Patents by Inventor Brian Farrell

Brian Farrell has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20260154055
    Abstract: A computer-implemented method when executed by data processing hardware causes the data processing hardware to perform operations. The operations include providing, at a system on chips (SoC) of a radar module, a common encryption key and a unique encryption key, providing, at the SoC, a unique key pair, the unique key pair including a unique public key and a unique private key, and encrypting software with the common encryption key. The operations also include generating a secure boot certificate for the encrypted software, signing, using the unique private key, the secure boot certificate, and writing, the encrypted software, to an external flash memory. The operations further include updating, at the SoC, software, verifying, via a regional public key, the software update, and signing, via a hardware security module (HSM) of the SoC, the secure boot certificate with a device-unique private key.
    Type: Application
    Filed: November 29, 2024
    Publication date: June 4, 2026
    Applicant: GM Global Technology Operations LLC
    Inventor: Brian Farrell
  • Patent number: 12634147
    Abstract: A computer-implemented method that causes data processing hardware to perform operations including generating, at a first device, a message having a header including a message type and a service ID, receiving, at a second device, the message including the header and a key serial number (KSN) of the first device, determining, based on the header, the message type of the message, verifying, at a high performance crypto accelerator (HPCA) of the second device, a message authentication code (MAC) of the message based on the determined message type being the service event, obtaining, based on the KSN from the message, a key slot from a message authentication code table (MACT), identifying, based on the key slot, a key associated with the key slot obtained from the MACT, the key including at least one of a primary key and a secondary key, and verifying, using the key and the key slot obtained from the MACT, the MAC.
    Type: Grant
    Filed: August 9, 2024
    Date of Patent: May 19, 2026
    Assignee: GM Global Technology Operations LLC
    Inventors: Brian Farrell, Sherif Aly
  • Patent number: 12562899
    Abstract: Methods for updating 256-bit cryptographic keys by a cryptographic key update system include transmitting a first transmission, a second transmission, and a third transmission. The second transmission is a symmetric key encryption under a key encryption key of a concatenation of a plurality of parameters and a new cryptographic key. The sender derives the key encryption key by transforming an authentication key and a bit string of constant values based on a one-way compression function that is one of the following: a modification detection code 2 (MDC-2) cryptographic hash function with a 128-bit advanced encryption standard (AES-128) as the underlying block cipher, a modification detection code 4 (MDC-4) cryptographic hash function with the 128-bit advanced encryption standard (AES-128) as the underlying block cipher, the Hirose compression function with the 256-bit advanced encryption standard (AES-256) as the underlying block cipher, and a 256-bit hash function.
    Type: Grant
    Filed: June 26, 2024
    Date of Patent: February 24, 2026
    Assignee: GM GLOBAL TECHNOLOGY OPERATIONS LLC
    Inventors: Mohamed A. Layouni, Brian Farrell, Christopher J. Kloote, Manohar Reddy Nanjundappa, Kenneth Junk
  • Publication number: 20260052125
    Abstract: In some implementations, a global coordinator may receive, from a distributed storage and task processing network (DSTN) managing unit, a first coordination message that indicates currently configured sampling policy information for the DSTN managing unit. The global coordinator may transmit, to an analytics agent, the currently configured sampling policy information for the DSTN managing unit. The global coordinator may receive, from the analytics agent, adjusted sampling policy information for the DSTN managing unit. The global coordinator may transmit, to the DSTN managing unit, a second coordination message that indicates the adjusted sampling policy information for the DSTN managing unit.
    Type: Application
    Filed: October 23, 2025
    Publication date: February 19, 2026
    Inventors: Patrick Aaron TAMBORSKI, Adam GRAY, Brian FARRELL
  • Publication number: 20260046139
    Abstract: A computer-implemented method that causes data processing hardware to perform operations including generating, at a first device, a message having a header including a message type and a service ID, receiving, at a second device, the message including the header and a KSN of the first device, determining, based on the header, the message type of the message, verifying, at an HPCA of the second device, a MAC of the message based on the determined message type being a service event, obtaining, based on the KSN from the message, a key slot from a MACT, identifying, based on the key slot, a key associated with the key slot obtained from the MACT, the key including at least one of a primary key and a secondary key, and verifying, using the key and the key slot obtained from the MACT, the MAC.
    Type: Application
    Filed: August 9, 2024
    Publication date: February 12, 2026
    Applicant: GM Global Technology Operations LLC
    Inventors: Brian Farrell, Sherif Aly
  • Patent number: 12542677
    Abstract: A method for a secure in-vehicle service oriented architecture with a MAC Generate Allow List includes receiving, at a secure environment, a request to transmit a message from a device. The request to transmit includes a request for a message authentication code. The method also includes determining, based on the request to transmit, an identity of the device, and determining, based on a message authentication generate allow list, that the request to transmit does not exceed a permission level of the device. Here, the permission level of the device is stored in the message authentication generate allow list. The method also includes obtaining a secure environment key assigned to the device, the secure environment key only accessible by the secure environment, and generating the message authentication code using the secure environment key assigned to the device.
    Type: Grant
    Filed: January 23, 2024
    Date of Patent: February 3, 2026
    Assignee: GM Global Technology Operations LLC
    Inventors: Brian Farrell, Sherif Aly, Karl Bernard Leboeuf, Alfred F. Adams, II
  • Patent number: 12511398
    Abstract: A system may include data processing hardware and memory hardware in communication with the data processing hardware. The memory hardware may store instructions that when executed on the data processing hardware cause the data processing hardware to perform operations. The operations include requesting, via a boot manager of a host module, a hardware security module (HSM) to verify an application software of the host module and configuring, via the verified application software, a memory protection unit (MPU) to at least one of no execute and no write for at least one area of a memory of the host module. The operations further include executing the application software with the HSM enabled.
    Type: Grant
    Filed: November 7, 2023
    Date of Patent: December 30, 2025
    Assignee: GM Global Technology Operations LLC
    Inventors: Brian Farrell, John Jen, J. David Rosa
  • Publication number: 20250390326
    Abstract: A remote device attestation (RDA) system for operating systems (OSs) implementing address space layout randomization (ASLR) includes an ASLR mechanism for RDA. The ASLR mechanism has a secure trust zone (TZ) with a secure OS and trusted applications (TAs), and a non-secure world. The non-secure world includes: virtual controllers in communication with the TZ and with control systems of a vehicle. A hypervisor (HV) application of the non-secure world communicates with the OS and TAs in the TZ. The ASLR mechanism verifies integrity of applications running in the non-secure world on a first time installation, or a first start-up, verifies integrity of the applications running in the non-secure world during an update to the applications, and actively and automatically verifies integrity of applications running in the non-secure world during application use. When integrity verification fails, the ASLR mechanism prevents applications that have failed verification from operating for vehicle control.
    Type: Application
    Filed: June 24, 2024
    Publication date: December 25, 2025
    Inventors: Mohamed A. Layouni, Brian Farrell
  • Patent number: 12422887
    Abstract: Disclosed embodiments describe techniques for personal area network (PAN) enablement. PAIN connection uses an interconnection laminate substrate for connectivity of personal area network components. The interconnection laminate substrate may be flexible or rigid. In one preferred form of the invention, the interconnection laminate substrate is flexible. A plurality of personal area network components is provided. An interconnection laminate substrate is provided within a manufactured article (e.g., a soft good assembly), where the interconnection laminate substrate enables connectivity among the plurality of personal area network components, and where the interconnection laminate substrate comprises interconnection wiring encapsulated in at least one protective encapsulation layer, with the interconnection wiring being coupled to a plurality of exposed connectors.
    Type: Grant
    Filed: October 13, 2020
    Date of Patent: September 23, 2025
    Inventors: Brian Farrell, Cameron Paul Barron, Allan Neville, Richard Bernard Streeter, Verne Patterson
  • Patent number: 12401499
    Abstract: An apparatus includes a compute device having a microcontroller unit circuit, multiple processing circuits, and a backplane bus. Initial unsecured communications through the backplane bus are restricted. The microcontroller unit circuit is operational to authenticate the processing circuits with a plurality of processor attestations over a local area network bus based on a secure onboard communication protocol of an automotive open system architecture, a symmetric key, and a message authentication code. The processing circuits are operational to reply to the processor attestations over the local area network bus, and verify the microcontroller unit circuit based on the secure onboard communication protocol, the symmetric key, and the message authentication code received from the microcontroller unit circuit. Secure communications through the backplane bus among the processing circuits is enabled based on the authentications of the processing circuits and the verifications of the microcontroller unit circuit.
    Type: Grant
    Filed: March 31, 2023
    Date of Patent: August 26, 2025
    Assignee: GM Global Technology Operations LLC
    Inventors: Brian Farrell, Christopher J. Kloote, Manohar Reddy Nanjundappa, Kenneth W. Junk
  • Patent number: 12375288
    Abstract: An electronic control unit (ECU), or node, is configured to use a single key for generating requests from a security peripheral for a MAC. The security peripheral includes the stored shared key. The security peripheral may further include a policy enabling it to detect if a request from the V-ECU is valid, in which case it generates a MAC. The security peripheral is also used to store information in a MAC Generate Allow List (MGAL). In some embodiments, the receiving nodes in a network receive data based on a security peripheral's response to a transmit nodes requests for a MAC. The receiving nodes use this knowledge to avoid being spoofed.
    Type: Grant
    Filed: September 1, 2023
    Date of Patent: July 29, 2025
    Assignee: GM Global Technology Operations LLC
    Inventors: Brian Farrell, Sherif Aly, Manohar Reddy Nanjundappa
  • Publication number: 20250240169
    Abstract: A method for a secure in-vehicle service oriented architecture with a MAC Generate Allow List includes receiving, at a secure environment, a request to transmit a message from a device. The request to transmit includes a request for a message authentication code. The method also includes determining, based on the request to transmit, an identity of the device, and determining, based on a message authentication generate allow list, that the request to transmit does not exceed a permission level of the device. Here, the permission level of the device is stored in the message authentication generate allow list. The method also includes obtaining a secure environment key assigned to the device, the secure environment key only accessible by the secure environment, and generating the message authentication code using the secure environment key assigned to the device.
    Type: Application
    Filed: January 23, 2024
    Publication date: July 24, 2025
    Applicant: GM Global Technology Operations LLC
    Inventors: Brian Farrell, Sherif Aly, Karl Bernard Leboeuf, Alfred F. Adams, II
  • Patent number: 12321499
    Abstract: A system includes a vehicle external to a back office portal. The back office portal is operational to generate a signed update mode record. The vehicle has multiple devices and a component. The component is in communication with the devices, and operational to receive the signed update mode record, verify that the signed update mode record is from the back office portal and was created for the component, erase credentials within the component that establish the component as valid to the plurality of devices in response to the verification of the signed update mode record, perform an irreversible action within the component, enter a software update mode, exit the software update mode, and reject each request from the plurality of devices to the component that relies on the credentials that were erased from the component.
    Type: Grant
    Filed: May 30, 2023
    Date of Patent: June 3, 2025
    Assignee: GM Global Technology Operations LLC
    Inventors: Karl B. Leboeuf, Brian Farrell, Thomas M. Forest
  • Publication number: 20250148083
    Abstract: A system may include data processing hardware and memory hardware in communication with the data processing hardware. The memory hardware may store instructions that when executed on the data processing hardware cause the data processing hardware to perform operations. The operations include requesting, via a boot manager of a host module, a hardware security module (HSM) to verify an application software of the host module and configuring, via the verified application software, a memory protection unit (MPU) to at least one of no execute and no write for at least one area of a memory of the host module. The operations further include executing the application software with the HSM enabled.
    Type: Application
    Filed: November 7, 2023
    Publication date: May 8, 2025
    Applicant: GM Global Technology Operations LLC
    Inventors: Brian Farrell, John Jen, J. David Rosa
  • Patent number: 12278811
    Abstract: An electronic control unit (ECU), or node, is configured to use a single key for generating requests from a security peripheral for a MAC. The security peripheral includes the stored shared key. The security peripheral may further include a policy enabling it to detect if a request from the V-ECU is valid, in which case it generates a MAC. The security peripheral is also used to store information in a MAC Generate Allow List (MGAL). In some embodiments, the receiving nodes in a network receive data based on a security peripheral's response to a transmit nodes requests for a MAC. The receiving nodes use this knowledge to avoid being spoofed.
    Type: Grant
    Filed: December 1, 2022
    Date of Patent: April 15, 2025
    Assignee: GM Global Technology Operations LLC
    Inventors: Brian Farrell, Sherif Aly, Mohamed A. Layouni, Manohar Reddy Nanjundappa
  • Publication number: 20250080358
    Abstract: An electronic control unit (ECU), or node, is configured to use a single key for generating requests from a security peripheral for a MAC. The security peripheral includes the stored shared key. The security peripheral may further include a policy enabling it to detect if a request from the V-ECU is valid, in which case it generates a MAC. The security peripheral is also used to store information in a MAC Generate Allow List (MGAL). In some embodiments, the receiving nodes in a network receive data based on a security peripheral's response to a transmit nodes requests for a MAC. The receiving nodes use this knowledge to avoid being spoofed.
    Type: Application
    Filed: September 1, 2023
    Publication date: March 6, 2025
    Applicant: GM GLOBAL TECHNOLOGY OPERATIONS LLC
    Inventors: Brian Farrell, Sherif Aly, Manohar Reddy Nanjundappa
  • Patent number: 12238097
    Abstract: An electronic control unit (ECU), or node, is configured to use a single key for all virtual ECUs (V-ECUs) having a message to transmit. The ECU also may include a security peripheral that includes the stored shared key. The security peripheral may further include a policy enabling it to detect if a request from the V-ECU is valid, in which case it generates a MAC. The security peripheral is also used to store information in a MAC Generate Allow List (MGAL), which may define the policy about when the V-ECU can transmit. The ECU may include a crypto-engine, which stores shared keys from other nodes used to verify MACs transmitted by other nodes.
    Type: Grant
    Filed: December 1, 2022
    Date of Patent: February 25, 2025
    Assignee: GM Global Technology Operations LLC
    Inventor: Brian Farrell
  • Publication number: 20240403491
    Abstract: A system includes a vehicle external to a back office portal. The back office portal is operational to generate a signed update mode record. The vehicle has multiple devices and a component. The component is in communication with the devices, and operational to receive the signed update mode record, verify that the signed update mode record is from the back office portal and was created for the component, erase credentials within the component that establish the component as valid to the plurality of devices in response to the verification of the signed update mode record, perform an irreversible action within the component, enter a software update mode, exit the software update mode, and reject each request from the plurality of devices to the component that relies on the credentials that were erased from the component.
    Type: Application
    Filed: May 30, 2023
    Publication date: December 5, 2024
    Applicant: GM GLOBAL TECHNOLOGY OPERATIONS LLC
    Inventors: Karl B. Leboeuf, Brian Farrell, Thomas M. Forest
  • Patent number: 12151692
    Abstract: A method for performance tuning an electronic control unit (ECU). The performance tuning may include determining one or more tunable values stored on a tunable implementation memory of the ECU to specify tunable calibration data for one or more tunable calibration parameters selected for performance tuning and controlling an application software of the ECU to execute according to the tunable calibration data.
    Type: Grant
    Filed: June 23, 2022
    Date of Patent: November 26, 2024
    Assignee: GM Global Technology Operations LLC
    Inventors: Brian Farrell, Joseph E. Ploucha
  • Patent number: 12147540
    Abstract: A system for implementing a secure boot event includes a system on a chip (SoC). The SoC includes key hashes stored within one-time programmable memory. Each of the key hashes is configured for use with one of a plurality of candidate authentication key sets. The SoC further includes firmware stored within RAM. The firmware includes a secondary bootloader, a plurality of public keys, and corresponding signatures. The public keys and corresponding signatures are configured for use with one of the key sets. The SoC further includes a primary bootloader utilizing fuses stored within the programmable memory. The fuses activate a selected key hash based upon an ecosystem in which the system is to operate. The selected hash and a corresponding public key and signature define an active authentication key set. During the event, the primary bootloader utilizes the active authentication key set to authenticate a downloaded update to the firmware.
    Type: Grant
    Filed: October 28, 2022
    Date of Patent: November 19, 2024
    Assignee: GM Global Technology Operations LLC
    Inventor: Brian Farrell