SafeNet, Inc. Patent applications |
Patent application number | Title | Published |
20160085975 | Constrained Information Transfer - A secure processing facility has a plurality of workstations, with associated computers to provide data to, and/or receive data from, the workstations. The computers are provided with a visual display unit, and display machine-readable data codes on the display. The computers are provided with a scanner to read the machine-readable data codes on the display of another of the computers. The computers have no other connection to receive or transmit machine readable data. A method of operating the facility includes processing a workpiece at a first workstation. A display of the computer of the first workstation displays a data code containing data related to the processing of the workpiece. The scanner of the computer associated with a second workstation scans the data code. The workpiece is transferred from the first workstation to the second workstation. The workpiece is processed at the second workstation. | 03-24-2016 |
20120233378 | PROTECTING GUEST VIRTUAL MACHINE MEMORY - A hypervisor runs on a host computer system and defines at least one virtual machine. An address space of the virtual machine resides on physical memory of the host computer system under control of the hypervisor. A guest operating system runs in the virtual machine. At least one of a host operating system and the hypervisor sets parts of the address space of the host computer system corresponding to parts of the address space of the virtual machine to a locked state in which those parts can be read but not written to. | 09-13-2012 |
20120216052 | EFFICIENT VOLUME ENCRYPTION - A computer system comprises a first region including a base image in the form of machine readable code stored on a non-volatile storage medium, a second region including a machine image in the form of machine readable code stored on a non-volatile storage medium, and a deduplicator. The second region machine image comprises a base part sufficiently similar to the base image for deduplication, and a part special to the second region machine image. The first region base image and the second region machine image are deduplicated by the deduplicator. The second region special part is encrypted by full disk encryption using a key not available to the first region. Methods of, and computer programs for, implementing such a system are described. | 08-23-2012 |
20120198538 | MULTI-ENCLAVE TOKEN - A security token has multiple independent application enclaves, on which different application providers can install encryption keys and/or other data to authenticate a user of the token to their respective applications. | 08-02-2012 |
20120179904 | Remote Pre-Boot Authentication - A host computer cloud has a processor and supports a virtual machine. An agent under control of a user is in communication with the cloud over a network. A key management server is in communication with the cloud over a network. The cloud stores the virtual machine in the form of a virtual encrypted disk on a non-volatile storage medium. When commanded by the agent, the cloud requests a disk-wrapping key from the key management server and decrypts the encrypted disk using the disk-wrapping key. | 07-12-2012 |
20120005484 | HIGH-ASSURANCE SECURE BOOT CONTENT PROTECTION - A method and apparatus for high assurance boot processing is disclosed. A trusted processor is used to authenticate a trusted boot program and in conjunction with a selector, to provide the authenticated boot program to a boot memory where it can be accessed by a main processor to execute the bootup sequence. The trusted processor also provides a command for the main processor to write a data sequence to a hard drive or similar device, and monitors the data written by the main processor to verify that the data has not been tampered with or otherwise compromised. | 01-05-2012 |
20110191593 | Software License Embedded In Shell Code - Software application protection methods and systems for protecting and verifying licensing of an original application. The system reads the original application executable, and generates a shelled application comprising the original application and a shell containing the license information. The shelled application implements license APIs, and establishes secure communications within the shelled application between the original application and the shell. Licensing for the original application can be verified by the shelled application alone. | 08-04-2011 |
20100250906 | Obfuscation - In an embodiment of a method of making a conditional jump in a computer running a program, an input is provided, conditional on which a substantive conditional branch is to be made. An obfuscatory unpredictable datum is provided. Code is executed that causes an obfuscatory branch conditional on the unpredictable datum. At a point in the computer program determined by the obfuscatory conditional branch, a substantive branch is made that is conditional on the input. | 09-30-2010 |
20100171560 | System and method for detecting FRO locking - The detection of locking of a free running oscillator (FRO) is disclosed, including taking periodic samples of the FRO output, storing each new sample in a sample storage medium, each time a new sample is stored searching the stored samples for at least one repeating pattern, counting consecutive sampling instances in which a repeating pattern is found, and indicating when the count reaches a preselected threshold number. | 07-08-2010 |
20100131518 | Database Obfuscation System and Method - A system and method for obfuscating a database's schema while preserving its functionality by modifying the original table names, column names, table order, column order, and/or data character set such that the standard order of the original characters is maintained. | 05-27-2010 |
20100095132 | PROTECTING SECRETS IN AN UNTRUSTED RECIPIENT - A technique for protecting secrets may involve enclosing master secret keys in an encapsulation module functioning like an envelope on a host that may run an untrusted operating system. The encapsulation module itself can be obfuscated and protected with various software security techniques, such as anti-debugging techniques, which make reverse-engineering more difficult. Session or file keys could then be derived from the master key stored in the encapsulation module on the host, wherein each of the keys protects a session or a file on the host. Additionally, a code can be provided to prevent the master secret and the keys from being swapped to a non-volatile storage device of the host. | 04-15-2010 |
20100095115 | FILE ENCRYPTION WHILE MAINTAINING FILE SIZE - A technique for encrypting a file without changing file size may involve encrypting a first set of a plurality of blocks of a file in a first encryption mode using the first set of encryption keys and/or the first set of configuration rules, and a second set of the plurality of blocks of the file in a second encryption mode using a second set of the encryption keys and/or a second set of the configuration rules without causing the file to increase in size before and after the encryption. Here, the first and the second encryption modes are chosen to be different, so are the first and the second sets of the encryption keys and/or the configuration rules to reduce security risk of the file being encrypted. | 04-15-2010 |
20100070778 | SECURE FILE ENCRYPTION - A technique for secure file encryption first choose a file encryption key randomly among a set of file encryption keys and encrypts a file using the chosen file encryption key based on a set of encryption rules. The file encryption key can then be encrypted via a directory master secret (DMS) key for an extra layer of security so that an intruder cannot decrypt the encrypted file even if the intruder gains access to the DMS-encrypted file encryption key. Finally, the DMS-encrypted file encryption key can be stored in a metadata associated with the file. | 03-18-2010 |
20100024026 | Application gateway system and method for maintaining security in a packet-switched information network - A method and apparatuses are disclosed for handling digital data packets at a logical borderline that separates an untrusted packet-switched information network from a protected domain. A packet processor part intercepts a packet that is in transit between the untrusted packet-switched information network and the protected domain. The packet is examined at the packet processor part in order to determine, whether the packet contains digital data that pertains to a certain protocol. If the packet is not found to contain such digital data, it is processed at the packet processor part. If the packet is found to contain digital data that pertains to said certain protocol, it gets redirected to an application gateway part that processes the packet according to a set of processing rules based on obedience to said certain protocol. The packet processor part is a kernel mode process running in a computer device and the application gateway part is a user mode process running in a computer device. | 01-28-2010 |
20100011375 | Zero-install IP security - In an embodiment of a method of and system for secure communication, a computer system comprises a primary system protocol stack operative in kernel space and interfacing with an external network. A secondary system protocol stack, security software, and at least one application program operate in user space, and may be provided on a portable storage medium by a user who does not have privileges to install programs in kernel space. The application program interfaces with the secondary system protocol stack. The secondary system protocol stack interfaces with the primary system protocol stack. The security software operates on communications through the secondary system protocol stack. | 01-14-2010 |
20090265348 | System and methods for detecting rollback - In an embodiment of a method of and system for detecting rollback of usage data, the usage data is recording in a database. A sequence value in the database is repeatedly advanced. A copy of the sequence value is repeatedly saved to protected storage. The copy of the sequence value in the protected storage is compared with the sequence value in the database, and it is determined whether the result of the comparison is consistent with normal operation of the database since the previous save to protected storage. | 10-22-2009 |
20090240953 | ON-DISK SOFTWARE IMAGE ENCRYPTION - A technique is introduced to support on-disk software image encryption. Image of a software component deployed to a host is encrypted when the image is created and/or its content is changed, before such image of the software component is being saved to a non-volatile storage of the host. The encrypted image of the software component is decrypted only at startup and/or resume time of the software component. Once decrypted, the image of the software component is loaded into a volatile storage of the host so that the software component can be up and running. | 09-24-2009 |
20090240937 | SEPARATED STORAGE OF DATA AND KEY NECESSARY TO ACCESS THE DATA - A novel approach introduces an extra layer of data security by storing files and the keys required to access the files separately. When the files are being accessed, the host of the files sends a request to an access device that stores the keys to access the files. The key will be provided to the host only if at least one of the following conditions is met: the host is within close proximity of the access device, the identity of the person attempting to access the files is authenticated, or the security status of the host is verified. | 09-24-2009 |