Patents by Inventor Felix Domke
Felix Domke has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240071543Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.Type: ApplicationFiled: July 13, 2023Publication date: February 29, 2024Applicant: Microsoft Technology Licensing, LLCInventors: Ling Tony CHEN, Felix DOMKE, Ankur CHOUDHARY, Bradley Joseph LITTERELL
-
Patent number: 11860999Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state including a PIN-attempt-failure count and a fuse count, read from off-die NV memory. During initialization, if the blown-fuse count is greater than TPM state fuse count, TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. A PIN is received for access, and if the TPM state PIN-attempt-failure count satisfies a policy, a fuse is blown and the blown-fuse count incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds and the PIN is correct, the TPM state PIN-attempt-failure count is cleared, but if the PIN is incorrect the TPM state PIN-attempt-failure count is incremented. TPM state fuse count is set equal to the blown-fuse count, and the TPM state is saved to off-die NV memory.Type: GrantFiled: March 31, 2021Date of Patent: January 2, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Ling Tony Chen, Felix Domke, Ankur Choudhary, Bradley Joseph Litterell
-
Patent number: 11776646Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.Type: GrantFiled: March 18, 2022Date of Patent: October 3, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Ling Tony Chen, Felix Domke, Ankur Choudhary, Bradley Joseph Litterell
-
Patent number: 11742041Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.Type: GrantFiled: March 18, 2022Date of Patent: August 29, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Ling Tony Chen, Felix Domke, Ankur Choudhary, Bradley Joseph Litterell
-
Publication number: 20230237154Abstract: A TPM is implemented in an SOC for thwarting PIN state replay attacks. Programmable fuses are used as a counter and an on-die RAM stores a blown-fuse count and a TPM state that includes a PIN-failure count and a fuse count. TPM initialization includes incrementing the TPM state PIN-failure count if the blown-fuse count is greater than the TPM state fuse count. Once a PIN is received, if the TPM state PIN-failure count satisfies a PIN failure policy and the PIN is correct, the TPM state PIN-failure count is cleared, and if the PIN is incorrect, a fuse is blown and the blown-fuse count is incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds, the TPM state PIN-failure count is incremented and the TPM state fuse count is set equal to the blown-fuse count. The TPM state is saved to off-die non-volatile memory.Type: ApplicationFiled: March 24, 2023Publication date: July 27, 2023Applicant: Microsoft Technology Licensing, LLCInventors: Ling Tony CHEN, Felix DOMKE, Ankur CHOUDHARY, Bradley Joseph LITTERELL
-
Patent number: 11615187Abstract: A TPM is implemented in an SOC for thwarting PIN state replay attacks. Programmable fuses are used as a counter and an on-die RAM stores a blown-fuse count and a TPM state that includes a PIN-failure count and a fuse count. TPM initialization includes incrementing the TPM state PIN-failure count if the blown-fuse count is greater than the TPM state fuse count. Once a PIN is received, if the TPM state PIN-failure count satisfies a PIN failure policy and the PIN is correct, the TPM state PIN-failure count is cleared, and if the PIN is incorrect, a fuse is blown and the blown-fuse count is incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds, the TPM state PIN-failure count is incremented and the TPM state fuse count is set equal to the blown-fuse count. The TPM state is saved to off-die non-volatile memory.Type: GrantFiled: March 31, 2021Date of Patent: March 28, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Ling Tony Chen, Felix Domke, Ankur Choudhary, Bradley Joseph Litterell
-
Publication number: 20220336033Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.Type: ApplicationFiled: March 18, 2022Publication date: October 20, 2022Applicant: Microsoft Technology Licensing, LLCInventors: Ling Tony CHEN, Felix DOMKE, Ankur CHOUDHARY, Bradley Joseph LITTERELL
-
Publication number: 20220318405Abstract: A TPM is implemented in an SOC for thwarting PIN state replay attacks. Programmable fuses are used as a counter and an on-die RAM stores a blown-fuse count and a TPM state that includes a PIN-failure count and a fuse count. TPM initialization includes incrementing the TPM state PIN-failure count if the blown-fuse count is greater than the TPM state fuse count. Once a PIN is received, if the TPM state PIN-failure count satisfies a PIN failure policy and the PIN is correct, the TPM state PIN-failure count is cleared, and if the PIN is incorrect, a fuse is blown and the blown-fuse count is incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds, the TPM state PIN-failure count is incremented and the TPM state fuse count is set equal to the blown-fuse count. The TPM state is saved to off-die non-volatile memory.Type: ApplicationFiled: March 31, 2021Publication date: October 6, 2022Inventors: Ling Tony CHEN, Felix DOMKE, Ankur CHOUDHARY, Bradley Joseph LITTERELL
-
Publication number: 20220318375Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state including a PIN-attempt-failure count and a fuse count, read from off-die NV memory. During initialization, if the blown-fuse count is greater than TPM state fuse count, TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. A PIN is received for access, and if the TPM state PIN-attempt-failure count satisfies a policy, a fuse is blown and the blown-fuse count incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds and the PIN is correct, the TPM state PIN-attempt-failure count is cleared, but if the PIN is incorrect the TPM state PIN-attempt-failure count is incremented. TPM state fuse count is set equal to the blown-fuse count, and the TPM state is saved to off-die NV memory.Type: ApplicationFiled: March 31, 2021Publication date: October 6, 2022Inventors: Ling Tony CHEN, Felix DOMKE, Ankur CHOUDHARY, Bradley Joseph LITTERELL
-
Patent number: 11302411Abstract: A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state read from off-die NV memory. During initialization, if the blown-fuse count is greater than a TPM state fuse count, a TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. If a PIN satisfies a PIN failure policy, and if a TPM state previously-passed-PIN indicator is set to true, a fuse is blown and the blown-fuse count incremented depending on the PIN being incorrect, but if the TPM state previously-passed-PIN indicator is set to false, a fuse is blown and the blown-fuse count incremented independent of whether the PIN is correct or incorrect. The TPM state fuse count is set equal to the blown-fuse count. If a counter cleared before processing the PIN remains cleared during the next initialization, a fuse voltage cut is detected and a penalty imposed.Type: GrantFiled: March 31, 2021Date of Patent: April 12, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Ling Tony Chen, Felix Domke, Ankur Choudhary, Bradley Joseph Litterell
-
Patent number: 9916452Abstract: A device-local key derivation scheme generates, during a first boot session for an electronic device, a sealing key that is derived at least in part from a device-generated random seed and an internal secret that is unique to the electronic device. After generating the sealing key, access to the internal secret is disabled for a remainder of the first boot session and until a second boot session is initiated. At runtime, the sealing key is used to sign a module manifest that describes the software that is authorized to access the sealing key, and the module manifest containing the sealing key is persisted in non-volatile memory of the electronic device. The module manifest can be used to validate software during a subsequent boot session and to authorize software updates on the electronic device without relying on an external entity or external information to protect on-device secrets.Type: GrantFiled: May 18, 2016Date of Patent: March 13, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Felix Domke, Ling Tony Chen
-
Publication number: 20170337380Abstract: A device-local key derivation scheme generates, during a first boot session for an electronic device, a sealing key that is derived at least in part from a device-generated random seed and an internal secret that is unique to the electronic device. After generating the sealing key, access to the internal secret is disabled for a remainder of the first boot session and until a second boot session is initiated. At runtime, the sealing key is used to sign a module manifest that describes the software that is authorized to access the sealing key, and the module manifest containing the sealing key is persisted in non-volatile memory of the electronic device. The module manifest can be used to validate software during a subsequent boot session and to authorize software updates on the electronic device without relying on an external entity or external information to protect on-device secrets.Type: ApplicationFiled: May 18, 2016Publication date: November 23, 2017Inventors: Felix Domke, Ling Tony Chen
-
Patent number: 9716708Abstract: A system-on-chip (SoC) includes multiple hardware modules that are implemented on a substrate. The hardware modules include a plurality of hardware and software security features and the SoC provides one or more external interfaces for accessing the security features. A validation module, implemented in the boot code of the SoC for example, manages security certificates to control access to the plurality of security features. Each security certificate includes one or more unique identifiers corresponding to one or more hardware modules in the SoC and access control settings for one or more security features of the one or more hardware modules. The security certificate additionally includes a certificate signature signed by a secure key.Type: GrantFiled: September 13, 2013Date of Patent: July 25, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Michael Love, Ling Tony Chen, Felix Domke, Kenneth Ray
-
Patent number: 9589590Abstract: Disclosed are techniques and systems for manufacturing an optical disc having a stochastic (i.e., non-deterministic) anti-piracy feature in the form of a multi-spiral structure, and for verifying the feature on the optical disc to authenticate the disc for playback. The multi-spiral structure may be comprised of multiple partially interleaved, and partially overlapping, spiral data tracks formed in a designated area of the optical disc. A process of forming the multi-spiral structure may include forming, in the designated area, a first spiral data track with first track pitch and a second spiral data track with second track pitch that is different than the first track pitch. The multi-spiral structure may be analyzed to determine verification parameters for verifying the multi-spiral structure, and those verification parameters may be encrypted so that they may be subsequently decrypted and used to verify the multi-spiral structure on a disc reading device.Type: GrantFiled: September 30, 2014Date of Patent: March 7, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Felix Domke, Kenneth M McGrail
-
Publication number: 20160093324Abstract: Disclosed are techniques and systems for manufacturing an optical disc having a stochastic (i.e., non-deterministic) anti-piracy feature in the form of a multi-spiral structure, and for verifying the feature on the optical disc to authenticate the disc for playback. The multi-spiral structure may be comprised of multiple partially interleaved, and partially overlapping, spiral data tracks formed in a designated area of the optical disc. A process of forming the multi-spiral structure may include forming, in the designated area, a first spiral data track with first track pitch and a second spiral data track with second track pitch that is different than the first track pitch. The multi-spiral structure may be analyzed to determine verification parameters for verifying the multi-spiral structure, and those verification parameters may be encrypted so that they may be subsequently decrypted and used to verify the multi-spiral structure on a disc reading device.Type: ApplicationFiled: September 30, 2014Publication date: March 31, 2016Inventors: Felix Domke, Kenneth M McGrail
-
Publication number: 20150082420Abstract: A SoC includes multiple hardware modules that are implemented on a substrate. The hardware modules include a plurality of hardware and software security features and the SoC provides one or more external interfaces for accessing the security features. A validation module, implemented in the boot code of the SoC for example, manages security certificates to control access to the plurality of security features. Each security certificate includes one or more unique identifiers corresponding to one or more hardware modules in the SoC and access control settings for one or more security features of the one or more hardware modules. The security certificate additionally includes a certificate signature signed by a secure key.Type: ApplicationFiled: September 13, 2013Publication date: March 19, 2015Applicant: Microsoft CorporationInventors: Michael Love, Ling Tony Chen, Felix Domke, Kenneth Ray