Patents by Inventor William Drewry
William Drewry has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11062032Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.Type: GrantFiled: November 6, 2018Date of Patent: July 13, 2021Assignee: GOOGLE LLCInventors: Gaurav Shah, William A. Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
-
Patent number: 10740494Abstract: The present disclosure describes use of two security processors for a mobile device. In some aspects, a first security processor device embodied in a security component of an apparatus receives a user input via an input device and transmits a security condition signal to a second security processor device embodied in a System on Chip (SoC) component of the apparatus, causing the SoC component to perform a security operation. In other aspects, the first security processor receives a signal via a sensor device sensing environmental conditions surrounding the apparatus and, in response, transmits a security condition signal to the second security processor, causing the SoC component to perform a security operation. The security operation is directly controlled, maintained, and implemented by the second security processor embodied in the SoC component.Type: GrantFiled: September 6, 2017Date of Patent: August 11, 2020Assignee: Google LLCInventors: Osman Koyuncu, William A. Drewry, Xiaowen Xin
-
Publication number: 20190087583Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.Type: ApplicationFiled: November 6, 2018Publication date: March 21, 2019Inventors: Gaurav Shah, William A. Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
-
Publication number: 20190073491Abstract: The present disclosure describes use of two security processors for a mobile device. In some aspects, a first security processor device embodied in a security component of an apparatus receives a user input via an input device and transmits a security condition signal to a second security processor device embodied in a System on Chip (SoC) component of the apparatus, causing the SoC component to perform a security operation. In other aspects, the first security processor receives a signal via a sensor device sensing environmental conditions surrounding the apparatus and, in response, transmits a security condition signal to the second security processor, causing the SoC component to perform a security operation. The security operation is directly controlled, maintained, and implemented by the second security processor embodied in the SoC component.Type: ApplicationFiled: September 6, 2017Publication date: March 7, 2019Applicant: Google LLCInventors: Osman Koyuncu, William Drewry, Xiaowen Xin
-
Patent number: 10127384Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.Type: GrantFiled: October 26, 2016Date of Patent: November 13, 2018Assignee: GOOGLE LLCInventors: Gaurav Shah, William A. Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
-
Publication number: 20170109533Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.Type: ApplicationFiled: October 26, 2016Publication date: April 20, 2017Inventors: Gaurav SHAH, William A. DREWRY, Randall SPANGLER, Ryan TABONE, Sumit GWALANI, Luigi SEMENZATO
-
Patent number: 9483647Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.Type: GrantFiled: July 14, 2014Date of Patent: November 1, 2016Assignee: Google Inc.Inventors: Gaurav Shah, William Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
-
Patent number: 9256743Abstract: Systems and methods for remote an enterprise policy/client configuration installation for client computing devices are provided. In some aspects, a method includes receiving, on a client computing device, via a network, a message including an updated enterprise policy/client configuration associated with an operating system and a signature. The signature identifies a source of the message. The method also includes authenticating the message based on the signature. The method also includes installing the updated an enterprise policy/client configuration. At least a first portion of an enterprise policy/client configuration is configured not to be updatable without receiving the message via the network.Type: GrantFiled: July 18, 2012Date of Patent: February 9, 2016Assignee: Google Inc.Inventors: Mattias Stefan Nissler, William A. Drewry, Christopher Masone, Sumit Gwalani
-
Patent number: 9191382Abstract: Methods and apparatus for authenticating computing device users are disclosed. An example method includes, providing, on a display device of a computing device, a graphical user interface (GUI) including a user authentication display portion and receiving, from a remote authentication server, visual content and functional content corresponding with the user authentication display portion. The method further includes receiving, via the user authentication display portion, a set of user credentials and communicating the received user credentials to the remote user authentication server. The method still further includes receiving, from the remote user authentication server; an authorization message indicating whether or not authentication of the user credentials was successful. In the event authentication of the set of user credentials was successful, the user is granted access to the computing device.Type: GrantFiled: January 7, 2013Date of Patent: November 17, 2015Assignee: Google Inc.Inventors: Zelidrag Hornung, William A. Drewry, Sumit Gwalani, Christopher Masone
-
Publication number: 20150199028Abstract: A computer-implemented method for controlling a developer mode of a computer is disclosed according to an aspect of the subject technology. The method comprises, during boot time of the computer, determining whether one or more keys on a keyboard corresponding to the developer mode are held down, and, if the one or more keys are held down, then setting a developer mode value within a lockable memory space to enable the developer mode.Type: ApplicationFiled: December 14, 2011Publication date: July 16, 2015Applicant: GOOGLE INC.Inventors: Randall R. Spangler, Ryan Tabone, William A. Drewry, Linus Michael Upson
-
Patent number: 9015824Abstract: Systems and methods for allowing client computing device to securely interact with private network are provided. Method includes initiating virtual private network connection. Method also includes executing at least portion of virtual private network client code within memory region for unsecure software. Method also includes receiving request within virtual private network client code to access local resource. Local resource is within memory region for secure software. Method also includes determining whether virtual private network client code has permission to access local resource within memory region for secure software. Method also includes, if virtual private network client code has permission to access local resource, providing local resource to virtual private network client code according to request within virtual private network client code. Method also includes, if virtual private network lacks permission to access the local resource, denying local resource to virtual private network client code.Type: GrantFiled: February 24, 2012Date of Patent: April 21, 2015Assignee: Google Inc.Inventors: William A. Drewry, Kenneth Edward Mixter
-
Patent number: 8997174Abstract: Systems and methods for configuring browser policy settings on client computing devices are provided. In some aspects, a method includes receiving login credentials from a client computing device. The client computing device includes a browser. The method also includes transmitting browser policy data associated with the login credentials to the client computing device. The browser policy data identifies browser policy settings to be installed on the browser. The browser policy settings identified by the browser policy data include four or more of: compliance settings, behavioral settings, browser/software applications, permission to access one or more websites, restrictions on accessing one or more websites, read permission in a remote document storage unit accessible via the browser, or write permission in a remote document storage unit accessible via the browser.Type: GrantFiled: November 28, 2012Date of Patent: March 31, 2015Assignee: Google Inc.Inventors: Glenn Wilson, Sumit Gwalani, William A. Drewry, Mattias Stefan Nissler, Daniel Kenneth Clifford, Christopher Masone
-
Publication number: 20150012738Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.Type: ApplicationFiled: July 14, 2014Publication date: January 8, 2015Inventors: Gaurav Shah, William Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
-
Patent number: 8832455Abstract: Configurations providing a non-zero threshold for verifying a root file system of an operating system stored on blocks of a boot storage are disclosed. In particular, the root file system is verified during a boot sequence for the operating system. For each block of the root file system of the boot storage, the subject technology verifies a respective block of the boot storage. A counter tracking a number of verification failures is incremented if the block fails verification. In some configurations, the subject technology determines whether the counter meets a predetermined non-zero threshold. If the counter meets the predetermined non-zero threshold, the root file system is marked as corrupted. A recovery mode for the operating system is then initiated. If the counter does not meet the predetermined non-zero threshold, the operating system is reset in order to verify the root file system during a subsequent boot sequence.Type: GrantFiled: September 21, 2011Date of Patent: September 9, 2014Assignee: Google Inc.Inventors: William A. Drewry, William F. Richardson, Randall R. Spangler
-
Patent number: 8819330Abstract: Systems, methods, and machine-readable media for storing a recovery image on a secondary memory device on a computing system and updating the recovery image. In some aspects, the system may include a main storage device comprising an operating system, a secondary storage device, internal to the computer system and separate from the main storage device, comprising a recovery image, and a processor configured to determine whether to boot the computer system in a normal mode using the main storage device or in a recovery mode using the recovery image on the secondary storage device. In some aspects, the system may also include a recovery circuit configured to prevent access to the secondary storage device during the normal mode when the recovery circuit is disabled and to permit access to the second storage device when the recovery circuit is enabled during the recovery mode process.Type: GrantFiled: September 20, 2011Date of Patent: August 26, 2014Assignee: Google Inc.Inventors: Randall R. Spangler, William A. Drewry, William F. Richardson
-
Patent number: 8812854Abstract: A computer-implemented method for verifying a boot process of a computing system includes reading, by the computing system during the boot process, a header section of a read-write portion of firmware of the computing system. The method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header, and decrypting, using a first public-key, an encrypted signature corresponding to the header. The method further includes comparing the message digest corresponding with the header and the decrypted signature corresponding to the header. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header match, the boot process is continued. In the event the message digest corresponding to the header and the decrypted signature corresponding to the header do not match, the boot process is halted.Type: GrantFiled: October 12, 2010Date of Patent: August 19, 2014Assignee: Google Inc.Inventors: Gaurav Shah, William Drewry, Randall Spangler, Ryan Tabone, Sumit Gwalani, Luigi Semenzato
-
Patent number: 8745592Abstract: Some embodiments provide a system that generates a test suite for a software program. During operation, the system obtains a set of inputs for the software program and determines a coverage of the software program associated with the set of inputs. Next, the system determines a subset of the inputs which substantially provides the coverage of the software program. Finally, the system uses the subset of inputs as the test suite for the software program.Type: GrantFiled: January 8, 2010Date of Patent: June 3, 2014Assignee: Google Inc.Inventors: Tavis Ormandy, William A. Drewry
-
Patent number: 8701157Abstract: Systems and methods for configuring policy settings on client computing devices are provided. In some aspects, a method includes transmitting login credentials to one or more server machines. The method also includes receiving, on the client computing device, policy data and a public key from the one or more server machines in response to the login credentials. The method also includes authenticating the policy data based on the public key. The method also includes automatically installing policy settings based on the authenticated policy data on the client computing device. The policy settings identified by the policy data include four or more of: compliance settings, behavioral settings, software applications, permission to access one or more websites, restrictions on accessing one or more websites, read permission in a remote document storage unit, or write permission in a remote document storage unit.Type: GrantFiled: January 11, 2012Date of Patent: April 15, 2014Assignee: Google Inc.Inventors: Glenn Wilson, Sumit Gwalani, William A. Drewry, Mattias Stefan Nissler
-
Patent number: 8583891Abstract: Methods and apparatus for associating partitions in a computing device are disclosed. An example method includes, loading an operating system (O/S) kernel partition (kernel partition) and identifying one or more root filesystem (rootfs) partitions that are compatible with the loaded kernel partition. In the example method, the one or more compatible rootfs partitions are identified by comparing a set of compatibility bits of the loaded kernel partition with respective sets of compatibility bits of a plurality of rootfs partitions of the computing device. The example method still further includes selecting a rootfs partition from the one or more identified compatible rootfs partitions and loading the selected rootfs partition.Type: GrantFiled: July 25, 2011Date of Patent: November 12, 2013Assignee: Google Inc.Inventors: Randall R. Spangler, William A. Drewry, William F. Richardson
-
Publication number: 20130227090Abstract: Systems and methods for remote an enterprise policy/client configuration installation for client computing devices are provided. In some aspects, a method includes receiving, on a client computing device, via a network, a message including an updated enterprise policy/client configuration associated with an operating system and a signature. The signature identifies a source of the message. The method also includes authenticating the message based on the signature. The method also includes installing the updated an enterprise policy/client configuration. At least a first portion of an enterprise policy/client configuration is configured not to be updatable without receiving the message via the network.Type: ApplicationFiled: July 18, 2012Publication date: August 29, 2013Applicant: GOOGLE INC.Inventors: Mattias Stefan NISSLER, William A. Drewry, Christopher Masone, Sumit Gwalani