Patents by Inventor Carlin R. Covey

Carlin R. Covey has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9430658
    Abstract: To securely configure an electronic circuit and provision a product that includes the electronic circuit, a first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the circuit. A second entity (e.g., an OEM): 1) derives a trust anchor from a code signing public key; 2) embeds the trust anchor in a first circuit copy; 3) causes the first circuit copy to generate a secret key derived from the trust anchor and the embedded secret value(s); 4) signs provisioning code using a code signing private key; and 5) sends the code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second circuit copy and causes it to: 1) generate the secret key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code.
    Type: Grant
    Filed: December 16, 2014
    Date of Patent: August 30, 2016
    Assignee: FREESCALE SEMICONDUCTOR, INC.
    Inventors: Carlin R. Covey, Lawrence L. Case, Thomas E. Tkacik
  • Patent number: 9424200
    Abstract: A run-time integrity checking (RTIC) method compatible with memory having at least portions that store data that is changed over time or at least portions configured as virtual memory is provided. For example, the method may comprise storing a table of page entries and accessing the table of page entries by, as an example, an operating system or, as another example, a hypervisor to perform RTIC on memory in which, as an example, an operating system, as another example, a hypervisor, or, as yet another example, application software is stored. The table may, for example, be stored in secure memory or in external memory. The page entry comprises a hash value for the page and a hash valid indicator indicating the validity status of the hash value. The page entry may further comprise a residency indicator indicating a residency status of the memory page.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: August 23, 2016
    Assignee: FREESCALE SEMICONDUCTOR, INC.
    Inventors: Thomas E. Tkacik, Matthew W. Brocker, Carlin R. Covey
  • Patent number: 9384153
    Abstract: Embodiments of electronic circuits, computer systems, and associated methods include a module that accesses memory using virtual addressing, the memory including local memory that is local to the module and nonlocal memory that is accessible via a system bus coupled to the module, the module including logic coupled to the local memory via a local bus. The logic is configured to receive a memory access specified to a virtual address, determine whether the virtual address is within the local memory, and direct the memory access either to the local memory via the local bus or to the nonlocal memory via the system bus based on the determination.
    Type: Grant
    Filed: August 31, 2012
    Date of Patent: July 5, 2016
    Assignee: Freescale Semiconductor, Inc.
    Inventors: Thomas E. Tkacik, Charles E. Cannon, Carlin R. Covey, David H. Hartley, Rodney D. Ziolowski
  • Publication number: 20160171223
    Abstract: To securely configure an electronic circuit and provision a product that includes the electronic circuit, a first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the circuit. A second entity (e.g., an OEM): 1) derives a trust anchor from a code signing public key; 2) embeds the trust anchor in a first circuit copy; 3) causes the first circuit copy to generate a secret key derived from the trust anchor and the embedded secret value(s); 4) signs provisioning code using a code signing private key; and 5) sends the code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second circuit copy and causes it to: 1) generate the secret key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code.
    Type: Application
    Filed: December 16, 2014
    Publication date: June 16, 2016
    Inventors: CARLIN R. COVEY, LAWRENCE L. CASE, THOMAS E. TKACIK
  • Patent number: 9129536
    Abstract: Embodiments of electronic circuits enable security of sensitive data in a design and manufacturing process that includes multiple parties. An embodiment of an electronic circuit can include a private key embedded within the electronic circuit that is derived from a plurality of components including at least one component known only to the electronic circuit and at least one immutable value cryptographically bound into messages and residing on the electronic circuit, public key generation logic that generates a public key to match the private key, and message signing logic that signs messages with the private key.
    Type: Grant
    Filed: August 31, 2012
    Date of Patent: September 8, 2015
    Assignee: Freescale Semiconductor, Inc.
    Inventors: Thomas E. Tkacik, Lawrence L. Case, Carlin R. Covey, David H. Hartley, Rodney D. Ziolkowski
  • Patent number: 9100189
    Abstract: Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity embeds one or more secret values into copies of the circuit. A second entity: 1) embeds a trust anchor in a first copy of the circuit; 2) causes the circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity. The third entity embeds the trust anchor in a second copy of the circuit and causes the circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the circuit.
    Type: Grant
    Filed: August 21, 2013
    Date of Patent: August 4, 2015
    Assignee: Freescale Semiconductor, Inc.
    Inventors: David H. Hartley, Thomas E. Tkacik, Carlin R. Covey, Lawrence L. Case, Rodney D. Ziolkowski
  • Patent number: 9100174
    Abstract: Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the electronic circuit. A second entity (e.g., an OEM): 1) embeds a trust anchor in a first copy of the electronic circuit; 2) causes the electronic circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second copy of the electronic circuit and causes the electronic circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the electronic circuit.
    Type: Grant
    Filed: March 20, 2014
    Date of Patent: August 4, 2015
    Assignee: Freescale Semiconductor, Inc.
    Inventors: David H. Hartley, Thomas E. Tkacik, Carlin R. Covey, Lawrence L. Case, Rodney D. Ziolkowski
  • Patent number: 9094205
    Abstract: Embodiments of methods of provisioning an electronic circuit enable security of sensitive data in a design and manufacturing process that includes multiple parties. In an illustrative embodiment, a method of provisioning an electronic circuit includes generating at least one secret value, embedding the at least one secret value into the electronic circuit, programming into the electronic circuit a private key derivation function that derives the private key from the at least one secret value and a trust anchor, and programming into the electronic circuit a public key generation function that generates a public key matching the private key. The method can further include receiving for execution trust anchor-authenticated logic that contacts a predetermined actor of the plurality of distinct actors and communicates to the predetermined actor a message signed with the private key.
    Type: Grant
    Filed: August 31, 2012
    Date of Patent: July 28, 2015
    Assignee: Freescale Semiconductor, Inc.
    Inventors: David H. Hartley, Thomas E. Tkacik, Carlin R. Covey, Lawrence L. Case, Rodney D. Ziolkowski
  • Publication number: 20140281354
    Abstract: A run-time integrity checking (RTIC) method compatible with memory having at least portions that store data that is changed over time or at least portions configured as virtual memory is provided. For example, the method may comprise storing a table of page entries and accessing the table of page entries by, as an example, an operating system or, as another example, a hypervisor to perform RTIC on memory in which, as an example, an operating system, as another example, a hypervisor, or, as yet another example, application software is stored. The table may, for example, be stored in secure memory or in external memory. The page entry comprises a hash value for the page and a hash valid indicator indicating the validity status of the hash value. The page entry may further comprise a residency indicator indicating a residency status of the memory page.
    Type: Application
    Filed: March 15, 2013
    Publication date: September 18, 2014
    Inventors: Thomas E. Tkacik, Matthew W. Brocker, Carlin R. Covey
  • Patent number: 8826391
    Abstract: Embodiments of information processing systems and associated components can include logic operable to perform operations in a virtualized system including a plurality of guest operating systems using descriptors. The descriptors specify a set of commands defining the operations in a plurality of security domains and specify permission to a plurality of resources selectively for the plurality of guest operating systems.
    Type: Grant
    Filed: July 2, 2012
    Date of Patent: September 2, 2014
    Assignee: Freescale Semiconductor, Inc.
    Inventors: Thomas E. Tkacik, Carlin R. Covey, David H. Hartley, Steven D. Millman
  • Publication number: 20140205092
    Abstract: Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the electronic circuit. A second entity (e.g., an OEM): 1) embeds a trust anchor in a first copy of the electronic circuit; 2) causes the electronic circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second copy of the electronic circuit and causes the electronic circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the electronic circuit.
    Type: Application
    Filed: March 20, 2014
    Publication date: July 24, 2014
    Applicant: FREESCALE SEMICONDUCTOR, INC.
    Inventors: DAVID H. HARTLEY, THOMAS E. TKACIK, CARLIN R. COVEY, LAWRENCE L. CASE, RODNEY D. ZIOLKOWSKI
  • Publication number: 20140164779
    Abstract: Embodiments include methods for securely provisioning copies of an electronic circuit. A first entity (e.g., a chip manufacturer) embeds one or more secret values into copies of the electronic circuit. A second entity (e.g., an OEM): 1) embeds a trust anchor in a first copy of the electronic circuit; 2) causes the electronic circuit to generate a message signing key pair using the trust anchor and the embedded secret value(s); 3) signs provisioning code using a code signing private key; and 4) sends a corresponding code signing public key, the trust anchor, and the signed provisioning code to a third entity (e.g., a product manufacturer). The third entity embeds the trust anchor in a second copy of the electronic circuit and causes the electronic circuit to: 1) generate the message signing private key; 2) verify the signature of the signed provisioning code using the code signing public key; and 3) launch the provisioning code on the electronic circuit.
    Type: Application
    Filed: August 21, 2013
    Publication date: June 12, 2014
    Applicant: Freescale Semiconductor, Inc.
    Inventors: DAVID H. HARTLEY, Thomas E. Tkacik, Carlin R. Covey, Lawrence L. Case, Rodney D. Ziolkowski
  • Publication number: 20140068133
    Abstract: Embodiments of electronic circuits, computer systems, and associated methods include a module that accesses memory using virtual addressing, the memory including local memory that is local to the module and nonlocal memory that is accessible via a system bus coupled to the module, the module including logic coupled to the local memory via a local bus. The logic is configured to receive a memory access specified to a virtual address, determine whether the virtual address is within the local memory, and direct the memory access either to the local memory via the local bus or to the nonlocal memory via the system bus based on the determination.
    Type: Application
    Filed: August 31, 2012
    Publication date: March 6, 2014
    Inventors: THOMAS E. TKACIK, CHARLES E. CANNON, CARLIN R. COVEY, DAVID H. HARTLEY, RODNEY D. ZIOLOWSKI
  • Publication number: 20140068246
    Abstract: Embodiments of electronic circuits enable security of sensitive data in a design and manufacturing process that includes multiple parties. An embodiment of an electronic circuit can include a private key embedded within the electronic circuit that is derived from a plurality of components including at least one component known only to the electronic circuit and at least one immutable value cryptographically bound into messages and residing on the electronic circuit, public key generation logic that generates a public key to match the private key, and message signing logic that signs messages with the private key.
    Type: Application
    Filed: August 31, 2012
    Publication date: March 6, 2014
    Inventors: DAVID H. HARTLEY, THOMAS E. TKACIK, CARLIN R. COVEY, LAWRENCE L. CASE, RODNEY D. ZIOLOWSKI
  • Publication number: 20140064480
    Abstract: Embodiments of methods of provisioning an electronic circuit enable security of sensitive data in a design and manufacturing process that includes multiple parties. In an illustrative embodiment, a method of provisioning an electronic circuit includes generating at least one secret value, embedding the at least one secret value into the electronic circuit, programming into the electronic circuit a private key derivation function that derives the private key from the at least one secret value and a trust anchor, and programming into the electronic circuit a public key generation function that generates a public key matching the private key. The method can further include receiving for execution trust anchor-authenticated logic that contacts a predetermined actor of the plurality of distinct actors and communicates to the predetermined actor a message signed with the private key.
    Type: Application
    Filed: August 31, 2012
    Publication date: March 6, 2014
    Inventors: DAVID H. HARTLEY, THOMAS E. TKACIK, CARLIN R. COVEY, LAWRENCE L. CASE, RODNEY D. ZIOLKOWSKI
  • Publication number: 20140006804
    Abstract: Embodiments of information processing systems and associated components can include logic operable to perform operations in a virtualized system including a plurality of guest operating systems using descriptors. The descriptors specify a set of commands defining the operations in a plurality of security domains and specify permission to a plurality of resources selectively for the plurality of guest operating systems.
    Type: Application
    Filed: July 2, 2012
    Publication date: January 2, 2014
    Inventors: Thomas E. Tkacik, Carlin R. Covey, David H. Hartley, Steven D. Millman
  • Patent number: 8572410
    Abstract: Embodiments of an electronic circuit include a cryptographic engine which includes a key derivation function and encryption logic. The key derivation function combines a master secret key with a plurality of key modifiers including at least an operating system tag specific to an operating system, and derives an encryption key from the combined master secret key and plurality of key modifiers. The encryption logic is coupled to the key derivation function and encrypts data using the derived encryption key to generate a cryptographic binary large object (blob) for virtualized protected storage that is accessible only to the operating system specified by the operating system tag.
    Type: Grant
    Filed: July 18, 2012
    Date of Patent: October 29, 2013
    Assignee: Freescale Semiconductor, Inc.
    Inventors: Thomas E. Tkacik, Carlin R. Covey
  • Patent number: 8332641
    Abstract: Under the direction of a first party, an integrated circuit (IC) device is configured to temporarily enable access to a debug interface of the IC device via authentication of the first party by a challenge/response process using a key of the IC device and a challenge value generated at the IC device. The first party then may conduct a software evaluation of the IC device via the debug interface. In response to failing to identify an issue with the IC device from the software evaluation, the first party can permanently enable open access to the debug interface while authenticated and provide the IC device to a second party. Under the direction of the second party, a hardware evaluation of the IC device is conducted via the debug interface that was permanently opened by the first party.
    Type: Grant
    Filed: January 30, 2009
    Date of Patent: December 11, 2012
    Assignee: Freescale Semiconductor, Inc.
    Inventors: Lawrence L. Case, Asaf Ashkenazi, Ruchir Chhabra, Carlin R. Covey, David H. Hartley, Troy E. Mackie, Alistair N. Muir, Mark D. Redman, Thomas E. Tkacik, John J. Vaglica, Rodney D. Ziolkowski
  • Patent number: 8117642
    Abstract: A computing device (10) includes a trusted execution environment (TEE) manager (40) that manages a switchover from non-trusted software (116) to trusted software (118). The TEE manager (40) includes memory (90) configured to store password-bearing, immediate-operand instructions (54). At the point of switching between the non-trusted software (116) and the trusted software (118) the memory (90) may be accessed as instruction fetches, and its contents fetched into a CPU core (24) as instructions. Immediate-operand portions (60) of the immediate-operand instructions (54) provide passwords, which are written back into guess registers (80) within the TEE manager (40). When a predetermined relationship between the instructions (54) and guesses in guess registers (80) is identified, actual execution of the immediate-operand instructions (54) is verified, the TEE mode of operation is signaled, and security-sensitive hardware (44) is enabled for use by a privileged routine (42) portion of the trusted software (118).
    Type: Grant
    Filed: March 21, 2008
    Date of Patent: February 14, 2012
    Assignee: Freescale Semiconductor, Inc.
    Inventors: Carlin R. Covey, Ronald B. Harvey, Mark D. Redman, Thomas E. Tkacik
  • Publication number: 20100199077
    Abstract: Under the direction of a first party, an integrated circuit (IC) device is configured to temporarily enable access to a debug interface of the IC device via authentication of the first party by a challenge/response process using a key of the IC device and a challenge value generated at the IC device. The first party then may conduct a software evaluation of the IC device via the debug interface. In response to failing to identify an issue with the IC device from the software evaluation, the first party can permanently enable open access to the debug interface while authenticated and provide the IC device to a second party. Under the direction of the second party, a hardware evaluation of the IC device is conducted via the debug interface that was permanently opened by the first party.
    Type: Application
    Filed: January 30, 2009
    Publication date: August 5, 2010
    Applicant: FREESCALE SEMICONDUCTOR, INC.
    Inventors: Lawrence L. Case, Asaf Ashkenazi, Ruchir Chhabra, Carlin R. Covey, David H. Hartley, Troy E. Mackie, Alistair N. Muir, Mark D. Redman, Thomas E. Tkacik, John J. Vaglica, Rodney D. Ziolkowski