Patents by Inventor Chris Loreskar
Chris Loreskar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11882442Abstract: A terminal device seeking access to a mobile network retrieves a handset identifier identifying the terminal device and a cryptographic key for proving an identity of the terminal device from storage circuitry of the terminal device. The terminal device generates signature information by signing a block of information including the handset identifier using the cryptographic key. During a network connection process for negotiating access to the mobile network with a network control device, the terminal device communicates the signature information to the network control device.Type: GrantFiled: December 3, 2021Date of Patent: January 23, 2024Assignee: Trustonic LimitedInventor: Chris Loreskar
-
Patent number: 11533625Abstract: An authentication method is disclosed, the method comprising: receiving at least one request for an action in relation to an electronic device, wherein performance of the action requires verification of an association of a group of IDs specified by the request; verifying, via cryptographic verification, whether the group of IDs specified by the request match a cryptographically attested group of IDs associated with the electronic device, to determine whether the at least one request for an action is an authentic request; and, having determined the at least one request for an action is an authentic request, approving the at least one request, wherein the group of IDs comprises at least an Integrated Circuit Card Identifier (ICC ID) of a Subscriber Identity Module (SIM) of the electronic device and a device identifier associated with the electronic device.Type: GrantFiled: March 12, 2020Date of Patent: December 20, 2022Assignee: Trustonic LimitedInventors: Chris Loreskar, Florent Joubert
-
Patent number: 11388012Abstract: A method for a device comprises enrolling a specified application installed on the device into a chain of trust provided by a private key infrastructure. In the chain of trust, a child certificate is attested as valid by an attestor associated with a parent certificate in the chain of trust. Enrolling includes generating an application certificate 20-A for verifying that the specified application is installed on the device 2. The application certificate is a descendant certificate of the device certificate associated with the device and the chain of trust.Type: GrantFiled: August 23, 2018Date of Patent: July 12, 2022Assignee: Trustonic LimitedInventors: Chris Loreskar, John Dent
-
Publication number: 20220210652Abstract: A method for remotely performing secure change of operational mode of a telecommunications device, the method comprising: establishing a first secure channel between a modem of the telecommunications device and an application executing in an Execution Environment of the telecommunications device; establishing a second secure channel between the application and a remote server; enabling the modem in a limited operational mode; generating a request, by the modem or the application, to verify the validity of a subscriber identity module of the telecommunications device; retrieving, by the modem, module identification information from the subscriber identity module; retrieving verification information, by the application and from the remote server, using the second secure channel, sending the module identification information from the modem to the application using the first secure channel, verifying at the application whether the subscriber identity module is valid using the module identification information andType: ApplicationFiled: May 1, 2020Publication date: June 30, 2022Inventors: Chris LORESKAR, Derick CASSIDY, John DENT
-
Publication number: 20220150707Abstract: An authentication method and terminal device obtain a device identifier associated with an electronic device and receive an Integrated Circuit Card Identifier (ICC ID) of a Subscriber Identity Module (SIM) of the electronic device. A group of IDs is cryptographically signed with a device key of the terminal device or a key derived from the device key. The group of IDs may comprise the device identifier and the ICC ID.Type: ApplicationFiled: January 25, 2022Publication date: May 12, 2022Inventors: Chris LORESKAR, Florent JOUBERT
-
Publication number: 20220095107Abstract: A terminal device seeking access to a mobile network retrieves a handset identifier identifying the terminal device and a cryptographic key for proving an identity of the terminal device from storage circuitry of the terminal device. The terminal device generates signature information by signing a block of information including the handset identifier using the cryptographic key. During a network connection process for negotiating access to the mobile network with a network control device, the terminal device communicates the signature information to the network control device.Type: ApplicationFiled: December 3, 2021Publication date: March 24, 2022Inventor: Chris LORESKAR
-
Patent number: 11228907Abstract: A network usage control method comprises receiving (S2, S5) a handset identifier (e.g. an IMEI number) of a requesting terminal device (2) seeking to use a mobile network (4); retrieving verification information (S7) for verifying an identity of an authorised terminal device associated with the handset identifier; verifying (S9), based on the verification information, whether the requesting terminal device (2) is the authorised terminal device; and controlling (S10, S11) usage of the mobile network by the requesting terminal ON device in dependence on whether the requesting terminal device is verified as the authorised terminal device. Cryptographic keys can be used to bind the handset identifier to a particular handset and verify that a device presenting a given handset identifier is actually the authorised handset for that handset identifier. This prevents thieves being able to circumvent blacklisted handset identifier of a stolen handset by cloning a valid handset identifier from another device.Type: GrantFiled: November 2, 2017Date of Patent: January 18, 2022Assignee: TRUSTONIC LIMITEDInventor: Chris Loreskar
-
Patent number: 11146962Abstract: A method for performing secure change of operational mode of a multi-SIM telecommunications device, the method comprising: enabling each of a plurality of modem modules of the telecommunications device in a limited operational mode; performing a first verification, by a first authentication module of a plurality of authentication modules of the telecommunications device, to verify the validity of a first subscriber identity module associated with a first modem module of the plurality of modem modules in accordance with network configuration information, wherein responsive to a positive first verification the first modem module is transitioned to an enhanced operational mode and the first modem module performs a network attachment procedure to a first network using the first subscriber identity module; performing a second verification to verify active attachment of the first modem module to the first network in accordance with the network configuration information; providing the result of the second verificatiType: GrantFiled: May 1, 2020Date of Patent: October 12, 2021Assignee: Trustonic LimitedInventors: Chris Loreskär, Andrew Paul Mell
-
Patent number: 11025437Abstract: A method for post-manufacture certificate generation for an electronic device 4 comprises obtaining a public key from the electronic device 4, and enrolling the device in to a chain of trust provided by a public key infrastructure in which a child certificate is attested as valid by an attestor associated with a parent certificate in the chain. The enrolling comprises generating an electronic device certificate 30-I for the chain of trust using the public key 32 obtained from the electronic device. The enrolling is performed at an enrolment device 6 separate from the electronic device 4. The electronic device certificate 30-I is a descendant certificate of the enrolment device certificate 30-D associated with the enrolment device 6.Type: GrantFiled: August 28, 2018Date of Patent: June 1, 2021Assignee: Trustonic LimitedInventor: Chris Loreskar
-
Patent number: 10904015Abstract: A method of post-manufacture generation of the device certificate 20 for verifying an electronic device 2 according to a public key infrastructure is provided. The method comprises obtaining, at a certificate generating apparatus 40, a first key 42 associated with the device 2. A second key 22 for the electronic device is derived from the first key 42. The device certificate 20 for the PKI is generated with the second key acting as the public key 22 associated with the device certificate 20. In a corresponding way a private key 24 for the PKI can be generated by the electronic device 2 based on a shared first key 42. This approach enables the manufacturing cost for manufacturing an electronic device to be reduced whilst still enabling use of a PKI for attesting to properties of the device 2.Type: GrantFiled: August 31, 2018Date of Patent: January 26, 2021Assignee: Trustonic LimitedInventors: Chris Loreskar, Alec Milne Edgington, John Dent, Jan-Erik Gustav Ekberg
-
Patent number: 10856146Abstract: A method for verifying whether an electronic device is one of a group of known devices comprises receiving verification information indicative of a first device identifier accessible from storage circuitry by a predetermined process executed by the electronic device and a second device identifier inaccessible from the storage circuitry by the predetermined process. A device database retains valid pairings of the first and second device identifiers for the group of known devices. The device database is looked up based on the verification information to determine whether the first and second device identifiers correspond to one of the valid parings.Type: GrantFiled: February 5, 2018Date of Patent: December 1, 2020Assignee: Trustonic LimitedInventors: Chris Loreskar, Thomas Nyman
-
Publication number: 20200351652Abstract: A method for performing secure change of operational mode of a multi-SIM telecommunications device, the method comprising: enabling each of a plurality of modem modules of the telecommunications device in a limited operational mode; performing a first verification, by a first authentication module of a plurality of authentication modules of the telecommunications device, to verify the validity of a first subscriber identity module associated with a first modem module of the plurality of modem modules in accordance with network configuration information, wherein responsive to a positive first verification the first modem module is transitioned to an enhanced operational mode and the first modem module performs a network attachment procedure to a first network using the first subscriber identity module; performing a second verification to verify active attachment of the first modem module to the first network in accordance with the network configuration information; providing the result of the second verificatiType: ApplicationFiled: May 1, 2020Publication date: November 5, 2020Inventors: Chris LORESKÄR, Andrew Paul MELL
-
Patent number: 10789173Abstract: A method is provided for installing or updating software on an electronic device 2 comprising processing circuitry 4 and memory access circuitry 10 to control access to at least one memory unit 6, 8 in response to physically-addressed memory access requests issued by the processing circuitry specifying physical addresses from a physical address space. The method comprises performing an address layout varying process comprising: obtaining at least one seed value; in dependence on the at least one seed value, selecting one of a plurality of software address layouts for code or data associated with the software, each software address layout corresponding to a different layout of the code or data in the physical address space; and triggering the electronic device to write the code or data associated with the software to locations of said at least one memory unit corresponding to the selected software address layout.Type: GrantFiled: November 16, 2018Date of Patent: September 29, 2020Assignee: Trustonic LimitedInventors: Chris Loreskar, Nicholas Schutt, Thomas Nyman
-
Publication number: 20200296581Abstract: An authentication method is disclosed, the method comprising: receiving at least one request for an action in relation to an electronic device, wherein performance of the action requires verification of an association of a group of IDs specified by the request; verifying, via cryptographic verification, whether the group of IDs specified by the request match a cryptographically attested group of IDs associated with the electronic device, to determine whether the at least one request for an action is an authentic request; and, having determined the at least one request for an action is an authentic request, approving the at least one request, wherein the group of IDs comprises at least an Integrated Circuit Card Identifier (ICC ID) of a Subscriber Identity Module (SIM) of the electronic device and a device identifier associated with the electronic device.Type: ApplicationFiled: March 12, 2020Publication date: September 17, 2020Inventors: Chris LORESKAR, Florent JOUBERT
-
Publication number: 20200259668Abstract: A method for a device comprises enrolling a specified application installed on the device into a chain of trust provided by a private key infrastructure. In the chain of trust, a child certificate is attested as valid by an attestor associated with a parent certificate in the chain of trust. Enrolling includes generating an application certificate 20-A for verifying that the specified application is installed on the device 2. The application certificate is a descendant certificate of the device certificate associated with the device and the chain of trust.Type: ApplicationFiled: August 23, 2018Publication date: August 13, 2020Inventors: Chris LORESKAR, John DENT
-
Patent number: 10680812Abstract: A method for validating an electronic device 2 includes receiving attestation information provided by the electronic device 2 attesting that the electronic device 2 has received a plurality of event attestations. Each event attestation provides a cryptographically authenticated attestation to the occurrence of a respective event during a lifecycle of the electronic device. A validation result is determined that indicates whether the attestation information is valid. Providing separate cryptographically authenticated attestations for respective events in the lifecycle of the device can simplify manufacturing of the devices in a multistage manufacture process compared to an approach using a single device-specific attestation attesting that the entire process is trusted.Type: GrantFiled: November 21, 2017Date of Patent: June 9, 2020Assignee: Trustonic LimitedInventors: Richard Hayton, Chris Loreskar, Donald Kenneth Felton
-
Patent number: 10594493Abstract: A method of configuring a target domain providing a cryptographic identity for authenticating commands to be executed by an electronic device comprises receiving a domain configuration command, and authenticating the command based on a cryptographic identity provided by an authenticating domain which is an ancestor of the target domain in a hierarchical chain of trust. When authenticated, at least one target domain constraint specified by the command is combined with at least one future constraint specified by the authenticating domain to generate a combined constraint set to be satisfied by commands to be authenticated by the target domain. The combined constraint set is stored for the target domain. This approach provides a balance between security and scalability of the chain of trust.Type: GrantFiled: August 15, 2017Date of Patent: March 17, 2020Assignee: Trustonic LimitedInventors: Chris Loreskar, John Dent
-
Publication number: 20190289464Abstract: A network usage control method comprises receiving (S2, S5) a handset identifier (e.g. an IMEI number) of a requesting terminal device (2) seeking to use a mobile network (4); retrieving verification information (S7) for verifying an identity of an authorised terminal device associated with the handset identifier; verifying (S9), based on the verification information, whether the requesting terminal device (2) is the authorised terminal device; and controlling (S10, S11) usage of the mobile network by the requesting terminal ON device in dependence on whether the requesting terminal device is verified as the authorised terminal device. Cryptographic keys can be used to bind the handset identifier to a particular handset and verify that a device presenting a given handset identifier is actually the authorised handset for that handset identifier. This prevents thieves being able to circumvent blacklisted handset identifier of a stolen handset by cloning a valid handset identifier from another device.Type: ApplicationFiled: November 2, 2017Publication date: September 19, 2019Inventor: Chris LORESKAR
-
Publication number: 20190155743Abstract: A method is provided for installing or updating software on an electronic device 2 comprising processing circuitry 4 and memory access circuitry 10 to control access to at least one memory unit 6, 8 in response to physically-addressed memory access requests issued by the processing circuitry specifying physical addresses from a physical address space. The method comprises performing an address layout varying process comprising: obtaining at least one seed value; in dependence on the at least one seed value, selecting one of a plurality of software address layouts for code or data associated with the software, each software address layout corresponding to a different layout of the code or data in the physical address space; and triggering the electronic device to write the code or data associated with the software to locations of said at least one memory unit corresponding to the selected software address layout.Type: ApplicationFiled: November 16, 2018Publication date: May 23, 2019Inventors: Chris LORESKAR, Nicholas SCHUTT, Thomas NYMAN
-
Publication number: 20190074980Abstract: A method for post-manufacture certificate generation for an electronic device 4 comprises obtaining a public key from the electronic device 4, and enrolling the device in to a chain of trust provided by a public key infrastructure in which a child certificate is attested as valid by an attestor associated with a parent certificate in the chain. The enrolling comprises generating an electronic device certificate 30-I for the chain of trust using the public key 32 obtained from the electronic device. The enrolling is performed at an enrolment device 6 separate from the electronic device 4. The electronic device certificate 30-I is a descendant certificate of the enrolment device certificate 30-D associated with the enrolment device 6.Type: ApplicationFiled: August 28, 2018Publication date: March 7, 2019Inventor: Chris LORESKAR