公开(公告)号：US12212656B2

公开(公告)日：2025-01-28

申请号：US17237749

申请日：2021-04-22

Applicant: EMC IP Holding Company LLC

Inventor： Arieh Don ,  Tomer Shachar ,  Maxim Balin ,  Yevgeni Gehtman

IPC: H04L9/08 ,  G06F16/27 ,  G06F21/60

Abstract: Decrypting data at a first storage system that has been encrypted at a second, separate, storage system includes the first storage system requesting a key that decrypts the data from the second storage system, the second storage system determining if the first storage system is authorized for the key, the second storage system providing the key to the first storage system in response to the first storage system being authorized, a host that is coupled to the first storage system obtaining the key from the first storage system, and the host using the key to decrypt and access the data at the first storage system. The host and the first storage system may provide failover functionality for a system that includes the second storage system. The host may obtain the key from the first storage system in response to a failure of the system that includes the second storage system.

公开(公告)号：US11853417B2

公开(公告)日：2023-12-26

申请号：US17132001

申请日：2020-12-23

Applicant: EMC IP Holding Company LLC

Inventor： Maxim Balin ,  Tomer Shachar ,  Yevgeni Gehtman

IPC: G06F21/55 ,  G06F21/54 ,  G06F21/60

CPC classification number: G06F21/554 ,  G06F21/54 ,  G06F21/602

Abstract: Techniques are provided for hardware device integrity validation using platform configuration values. One method comprises obtaining platform configuration values associated with software of a hardware device; comparing the obtained platform configuration values for the hardware device to one or more platform configuration values stored in a platform configuration table; and performing one or more automated remedial actions (e.g., initiating a reboot of the hardware device) based on a result of the comparison. The platform configuration values for the hardware device may be obtained from a local platform configuration value table of the hardware device. The platform configuration values for the hardware device may be obtained by an integrity validation monitor associated with the hardware device, and the integrity validation monitor may send the obtained platform configuration values for the hardware device to an integrity validation server that securely stores the platform configuration table and performs the comparison.

公开(公告)号：US11487862B2

公开(公告)日：2022-11-01

申请号：US17151420

申请日：2021-01-18

Applicant: EMC IP Holding Company LLC

Inventor： Tomer Shachar ,  Yevgeni Gehtman ,  Maxim Balin ,  Or Herman Saffar

IPC: G06F7/04 ,  G06F12/00 ,  G06F12/14 ,  G06F13/00 ,  G06F17/30 ,  G11C7/00 ,  G06F21/40 ,  G06F21/57 ,  G06F9/4401 ,  G06F21/34 ,  G06F21/33 ,  G06F21/72

Abstract: Techniques are provided for basic input/output system (BIOS) protection using multi-factor authentication (MFA) based on digital identity values. One method comprises obtaining, by a BIOS of a hardware device, from a user device, (i) a request to access the BIOS, and (ii) a token based on a digital identity value for the user device; providing the token to an MFA chip on the hardware device, wherein the MFA chip evaluates the token and provides a verification result to the BIOS; and allowing the user device to access the BIOS based on the verification result. The digital identity value for the user device may be stored by the MFA chip during a fabrication of the MFA chip and/or a registration of the user device. The MFA chip may compare the digital identity value from the token received from the BIOS with the digital identity value for the user device stored by the MFA chip.

公开(公告)号：US20220229896A1

公开(公告)日：2022-07-21

申请号：US17151420

申请日：2021-01-18

Applicant: EMC IP Holding Company LLC

Inventor： Tomer Shachar ,  Yevgeni Gehtman ,  Maxim Balin ,  Or Herman Saffar

IPC: G06F21/40 ,  G06F21/57 ,  G06F21/72 ,  G06F21/34 ,  G06F21/33 ,  G06F9/4401

Abstract: Techniques are provided for basic input/output system (BIOS) protection using multi-factor authentication (MFA) based on digital identity values. One method comprises obtaining, by a BIOS of a hardware device, from a user device, (i) a request to access the BIOS, and (ii) a token based on a digital identity value for the user device; providing the token to an MFA chip on the hardware device, wherein the MFA chip evaluates the token and provides a verification result to the BIOS; and allowing the user device to access the BIOS based on the verification result. The digital identity value for the user device may be stored by the MFA chip during a fabrication of the MFA chip and/or a registration of the user device. The MFA chip may compare the digital identity value from the token received from the BIOS with the digital identity value for the user device stored by the MFA chip.

公开(公告)号：US20200349257A1

公开(公告)日：2020-11-05

申请号：US16400299

申请日：2019-05-01

Applicant: EMC IP Holding Company LLC

Inventor： Or Herman Saffar ,  Amihai Savir ,  Yevgeni Gehtman

IPC: G06F21/56 ,  G06N20/00 ,  G06N3/08 ,  G06N5/04

Abstract: Techniques are provided for detecting malicious software code embedded in image files, using machine learning. One method comprises obtaining metadata for an image file; applying the obtained metadata to at least one machine learning technique to classify the image file into at least one of a plurality of predefined classes, wherein the plurality of predefined classes comprises at least one malicious file class; and determining whether the image file comprises malicious software code based on the classification. The machine learning technique is trained using image files classified into at least one of the plurality of predefined classes. The machine learning technique employs a deep neural network and/or a convolutional neural network to classify the image file into the at least one predefined class.

公开(公告)号：US12147509B2

公开(公告)日：2024-11-19

申请号：US17210799

申请日：2021-03-24

Applicant: EMC IP Holding Company LLC

Inventor： Yevgeni Gehtman ,  Tomer Shachar ,  Maxim Balin

IPC: G06F21/00 ,  G06F21/12 ,  G06F21/44 ,  G06F21/64 ,  G06F21/71

Abstract: Techniques are provided for system protection using verification of software digital identity values. One method comprises obtaining a first software digital identity value for a system, wherein the first software digital identity value aggregates software identifiers of software components of the system at a first time; comparing a second software digital identity value to the first software digital identity value, wherein the second software digital identity value aggregates software identifiers of the plurality of software components of the system at a second time subsequent to the first time; and performing an automated remedial action based on a result of the comparison. The comparison may be performed: (i) when the system attempts to connect to a service over a network and/or (ii) when the system is installed, configured and/or activated at a remote location.

公开(公告)号：US12124595B2

公开(公告)日：2024-10-22

申请号：US17181655

申请日：2021-02-22

Applicant: EMC IP Holding Company LLC

Inventor： Yevgeni Gehtman ,  Tomer Shachar ,  Maxim Balin

IPC: G06F21/62 ,  G06F21/10 ,  G06F21/64 ,  G06F21/56 ,  G06F21/78

CPC classification number: G06F21/6218 ,  G06F21/10 ,  G06F21/64 ,  G06F21/561 ,  G06F21/78 ,  G06F2221/2107

Abstract: At a first time, a system identifies a set of data files which are stored in a part of a data storage system. At a second time, the system identifies each newly encoded data file based on identifying each data file in the set of data files which is encoded and created and/or updated since the first time. The system identifies each compressed data file based on identifying each newly encoded data file which is reduced in size since the first time. The system determines a file compression success rate based on a total count of each compressed data file relative to a total count of each newly encoded data file. If the system determines that the file compression success rate does not satisfy the file compression success rate threshold, the system outputs an alert about an unauthorized encryption in the data storage system.

公开(公告)号：US20230034530A1

公开(公告)日：2023-02-02

申请号：US17387046

申请日：2021-07-28

Applicant: EMC IP Holding Company LLC

Inventor： Yevgeni Gehtman ,  Tomer Shachar ,  Maxim Balin

IPC: G06F21/62 ,  G06F21/60 ,  G06F21/64 ,  G06F21/31

Abstract: Data protection techniques are provided that use encryption and inserted execution code. One method comprises obtaining, by a user device, a request from a user to access data, wherein the requested data comprises (i) an environment-based signature indicating an environment where the data can be accessed and (ii) execution code that interacts with a data protection agent; in response to the request to access the data: determining whether the user device comprises a data protection agent; and providing, via the data protection agent, the requested data based on an evaluation of an environment-based signature generated by the data protection agent relative to the environment-based signature included in the requested data. The requested data may be created by a given data protection agent that generates the environment-based signature using identifiers of hardware elements, software elements and/or network elements associated with a device that executes the given data protection agent.

公开(公告)号：US20220382837A1

公开(公告)日：2022-12-01

申请号：US17332115

申请日：2021-05-27

Applicant: EMC IP Holding Company LLC

Inventor： Tomer Shachar ,  Yevgeni Gehtman ,  Maxim Balin

IPC: G06F21/31 ,  G06N20/00 ,  H04L29/06

Abstract: Techniques are provided for access control using user behavior profiles and storage system-based multi-factor authentication. One method comprises obtaining a behavior profile for a user; obtaining an input/output request from the user; determining whether the input/output request exhibits anomalous user behavior relative to the behavior profile; initiating a multi-factor authentication of the user in response to the input/output request exhibiting anomalous user behavior to obtain a verification result; and processing the input/output request based at least in part on the verification result. The behavior profile for the user may be obtained by obtaining behavioral information from the user and/or monitoring a plurality of input/output requests of the user to learn at least a portion of the behavior profile for the user. The multi-factor authentication may comprise an out-of-band authorization request (e.g., to approve the input/output request) sent to a user associated with the input/output request.

公开(公告)号：US11461467B2

公开(公告)日：2022-10-04

申请号：US16400299

申请日：2019-05-01

Applicant: EMC IP Holding Company LLC

Inventor： Or Herman Saffar ,  Amihai Savir ,  Yevgeni Gehtman

IPC: G06F21/56 ,  G06N3/08 ,  G06N5/04 ,  G06N20/00

Abstract: Techniques are provided for detecting malicious software code embedded in image files, using machine learning. One method comprises obtaining metadata for an image file; applying the obtained metadata to at least one machine learning technique to classify the image file into at least one of a plurality of predefined classes, wherein the plurality of predefined classes comprises at least one malicious file class; and determining whether the image file comprises malicious software code based on the classification. The machine learning technique can be trained using image files classified into at least one of the plurality of predefined classes. The machine learning technique may employ a deep neural network and/or a convolutional neural network to classify the image file into the at least one predefined class.