Patents by Inventor Brian Spencer Payne
Brian Spencer Payne has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11936784Abstract: Techniques are disclosed for enabling attested end-to-end encryption for transporting data between devices. In one example, a destination device receives a policy profile that includes an origination key and a destination key, and the origination key corresponds to a public transfer key of a source device. The destination device verifies the policy profile based on the destination key corresponding to a public transfer key of the source device. The destination device receives a signed encrypted data encryption key from the source device. The destination device receives encrypted data from the source device. The destination device verifies the signed encrypted data encryption key originated from the source device based on the signed encrypted data key being signed with a private attestation identity key that corresponds to a public attestation identity key of the source device. The destination device decrypts encrypted data using a private transfer key of the destination device.Type: GrantFiled: July 15, 2022Date of Patent: March 19, 2024Assignee: Oracle International CorporationInventors: Brian Spencer Payne, Saikat Chakrabarti, Pratibha Anjali Dohare, Rehan Loring Iftikhar
-
Patent number: 11863561Abstract: The present embodiments relate to edge attestation of a host node to access a cloud infrastructure environment. A set of authentication data can be obtained from a console for authorization of the host node. The set of authentication data can include a first endorsement key and an authentication policy identifying characteristics of the host node. The host node can send a request for a network address to connect to the cloud infrastructure environment. The host node can generate a second endorsement key and authentication data that can be verified as corresponding to the set of authentication data received from the console. Responsive to validating the second endorsement key and the received host node authentication data, the network address can be provided to the host node that can be used to connect to the cloud infrastructure environment using the network address.Type: GrantFiled: November 10, 2021Date of Patent: January 2, 2024Assignee: Oracle International CorporationInventor: Brian Spencer Payne
-
Publication number: 20230281313Abstract: The present embodiments relate to a secure boot partition for a cloud computing device of a cloud computing system. The computing device of the cloud computing system can transmit a first request for a pre-boot execution environment executable from a smart network interface card (SmartNIC). The computing device can receive the pre-boot environment executable from the SmartNIC and verify the pre-boot execution environment executable. The computing device can execute the pre-boot execution environment executable. Executing the pre-boot execution environment executable can include transmitting a second request secure boot metadata from the SmartNIC and receiving the secure boot metadata. Executing the pre-boot execution environment executable can further include mounting a boot partition, loading a boot loader obtained from the boot partition, verifying the boot loader based at least in part on the secure boot metadata, and executing the boot loader in response to verifying the boot loader.Type: ApplicationFiled: March 2, 2022Publication date: September 7, 2023Applicant: Oracle International CorporationInventor: Brian Spencer Payne
-
Publication number: 20230144341Abstract: The present embodiments relate to edge attestation of a host node to access a cloud infrastructure environment. A set of authentication data can be obtained from a console for authorization of the host node. The set of authentication data can include a first endorsement key and an authentication policy identifying characteristics of the host node. The host node can send a request for a network address to connect to the cloud infrastructure environment. The host node can generate a second endorsement key and authentication data that can be verified as corresponding to the set of authentication data received from the console. Responsive to validating the second endorsement key and the received host node authentication data, the network address can be provided to the host node that can be used to connect to the cloud infrastructure environment using the network address.Type: ApplicationFiled: November 10, 2021Publication date: May 11, 2023Applicant: Oracle International CorporationInventor: Brian Spencer Payne
-
Publication number: 20220407694Abstract: Techniques are disclosed for enabling attested end-to-end encryption for transporting data between devices. In one example, a destination device receives a policy profile that includes an origination key and a destination key, and the origination key corresponds to a public transfer key of a source device. The destination device verifies the policy profile based on the destination key corresponding to a public transfer key of the source device. The destination device receives a signed encrypted data encryption key from the source device. The destination device receives encrypted data from the source device. The destination device verifies the signed encrypted data encryption key originated from the source device based on the signed encrypted data key being signed with a private attestation identity key that corresponds to a public attestation identity key of the source device. The destination device decrypts encrypted data using a private transfer key of the destination device.Type: ApplicationFiled: July 15, 2022Publication date: December 22, 2022Applicant: Oracle International CorporationInventors: Brian Spencer Payne, Saikat Chakrabarti, Pratibha Anjali Dohare, Rehan Loring Iftikhar
-
Patent number: 11444762Abstract: Techniques are disclosed for enabling attested end-to-end encryption for transporting sensitive data between devices. In one example, an origination device receives and verifies, in a secure environment, a policy profile that includes an origination key of the origination device and a destination key of a destination device. The origination device generates and seals a data encryption key based on a characteristic of the secure environment. The origination device then encrypts the data encryption key with a public key of the destination device to form an encrypted data encryption key. The origination device then signs the encrypted data encryption key with a private attestation identity key of the origination device. The origination device encrypts the sensitive data with the sealed data encryption key to form encrypted data, and then transmits the signed encrypted data encryption key and the encrypted data to the destination device for subsequent decryption of the encrypted data.Type: GrantFiled: August 19, 2020Date of Patent: September 13, 2022Assignee: Oracle International CorporationInventors: Brian Spencer Payne, Saikat Chakrabarti, Pratibha Anjali Dohare, Rehan Loring Iftikhar
-
Publication number: 20220060323Abstract: Techniques are disclosed for enabling attested end-to-end encryption for transporting sensitive data between devices. In one example, an origination device receives and verifies, in a secure environment, a policy profile that includes an origination key of the origination device and a destination key of a destination device. The origination device generates and seals a data encryption key based on a characteristic of the secure environment. The origination device then encrypts the data encryption key with a public key of the destination device to form an encrypted data encryption key. The origination device then signs the encrypted data encryption key with a private attestation identity key of the origination device. The origination device encrypts the sensitive data with the sealed data encryption key to form encrypted data, and then transmits the signed encrypted data encryption key and the encrypted data to the destination device for subsequent decryption of the encrypted data.Type: ApplicationFiled: August 19, 2020Publication date: February 24, 2022Applicant: Oracle International CorporationInventors: Brian Spencer Payne, Saikat Chakrabarti, Pratibha Anjali Dohare, Rehan Loring Iftikhar