Patents by Inventor Brian Farrell
Brian Farrell has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20260154055Abstract: A computer-implemented method when executed by data processing hardware causes the data processing hardware to perform operations. The operations include providing, at a system on chips (SoC) of a radar module, a common encryption key and a unique encryption key, providing, at the SoC, a unique key pair, the unique key pair including a unique public key and a unique private key, and encrypting software with the common encryption key. The operations also include generating a secure boot certificate for the encrypted software, signing, using the unique private key, the secure boot certificate, and writing, the encrypted software, to an external flash memory. The operations further include updating, at the SoC, software, verifying, via a regional public key, the software update, and signing, via a hardware security module (HSM) of the SoC, the secure boot certificate with a device-unique private key.Type: ApplicationFiled: November 29, 2024Publication date: June 4, 2026Applicant: GM Global Technology Operations LLCInventor: Brian Farrell
-
Patent number: 12634147Abstract: A computer-implemented method that causes data processing hardware to perform operations including generating, at a first device, a message having a header including a message type and a service ID, receiving, at a second device, the message including the header and a key serial number (KSN) of the first device, determining, based on the header, the message type of the message, verifying, at a high performance crypto accelerator (HPCA) of the second device, a message authentication code (MAC) of the message based on the determined message type being the service event, obtaining, based on the KSN from the message, a key slot from a message authentication code table (MACT), identifying, based on the key slot, a key associated with the key slot obtained from the MACT, the key including at least one of a primary key and a secondary key, and verifying, using the key and the key slot obtained from the MACT, the MAC.Type: GrantFiled: August 9, 2024Date of Patent: May 19, 2026Assignee: GM Global Technology Operations LLCInventors: Brian Farrell, Sherif Aly
-
Patent number: 12562899Abstract: Methods for updating 256-bit cryptographic keys by a cryptographic key update system include transmitting a first transmission, a second transmission, and a third transmission. The second transmission is a symmetric key encryption under a key encryption key of a concatenation of a plurality of parameters and a new cryptographic key. The sender derives the key encryption key by transforming an authentication key and a bit string of constant values based on a one-way compression function that is one of the following: a modification detection code 2 (MDC-2) cryptographic hash function with a 128-bit advanced encryption standard (AES-128) as the underlying block cipher, a modification detection code 4 (MDC-4) cryptographic hash function with the 128-bit advanced encryption standard (AES-128) as the underlying block cipher, the Hirose compression function with the 256-bit advanced encryption standard (AES-256) as the underlying block cipher, and a 256-bit hash function.Type: GrantFiled: June 26, 2024Date of Patent: February 24, 2026Assignee: GM GLOBAL TECHNOLOGY OPERATIONS LLCInventors: Mohamed A. Layouni, Brian Farrell, Christopher J. Kloote, Manohar Reddy Nanjundappa, Kenneth Junk
-
Publication number: 20260052125Abstract: In some implementations, a global coordinator may receive, from a distributed storage and task processing network (DSTN) managing unit, a first coordination message that indicates currently configured sampling policy information for the DSTN managing unit. The global coordinator may transmit, to an analytics agent, the currently configured sampling policy information for the DSTN managing unit. The global coordinator may receive, from the analytics agent, adjusted sampling policy information for the DSTN managing unit. The global coordinator may transmit, to the DSTN managing unit, a second coordination message that indicates the adjusted sampling policy information for the DSTN managing unit.Type: ApplicationFiled: October 23, 2025Publication date: February 19, 2026Inventors: Patrick Aaron TAMBORSKI, Adam GRAY, Brian FARRELL
-
Publication number: 20260046139Abstract: A computer-implemented method that causes data processing hardware to perform operations including generating, at a first device, a message having a header including a message type and a service ID, receiving, at a second device, the message including the header and a KSN of the first device, determining, based on the header, the message type of the message, verifying, at an HPCA of the second device, a MAC of the message based on the determined message type being a service event, obtaining, based on the KSN from the message, a key slot from a MACT, identifying, based on the key slot, a key associated with the key slot obtained from the MACT, the key including at least one of a primary key and a secondary key, and verifying, using the key and the key slot obtained from the MACT, the MAC.Type: ApplicationFiled: August 9, 2024Publication date: February 12, 2026Applicant: GM Global Technology Operations LLCInventors: Brian Farrell, Sherif Aly
-
Patent number: 12542677Abstract: A method for a secure in-vehicle service oriented architecture with a MAC Generate Allow List includes receiving, at a secure environment, a request to transmit a message from a device. The request to transmit includes a request for a message authentication code. The method also includes determining, based on the request to transmit, an identity of the device, and determining, based on a message authentication generate allow list, that the request to transmit does not exceed a permission level of the device. Here, the permission level of the device is stored in the message authentication generate allow list. The method also includes obtaining a secure environment key assigned to the device, the secure environment key only accessible by the secure environment, and generating the message authentication code using the secure environment key assigned to the device.Type: GrantFiled: January 23, 2024Date of Patent: February 3, 2026Assignee: GM Global Technology Operations LLCInventors: Brian Farrell, Sherif Aly, Karl Bernard Leboeuf, Alfred F. Adams, II
-
Patent number: 12511398Abstract: A system may include data processing hardware and memory hardware in communication with the data processing hardware. The memory hardware may store instructions that when executed on the data processing hardware cause the data processing hardware to perform operations. The operations include requesting, via a boot manager of a host module, a hardware security module (HSM) to verify an application software of the host module and configuring, via the verified application software, a memory protection unit (MPU) to at least one of no execute and no write for at least one area of a memory of the host module. The operations further include executing the application software with the HSM enabled.Type: GrantFiled: November 7, 2023Date of Patent: December 30, 2025Assignee: GM Global Technology Operations LLCInventors: Brian Farrell, John Jen, J. David Rosa
-
Publication number: 20250390326Abstract: A remote device attestation (RDA) system for operating systems (OSs) implementing address space layout randomization (ASLR) includes an ASLR mechanism for RDA. The ASLR mechanism has a secure trust zone (TZ) with a secure OS and trusted applications (TAs), and a non-secure world. The non-secure world includes: virtual controllers in communication with the TZ and with control systems of a vehicle. A hypervisor (HV) application of the non-secure world communicates with the OS and TAs in the TZ. The ASLR mechanism verifies integrity of applications running in the non-secure world on a first time installation, or a first start-up, verifies integrity of the applications running in the non-secure world during an update to the applications, and actively and automatically verifies integrity of applications running in the non-secure world during application use. When integrity verification fails, the ASLR mechanism prevents applications that have failed verification from operating for vehicle control.Type: ApplicationFiled: June 24, 2024Publication date: December 25, 2025Inventors: Mohamed A. Layouni, Brian Farrell
-
Patent number: 12422887Abstract: Disclosed embodiments describe techniques for personal area network (PAN) enablement. PAIN connection uses an interconnection laminate substrate for connectivity of personal area network components. The interconnection laminate substrate may be flexible or rigid. In one preferred form of the invention, the interconnection laminate substrate is flexible. A plurality of personal area network components is provided. An interconnection laminate substrate is provided within a manufactured article (e.g., a soft good assembly), where the interconnection laminate substrate enables connectivity among the plurality of personal area network components, and where the interconnection laminate substrate comprises interconnection wiring encapsulated in at least one protective encapsulation layer, with the interconnection wiring being coupled to a plurality of exposed connectors.Type: GrantFiled: October 13, 2020Date of Patent: September 23, 2025Inventors: Brian Farrell, Cameron Paul Barron, Allan Neville, Richard Bernard Streeter, Verne Patterson
-
Patent number: 12401499Abstract: An apparatus includes a compute device having a microcontroller unit circuit, multiple processing circuits, and a backplane bus. Initial unsecured communications through the backplane bus are restricted. The microcontroller unit circuit is operational to authenticate the processing circuits with a plurality of processor attestations over a local area network bus based on a secure onboard communication protocol of an automotive open system architecture, a symmetric key, and a message authentication code. The processing circuits are operational to reply to the processor attestations over the local area network bus, and verify the microcontroller unit circuit based on the secure onboard communication protocol, the symmetric key, and the message authentication code received from the microcontroller unit circuit. Secure communications through the backplane bus among the processing circuits is enabled based on the authentications of the processing circuits and the verifications of the microcontroller unit circuit.Type: GrantFiled: March 31, 2023Date of Patent: August 26, 2025Assignee: GM Global Technology Operations LLCInventors: Brian Farrell, Christopher J. Kloote, Manohar Reddy Nanjundappa, Kenneth W. Junk
-
Patent number: 12375288Abstract: An electronic control unit (ECU), or node, is configured to use a single key for generating requests from a security peripheral for a MAC. The security peripheral includes the stored shared key. The security peripheral may further include a policy enabling it to detect if a request from the V-ECU is valid, in which case it generates a MAC. The security peripheral is also used to store information in a MAC Generate Allow List (MGAL). In some embodiments, the receiving nodes in a network receive data based on a security peripheral's response to a transmit nodes requests for a MAC. The receiving nodes use this knowledge to avoid being spoofed.Type: GrantFiled: September 1, 2023Date of Patent: July 29, 2025Assignee: GM Global Technology Operations LLCInventors: Brian Farrell, Sherif Aly, Manohar Reddy Nanjundappa
-
Publication number: 20250240169Abstract: A method for a secure in-vehicle service oriented architecture with a MAC Generate Allow List includes receiving, at a secure environment, a request to transmit a message from a device. The request to transmit includes a request for a message authentication code. The method also includes determining, based on the request to transmit, an identity of the device, and determining, based on a message authentication generate allow list, that the request to transmit does not exceed a permission level of the device. Here, the permission level of the device is stored in the message authentication generate allow list. The method also includes obtaining a secure environment key assigned to the device, the secure environment key only accessible by the secure environment, and generating the message authentication code using the secure environment key assigned to the device.Type: ApplicationFiled: January 23, 2024Publication date: July 24, 2025Applicant: GM Global Technology Operations LLCInventors: Brian Farrell, Sherif Aly, Karl Bernard Leboeuf, Alfred F. Adams, II
-
Patent number: 12321499Abstract: A system includes a vehicle external to a back office portal. The back office portal is operational to generate a signed update mode record. The vehicle has multiple devices and a component. The component is in communication with the devices, and operational to receive the signed update mode record, verify that the signed update mode record is from the back office portal and was created for the component, erase credentials within the component that establish the component as valid to the plurality of devices in response to the verification of the signed update mode record, perform an irreversible action within the component, enter a software update mode, exit the software update mode, and reject each request from the plurality of devices to the component that relies on the credentials that were erased from the component.Type: GrantFiled: May 30, 2023Date of Patent: June 3, 2025Assignee: GM Global Technology Operations LLCInventors: Karl B. Leboeuf, Brian Farrell, Thomas M. Forest
-
Publication number: 20250148083Abstract: A system may include data processing hardware and memory hardware in communication with the data processing hardware. The memory hardware may store instructions that when executed on the data processing hardware cause the data processing hardware to perform operations. The operations include requesting, via a boot manager of a host module, a hardware security module (HSM) to verify an application software of the host module and configuring, via the verified application software, a memory protection unit (MPU) to at least one of no execute and no write for at least one area of a memory of the host module. The operations further include executing the application software with the HSM enabled.Type: ApplicationFiled: November 7, 2023Publication date: May 8, 2025Applicant: GM Global Technology Operations LLCInventors: Brian Farrell, John Jen, J. David Rosa
-
Patent number: 12278811Abstract: An electronic control unit (ECU), or node, is configured to use a single key for generating requests from a security peripheral for a MAC. The security peripheral includes the stored shared key. The security peripheral may further include a policy enabling it to detect if a request from the V-ECU is valid, in which case it generates a MAC. The security peripheral is also used to store information in a MAC Generate Allow List (MGAL). In some embodiments, the receiving nodes in a network receive data based on a security peripheral's response to a transmit nodes requests for a MAC. The receiving nodes use this knowledge to avoid being spoofed.Type: GrantFiled: December 1, 2022Date of Patent: April 15, 2025Assignee: GM Global Technology Operations LLCInventors: Brian Farrell, Sherif Aly, Mohamed A. Layouni, Manohar Reddy Nanjundappa
-
Publication number: 20250080358Abstract: An electronic control unit (ECU), or node, is configured to use a single key for generating requests from a security peripheral for a MAC. The security peripheral includes the stored shared key. The security peripheral may further include a policy enabling it to detect if a request from the V-ECU is valid, in which case it generates a MAC. The security peripheral is also used to store information in a MAC Generate Allow List (MGAL). In some embodiments, the receiving nodes in a network receive data based on a security peripheral's response to a transmit nodes requests for a MAC. The receiving nodes use this knowledge to avoid being spoofed.Type: ApplicationFiled: September 1, 2023Publication date: March 6, 2025Applicant: GM GLOBAL TECHNOLOGY OPERATIONS LLCInventors: Brian Farrell, Sherif Aly, Manohar Reddy Nanjundappa
-
Patent number: 12238097Abstract: An electronic control unit (ECU), or node, is configured to use a single key for all virtual ECUs (V-ECUs) having a message to transmit. The ECU also may include a security peripheral that includes the stored shared key. The security peripheral may further include a policy enabling it to detect if a request from the V-ECU is valid, in which case it generates a MAC. The security peripheral is also used to store information in a MAC Generate Allow List (MGAL), which may define the policy about when the V-ECU can transmit. The ECU may include a crypto-engine, which stores shared keys from other nodes used to verify MACs transmitted by other nodes.Type: GrantFiled: December 1, 2022Date of Patent: February 25, 2025Assignee: GM Global Technology Operations LLCInventor: Brian Farrell
-
Publication number: 20240403491Abstract: A system includes a vehicle external to a back office portal. The back office portal is operational to generate a signed update mode record. The vehicle has multiple devices and a component. The component is in communication with the devices, and operational to receive the signed update mode record, verify that the signed update mode record is from the back office portal and was created for the component, erase credentials within the component that establish the component as valid to the plurality of devices in response to the verification of the signed update mode record, perform an irreversible action within the component, enter a software update mode, exit the software update mode, and reject each request from the plurality of devices to the component that relies on the credentials that were erased from the component.Type: ApplicationFiled: May 30, 2023Publication date: December 5, 2024Applicant: GM GLOBAL TECHNOLOGY OPERATIONS LLCInventors: Karl B. Leboeuf, Brian Farrell, Thomas M. Forest
-
Patent number: 12151692Abstract: A method for performance tuning an electronic control unit (ECU). The performance tuning may include determining one or more tunable values stored on a tunable implementation memory of the ECU to specify tunable calibration data for one or more tunable calibration parameters selected for performance tuning and controlling an application software of the ECU to execute according to the tunable calibration data.Type: GrantFiled: June 23, 2022Date of Patent: November 26, 2024Assignee: GM Global Technology Operations LLCInventors: Brian Farrell, Joseph E. Ploucha
-
Patent number: 12147540Abstract: A system for implementing a secure boot event includes a system on a chip (SoC). The SoC includes key hashes stored within one-time programmable memory. Each of the key hashes is configured for use with one of a plurality of candidate authentication key sets. The SoC further includes firmware stored within RAM. The firmware includes a secondary bootloader, a plurality of public keys, and corresponding signatures. The public keys and corresponding signatures are configured for use with one of the key sets. The SoC further includes a primary bootloader utilizing fuses stored within the programmable memory. The fuses activate a selected key hash based upon an ecosystem in which the system is to operate. The selected hash and a corresponding public key and signature define an active authentication key set. During the event, the primary bootloader utilizes the active authentication key set to authenticate a downloaded update to the firmware.Type: GrantFiled: October 28, 2022Date of Patent: November 19, 2024Assignee: GM Global Technology Operations LLCInventor: Brian Farrell