 提供了一种用于加密和解密设备中的数据的装置和方法。 该装置包括处理器和存储器。 处理器被配置为将数据命令从应用程序发送到在内核空间中执行的加密驱动程序，基于访问策略确定应用程序是否被认证以执行数据命令，当应用程序被认证时，发送第一 在应用空间中执行的加密库的密钥，以及在经由加密库接收到响应之后，基于第一密钥执行数据命令。 第一个密钥存储在内核空间中的加密驱动程序中，不适用于应用程序空间中的应用程序。

公开(公告)号：US20150220455A1

公开(公告)日：2015-08-06

申请号：US14610423

申请日：2015-01-30

Applicant: Samsung Electronics Co., Ltd.

Inventor： Quan CHEN ,  Ahmed AZAB ,  Peng NING ,  Guruprasad GANESH

IPC: G06F12/14

CPC classification number: G06F12/1408 ,  G06F12/1416 ,  G06F12/1466 ,  G06F12/1483 ,  G06F21/53 ,  G06F21/6281 ,  G06F21/64 ,  G06F2212/1052

Abstract: An apparatus and method for protecting kernel data integrity in an electronic device are provided. The method includes mapping a specified type of data to a read-only memory area, detecting a write attempt to the specified type of data, determining whether a process attempting to write to the specified type of data is permitted according to a specified condition, and allowing the write attempt if the process attempting to write to the specified type of data satisfies the specified condition.

Abstract translation: 提供了一种用于保护电子设备中的内核数据完整性的装置和方法。 该方法包括将指定类型的数据映射到只读存储器区域，检测对指定类型的数据的写入尝试，确定是否根据指定条件允许尝试写入指定类型的数据的进程;以及 如果尝试写入指定类型的数据的进程满足指定条件，则允许写入尝试。

公开(公告)号：US20170041290A1

公开(公告)日：2017-02-09

申请号：US15048531

申请日：2016-02-19

Applicant: Samsung Electronics Co., Ltd.

Inventor： Peng NING ,  Stephen E. MCLAUGHLIN ,  Michael C. GRACE ,  Ahmed M. AZAB ,  Rohan BHUTKAR ,  Wenbo SHEN ,  Xun CHEN ,  Yong CHOI ,  Ken CHEN

IPC: H04L29/06 ,  G07C5/08 ,  H04W12/10 ,  G06F13/40 ,  H04L9/32 ,  G07C5/02 ,  G06F13/10

CPC classification number: H04L63/0209 ,  G06F13/102 ,  G06F13/4068 ,  G07C5/008 ,  G07C5/02 ,  G07C5/08 ,  H04L9/3247 ,  H04L63/0823 ,  H04L63/101 ,  H04L67/12 ,  H04W12/08 ,  H04W12/10

Abstract: An apparatus and method of an attachment device for interfacing with an on-board diagnostic system of a vehicle is provided. The device includes an application processor configured to receive input from a terminal, control processing of the input by the on-board diagnostic system, transmit a result of the processing of the input by the on-board diagnostic system to the terminal, and a secure element interposed in the communication path between the application processor and the on-board diagnostic system, the secure element configured to filter the input of an on-board diagnostic operation that is untrusted.

Abstract translation: 提供了一种用于与车载车载诊断系统进行接口的附接装置的装置和方法。 该设备包括：应用处理器，被配置为从终端接收输入，对车载诊断系统的输入进行控制处理，将车载诊断系统的输入处理结果发送到终端;以及安全 插入在应用处理器和车载诊断系统之间的通信路径中的元件，安全元件被配置为过滤不可信任的车载诊断操作的输入。

公开(公告)号：US20160307199A1

公开(公告)日：2016-10-20

申请号：US14962365

申请日：2015-12-08

Applicant: Samsung Electronics Co., Ltd.

Inventor： Kunal M. PATEL ,  Abraham J. KANG ,  Bulent KASMAN ,  Peng NING ,  Michael C. GRACE

IPC: G06Q20/40 ,  G06Q20/32

Abstract: A user device comprising: i) transmit path circuitry and receive path circuitry configured to communicate with a payment server; and ii) processing circuitry configured to control the transmit path circuitry and receive path circuitry. The processing circuitry is further configured to: a) receive a user input related to a payment process; b) calculate a risk score indicative of a likelihood of fraudulent activity associated with the payment process, wherein the risk score calculation is based on confidential information associated with the user that is stored on the user device; and c) transmit to the payment server a payment action and the risk score associated with the payment action without disclosing the confidential information. The confidential information comprises personally identifiable information and/or private information of the user. The processing circuitry calculates the risk score using a risk base model received from a model server.

Abstract translation: 一种用户设备，包括：i）发送路径电路和配置成与支付服务器进行通信的接收路径电路; 以及ii）被配置为控制所述发射路径电路和接收路径电路的处理电路。 处理电路还被配置为：a）接收与支付过程相关的用户输入; b）计算指示与所述支付过程相关联的欺诈活动的可能性的风险分数，其中所述风险分数计算基于与所述用户相关联的存储在所述用户设备上的机密信息; 以及c）向所述支付服务器发送支付操作和与所述支付操作相关联的所述风险分数而不公开所述机密信息。 机密信息包括用户的个人身份信息和/或私人信息。 处理电路使用从模型服务器接收的风险基础模型来计算风险分数。

公开(公告)号：US20150242622A1

公开(公告)日：2015-08-27

申请号：US14555950

申请日：2014-11-28

Applicant: Samsung Electronics Co., Ltd.

Inventor： Jinlin XU ,  Haiqing JIANG ,  Dingbang XU ,  Renuka SRINIVASAN ,  Xinwen ZHANG ,  Peng NING

IPC: G06F21/53

CPC classification number: G06F21/53 ,  G06F9/445 ,  G06F9/44505

Abstract: An apparatus and method for generating an application container are provided. The method includes selecting a target application from among a plurality of applications included in an electronic device, acquiring a policy file corresponding to the target application, determining whether the policy file includes a category of the target application, and executing the application container which includes the target application.

Abstract translation: 提供了一种用于生成应用容器的设备和方法。 该方法包括从包括在电子设备中的多个应用程序中选择目标应用程序，获取与目标应用程序相对应的策略文件，确定策略文件是否包括目标应用程序的类别，以及执行包括 目标应用。

公开(公告)号：US20150150127A1

公开(公告)日：2015-05-28

申请号：US14536940

申请日：2014-11-10

Applicant: Samsung Electronics Co., Ltd.

Inventor： Peng NING ,  Moo-Young KIM ,  Min-Jung KIM

IPC: G06F21/57

CPC classification number: G06F21/57

Abstract: Disclosed herein are techniques for verifying the integrity of an electronic device. A normal world virtual processor and a secure world virtual processor are instantiated. An integrity verification agent is executed by the secure world virtual processor. A kernel operation attempted by the normal world virtual processor is intercepted by the secure world virtual processor.

Abstract translation: 这里公开了用于验证电子设备的完整性的技术。 正常世界虚拟处理器和安全世界虚拟处理器被实例化。 完整性验证代理由安全世界虚拟处理器执行。 正常世界虚拟处理器尝试的内核操作由安全世界虚拟处理器拦截。

公开(公告)号：US20150019856A1

公开(公告)日：2015-01-15

申请号：US14331935

申请日：2014-07-15

Applicant: Samsung Electronics Co., Ltd.

Inventor： Youngjip KIM ,  Peng NING ,  Mooyoung KIM ,  Siejoon CHO ,  Dongho JANG

IPC: G06F21/57

CPC classification number: G06F21/575 ,  G06F8/60

Abstract: A method and electronic device for executing secure download and security function is provided. The method includes storing a unique identifier (ID) of the electronic device, receiving a binary update request, determining whether the stored unique ID matches a unique ID signed to the binary, and downloading the binary depending on whether the unique IDs match.

Abstract translation: 提供了一种用于执行安全下载和安全功能的方法和电子设备。 该方法包括存储电子设备的唯一标识符（ID），接收二进制更新请求，确定所存储的唯一ID是否与签名到二进制文件的唯一ID相匹配，以及根据唯一ID是否匹配来下载二进制文件。

公开(公告)号：US20140181498A1

公开(公告)日：2014-06-26

申请号：US14138810

申请日：2013-12-23

Applicant: Samsung Electronics Co., Ltd.

Inventor： Injong RHEE ,  Peng NING ,  Youngkyoo KIM ,  Youngjip KIM ,  Dongho JANG ,  Siejoon CHO

IPC: G06F21/57

CPC classification number: G06F21/575 ,  G06F21/57 ,  G06F21/64 ,  H04W88/02

Abstract: A method for supporting change of the authentication means for secure booting with the change of the trust root (root of trust) of the readymade electronic device and the electronic device therefor is provided. The secure boot generation method of an electronic device of the present disclosure includes storing plural initial certificates including a first initial certificate and a second initial certificate, designating the first initial certificate as a root certificate for secure booting of the electronic device, and switching the initial certificate from the first initial certificate to the second initial certificate in response to a request. Various other embodiments are possible.

Abstract translation: 提供了一种用于随着现有电子设备及其电子设备的信任根（信任根）的改变来支持用于安全引导的认证装置的更改的方法。 本公开的电子设备的安全引导生成方法包括存储包括第一初始证书和第二初始证书的多个初始证书，指定第一初始证书作为电子设备的安全引导的根证书，以及切换初始 证书从第一个初始证书到第二个初始证书，以响应请求。 各种其他实施例是可能的。

公开(公告)号：US20170098070A1

公开(公告)日：2017-04-06

申请号：US15048534

申请日：2016-02-19

Applicant: Samsung Electronics Co., Ltd.

Inventor： Peng NING ,  Stephen E. MCLAUGHLIN ,  Michael C. GRACE ,  Ahmed M. AZAB ,  Rohan BHUTKAR ,  Wenbo SHEN ,  Xun CHEN ,  Yong CHOI ,  Ken CHEN

IPC: G06F21/51 ,  G06F21/60

CPC classification number: G06F21/51 ,  G06F21/57 ,  G06F21/602 ,  G06F21/64 ,  G06F21/85 ,  G06F2221/034 ,  G07C5/0808

Abstract: An apparatus and method of a hardware isolated secure element protecting a plurality of mission critical subsystems are provided. The method includes performing an actuation operation received across an unsecure path that modifies the state of a mission critical subsystem, performing a diagnostic operation received across the unsecure path that requests state information of the mission critical subsystem, storing information used to determine which of the diagnostic operation and the actuation operation received across the unsecure path are performed, and flashing an execution image of an electronic control unit when the execution image of the electronic control unit is received across the unsecure path.

公开(公告)号：US20170083604A1

公开(公告)日：2017-03-23

申请号：US15053250

申请日：2016-02-25

Applicant: Samsung Electronics Co., Ltd.

Inventor： Abdul SYED-EBRAHIM ,  Peng NING ,  Ken CHEN

IPC: G06F17/30

CPC classification number: G06F21/6227 ,  G06F16/245 ,  G06F2221/2107

Abstract: An apparatus and method for operating a relational database (DB) are provided. The method includes determining a sensitivity classification for a column of a table in the DB, performing encryption, using a data encryption key (DEK), of sensitive data when writing the sensitive data to the column determined to be sensitive, performing decryption, using the DEK, of the encrypted sensitive data when reading the sensitive data from the column determined to be sensitive, and performing writing to the column and reading from the column of unencrypted non-sensitive data when the column is determined to be non-sensitive.