Patents by Inventor Carlin R. Covey
Carlin R. Covey has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9430658Abstract: To securely configure an electronic circuit and provision a product that includes the electronic circuit, a first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the circuit. A second entity (e.g., an OEM): 1) derives a trust anchor from a code signing public key; 2) embeds the trust anchor in a first circuit copy; 3) causes the first circuit copy to generate a secret key derived from the trust anchor and the embedded secret value(s); 4) signs provisioning code using a code signing private key; and 5) sends the code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second circuit copy and causes it to: 1) generate the secret key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code.Type: GrantFiled: December 16, 2014Date of Patent: August 30, 2016Assignee: FREESCALE SEMICONDUCTOR, INC.Inventors: Carlin R. Covey, Lawrence L. Case, Thomas E. Tkacik
-
Patent number: 9424200Abstract: A run-time integrity checking (RTIC) method compatible with memory having at least portions that store data that is changed over time or at least portions configured as virtual memory is provided. For example, the method may comprise storing a table of page entries and accessing the table of page entries by, as an example, an operating system or, as another example, a hypervisor to perform RTIC on memory in which, as an example, an operating system, as another example, a hypervisor, or, as yet another example, application software is stored. The table may, for example, be stored in secure memory or in external memory. The page entry comprises a hash value for the page and a hash valid indicator indicating the validity status of the hash value. The page entry may further comprise a residency indicator indicating a residency status of the memory page.Type: GrantFiled: March 15, 2013Date of Patent: August 23, 2016Assignee: FREESCALE SEMICONDUCTOR, INC.Inventors: Thomas E. Tkacik, Matthew W. Brocker, Carlin R. Covey
-
Patent number: 9384153Abstract: Embodiments of electronic circuits, computer systems, and associated methods include a module that accesses memory using virtual addressing, the memory including local memory that is local to the module and nonlocal memory that is accessible via a system bus coupled to the module, the module including logic coupled to the local memory via a local bus. The logic is configured to receive a memory access specified to a virtual address, determine whether the virtual address is within the local memory, and direct the memory access either to the local memory via the local bus or to the nonlocal memory via the system bus based on the determination.Type: GrantFiled: August 31, 2012Date of Patent: July 5, 2016Assignee: Freescale Semiconductor, Inc.Inventors: Thomas E. Tkacik, Charles E. Cannon, Carlin R. Covey, David H. Hartley, Rodney D. Ziolowski
-
Publication number: 20160171223Abstract: To securely configure an electronic circuit and provision a product that includes the electronic circuit, a first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the circuit. A second entity (e.g., an OEM): 1) derives a trust anchor from a code signing public key; 2) embeds the trust anchor in a first circuit copy; 3) causes the first circuit copy to generate a secret key derived from the trust anchor and the embedded secret value(s); 4) signs provisioning code using a code signing private key; and 5) sends the code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second circuit copy and causes it to: 1) generate the secret key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code.Type: ApplicationFiled: December 16, 2014Publication date: June 16, 2016Inventors: CARLIN R. COVEY, LAWRENCE L. CASE, THOMAS E. TKACIK
-
Patent number: 9129536Abstract: Embodiments of electronic circuits enable security of sensitive data in a design and manufacturing process that includes multiple parties. An embodiment of an electronic circuit can include a private key embedded within the electronic circuit that is derived from a plurality of components including at least one component known only to the electronic circuit and at least one immutable value cryptographically bound into messages and residing on the electronic circuit, public key generation logic that generates a public key to match the private key, and message signing logic that signs messages with the private key.Type: GrantFiled: August 31, 2012Date of Patent: September 8, 2015Assignee: Freescale Semiconductor, Inc.Inventors: Thomas E. Tkacik, Lawrence L. Case, Carlin R. Covey, David H. Hartley, Rodney D. Ziolkowski
-
Patent number: 9100189Abstract: Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity embeds one or more secret values into copies of the circuit. A second entity: 1) embeds a trust anchor in a first copy of the circuit; 2) causes the circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity. The third entity embeds the trust anchor in a second copy of the circuit and causes the circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the circuit.Type: GrantFiled: August 21, 2013Date of Patent: August 4, 2015Assignee: Freescale Semiconductor, Inc.Inventors: David H. Hartley, Thomas E. Tkacik, Carlin R. Covey, Lawrence L. Case, Rodney D. Ziolkowski
-
Patent number: 9100174Abstract: Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the electronic circuit. A second entity (e.g., an OEM): 1) embeds a trust anchor in a first copy of the electronic circuit; 2) causes the electronic circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second copy of the electronic circuit and causes the electronic circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the electronic circuit.Type: GrantFiled: March 20, 2014Date of Patent: August 4, 2015Assignee: Freescale Semiconductor, Inc.Inventors: David H. Hartley, Thomas E. Tkacik, Carlin R. Covey, Lawrence L. Case, Rodney D. Ziolkowski
-
Patent number: 9094205Abstract: Embodiments of methods of provisioning an electronic circuit enable security of sensitive data in a design and manufacturing process that includes multiple parties. In an illustrative embodiment, a method of provisioning an electronic circuit includes generating at least one secret value, embedding the at least one secret value into the electronic circuit, programming into the electronic circuit a private key derivation function that derives the private key from the at least one secret value and a trust anchor, and programming into the electronic circuit a public key generation function that generates a public key matching the private key. The method can further include receiving for execution trust anchor-authenticated logic that contacts a predetermined actor of the plurality of distinct actors and communicates to the predetermined actor a message signed with the private key.Type: GrantFiled: August 31, 2012Date of Patent: July 28, 2015Assignee: Freescale Semiconductor, Inc.Inventors: David H. Hartley, Thomas E. Tkacik, Carlin R. Covey, Lawrence L. Case, Rodney D. Ziolkowski
-
Publication number: 20140281354Abstract: A run-time integrity checking (RTIC) method compatible with memory having at least portions that store data that is changed over time or at least portions configured as virtual memory is provided. For example, the method may comprise storing a table of page entries and accessing the table of page entries by, as an example, an operating system or, as another example, a hypervisor to perform RTIC on memory in which, as an example, an operating system, as another example, a hypervisor, or, as yet another example, application software is stored. The table may, for example, be stored in secure memory or in external memory. The page entry comprises a hash value for the page and a hash valid indicator indicating the validity status of the hash value. The page entry may further comprise a residency indicator indicating a residency status of the memory page.Type: ApplicationFiled: March 15, 2013Publication date: September 18, 2014Inventors: Thomas E. Tkacik, Matthew W. Brocker, Carlin R. Covey
-
Patent number: 8826391Abstract: Embodiments of information processing systems and associated components can include logic operable to perform operations in a virtualized system including a plurality of guest operating systems using descriptors. The descriptors specify a set of commands defining the operations in a plurality of security domains and specify permission to a plurality of resources selectively for the plurality of guest operating systems.Type: GrantFiled: July 2, 2012Date of Patent: September 2, 2014Assignee: Freescale Semiconductor, Inc.Inventors: Thomas E. Tkacik, Carlin R. Covey, David H. Hartley, Steven D. Millman
-
Publication number: 20140205092Abstract: Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the electronic circuit. A second entity (e.g., an OEM): 1) embeds a trust anchor in a first copy of the electronic circuit; 2) causes the electronic circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second copy of the electronic circuit and causes the electronic circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the electronic circuit.Type: ApplicationFiled: March 20, 2014Publication date: July 24, 2014Applicant: FREESCALE SEMICONDUCTOR, INC.Inventors: DAVID H. HARTLEY, THOMAS E. TKACIK, CARLIN R. COVEY, LAWRENCE L. CASE, RODNEY D. ZIOLKOWSKI
-
Publication number: 20140164779Abstract: Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the electronic circuit. A second entity (e.g., an OEM): 1) embeds a trust anchor in a first copy of the electronic circuit; 2) causes the electronic circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second copy of the electronic circuit and causes the electronic circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the electronic circuit.Type: ApplicationFiled: August 21, 2013Publication date: June 12, 2014Applicant: Freescale Semiconductor, Inc.Inventors: DAVID H. HARTLEY, Thomas E. Tkacik, Carlin R. Covey, Lawrence L. Case, Rodney D. Ziolkowski
-
Publication number: 20140068133Abstract: Embodiments of electronic circuits, computer systems, and associated methods include a module that accesses memory using virtual addressing, the memory including local memory that is local to the module and nonlocal memory that is accessible via a system bus coupled to the module, the module including logic coupled to the local memory via a local bus. The logic is configured to receive a memory access specified to a virtual address, determine whether the virtual address is within the local memory, and direct the memory access either to the local memory via the local bus or to the nonlocal memory via the system bus based on the determination.Type: ApplicationFiled: August 31, 2012Publication date: March 6, 2014Inventors: THOMAS E. TKACIK, CHARLES E. CANNON, CARLIN R. COVEY, DAVID H. HARTLEY, RODNEY D. ZIOLOWSKI
-
Publication number: 20140068246Abstract: Embodiments of electronic circuits enable security of sensitive data in a design and manufacturing process that includes multiple parties. An embodiment of an electronic circuit can include a private key embedded within the electronic circuit that is derived from a plurality of components including at least one component known only to the electronic circuit and at least one immutable value cryptographically bound into messages and residing on the electronic circuit, public key generation logic that generates a public key to match the private key, and message signing logic that signs messages with the private key.Type: ApplicationFiled: August 31, 2012Publication date: March 6, 2014Inventors: DAVID H. HARTLEY, THOMAS E. TKACIK, CARLIN R. COVEY, LAWRENCE L. CASE, RODNEY D. ZIOLOWSKI
-
Publication number: 20140064480Abstract: Embodiments of methods of provisioning an electronic circuit enable security of sensitive data in a design and manufacturing process that includes multiple parties. In an illustrative embodiment, a method of provisioning an electronic circuit includes generating at least one secret value, embedding the at least one secret value into the electronic circuit, programming into the electronic circuit a private key derivation function that derives the private key from the at least one secret value and a trust anchor, and programming into the electronic circuit a public key generation function that generates a public key matching the private key. The method can further include receiving for execution trust anchor-authenticated logic that contacts a predetermined actor of the plurality of distinct actors and communicates to the predetermined actor a message signed with the private key.Type: ApplicationFiled: August 31, 2012Publication date: March 6, 2014Inventors: DAVID H. HARTLEY, THOMAS E. TKACIK, CARLIN R. COVEY, LAWRENCE L. CASE, RODNEY D. ZIOLKOWSKI
-
Publication number: 20140006804Abstract: Embodiments of information processing systems and associated components can include logic operable to perform operations in a virtualized system including a plurality of guest operating systems using descriptors. The descriptors specify a set of commands defining the operations in a plurality of security domains and specify permission to a plurality of resources selectively for the plurality of guest operating systems.Type: ApplicationFiled: July 2, 2012Publication date: January 2, 2014Inventors: Thomas E. Tkacik, Carlin R. Covey, David H. Hartley, Steven D. Millman
-
Patent number: 8572410Abstract: Embodiments of an electronic circuit include a cryptographic engine which includes a key derivation function and encryption logic. The key derivation function combines a master secret key with a plurality of key modifiers including at least an operating system tag specific to an operating system, and derives an encryption key from the combined master secret key and plurality of key modifiers. The encryption logic is coupled to the key derivation function and encrypts data using the derived encryption key to generate a cryptographic binary large object (blob) for virtualized protected storage that is accessible only to the operating system specified by the operating system tag.Type: GrantFiled: July 18, 2012Date of Patent: October 29, 2013Assignee: Freescale Semiconductor, Inc.Inventors: Thomas E. Tkacik, Carlin R. Covey
-
Patent number: 8332641Abstract: Under the direction of a first party, an integrated circuit (IC) device is configured to temporarily enable access to a debug interface of the IC device via authentication of the first party by a challenge/response process using a key of the IC device and a challenge value generated at the IC device. The first party then may conduct a software evaluation of the IC device via the debug interface. In response to failing to identify an issue with the IC device from the software evaluation, the first party can permanently enable open access to the debug interface while authenticated and provide the IC device to a second party. Under the direction of the second party, a hardware evaluation of the IC device is conducted via the debug interface that was permanently opened by the first party.Type: GrantFiled: January 30, 2009Date of Patent: December 11, 2012Assignee: Freescale Semiconductor, Inc.Inventors: Lawrence L. Case, Asaf Ashkenazi, Ruchir Chhabra, Carlin R. Covey, David H. Hartley, Troy E. Mackie, Alistair N. Muir, Mark D. Redman, Thomas E. Tkacik, John J. Vaglica, Rodney D. Ziolkowski
-
Patent number: 8117642Abstract: A computing device (10) includes a trusted execution environment (TEE) manager (40) that manages a switchover from non-trusted software (116) to trusted software (118). The TEE manager (40) includes memory (90) configured to store password-bearing, immediate-operand instructions (54). At the point of switching between the non-trusted software (116) and the trusted software (118) the memory (90) may be accessed as instruction fetches, and its contents fetched into a CPU core (24) as instructions. Immediate-operand portions (60) of the immediate-operand instructions (54) provide passwords, which are written back into guess registers (80) within the TEE manager (40). When a predetermined relationship between the instructions (54) and guesses in guess registers (80) is identified, actual execution of the immediate-operand instructions (54) is verified, the TEE mode of operation is signaled, and security-sensitive hardware (44) is enabled for use by a privileged routine (42) portion of the trusted software (118).Type: GrantFiled: March 21, 2008Date of Patent: February 14, 2012Assignee: Freescale Semiconductor, Inc.Inventors: Carlin R. Covey, Ronald B. Harvey, Mark D. Redman, Thomas E. Tkacik
-
Publication number: 20100199077Abstract: Under the direction of a first party, an integrated circuit (IC) device is configured to temporarily enable access to a debug interface of the IC device via authentication of the first party by a challenge/response process using a key of the IC device and a challenge value generated at the IC device. The first party then may conduct a software evaluation of the IC device via the debug interface. In response to failing to identify an issue with the IC device from the software evaluation, the first party can permanently enable open access to the debug interface while authenticated and provide the IC device to a second party. Under the direction of the second party, a hardware evaluation of the IC device is conducted via the debug interface that was permanently opened by the first party.Type: ApplicationFiled: January 30, 2009Publication date: August 5, 2010Applicant: FREESCALE SEMICONDUCTOR, INC.Inventors: Lawrence L. Case, Asaf Ashkenazi, Ruchir Chhabra, Carlin R. Covey, David H. Hartley, Troy E. Mackie, Alistair N. Muir, Mark D. Redman, Thomas E. Tkacik, John J. Vaglica, Rodney D. Ziolkowski