公开(公告)号：US20180107834A1

公开(公告)日：2018-04-19

申请号：US15670848

申请日：2017-08-07

Applicant: Commvault Systems, Inc.

Inventor： Andrei Erofeev ,  Rahul S. Pawar

IPC: G06F21/62 ,  G06F11/14 ,  G06F21/60 ,  H04L9/08 ,  H04L9/14

CPC classification number: G06F21/6218 ,  G06F11/1402 ,  G06F11/1458 ,  G06F21/60 ,  G06F21/602 ,  G06F21/62 ,  G06F21/6209 ,  G06F21/70 ,  G06F21/78 ,  G06F2201/84 ,  G06F2221/2107 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/0897 ,  H04L9/14

Abstract: A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.

公开(公告)号：US20180089794A1

公开(公告)日：2018-03-29

申请号：US15275257

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Harshavardhan P. Gopalakrishnan ,  Dean P. Macri ,  Dwarakanath Rajagopal

IPC: G06T1/60 ,  G06T1/20

CPC classification number: G06T1/60 ,  G06F9/455 ,  G06F12/14 ,  G06F21/62 ,  G06F21/78 ,  G06F2009/45583 ,  G06T1/20 ,  G06T2200/28

Abstract: The embodiments disclosed herein relate to the field of graphics processing and, without limitation, the use of hardware and software in the memory layout of graphics items to prevent the malicious use of graphics resources. In greater particularity, embodiments of the disclosure provide varying software and hardware arrangements for transforming an allocated resource address that is deterministic and often visible to software in the system into an effective address that is neither deterministic nor visible to most software. For example, in an embodiment of the disclosure, software in the user-space of the operating system may use allocated addresses to map certain graphics resources for GPU access. When those allocated addresses are presented to the kernel, the addresses are transformed to effective addresses, which may be both randomized (e.g., not easily predictable from the allocated address) and/or obscured from the user space processes.

公开(公告)号：US20180089468A1

公开(公告)日：2018-03-29

申请号：US15274217

申请日：2016-09-23

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Mona Vij ,  Somnath Chakrabarti

IPC: G06F21/78 ,  G06F9/30 ,  G06F21/62 ,  G06F21/57

CPC classification number: G06F21/78 ,  G06F9/30145 ,  G06F21/57 ,  G06F21/6245

Abstract: A method performed by a processor of an aspect includes accessing an encrypted copy of a protected container page stored in a regular memory. A determination is made whether the protected container page was live stored out, while able to remain useable in, protected container memory. The method also includes either performing a given security check, before determining to store the protected container page to a destination page in a first protected container memory, if it was determined that the protected container page was live stored out, or not performing the given security check, if it was determined that the protected container page was not live stored out. Other methods, as well as processors, computer systems, and machine-readable medium providing instructions are also disclosed.

公开(公告)号：US20180089109A1

公开(公告)日：2018-03-29

申请号：US15706502

申请日：2017-09-15

Applicant: COMMISSARIAT A L'ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES

Inventor： Kostyantyn VOROBYOV ,  Nikolay KOSMATOV ,  Julien SIGNOLES

IPC: G06F12/14 ,  G06F11/36

CPC classification number: G06F12/1458 ,  G06F11/3636 ,  G06F11/3644 ,  G06F12/023 ,  G06F12/1416 ,  G06F12/1441 ,  G06F21/52 ,  G06F21/78 ,  G06F2212/1052

Abstract: A computer-implemented method for encoding an application memory that a program, executed on a computer, has access to, using a shadow memory corresponding to the application memory, the method comprises: creating and initializing a shadow memory divided into segments, each segment in the application memory being mapped to a corresponding segment in the shadow memory, for each memory block in the application memory that the program allocates, encoding a corresponding shadow memory block, in the shadow memory, by: defining a meta segment preceding the first segment of the memory block in the application memory, and a corresponding shadow meta segment in the shadow memory block, writing in the shadow meta segment a first value indicative of the size of the memory block, writing, in each subsequent segment of the shadow memory block, a second value indicative of the offset between the segment and the first segment of the shadow memory block.

公开(公告)号：US09928386B1

公开(公告)日：2018-03-27

申请号：US14733831

申请日：2015-06-08

Applicant: Amazon Technologies, Inc.

Inventor： Brock Robert Gardner ,  Michael Phillip Czamara

IPC: G06F21/00 ,  G06F21/78 ,  G06F21/75 ,  G06F21/88 ,  G06F21/87

CPC classification number: G06F21/78 ,  G06F21/75 ,  G06F21/87 ,  G06F21/88 ,  G06F2221/2143

Abstract: A storage device of a data center may protect data stored on a storage medium of the storage device using a data security mechanism. The data security mechanism may include a signal generator configured to generate a proximity signal and one or more storage devices including a storage medium, a proximity detection component and a destruction device. The proximity detection component may be configured to detect the proximity signal and to determine whether the storage device has been removed from an assigned location. The storage destruction mechanism may be configured to destroy at least a portion of the data stored on the storage device in response to the proximity detection component detecting that the storage device has been removed from the assigned location.

公开(公告)号：US09928359B1

公开(公告)日：2018-03-27

申请号：US14800579

申请日：2015-07-15

Applicant: Security Together Corporation

Inventor： Anthony Joseph Vargas ,  Christopher Robert Sharpe ,  Hollis Ann Johnson

IPC: G06F21/00 ,  G06F21/42 ,  H04L29/06 ,  G06F21/78 ,  G06F21/71 ,  G06F21/50

CPC classification number: G06F21/42 ,  G06F21/50 ,  G06F21/71 ,  G06F21/78 ,  H04L63/1441 ,  H04L63/308

Abstract: Described are architectures, systems, processes and methods for security that, at their core, are adaptive and changing at determined intervals so as to present a different environment, a portion of which is a varied attack surface, to the communications world exterior to the system. In one aspect is described improved security architecture, system and methods based upon multiple processors, operating systems and communication channels, in which at least some processors each perform as an input system connectable to a network, and are dissimilar in some manner, the manner of dissimilarity being controlled by a control system that is not connected to the network. Additionally in this aspect, an execution system is included which performs execution based upon received inputs to the input system, which are passed to the execution system once validated as being safe and not compromised.

公开(公告)号：US20180083932A1

公开(公告)日：2018-03-22

申请号：US15267403

申请日：2016-09-16

Applicant: BANK OF AMERICA CORPORATION

Inventor： Amanda J. Adams

IPC: H04L29/06 ,  G06F12/14 ,  H04W12/04 ,  H04W12/06

CPC classification number: H04L63/0435 ,  G06F12/1408 ,  G06F21/34 ,  G06F21/78 ,  G06F2212/1052 ,  H04L9/0836 ,  H04L9/0897 ,  H04L9/3234 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0815 ,  H04L2209/38 ,  H04W12/04 ,  H04W12/06

Abstract: The invention provides for systems and devices for hardened remote storage of private cryptography keys used for authentication. The storage device is tamper-responsive, such that receipt of a signal that indicates physical or non-physical tampering with the storage device or its components results in deletion of the private cryptography key(s) from the memory. The storage device is configured to be separate and remote from a computing node that executes an authentication routine requiring the private cryptography key(s) and, as such, the private cryptography key(s) are accessible to, but not communicated to, the computing node only when the computing node is executing the authentication routine.

公开(公告)号：US20180075261A1

公开(公告)日：2018-03-15

申请号：US15263886

申请日：2016-09-13

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Kohichi Kamijoh ,  Seiji Munetoh

IPC: G06F21/78 ,  G06F21/62

CPC classification number: G06F21/78 ,  G06F21/62

Abstract: A computer implemented method for managing a content processed by a device includes: enabling a first content to be written to the device, the first content having been obtained using a first encrypted content and a device key in the device, the first encrypted content having been obtained using the first content and the device key outside the device, the device key being unique to the device and set in the device. The method further enables a second content to be read from the device, the second content having been obtained using a second encrypted content and the device key outside the device, the second encrypted content having been obtained using the second content and the device key in the device, the second content having been obtained using the first content in the device.

公开(公告)号：US09912642B1

公开(公告)日：2018-03-06

申请号：US14796951

申请日：2015-07-10

Applicant: Erik L. Eidt

Inventor： Erik L. Eidt

IPC: G06F7/04 ,  H04L29/06

CPC classification number: H04L67/1097 ,  G06F21/6218 ,  G06F21/78 ,  H04L63/10 ,  H04L63/20

Abstract: A secure electronic storage system includes an authentication gateway, a user/system interface coupled to the authentication gateway, a secure digital storage including a plurality of memory blocks (Containers) that store at least one information resource (Fact), wherein a target Container can only be accessed by a Fact comprising a valid authorization path (Authorization), and a memory controller coupling the user/system interface to the secure digital storage. In a non-limiting example embodiment, the memory controller is operative to: (a) manage the creation, sharing and unsharing of Containers; and (b) determine if a request to access a target Container includes a valid Authorization for that Container.

公开(公告)号：US20180060126A1

公开(公告)日：2018-03-01

申请号：US15811718

申请日：2017-11-14

Applicant: International Business Machines Corporation

Inventor： DALE F. RIEDY ,  ANTHONY T. SOFIA ,  BRAD D. STILWELL

IPC: G06F9/50 ,  G06F21/78

CPC classification number: G06F9/5005 ,  G06F9/5016 ,  G06F21/554 ,  G06F21/78

Abstract: Embodiments include method, systems and computer program products for resource management of untrusted programs. In some embodiments, a first request to process an asynchronous event by an untrusted application may be received. The first request may include a host memory address. A counter may be incremented in response to receiving the first request. A device memory address may be retrieved from a device translation table using the host memory address. Processing the first request by a device using the device memory address may be facilitated. A second request to unregister the host memory address may be received. The counter may be determined to be non-zero. An action may be implemented in response to determining that the counter is non-zero.