Patents by Inventor Brian W. Pruss
Brian W. Pruss has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11652625Abstract: A system and process for performing a touchless key provisioning operation for a communication device. In operation, a key management facility (KMF) imports a public key and a public key identifier uniquely identifying the public key of the communication device. The public key is associated with an asymmetric key pair generated at the communication device during its factory provisioning and configuration. The KMF registers the communication device and assigns a key encryption key (KEK) for the communication device. The KMF then provisions the communication device by deriving a symmetric touchless key provisioning (TKP) key based at least in part on the public key of the communication device, encrypting the KEK with the symmetric TKP key to generate a key wrapped KEK, and transmitting the key wrapped KEK to the communication device for decryption by the communication device.Type: GrantFiled: June 11, 2021Date of Patent: May 16, 2023Assignee: MOTOROLA SOLUTIONS, INC.Inventors: Gary P Hunsberger, Chris A Kruegel, Kenneth C Fuchs, Pawel Fafara, Brian W Pruss, Jakub Trojanek
-
Publication number: 20220400006Abstract: A system and process for performing a touchless key provisioning operation for a communication device. In operation, a key management facility (KMF) imports a public key and a public key identifier uniquely identifying the public key of the communication device. The public key is associated with an asymmetric key pair generated at the communication device during its factory provisioning and configuration. The KMF registers the communication device and assigns a key encryption key (KEK) for the communication device. The KMF then provisions the communication device by deriving a symmetric touchless key provisioning (TKP) key based at least in part on the public key of the communication device, encrypting the KEK with the symmetric TKP key to generate a key wrapped KEK, and transmitting the key wrapped KEK to the communication device for decryption by the communication device.Type: ApplicationFiled: June 11, 2021Publication date: December 15, 2022Inventors: Gary P. HUNSBERGER, Chris A. KRUEGEL, Kenneth C. FUCHS, Pawel FAFARA, Brian W. PRUSS, Jakub TROJANEK
-
Patent number: 11113424Abstract: A device, system and method for installing encrypted data are provided. A device includes a processor comprising: immutable memory storing preconfigured trust anchor data; and a module storing preconfigured non-exportable data.Type: GrantFiled: May 7, 2019Date of Patent: September 7, 2021Assignee: MOTOROLA SOLUTIONS, INC.Inventors: Brian W. Pruss, Ellis A. Pinder, Thomas S. Messerges
-
Patent number: 10979232Abstract: Provisioning device certificates for electronic processors. One example method includes receiving a flashloader at the electronic processor. The method also includes validating the flashloader with the electronic processor. After validating the flashloader, the method includes receiving an encrypted provisioned key bundle at the electronic processor. The method also includes decrypting the encrypted provisioned key bundle with the electronic processor using a provisioning key to create a decrypted provisioned key bundle. The method further includes executing a provisioning process on the electronic processor using the decrypted provisioned key bundle.Type: GrantFiled: May 31, 2018Date of Patent: April 13, 2021Assignee: MOTOROLA SOLUTIONS, INC.Inventors: Thomas S. Messerges, Brian W. Pruss, Kenneth C. Fuchs, Adam C. Lewis
-
Publication number: 20200356701Abstract: A device, system and method for installing encrypted data are provided. A device includes a processor comprising: immutable memory storing preconfigured trust anchor data; and a module storing preconfigured non-exportable data.Type: ApplicationFiled: May 7, 2019Publication date: November 12, 2020Inventors: Brian W. PRUSS, Ellis A. PINDER, Thomas S. MESSERGES
-
Publication number: 20200196177Abstract: A method and apparatus for selective frequency signal metric collection via location is provided. A radio frequency (RF) analysis system may periodically send to a mobile device an indication of at least one geographic area of interest, the at least one geographic area of interest is based on an RF coverage heatmap. RF signal measurement may be received form the mobile device, wherein the mobile device takes RF signal measurements at a first rate when outside the at least one geographic area of interest and at a second rate when within the at least one geographic area of interest. The RF coverage heatmap may be updated based on the received RF signal measurements. The at least one geographic area of interest may be updated based on the updated RF coverage heatmap.Type: ApplicationFiled: December 18, 2018Publication date: June 18, 2020Inventors: BRIAN W. PRUSS, ERIC P. GREBNER, FELIX H GARRIDO
-
Publication number: 20190372780Abstract: Provisioning device certificates for electronic processors. One example method includes receiving a flashloader at the electronic processor. The method also includes validating the flashloader with the electronic processor. After validating the flashloader, the method includes receiving an encrypted provisioned key bundle at the electronic processor. The method also includes decrypting the encrypted provisioned key bundle with the electronic processor using a provisioning key to create a decrypted provisioned key bundle. The method further includes executing a provisioning process on the electronic processor using the decrypted provisioned key bundle.Type: ApplicationFiled: May 31, 2018Publication date: December 5, 2019Inventors: Thomas S. Messerges, Brian W. Pruss, Kenneth C. Fuchs, Adam C. Lewis
-
Publication number: 20160191478Abstract: A method and computing device for integrating a key management system with a Pre-Shared Key (PSK)-authenticated Internet Key Exchange (IKE). The method comprises the following: An IKE Identification Payload including an Identification Data field is generated via a first computing device. The Identification Data field comprises: a user identifier (ID) field uniquely identifying one or more of a user of the first computing device and the first computing device; a key ID field uniquely identifying a PSK; and a separator between the user ID field and the key ID field. The IKE Identification Payload is transmitted from the first computing device to a second computing device as part of the IKE.Type: ApplicationFiled: December 31, 2014Publication date: June 30, 2016Inventors: BRIAN W. PRUSS, MARK A. BOERGER, ROBERT HORVATH, ADDAM L. KRUCEK
-
Patent number: 8498410Abstract: A key variable loader receives a set of Rijndael parameters that were verified using a simulation computer, wherein the set of Rijndael parameters provide an input for implementing at least one step of the Rijndael block cipher and when used with a secret key allow a conversion between plain text and cipher text using the Rijndael block cipher. The key variable loader further stores the set of Rijndael parameters and subsequently provides the set of Rijndael parameters to a device having a customizable Rijndael block cipher, like a subscriber unit or a key management facility.Type: GrantFiled: March 14, 2011Date of Patent: July 30, 2013Assignee: Motorola Solutions, Inc.Inventors: Brian W. Pruss, Gary W. Schluckbier
-
Patent number: 8424100Abstract: Systems and methods for vetting data include receiving a notification at a second processor that a first processor has written first output data to an output data buffer in an output device. A hardware-implemented buffer access flag controls a permission for the first processor to write data to the output data buffer. The second processor sets the hardware-implemented buffer access flag to a first setting that prevents the first processor from writing additional output data to the output data buffer while the first output data in the output data buffer is being inspected. The second processor has a read-write permission to the hardware-implemented buffer access flag. The first processor has a read-only permission to the hardware-implemented buffer access flag.Type: GrantFiled: March 29, 2010Date of Patent: April 16, 2013Assignee: Motorola Solutions, Inc.Inventors: Kenneth C. Fuchs, Brian W. Pruss, Gary W. Schluckbier
-
Publication number: 20120237020Abstract: A key variable loader receives a set of Rijndael parameters that were verified using a simulation computer, wherein the set of Rijndael parameters provide an input for implementing at least one step of the Rijndael block cipher and when used with a secret key allow a conversion between plain text and cipher text using the Rijndael block cipher. The key variable loader further stores the set of Rijndael parameters and subsequently provides the set of Rijndael parameters to a device having a customizable Rijndael block cipher, like a subscriber unit or a key management facility.Type: ApplicationFiled: March 14, 2011Publication date: September 20, 2012Applicant: MOTOROLA SOLUTIONS, INC.Inventors: BRIAN W. PRUSS, GARY W. SCHLUCKBIER
-
Patent number: 8250356Abstract: A system and method of providing secure communications is provided. Messages are encrypted or decrypted in protected memory of a processor. Outbound messages from a secure network are prepared for encryption by adding a header outside of the protected memory and then encrypted in the protected memory. The encryption is performed by retrieving a key from a key cache as designated by rules in the header. The encrypted message is sent to the unsecure network. An inbound message from an unsecure network that is received in unprotected memory is sent to a decryption module in protected memory. The inbound message is decrypted using a key designated in its header and retrieved from the key cache. The decrypted message is returned to the unprotected memory, where it is stripped of the encryption header and then sent to its destination within the secure network.Type: GrantFiled: November 21, 2008Date of Patent: August 21, 2012Assignee: Motorola Solutions, Inc.Inventors: Brian W. Pruss, Kenneth C. Fuchs, Timothy M. Langham
-
Publication number: 20110239308Abstract: Systems and methods for vetting data include receiving a notification at a second processor that a first processor has written first output data to an output data buffer in an output device. A hardware-implemented buffer access flag controls a permission for the first processor to write data to the output data buffer. The second processor sets the hardware-implemented buffer access flag to a first setting that prevents the first processor from writing additional output data to the output data buffer while the first output data in the output data buffer is being inspected. The second processor has a read-write permission to the hardware-implemented buffer access flag. The first processor has a read-only permission to the hardware-implemented buffer access flag.Type: ApplicationFiled: March 29, 2010Publication date: September 29, 2011Applicant: MOTOROLA, INC.Inventors: Kenneth C. Fuchs, Brian W. Pruss, Gary W. Schluckbier
-
Publication number: 20100131750Abstract: A system and method of providing secure communications is provided. Messages are encrypted or decrypted in protected memory of a processor. Outbound messages from a secure network are prepared for encryption by adding a header outside of the protected memory and then encrypted in the protected memory. The encryption is performed by retrieving a key from a key cache as designated by rules in the header. The encrypted message is sent to the unsecure network. An inbound message from an unsecure network that is received in unprotected memory is sent to a decryption module in protected memory. The inbound message is decrypted using a key designated in its header and retrieved from the key cache. The decrypted message is returned to the unprotected memory, where it is stripped of the encryption header and then sent to its destination within the secure network.Type: ApplicationFiled: November 21, 2008Publication date: May 27, 2010Applicant: MOTOROLA, INC.Inventors: BRIAN W. PRUSS, KENNETH C. FUCHS, TIMOTHY M. LANGHAM
-
Patent number: 7406711Abstract: A single-chip integrated circuit comprising a first processor for executing a plurality of applications, a second processor for executing a plurality of applications, at least one of a) at least one embedded peripheral and b) at least one memory, and a bus monitor for allowing access to the at least one of a) the at least one embedded peripheral and b) the at least one memory, if the access is allowed, wherein the bus monitor comprises a mapping of access rights to the at least one of a) the at least one embedded peripheral and b) the at least one memory for the first processor and the second processor is disclosed.Type: GrantFiled: September 2, 2005Date of Patent: July 29, 2008Assignee: Motorola, Inc.Inventors: Kenneth C. Fuchs, Brian W. Pruss, Timothy M. Langham