公开(公告)号：US12058256B2

公开(公告)日：2024-08-06

申请号：US17671729

申请日：2022-02-15

申请人： NCR Corporation

发明人： Anthony Edward Roper ,  Kerry E. Archibald ,  Gameelah Ghafoor

IPC分类号： H04L9/08 ,  G06F21/57 ,  G06F21/60 ,  G06F21/80

CPC分类号： H04L9/0894 ,  G06F21/575 ,  G06F21/602 ,  G06F21/80 ,  H04L9/085 ,  H04L9/0891 ,  H04L2209/08 ,  H04L2209/16

摘要： A system and method for operating a terminal such as an automated teller machine or other type of self-service terminal having a primary partition of a hard disk encrypted with a disk encryption key (DEK). At the initial installation and after every boot, a pre-boot manager encrypts the DEK with a new key encryption key (KEK) and then splits the encrypted DEK into a plurality of encrypted DEK parts. The pre-boot manager next stores the plurality of encrypted DEK parts in randomized storage locations on an unallocated portion of a hard disk and encrypts a list of the randomized storage locations of the plurality of encrypted DEK parts with the KEK and storing the encrypted list in a location on the unallocated portion of the hard disk. Finally, the pre-boot manager stores the KEK, optionally in an obfuscated format, in a location on the unallocated portion of the hard disk.

公开(公告)号：US20240232442A1

公开(公告)日：2024-07-11

申请号：US18611312

申请日：2024-03-20

申请人： NCR Corporation

发明人： Kerry Elissa Archibald ,  Graham Flett ,  Anthony Edward Roper

IPC分类号： G06F21/80 ,  G06F3/06 ,  G06F21/57

CPC分类号： G06F21/80 ,  G06F3/0622 ,  G06F3/0629 ,  G06F3/0674 ,  G06F21/575

摘要： Boot firmware of a terminal sets a lock password on a hard disk drive of the terminal to lock the hard disk drive from access. The password is obfuscated in boot variables or stored separately on a server independently of the terminal. During subsequent boots of the terminal, the firmware de-obfuscates the password from the boot variables or obtains the password from the server and provides the password to the hard disk drive, which causes the hard disk drive to unlock for operation with the terminal following the subsequent boots.

公开(公告)号：US20240211642A1

公开(公告)日：2024-06-27

申请号：US18087249

申请日：2022-12-22

申请人： NCR Corporation

发明人： Kerry Elissa Archibald ,  Graham Flett ,  Anthony Edward Roper

IPC分类号： G06F21/80 ,  G06F21/57

CPC分类号： G06F21/80 ,  G06F21/575

摘要： Boot firmware of a terminal sets a lock password on a hard disk drive of the terminal to lock the hard disk drive from access. The password is obfuscated in boot variables or stored separately on a server independently of the terminal. During subsequent boots of the terminal, the firmware de-obfuscates the password from the boot variables or obtains the password from the server and provides the password to the hard disk drive, which causes the hard disk drive to unlock for operation with the terminal following the subsequent boots.

公开(公告)号：US20230351062A1

公开(公告)日：2023-11-02

申请号：US18218705

申请日：2023-07-06

申请人： Pure Storage, Inc.

发明人： S. Christopher Gladwin ,  Chuck Wilson Templeton ,  Jason K. Resch ,  Gary W. Grube

IPC分类号： G06F21/85 ,  G06F21/72 ,  G06F21/80 ,  H04L9/32 ,  H04N21/222 ,  H04N21/2347 ,  H04N21/845 ,  H04L67/1097 ,  H04W12/033 ,  G06F3/06 ,  G06F11/10

CPC分类号： G06F21/85 ,  G06F21/72 ,  G06F21/80 ,  H04L9/3242 ,  H04N21/222 ,  H04N21/2347 ,  H04N21/8456 ,  H04L67/1097 ,  H04W12/033 ,  G06F3/0619 ,  G06F3/0647 ,  G06F3/067 ,  G06F11/1076 ,  G06F2211/1028 ,  H04L65/764

摘要： A method includes obtaining input encoded data slices from memory of the storage network, where the input encoded data slices include a set of encoded data slices interspersed with a set of auxiliary data slices, where a data segment was error encoded into the set of encoded data slices, and where auxiliary data was error encoded into the set of auxiliary data slices. The method further includes obtaining de-selection information associated with the input encoded data slices and de-selecting the sequence of input encoded data slices based on the de-selection information to produce deselected encoded data slices. The method further includes error decoding at least a decode threshold number of encoded data slices of the deselected encoded data slices in accordance with error decoding parameters to reproduce the data segment. The method further includes outputting the data segment to a requesting computing device of the storage network.

公开(公告)号：US20190080082A1

公开(公告)日：2019-03-14

申请号：US15699646

申请日：2017-09-08

申请人： QUALCOMM INCORPORATED

发明人： MAMTA DESAI ,  ASHUTOSH SHRIVASTAVA ,  DHAMIM PACKER ALI

IPC分类号： G06F21/52 ,  G06F21/80

CPC分类号： G06F21/52 ,  G06F7/582 ,  G06F21/575 ,  G06F21/80 ,  G06F2221/034

摘要： Systems and methods are disclosed for providing stack overflow protection on a system on chip via a hardware write-once register. An exemplary embodiment of an system on chip comprises a hardware write-once register, a boot processor, and one or more processor subsystems. The boot processor is configured to execute a read only memory (ROM) image which initializes the hardware write-once register with a first numeric value in response to the system on chip being powered on. The one or more processor subsystems have an associated software image configured to use the first numeric value in the hardware write-once register as a stack canary value to combat stack overflow attacks.

公开(公告)号：US10078459B1

公开(公告)日：2018-09-18

申请号：US15275759

申请日：2016-09-26

申请人： EMC IP Holding Company LLC

发明人： Assaf Natanzon ,  Philip Derbeko ,  Uriya Stern ,  Maya Bakshi ,  Yuri Manusov

IPC分类号： G06F12/00 ,  G06F13/00 ,  G06F13/28 ,  G06F3/06 ,  G06F11/34

CPC分类号： G06F3/0619 ,  G06F3/0614 ,  G06F3/0622 ,  G06F3/0623 ,  G06F3/065 ,  G06F3/067 ,  G06F11/2071 ,  G06F11/34 ,  G06F11/3485 ,  G06F21/554 ,  G06F21/80

摘要： A computer program product, system, and method for generating coded fragments comprises initializing historical I/O activity data structures and recent I/O activity data structures associated with a logical unit (LU) of storage; receiving an I/O request from a host, the I/O request associated with one or more chunks within the LU; adding metadata about the I/O request to the recent I/O activity data structures; generating a ransomware probability by comparing the recent I/O activity data structures to the historical I/O activity data structures; and if the ransomware probability exceeds a first threshold value, taking one or more first actions to mitigate the effects of ransomware within the host.

公开(公告)号：US20180260122A1

公开(公告)日：2018-09-13

申请号：US15974345

申请日：2018-05-08

申请人： International Business Machines Corporation

发明人： Asimuddin Kazi ,  Jason K. Resch

IPC分类号： G06F3/06 ,  H04N21/274 ,  G06F1/32 ,  H04N21/231 ,  H04N21/218 ,  H04L29/08 ,  H04N21/232 ,  H04L29/06 ,  H04L1/16 ,  H03M13/15 ,  G06F21/80 ,  G06F21/62 ,  G06F21/10 ,  G06F11/10 ,  G06F11/07

CPC分类号： G06F3/0604 ,  G06F1/3296 ,  G06F3/061 ,  G06F3/0619 ,  G06F3/0625 ,  G06F3/0635 ,  G06F3/064 ,  G06F3/0644 ,  G06F3/0647 ,  G06F3/065 ,  G06F3/0653 ,  G06F3/067 ,  G06F3/0683 ,  G06F11/0727 ,  G06F11/0751 ,  G06F11/0772 ,  G06F11/079 ,  G06F11/0793 ,  G06F11/1076 ,  G06F11/261 ,  G06F21/10 ,  G06F21/31 ,  G06F21/62 ,  G06F21/80 ,  G06F2221/2129 ,  G06F2221/2151 ,  H03M13/1515 ,  H03M13/3761 ,  H04L1/16 ,  H04L9/085 ,  H04L63/101 ,  H04L63/102 ,  H04L67/06 ,  H04L67/1097 ,  H04L2209/34 ,  H04N21/2181 ,  H04N21/23116 ,  H04N21/232 ,  H04N21/274

摘要： A computing device includes an interface configured to interface and communicate with a dispersed storage network (DSN), a memory that stores operational instructions, and a processing module operably coupled to the interface and memory such that the processing module, when operable within the computing device based on the operational instructions, is configured to perform various operations. The computing device determines to facilitate migration of encoded data slices (EDSs) from a first storage unit (SU) pool to a second SU pool and identifies storage resources associated with the EDSs to be migrated. The computing device then generates a migration schedule for the EDSs based on performance information associated with storage resources and facilitates the migration of the plurality of EDSs based on the migration schedule using the storage resources based on an aggression factor and adapts the aggression factor as deemed necessary based on the performance information.

公开(公告)号：US10013561B2

公开(公告)日：2018-07-03

申请号：US14927938

申请日：2015-10-30

申请人： NCR Corporation

发明人： Gameelah Ghafoor ,  Graham Flett

IPC分类号： G06F9/00 ,  G06F15/177 ,  G06F21/57 ,  G06F21/60 ,  G06F21/80 ,  G06Q20/10 ,  G06Q20/18 ,  H04L9/08 ,  H04L9/14

CPC分类号： G06F21/575 ,  G06F21/602 ,  G06F21/80 ,  G06F2221/2107 ,  G06Q20/1085 ,  G06Q20/18 ,  H04L9/0822 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/0894 ,  H04L9/14

摘要： During a pre-boot cycle of a device an algorithm is obtain from a first portion of the hard drive. The algorithm is executed to obtain a key. The key is used to decrypt a second portion of the hard drive to obtain a second key. The second key is used to dynamically decrypt a third portion of the hard drive. A new randomly generated version of the algorithm is produced. The new version of the algorithm is stored in the first portion of the hard drive. The new version of the algorithm is executed to produce a new randomly generated version of the key. The new version of the key is used to re-encrypt the second portion of the hard drive having the second key.

公开(公告)号：US09942219B2

公开(公告)日：2018-04-10

申请号：US15585670

申请日：2017-05-03

申请人： Intel Corporation

发明人： Vincent J. Zimmer ,  Michael A. Rothman

IPC分类号： H04L29/06 ,  G06F13/40 ,  G06F21/57 ,  G06F21/71 ,  G06F21/72 ,  G06F21/80 ,  H04L9/32

CPC分类号： H04L63/0823 ,  G06F13/4068 ,  G06F21/575 ,  G06F21/71 ,  G06F21/72 ,  G06F21/80 ,  G06F2221/2107 ,  G06F2221/2115 ,  H04L9/3268 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/08

摘要： In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data. Many modifications, variations, and alternatives are possible without departing from this embodiment.

公开(公告)号：US20180074890A1

公开(公告)日：2018-03-15

申请号：US15804147

申请日：2017-11-06

申请人： International Business Machines Corporation

发明人： Ahmad Alnafoosi ,  Jason K. Resch

IPC分类号： G06F11/10 ,  G06F21/64 ,  H04L29/08 ,  H04L12/911 ,  G06F9/50

CPC分类号： G06F11/108 ,  G06F3/067 ,  G06F9/5027 ,  G06F11/1076 ,  G06F21/64 ,  G06F21/80 ,  H04L47/70 ,  H04L67/10 ,  H04L67/1097 ,  H04L67/32

摘要： A method includes dispersed storage error encoding, by a computing device, a data segment of a data file to produce a set of encoded data slices. The method further includes determining, by the computing device, a storage & error encoding scheme for storing the set of encoded data slices. The method further includes sending, by the computing device, the set of encoded data slices to the set of storage units. The method further includes receiving, by a first storage unit, one or more encoded data slices. The method further includes processing, by the first storage unit, the one or more encoded data slices in accordance with a first version of the storage & erroring encoding scheme to produce a first set of encoded data sub-slices. The method further includes storing, by the first storage unit, the first set of encoded data sub-slices in a set of memory devices.