Patents by Inventor Curtis Gerald Condra
Curtis Gerald Condra has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9875368Abstract: A trusted execution environment (TEE) of a computing device may receive an operation request requiring use of a protected data accessible only to the TEE. Responsive to receiving the operation request, the TEE may generate first data. The computing device may send the first data to a remote computing device. Responsive to sending the first data, the TEE may receive second data. The TEE may validate the second data to verify the remote computing device generated the second data. Responsive to validating the second data was generated by the remote computing device, the TEE may perform the requested operation using the protected data.Type: GrantFiled: June 7, 2017Date of Patent: January 23, 2018Assignee: Google LLCInventors: Shawn Willden, Curtis Gerald Condra
-
Patent number: 9871786Abstract: The method of authenticating the source of a communication is disclosed. The method includes executing a clock for an operation period. The method also includes receiving a communication from a remote device at a communication time corresponding to a time interval of a plurality of time intervals sequentially covering the operation period. Each time interval has an associated authentication value. The communication includes a commitment value. The method also includes determining whether the commitment value matches the authentication value associated with the time interval corresponding to the communication time. The method also includes processing the communication when the commitment value matches the authentication value associated with the time interval corresponding to the communication time.Type: GrantFiled: July 23, 2015Date of Patent: January 16, 2018Assignee: Google LLCInventor: Curtis Gerald Condra
-
Patent number: 9736140Abstract: Described is a process for securely authorizing access to media content from a first device to a second device. Access to content may be authorized by performing authentication from the first device. Information used for authentication (e.g. login information) is not shared with the second device. Instead, a token may be used to authenticate the second device. The authorization process may be done in a secure manner by sharing only the generated token with the second device. Authentication information may not be derived from the token, and accordingly, even if the second device is not secure or the token is exposed, authentication information remains secure.Type: GrantFiled: April 25, 2016Date of Patent: August 15, 2017Assignee: Google Inc.Inventors: Huahui Wu, Nicolas Catania, Curtis Gerald Condra
-
Patent number: 9710652Abstract: A user-provided keystore may be utilized in a boot process to verify a boot image as disclosed herein. A device may be determined to be in a locked or verified state. A selected keystore may be determined to not verify against a first key such as a root key. A user may provide a keystore to a device. The system may display a prompt to the user which asks whether the user would like to continue to boot or not, if the system determines that the keystore does not verify against the first key. The user may respond to the prompt by indicating a desire to continue booting. The system may determine that the boot image verifies against the keystore and finish booting the device. Thus, the prompt may alert the user to a threat to the integrity of the boot process or device.Type: GrantFiled: November 20, 2015Date of Patent: July 18, 2017Assignee: Google Inc.Inventors: Curtis Gerald Condra, Adrian Ludwig, Colin Cross, Kenneth Root
-
Patent number: 9697371Abstract: A trusted execution environment (TEE) of a computing device may receive an operation request requiring use of a protected data accessible only to the TEE. Responsive to receiving the operation request, the TEE may generate first data. The computing device may send the first data to a remote computing device. Responsive to sending the first data, the TEE may receive second data. The TEE may validate the second data to verify the remote computing device generated the second data. Responsive to validating the second data was generated by the remote computing device, the TEE may perform the requested operation using the protected data.Type: GrantFiled: June 30, 2015Date of Patent: July 4, 2017Assignee: Google Inc.Inventors: Shawn Willden, Curtis Gerald Condra
-
Publication number: 20170026370Abstract: The method of authenticating the source of a communication is disclosed. The method includes executing a clock for an operation period. The method also includes receiving a communication from a remote device at a communication time corresponding to a time interval of a plurality of time intervals sequentially covering the operation period. Each time interval has an associated authentication value. The communication includes a commitment value. The method also includes determining whether the commitment value matches the authentication value associated with the time interval corresponding to the communication time. The method also includes processing the communication when the commitment value matches the authentication value associated with the time interval corresponding to the communication time.Type: ApplicationFiled: July 23, 2015Publication date: January 26, 2017Applicant: Google Inc.Inventor: Curtis Gerald Condra
-
Patent number: 9323916Abstract: Described is a process for securely authorizing access to media content from a first device to a second device. Access to content may be authorized by performing authentication from the first device. Information used for authentication (e.g. login information) is not shared with the second device. Instead, a token may be used to authenticate the second device. The authorization process may be done in a secure manner by sharing only the generated token with the second device. Authentication information may not be derived from the token, and accordingly, even if the second device is not secure or the token is exposed, authentication information remains secure.Type: GrantFiled: February 14, 2013Date of Patent: April 26, 2016Assignee: Google Inc.Inventors: Huahui Wu, Nicolas Catania, Curtis Gerald Condra
-
Patent number: 9275006Abstract: A method for updating configuration information includes, in a computing device including a processor, memory, and an operating system, initiating an update to at least one configuration setting of the computing device. The update may be downloaded from at least one update data source. The update may include configuration update data and configuration update metadata. The update may be verified by comparing the configuration update metadata with metadata associated with a current version of the at least one configuration setting. The update may be installed if it is verified. The update to the at least one configuration setting may be installed based on an intent from an unsecure component of the computing device. The unsecure component may include content consuming application installed on the device, a component of a computing platform of the device, and/or an update-seeker application installed on the device.Type: GrantFiled: December 18, 2012Date of Patent: March 1, 2016Assignee: Google Inc.Inventors: Adrian L. Ludwig, Curtis Gerald Condra, IV, Nicholas Neil Kralevich, IV
-
Patent number: 9195831Abstract: A user-provided keystore may be utilized in a boot process to verify a boot image as disclosed herein. A device may be determined to be in a locked or verified state. A selected keystore may be determined to not verify against a first key such as a root key. A user may provide a keystore to a device. The system may display a prompt to the user which asks whether the user would like to continue to boot or not, if the system determines that the keystore does not verify against the first key. The user may respond to the prompt by indicating a desire to continue booting. The system may determine that the boot image verifies against the keystore and finish booting the device. Thus, the prompt may alert the user to a threat to the integrity of the boot process or device.Type: GrantFiled: May 2, 2014Date of Patent: November 24, 2015Assignee: GOOGLE INC.Inventors: Curtis Gerald Condra, Adrian Ludwig, Colin Cross, Kenneth Root
-
Patent number: 9117072Abstract: A method may include, in a computing device including a processor, memory, an operating system, and at least one installed application, detecting an attempted exploitation of at least one known vulnerability associated with the device. The attempted exploitation may be logged. At least one remedial action may be performed on the device based on the logged attempted exploitation. The known vulnerability may be associated with the operating system and/or the at least one installed application. The at least one known vulnerability may include one or more of at least one known coding flaw in the operating system or in the at least one installed application, at least one known weakness in a protocol running on the computing device, a known family of coding flaws in the operating system or in the at least one installed application, an unauthorized triggering of premium SMS services, and/or triggering of a hostile misconfiguration.Type: GrantFiled: December 18, 2012Date of Patent: August 25, 2015Assignee: Google Inc.Inventors: Adrian L. Ludwig, Curtis Gerald Condra, IV, Nicholas Neil Kralevich, IV
-
Publication number: 20140123285Abstract: A method may include, in a computing device including a processor, memory, an operating system, and at least one installed application, detecting an attempted exploitation of at least one known vulnerability associated with the device. The attempted exploitation may be logged. At least one remedial action may be performed on the device based on the logged attempted exploitation. The known vulnerability may be associated with the operating system and/or the at least one installed application. The at least one known vulnerability may include one or more of at least one known coding flaw in the operating system or in the at least one installed application, at least one known weakness in a protocol running on the computing device, a known family of coding flaws in the operating system or in the at least one installed application, an unauthorized triggering of premium SMS services, and/or triggering of a hostile misconfiguration.Type: ApplicationFiled: December 18, 2012Publication date: May 1, 2014Inventors: Adrian L. Ludwig, Curtis Gerald Condra, IV, Nicholas Neil Kralevich, IV
-
Publication number: 20140122862Abstract: A method for updating configuration information includes, in a computing device including a processor, memory, and an operating system, initiating an update to at least one configuration setting of the computing device. The update may be downloaded from at least one update data source. The update may include configuration update data and configuration update metadata. The update may be verified by comparing the configuration update metadata with metadata associated with a current version of the at least one configuration setting. The update may be installed if it is verified. The update to the at least one configuration setting may be installed based on an intent from an unsecure component of the computing device. The unsecure component may include content consuming application installed on the device, a component of a computing platform of the device, and/or an update-seeker application installed on the device.Type: ApplicationFiled: December 18, 2012Publication date: May 1, 2014Inventors: Adrian L. Ludwig, Curtis Gerald Condra, IV, Nicholas Neil Kralevich, IV
-
Patent number: 8613094Abstract: An application distribution server may be operable to perform an application distribution process for an application, where the application distribution process may comprise a plurality of phases. The plurality of phases may comprise, in sequence, a developer account creation phase, a risk assessment phase, an application upload phase, an application publication phase, an application promotion phase and an application download phase. The application distribution server may detect, at each of the plurality of phases, whether a particular behavior corresponding to use of the application to distribute undesirable software may occur. In instances when an occurrence of the particular behavior is detected at a certain phase in the application distribution process, the application distribution server may continue, utilizing a trap system, one or more subsequent phases after the certain phase for the application, without communicating information on the detection of the occurrence of the particular behavior.Type: GrantFiled: December 17, 2012Date of Patent: December 17, 2013Assignee: Google Inc.Inventors: Nico Falliere, Richard Cannings, Joseph Benjamin Gruver, Jonathan Bruce Larimer, Sebastian Johannes Porst, Curtis Gerald Condra, Adrian Ludwig
-
Patent number: 8505102Abstract: Systems, methods, routines and/or techniques for time delay on services (e.g., verification services) that detect undesirable content are described. In some embodiments, a flexible verification service prevents users (e.g., hackers) from using the verification service “as an oracle” to predict whether the user's application or software program will be detected by the verification service. The verification service, after receiving a verification request from a client device, may delay or prevent the communication of a verification response to the client device. The verification service may evaluate a verification request to determine a level of risk associated with the request. The verification service may communicate an initial response to the client device that submitted the verification request. The verification service may eventually communicate the verification response to the client device, for example, after a period of delay.Type: GrantFiled: January 14, 2013Date of Patent: August 6, 2013Assignee: Google Inc.Inventors: Richard Cannings, Kenneth Root, Sebastian Johannes Porst, Curtis Gerald Condra, Nicholas Neil Kralevich, IV, Adrian Ludwig, Peter Valchev