公开(公告)号：US09984255B2

公开(公告)日：2018-05-29

申请号：US14683658

申请日：2015-04-10

Applicant: Samsung Electronics Co., Ltd.

Inventor： Jitesh Shah ,  Song Wei ,  Ahmed Azab ,  Xun Chen ,  Peng Ning ,  Wenbo Shen ,  Michael Grace

IPC: G06F21/64 ,  G06F21/74 ,  H04L9/32 ,  H04L29/06 ,  H04W4/00

CPC classification number: G06F21/64 ,  G06F21/74 ,  G06F2221/2101 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0823 ,  H04L2209/38 ,  H04W4/60 ,  H04W4/70

Abstract: A method for verifying data integrity of a block device is provided. The method includes providing a secure world execution environment configured to monitor changes to data blocks of a block device, within the secure world execution environment, generating a hash for changed data blocks of the block device, and within the secure world execution environment, verifying and generating a cryptographic signature.

公开(公告)号：US20160092701A1

公开(公告)日：2016-03-31

申请号：US14683658

申请日：2015-04-10

Applicant: Samsung Electronics Co., Ltd.

Inventor： Jitesh Shah ,  Song Wei ,  Ahmed Azab ,  Xun Chen ,  Peng Ning ,  Wenbo Shen ,  Michael Grace

IPC: G06F21/64 ,  H04L9/32 ,  G06F21/74

CPC classification number: G06F21/64 ,  G06F21/74 ,  G06F2221/2101 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0823 ,  H04L2209/38 ,  H04W4/60 ,  H04W4/70

Abstract: A method for verifying data integrity of a block device is provided. The method includes providing a secure world execution environment configured to monitor changes to data blocks of a block device, within the secure world execution environment, generating a hash for changed data blocks of the block device, and within the secure world execution environment, verifying and generating a cryptographic signature.

Abstract translation: 提供了一种用于验证块设备的数据完整性的方法。 该方法包括提供安全的世界执行环境，其被配置为监视在安全世界执行环境内的块设备的数据块的改变，为块设备的改变的数据块生成哈希，并且在安全世界执行环境内，验证和 生成加密签名。

公开(公告)号：US11032342B2

公开(公告)日：2021-06-08

申请号：US16503230

申请日：2019-07-03

Applicant: Samsung Electronics Co., Ltd.

Inventor： Khaled ElWazeer ,  Ivan Getta ,  Myungsu Cha ,  Ahmed M. Azab ,  Rohan Bhutkar ,  Guruprasad Ganesh ,  Wenbo Shen ,  Ruowen Wang ,  Junyong Choi

IPC: H04L29/06 ,  G06F9/38 ,  G06F9/48 ,  G06F9/54

Abstract: This disclosure relates to an electronic device including a memory and at least one processor coupled to the memory. The at least one processor is configured to execute a daemon process in one of a container or a host operating system, wherein the daemon process is configured to manage data transfer between the container and the host operating system, create, via the daemon process, an inter-process communication (IPC) channel between the container and the host operating system, receive incoming audio data, and buffer the incoming audio data to the IPC channel.

公开(公告)号：US10733096B2

公开(公告)日：2020-08-04

申请号：US16107652

申请日：2018-08-21

Applicant: Samsung Electronics Co., Ltd

Inventor： Ivan Getta ,  Sudhi Herle ,  Ahmed M. Azab ,  Rohan Bhutkar ,  Guruprasad Ganesh ,  Wenbo Shen

IPC: G06F12/02 ,  G06F9/455 ,  G06F9/54

Abstract: A method for implementing a shared memory buffer includes at an apparatus comprising a processor and a physical memory, running a host environment with a host virtual memory. The method further includes running a guest environment with a guest virtual memory, performing, by the host environment, an allocation of a frame buffer in the physical memory, and mapping the allocated frame buffer into the host virtual memory. Additionally, the method includes passing a handle of the allocated frame buffer to the guest environment and performing a mapping of the allocated frame buffer into the guest virtual memory, the mapping based on the handle of the allocated frame buffer.

公开(公告)号：US10402561B2

公开(公告)日：2019-09-03

申请号：US15048534

申请日：2016-02-19

Applicant: Samsung Electronics Co., Ltd.

Inventor： Peng Ning ,  Stephen E. McLaughlin ,  Michael C Grace ,  Ahmed M Azab ,  Rohan Bhutkar ,  Wenbo Shen ,  Xun Chen ,  Yong Choi ,  Ken Chen

IPC: G06F21/57 ,  G06F21/51 ,  G06F21/60 ,  G06F21/85 ,  G07C5/08 ,  G06F21/64

Abstract: An apparatus and method of a hardware isolated secure element protecting a plurality of mission critical subsystems are provided. The method includes performing an actuation operation received across an unsecure path that modifies the state of a mission critical subsystem, performing a diagnostic operation received across the unsecure path that requests state information of the mission critical subsystem, storing information used to determine which of the diagnostic operation and the actuation operation received across the unsecure path are performed, and flashing an execution image of an electronic control unit when the execution image of the electronic control unit is received across the unsecure path.

公开(公告)号：US20200014741A1

公开(公告)日：2020-01-09

申请号：US16503230

申请日：2019-07-03

Applicant: Samsung Electronics Co., Ltd.

Inventor： Khaled ElWazeer ,  Ivan Getta ,  Myungsu Cha ,  Ahmed M. Azab ,  Rohan Bhutkar ,  Guruprasad Ganesh ,  Wenbo Shen ,  Ruowen Wang ,  Junyong Choi

IPC: H04L29/06 ,  G06F9/54 ,  G06F9/48 ,  G06F9/38

Abstract: This disclosure relates to an electronic device including a memory and at least one processor coupled to the memory. The at least one processor is configured to execute a daemon process in one of a container or a host operating system, wherein the daemon process is configured to manage data transfer between the container and the host operating system, create, via the daemon process, an inter-process communication (IPC) channel between the container and the host operating system, receive incoming audio data, and buffer the incoming audio data to the IPC channel.

公开(公告)号：US20190155727A1

公开(公告)日：2019-05-23

申请号：US16107652

申请日：2018-08-21

Applicant: Samsung Electronics Co., Ltd

Inventor： Ivan Getta ,  Sudhi Herle ,  Ahmed M. Azab ,  Rohan Bhutkar ,  Guruprasad Ganesh ,  Wenbo Shen

IPC: G06F12/02 ,  G06F9/455 ,  G06F9/54

Abstract: A method for implementing a shared memory buffer includes at an apparatus comprising a processor and a physical memory, running a host environment with a host virtual memory. The method further includes running a guest environment with a guest virtual memory, performing, by the host environment, an allocation of a frame buffer in the physical memory, and mapping the allocated frame buffer into the host virtual memory. Additionally, the method includes passing a handle of the allocated frame buffer to the guest environment and performing a mapping of the allocated frame buffer into the guest virtual memory, the mapping based on the handle of the allocated frame buffer.

公开(公告)号：US11042398B2

公开(公告)日：2021-06-22

申请号：US16504075

申请日：2019-07-05

Applicant: Samsung Electronics Co., Ltd.

Inventor： Guruprasad Ganesh ,  Sudhi Herle ,  Ahmed M. Azab ,  Rohan Bhutkar ,  Ivan Getta ,  Xun Chen ,  Wenbo Shen ,  Ruowen Wang ,  Haining Chen ,  Khaled Elwazeer ,  Mengmeng Li ,  Peng Ning ,  Hyungseok Yu ,  Myungsu Cha ,  Kyungsun Lee ,  Se Young Choi ,  Yurak Choe ,  Yong Shin ,  Kyoung-Joong Shin ,  Donguk Seo ,  Junyong Choi

IPC: G06F9/455 ,  G06F9/48 ,  G06F9/54 ,  G06F9/445

Abstract: A method for operating an electronic device, the method including spawning a name space tool (NST) as part of a boot process of a host OS, wherein the NST is a process with a plurality of root privileges of the host OS. The method further includes spawning, by the NST, a container for a guest OS, wherein the container for the guest OS is mapped to a dedicated domain in the host OS, and dropping, by the NST, a root privilege of the host OS in response to spawning the container for the guest OS.

公开(公告)号：US10320745B2

公开(公告)日：2019-06-11

申请号：US15048531

申请日：2016-02-19

Applicant: Samsung Electronics Co., Ltd.

Inventor： Peng Ning ,  Stephen E McLaughlin ,  Michael C Grace ,  Ahmed M Azab ,  Rohan Bhutkar ,  Wenbo Shen ,  Xun Chen ,  Yong Choi ,  Ken Chen

IPC: G06F21/00 ,  H04L29/06 ,  G07C5/02 ,  G07C5/08 ,  G06F13/10 ,  G06F13/40 ,  H04L9/32 ,  H04W12/10 ,  G06F21/62 ,  G06F21/60 ,  G06F21/12 ,  H04W12/08 ,  H04L29/08

Abstract: An apparatus and method of an attachment device for interfacing with an on-board diagnostic system of a vehicle is provided. The device includes an application processor configured to receive input from a terminal, control processing of the input by the on-board diagnostic system, transmit a result of the processing of the input by the on-board diagnostic system to the terminal, and a secure element interposed in the communication path between the application processor and the on-board diagnostic system, the secure element configured to filter the input of an on-board diagnostic operation that is untrusted.

公开(公告)号：US10289842B2

公开(公告)日：2019-05-14

申请号：US15340447

申请日：2016-11-01

Applicant: Samsung Electronics Co., Ltd.

Inventor： James Gleeson ,  Ahmed Azab ,  Wenbo Shen ,  Rohan Bhutkar

IPC: G06F21/00 ,  G06F21/55 ,  G06F21/12 ,  G06F21/57 ,  G06F8/41

Abstract: An apparatus and a method for protecting kernel control-flow integrity using static binary instrumentation are provided. The method includes configuring a compiler to reserve a register in a processor, compiling source code into a binary based on the configured compiler, and modifying the binary to prevent exploits using the reserved register, wherein the reserved register stores a first encryption key for encrypting and decrypting return addresses. The reserved register stores an encryption key that is used to encrypt and decrypt return addresses to prevent control flow exploits.