公开(公告)号：US20240004983A1

公开(公告)日：2024-01-04

申请号：US17855890

申请日：2022-07-01

Applicant: THALES DIS CPL USA, INC.

Inventor： Devesh Kumar TEWARI ,  Amit SINHA

IPC: G06F21/40 ,  G06F21/34

CPC classification number: G06F21/40 ,  G06F21/34

Abstract: In one embodiment a Hardware Server Module (HSM) (10) implementing a distributed quorum authentication enforcement is provided, whereby user access to a resource (40) on the device (10) is enforced via an API gateway (16). The HSM comprises one or more resources, a separate resource manager API for accessing the one or more resources, an enforcement module for enforcing access to the one or more resources via the API gateway according to a quorum policy, and a quorum manager for generating and storing a quorum request in a database. The API gateway (16) can be a RESTful API using HTTP requests to produce and consume data related to quorum services via at least one of a GET, PUT, POST, PATCH and DELETE command type. Other embodiments are disclosed.

公开(公告)号：US11550880B2

公开(公告)日：2023-01-10

申请号：US17023574

申请日：2020-09-17

Applicant: THALES DIS CPL USA, Inc.

Inventor： YuBao Cheng ,  Hao Zhao ,  Kan Liu

IPC: G06F21/10 ,  G06F9/455 ,  G06F13/42 ,  G06F21/12

Abstract: The invention is a method for controlling execution of an application. The method comprising: installing and activating a software license unit including License terms and a secure repository comprising both an applet and parameters, providing a virtual USB dongle including a command gate, a License validator, a VM controller and a VM engine initially devoid of applet, verifying the License terms and only if the verification of the License terms is successful: loading said applet and parameters to the VM engine and enabling the Command gate, initializing configuration data and secret data in the VM engine by using the parameters stored in the VM engine then exchanging, between the applet and said hardware function driver, USB messages to control execution of said application.

公开(公告)号：USD1057667S1

公开(公告)日：2025-01-14

申请号：US29859013

申请日：2022-11-07

Applicant: THALES DIS CPL USA, INC.

Designer： Sofia Melgar Jimenez

公开(公告)号：US20240259287A1

公开(公告)日：2024-08-01

申请号：US18103568

申请日：2023-01-31

Applicant: THALES DIS CPL USA, INC.

Inventor： Wayne REED ,  Ranga ANUMULAPALLY ,  Marc André BOILLOT

IPC: H04L43/0888 ,  H04L43/062 ,  H04L47/22 ,  H04L47/62

CPC classification number: H04L43/0888 ,  H04L43/062 ,  H04L47/22 ,  H04L47/621

Abstract: Provided is a method for a Hardware Security Module (HSM) appliance to provide cryptographic services to multiple clients via cryptographic service requests and responses transmitted over a secure communication channel there between. The method comprises the steps of providing a traffic control feature for communications over said secure communication channel by way of a Linux Kernel, and leveling cryptographic service and balancing a workload of cryptographic transactions on the HSM appliance for the multiple clients submitting said requests and receiving said responses by way of a Traffic Control Agent (TCA), thereby distributing a fair, proportional share of resources on the HSM appliance needed for servicing the cryptographic services to multiple clients irrespective of thread count per client. Other embodiments disclosed, including a dynamic intelligent TCA.

公开(公告)号：US20240095331A1

公开(公告)日：2024-03-21

申请号：US17948340

申请日：2022-09-20

Applicant: THALES DIS CPL USA, INC.

Inventor： Yateendra JAIMAN ,  Pranay Shahab GUPTA ,  Asad Mahboob ALI

IPC: G06F21/36

CPC classification number: G06F21/36

Abstract: A system or method of secure data entry can include one or more processors and memory having computer instructions which when executed by the one or more processors causes the one or more processors to perform the operations at a client edge device of executing a user interface data entry application on the client edge device, receiving data by the user interface data entry application, wherein the data entered is a graphic input pattern corresponding to characters, communicating the data entered to a server, and receiving access to the server if a data processing application at the server interprets the data entered as a credential based on rules negotiated between the data entry application and the data processing application and a template for the graphic input pattern.

公开(公告)号：US11687440B2

公开(公告)日：2023-06-27

申请号：US17165480

申请日：2021-02-02

Applicant: THALES DIS CPL USA, INC

Inventor： Andreas Weber ,  David Andreas Lange ,  Michael Zunke

IPC: G06F9/44 ,  G06F11/36 ,  G06F8/41 ,  G06F8/77

CPC classification number: G06F11/3604 ,  G06F8/433 ,  G06F8/437 ,  G06F8/443 ,  G06F8/77 ,  G06F11/3668

Abstract: Protection of a first software application to be executed on an execution platform by adding at least one check module to the software application, wherein the check module, when being executed, checks at least a part of the code of the protected software application loaded in the memory and carries out a predefined tamper response in case the check module detects that the checked code was changed or ensures that the protected software application continues to function correctly in case the check module detects that the checked code was not changed; selecting a first code region of the first software application, said first code region provides a first functionality when being executed; amending the selected first code region of the first software application such that an amended first code region is generated to provide the protected software application; wherein the amended first code region, when being executed, still provides the first functionality but carries out an access to at least a part of the code of a protected software application loaded in the memory for providing the first functionality.

公开(公告)号：US20220330422A1

公开(公告)日：2022-10-13

申请号：US17226649

申请日：2021-04-09

Applicant: THALES DIS CPL USA, INC

Inventor： Stephane LEMIRE

IPC: H05K1/02 ,  G01R31/3185

Abstract: The present invention provides a system for detecting access to a pre-defined area on a Printed Circuit Board, wherein the system comprises: the Printed Circuit Board comprising, on at least one of its external surfaces, at least one pre-defined area comprising electrical components, a potting material arranged over at least the pre-defined area, wherein the potting material comprises a first layer of transparent material configured to allow light to pass through, and a second layer of opaque material arranged so that completely blocks light towards the first layer, wherein the first layer is arranged between the Printed Circuit Board and the second layer and extends at least over the pre-defined area, and at least one photo-sensor arranged within the first layer of transparent material and configured to generate a tamper signal upon detection of light in the first layer.

公开(公告)号：US11320250B2

公开(公告)日：2022-05-03

申请号：US16728725

申请日：2019-12-27

Applicant: THALES DIS CPL USA, INC.

Inventor： James Andrasi

IPC: G01B5/14 ,  G01V11/00 ,  H05K5/02 ,  G06F1/20 ,  G06F1/16

Abstract: An assembly allows detecting an intrusion into an appliance that includes a chamber(s). At least one wall relating to one and the same chamber is designed, so as to form a chamber opening allowing to access at least one appliance chip. The assembly includes at least one baffle that is, each, disposed at the chamber opening. The assembly includes at least one chip that comprises a baffle manager. The baffle manager is configured to cause the at least one baffle to move repeatedly between a first and a second position with respect to the chamber opening, during an appliance chip operation. The baffle manager is configured to detect whether a baffle movement is slowed or blocked during the appliance chip operation. If yes, the baffle manager is configured to send a predetermined signal(s) for alerting the appliance chip or a device(s) or take an action(s).

公开(公告)号：US20210081515A1

公开(公告)日：2021-03-18

申请号：US17023574

申请日：2020-09-17

Applicant: THALES DIS CPL USA, Inc.

Inventor： YuBao CHENG ,  Hao ZHAO ,  Kan LIU

IPC: G06F21/10 ,  G06F9/455 ,  G06F21/12 ,  G06F13/42

Abstract: The invention is a method for controlling execution of an application. The method comprising: installing and activating a software license unit including License terms and a secure repository comprising both an applet and parameters, providing a virtual USB dongle including a command gate, a License validator, a VM controller and a VM engine initially devoid of applet, verifying the License terms and only if the verification of the License terms is successful: loading said applet and parameters to the VM engine and enabling the Command gate, initializing configuration data and secret data in the VM engine by using the parameters stored in the VM engine then exchanging, between the applet and said hardware function driver, USB messages to control execution of said application.

公开(公告)号：US20240370581A1

公开(公告)日：2024-11-07

申请号：US18690347

申请日：2022-08-29

Applicant: THALES DIS CPL USA, INC.

Inventor： José R. SANTOS ,  Partha Sarathi BESAGARAHALLI LAKSHMAIAH, ,  Steven PRATT ,  Mahesh MOHAN

IPC: G06F21/62 ,  G06F21/60

Abstract: Extension of functional capabilities of a file system in a container orchestration system by associating an extended storage class with a functional extension wherein access to data storage volumes belonging to the extended storage class are handled by an extended file system. In response to deployment of an application pod config including definition of an extended volume belonging to the extended storage class, request mounting the extended volume and creating a staging pod for mounting the original data storage volume and causing the container orchestration system to deploy the staging pod. Access by the containers in the application pod to data stored in the extended volume is handled by the extended file system.