Patents by Inventor Randall Spangler
Randall Spangler has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220179960Abstract: A computing system is described for securely verifying system firmware and recovery firmware to ensure system integrity without relying on a manufacturer's proprietary verification process, hardware-specific keys, or inherent write-protection features of system memory. In aspects, the computing system utilizes a security processor that maintains firmware management parameters that define a process for verifying firmware and recovery firmware independent of an integrated circuit manufacturer's Mask ROM (read-only-memory) verification process. The security processor ensures that the firmware or recovery firmware is signed appropriately and consistent with previously executed versions, or if different, produces verification results (e.g., generated hash values) that are consistent with expected results embedded in the firmware, at compile time.Type: ApplicationFiled: June 10, 2019Publication date: June 9, 2022Applicant: Google LLCInventor: Randall Spangler
-
Publication number: 20220116776Abstract: Methods, systems, apparatus, and computer-readable storage devices for anonymous device authentication. A method includes: accessing, by the electronic device, data stored by the electronic device that identifies authentication keys the electronic device accepts as valid; sending, by the electronic device to a second electronic device, an authentication request that identifies a set of authentication keys including at least some of authentication keys the electronic device accepts as valid; and receiving, by the electronic device, response data that the second electronic device provides in response to the authentication request. The response data (i) identifies a particular authentication key from the set of authentication keys identified by the authentication request, and (ii) includes a signature generated using the particular authentication key.Type: ApplicationFiled: June 30, 2020Publication date: April 14, 2022Inventors: Randall Spangler, Kiavash Faraji
-
Patent number: 11062032Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.Type: GrantFiled: November 6, 2018Date of Patent: July 13, 2021Assignee: GOOGLE LLCInventors: Gaurav Shah, William A. Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
-
Publication number: 20190087583Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.Type: ApplicationFiled: November 6, 2018Publication date: March 21, 2019Inventors: Gaurav Shah, William A. Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
-
Patent number: 10127384Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.Type: GrantFiled: October 26, 2016Date of Patent: November 13, 2018Assignee: GOOGLE LLCInventors: Gaurav Shah, William A. Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
-
Publication number: 20170109533Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.Type: ApplicationFiled: October 26, 2016Publication date: April 20, 2017Inventors: Gaurav SHAH, William A. DREWRY, Randall SPANGLER, Ryan TABONE, Sumit GWALANI, Luigi SEMENZATO
-
Patent number: 9483647Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.Type: GrantFiled: July 14, 2014Date of Patent: November 1, 2016Assignee: Google Inc.Inventors: Gaurav Shah, William Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
-
Patent number: 9251336Abstract: To provide a secure installation and execution software environment, locked version numbers are maintained. A locked version number associated with a software program may be stored. When a request is received to update the software program with an update package, a package number of the update package may be compared to the locked version number. The software program may be updated with the update package if the package number is at least as recent as the locked version number, and the updating of the software program with the update package may be restricted if the package number is earlier than the locked version number.Type: GrantFiled: April 14, 2014Date of Patent: February 2, 2016Assignee: Google Inc.Inventors: Luigi Semenzato, William Alexander Drewry, Gaurav Shah, Randall Spangler, Sumit Gwalani
-
Publication number: 20150012738Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.Type: ApplicationFiled: July 14, 2014Publication date: January 8, 2015Inventors: Gaurav Shah, William Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
-
Patent number: 8812854Abstract: A computer-implemented method for verifying a boot process of a computing system includes reading, by the computing system during the boot process, a header section of a read-write portion of firmware of the computing system. The method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header, and decrypting, using a first public-key, an encrypted signature corresponding to the header. The method further includes comparing the message digest corresponding with the header and the decrypted signature corresponding to the header. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header match, the boot process is continued. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header do not match, the boot process is halted.Type: GrantFiled: October 12, 2010Date of Patent: August 19, 2014Assignee: Google Inc.Inventors: Gaurav Shah, William Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
-
Patent number: 8745612Abstract: To provide a secure installation and execution software environment, locked version numbers are maintained. A locked version number associated with a software program may be stored. When a request is received to update the software program with an update package, a package number of the update package may be compared to the locked version number. The software program may be updated with the update package if the package number is at least as recent as the locked version number, and the updating of the software program with the update package may be restricted if the package number is earlier than the locked version number.Type: GrantFiled: January 14, 2011Date of Patent: June 3, 2014Assignee: Google Inc.Inventors: Luigi Semenzato, William Alexander Drewry, Gaurav Shah, Randall Spangler, Sumit Gwalani
-
Patent number: 8612800Abstract: Methods and apparatus for implementing a recovery mode procedure for a computing device are disclosed. An example method includes determining, by a computing device, that a recovery mode procedure is to be executed on the computing device. The example method further includes, determining whether a trusted recovery image is accessible to the computing device and, in the event the trusted recovery image is accessible to the computing device, executing the recovery mode procedure to repair or replace a current image of the computing device using the trusted recovery image. In the event the trusted recovery image is not accessible to the computing device, the example method includes, providing instructions for obtaining the trusted recovery image, determining the obtained trusted recovery image is accessible to the computing device and executing the recovery mode procedure to repair or replace the current image of the computing device using the obtained trusted recovery image.Type: GrantFiled: October 13, 2010Date of Patent: December 17, 2013Assignee: Google Inc.Inventors: David Hendricks, Ryan Tabone, Linus Upson, Randall Spangler
-
Patent number: 8473781Abstract: Methods and apparatus for implementing a recovery mode procedure for a computing device are disclosed. In an example method, a computing device is configured to receive a first indication, the first indication indicating that instructions for implementing a recovery mode are to be executed. The instructions to implement the recovery mode are executed in response to receiving the first indication. Implementing the recovery mode includes receiving a second indication and, based on the second indication, performing one of a first process that includes replacing current operating system software of the computing device and removing user data from the computing device with a trusted version of operating system software of the computing device or a second process that includes replacing current operating system software of the computing device with the trusted version of operating system software of the computing device and retaining user data on the computing device.Type: GrantFiled: April 17, 2012Date of Patent: June 25, 2013Assignee: Google Inc.Inventors: David Hendricks, Ryan Tabone, Linus Upson, Randall Spangler
-
Publication number: 20110087920Abstract: Methods and apparatus for implementing a recovery mode procedure for a computing device are disclosed. An example method includes determining, by a computing device, that a recovery mode procedure is to be executed on the computing device. The example method further includes, determining whether a trusted recovery image is accessible to the computing device and, in the event the trusted recovery image is accessible to the computing device, executing the recovery mode procedure to repair or replace a current image of the computing device using the trusted recovery image. In the event the trusted recovery image is not accessible to the computing device, the example method includes, providing instructions for obtaining the trusted recovery image, determining the obtained trusted recovery image is accessible to the computing device and executing the recovery mode procedure to repair or replace the current image of the computing device using the obtained trusted recovery image.Type: ApplicationFiled: October 13, 2010Publication date: April 14, 2011Applicant: GOOGLE INC.Inventors: David Hendricks, Ryan Tabone, Linus Upson, Randall Spangler
-
Publication number: 20110087872Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.Type: ApplicationFiled: October 12, 2010Publication date: April 14, 2011Inventors: Gaurav Shah, William Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato