Patent application number | Description | Published |
20100037065 | Method and Apparatus for Transitive Program Verification - A method, apparatus and program storage device for program verification in an information handling system in which an application program runs on an operating system having a signature verification function for verifying a digital signature of the application program. Upon loading of the application program, the signature verification function of the operating system verifies the digital signature of the application program and, if the digital signature is verified, initiates execution of the application program. Upon initiation of execution of the application program, a verification testing function associated with the application program tests the signature verification function of the operating system by presenting to it a sequence of test digital signatures in a specified pattern of true and false signatures. If its test of the signature verification function of the operating system is successful, the application program initiates normal execution. Otherwise, the application program terminates without initiating normal execution. | 02-11-2010 |
20120177202 | SECURE TRANSPORT OF DOMAIN-SPECIFIC CRYPTOGRAPHIC STRUCTURES OVER GENERAL PURPOSE APPLICATION PROGRAM INTERFACES - A method of distributing cryptographic keys includes determining functional keys of domain-specific cryptographic service provider (DCSP); providing the functional keys to a fused cryptographic API (FCAPI) provided on a first computing device; encoding the functional keys with key encoding keys to produced encoded keys, the encoded keys including wrap or unwrap restrictions; receiving the encoded keys at a second computing device; unwrapping each encoded key until a first functional key is discovered, the first functional key having not including a wrap template; and providing the first functional key to the DCSP on at the computing device. | 07-12-2012 |
20120278820 | SCALABLE, HIGHLY AVAILABLE, DYNAMICALLY RECONFIGURABLE CRYPTOGRAPHIC PROVIDER WITH QUALITY-OF-SERVICE CONTROL BUILT FROM COMMODITY BACKEND PROVIDERS - A system for remapping subsets of host-centric application programming interfaces to commodity service providers includes a processor configured to receive a commodity service providers object, embed the commodity service providers object with a handle, transform the handle into a serialized object readable by a hardware security module, generate a virtualized handle from the transformed handle, select a target hardware security module based on characteristics of the serialized object and map the virtualized handle to the target hardware security module. | 11-01-2012 |
20120308011 | INTEGRATED KEY SERVER - A computer program product for integrated key serving is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes using a smart card of two or more smart cards with a support element of two or more support elements to create an encryption key and storing the encryption key in an encrypted file that can only be decrypted by the smart card and the support element used to create the encryption key. | 12-06-2012 |
20130055295 | SCALABLE, HIGHLY AVAILABLE, DYNAMICALLY RECONFIGURABLE CRYPTOGRAPHIC PROVIDER WITH QUALITY-OF-SERVICE CONTROL BUILT FROM COMMODITY BACKEND PROVIDERS - Exemplary embodiments include a method for remapping subsets of host-centric application programming interfaces to commodity service providers, the method including receiving a commodity service providers object, embedding the commodity service providers object with a handle, transforming the handle into a serialized object readable by a hardware security module, generating a virtualized handle from the transformed handle, selecting a target hardware security module based on characteristics of the serialized object and mapping the virtualized handle to the target hardware security module. | 02-28-2013 |
20130090903 | HIGH-FREQUENCY ENTROPY EXTRACTION FROM TIMING JITTER - A method for creating entropy in a virtualized computing environment includes waking one or more samplers, each sampler having a sampling frequency; sampling a sample source with each of the one or more samplers; placing each of the samplers in an inactive state when not sampling; determining a difference between an expected value and a sampled value at each sampler; and providing a function of the difference from each of the one or more samplers to an aggregator. | 04-11-2013 |
20130108052 | SECURE TRANSPORT OF DOMAIN-SPECIFIC CRYPTOGRAPHIC STRUCTURES OVER GENERAL PURPOSE APPLICATION PROGRAM INTERFACES | 05-02-2013 |
20140237257 | SCALABLE PRECOMPUTATION SYSTEM FOR HOST-OPAQUE PROCESSING OF ENCRYPTED DATABASES - A method, system, and computer program product to generate results for a query to an encrypted database stored on a host are described. The method includes generating indexes from the encrypted database, each index identifying records of the encrypted database associated with a range of data for at least one field stored in the records of the encrypted database, and generating index metadata associated with each index, the index metadata indicating the range of data identified by the associated index. The method also includes generating a sub-query from the query for each field associated with the query and determining a subspace of search within the encrypted database based on sub-query results obtained through the index metadata. The method further includes searching the subspace of the encrypted database to generate the results of the query. | 08-21-2014 |
20150019877 | SCALABLE PRECOMPUTATION SYSTEM FOR HOST-OPAQUE PROCESSING OF ENCRYPTED DATABASES - A method, system, and computer program product to generate results for a query to an encrypted database stored on a host are described. The system includes a host comprising a storage device to store the encrypted database, and a a secure processor to generate indexes and index metadata from the encrypted database, each index identifying records of the encrypted database associated with a range of data for at least one field stored in the records of the encrypted database and the metadata indicating the range of data identified by the associated index. The system also includes an interface of the host to receive the query, and a host processor to generate a sub-query form the query for each field associated with the query. Based on sub-query results obtained through the index metadata, the secure processor searches a subspace of the encrypted database to generate the results of the query. | 01-15-2015 |
20150074392 | SECURE PROCESSING ENVIRONMENT FOR PROTECTING SENSITIVE INFORMATION - A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data. | 03-12-2015 |