Patents by Inventor Denis Alexandrovich Pochuev
Denis Alexandrovich Pochuev has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12050719Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.Type: GrantFiled: May 14, 2021Date of Patent: July 30, 2024Assignee: Cryptography Research, Inc.Inventors: Ambuj Kumar, William Craig Rawlings, Ronald Perez, Denis Alexandrovich Pochuev, Michael Alexander Hamburg, Paul Kocher
-
Patent number: 11956345Abstract: Aspects of the present disclosure involve a method and a system to support execution of the method to obtain a first N cryptographic key, receive a key diversification information comprising a first plurality of bits, obtain an expanded key diversification information (EKDI) comprising a second plurality of bits, wherein a number of bits in the second plurality of bits is greater than a number of bits in the first plurality of bits, and wherein a value of each bit of the second plurality of bits is deterministically obtained in view of values of the first plurality of bits, and apply, by the processing device, a key derivation function to the first cryptographic key and the EKDI to obtain a second cryptographic key.Type: GrantFiled: April 30, 2020Date of Patent: April 9, 2024Assignee: CRYPTOGRAPHY RESEARCH, INC.Inventors: Michael Alexander Hamburg, Denis Alexandrovich Pochuev
-
Patent number: 11895109Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.Type: GrantFiled: April 15, 2022Date of Patent: February 6, 2024Assignee: Cryptography Research, Inc.Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Patent number: 11777926Abstract: The embodiments described herein describe technologies to address initial establishment of device credentials in an Internet of Things (IoT) infrastructure. The embodiments are directed to unifying secure credential establishment regardless of the endpoint type, thus addressing the challenge of a great diversity among IoT devices. This approach is designed to address a challenge of initial trusted enrollment of the IoT endpoints into a secure infrastructure, which allows secure communications between the devices in the IoT environment.Type: GrantFiled: June 14, 2018Date of Patent: October 3, 2023Assignee: Cryptography Research, Inc.Inventors: Denis Alexandrovich Pochuev, Michael A. Hamburg, Pankaj Rohatgi, Amit Kapoor, Joel Patrick Wittenauer
-
Patent number: 11768746Abstract: The embodiments described herein describe technologies to maintaining a secure session state with failover during endpoint provisioning. A cluster of hardware devices can be used for provisioning endpoint devices with secrecy, integrity, access controller, high availability, minimal transaction time, and interactive transactions with multiple requests and response within a session. The embodiments are directed to a first computing device being elected as a leader and sharing context information of a session with other computing devices as followers in the cluster such that a follower can resume the session if the leader fails.Type: GrantFiled: August 24, 2021Date of Patent: September 26, 2023Assignee: Cryptography Research, Inc.Inventor: Denis Alexandrovich Pochuev
-
MULTI-PLATFORM USE CASE IMPLEMENTATIONS TO SECURELY PROVISION A SECURE DATA ASSET TO A TARGET DEVICE
Publication number: 20230205919Abstract: An application executing at a first platform receives, from a tester device, a first request to generate a secure data asset to be securely provisioned to a target device. Responsive to receiving the first request, the application performs one or more operations related to the generation of the secure data asset. Subsequent to performing the one or more operations related to the generation of the secure data asset, the application sends, to a second secure platform, a second request to generate the secure data asset. The application receives, from the second secure platform, the generated secure data asset.Type: ApplicationFiled: December 20, 2022Publication date: June 29, 2023Inventors: Matthew Evan Orzen, Denis Alexandrovich Pochuev -
Publication number: 20220329587Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.Type: ApplicationFiled: April 15, 2022Publication date: October 13, 2022Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Publication number: 20220182216Abstract: Aspects of the present disclosure involve a method and a system to support execution of the method to obtain a first N cryptographic key, receive a key diversification information comprising a first plurality of bits, obtain an expanded key diversification information (EKDI) comprising a second plurality of bits, wherein a number of bits in the second plurality of bits is greater than a number of bits in the first plurality of bits, and wherein a value of each bit of the second plurality of bits is deterministically obtained in view of values of the first plurality of bits, and apply, by the processing device, a key derivation function to the first cryptographic key and the EKDI to obtain a second cryptographic key.Type: ApplicationFiled: April 30, 2020Publication date: June 9, 2022Inventors: Michael Alexander Hamburg, Denis Alexandrovich Pochuev
-
Patent number: 11310227Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.Type: GrantFiled: February 28, 2020Date of Patent: April 19, 2022Assignee: Cryptography Research, Inc.Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Publication number: 20220085999Abstract: Aspects of the present disclosure involve a method, a system and a computer readable memory to optimize performance of cryptographic operations by avoiding computations of inverse values during decryption of encrypted messages.Type: ApplicationFiled: September 8, 2021Publication date: March 17, 2022Inventors: Michael Alexander Hamburg, Michael Tunstall, Denis Alexandrovich Pochuev
-
Publication number: 20220066891Abstract: The embodiments described herein describe technologies to maintaining a secure session state with failover during endpoint provisioning. A cluster of hardware devices can be used for provisioning endpoint devices with secrecy, integrity, access controller, high availability, minimal transaction time, and interactive transactions with multiple requests and response within a session. The embodiments are directed to a first computing device being elected as a leader and sharing context information of a session with other computing devices as followers in the cluster such that a follower can resume the session if the leader fails.Type: ApplicationFiled: August 24, 2021Publication date: March 3, 2022Inventor: Denis Alexandrovich Pochuev
-
Publication number: 20210357532Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.Type: ApplicationFiled: May 14, 2021Publication date: November 18, 2021Inventors: Ambuj Kumar, William Craig Rawlings, Ronald Perez, Denis Alexandrovich Pochuev, Michael Alexander Hamburg, Paul Kocher
-
Patent number: 11010494Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.Type: GrantFiled: September 10, 2019Date of Patent: May 18, 2021Assignee: Cryptography Research, Inc.Inventors: Ambuj Kumar, William Craig Rawlings, Ronald Perez, Denis Alexandrovich Pochuev, Michael Alexander Hamburg, Paul Kocher
-
Publication number: 20200267142Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.Type: ApplicationFiled: February 28, 2020Publication date: August 20, 2020Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Publication number: 20200145409Abstract: The embodiments described herein describe technologies to address initial establishment of device credentials in an Internet of Things (IoT) infrastructure. The embodiments are directed to unifying secure credential establishment regardless of the endpoint type, thus addressing the challenge of a great diversity among IoT devices. This approach is designed to address a challenge of initial trusted enrollment of the IoT endpoints into a secure infrastructure, which allows secure communications between the devices in the IoT environment.Type: ApplicationFiled: June 14, 2018Publication date: May 7, 2020Inventors: Denis Alexandrovich POCHUEV, Michael A. HAMBURG, Pankaj ROHATGI, Amit KAPOOR, Joel Patrick WITTENAUER
-
Publication number: 20200104531Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.Type: ApplicationFiled: September 10, 2019Publication date: April 2, 2020Inventors: Ambuj Kumar, William Craig Rawlings, Ronald Perez, Denis Alexandrovich Pochuev, Michael Alexander Hamburg, Paul Kocher
-
Patent number: 10581838Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.Type: GrantFiled: June 11, 2018Date of Patent: March 3, 2020Assignee: Cryptography Research, Inc.Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Patent number: 10417453Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.Type: GrantFiled: December 7, 2016Date of Patent: September 17, 2019Assignee: Cryptography Research, Inc.Inventors: Ambuj Kumar, William Craig Rawlings, Ronald Perez, Denis Alexandrovich Pochuev, Michael Alexander Hamburg, Paul Kocher
-
Publication number: 20180295127Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.Type: ApplicationFiled: June 11, 2018Publication date: October 11, 2018Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Patent number: 10015164Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a command to create a Module and executes a Module Template to generate the Module in response to the command. The Module is deployed to an Appliance device. A set of instructions of the Module, when executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device. The Appliance device is configured to distribute the data asset to a cryptographic manager (CM) core of the target device.Type: GrantFiled: November 6, 2014Date of Patent: July 3, 2018Assignee: Cryptography Research, Inc.Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev