Patents by Inventor Ernie F. Brickell
Ernie F. Brickell has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11343321Abstract: Disclosed in some examples are methods, systems, and machine readable mediums that provide for the configuration and provisioning of computing devices. In particular, computing devices with limited user interfaces, such as some IoT devices. The functionality of the IoT devices is thus improved to allow for more efficient, more secure, and faster configuration.Type: GrantFiled: December 2, 2020Date of Patent: May 24, 2022Assignee: Intel CorporationInventors: Ernie F. Brickell, Jesse R. Walker
-
Patent number: 11283602Abstract: Embodiments are directed to provisioning a general-use basis for authentication of a processor device. During manufacture, a hardware processor stores a secret value and shares a derived value produced based on the secret value with a secure service. These values may be used in a limited-use initial authentication process to authenticate the hardware processor. A general-use basis for authentication not so limited as the initial authentication process is established subsequent to the manufacture of the hardware processor. The general-use basis for authentication may include a public-private key pair, and is established upon successful completion of the initial authentication process. Authentication using the general-use process produces an authentication traceable to the manufacture of the hardware processor.Type: GrantFiled: April 2, 2020Date of Patent: March 22, 2022Assignee: Intel CorporationInventors: Ernie F. Brickell, Rachid El Bansarkhani
-
Publication number: 20210084106Abstract: Disclosed in some examples are methods, systems, and machine readable mediums that provide for the configuration and provisioning of computing devices. In particular, computing devices with limited user interfaces, such as some IoT devices. The functionality of the IoT devices is thus improved to allow for more efficient, more secure, and faster configuration.Type: ApplicationFiled: December 2, 2020Publication date: March 18, 2021Inventors: Ernie F. Brickell, Jesse R. Walker
-
Patent number: 10887398Abstract: Disclosed in some examples are methods, systems, and machine readable mediums that provide for the configuration and provisioning of computing devices. In particular, computing devices with limited user interfaces, such as some IoT devices. The functionality of the IoT devices is thus improved to allow for more efficient, more secure, and faster configuration.Type: GrantFiled: October 7, 2019Date of Patent: January 5, 2021Assignee: Intel CorporationInventors: Ernie F. Brickell, Jesse R. Walker
-
Patent number: 10833863Abstract: A computing device is provisioned to be remotely managed by a current owner. The device has an initial cryptographic basis of trust, and an owner identifier that facilitates establishment of communication with the current owner of the device. The ownership may change one or more times while the device may remain inoperative. Later, the device receives a transfer-of-ownership indication, which it verifies against the initial basis of trust to establish a new current owner. The device may then communicate with a device management service of the new current owner based on the transfer-of-ownership indication.Type: GrantFiled: July 1, 2016Date of Patent: November 10, 2020Assignee: Intel CorporationInventors: Ernie F. Brickell, Geoffrey H. Cooper
-
Patent number: 10826904Abstract: Embodiments are directed to a computing device having execution hardware including at least one processor core, and non-volatile memory that stores verification module and a private symmetric key unique to the computing device. The verification module, when executed on the execution hardware, causes the execution hardware to perform pre-execution local authenticity verification of externally-supplied code in response to a command to launch that code. The local authenticity verification includes computation of a cryptographic message authentication code (MAC) of the externally-supplied code based on the private symmetric key, and verification of the MAC against a stored local authenticity verification value previously written to the non-volatile memory. In response to a positive verification of the of the MAC, execution of the externally-supplied code is permitted.Type: GrantFiled: March 6, 2019Date of Patent: November 3, 2020Assignee: Intel CorporationInventor: Ernie F. Brickell
-
Publication number: 20200236541Abstract: Embodiments are directed to provisioning a general-use basis for authentication of a processor device. During manufacture, a hardware processor stores a secret value and shares a derived value produced based on the secret value with a secure service. These values may be used in a limited-use initial authentication process to authenticate the hardware processor. A general-use basis for authentication not so limited as the initial authentication process is established subsequent to the manufacture of the hardware processor. The general-use basis for authentication may include a public-private key pair, and is established upon successful completion of the initial authentication process. Authentication using the general-use process produces an authentication traceable to the manufacture of the hardware processor.Type: ApplicationFiled: April 2, 2020Publication date: July 23, 2020Inventors: Ernie F. Brickell, Rachid El Bansarkhani
-
Patent number: 10652732Abstract: Embodiments are directed to provisioning a general-use basis for authentication of a processor device. During manufacture, a hardware processor stores a secret value and shares a derived value produced based on the secret value with a secure service. These values may be used in a limited-use initial authentication process to authenticate the hardware processor. A general-use basis for authentication not so limited as the initial authentication process is established subsequent to the manufacture of the hardware processor. The general-use basis for authentication may include a public-private key pair, and is established upon successful completion of the initial authentication process. Authentication using the general-use process produces an authentication traceable to the manufacture of the hardware processor.Type: GrantFiled: February 24, 2016Date of Patent: May 12, 2020Assignee: Intel CorporationInventors: Ernie F. Brickell, Rachid El Bansarkhani
-
Publication number: 20200106837Abstract: Disclosed in some examples are methods, systems, and machine readable mediums that provide for the configuration and provisioning of computing devices. In particular, computing devices with limited user interfaces, such as some IoT devices. The functionality of the IoT devices is thus improved to allow for more efficient, more secure, and faster configuration.Type: ApplicationFiled: October 7, 2019Publication date: April 2, 2020Inventors: Ernie F. Brickell, Jesse R. Walker
-
Patent number: 10440122Abstract: Disclosed in some examples are methods, systems, and machine readable mediums that provide for the configuration and provisioning of computing devices. In particular, computing devices with limited user interfaces, such as some IoT devices. The functionality of the IoT devices is thus improved to allow for more efficient, more secure, and faster configuration.Type: GrantFiled: July 1, 2016Date of Patent: October 8, 2019Assignee: Intel CorporationInventors: Ernie F. Brickell, Jesse R. Walker
-
Patent number: 10257193Abstract: Embodiments are directed to a computing device having execution hardware including at least one processor core, and non-volatile memory that stores verification module and a private symmetric key unique to the computing device. The verification module, when executed on the execution hardware, causes the execution hardware to perform pre-execution local authenticity verification of externally-supplied code in response to a command to launch that code. The local authenticity verification includes computation of a cryptographic message authentication code (MAC) of the externally-supplied code based on the private symmetric key, and verification of the MAC against a stored local authenticity verification value previously written to the non-volatile memory. In response to a positive verification of the of the MAC, execution of the externally-supplied code is permitted.Type: GrantFiled: January 16, 2018Date of Patent: April 9, 2019Assignee: Intel CorporationInventor: Ernie F. Brickell
-
Patent number: 10250392Abstract: Systems and methods for using an arbitrary base value for EPID calculations are provided herein. A system to use arbitrary base values in enhanced privacy ID (EPID) calculation, where the system includes a microcontroller; and a memory coupled to the microcontroller; wherein the microcontroller is to: obtain an arbitrary value at a member device, the member device being a member of a group of member devices, each member device in the group of member devices having a unique private EPID key assigned from a pool of private keys, where any of the pool of private keys is able to sign content that is verifiable by a single group public key, and the arbitrary value being one of a time-based value or a usage-based value; construct an EPID base using the arbitrary value; and transmit content signed with the private key using the EPID base to a verifier.Type: GrantFiled: July 1, 2016Date of Patent: April 2, 2019Assignee: Intel CorporationInventor: Ernie F. Brickell
-
Publication number: 20180234417Abstract: Embodiments are directed to a computing device having execution hardware including at least one processor core, and non-volatile memory that stores verification module and a private symmetric key unique to the computing device. The verification module, when executed on the execution hardware, causes the execution hardware to perform pre-execution local authenticity verification of externally-supplied code in response to a command to launch that code. The local authenticity verification includes computation of a cryptographic message authentication code (MAC) of the externally-supplied code based on the private symmetric key, and verification of the MAC against a stored local authenticity verification value previously written to the non-volatile memory. In response to a positive verification of the of the MAC, execution of the externally-supplied code is permitted.Type: ApplicationFiled: January 16, 2018Publication date: August 16, 2018Inventor: Ernie F. Brickell
-
Patent number: 9900310Abstract: Embodiments are directed to a computing device having execution hardware including at least one processor core, and non-volatile memory that stores verification module and a private symmetric key unique to the computing device. The verification module, when executed on the execution hardware, causes the execution hardware to perform pre-execution local authenticity verification of externally-supplied code in response to a command to launch that code. The local authenticity verification includes computation of a cryptographic message authentication code (MAC) of the externally-supplied code based on the private symmetric key, and verification of the MAC against a stored local authenticity verification value previously written to the non-volatile memory. In response to a positive verification of the of the MAC, execution of the externally-supplied code is permitted.Type: GrantFiled: February 24, 2016Date of Patent: February 20, 2018Assignee: Intel CorporationInventor: Ernie F. Brickell
-
Publication number: 20180007140Abstract: Disclosed in some examples are methods, systems, and machine readable mediums that provide for the configuration and provisioning of computing devices. In particular, computing devices with limited user interfaces, such as some IoT devices. The functionality of the IoT devices is thus improved to allow for more efficient, more secure, and faster configuration.Type: ApplicationFiled: July 1, 2016Publication date: January 4, 2018Inventors: Ernie F. Brickell, Jesse R. Walker
-
Publication number: 20170250814Abstract: A computing device is provisioned to be remotely managed by a current owner. The device has an initial cryptographic basis of trust, and an owner identifier that facilitates establishment of communication with the current owner of the device. The ownership may change one or more times while the device may remain inoperative. Later, the device receives a transfer-of-ownership indication, which it verifies against the initial basis of trust to establish a new current owner. The device may then communicate with a device management service of the new current owner based on the transfer-of-ownership indication.Type: ApplicationFiled: July 1, 2016Publication date: August 31, 2017Inventors: Ernie F. Brickell, Geoffrey H. Cooper
-
Publication number: 20170244704Abstract: Embodiments are directed to a computing device having execution hardware including at least one processor core, and non-volatile memory that stores verification module and a private symmetric key unique to the computing device. The verification module, when executed on the execution hardware, causes the execution hardware to perform pre-execution local authenticity verification of externally-supplied code in response to a command to launch that code. The local authenticity verification includes computation of a cryptographic message authentication code (MAC) of the externally-supplied code based on the private symmetric key, and verification of the MAC against a stored local authenticity verification value previously written to the non-volatile memory. In response to a positive verification of the of the MAC, execution of the externally-supplied code is permitted.Type: ApplicationFiled: February 24, 2016Publication date: August 24, 2017Inventor: Ernie F. Brickell
-
Publication number: 20170244568Abstract: Embodiments are directed to provisioning a general-use basis for authentication of a processor device. During manufacture, a hardware processor stores a secret value and shares a derived value produced based on the secret value with a secure service. These values may be used in a limited-use initial authentication process to authenticate the hardware processor. A general-use basis for authentication not so limited as the initial authentication process is established subsequent to the manufacture of the hardware processor. The general-use basis for authentication may include a public-private key pair, and is established upon successful completion of the initial authentication process. Authentication using the general-use process produces an authentication traceable to the manufacture of the hardware processor.Type: ApplicationFiled: February 24, 2016Publication date: August 24, 2017Inventors: Ernie F. Brickell, Rachid El Bansarkhani
-
Patent number: 9208292Abstract: Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction.Type: GrantFiled: March 15, 2013Date of Patent: December 8, 2015Assignee: Intel CorporationInventors: Sham M. Datta, Ernie F. Brickell, Mohan J. Kumar
-
Patent number: 9202015Abstract: Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction.Type: GrantFiled: December 31, 2009Date of Patent: December 1, 2015Assignee: Intel CorporationInventors: Sham M. Datta, Ernie F. Brickell, Mohan J. Kumar