Patents by Inventor Bryan David Kelly
Bryan David Kelly has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11971993Abstract: A system includes a stored counter value and a stored boot manifest including a manifest type flag. A manifest type of the boot manifest is determined based on the manifest type flag, a tenancy mode is determined based on a parity of the counter value, a first boot is executed if the manifest type is a first manifest type and the tenancy mode is a first tenancy mode, a second boot flow is executed if the manifest type is the first manifest type and the tenancy mode is a second tenancy mode, a third boot flow is executed if the manifest type is a second manifest type and the tenancy mode is the first tenancy mode, and a fourth boot flow is executed if the manifest type is the second manifest type and the tenancy mode is the second tenancy mode.Type: GrantFiled: June 1, 2021Date of Patent: April 30, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Vishal Soni, Bryan David Kelly
-
Publication number: 20240137203Abstract: The techniques disclosed herein are directed to devices, circuits, systems, and techniques to mitigate the impact of side-channel attacks on a cryptography function in a target system. The Razor flip-flops are inserted into critical paths of the cryptography function of the target system, including at rest blocks such as key vaults and data vaults, and also including registers and/or pipelines used for calculations within the cryptography functions. Errors detected by the Razor flip-flops are processed by error detection logic in the cryptographic function, which continues the calculations until completion. The generated key and data value pairs resulting from detected errors are discarded, silently ignored without disrupting the calculation process. The schemes disclosed herein mitigate the impact of side-channel attacks with a digital logic based implementation, with reduced complexity and reduced cost.Type: ApplicationFiled: October 24, 2022Publication date: April 25, 2024Inventors: Bharat S. PILLILLI, Bryan David KELLY, Vishal SONI
-
Publication number: 20240120071Abstract: Methods, systems, and techniques for providing visual expertise to objectively measure, evaluate, and visualize aesthetic change are provided. Example embodiments provide an Aesthetic Delta Measurement System (“ADMS”), which enables users to objectively measure and visualize aesthetic health and wellness and treatment outcomes and to continuously supplement a knowledge repository of objective aesthetic data based upon a combination of automated machine learning and surveyed human input data. The ADMS provides a labeling platform for labeling aesthetic health and wellness over large populations of individuals and a personal analysis application for viewing an individuals aesthetic changes over time. The ADMS provides labeling of images using guides with corresponding discrete scalar values or using pairwise comparison techniques.Type: ApplicationFiled: February 2, 2022Publication date: April 11, 2024Applicant: LoveMyDelta Inc.Inventors: James M. Smartt, Jr., Bryan Allan Comstock, Navdeep S. Dhillon, Jason David Kelly, David S. Spencer, Carsten Tusk
-
Patent number: 11893118Abstract: Embodiments described herein are directed to transferring the ownership of a computing device from one entity to another entity. For example, a security processor is utilized to boot the computing device. During a boot session, the security processor loads and executes boot code, which determines whether specialized firmware authorized by the current owner indicates whether a transfer of ownership is to occur. In response to determining that the specialized firmware indicates that a transfer of ownership is to occur, the secure processor loads and executes the specialized firmware. The specialized firmware, when executed, causes the security processor to program a set of fuses with the public key of the new owner. Execution of the specialized firmware also causes the security processor to invalidate the public key of the original owner, which is stored in another set of fuses.Type: GrantFiled: May 25, 2021Date of Patent: February 6, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Md. Nazmus Sakib, Bryan David Kelly, Ling Tony Chen, Peter David Waxman
-
Patent number: 11853428Abstract: Embodiments described herein are directed to firmware policy enforcement of a computing device. For example, a security processor of the computing device is utilized to boot the computing device. During a boot session, the security processor loads and executes specialized firmware. The specialized firmware, when executed, causes the security processor to determine whether other types of firmware to be executed on the computing device is in compliance with a policy specified by the specialized firmware. Based at least on a determination that the other firmware is in compliance with the policy, the security processor executes the other firmware. Based at least on a determination that the other firmware is not in compliance with the policy, the security processor performs a mitigation with respect to the other firmware.Type: GrantFiled: June 2, 2021Date of Patent: December 26, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Md. Nazmus Sakib, Bryan David Kelly, Ling Tony Chen, Peter David Waxman
-
Publication number: 20230341924Abstract: Techniques are described herein that are capable of reducing latency of changing an operating state of a processor from a low-power state to a normal-power state. For example, providing a notification from a hardware system to the processor or receiving the notification at the processor, indicating that a transaction layer packet will be provided to the processor at a future time, may trigger the processor to change the operating state from the low-power state to the normal-power state. In another example, receipt of a transaction layer packet at the processor from a hardware system may trigger the processor to change the operating state from the low-power state to the normal-power state.Type: ApplicationFiled: April 22, 2022Publication date: October 26, 2023Inventors: Bharat Srinivas PILLILLI, Bryan David KELLY
-
Publication number: 20230325225Abstract: Systems and methods for a confidential compute architecture integrated with direct swap caching are described. An example method for managing a near memory and a far memory includes, in response to determining that the far memory contains an encrypted version of a first block of data, retrieving from the far memory the encrypted version of the first block of data, decrypting the first block of data using a first key for exclusive use by a first virtual machine associated with the system, and providing a decrypted version of the first block of data to the requestor. The method further includes swapping out a second block of data having an address conflict with the first block of data from the near memory to the far memory, where the second block of data is encrypted using a second key for exclusive use by a second virtual machine associated with the system.Type: ApplicationFiled: April 8, 2022Publication date: October 12, 2023Inventors: Ishwar AGARWAL, Bryan David KELLY, Vishal SONI
-
Publication number: 20230051347Abstract: Methods, systems, apparatuses, and computer-readable storage mediums described herein enable executable code of a hardware security platform (HSP) circuit to communicate with a hypervisor in a separate processor. The hypervisor generates and manages virtual machines. The HSP code comprises trusted platform module (TPM) logic, that processes TPM commands received via the hypervisor, and in response to the processing, communicates security information (e.g., measurements, keys, authorization data) with the virtual machines via the hypervisor. The TPM logic receives security information related to a virtual machine from the hypervisor and stores the security information in non-volatile memory of the HSP circuit, where security information from a particular VM is distinguishable from security information from another VM in the HSP memory.Type: ApplicationFiled: August 12, 2021Publication date: February 16, 2023Inventors: Md. Nazmus SAKIB, Ronald AIGNER, Ling Tony CHEN, Peter David WAXMAN, David Guy WESTON, Bryan David KELLY
-
Publication number: 20220391510Abstract: Embodiments described herein are directed to firmware policy enforcement of a computing device. For example, a security processor of the computing device is utilized to boot the computing device. During a boot session, the security processor loads and executes specialized firmware. The specialized firmware, when executed, causes the security processor to determine whether other types of firmware to be executed on the computing device is in compliance with a policy specified by the specialized firmware. Based at least on a determination that the other firmware is in compliance with the policy, the security processor executes the other firmware. Based at least on a determination that the other firmware is not in compliance with the policy, the security processor performs a mitigation with respect to the other firmware.Type: ApplicationFiled: June 2, 2021Publication date: December 8, 2022Inventors: Md. Nazmus SAKIB, Bryan David KELLY, Ling Tony CHEN, Peter David WAXMAN
-
Publication number: 20220382873Abstract: A system includes a stored counter value and a stored boot manifest including a manifest type flag. A manifest type of the boot manifest is determined based on the manifest type flag, a tenancy mode is determined based on a parity of the counter value, a first boot is executed if the manifest type is a first manifest type and the tenancy mode is a first tenancy mode, a second boot flow is executed if the manifest type is the first manifest type and the tenancy mode is a second tenancy mode, a third boot flow is executed if the manifest type is a second manifest type and the tenancy mode is the first tenancy mode, and a fourth boot flow is executed if the manifest type is the second manifest type and the tenancy mode is the second tenancy mode.Type: ApplicationFiled: June 1, 2021Publication date: December 1, 2022Inventors: Vishal SONI, Bryan David KELLY
-
Publication number: 20220382872Abstract: Embodiments described herein are directed to transferring the ownership of a computing device from one entity to another entity. For example, a security processor is utilized to boot the computing device. During a boot session, the security processor loads and executes boot code, which determines whether specialized firmware authorized by the current owner indicates whether a transfer of ownership is to occur. In response to determining that the specialized firmware indicates that a transfer of ownership is to occur, the secure processor loads and executes the specialized firmware. The specialized firmware, when executed, causes the security processor to program a set of fuses with the public key of the new owner. Execution of the specialized firmware also causes the security processor to invalidate the public key of the original owner, which is stored in another set of fuses.Type: ApplicationFiled: May 25, 2021Publication date: December 1, 2022Inventors: Md. Nazmus SAKIB, Bryan David KELLY, Ling Tony CHEN, Peter David WAXMAN
-
Patent number: 11288372Abstract: A computing device includes circuitry that is configured to disable a physical interface between a baseboard management controller (BMC) and a processor when the BMC is not running and a logical interface between the BMC and the processor is not available. Disabling the physical interface prevents an attacker from writing malicious code to the BMC using the physical interface. The computing device also includes circuitry that enables the physical interface between the BMC and the processor in response to receiving a unique signal sequence from a trusted external entity. When firmware should be installed on the BMC, someone with proper authorization can cause the trusted external entity to send the unique signal sequence to the circuitry on the computing device, thereby enabling the physical interface between the BMC and the processor. The processor can then write the firmware to non-volatile memory within the BMC across the physical interface.Type: GrantFiled: October 7, 2019Date of Patent: March 29, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Neeraj Ladkani, Bryan David Kelly
-
Patent number: 11176020Abstract: A system and method of monitoring a status of a server using a baseboard management controller (BMC) is disclosed. First, the BMC may access a status code generated in Domain 0 of the server through a command line interface to the server and send the status code to an alert management system. Second, the BMC may snoop on a status code generated in the hypervisor of the server through input/output port 80h and send the status code to the alert management system. Third, the BMC may read a status code generated in the hypervisor and written in a Model Specific Register (MSR) and send the status code to the alert management system. The system and method can enable the alert management system to readily recognize the occurrence of an error, including the type of the error which is a software error, and the cause of the error in real time or nearly real time.Type: GrantFiled: November 5, 2019Date of Patent: November 16, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Bryan David Kelly, Neeraj Ladkani
-
Publication number: 20210133081Abstract: A system and method of monitoring a status of a server using a baseboard management controller (BMC) is disclosed. First, the BMC may access a status code generated in Domain 0 of the server through a command line interface to the server and send the status code to an alert management system. Second, the BMC may snoop on a status code generated in the hypervisor of the server through input/output port 80h and send the status code to the alert management system. Third, the BMC may read a status code generated in the hypervisor and written in a Model Specific Register (MSR) and send the status code to the alert management system. The system and method can enable the alert management system to readily recognize the occurrence of an error, including the type of the error which is a software error, and the cause of the error in real time or nearly real time.Type: ApplicationFiled: November 5, 2019Publication date: May 6, 2021Applicant: Microsoft Technology Licensing, LLCInventors: Bryan David KELLY, Neeraj LADKANI
-
Publication number: 20210103659Abstract: A computing device includes circuitry that is configured to disable a physical interface between a baseboard management controller (BMC) and a processor when the BMC is not running and a logical interface between the BMC and the processor is not available. Disabling the physical interface prevents an attacker from writing malicious code to the BMC using the physical interface. The computing device also includes circuitry that enables the physical interface between the BMC and the processor in response to receiving a unique signal sequence from a trusted external entity. When firmware should be installed on the BMC, someone with proper authorization can cause the trusted external entity to send the unique signal sequence to the circuitry on the computing device, thereby enabling the physical interface between the BMC and the processor. The processor can then write the firmware to non-volatile memory within the BMC across the physical interface.Type: ApplicationFiled: October 7, 2019Publication date: April 8, 2021Inventors: Neeraj LADKANI, Bryan David KELLY
-
Patent number: 10839080Abstract: A Root of Trust hardware hierarchy provides firmware security for motherboard and peripheral devices. Power is received at a computer system and, in response to the receipt of power, of a standby power rail of a motherboard of the computer system is energized, and a first microcontroller mounted on the motherboard authenticates first firmware associated with a baseboard management controller mounted on the motherboard and coupled to the first microcontroller. If the authentication of the first firmware is successful, the baseboard management controller is powered on, a central processing unit coupled to the first microcontroller is held in reset, and a standby power rail of a peripheral component card coupled to the motherboard is energized.Type: GrantFiled: September 1, 2017Date of Patent: November 17, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Badriddine Khessib, Bryan David Kelly, Mallik Bulusu
-
Patent number: 10740252Abstract: A processor may be coupled to a flash memory by way of an interface. The processor may be caused to read and/or write data, such as computer executable instructions, from/to the flash memory via the interface. An interface filter may be interposed between the processor and the flash memory to enhance the security and validity of data transactions associated with the processor and the flash memory.Type: GrantFiled: April 20, 2018Date of Patent: August 11, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Bryan David Kelly, Christopher Lawrence Weimer, Mark Andrew Shaw, Priya Raghu
-
Publication number: 20190324923Abstract: A processor may be coupled to a flash memory by way of an interface. The processor may be caused to read and/or write data, such as computer executable instructions, from/to the flash memory via the interface. An interface filter may be interposed between the processor and the flash memory to enhance the security and validity of data transactions associated with the processor and the flash memory.Type: ApplicationFiled: April 20, 2018Publication date: October 24, 2019Inventors: Bryan David KELLY, Christopher Lawrence WEIMER, Mark Andrew SHAW, Priya RAGHU
-
Publication number: 20190073478Abstract: A Root of Trust hardware hierarchy provides firmware security for motherboard and peripheral devices. Power is received at a computer system and, in response to the receipt of power, of a standby power rail of a motherboard of the computer system is energized, and a first microcontroller mounted on the motherboard authenticates first firmware associated with a baseboard management controller mounted on the motherboard and coupled to the first microcontroller. If the authentication of the first firmware is successful, the baseboard management controller is powered on, a central processing unit coupled to the first microcontroller is held in reset, and a standby power rail of a peripheral component card coupled to the motherboard is energized.Type: ApplicationFiled: September 1, 2017Publication date: March 7, 2019Inventors: Badriddine KHESSIB, Bryan David KELLY, Mallik BULUSU
-
Patent number: 9603282Abstract: Management of infrastructure devices is performed by computing devices that are associated with the processing being provided by the data center, such as chassis managers. A master is first selected through polling or consensus algorithms, and then subsequently the master is endowed with the authority to manage infrastructure devices and generate the control output to such infrastructure devices. Alternatively, no master need be elected and, instead, output to such infrastructure devices is generated by a computing device selected utilizing polling or consensus algorithms, and in accordance with a management decision made through polling or consensus algorithms. The interplay between the cooling apparatuses of individual server computing devices and the cooling apparatuses of the data center as a whole is also managed to increase the portion of the cooling of server computing devices provided by data center air movers. Control of data center air movers can be determined empirically or predictively.Type: GrantFiled: January 3, 2014Date of Patent: March 21, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Bryan David Kelly, Badriddine Khessib, Sriram Govindan, Sriram Sankar, Brandon Aaron Rubenstein